从字符串创建X509Certificate2时，找不到请求对象的异常 [英] 'Cannot find the requested object' exception while creating X509Certificate2 from string

问题描述

我正在尝试从字符串创建 X509Certificate2 。让我举个例子：

I am trying to create X509Certificate2 from string. Let me show an example:

string keyBase64String = Convert.ToBase64String(file.PKCS7);
var cert = new X509Certificate2(Convert.FromBase64String(keyBase64String));

和 keyBase64String 有一个这样的内容： code>MIIF0QYJKoZI ........ hvcNAQcCoIIFwjCCBb4CA0 =

and keyBase64String has a such content: "MIIF0QYJKoZI ........hvcNAQcCoIIFwjCCBb4CA0="

和 file.PKCS7 是从数据库下载的字节数组

and file.PKCS7 is byte array which I downloaded from database.

创建<$ c时，我有以下异常$ c> X509Certificate2 ：

找不到请求的对象

Cannot find the requested object

堆栈跟踪：

找不到请求的对象X509Certificate2异常找不到
请求对象}
System.Security.Cryptography.CryptographicException.ThrowCryptographicException（Int32
hr）at
System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType（Byte []
rawData）at
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob（Byte []
rawData，对象密码，X509KeyStorageFlags keyStora在
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor（Byte []
rawData））
WebApp.SoupController.d__7.MoveNext（）

D：\Projects\WebApp\Controllers\SoupController.cs：line
118

"Cannot find requested object" X509Certificate2 Exception "Cannot find requested object"} at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType(Byte[] rawData) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData) at WebApp.SoupController.d__7.MoveNext() in D:\Projects\WebApp\Controllers\SoupController.cs:line 118

请，说我做错了什么任何帮助将不胜感激！

Please, say me what I am doing wrong. Any help would be greatly appreciated!

推荐答案

如果 file.PKCS7 一个PKCS＃7 SignedData blob（从X509Certificate2（Collection）.Export（X509ContentType.Pkcs7）生成的）然后有两种不同的打开方式：

If file.PKCS7 represents a PKCS#7 SignedData blob (what gets produced from X509Certificate2(Collection).Export(X509ContentType.Pkcs7)) then there are two different ways of opening it:

• new X509Certificate2（byte []） / new X509Certificate2（string）
  
  
  
  
  • 单个证书构造函数将提取SignedData blob的签名证书。如果这只是作为一个证书的集合导出，但没有签署任何东西，那么没有这样的证书，所以它失败了找不到原始的签名者。（Win 2012r2 ，其他版本可以将其映射到不同的字符串）
  
  
  • new X509Certificate2(byte[])/new X509Certificate2(string)
    • The single certificate constructor will extract the signing certificate of the SignedData blob. If this was just being exported as a collection of certs, but not signing anything, there is no such certificate, and so it fails with Cannot find the original signer. (Win 2012r2, other versions could map it to a different string)
    
    
    • 集合导入将消耗所有额外的证书，忽略签名证书。
    
    

    这真的是PKCS＃7，你可能希望收集Import（instance）方法。如果不是，您有一些奇怪的变量/字段/属性名称。

    So if it's really PKCS#7 you likely want the collection Import (instance) method. If it isn't, you have some odd variable/field/property names.

    这篇关于从字符串创建X509Certificate2时，找不到请求对象的异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！