The certificate specified in the X509Certificate EndpointIdentity can never be deserialized on the client side.


EndpointIdentity in the server configuration:

```
<identity>
    <certificateReference x509FindType="FindByThumbprint" findValue="key" />
</identity>
```

Fragment of response with client side:
```   
<Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
            <X509Certificate>content</X509Certificate>
        </X509Data>
    </KeyInfo>
</Identity>
```

Deserialization code:
https://github.com/dotnet/wcf/blob/main/src/System.ServiceModel.Primitives/src/System/ServiceModel/X509CertificateEndpointIdentity.cs#L62-L65
```
while (reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, XD.XmlSignatureDictionary.Namespace))
{
    reader.MoveToContent();
    X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(reader.ReadContentAsString()));
```

reader.MoveToContent does not go to X509Certificate content, ReadContentAsString will always return null

This leads to System.Security.Cryptography.CryptographicException: "m_safeCertContext is an invalid handle."


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The certificate specified in the X509Certificate EndpointIdentity can never be deserialized on the client side. #5838

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The certificate specified in the X509Certificate EndpointIdentity can never be deserialized on the client side. #5838

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions