Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NullReferenceException in CertificateUtil #2

Open
ChrWeinert opened this issue Jul 10, 2018 · 2 comments
Open

NullReferenceException in CertificateUtil #2

ChrWeinert opened this issue Jul 10, 2018 · 2 comments
Assignees
@rwatjen

Comments

@ChrWeinert
Copy link

The call
dotnet run -- createcertchain -s "My CA" -p mypassword -i 3
results in the following Runtime error:

Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at RW.DPSCertificateTool.CertificateUtil.CreateCaCertificate(String subjectName, String certificatePassword, X509Certificate2 issuingCa) in C:\source\local\AzureIoTDPSCertificates-master\AzureIoTDPSCertificates-master\src\DPSCertificateTool\CertificateUtil.cs:line 73
at RW.DPSCertificateTool.CreateCertChain.OnExecute() in C:\source\local\AzureIoTDPSCertificates-master\AzureIoTDPSCertificates-master\src\DPSCertificateTool\CreateCertChain.cs:
@ChrWeinert
Copy link
Author

I found the Problem and solution within the CreateCaCertificate-Method of the CertificateUtil-Class:

if (issuingCa != null)
{
// set the AuthorityKeyIdentifier. There is no built-in
// support, so it needs to be copied from the Subject Key
// Identifier of the signing certificate and massaged slightly.
// AuthorityKeyIdentifier is "KeyID="
// var issuerSubjectKey = issuingCa.Extensions["Subject Key Identifier"].RawData;
byte[] issuerSubjectKey = null;
foreach (var item in issuingCa.Extensions)
{
if(item.Oid.Value == "2.5.29.14")
{
issuerSubjectKey = item.RawData;
break;
}
}

               var segment = new ArraySegment<byte>(issuerSubjectKey, 2, issuerSubjectKey.Length - 2);
                var authorityKeyIdentifier = new byte[segment.Count + 4];
                // these bytes define the "KeyID" part of the AuthorityKeyIdentifer
                authorityKeyIdentifier[0] = 0x30;
                authorityKeyIdentifier[1] = 0x16;
                authorityKeyIdentifier[2] = 0x80;
                authorityKeyIdentifier[3] = 0x14;
                segment.CopyTo(authorityKeyIdentifier, 4);
                request.CertificateExtensions.Add(new X509Extension("2.5.29.35", authorityKeyIdentifier, false));
            } [Configuration.CA].RawData;

@rwatjen rwatjen self-assigned this Jul 23, 2018
@rwatjen
Copy link
Owner

rwatjen commented Jul 23, 2018

Sorry for the late response, I've been offline on vacation.

I am unable to reproduce the problem. The extension with OID 2.5.29.14 is "Subject Key Identifier" (as you already knew).
I don't know why that shouldn't have a name on your computer, or has it perhaps been localized?

What are the properties of the 2.5.29.14 extension on your computer, specifically the item.Oid.FriendlyName ?

@shaeussler shaeussler mentioned this issue Feb 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwatjen rwatjen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rwatjen @ChrWeinert