fix(Pki); subject key identifier is the IPFS key ID

richardschneider · Dec 28, 2018 · d609f3a · d609f3a
1 parent 581d7a1
commit d609f3a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/src/Cryptography/Pki.cs b/src/Cryptography/Pki.cs
@@ -25,6 +25,7 @@ public partial class KeyChain
         /// <param name="keyName">
         ///   The key name.
         /// </param>
+        /// <param name="cancel"></param>
         /// <returns></returns>
         public async Task<byte[]> CreateCertificateAsync(
             string keyName, 
@@ -42,7 +43,9 @@ public async Task<byte[]> CreateCertificateAsync(
         /// </param>
         /// <param name="cancel"></param>
         /// <returns></returns>
-        async Task<X509Certificate> CreateBCCertificateAsync(string keyName, CancellationToken cancel)
+        public async Task<X509Certificate> CreateBCCertificateAsync(
+            string keyName,
+            CancellationToken cancel = default(CancellationToken))
         {
             // Get the BC key pair for the named key.
             var ekey = await Store.TryGetAsync(keyName, cancel);
@@ -85,7 +88,7 @@ async Task<X509Certificate> CreateBCCertificateAsync(string keyName, Cancellatio
 
             // Build the certificate.
             var dn = new X509Name($"CN={ekey.Id}, OU=keystore, O=ipfs");
-            var ski = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public));
+            var ski = new SubjectKeyIdentifier(Base58.Decode(ekey.Id));
             // Not a certificate authority.
             // TODO: perhaps the "self" key is a CA and all other keys issued by it.
             var bc = new BasicConstraints(false);
@@ -97,9 +100,9 @@ async Task<X509Certificate> CreateBCCertificateAsync(string keyName, Cancellatio
             certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(10));
             certGenerator.SetNotBefore(DateTime.UtcNow);
             certGenerator.SetPublicKey(kp.Public);
-            certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, ski);
-            certGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, bc);
-            certGenerator.AddExtension(X509Extensions.KeyUsage.Id, false, ku);
+            certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
+            certGenerator.AddExtension(X509Extensions.BasicConstraints, true, bc);
+            certGenerator.AddExtension(X509Extensions.KeyUsage, false, ku);
 
             return certGenerator.Generate(signatureFactory);
         }

diff --git a/test/Cryptography/CertTest.cs b/test/Cryptography/CertTest.cs
@@ -1,4 +1,6 @@
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.X509.Extension;
 using System;
 using System.Collections.Generic;
 using System.IO;
@@ -19,7 +21,10 @@ public async Task Create_Rsa()
             var key = await ipfs.Key.CreateAsync("alice", "rsa", 512);
             try
             {
-                var cert = await keychain.CreateCertificateAsync("alice");
+                var cert = await keychain.CreateBCCertificateAsync(key.Name);
+                Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+                var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+                Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
             }
             finally
             {
@@ -35,7 +40,10 @@ public async Task Create_Secp256k1()
             var key = await ipfs.Key.CreateAsync("alice", "secp256k1", 0);
             try
             {
-                var cert = await keychain.CreateCertificateAsync("alice");
+                var cert = await keychain.CreateBCCertificateAsync("alice");
+                Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+                var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+                Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
             }
             finally
             {
@@ -51,7 +59,10 @@ public async Task Create_Ed25519()
             var key = await ipfs.Key.CreateAsync("alice", "ed25519", 0);
             try
             {
-                var cert = await keychain.CreateCertificateAsync("alice");
+                var cert = await keychain.CreateBCCertificateAsync("alice");
+                Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+                var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+                Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
             }
             finally
             {