C# – ‘Cannot find the requested object’ exception while creating X509Certificate2 from string

cencryptionpublic-key-encryptionx509certificate2

I am trying to create X509Certificate2 from string. Let me show an example:

string keyBase64String = Convert.ToBase64String(file.PKCS7);
var cert = new X509Certificate2(Convert.FromBase64String(keyBase64String));

and keyBase64String has a such content: "MIIF0QYJKoZI ........hvcNAQcCoIIFwjCCBb4CA0="

and file.PKCS7 is byte array which I downloaded from database.

I've got the following exception when creating X509Certificate2:

Cannot find the requested object

And the stack trace:

"Cannot find requested object" X509Certificate2 Exception "Cannot find
requested object"} at
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32
hr) at
System.Security.Cryptography.X509Certificates.X509Utils._QueryCertBlobType(Byte[]
rawData) at
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[]
rawData, Object password, X509KeyStorageFlags keyStorageFlags) at
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[]
rawData) at
WebApp.SoupController.d__7.MoveNext()
in
D:\Projects\WebApp\Controllers\SoupController.cs:line
118

Please, say me what I am doing wrong. Any help would be greatly appreciated!

Best Answer

If file.PKCS7 represents a PKCS#7 SignedData blob (what gets produced from X509Certificate2.Export(X509ContentType.Pkcs7) or X509Certificate2Collection.Export(X509ContentType.Pkcs7)) then there are two different ways of opening it:

new X509Certificate2(byte[])/new X509Certificate2(string)
- The single certificate constructor will extract the signing certificate of the SignedData blob. If this was just being exported as a collection of certs, but not signing anything, there is no such certificate, and so it fails with Cannot find the original signer. (Win 2012r2, other versions could map it to a different string)
X509Certificate2Collection::Import(byte[])/X509Certificate2Collection::Import(string)
- The collection import will consume all of the "extra" certificates, ignoring the signing certificate.

So if it's really PKCS#7 you likely want the collection Import (instance) method. If it isn't, you have some odd variable/field/property names.

Related Solutions

C# – Creating a comma separated list from IList or IEnumerable

.NET 4+

IList<string> strings = new List<string>{"1","2","testing"};
string joined = string.Join(",", strings);

Detail & Pre .Net 4.0 Solutions

IEnumerable<string> can be converted into a string array very easily with LINQ (.NET 3.5):

IEnumerable<string> strings = ...;
string[] array = strings.ToArray();

It's easy enough to write the equivalent helper method if you need to:

public static T[] ToArray(IEnumerable<T> source)
{
    return new List<T>(source).ToArray();
}

Then call it like this:

IEnumerable<string> strings = ...;
string[] array = Helpers.ToArray(strings);

You can then call string.Join. Of course, you don't have to use a helper method:

// C# 3 and .NET 3.5 way:
string joined = string.Join(",", strings.ToArray());
// C# 2 and .NET 2.0 way:
string joined = string.Join(",", new List<string>(strings).ToArray());

The latter is a bit of a mouthful though :)

This is likely to be the simplest way to do it, and quite performant as well - there are other questions about exactly what the performance is like, including (but not limited to) this one.

As of .NET 4.0, there are more overloads available in string.Join, so you can actually just write:

string joined = string.Join(",", strings);

Much simpler :)

.net – get an Access Denied error when creating an X509Certificate2 object

Using the "X509KeyStorageFlags.UserKeySet" flag in the X509Certificate2 constructor helped me.

Best Answer

Related Solutions

C# – Creating a comma separated list from IList or IEnumerable

.net – get an Access Denied error when creating an X509Certificate2 object

Related Topic