diff --git a/src/Cryptography/Pki.cs b/src/Cryptography/Pki.cs
index 97e4ba7e..ca5d7693 100644
--- a/src/Cryptography/Pki.cs
+++ b/src/Cryptography/Pki.cs
@@ -25,6 +25,7 @@ public partial class KeyChain
///
/// The key name.
///
+ ///
///
public async Task CreateCertificateAsync(
string keyName,
@@ -42,7 +43,9 @@ public async Task CreateCertificateAsync(
///
///
///
- async Task CreateBCCertificateAsync(string keyName, CancellationToken cancel)
+ public async Task CreateBCCertificateAsync(
+ string keyName,
+ CancellationToken cancel = default(CancellationToken))
{
// Get the BC key pair for the named key.
var ekey = await Store.TryGetAsync(keyName, cancel);
@@ -85,7 +88,7 @@ async Task CreateBCCertificateAsync(string keyName, Cancellatio
// Build the certificate.
var dn = new X509Name($"CN={ekey.Id}, OU=keystore, O=ipfs");
- var ski = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public));
+ var ski = new SubjectKeyIdentifier(Base58.Decode(ekey.Id));
// Not a certificate authority.
// TODO: perhaps the "self" key is a CA and all other keys issued by it.
var bc = new BasicConstraints(false);
@@ -97,9 +100,9 @@ async Task CreateBCCertificateAsync(string keyName, Cancellatio
certGenerator.SetNotAfter(DateTime.UtcNow.AddYears(10));
certGenerator.SetNotBefore(DateTime.UtcNow);
certGenerator.SetPublicKey(kp.Public);
- certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, ski);
- certGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, bc);
- certGenerator.AddExtension(X509Extensions.KeyUsage.Id, false, ku);
+ certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, ski);
+ certGenerator.AddExtension(X509Extensions.BasicConstraints, true, bc);
+ certGenerator.AddExtension(X509Extensions.KeyUsage, false, ku);
return certGenerator.Generate(signatureFactory);
}
diff --git a/test/Cryptography/CertTest.cs b/test/Cryptography/CertTest.cs
index 01d5dd6e..16c9cf6c 100644
--- a/test/Cryptography/CertTest.cs
+++ b/test/Cryptography/CertTest.cs
@@ -1,4 +1,6 @@
using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.X509.Extension;
using System;
using System.Collections.Generic;
using System.IO;
@@ -19,7 +21,10 @@ public async Task Create_Rsa()
var key = await ipfs.Key.CreateAsync("alice", "rsa", 512);
try
{
- var cert = await keychain.CreateCertificateAsync("alice");
+ var cert = await keychain.CreateBCCertificateAsync(key.Name);
+ Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+ var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+ Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
}
finally
{
@@ -35,7 +40,10 @@ public async Task Create_Secp256k1()
var key = await ipfs.Key.CreateAsync("alice", "secp256k1", 0);
try
{
- var cert = await keychain.CreateCertificateAsync("alice");
+ var cert = await keychain.CreateBCCertificateAsync("alice");
+ Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+ var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+ Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
}
finally
{
@@ -51,7 +59,10 @@ public async Task Create_Ed25519()
var key = await ipfs.Key.CreateAsync("alice", "ed25519", 0);
try
{
- var cert = await keychain.CreateCertificateAsync("alice");
+ var cert = await keychain.CreateBCCertificateAsync("alice");
+ Assert.AreEqual($"CN={key.Id},OU=keystore,O=ipfs", cert.SubjectDN.ToString());
+ var ski = new SubjectKeyIdentifierStructure(cert.GetExtensionValue(X509Extensions.SubjectKeyIdentifier));
+ Assert.AreEqual(key.Id.ToBase58(), ski.GetKeyIdentifier().ToBase58());
}
finally
{