Issues loading key.p12 via X509Certificate2 for ServiceAccountCredential.Initializer.FromCertificate
741 views
Skip to first unread message
Ron Grabowski
Jan 9, 2015, 8:05:25 PM1/9/15
to google-api-d...@googlegroups.com
I was having difficulties calling the X509Certificate2 constructor to load my key.p12 file on GoDaddy's shared .NET hosting (IIS 7.0, ASP.Net 4.0/4.5, Full Trust, GoDaddy Hosting Configuration: 2.1):
var certificate = new X509Certificate2(keyp12, "notasecret", X509KeyStorageFlags.Exportable);
I received a "System.Security.Cryptography.CryptographicException: An internal error occurred" message similar to this:
http://stackoverflow.com/questions/14263457/x509-certificate-not-loading-private-key-file-on-server
I don't have control to run my app pool under an identity that allows p12 certs to be loaded. Because I'm using shared hosting I can't connect to an IIS admin panel to make the "Load User Profile" change. This technique doesn't seem to work:
http://blogs.msdn.com/b/vijaysk/archive/2009/03/08/iis-7-tip-3-you-can-now-load-the-user-profile-of-the-application-pool-identity.aspx
I ended up having to extend ServiceAccountCredential.Initializer and use Bouncy Castle to load the key.p12 file, extract the private key, and override how ServiceAccountCredential.Initializer's Key property was set:
https://gist.github.com/ronosaurus/43fcadf43e78cd00c445
Perhaps an overload could be added that accepts a private key blob to bypass the X509Certificate2 container:
https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.Auth.DotNet4/OAuth2/ServiceAccountCredential.cs#76
// proposed
public Initializer FromCertificate(X509Certificate2 certificate)
{
// Workaround to correctly cast the private key as a RSACryptoServiceProvider type 24.
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
byte[] privateKeyBlob = rsa.ExportCspBlob(true);
return FromCertificate(privateKeyBlob);
}
// new
public Initializer FromCertificate(byte[] privateKeyBlob)
{
Key = new RSACryptoServiceProvider();
Key.ImportCspBlob(privateKeyBlob);
return this;
}
var certificate = new X509Certificate2(keyp12, "notasecret", X509KeyStorageFlags.Exportable);
I received a "System.Security.Cryptography.CryptographicException: An internal error occurred" message similar to this:
http://stackoverflow.com/questions/14263457/x509-certificate-not-loading-private-key-file-on-server
I don't have control to run my app pool under an identity that allows p12 certs to be loaded. Because I'm using shared hosting I can't connect to an IIS admin panel to make the "Load User Profile" change. This technique doesn't seem to work:
http://blogs.msdn.com/b/vijaysk/archive/2009/03/08/iis-7-tip-3-you-can-now-load-the-user-profile-of-the-application-pool-identity.aspx
I ended up having to extend ServiceAccountCredential.Initializer and use Bouncy Castle to load the key.p12 file, extract the private key, and override how ServiceAccountCredential.Initializer's Key property was set:
https://gist.github.com/ronosaurus/43fcadf43e78cd00c445
Perhaps an overload could be added that accepts a private key blob to bypass the X509Certificate2 container:
https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.Auth.DotNet4/OAuth2/ServiceAccountCredential.cs#76
// proposed
public Initializer FromCertificate(X509Certificate2 certificate)
{
// Workaround to correctly cast the private key as a RSACryptoServiceProvider type 24.
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
byte[] privateKeyBlob = rsa.ExportCspBlob(true);
return FromCertificate(privateKeyBlob);
}
// new
public Initializer FromCertificate(byte[] privateKeyBlob)
{
Key = new RSACryptoServiceProvider();
Key.ImportCspBlob(privateKeyBlob);
return this;
}
Sumedh Meshram
Mar 17, 2015, 10:23:14 AM3/17/15
to google-api-d...@googlegroups.com
I am facing similar problem with the godaddy server.
Push notification is not working for me.
Can you provide me the complete code which is working for sending push notification for IOS devices from godaddy server.
Thanks in Advance.
fasilmediterra...@gmail.com
Oct 27, 2015, 9:37:18 AM10/27/15
to google-api-dotnet-client
I can't thank you enough for your solution. You saved me. I was going insane because of the very same issue.
Thank you so very much.
Thank you so very much.
Reply all
Reply to author
Forward
0 new messages