C# Google Drive Get File return Invalid Algorithm

Question

I am stuck with this problem. I am working with Google Drive in C# with P12 files. It works fine on my Local machine and on Server. I need to deploy it on Client new server where i face this issue when i try to get Files it return Invalid Algorithm. Same settings work fine on my local machine and on other server . It seems to be machine specific issue. Application is running on Windows 7 Professional 64 bit OS. Service is created successfully certificate is read but following code return error Here is my code which return error

FilesResource.ListRequest list = service.Files.List();
list.PageSize = 100;
            
files = list.Execute().Files; /// This line has error

Can it be a Firewall Issue. What should be opned on Firewall?

Here is my Authorization code:

public override DriveService AuthenticateServiceAccount(DriveRequest request)
    {
        if (request == null)
            return null;
        string errorMessage = "Exception: invalid Drive Request";
        if (string.IsNullOrEmpty(request.EmailAccount) || string.IsNullOrEmpty(request.KeyFilePath))
            return null;
        errorMessage = "Exception: Keyfile not found on the path-" + request.KeyFilePath;
        // check the file exists
        if (!System.IO.File.Exists(request.KeyFilePath))
        {
            Commons.Utilities.WriteLog(errorMessage);                
            return null;
        }

      

        //---- This scope is used For G-Suite Account
        string[] scopes = new string[] { DriveService.Scope.Drive };  
        errorMessage = "Exception: issue with certificate";

        var certificate = new X509Certificate2(request.KeyFilePath, "notasecret", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
        try
        {
            ServiceAccountCredential credential = null;
            if (request.UserAccount != "" && request.UserAccount != null)
            {
                credential = new ServiceAccountCredential(
                    new ServiceAccountCredential.Initializer(request.EmailAccount)
                    {
                        Scopes = scopes,
                        User = request.UserAccount
                    }.FromCertificate(certificate));
            }
            else {
                credential = new ServiceAccountCredential(
                new ServiceAccountCredential.Initializer(request.EmailAccount)
                {
                    Scopes = scopes
                }.FromCertificate(certificate));
            }
            errorMessage = "Exception: while creating google service";
            if (service == null) {
                // Create the service.
                service = new DriveService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Simplicity Cloud Project" // User defined any name can be given
                }) ;
            }
            return service;
        }
        catch (Exception ex)
        {
            //Console.WriteLine(ex.InnerException);
            Commons.Utilities.WriteLog(errorMessage);
            return null;
        }
    }

Here is the generated log:

Read Certificate 2021-11-22 15:25:58,416 |SimplicityOnlineWebApi.Commons.Utilities|INFO| - Certificate is read:[Subject] CN=102737515943555401961

[Issuer] CN=102737515943555401961

[Serial Number] 1E269224F694B808

[Not Before] 02/09/2016 16:24:59

[Not After] 31/08/2026 16:24:59

[Thumbprint] C26D88E95B402EFCC1AC81230F89C0B7887A6C6A

2021-11-22 15:25:58,528 |SimplicityOnlineWebApi.Commons.Utilities|INFO| - Error occured in GetFiles:Invalid algorithm specified.

Here is the code of GetFile method

Here is code:public override AttachmentFilesFolder GetFiles(DriveService service, string search)
    {
        AttachmentFilesFolder attachments = null;
        IList<File> files = new List<File>();
        
        try
        {
            //List all of the files and directories for the current user.  
            FilesResource.ListRequest list = service.Files.List();
            list.PageSize = 100;
            Utilities.WriteLog("Getting files");
            files = list.Execute().Files;
        }
        catch (Exception ex)
        {
            Utilities.WriteLog("Error occured in GetFiles:" + ex.message);
        }

}

Please edit your question and include your authorization code as well as the error message. If you believe this is related to the p12 file why would you not post it your authorization code? TBH you shouldn't be using the p12 file you should use the Json key file for service accounts its much easer to work with fewer issues like you are having now. — Linda Lawton - DaImTo, Nov 23 '21 at 09:36
You have a method in SimplicityOnlineWebApi.Commons.Utilities called GetFiles show us that. — Linda Lawton - DaImTo, Nov 23 '21 at 12:06
I had already mentioned the code that has error. that is actually in GetFile method. I have edited the code again . please have a review — Saima Gul, Nov 23 '21 at 12:09

Linda Lawton - DaImTo · Answer 1 · 2021-11-24T12:31:35.970

0

Issues with P12 files.

Issues authorizing a service account with the p12 key file normally relate back to the line X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable if I recall it has to do with where and how the key is stored on the server. That being said it was also when the app was hosted in Azure and the error message was diffrent then what you state you are seeing. I wrote a blog post on it a few years ago Azure with service accounts in C#

This is the code i use for p12 files

var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
        {
        Scopes = scopes
        }.FromCertificate(certificate));

// Create the  Drive service.
return new DriveService(new BaseClientService.Initializer()
       {
        HttpClientInitializer = credential,
        ApplicationName = "Drive Authentication Sample",
        });

Json key file

Honestly you should not bother using the p12 file you should use the json key file for service accounts this is much easer to work with and you wont have the issues with the server giving you greif.

GoogleCredential credential;
                using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
                {
                    credential = GoogleCredential.FromStream(stream)
                         .CreateScoped(scopes);
                }

                // Create the  Analytics service.
                return new DriveService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Drive Service account Authentication Sample",
                });

edited Nov 24 '21 at 12:31

answered Nov 23 '21 at 09:40

Linda Lawton - DaImTo

106,405
32
180
449

Thanks for your response. You can see my code that how i am using the certificate. It is same as you describe in the post. Important thing is that my code works fine on all other machines – Saima Gul Nov 23 '21 at 11:54
I dont think this is an issue with your service account. – Linda Lawton - DaImTo Nov 23 '21 at 12:06
Yes you are right . it seems to be machine specific. If service account has an issue then it should not work at all. But it works fine on all other machines – Saima Gul Nov 23 '21 at 12:13
See my comment about P12 files you should only be using **X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportabl** – Linda Lawton - DaImTo Nov 23 '21 at 12:23
But as you can see in log we get certificate successfully – Saima Gul Nov 24 '21 at 07:25
Can we skip the "but" and just try and change it like I suggest. Loading it and using it are two diffrent things the first time you try to use it is when you make a call to the API. Which is crashing. Just change it. – Linda Lawton - DaImTo Nov 24 '21 at 07:48
I apply this change and it does not work. Still have same error : Invalid Algorithm – Saima Gul Nov 24 '21 at 12:14
Switch to the JSon version and drop p12. Google recommends the JSon key file anyway. – Linda Lawton - DaImTo Nov 24 '21 at 12:16
This is not a solution of problem. As i have tried this code for all other clients and it works fine. I am working on a big application where work with google drive. I can not apply solution to change all style of coding to use json file while p12 working well . there must be some cause and i want to find out the reason why it fails for single client – Saima Gul Nov 24 '21 at 12:18
The issue is with the CSP your certificate on the server. There's something wrong with the cert or it could be a generic windows 7 issue. Either way its not something I can test. I highly recommend switching to the json key file which does not require these certs. As windows 7 had EOL January 14, 2020, this is not something I would bother debugging no one should be using it. – Linda Lawton - DaImTo Nov 24 '21 at 12:18
How can we fix the certificate? What is wrong with certificate . Does Windows 7 not support p12 files? How we come to know that certificate is not correct? – Saima Gul Nov 24 '21 at 12:20
Yes it did at some point im sure but windows 7 has been end of life since January 14, 2020 why bother? – Linda Lawton - DaImTo Nov 24 '21 at 12:21
As it is Client machine. it is server and it is not easy step to change OS on Client Server – Saima Gul Nov 24 '21 at 12:23
Is there any Google Drive Support Ticket Forum where we can raise a Ticket to find solution? – Saima Gul Nov 24 '21 at 12:23
This is not an issue with Google drive API. This is not an issue with the .net client library. This is an issue with your server. That being said here is a link to the .net client library issue forum. https://github.com/googleapis/google-api-dotnet-client Kindly note the solution is to move to the Json key file. – Linda Lawton - DaImTo Nov 24 '21 at 12:29
The other answer on this is from Amanda Tarafa Mas she is a dev on the client library. – Linda Lawton - DaImTo Nov 24 '21 at 15:43

score 0 · Answer 2 · answered Nov 24 '21 at 15:13

I'm fairly certain that there's nothing in your code, your service account or Google client libraries that's provoking this error. What I think is happening:

ServiceAccountCredential uses SHA256 to sign payloads when making auth requests. The error you are getting suggests that your machine currently does not support SHA256.

Older versions of Windows 7 do not support SHA256. You can read more about it here: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS where there's also a list of updates you need to install for your Windows 7 machine to support SHA256.

If, after checking that your system is up to date, you continue to receive the same error, that still would indicate some SHA256 incompatibility in your environment. There's a long thread here Why am I getting "Invalid algorithm specified" exception with fixes/workarounds for different causes, and some of those may apply to you.

C# Google Drive Get File return Invalid Algorithm

2 Answers2

Issues with P12 files.

Json key file