Windows 10 中的编译问题
Issues compiling in Windows 10
我发现了一个与构建使用 C:\Windows\System32\CertEnroll.dll 作为参考的应用程序相关的问题。
以下代码在 Windows 7 上使用 VS 2015 编译,然后在 Windows 7 机器上使用 运行 编译时工作正常。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using CERTENROLLLib;
namespace CertTest
{
class Program
{
static void Main(string[] args)
{
try
{
CX509PrivateKey key = new CX509PrivateKey();
key.ContainerName = Guid.NewGuid().ToString();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
}
}
当您尝试在 Windows 10 中编译它,然后在 Windows 7 机器上尝试 运行 时,它会抛出以下错误。
"Unable to cast COM object of type 'System.__ComObject' to interface type 'CERTENROLLLib.CX509PrivateKey'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{728AB362-217D-11DA-B2A4-000E7BBB2B09}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."
这里有几个人复制了它,我想在联系 Microsoft 了解这里发生的事情之前获得更多信息。
我想我的问题是:其他人能否证实这一点,或者如果证实他们破坏了向后兼容性?
CertEnroll.dll 上的接口实现在 "vanilla" Windows 2008 和 Windows 2008 R2 之间以某种方式发生了变化。我想这与某些 Windows 7 版本相同。为了让它(中途)工作,你必须用 Activator.CreateInstance(Type.GetTypeFromProgID(<TypeName>) 实例化 classes;
这将导致系统查找 HKLM:\SOFTWARE\Classes\Interface\ 中的引用,以便为您找到正确的 class。
工作示例:
(部分代码使用自 )
using System;
using System.Collections.Generic;
using System.DirectoryServices.ActiveDirectory;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using CERTENROLLLib;
/// <summary>
/// Creates a self-signed certificate in the computer certificate store MY.
/// Issuer and Subject are computername and its domain.
/// </summary>
/// <param name="friendlyName">Friendly-name of the certificate</param>
/// <param name="password">Password which will be used by creation. I think it's obsolete...</param>
/// <returns>Created certificate</returns>
/// <remarks>Base from </remarks>
public static X509Certificate2 CreateSelfSignedCertificate(string friendlyName, string password)
{
// create DN for subject and issuer
var dnHostName = new CX500DistinguishedName();
// DN will be in format CN=machinename, DC=domain, DC=local for machinename.domain.local
dnHostName.Encode(GetMachineDn());
var dnSubjectName = dnHostName;
//var privateKey = new CX509PrivateKey();
var typeName = "X509Enrollment.CX509PrivateKey";
var type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var privateKey = Activator.CreateInstance(type) as IX509PrivateKey;
if (privateKey == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
privateKey.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
privateKey.ProviderType = X509ProviderType.XCN_PROV_RSA_AES;
// key-bitness
privateKey.Length = 2048;
privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
privateKey.MachineContext = true;
// Don't allow export of private key
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
// use is not limited
privateKey.Create();
// Use the stronger SHA512 hashing algorithm
var hashobj = new CObjectId();
hashobj.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,
ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,
AlgorithmFlags.AlgorithmFlagsNone, "SHA512");
// add extended key usage if you want - look at MSDN for a list of possible OIDs
var oid = new CObjectId();
oid.InitializeFromValue("1.3.6.1.5.5.7.3.1"); // SSL server
var oidlist = new CObjectIds { oid };
var eku = new CX509ExtensionEnhancedKeyUsage();
eku.InitializeEncode(oidlist);
// add all IPs of current machine as dns-names (SAN), so a user connecting to our wcf
// service by IP still claim-trusts this server certificate
var objExtensionAlternativeNames = new CX509ExtensionAlternativeNames();
{
var altNames = new CAlternativeNames();
var dnsHostname = new CAlternativeName();
dnsHostname.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_DNS_NAME, Environment.MachineName);
altNames.Add(dnsHostname);
foreach (var ipAddress in Dns.GetHostAddresses(Dns.GetHostName()))
{
if ((ipAddress.AddressFamily == AddressFamily.InterNetwork ||
ipAddress.AddressFamily == AddressFamily.InterNetworkV6) && !IPAddress.IsLoopback(ipAddress))
{
var dns = new CAlternativeName();
dns.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_DNS_NAME, ipAddress.ToString());
altNames.Add(dns);
}
}
objExtensionAlternativeNames.InitializeEncode(altNames);
}
// Create the self signing request
//var cert = new CX509CertificateRequestCertificate();
typeName = "X509Enrollment.CX509CertificateRequestCertificate";
type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var cert = Activator.CreateInstance(type) as IX509CertificateRequestCertificate;
if (cert == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
cert.Subject = dnSubjectName;
cert.Issuer = dnHostName; // the issuer and the subject are the same
cert.NotBefore = DateTime.Now.AddDays(-1);
// this cert expires immediately. Change to whatever makes sense for you
cert.NotAfter = DateTime.Now.AddYears(1);
cert.X509Extensions.Add((CX509Extension)eku); // add the EKU
cert.X509Extensions.Add((CX509Extension)objExtensionAlternativeNames);
cert.HashAlgorithm = hashobj; // Specify the hashing algorithm
cert.Encode(); // encode the certificate
// Do the final enrollment process
//var enroll = new CX509Enrollment();
typeName = "X509Enrollment.CX509Enrollment";
type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var enroll = Activator.CreateInstance(type) as IX509Enrollment;
if (enroll == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
// Use private key to initialize the certrequest...
enroll.InitializeFromRequest(cert);
enroll.CertificateFriendlyName = friendlyName; // Optional: add a friendly name
var csr = enroll.CreateRequest(); // Output the request in base64 and install it back as the response
enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, csr,
EncodingType.XCN_CRYPT_STRING_BASE64, password);
// This will fail on Win2k8, some strange "Parameter is empty" error... Thus we search the
// certificate by serial number with the managed X509Store-class
// // output a base64 encoded PKCS#12 so we can import it back to the .Net security classes
//var base64Encoded = enroll.CreatePFX(password, PFXExportOptions.PFXExportChainNoRoot, EncodingType.XCN_CRYPT_STRING_BASE64);
//return new X509Certificate2(Convert.FromBase64String(base64Encoded), password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
var certFs = LoadCertFromStore(cert.SerialNumber);
if (!certFs.HasPrivateKey) throw new InvalidOperationException("Created certificate has no private key!");
return certFs;
}
/// <summary>
/// Converts Domain.local into CN=Domain, CN=local
/// </summary>
private static string GetDomainDn()
{
var fqdnDomain = IPGlobalProperties.GetIPGlobalProperties().DomainName;
if (string.IsNullOrWhiteSpace(fqdnDomain)) return null;
var context = new DirectoryContext(DirectoryContextType.Domain, fqdnDomain);
var d = Domain.GetDomain(context);
var de = d.GetDirectoryEntry();
return de.Properties["DistinguishedName"].Value.ToString();
}
/// <summary>
/// Gets machine and domain name in X.500-format: CN=PC,DN=MATESO,DN=local
/// </summary>
private static string GetMachineDn()
{
var machine = "CN=" + Environment.MachineName;
var dom = GetDomainDn();
return machine + (string.IsNullOrWhiteSpace(dom) ? "" : ", " + dom);
}
/// <summary>
/// Load a certificate by serial number from computer.my-store
/// </summary>
/// <param name="serialNumber">Base64-encoded certificate serial number</param>
private static X509Certificate2 LoadCertFromStore(string serialNumber)
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.MaxAllowed);
try
{
// serialnumber from certenroll.dll v6 is a base64 encoded byte array, which is reversed.
// serialnumber from certenroll.dll v10 is a base64 encoded byte array, which is NOT reversed.
var serialBytes = Convert.FromBase64String(serialNumber);
var serial = BitConverter.ToString(serialBytes.ToArray()).Replace("-", "");
var serialReversed = BitConverter.ToString(serialBytes.Reverse().ToArray()).Replace("-", "");
var serverCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, serial, false);
if (serverCerts.Count == 0)
{
serverCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, serialReversed, false);
}
if (serverCerts.Count == 0)
{
throw new KeyNotFoundException("No certificate with serial number <" + serial + "> or reversed serial <" + serialReversed + "> found!");
}
if (serverCerts.Count > 1)
{
throw new Exception("Found multiple certificates with serial <" + serial + "> or reversed serial <" + serialReversed + ">!");
}
return serverCerts[0];
}
finally
{
store.Close();
}
}
备注
那我为什么要写"halfway"呢? certenroll.dll V.6 存在问题,导致构建在 cert.InitializeFromPrivateKey 上失败。在 certenroll.dll V 6.0 中,第二个参数必须是 "CX509PrivateKey" 类型,而在 Certenroll.dll V 10 的 Win10 机器上,它是 IX509PrivateKey:
error CS1503: Argument 2: cannot convert from 'CERTENROLLLib.IX509PrivateKey' to 'CERTENROLLLib.CX509PrivateKey'
所以你会想:是的,只需将上面示例中的 privateKey "cast" 到 Activator.CreateInstance 上的 CX509PrivateKey。这里的问题是,它会编译,但在 vanilla Win2k8 上它不会给你 class (CX509...) 但接口 (IX509...),因此转换失败并且 returns null.
我们通过在装有 certenroll.dll V 10 的机器上的单独项目中编译 certenrollment 函数解决了这个问题。它编译得很好,也可以在 Win2k8 中工作。将它放在一个单独的项目中总是有点烦人,因为构建将在我们的构建服务器上失败 certenroll.dll V 6.
这些是 Microsoft 解决此问题的步骤
如果您仅使用 Windows 10 作为您的构建环境,那么可执行文件将 运行 在下层操作系统上,但是如果您真的只是想要一个可以在任何地方编译的项目并且 运行 那么唯一的解决方案是创建自己的互操作 DLL,并将其包含在项目文件夹中。您必须首先在 Windows 7 上生成它并引用该 DLL。
Tlbimp.exe CertEnroll_Interop c:\Windows\System32\CertEnroll.dll
这会生成一个 CertEnroll_Interop.dll 文件,您可以将其复制到您的项目文件夹,然后在您的项目中浏览。当然你需要使用“using CertEnroll_Interop;”声明。
您可以在 Windows 10 上构建项目,并在 Windows 7 和 Windows 8.1 以及任何其他组合上拥有它 运行。
我有同样的问题,我的开发机器是 运行 windows 10 和构建服务器 windows 8.1.
但是由于c#有反射和动态类型的能力,我现在先分析一下InitializeFromPrivateKey方法采用哪些类型作为参数(我通过创建将其与实际证书代码分开一种方法)。
private static bool IsCompiledOnWin10AndAbove()
{
var typeOfMethod = typeof(IX509CertificateRequestPkcs10);
var methodType = typeOfMethod.GetMethod("InitializeFromPrivateKey", new Type[] { typeof(X509CertificateEnrollmentContext), typeof(CX509PrivateKey), typeof(string) });
var methodeParameters = methodType.GetParameters();
return methodeParameters[1].ParameterType != typeof(CX509PrivateKey);
}
然后根据第二个参数的类型使用动态类型。
dynamic privateKeyCorrectType;
if (IsCompiledOnWin10AndAbove()) // win 10 and above compiled
{
privateKeyCorrectType= privateKey;
}
else // below win 10 compiled
{
privateKeyCorrectType= (CX509PrivateKey)privateKey;
}
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKeyCorrectType, "");
我发现了一个与构建使用 C:\Windows\System32\CertEnroll.dll 作为参考的应用程序相关的问题。
以下代码在 Windows 7 上使用 VS 2015 编译,然后在 Windows 7 机器上使用 运行 编译时工作正常。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using CERTENROLLLib;
namespace CertTest
{
class Program
{
static void Main(string[] args)
{
try
{
CX509PrivateKey key = new CX509PrivateKey();
key.ContainerName = Guid.NewGuid().ToString();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
}
}
当您尝试在 Windows 10 中编译它,然后在 Windows 7 机器上尝试 运行 时,它会抛出以下错误。
"Unable to cast COM object of type 'System.__ComObject' to interface type 'CERTENROLLLib.CX509PrivateKey'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{728AB362-217D-11DA-B2A4-000E7BBB2B09}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."
这里有几个人复制了它,我想在联系 Microsoft 了解这里发生的事情之前获得更多信息。
我想我的问题是:其他人能否证实这一点,或者如果证实他们破坏了向后兼容性?
CertEnroll.dll 上的接口实现在 "vanilla" Windows 2008 和 Windows 2008 R2 之间以某种方式发生了变化。我想这与某些 Windows 7 版本相同。为了让它(中途)工作,你必须用 Activator.CreateInstance(Type.GetTypeFromProgID(<TypeName>) 实例化 classes;
这将导致系统查找 HKLM:\SOFTWARE\Classes\Interface\ 中的引用,以便为您找到正确的 class。
工作示例:
(部分代码使用自 )
using System;
using System.Collections.Generic;
using System.DirectoryServices.ActiveDirectory;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using CERTENROLLLib;
/// <summary>
/// Creates a self-signed certificate in the computer certificate store MY.
/// Issuer and Subject are computername and its domain.
/// </summary>
/// <param name="friendlyName">Friendly-name of the certificate</param>
/// <param name="password">Password which will be used by creation. I think it's obsolete...</param>
/// <returns>Created certificate</returns>
/// <remarks>Base from </remarks>
public static X509Certificate2 CreateSelfSignedCertificate(string friendlyName, string password)
{
// create DN for subject and issuer
var dnHostName = new CX500DistinguishedName();
// DN will be in format CN=machinename, DC=domain, DC=local for machinename.domain.local
dnHostName.Encode(GetMachineDn());
var dnSubjectName = dnHostName;
//var privateKey = new CX509PrivateKey();
var typeName = "X509Enrollment.CX509PrivateKey";
var type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var privateKey = Activator.CreateInstance(type) as IX509PrivateKey;
if (privateKey == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
privateKey.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
privateKey.ProviderType = X509ProviderType.XCN_PROV_RSA_AES;
// key-bitness
privateKey.Length = 2048;
privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
privateKey.MachineContext = true;
// Don't allow export of private key
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
// use is not limited
privateKey.Create();
// Use the stronger SHA512 hashing algorithm
var hashobj = new CObjectId();
hashobj.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,
ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,
AlgorithmFlags.AlgorithmFlagsNone, "SHA512");
// add extended key usage if you want - look at MSDN for a list of possible OIDs
var oid = new CObjectId();
oid.InitializeFromValue("1.3.6.1.5.5.7.3.1"); // SSL server
var oidlist = new CObjectIds { oid };
var eku = new CX509ExtensionEnhancedKeyUsage();
eku.InitializeEncode(oidlist);
// add all IPs of current machine as dns-names (SAN), so a user connecting to our wcf
// service by IP still claim-trusts this server certificate
var objExtensionAlternativeNames = new CX509ExtensionAlternativeNames();
{
var altNames = new CAlternativeNames();
var dnsHostname = new CAlternativeName();
dnsHostname.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_DNS_NAME, Environment.MachineName);
altNames.Add(dnsHostname);
foreach (var ipAddress in Dns.GetHostAddresses(Dns.GetHostName()))
{
if ((ipAddress.AddressFamily == AddressFamily.InterNetwork ||
ipAddress.AddressFamily == AddressFamily.InterNetworkV6) && !IPAddress.IsLoopback(ipAddress))
{
var dns = new CAlternativeName();
dns.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_DNS_NAME, ipAddress.ToString());
altNames.Add(dns);
}
}
objExtensionAlternativeNames.InitializeEncode(altNames);
}
// Create the self signing request
//var cert = new CX509CertificateRequestCertificate();
typeName = "X509Enrollment.CX509CertificateRequestCertificate";
type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var cert = Activator.CreateInstance(type) as IX509CertificateRequestCertificate;
if (cert == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKey, "");
cert.Subject = dnSubjectName;
cert.Issuer = dnHostName; // the issuer and the subject are the same
cert.NotBefore = DateTime.Now.AddDays(-1);
// this cert expires immediately. Change to whatever makes sense for you
cert.NotAfter = DateTime.Now.AddYears(1);
cert.X509Extensions.Add((CX509Extension)eku); // add the EKU
cert.X509Extensions.Add((CX509Extension)objExtensionAlternativeNames);
cert.HashAlgorithm = hashobj; // Specify the hashing algorithm
cert.Encode(); // encode the certificate
// Do the final enrollment process
//var enroll = new CX509Enrollment();
typeName = "X509Enrollment.CX509Enrollment";
type = Type.GetTypeFromProgID(typeName);
if (type == null)
{
throw new Exception(typeName + " is not available on your system: 0x80040154 (REGDB_E_CLASSNOTREG)");
}
var enroll = Activator.CreateInstance(type) as IX509Enrollment;
if (enroll == null)
{
throw new Exception("Your certlib does not know an implementation of " + typeName +
" (in HKLM:\SOFTWARE\Classes\Interface\)!");
}
// Use private key to initialize the certrequest...
enroll.InitializeFromRequest(cert);
enroll.CertificateFriendlyName = friendlyName; // Optional: add a friendly name
var csr = enroll.CreateRequest(); // Output the request in base64 and install it back as the response
enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, csr,
EncodingType.XCN_CRYPT_STRING_BASE64, password);
// This will fail on Win2k8, some strange "Parameter is empty" error... Thus we search the
// certificate by serial number with the managed X509Store-class
// // output a base64 encoded PKCS#12 so we can import it back to the .Net security classes
//var base64Encoded = enroll.CreatePFX(password, PFXExportOptions.PFXExportChainNoRoot, EncodingType.XCN_CRYPT_STRING_BASE64);
//return new X509Certificate2(Convert.FromBase64String(base64Encoded), password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
var certFs = LoadCertFromStore(cert.SerialNumber);
if (!certFs.HasPrivateKey) throw new InvalidOperationException("Created certificate has no private key!");
return certFs;
}
/// <summary>
/// Converts Domain.local into CN=Domain, CN=local
/// </summary>
private static string GetDomainDn()
{
var fqdnDomain = IPGlobalProperties.GetIPGlobalProperties().DomainName;
if (string.IsNullOrWhiteSpace(fqdnDomain)) return null;
var context = new DirectoryContext(DirectoryContextType.Domain, fqdnDomain);
var d = Domain.GetDomain(context);
var de = d.GetDirectoryEntry();
return de.Properties["DistinguishedName"].Value.ToString();
}
/// <summary>
/// Gets machine and domain name in X.500-format: CN=PC,DN=MATESO,DN=local
/// </summary>
private static string GetMachineDn()
{
var machine = "CN=" + Environment.MachineName;
var dom = GetDomainDn();
return machine + (string.IsNullOrWhiteSpace(dom) ? "" : ", " + dom);
}
/// <summary>
/// Load a certificate by serial number from computer.my-store
/// </summary>
/// <param name="serialNumber">Base64-encoded certificate serial number</param>
private static X509Certificate2 LoadCertFromStore(string serialNumber)
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.MaxAllowed);
try
{
// serialnumber from certenroll.dll v6 is a base64 encoded byte array, which is reversed.
// serialnumber from certenroll.dll v10 is a base64 encoded byte array, which is NOT reversed.
var serialBytes = Convert.FromBase64String(serialNumber);
var serial = BitConverter.ToString(serialBytes.ToArray()).Replace("-", "");
var serialReversed = BitConverter.ToString(serialBytes.Reverse().ToArray()).Replace("-", "");
var serverCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, serial, false);
if (serverCerts.Count == 0)
{
serverCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, serialReversed, false);
}
if (serverCerts.Count == 0)
{
throw new KeyNotFoundException("No certificate with serial number <" + serial + "> or reversed serial <" + serialReversed + "> found!");
}
if (serverCerts.Count > 1)
{
throw new Exception("Found multiple certificates with serial <" + serial + "> or reversed serial <" + serialReversed + ">!");
}
return serverCerts[0];
}
finally
{
store.Close();
}
}
备注
那我为什么要写"halfway"呢? certenroll.dll V.6 存在问题,导致构建在 cert.InitializeFromPrivateKey 上失败。在 certenroll.dll V 6.0 中,第二个参数必须是 "CX509PrivateKey" 类型,而在 Certenroll.dll V 10 的 Win10 机器上,它是 IX509PrivateKey:
error CS1503: Argument 2: cannot convert from 'CERTENROLLLib.IX509PrivateKey' to 'CERTENROLLLib.CX509PrivateKey'
所以你会想:是的,只需将上面示例中的 privateKey "cast" 到 Activator.CreateInstance 上的 CX509PrivateKey。这里的问题是,它会编译,但在 vanilla Win2k8 上它不会给你 class (CX509...) 但接口 (IX509...),因此转换失败并且 returns null.
我们通过在装有 certenroll.dll V 10 的机器上的单独项目中编译 certenrollment 函数解决了这个问题。它编译得很好,也可以在 Win2k8 中工作。将它放在一个单独的项目中总是有点烦人,因为构建将在我们的构建服务器上失败 certenroll.dll V 6.
这些是 Microsoft 解决此问题的步骤
如果您仅使用 Windows 10 作为您的构建环境,那么可执行文件将 运行 在下层操作系统上,但是如果您真的只是想要一个可以在任何地方编译的项目并且 运行 那么唯一的解决方案是创建自己的互操作 DLL,并将其包含在项目文件夹中。您必须首先在 Windows 7 上生成它并引用该 DLL。
Tlbimp.exe CertEnroll_Interop c:\Windows\System32\CertEnroll.dll
这会生成一个 CertEnroll_Interop.dll 文件,您可以将其复制到您的项目文件夹,然后在您的项目中浏览。当然你需要使用“using CertEnroll_Interop;”声明。
您可以在 Windows 10 上构建项目,并在 Windows 7 和 Windows 8.1 以及任何其他组合上拥有它 运行。
我有同样的问题,我的开发机器是 运行 windows 10 和构建服务器 windows 8.1.
但是由于c#有反射和动态类型的能力,我现在先分析一下InitializeFromPrivateKey方法采用哪些类型作为参数(我通过创建将其与实际证书代码分开一种方法)。
private static bool IsCompiledOnWin10AndAbove()
{
var typeOfMethod = typeof(IX509CertificateRequestPkcs10);
var methodType = typeOfMethod.GetMethod("InitializeFromPrivateKey", new Type[] { typeof(X509CertificateEnrollmentContext), typeof(CX509PrivateKey), typeof(string) });
var methodeParameters = methodType.GetParameters();
return methodeParameters[1].ParameterType != typeof(CX509PrivateKey);
}
然后根据第二个参数的类型使用动态类型。
dynamic privateKeyCorrectType;
if (IsCompiledOnWin10AndAbove()) // win 10 and above compiled
{
privateKeyCorrectType= privateKey;
}
else // below win 10 compiled
{
privateKeyCorrectType= (CX509PrivateKey)privateKey;
}
cert.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextMachine, privateKeyCorrectType, "");