X509AsymmetricSecurityKey.GetAsymmetricAlgorithm 在 .Net 4.7.2 升级后返回 null [英] X509AsymmetricSecurityKey.GetAsymmetricAlgorithm returns null after .Net 4.7.2 upgrade
问题描述
我在标准单元测试中运行 X509AsymmetricSecurityKey.GetAsymmetricAlgorithm 时遇到问题.该测试已经在 .Net Framework 4.5.2 (C#) 版上运行多年,但自从将项目升级到 4.7.2 版后,它一直失败,因为 GetAsymmetricAlgorithm 返回 null.完全相同的代码在测试之外完美运行.
I have a problem with X509AsymmetricSecurityKey.GetAsymmetricAlgorithm running in a standard unit test. The test has been passing for years running on .Net Framework version 4.5.2 (C#), however since upgrading the project to version 4.7.2 it has ben failing as GetAsymmetricAlgorithm returns null. The exact same code runs perfect outside the test.
X509Certificate2 cert = null;
var store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
// I'm actually using FindByThumbprint, just changing this here to protect keys
cert = store.Certificates[0];
// cert is valid X509, securityKey is valid
X509AsymmetricSecurityKey securityKey = new X509AsymmetricSecurityKey(cert);
// rsa is null
RSACryptoServiceProvider rsa = securityKey.GetAsymmetricAlgorithm(SecurityAlgorithms.RsaSha256Signature, true) as RSACryptoServiceProvider;
相同的代码,相同的证书,虽然测试 GetAsymmetricAlgorithm 返回 null,但在实时"代码(从 WebAPI 调用的类库)上运行,它工作得很好.
Same code, same certificate, running though test GetAsymmetricAlgorithm returns null, running on "live" code (class library called from WebAPI) it works perfect.
有什么想法吗?我在以前的 .Net 版本更改的文档中看不到任何内容,Microsoft 文档中也没有.
Any ideas why? I can't see anything in the docs for previous .Net version changes, nothing in the Microsoft docs.
感谢您对此的任何帮助.
Thanks for any help on this.
推荐答案
正如 Crypt32 在评论中所建议的,问题是在您从定位 <= 4.6.2 升级到定位 4.7(+) 后,您得到了一个重定向更改" 表示允许 GetAsymmetricAlgorithm返回 RSACng 的实例,这是 .NET Framework 中更好的 RSA 类.
As Crypt32 suggested in a comment, the problem is that after you upgraded from targeting <= 4.6.2 to targeting 4.7(+) you got a "retargeting change" which says that GetAsymmetricAlgorithm is allowed to return instances of RSACng, which is the better RSA class in .NET Framework.
代码中的最佳操作是将行更改为
The best action in your code is to change the line to
RSA rsa = securityKey.GetAsymmetricAlgorithm(SecurityAlgorithms.RsaSha256Signature, true) as RSA;
然后找到代码不再编译的地方,将RSACryptoServiceProvider变体方法改成新的RSA(基类)方法.(例如 SignData(byte[], object) => SignData(byte[], RSASignaturePadding)).
Then find the places that the code no longer compiles, and change from the RSACryptoServiceProvider variant method to the new RSA (base class) methods. (e.g. SignData(byte[], object) => SignData(byte[], RSASignaturePadding)).
如果你能帮忙的话,你真的想避免说 RSACng 或 RSACryptoServiceProvider,因为理论上存在 RSACng 不起作用的情况,并且 RSACryptoServiceProvider 将被返回(旧智能卡/HSM 具有 CAPI 驱动程序,但没有 CNG 驱动程序).
You really want to avoid saying RSACng or RSACryptoServiceProvider if you can help it, since there are theoretical cases where RSACng won't work, and RSACryptoServiceProvider will be returned instead (older smartcards / HSMs which have a CAPI driver, but not a CNG driver).
这个特定的重定向更改是 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/retargeting/4.5-4.7.2#wcf-transport-security-supports-certificates-stored-using-cng,好像没有写下来.如果您需要关闭此功能,则设置名称为 Switch.System.IdentityModel.DisableCngCertificates.
This particular retargeting change is the System.IdentityModel version of https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/retargeting/4.5-4.7.2#wcf-transport-security-supports-certificates-stored-using-cng, which seems to have not been written down. If you need to turn this off, the setting name is Switch.System.IdentityModel.DisableCngCertificates.
这篇关于X509AsymmetricSecurityKey.GetAsymmetricAlgorithm 在 .Net 4.7.2 升级后返回 null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
