X509Certificate2崩溃IIS
X509Certificate2崩溃IIS
提问于 2015-08-14 13:58:30
下面是破坏IIS的代码,在进行研究之后,我发现了下面的X509Certificate2 makes IIS crash,它解决了我的问题
var cert = new X509Certificate2();
cert.Import(Resources.wildcard, "xxx", X509KeyStorageFlags.Exportable);固定码
var cert = new X509Certificate2();
cert.Import(Resources.wildcard, "xxx", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);但现在,这会导致我的签名引发以下异常
n exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll but was not handled in user code
Additional information: Invalid provider type specified.我的代码
public class RsaSha1
{
private readonly X509Certificate2 _certificate;
public RsaSha1(X509Certificate2 certificate)
{
_certificate = certificate;
}
public string Sign(string signatureBaseString)
{
return SignCore(signatureBaseString);
}
string SignCore(string baseString)
{
using (var hash = Hash(baseString))
{
return Base64Encode(Sign(hash));
}
}
private static string Base64Encode(byte[] signature)
{
return Convert.ToBase64String(signature);
}
private byte[] Sign(SHA1CryptoServiceProvider hash)
{
var formatter = new RSAPKCS1SignatureFormatter(_certificate.PrivateKey).
Tap(it => it.SetHashAlgorithm("MD5"));
//The line above throws the Exception if X509KeyStorageFlags.MachineKeySet is added,
//but without X509KeyStorageFlags.MachineKeySet my application works in a console application (stress testing) but not in IIS (in a web application)
return formatter.CreateSignature(hash);
}
SHA1CryptoServiceProvider Hash(string signatureBaseString)
{
var sha1 = new SHA1CryptoServiceProvider();
var bytes = Encoding.ASCII.GetBytes(signatureBaseString);
using (var crypto = new CryptoStream(Stream.Null, sha1, CryptoStreamMode.Write))
{
crypto.Write(bytes, 0, bytes.Length);
}
return sha1;
}
}编辑1:新信息,似乎当我添加X509KeyStorageFlags.MachineKeySet时,_certificate.PrivateKey会抛出异常,但当我删除X509KeyStorageFlags.MachineKeySet时,IIS就会崩溃。我正在使用从StartSSL生成的证书。
回答 1
Stack Overflow用户
回答已采纳
发布于 2015-08-20 13:27:24
我将证书导入LocalMachine商店(不是通过代码),然后在我的软件中进行了更改
var cert = new X509Certificate2();
cert.Import(Resources.wildcard, "xxx", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);至
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 certificate in store.Certificates)
{
if (certificate.SubjectName.Name != null && certs.SubjectName.Name.Contains("*.domain.xxx"))
{
cert = certificate;
}
}这似乎比从文件中加载证书更有效,而且它在加载时不会破坏IIS
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32011907
复制相关文章
相似问题
腾讯云开发者
