Windows证书问题

时间:2014-09-19 13:59:50

标签: .net windows wcf windows-services certificate

我有一个Windows服务(它在里面启动WCF服务),有一些逻辑来读取/验证已安装的证书:

 public bool Verify(byte[] data, byte[] signature, string cert)
    {
        if (data == null || data.Length == 0)
            return false;

        if (signature == null || signature.Length == 0)
            return false;

        if (string.IsNullOrEmpty(cert))
            return false;

        IntPtr pStore = CryptoApi.CertOpenStore(CryptoApi.CERT_STORE_PROV_SYSTEM, 0, IntPtr.Zero, CryptoApi.CERT_SYSTEM_STORE_CURRENT_USER, "MY");

        if (pStore == IntPtr.Zero)
            return false;

        bool ok = false;

        IntPtr pCertificate = CryptoApi.CertFindCertificateInStore(pStore, TypeOfEncoding, 0, CryptoApi.CERT_FIND_SUBJECT_STR, cert, IntPtr.Zero);

        if (pCertificate != IntPtr.Zero)
        {
            IntPtr pContext = IntPtr.Zero;

            if (CryptoApi.CryptAcquireContext(ref pContext, null, null, (uint)CryptoApi.CRYPT_PROVIDER_TYPE.PROV_RSA_FULL, (uint)CryptoApi.CRYPT_ACQUIRE_CONTEXT.CRYPT_VERIFYCONTEXT))
            {
                IntPtr pHash = IntPtr.Zero;

                if (CryptoApi.CryptCreateHash(pContext, CryptoApi.CALG_SHA1, IntPtr.Zero, 0, ref pHash))
                {
                    if (CryptoApi.CryptHashData(pHash, data, data.Length, 0))
                    {
                        IntPtr pPublicKey = IntPtr.Zero;

                        CryptoApi.CERT_CONTEXT certContextStruct = (CryptoApi.CERT_CONTEXT)Marshal.PtrToStructure(pCertificate, typeof(CryptoApi.CERT_CONTEXT));

                        CryptoApi.CERT_INFO certInfoStruct = (CryptoApi.CERT_INFO)Marshal.PtrToStructure(certContextStruct.pCertInfo, typeof(CryptoApi.CERT_INFO));

                        IntPtr pSubjectPublicKeyInfo = Marshal.AllocHGlobal(Marshal.SizeOf(certInfoStruct.SubjectPublicKeyInfo));
                        Marshal.StructureToPtr(certInfoStruct.SubjectPublicKeyInfo, pSubjectPublicKeyInfo, false);

                        if (CryptoApi.CryptImportPublicKeyInfo(pContext, TypeOfEncoding, pSubjectPublicKeyInfo, ref pPublicKey))
                        {
                            ok = CryptoApi.CryptVerifySignature(pHash, signature, signature.Length, pPublicKey, null, 0);

                            if (!ok)
                                ok = CryptoApi.CryptVerifySignature(pHash, signature.Reverse().ToArray(), signature.Length, pPublicKey, null, 0);

                            CryptoApi.CryptDestroyKey(pPublicKey);
                        }
                    }

                    CryptoApi.CryptDestroyHash(pHash);
                }

                CryptoApi.CryptReleaseContext(pContext, 0);
            }

            CryptoApi.CertCloseStore(pStore, 0);
        }

        return ok;
    }

据我所知,Windows服务在内置管理员帐户下工作,所以当我去安装一些证书时,例如到IE (Internet选项 - >内容 - > Cetificates - >其他人)

enter image description here

该服务没有看到已安装的sertificates,因为它与另一个Cert商店(内置管理员)一起使用(据我所知)。

  

如果我在Build-in admin下启动Internet Explorer(使用PsExec   工具) - 一切都很棒!

所以,问题是 - 如何检索内置的证书,这些证书是在非内置管理员下安装的!有可能吗?

1 个答案:

答案 0 :(得分:0)

经过进一步调查后,我认为这是不可能的。内置管理员帐户具有不同的存储空间,无法访问其他存储空间。

相关问题
最新问题