1

I have code in my application which uses system libraries that can throw a CryptographicException.

In my case these exceptions can occur when

  • password for a ssl certificate is malformed
  • password for a ssl certificate is in plain text

but this shouldn't matter since my question is pretty general.

So for the first case the exception that is thrown is

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.

And for the second case the exception that is thronw is

System.Security.Cryptography.CryptographicException: The input data is not a complete block.

So what I want to do is to log this error into the Windows Event Log and I want to use different event ids based on the error.

So for example, the first error that is thrown shall be logged with event id 1 and the second one with event id 2.

Also, I don't want to use Exception.Message to log into the event log since the errors don't show that it's based on the password. I, as a developer, of course know where it's coming from, but when a system administrator checks the logs he won't have any idea what this means. It could mean anything.

However, I looked at the exceptions, and other than the message/stack trace there is no difference between these exceptions.

I saw that there is a HResult attribute which identifies the excpetion, however when I use e.HResult.ToString("x") it is 80131501 in both cases (input data not being a complete block and padding being invalid)

So I don't want to use a string comparison to see which event id to throw and which message to use. Is there any other besides the message string to identify which exact message has been thrown?

From other languages, I know that exceptions often have an ErrorCode attribute which is unique to the exception AND the message.

Is there something similar in C# or how would I identify two different exception messages from the same exception class?

Musterknabe
  • 5,763
  • 14
  • 61
  • 117
  • 1
    *Any type* is way too broad. It really depends on exception: [SqlException](https://stackoverflow.com/q/27441562/1997232)), winapi, your case are differrent. – Sinatr Jan 24 '20 at 12:54
  • Ah, that's cool! Yes, so I need exactly something like in the `SqlException` but for the `CryptographicException`, but it seems I'm out of luck and it is exception dependent IF I am able to use a code, correct? So probably, for every exception which doesn't have a number, I just can't use this, right? Do you have an idea how I would do that? It sounds like I have to resort to the message and just add a wiki page somewhere what the error codes mean OR use error codes based on the message string – Musterknabe Jan 24 '20 at 12:57
  • 1
    If you don't want to use the text you're out of luck. There simply is no data in `CryptographicException` that distinguishes causes in a more machine-friendly way. Worse, these messages are localized, and there is no simple way to match the localized version of the message in a way that's guaranteed to work across frameworks. For example, "Padding is invalid and cannot be removed." is `Cryptography_PKCS7_InvalidPadding` in .NET Framework, `Cryptography_InvalidPadding` in .NET Core (and the resources live in different files). – Jeroen Mostert Jan 24 '20 at 13:06
  • Okay, thank you for your answers. At least I know that it's possible for some now, but not for all. Then I'll just use the exception message of the exception and will have a guide in readme.md or confluence/whatever to make them more descriptive. OR, since I know it's password related, I can just say that something is wrong with the password as well and use my own codes. Thank you very much. Do you want to post this as an answer so I can accept? – Musterknabe Jan 24 '20 at 13:09
  • Your best bet, for APIs like `Cryptography` which are basically black-box operations that only report "it failed", is to ensure the calling code can detect and produce the high-level errors without having to rely on the lower levels to tell them what's wrong. In other words, you know what operation failed when the `CryptographicException` happened, so log that ("malformed or unencrypted password") plus the internal message for people "in the know". – Jeroen Mostert Jan 24 '20 at 13:09
  • Yep, that's what I meant. In my current case, there are 2 reasons it can fail and they are both related to the password. So I could just do an error message that says the password is somehow malformed. However, if there's another error as well which is also a CryptographicException it might be confusing. But I could additionaly log that into a file log, so when I check windows event log, see sth. is wrong with the password, check the file and see the password is alright, i can still check the files to get a better message – Musterknabe Jan 24 '20 at 13:15

0 Answers0