Powershell X509Store.Open()引发异常
为什么Powershell X509Store.Open()引发异常,powershell,certificate,x509,Powershell,Certificate,X509,为什么$store.Open($openFlags)抛出一个异常,还有比我的“变通”更好的方法让它工作吗 <# $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Cert:\CurrentUser\My") $openFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::MaxAllowed $store.
$store.Open($openFlags)<#
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Cert:\CurrentUser\My")
$openFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::MaxAllowed
$store.Open($openFlags) #Exception calling "Open" with "1" argument(s): "The parameter is incorrect.
#>
#Work Around:
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Cert:\CurrentUser\My")
$openFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::MaxAllowed
$startIndexOfStoreName = $store.Name.LastIndexOf("\") + 1
$lengthOfStoreName = $store.Name.Length - $startIndexOfStoreName
$storeNameString = $store.Name.Substring($startIndexOfStoreName, $lengthOfStoreName)
$storeName = [System.Security.Cryptography.X509Certificates.StoreName]$storeNameString
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($storeName, $store.Location)
$store.Open($openFlags) #No Exception thrown!
使用
$store = Get-Item "Cert:\CurrentUser\My"
而不是
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Cert:\CurrentUser\My")
老实说,我仍在试图弄清楚它为什么会起作用,或者如何起作用
第一个方法返回一个名为“My”的$store,因此我假设它专门针对该存储,您可以使用
$store.Open($openFlags)
第二个方法返回一个名为“Cert:\CurrentUser\My”的$store。此上的Open方法将失败 实际上,你是在混合方法。一个是通过提供程序(证书:),另一个是.Net类型(X509Store)。附加到证书存储和提取证书详细信息的过程非常不同
想想“Cert:”就像PSDrive(基本上就是这样)。因此,您可以获得childitem等,而无需“打开”商店。在这种心态下,证书存储位置是文件夹,证书是单个对象:
# List the store locations
gci Cert:\
# List store names in CurrentUser store location
gci Cert:\CurrentUser
# List certs in the My store of CurrentUser store location
gci Cert:\CurrentUser\My | format-list
使用Cert:provider的关键在于,如果您希望在远程系统上使用证书,则需要启用远程处理(WinRM),以便“调用命令”。并非每个环境都允许这样做。这就是.Net X509Store的用武之地。不确定它与“CurrentUser”配合得如何,但我从来没有关心过这一点——我更感兴趣的是“LocalMachine”存储中的内容(特别是“My”,因为系统保存web和身份验证证书的地方)。修改代码段以列出这些证书(从我为查询SharePoint场中的所有服务器而构建的脚本中提取)
要了解更多关于每一个的详细信息,请访问您最喜欢的技术存储库(MSDN、PowerShell.org、Hey Scripting Guy等):我想对此进行评论,因为正如前面已经指出的那样,“混合使用.NET Framework和PowerShell提供程序”在前面的示例中。对我来说,我需要它作为一种纯粹的.NET方式来获得证书,以便在没有用户计算机上的完整开发环境的情况下测试一些C#等效代码
以下是我的想法,这很有效:
$Location = [Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser
$StoreName = [Security.Cryptography.X509Certificates.StoreName]::My
$Store = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $Location
$OpenFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly
$Store.Open($OpenFlags)
$Store.Certificates
无论使用什么字符串,似乎都可以获得有效的X509Store对象。例如,$store=New Object System.Security.Cryptography.X509Certificates.X509Store(“abcdef”)您可以,因为它将创建一个新的存储并默认为Cert:\CurrentUser\context。我发布了另一个问题:
$Location = [Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser
$StoreName = [Security.Cryptography.X509Certificates.StoreName]::My
$Store = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $StoreName, $Location
$OpenFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly
$Store.Open($OpenFlags)
$Store.Certificates