search

jitbit / AspNetSaml

Very simple SAML 2.0 consumer module for ASP.NET/C#
https://www.jitbit.com
Apache License 2.0
361 stars 118 forks source link

System.Security.Cryptography.CryptographicException: ASN1 corrupted data #70

Closed kinjalhinguss closed 1 year ago

kinjalhinguss commented 1 year ago

Hi, I am receiving the below error on this line: Response samlResponse = new(AppSettings.certificate); in .net Core. Can you please help me find what is the reason for this error and what can be solution of this error? Error:

System.Security.Cryptography.CryptographicException: ASN1 corrupted data. ---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Application' class value '13', but it should have been 'Universal' class value '16'. at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber) at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable1 expectedTag) at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable1 expectedTag) at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory1 rebind, PfxAsn& decoded) at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory1 rebind, PfxAsn& decoded) --- End of inner exception stack trace --- at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBlob(ReadOnlySpan1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(ReadOnlySpan`1 data) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData) at Saml.Response..ctor(Byte[] certificateBytes) in /root/.nuget/packages/aspnetsaml/1.2.4/contentFiles/any/any/Saml.cs:line 94 at Saml.Response..ctor(String certificateStr) in /root/.nuget/packages/aspnetsaml/1.2.4/contentFiles/any/any/Saml.cs:line 89

alex-jitbit commented 1 year ago

Looks like the certificate you supplied is in the wrong format.

alex-jitbit commented 1 year ago

I think we've reproduced this on Linux.

alex-jitbit commented 1 year ago

Just make sure your certificate is not just a Base64 string, but a proper string that starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----

Like this:


-----BEGIN CERTIFICATE-----
iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34.... (etc. etc.)
-----END CERTIFICATE-----