let PfxBuilder support setting the Cert Algorithm of PFX

fszlin / certes

A client implementation for the Automated Certificate Management Environment (ACME) protocol

MIT License

552 stars 122 forks source link

let PfxBuilder support setting the Cert Algorithm of PFX #323

Open zhaixiaowai opened 10 months ago

zhaixiaowai commented 10 months ago

Description

The default Cert Algorithm of Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder is PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc

Android devices do not support RC2's pfx certificate by default, so the modified method here passes the Cert Algorithm into the custom Cert Algorithm of the exported PFX file.

For example: pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc)

Checklist

[ ] All tests are passing
[ ] New tests were created to address changes in pr (and tests are passing)
[ ] Updated README and/or documentation, if necessary

Thanks for contributing!

webprofusion-chrisc commented 10 months ago

This is for a PFX you are installing directly into Android or as part a deployed app? The PFX cert algorithm doesn't affect public consumers of the cert if you're just using the cert for a service (e.g. an API server).

zhaixiaowai commented 10 months ago

I have embedded Certes into Maui, and I need to issue a certificate on Android, then parse it into X509Certificate2. However, due to Android's lack of support for RC2, I am unable to initialize X509Certificate2 successfully. If pfxBuilder.Build() could support custom Cert Algorithm, then I could parse X509Certificate2 on Android without relying on other API services.

var pfx = pfxBuilder.Build(friendlyName, pfxPassword, PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc) ?? throw new Exception($"pfx create err"); var x509Cert = new X509Certificate2(pfx, pfxPassword) ?? throw new Exception($"pfx restore to cert err");