在 Mono 上使用 X509Certificate2

编程入门行业动态更新时间:2024-10-19 06:17:40

本文介绍了在 Mono 上使用 X509Certificate2 - 同时加载公钥和私钥?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

现在，我尝试像这样实例化 X509Certificate2:

Right now, I try instantiating an X509Certificate2 like this:

cert = new X509Certificate2(Resources.cred);

其中 Resources.cred 是代表 .pfx 文件的 byte[].这在 Windows/.NET 上工作得非常好.

Where Resources.cred is a byte[] representing a .pfx file. This works absolutely fine on Windows/.NET.

但是，在 Mono JIT 编译器版本 3.2.8 (Debian 3.2.8+dfsg-4ubuntu1)(Ubuntu Server 14.04 LTS 上的 Mono)下运行相同的代码，我得到以下异常:

However, running the same code under Mono JIT compiler version 3.2.8 (Debian 3.2.8+dfsg-4ubuntu1) (Mono on Ubuntu Server 14.04 LTS), I get the following exception:

System.TypeInitializationException: An exception was thrown by the type initializer for <snipped irrelevant type name> ---> System.Security.Cryptography.CryptographicException: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: Input data cannot be coded as a valid certificate. ---> System.Security.Cryptography.CryptographicException: Input data cannot be coded as a valid certificate. at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00000] in <filename unknown>:0 at Mono.Security.X509.X509Certificate..ctor (System.Byte[] data) [0x00000] in <filename unknown>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.Byte[] rawData, System.String password, X509KeyStorageFlags keyStorageFlags) [0x00000] in <filename unknown>:0 --- End of inner exception stack trace --- at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.Byte[] rawData, System.String password, X509KeyStorageFlags keyStorageFlags) [0x00000] in <filename unknown>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.Byte[] rawData) [0x00000] in <filename unknown>:0 --- End of relevant stack trace ---

如果有关系，这个证书是用我自己的 CA 签名的，并用于原始 RSA.

Should it matter, this certificated is signed with my own CA, and is used in raw RSA.

我有可用于此证书的 .pfx、.cer 和 .pvk 文件.我必须如何继续在 Mono 下使用私钥加载此证书?

I have the .pfx, .cer and .pvk files available for this certificate. How must I proceed to load this certificate with the private key under Mono?

推荐答案

这个构造函数抛出异常:

This constructor throws an exception:

byte[] pkcs12 = ...; X509Certificate2 cert = X509Certificate2(pkcs12);

这个构造函数有效:

byte[] pkcs12 = ...; X509Certificate2 cert = X509Certificate2(pkcs12, string.Empty);

这似乎是一个错误，所以我将修复它并将补丁发送给上游开发人员.我会告诉你进展的.

This seems to be a bug so I am going to fix it and send patch to the upstream developers. I will let you know of the progress.