Skip to main content

How to get a certificate from a PKCS7 file

In the last period of time I was forced to play a lot with certificates from .NET code (in my case was C#). The good part when you are using .NET is that you have an API that can be used to manage system certificates.
It is pretty simple to load a certificate from certificates store, file or an array of bytes.
X509Certificate2 cert = 
    new X509Certificate2(bytes);
In the above example I am loading a certificate from an array of bytes. The code is pretty simple and works great.
There are situations when you receive a certificate from an external system. In this cases the first step that you need to do is to save the certificate local. When you are a 3rd party and you are receiving a certificate from a server you should be aware of the format of the certificate.
In my case I received a certificate signed in PKCS7 byte array without knowing this and I assumed that it is enough to load the certificate using the constructor. The funny thing is that you will be able to load a signed PKCS7 file using the certificate constructor without any kind of problems, but you will not load the certificate that you expect.
This is happening because PKCS7 signed filed can have more than one certificate and X509Certificate2 constructor will load the certificate that was used to signed the store rather than certificates that can be found in the rawData of PKCS7.
To be able to access and load a certificate from the rawData of PKCS7 file you will need to use SignedCms. This class give you the possibility to access a message in PKCS7 format. This is the best and simple way to access all the certificates from a signed file.
SignedCms cms = new SignedCms();
cms.Decode(bytes);
x509certificate2Collection certs = cms.Certificates;
The Certificates property is a X509CertificateCollection that contains all the certificates from the signed file.

Comments

Popular posts from this blog

ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded

Today blog post will be started with the following error when running DB tests on the CI machine:
threw exception: System.InvalidOperationException: The Entity Framework provider type 'System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer' registered in the application config file for the ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded. Make sure that the assembly-qualified name is used and that the assembly is available to the running application. See http://go.microsoft.com/fwlink/?LinkId=260882 for more information. at System.Data.Entity.Infrastructure.DependencyResolution.ProviderServicesFactory.GetInstance(String providerTypeName, String providerInvariantName) This error happened only on the Continuous Integration machine. On the devs machines, everything has fine. The classic problem – on my machine it’s working. The CI has the following configuration:

TeamCity.NET 4.51EF 6.0.2VS2013
It seems that there …

Entity Framework (EF) TransactionScope vs Database.BeginTransaction

In today blog post we will talk a little about a new feature that is available on EF6+ related to Transactions.
Until now, when we had to use transaction we used ‘TransactionScope’. It works great and I would say that is something that is now in our blood.
using (var scope = new TransactionScope(TransactionScopeOption.Required)) { using (SqlConnection conn = new SqlConnection("...")) { conn.Open(); SqlCommand sqlCommand = new SqlCommand(); sqlCommand.Connection = conn; sqlCommand.CommandText = ... sqlCommand.ExecuteNonQuery(); ... } scope.Complete(); } Starting with EF6.0 we have a new way to work with transactions. The new approach is based on Database.BeginTransaction(), Database.Rollback(), Database.Commit(). Yes, no more TransactionScope.
In the followi…

GET call of REST API that contains '/'-slash character in the value of a parameter

Let’s assume that we have the following scenario: I have a public HTTP endpoint and I need to post some content using GET command. One of the parameters contains special characters like “\” and “/”. If the endpoint is an ApiController than you may have problems if you encode the parameter using the http encoder.
using (var httpClient = new HttpClient()) { httpClient.BaseAddress = baseUrl; Task<HttpResponseMessage> response = httpClient.GetAsync(string.Format("api/foo/{0}", "qwert/qwerqwer"))); response.Wait(); response.Result.EnsureSuccessStatusCode(); } One possible solution would be to encode the query parameter using UrlTokenEncode method of HttpServerUtility class and GetBytes method ofUTF8. In this way you would get the array of bytes of the parameter and encode them as a url token.
The following code show to you how you could write the encode and decode methods.
publ…