Add easy way to create a certificate from just a cert-PEM #43590
Comments
shadow-cs
added
the
api-suggestion
Dotnet-GitSync-Bot
added
area-System.Security
untriaged
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley |
|
The first case should be covered by the constructor that takes a path. For that one I think we wanted to avoid introducing a public method that does the same thing as the constructor. For the latter where you have PEM contents, I would agree that there is not a super straight forward API that does that.
There is also the new |
|
The only thing this API would add that the existing ctor doesn't do is support reading the PEM content from a string without passing it through Encoding.ASCII/Encoding.UTF8. (I guess it also would enforce that it's a plain PEM certificate, vs any of the zillions of other formats that the ctors support). I agree that it's not a negligible thing to have a PEM cert already in a string, but I'm not sure that it's worth creating confusion on the Is the scenario you want to solve actually "I have a PEM-encoded certificate in a string and want an X509Certificate2 object", or am I mis-projecting? |
Right @vcsjones! I added it just to be complete with the new static methods and didn't realize it was in the ctor also.
No @bartonjs you're exactly right. We're implementing a PKI with a custom CTLs (edit: and .NET5 is bringing a lot of improvements in handling chain verification etc. 😉) so parsing a single cert from string is what I need at this point. I did found some other helpers (thanks again @vcsjones for pointing at more). And I do agree that stripping the headers and decoding is simple enough but the method we need is sitting just right there. |
|
So namespace System.Security.Cryptography.X509Certificates
{
partial class X509Certificate2
{
public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem);
}
}seems to be all that's required for your scenario. It's pretty low development cost (rename the existing method, make it public) and has a scenario. Any dissenters? |
|
👍 @bartonjs that's just what we need. |
Seems good to me. |
bartonjs
added
api-ready-for-review
terrajobst
added
api-approved
namespace System.Security.Cryptography.X509Certificates
{
partial class X509Certificate2
{
public static X509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem);
}
} |
ghost
locked as resolved and limited conversation to collaborators
Uh oh!
There was an error while loading. Please reload this page.
Background and Motivation
#31944 was a great addition but it is sort of a shame we cannot use it just to create a cert from PEM without private key.
All that is needed is to expose
ExtractCertificateFromPempublicly.Proposed API
Usage Examples
Cases where I need a single certificate from PEM data that is already in a
System.StringorReadOnlySpan<char>.Alternatives
X509Certificate2Collection.ImportFromPemand extracting the single certificate.new X509Certificate2(Encoding.ASCII.GetBytes(certPem))The text was updated successfully, but these errors were encountered: