Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RSACryptoServiceProviderProxy crashes on Mono

See original GitHub issue

System.Security.Cryptography.CryptographicException: Keyset does not exist
  at System.Security.Cryptography.RSACryptoServiceProvider.Common (System.Security.Cryptography.CspParameters p) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.RSACryptoServiceProvider..ctor (Int32 dwKeySize, System.Security.Cryptography.CspParameters parameters) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.RSACryptoServiceProvider..ctor (System.Security.Cryptography.CspParameters parameters) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.RSACryptoServiceProviderProxy..ctor (System.Security.Cryptography.RSACryptoServiceProvider rsa) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor (System.IdentityModel.Tokens.AsymmetricSecurityKey key, System.String algorithm, Boolean willCreateSignatures) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.SignatureProviderFactory.CreateProvider (System.IdentityModel.Tokens.SecurityKey key, System.String algorithm, Boolean willCreateSignatures) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning (System.IdentityModel.Tokens.SecurityKey key, System.String algorithm) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateSignature (System.String inputString, System.IdentityModel.Tokens.SecurityKey key, System.String algorithm, System.IdentityModel.Tokens.SignatureProvider signatureProvider) [0x00000] in <filename unknown>:0 
  at System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateToken (System.String issuer, System.String audience, System.Security.Claims.ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, System.IdentityModel.Tokens.SigningCredentials signingCredentials, System.IdentityModel.Tokens.SignatureProvider signatureProvider) [0x00000] in <filename unknown>:0 
  at AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerHandler+<CreateIdentityTokenAsync>d__21.MoveNext () [0x00000] in <filename unknown>:0

Mono doesn’t use CryptoAPI - which is Windows-specific - and always initializes CspKeyContainerInfo.ProviderType to 1, which causes RSACryptoServiceProviderProxy to create a proxy around the existing RSA provider. Sadly, it crashes on Mono.

The bug disappears when you remove csp.Flags |= CspProviderFlags.UseExistingKey; from RSACryptoServiceProviderProxy’s constructor.

/cc @brentschmaltz @tushargupta51

Issue Analytics

State:
Created 8 years ago
Comments:45 (28 by maintainers)

Top GitHub Comments

1reaction

kevinchaletcommented, Sep 2, 2016

@andycmaj that’s another bug: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/477

1reaction

sunsidedcommented, Aug 1, 2016

@in10se Sorry it took so long. My solution is actually pretty wildly stitched together. The idea is that the SignatureProvider actually creates (or, back then, created) an RsaCryptoServiceProviderProxy to manage the signing and verification of RSA keys, which failed on mono. So I first wrote a CustomRsaCryptoServiceProviderProxy which would be instantiated by a CustomAsymmetricSignatureProvider instead, but in the end just skipped that part altogether by having that class’ constructor call

var x509Key = key as X509SecurityKey;
if (x509Key != null)
{
    RSACryptoServiceProvider csp;
    if (willCreateSignatures)
    {
        csp = x509Key.PrivateKey as RSACryptoServiceProvider;
    }
    else
    {
        csp = x509Key.PublicKey as RSACryptoServiceProvider;
    }

    if (Type.GetType("Mono.Runtime") != null)
    {
        _rsaCryptoServiceProvider = csp;
    }
    else
    {
        _rsaCryptoServiceProviderProxy = new CustomRsaCryptoServiceProviderProxy(csp);
    }

    return;
}

The CustomAsymmetricSignatureProvider would be implictly used in the JwtSecurityTokenHandler’s CreateJwtSecurityToken method as

var cpf = signingCredentials?.Key;
// ...
cpf.CryptoProviderFactory = new CustomSignatureProviderFactory(...);

and in the Startup as

CryptoProviderFactory.Default = new CustomSignatureProviderFactory(...);
// ...
branch.UseJwtBearerAuthentication(
    new JwtBearerOptions
    {
        TokenValidationParameters = new TokenValidationParameters
        {
            CryptoProviderFactory = new CustomSignatureProviderFactory(...)
        }
    });

Note that CryptoProviderFactory.Default currently doesn’t seem to have any effect.

Top Results From Across the Web

Mono 4.8.0 Release Notes

Mono now ships with TLS 1.2, powered by Google's BoringSSL project. ... 3434: Mono Compiler crashes when using a DelegateType as a method ......

Bug in Mono !? WebRequest to a HTTPS resource with ...

I have a proxy(Fiddler) setup and I created an Android app on Windows 10 x64 with latest Xamarin stable as of today, with...

Mono 4.8.0

Release 4.8.0 of Mono, released on 2017-02-22. versionsof.net gives an ... 3434: Mono Compiler crashes when using a DelegateType as a method ...

mono-runtime-common — Debian stretch

mono is a runtime implementation of the ECMA Common Language Infrastructure. ... This mode should not allow managed code to crash mono.

Untitled

#Rsacryptoserviceprovider Fu rin ka zan remix song, Best french books to read ... Redirect external proxy di mikrotik download, Tangerine dream love on...