我有Windows服務的一些邏輯(這將啓動WCF服務中)讀/驗證安裝的證書:的Windows證書問題
public bool Verify(byte[] data, byte[] signature, string cert)
{
if (data == null || data.Length == 0)
return false;
if (signature == null || signature.Length == 0)
return false;
if (string.IsNullOrEmpty(cert))
return false;
IntPtr pStore = CryptoApi.CertOpenStore(CryptoApi.CERT_STORE_PROV_SYSTEM, 0, IntPtr.Zero, CryptoApi.CERT_SYSTEM_STORE_CURRENT_USER, "MY");
if (pStore == IntPtr.Zero)
return false;
bool ok = false;
IntPtr pCertificate = CryptoApi.CertFindCertificateInStore(pStore, TypeOfEncoding, 0, CryptoApi.CERT_FIND_SUBJECT_STR, cert, IntPtr.Zero);
if (pCertificate != IntPtr.Zero)
{
IntPtr pContext = IntPtr.Zero;
if (CryptoApi.CryptAcquireContext(ref pContext, null, null, (uint)CryptoApi.CRYPT_PROVIDER_TYPE.PROV_RSA_FULL, (uint)CryptoApi.CRYPT_ACQUIRE_CONTEXT.CRYPT_VERIFYCONTEXT))
{
IntPtr pHash = IntPtr.Zero;
if (CryptoApi.CryptCreateHash(pContext, CryptoApi.CALG_SHA1, IntPtr.Zero, 0, ref pHash))
{
if (CryptoApi.CryptHashData(pHash, data, data.Length, 0))
{
IntPtr pPublicKey = IntPtr.Zero;
CryptoApi.CERT_CONTEXT certContextStruct = (CryptoApi.CERT_CONTEXT)Marshal.PtrToStructure(pCertificate, typeof(CryptoApi.CERT_CONTEXT));
CryptoApi.CERT_INFO certInfoStruct = (CryptoApi.CERT_INFO)Marshal.PtrToStructure(certContextStruct.pCertInfo, typeof(CryptoApi.CERT_INFO));
IntPtr pSubjectPublicKeyInfo = Marshal.AllocHGlobal(Marshal.SizeOf(certInfoStruct.SubjectPublicKeyInfo));
Marshal.StructureToPtr(certInfoStruct.SubjectPublicKeyInfo, pSubjectPublicKeyInfo, false);
if (CryptoApi.CryptImportPublicKeyInfo(pContext, TypeOfEncoding, pSubjectPublicKeyInfo, ref pPublicKey))
{
ok = CryptoApi.CryptVerifySignature(pHash, signature, signature.Length, pPublicKey, null, 0);
if (!ok)
ok = CryptoApi.CryptVerifySignature(pHash, signature.Reverse().ToArray(), signature.Length, pPublicKey, null, 0);
CryptoApi.CryptDestroyKey(pPublicKey);
}
}
CryptoApi.CryptDestroyHash(pHash);
}
CryptoApi.CryptReleaseContext(pContext, 0);
}
CryptoApi.CertCloseStore(pStore, 0);
}
return ok;
}
據我所知,Windows服務的工作下,內置的管理員帳戶,所以當我去安裝一些證書,例如到IE (Internet選項 - >內容 - >確認 - >其他人)。
服務犯規看到安裝sertificates,因爲它與其他證書商場工作(對於內置的admin)(據我所知)。
如果我在Build-in admin下啓動Internet Explorer(使用PsExec 工具) - 一切都很好!
所以,問題是 - 如何檢索下內置的安裝在非內置管理下的證書!它有可能嗎?
它不使用內置的管理員帳戶,而是使用「計算機」帳戶。您可以通過'mmc.exe - >文件 - >添加/刪除管理單元 - >證書 - >計算機帳戶 - >本地計算機到達列表。「 – 2014-10-19 19:12:26