/// <summary>
/// Initializes a new instance of the CertificateBaseProperties class.
/// </summary>
/// <param name="thumbprintAlgorithm">The algorithm of the certificate
/// thumbprint.</param>
/// <param name="thumbprint">The thumbprint of the certificate.</param>
/// <param name="format">The format of the certificate - either Pfx or
/// Cer. If omitted, the default is Pfx. Possible values include:
/// 'Pfx', 'Cer'</param>
public CertificateBaseProperties(string thumbprintAlgorithm = default(string), string thumbprint = default(string), CertificateFormat format = default(CertificateFormat))
{
ThumbprintAlgorithm = thumbprintAlgorithm;
Thumbprint = thumbprint;
Format = format;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the
/// ServiceCertificateCreateParameters class with required arguments.
/// </summary>
public ServiceCertificateCreateParameters(byte[] data, CertificateFormat certificateFormat)
: this()
{
if (data == null)
{
throw new ArgumentNullException("data");
}
this.Data = data;
this.CertificateFormat = certificateFormat;
}
/// <summary>
/// Initializes a new instance of the
/// CertificateCreateOrUpdateParameters class.
/// </summary>
/// <param name="data">The base64-encoded contents of the
/// certificate.</param>
/// <param name="id">The ID of the resource.</param>
/// <param name="name">The name of the resource.</param>
/// <param name="type">The type of the resource.</param>
/// <param name="etag">The ETag of the resource, used for concurrency
/// statements.</param>
/// <param name="thumbprintAlgorithm">The algorithm of the certificate
/// thumbprint</param>
/// <param name="thumbprint">The thumbprint of the certificate</param>
/// <param name="format">The format of the certificate - either Pfx or
/// Cer. If omitted, the default is Pfx. Possible values include:
/// 'Pfx', 'Cer'</param>
/// <param name="password">The password to access the certificate's
/// private key.</param>
public CertificateCreateOrUpdateParameters(string data, string id = default(string), string name = default(string), string type = default(string), string etag = default(string), string thumbprintAlgorithm = default(string), string thumbprint = default(string), CertificateFormat format = default(CertificateFormat), string password = default(string))
: base(id, name, type, etag)
{
ThumbprintAlgorithm = thumbprintAlgorithm;
Thumbprint = thumbprint;
Format = format;
Data = data;
Password = password;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the
/// ServiceCertificateCreateParameters class with required arguments.
/// </summary>
public ServiceCertificateCreateParameters(byte[] data, CertificateFormat certificateFormat)
: this()
{
if (data == null)
{
throw new ArgumentNullException("data");
}
this.Data = data;
this.CertificateFormat = certificateFormat;
}
/// <summary>
/// Convert an enum of type CertificateFormat to a string.
/// </summary>
/// <param name='value'>
/// The value to convert to a string.
/// </param>
/// <returns>
/// The enum value as a string.
/// </returns>
internal static string CertificateFormatToString(CertificateFormat value)
{
if (value == CertificateFormat.Pfx)
{
return("pfx");
}
if (value == CertificateFormat.Cer)
{
return("cer");
}
throw new ArgumentOutOfRangeException("value");
}
internal static string ToSerializedValue(this CertificateFormat value)
{
switch (value)
{
case CertificateFormat.Pfx:
return("Pfx");
case CertificateFormat.Cer:
return("Cer");
}
return(null);
}
// ImportServerPki(nn::ssl::sf::CertificateFormat certificateFormat, buffer<bytes, 5> certificate) -> u64 certificateId
public ResultCode ImportServerPki(ServiceCtx context)
{
CertificateFormat certificateFormat = (CertificateFormat)context.RequestData.ReadUInt32();
ulong certificateDataPosition = context.Request.SendBuff[0].Position;
ulong certificateDataSize = context.Request.SendBuff[0].Size;
context.ResponseData.Write(_serverCertificateId++);
Logger.Stub?.PrintStub(LogClass.ServiceSsl, new { certificateFormat });
return(ResultCode.Success);
}
public CertificatesIssuer(IVaultClient client, VaultOptions options)
{
_client = client;
_options = options.Pki;
_mountPoint = string.IsNullOrWhiteSpace(_options.MountPoint)
? SecretsEngineDefaultPaths.PKI
: _options.MountPoint;
_certificateFormat = string.IsNullOrWhiteSpace(_options.CertificateFormat)
? CertificateFormat.pem
: Enum.Parse <CertificateFormat>(_options.CertificateFormat, true);
_privateKeyFormat = string.IsNullOrWhiteSpace(_options.PrivateKeyFormat)
? PrivateKeyFormat.der
: Enum.Parse <PrivateKeyFormat>(_options.PrivateKeyFormat, true);
}
/// <summary>
/// Initializes a new instance of the Certificate class.
/// </summary>
/// <param name="id">The ID of the resource.</param>
/// <param name="name">The name of the resource.</param>
/// <param name="type">The type of the resource.</param>
/// <param name="etag">The ETag of the resource, used for concurrency
/// statements.</param>
/// <param name="thumbprintAlgorithm">The algorithm of the certificate
/// thumbprint.</param>
/// <param name="thumbprint">The thumbprint of the certificate.</param>
/// <param name="format">The format of the certificate - either Pfx or
/// Cer. If omitted, the default is Pfx. Possible values include:
/// 'Pfx', 'Cer'</param>
/// <param name="provisioningState">The provisioned state of the
/// resource</param>
/// <param name="provisioningStateTransitionTime">The time at which the
/// certificate entered its current state.</param>
/// <param name="previousProvisioningState">The previous provisioned
/// state of the resource. Possible values include: 'Succeeded',
/// 'Deleting', 'Failed'</param>
/// <param name="previousProvisioningStateTransitionTime">The time at
/// which the certificate entered its previous state.</param>
/// <param name="publicData">The public key of the certificate.</param>
/// <param name="deleteCertificateError">The error which occurred while
/// deleting the certificate</param>
public Certificate(string id = default(string), string name = default(string), string type = default(string), string etag = default(string), string thumbprintAlgorithm = default(string), string thumbprint = default(string), CertificateFormat format = default(CertificateFormat), CertificateProvisioningState provisioningState = default(CertificateProvisioningState), System.DateTime?provisioningStateTransitionTime = default(System.DateTime?), CertificateProvisioningState previousProvisioningState = default(CertificateProvisioningState), System.DateTime?previousProvisioningStateTransitionTime = default(System.DateTime?), string publicData = default(string), DeleteCertificateError deleteCertificateError = default(DeleteCertificateError))
: base(id, name, type, etag)
{
ThumbprintAlgorithm = thumbprintAlgorithm;
Thumbprint = thumbprint;
Format = format;
ProvisioningState = provisioningState;
ProvisioningStateTransitionTime = provisioningStateTransitionTime;
PreviousProvisioningState = previousProvisioningState;
PreviousProvisioningStateTransitionTime = previousProvisioningStateTransitionTime;
PublicData = publicData;
DeleteCertificateError = deleteCertificateError;
CustomInit();
}
public async Task <RawCertificateData> ReadCACertificateAsync(CertificateFormat certificateFormat = CertificateFormat.der, string pkiBackendMountPoint = null)
{
var format = certificateFormat == CertificateFormat.pem ? "/" + CertificateFormat.pem : string.Empty;
var outputFormat = certificateFormat == CertificateFormat.pem
? CertificateFormat.pem
: CertificateFormat.der;
var result = await _polymath.MakeVaultApiRequest <string>(pkiBackendMountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.PKI, "/ca" + format, HttpMethod.Get, rawResponse : true).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
return(new RawCertificateData
{
CertificateContent = result,
EncodedCertificateFormat = outputFormat
});
}
public async Task <Secret <KMIPCredentials> > GetCredentialsAsync(string scopeName, string roleName, CertificateFormat format = CertificateFormat.pem, string mountPoint = null, string wrapTimeToLive = null)
{
Checker.NotNull(scopeName, "scopeName");
Checker.NotNull(roleName, "roleName");
return(await _polymath.MakeVaultApiRequest <Secret <KMIPCredentials> >(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KMIP, "/scope/" + scopeName.Trim('/') + "/role/" + scopeName.Trim('/') + "/credential/generate", HttpMethod.Post, new { format }, wrapTimeToLive : wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext));
}
/// <summary>
/// Initializes a new instance of the <see cref="VerbatimCertificateSigningRequestOptions"/> class.
/// </summary>
public VerbatimCertificateSigningRequestOptions()
{
CertificateFormat = CertificateFormat.pem;
}
/// <summary>
/// Initializes a new instance of the <see cref="VerbatimCertificateSigningRequestOptions"/> class.
/// </summary>
public VerbatimCertificateSigningRequestOptions()
{
CertificateFormat = CertificateFormat.pem;
}
/// <summary>
/// Initializes a new instance of the <see cref="CertificateRequestOptions"/> class.
/// </summary>
protected CertificateRequestOptions()
{
CertificateFormat = CertificateFormat.pem;
}
public static string ToSerialString(this CertificateFormat value) => value switch
{
/// <summary>
/// Initializes a new instance of the <see cref="CertificateRequestOptions"/> class.
/// </summary>
protected CertificateRequestOptions()
{
CertificateFormat = CertificateFormat.pem;
}
