After extensive investation. I found the culprit was the X509SerialNumber. The issue was: my code returned a negative BigInt value for the serial number.
The solution in my case was the following C# method which got the correct X509SerialNumber number. By the way this code was written for me by Google AI.
public static BigInteger GetPositiveSerialNumber(X509Certificate2 certificate)
{
// Get the serial number as a byte array.
// The GetSerialNumber() method returns the bytes in little-endian order.
byte serialNumberBytes = certificate.GetSerialNumber();
// If the most significant byte has its high bit set, BigInteger will
// interpret the value as negative. To prevent this, append a zero byte.
// The most significant byte is the last byte in little-endian order.
if ((serialNumberBytes.LastOrDefault() & 0x80) != 0)
{
// Append a 0-byte to the end of the little-endian array.
serialNumberBytes = serialNumberBytes.Concat(new byte { 0 }).ToArray();
}
// The BigInteger constructor requires a byte array in little-endian format.
// It correctly handles little-endian, so we don’t need to reverse it.
return new BigInteger(serialNumberBytes);
}
Use the namespace: System.Numerics.BigInteger.
The Zatca API was not validating this earlier. They should have informed us about new validations requirements. So that we can save time fixing it.
Hope this will help any one effected with this issue.
Thank you.