我有Windows服务的一些逻辑(这将启动WCF服务中)读/验证安装的证书:的Windows证书问题
public bool Verify(byte[] data, byte[] signature, string cert)
{
if (data == null || data.Length == 0)
return false;
if (signature == null || signature.Length == 0)
return false;
if (string.IsNullOrEmpty(cert))
return false;
IntPtr pStore = CryptoApi.CertOpenStore(CryptoApi.CERT_STORE_PROV_SYSTEM, 0, IntPtr.Zero, CryptoApi.CERT_SYSTEM_STORE_CURRENT_USER, "MY");
if (pStore == IntPtr.Zero)
return false;
bool ok = false;
IntPtr pCertificate = CryptoApi.CertFindCertificateInStore(pStore, TypeOfEncoding, 0, CryptoApi.CERT_FIND_SUBJECT_STR, cert, IntPtr.Zero);
if (pCertificate != IntPtr.Zero)
{
IntPtr pContext = IntPtr.Zero;
if (CryptoApi.CryptAcquireContext(ref pContext, null, null, (uint)CryptoApi.CRYPT_PROVIDER_TYPE.PROV_RSA_FULL, (uint)CryptoApi.CRYPT_ACQUIRE_CONTEXT.CRYPT_VERIFYCONTEXT))
{
IntPtr pHash = IntPtr.Zero;
if (CryptoApi.CryptCreateHash(pContext, CryptoApi.CALG_SHA1, IntPtr.Zero, 0, ref pHash))
{
if (CryptoApi.CryptHashData(pHash, data, data.Length, 0))
{
IntPtr pPublicKey = IntPtr.Zero;
CryptoApi.CERT_CONTEXT certContextStruct = (CryptoApi.CERT_CONTEXT)Marshal.PtrToStructure(pCertificate, typeof(CryptoApi.CERT_CONTEXT));
CryptoApi.CERT_INFO certInfoStruct = (CryptoApi.CERT_INFO)Marshal.PtrToStructure(certContextStruct.pCertInfo, typeof(CryptoApi.CERT_INFO));
IntPtr pSubjectPublicKeyInfo = Marshal.AllocHGlobal(Marshal.SizeOf(certInfoStruct.SubjectPublicKeyInfo));
Marshal.StructureToPtr(certInfoStruct.SubjectPublicKeyInfo, pSubjectPublicKeyInfo, false);
if (CryptoApi.CryptImportPublicKeyInfo(pContext, TypeOfEncoding, pSubjectPublicKeyInfo, ref pPublicKey))
{
ok = CryptoApi.CryptVerifySignature(pHash, signature, signature.Length, pPublicKey, null, 0);
if (!ok)
ok = CryptoApi.CryptVerifySignature(pHash, signature.Reverse().ToArray(), signature.Length, pPublicKey, null, 0);
CryptoApi.CryptDestroyKey(pPublicKey);
}
}
CryptoApi.CryptDestroyHash(pHash);
}
CryptoApi.CryptReleaseContext(pContext, 0);
}
CryptoApi.CertCloseStore(pStore, 0);
}
return ok;
}
据我所知,Windows服务的工作下,内置的管理员帐户,所以当我去安装一些证书,例如到IE (Internet选项 - >内容 - >确认 - >其他人)。
服务犯规看到安装sertificates,因为它与其他证书商场工作(对于内置的admin)(据我所知)。
如果我在Build-in admin下启动Internet Explorer(使用PsExec 工具) - 一切都很好!
所以,问题是 - 如何检索下内置的安装在非内置管理下的证书!它有可能吗?
它不使用内置的管理员帐户,而是使用“计算机”帐户。您可以通过'mmc.exe - >文件 - >添加/删除管理单元 - >证书 - >计算机帐户 - >本地计算机到达列表。“ – 2014-10-19 19:12:26