在颁发者名称与特定值匹配的集合中查找X509证书
[英]Find X509 Certificate in a collection where issuer name matches a certain value
问题描述
In my application i need to be able to find certs in a local store that match a certain issuer name. 
在我的应用程序中,我需要能够在本地商店中找到与某个发行者名称匹配的证书。 So, what I was doing before was: 因此,我之前所做的是:
LocalStore.Certificates.Find(X509FindType.FindByIssuerName, "My Common Name", True)
But since the new certificate server was installed and is using active directory my certificates "Issuer" field has additional attributes (DC values). 但是由于安装了新的证书服务器并使用了活动目录,所以我的证书“ Issuer”字段具有其他属性(DC值)。 Full string looks like this: 完整字符串如下所示:
"CN=My Common Name, DC=MyCompanyDomain, DC=local"
This will not let me use Find method as before, and any combination of CN,DC values didnt work for me. 这将不允许我像以前那样使用Find方法,并且CN,DC值的任何组合对我都无效。
This is what I've tried in ImmediateWindow: 这是我在InstantWindow中尝试过的方法:
?LocalStore.Certificates.Item(0).IssuerName
{System.Security.Cryptography.X509Certificates.X500DistinguishedName}
Name: "CN=My Common Name, DC=MyCompanyDomain, DC=local"
Oid: {System.Security.Cryptography.Oid}
RawData: {Length=85}
m_distinguishedName: "CN=My Common Name, DC=MyCompanyDomain, DC=local"
m_oid: {System.Security.Cryptography.Oid}
m_rawData: {Length=85}
?LocalStore.Certificates.Find(X509FindType.FindBySubjectName, "My Common Name", True).Count
0
?LocalStore.Certificates.Find(X509FindType.FindByIssuerName, "My Common", True).Count
0
?LocalStore.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, "My Common Name", True).Count
0
?LocalStore.Certificates.Find(X509FindType.FindByIssuerDistinguishedName, "My", True).Count
0
1 个解决方案
解决方案1
1 2018-08-30 19:54:56
What you probably want is FindByIssuerDistingushedName . 您可能想要的是FindByIssuerDistingushedName 。
FindByIssuerName is a case insensitive substring match against the issuer name in forward order with comma separators and no field tagging. FindByIssuerName是不区分大小写的子字符串匹配项,与发布者名称按向前顺序进行匹配,带有逗号分隔符且没有字段标记。 That doesn't make a whole lot of sense as a sentence, so let's take an example. 作为一个句子,这没有什么意义,所以让我们举个例子。
The normal Windows (and .NET) way of printing things is actually Reversed, so your Issuer Distinguished Name is most likely DC=local, DC=MyCompanyDomain, CN=My Common Name . 实际上,正常的Windows(和.NET)打印方式是反向的,因此您的发行者可分辨名称很可能是DC=local, DC=MyCompanyDomain, CN=My Common Name 。 FindByIssuerName will turn that value into the string local, MyCompanyDomain, My Common Name , and then will match if your input is (case insensitively) found anywhere in that string. FindByIssuerName会将值转换为字符串local, MyCompanyDomain, My Common Name ,然后如果在该字符串的任何位置(不区分大小写)找到您的输入,则将匹配该值。
- "local, MyCompanyDomain, My Common Name": Yep “本地,MyCompanyDomain,我的常用名”:是的
- "local, mycompanyDOMAIN, My common name": Yep “本地,mycompanyDOMAIN,我的通用名”:是的
- "local": Yep “本地”:是的
- "m": Yep “ m”:是的
- " ": Yep “”:是的
- "banana": Nope “香蕉”:没有
FindByIssuerDistinguishedName , on the other hand, is a case-insensitive equals against the same string as cert.Issuer returns. 另一方面, FindByIssuerDistinguishedName是不区分大小写的等于cert.Issuer返回的字符串。 So the string you already have would be a match. 因此,您已经拥有的字符串将是一个匹配项。
https://github.com/dotnet/corefx/blob/f252ef6d695176143aa46b855db5553fb6e44921/src/System.Security.Cryptography.X509Certificates/tests/FindTests.cs#L381-L406 shows the behavior-preserving unit tests for FindByIssuerName and FindByIssuerDistinguishedName. https://github.com/dotnet/corefx/blob/f252ef6d695176143aa46b855db5553fb6e44921/src/System.Security.Cryptography.X509Certificates/tests/FindTests.cs#L381-L406显示了针对FindByIssuererName和FindByIssing的行为保留单元测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.