Certificate is not an RSA certificate when calling FromSigningCredentials for custom Azure B2C Invitation Policy

0
votes

I'm trying this custom invitation policy code for Azure B2C:

https://github.com/azure-ad-b2c/samples/tree/master/policies/invite#signup-with-email-invitation

I followed the step by step guide and created the certificate but when the code hits the method FromSigningCredentials it throws the exception Certificate is not an RSA certificate..

Here's the code:

public static JwksKeyModel FromSigningCredentials(X509SigningCredentials signingCredentials)
{
    X509Certificate2 certificate = signingCredentials.Certificate;

    // JWK cert data must be base64 (not base64url) encoded
    string certData = Convert.ToBase64String(certificate.Export(X509ContentType.Cert));

    // JWK thumbprints must be base64url encoded (no padding or special chars)
    string thumbprint = Base64UrlEncoder.Encode(certificate.GetCertHash());

    // JWK must have the modulus and exponent explicitly defined
    RSACng rsa = certificate.PublicKey.Key as RSACng;

    if (rsa == null)
    {
        throw new Exception("Certificate is not an RSA certificate.");
    }

    .
    .
    .

The certificate is loaded but after executing the line:

RSACng rsa = certificate.PublicKey.Key as RSACng;

rsa is null.

enter image description here

This happens locally and on Azure web site.

What am I missing here?

1
certificatersaazure-ad-b2csamplex509certificate2

1 Answers

3
votes

After some research I just found the following issue @ GitHub: https://github.com/dotnet/corefx/issues/26682

User bartonjs tells the following:

No one should ever call cert.PublicKey.Key; you should instead use cert.GetRSAPublicKey().

I replaced that line in my question with:

// JWK must have the modulus and exponent explicitly defined
RSACng rsa = certificate.GetRSAPublicKey() as RSACng;

Now I'm good to go...