Hi Talon,
The Java example is simply parsing an existing certificate. In the C#
example you already get it from certificateParser.ReadCertificate.
What is all the extra stuff using X509V3CertificateGenerator about? Are
you sure you are supposed to be creating a completely new certificate?
Regards,
Pete Dettman
On 1/27/2022 9:13 PM, Talon Compton wrote:
I was sent some code as an example of how to work with their system.
Unfortunately, they don't have an example in C# but was able to send me
code in java.
It looks like this:
synchronized private static final X509Certificate genCert(
String pCerPath) throws Exception {
Security
.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateFactory certificatefactory;
X509Certificate cert;
certificatefactory =
CertificateFactory.getInstance("X.509", "BC");
InputStream bais = new FileInputStream(pCerPath);
cert =
(X509Certificate)
certificatefactory.generateCertificate(bais);
return cert;
}
Unfortunately, it isn't 1:1, so I came out with something like this:
static X509Certificate GenerateCertificate(string certificatePath)
{
X509Certificate certificate;
X509CertificateParser certificateParser = new X509CertificateParser();
ISignatureFactory signatureFactory;
using (var fileStream = new FileStream(certificatePath, FileMode.Open))
{
certificate = certificateParser.ReadCertificate(fileStream);
var keyPair = GenerateRsaKeyPair(2048);
signatureFactory = new Asn1SignatureFactory(
PkcsObjectIdentifiers.Sha256WithRsaEncryption.ToString(),
keyPair.Private
);
}
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetIssuerDN(certificate.IssuerDN);
certificateGenerator.SetSubjectDN(certificate.SubjectDN);
var diff = Convert.ToInt64((DateTime.Now - new DateTime(2022, 01,
26, 22, 25, 0)).TotalSeconds);
certificateGenerator.SetSerialNumber(certificate.SerialNumber.Add(BigInteger.ValueOf(diff)));
certificateGenerator.SetNotAfter(DateTime.UtcNow.AddYears(2));
certificateGenerator.SetNotBefore(DateTime.UtcNow);
certificateGenerator.SetPublicKey(certificate.GetPublicKey());
return certificateGenerator.Generate(signatureFactory);
}
The Asn1SignatureFactory takes in a privateKey, which I generate. I get
a cert fine, however, when I look at other people's code with self
certs, they tend to use their self certs subject here. I was kind of
wondering, what is the proper way to do this? Also, serialNumber, I
just tacked on the difference between when I started to now, since I
don't have a persistent incrementor, I think a lot of the examples use
random number.
Best regards,
Talon