-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Can not generate a .p12
Certificate in AL
#2516
Comments
I like that idea, but it'll have to get past our security reviewers. @WaelAbuSeada / @darjoo, do your thing 😊 Can you approve this? |
It's as such approved, but will you not run into the same problem as in these? |
Just putting it in writing here. Approved, and as Jesper linked, we have seen issues with methods that take in "ReadSpan " parameters. |
I am not sure yet, I have not given this a try. I will report back here if I can make a prototype work first, before even starting to work on a final version |
We'll add it to the list of reasons why we need to look into this. |
@SBalslev for info. This is the third issue blocked by the "ReadSpan issue". Mayday! We need compiler support 🤙 |
@StefanMaron, Steffen returned with the following suggestion, which can be implemented in the app: "Create an app addin/dotnet wrapper that takes a string, converts it to the readspan and calls the required method. I haven't tried or thought this through in any way, but wondered if you'd be keep to give this a shot? |
Describe the issue
Some APIs require Client Certificate Authentication which means that I need to provide a certificate that contains the private key and is protected with a password.
The
HTTPClient.AddCertificate()
does support that already today.https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/methods-auto/httpclient/httpclient-addcertificate-secrettext-secrettext-method
If I let the user upload the
.p12
certificate and the password, I can call the API with the client certificate auth without issues.However, it would be much better if I create a Certificate Signing Request in AL (which is possible today), get the certificate created for me, and then create the
.p12
certificate inside Business central.That way, the primary key does not have to leave BC.
Expected behavior
Here is mock for how that could look like:
The fix would include exposing
RSA.FromSecretXmlString
,X509Certificate2.CreateFromPem
andX509Certificate2.Export
with just small adjustments to use theX509ContentType
Enum and return a base64 for easier handlinghttps://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsa.fromxmlstring?view=net-9.0
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.createfrompem?view=net-9.0
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate.export?view=net-9.0#system-security-cryptography-x509certificates-x509certificate-export(system-security-cryptography-x509certificates-x509contenttype-system-security-securestring)
Steps to reproduce
See description above
Additional context
No response
I will provide a fix for a bug
The text was updated successfully, but these errors were encountered: