Beispiel #1
0
        public static ChannelCredentials CreateChannelCredentials(
            bool useTls,
            [CanBeNull] string clientCertificate = null)
        {
            if (!useTls)
            {
                _logger.LogDebug("Using insecure channel credentials");

                return(ChannelCredentials.Insecure);
            }

            string rootCertificatesAsPem =
                CertificateUtils.GetUserRootCertificatesInPemFormat();

            KeyCertificatePair sslClientCertificate = null;

            if (!string.IsNullOrEmpty(clientCertificate))
            {
                KeyPair keyPair = CertificateUtils.FindKeyCertificatePairFromStore(
                    clientCertificate, new[]
                {
                    X509FindType.FindBySubjectDistinguishedName,
                    X509FindType.FindByThumbprint,
                    X509FindType.FindBySubjectName
                }, StoreName.My, StoreLocation.CurrentUser);

                if (keyPair != null)
                {
                    _logger.LogDebug("Using client-side certificate");

                    sslClientCertificate =
                        new KeyCertificatePair(keyPair.PublicKey, keyPair.PrivateKey);
                }
                else
                {
                    throw new ArgumentException(
                              $"Could not usable find client certificate {clientCertificate} in certificate store.");
                }
            }

            var result = new SslCredentials(rootCertificatesAsPem, sslClientCertificate);

            return(result);
        }
Beispiel #2
0
        /// <summary>
        ///     Creates the server credentials using either two PEM files or a certificate from the
        ///     Certificate Store.
        /// </summary>
        /// <param name="certificate">
        ///     The certificate store's certificate (subject or thumbprint)
        ///     or the PEM file containing the certificate chain.
        /// </param>
        /// <param name="privateKeyFilePath">
        ///     The PEM file containing the private key (only if the
        ///     certificate was provided by a PEM file
        /// </param>
        /// <param name="enforceMutualTls">Enforce client authentication.</param>
        /// <returns></returns>
        public static ServerCredentials GetServerCredentials(
            [CanBeNull] string certificate,
            [CanBeNull] string privateKeyFilePath,
            bool enforceMutualTls = false)
        {
            if (string.IsNullOrEmpty(certificate))
            {
                _logger.LogInformation("Certificate was not provided. Using insecure credentials.");

                return(ServerCredentials.Insecure);
            }

            KeyPair certificateKeyPair =
                TryGetServerCertificateKeyPair(certificate, privateKeyFilePath);

            if (certificateKeyPair == null)
            {
                return(ServerCredentials.Insecure);
            }

            List <KeyCertificatePair> keyCertificatePairs =
                new List <KeyCertificatePair>
            {
                new KeyCertificatePair(
                    certificateKeyPair.PublicKey, certificateKeyPair.PrivateKey)
            };

            string rootCertificatesAsPem =
                CertificateUtils.GetUserRootCertificatesInPemFormat();

            // If not required, still verify the client certificate, if presented
            var clientCertificates =
                enforceMutualTls
                                        ? SslClientCertificateRequestType.RequestAndRequireAndVerify
                                        : SslClientCertificateRequestType.RequestAndVerify;

            ServerCredentials result = new SslServerCredentials(
                keyCertificatePairs, rootCertificatesAsPem,
                clientCertificates);

            return(result);
        }