如何将 BouncyCastle X509Certificate 转换为 X509Certificate2？

Question

Is there any way to convert a Org.BouncyCastle.X509.X509Certificate to System.Security.Cryptography.X509Certificates.X509Certificate2 ?

The inverse operation is easy, combining Org.BouncyCastle.X509.X509CertificateParser with System.Security.Cryptography.X509Certificates.X509Certificate2.Export() .

Answer 1

Easy!!

using B = Org.BouncyCastle.X509; //Bouncy certificates
using W = System.Security.Cryptography.X509Certificates;

W.X509Certificate2 certificate = new W.X509Certificate2(pdfCertificate.GetEncoded());

And now I can validate certificate chain in the server:

W.X509Chain ch = new W.X509Chain();
ch.ChainPolicy.RevocationMode = W.X509RevocationMode.NoCheck;
if (!ch.Build(certificate))
   res |= ErroresValidacion.CAInvalida; 

Useful to validate pdf certifcates extracted with iTextSharp.

Answer 2

From https://github.com/dotnet/corefx/wiki/ApiCompat :

Most users of X509Certificate and X509Certificate2 objects assume that the object is immutable except for the Reset()/Dispose() methods, the use of Import violates this assumption.

In other words, trying to use import throws an exception in .net core. You should now use:

new X509Certificate(cert.GetEncoded());

but, according to the .net API analyzer ( https://docs.microsoft.com/en-us/dotnet/standard/analyzers/api-analyzer ),

warning PC001: X509Certificate2.X509Certificate2(byte[]) isn't supported on macOS

Answer 3

I guess that is the best answer:

var cert = pdf.Certificates[0];//Org.BouncyCastle.X509.X509Certificate
        var cert50 = new X509Certificate();
        cert50.Import(cert.GetEncoded());