(WIN32: 1400 ERROR_INVALID_WINDOW_HANDLE) 使用智能卡签署 CSR
(WIN32: 1400 ERROR_INVALID_WINDOW_HANDLE) while Signing a CSR with a SmartCard
我正在尝试使用 CertEnroll::CX509CertificateRequestPkcs10 库从智能卡生成 CSR。如果我在一开始就 运行 它就可以正常工作。但是,如果我事先 运行 ADAL 登录流程,我会收到以下错误。
CertEnroll::CX509CertificateRequestPkcs10::Encode: Invalid window handle. 0x80070578 (WIN32: 1400 ERROR_INVALID_WINDOW_HANDLE)
我调查了错误,这似乎是您调用不再存在的 window 的原因。由于我无法控制 window CertEnroll::CX509CertificateRequestPkcs10::Encode 调用的内容,有没有办法清除指针或避免此错误的方法?
这里是我的注册码供参考
var request = new CX509CertificateRequestPkcs10();
request.Initialize(X509CertificateEnrollmentContext.ContextUser);
request.PrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
request.PrivateKey.Length = 2048;
request.PrivateKey.ProviderName = "Microsoft Base Smart Card Crypto Provider";
request.PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_SIGNING_FLAG;
request.PrivateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
request.PrivateKey.MachineContext = false;
if (!subjectName.StartsWith("CN="))
subjectName = $"CN={subjectName}";
var subjectEncoded = new CX500DistinguishedNameClass();
subjectEncoded.Encode(subjectName);
request.Subject = subjectEncoded;
request.Encode();
这是我的验证码
result = authContext.AcquireTokenAsync(ResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));
result.Wait();
_userName = result.Result.UserInfo.DisplayableId;
return result.Result.AccessToken;
我可以通过将 Provider 更改为更新版本并将 KeySec 更改为 None 来解决这个问题(因为这是新的 Gen Storage provder 所必需的):
request.PrivateKey.ProviderName = "Microsoft Smart Card Key Storage Provider";
request.PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_SIGNING_FLAG;
request.PrivateKey.KeySpec = X509KeySpec.XCN_AT_NONE;
我正在尝试使用 CertEnroll::CX509CertificateRequestPkcs10 库从智能卡生成 CSR。如果我在一开始就 运行 它就可以正常工作。但是,如果我事先 运行 ADAL 登录流程,我会收到以下错误。
CertEnroll::CX509CertificateRequestPkcs10::Encode: Invalid window handle. 0x80070578 (WIN32: 1400 ERROR_INVALID_WINDOW_HANDLE)
我调查了错误,这似乎是您调用不再存在的 window 的原因。由于我无法控制 window CertEnroll::CX509CertificateRequestPkcs10::Encode 调用的内容,有没有办法清除指针或避免此错误的方法?
这里是我的注册码供参考
var request = new CX509CertificateRequestPkcs10();
request.Initialize(X509CertificateEnrollmentContext.ContextUser);
request.PrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
request.PrivateKey.Length = 2048;
request.PrivateKey.ProviderName = "Microsoft Base Smart Card Crypto Provider";
request.PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_SIGNING_FLAG;
request.PrivateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
request.PrivateKey.MachineContext = false;
if (!subjectName.StartsWith("CN="))
subjectName = $"CN={subjectName}";
var subjectEncoded = new CX500DistinguishedNameClass();
subjectEncoded.Encode(subjectName);
request.Subject = subjectEncoded;
request.Encode();
这是我的验证码
result = authContext.AcquireTokenAsync(ResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));
result.Wait();
_userName = result.Result.UserInfo.DisplayableId;
return result.Result.AccessToken;
我可以通过将 Provider 更改为更新版本并将 KeySec 更改为 None 来解决这个问题(因为这是新的 Gen Storage provder 所必需的):
request.PrivateKey.ProviderName = "Microsoft Smart Card Key Storage Provider";
request.PrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_SIGNING_FLAG;
request.PrivateKey.KeySpec = X509KeySpec.XCN_AT_NONE;