堆栈内存溢出
  简体   繁体   English

从UWP应用安装信任锚或证书

[英]Installing trust anchors or certificates from UWP app

 原文  2015-12-28 22:03:06       c#/ uwp

问题描述

I am working on a key management application for the universal windows platform and would like to install CA certificates and trust anchors that can be used by system apps and 3rd-party apps. 我正在为通用Windows平台开发密钥管理应用程序,并希望安装可以由系统应用程序和第三方应用程序使用的CA证书和信任锚。 I have tried using a combination of CertificateStores.GetStoreByName and CertificateStore.Add as well as a call accessed via P/Invoke to CertAddEncodedCertificateToStore. 我尝试使用CertificateStores.GetStoreByName和CertificateStore.Add的组合,以及通过P / Invoke访问CertAddEncodedCertificateToStore的调用。 Unfortunately, in both cases the calls succeed but the certificates are not visible using MMC and they do not appear to be used by other applications. 不幸的是,在两种情况下,调用都成功,但是使用MMC看不到证书,并且其他应用程序似乎也没有使用它们。

Is there a means of installing certificates such that they are usable system-wide (including outside the app container)? 有没有一种安装证书的方法,以使它们在系统范围内可用(包括在应用程序容器外部)? Is there any means of viewing what certificates have been installed within an app container? 是否可以查看应用容器中已安装了哪些证书?

1 个解决方案

解决方案1
 5  2015-12-29 13:07:21

By default no. 默认情况下没有 Please check introduction to certificates article. 请检查证书介绍文章。

Shared certificate stores 共享证书存储

UWP apps use the new isolationist application model introduced in Windows 8. In this model, apps run in low-level operating system construct, called an app container, that prohibits the app from accessing resources or files outside of itself unless explicitly permitted to do so. UWP应用程序使用Windows 8中引入的新的隔离主义应用程序模型。在此模型中,应用程序在称为应用程序容器的低级操作系统构造中运行,除非明确允许,否则该应用程序将禁止其访问自身之外的资源或文件。 。 The following sections describe the implications this has on public key infrastructure (PKI). 以下各节描述了这对公钥基础结构(PKI)的影响。

Certificate storage per app container 每个应用容器的证书存储

Certificates that are intended for use in a specific app container are stored in per user, per app container locations. 打算在特定应用程序容器中使用的证书存储在每个用户,每个应用程序容器位置中。 An app running in an app container has write access to only its own certificate storage. 在应用容器中运行的应用仅对其自己的证书存储具有写权限。 If the application adds certificates to any of its stores, these certificates cannot be read by other apps. 如果该应用程序将证书添加到其任何存储中,则其他应用程序将无法读取这些证书。 If an app is uninstalled, any certificates specific to it are also removed. 如果卸载了应用程序,则还将删除所有特定于它的证书。 An app also has read access to local machine certificate stores other than the MY and REQUEST store. 应用程序还具有对本地计算机证书存储(MY和REQUEST存储除外)的读取访问权限。

Anyway, you can add a capability to your application in Package.appxmanifest. 无论如何,您可以在Package.appxmanifest中向您的应用程序添加功能。 The sharedUserCertificates capability grants an app container read access to the certificates and keys contained in the user MY store and the Smart Card Trusted Roots store. sharedUserCertificates功能向应用程序容器授予对用户MY存储区和智能卡受信任的根存储区中包含的证书和密钥的读取访问权限。 

  <Capabilities>
    <uap:Capability Name="sharedUserCertificates" />
  </Capabilities>

I just added it for testing purpose (UWP application) and the following code works fine. 我只是出于测试目的(UWP应用程序)添加了它,以下代码可以正常工作。 Certificate is added on user MY store. 证书已添加到用户“我的商店”中。 

string pfxCertificate = null;
string pfxPassword = "";    

FileOpenPicker filePicker = new FileOpenPicker();
filePicker.FileTypeFilter.Add(".pfx");
filePicker.CommitButtonText = "Open";

try
{
    StorageFile file = await filePicker.PickSingleFileAsync();
    if (file != null)
    {
        // file was picked and is available for read
        // try to read the file content
        IBuffer buffer = await FileIO.ReadBufferAsync(file);
        using (DataReader dataReader = DataReader.FromBuffer(buffer))
        {
            byte[] bytes = new byte[buffer.Length];
            dataReader.ReadBytes(bytes);
            // convert to Base64 for using with ImportPfx
            pfxCertificate = System.Convert.ToBase64String(bytes);
        }

        await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
            pfxCertificate,
            pfxPassword,
            ExportOption.NotExportable,
            KeyProtectionLevel.NoConsent,
            InstallOptions.None,
            "Test");
    }
}
catch (Exception ex)
{
    Debug.WriteLine(ex.Message);
}

A sample is available on 8.1 if it helps. 如果有帮助,可以在8.1上获得一个示例。 Cryptography and Certificate sample 密码学和证书样本

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 UWP 应用程序检测和安装 SQL Server Express - Detecting and installing SQL Server Express with UWP app 从UWP App获取图标 - Get Icon from UWP App UWP 证书 go 哪里来的? - Where did the UWP certificates go? 无法从曲棍球应用程序安装UWP应用程序 - Cannot install UWP app from hockey app 在 UWP 应用程序的完全信任 win32 组件中使用 .NET 标准库时引发 FileNotFoundException(无法加载文件或程序集) - FileNotFoundException (Could not load file or assembly) thrown when using a .NET standard library in a full trust win32 component of UWP app 从 UWP 运行时组件项目更新 UWP 应用 UI 的方法 - Way to update UWP App UI from UWP Runtime Component Project 使用 ProvisionPackageForAllUsersAsync 安装 UWP 包 - Installing UWP Package with ProvisionPackageForAllUsersAsync 在UWP应用中找不到Folder.jpg - Folder.jpg not found from an UWP app 从Web API向UWP应用广播消息 - Broadcasting message from web api to UWP app 从 UWP 应用程序看不到 localhost - Can't see localhost from UWP app
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM