public void TestListNotes()
{
var orderId = "123";
using (var server = new HttpServer(new RequestHandler
{
EstimatedMethod = "GET",
EstimatedPathAndQuery = $"/v1.0/accounts/{Helper.AccountId}/csrs/{orderId}/notes",
ContentToSend = new StringContent(TestXmlStrings.notesResponse2, Encoding.UTF8, "application/xml")
}))
{
var client = Helper.CreateClient();
var result = Csr.ListNotes(client, orderId).Result;
if (server.Error != null)
{
throw server.Error;
}
Assert.IsNotNull(result.List);
Assert.AreEqual(result.List.Length, 2);
Assert.AreEqual(result.List[0].Description, "This is a test note");
Assert.AreEqual(result.List[0].Id, "87037");
Assert.AreEqual(result.List[0].UserId, "jbm");
Assert.AreEqual(result.List[0].LastDateModifier, DateTime.Parse("2014-11-16T04:01:10.000"));
}
}
/// <summary>
/// Default implementation of saving a private key serializes as a JSON object.
/// </summary>
public virtual void SaveCsr(Csr csr, Stream target)
{
using (var w = new StreamWriter(target))
{
w.Write(JsonConvert.SerializeObject(csr));
}
}
/// <summary>
/// Default implementation of saving a private key serializes as a JSON object.
/// </summary>
public virtual void SaveCsr(Csr csr, Stream target)
{
using (var w = new StreamWriter(target))
{
w.Write(JsonConvert.SerializeObject(csr));
}
}
public override void ExportCsr(Csr csr, EncodingFormat fmt, Stream target)
{
string outform;
switch (fmt)
{
case EncodingFormat.PEM:
outform = "PEM";
break;
case EncodingFormat.DER:
outform = "DER";
break;
default:
throw new NotSupportedException("unsupported encoding format");
}
var tempSource = Path.GetTempFileName();
var tempTarget = Path.GetTempFileName();
try
{
File.WriteAllText(tempSource, csr.Pem);
RunCli($"req -inform PEM -in {tempSource} -outform {outform} -out {tempTarget}");
var targetBytes = File.ReadAllBytes(tempTarget);
target.Write(targetBytes, 0, targetBytes.Length);
}
finally
{
File.Delete(tempSource);
File.Delete(tempTarget);
}
}
public void Regular()
{
var tempFile = Path.GetTempFileName();
try
{
File.WriteAllText(tempFile, Csr);
var csrOptions = new CsrOptions()
{
CsrFile = tempFile
};
var log = new Mock.Services.LogService(false);
var pem = new PemService();
var csrPlugin = new Csr(log, pem, csrOptions);
var target = csrPlugin.Generate().Result;
Assert.IsNotNull(target);
Assert.IsFalse(target is INull);
Assert.IsTrue(target.Parts.Count() == 1);
Assert.IsTrue(target.Parts.First().Identifiers.OfType <IpIdentifier>().Count() == 3);
Assert.IsTrue(target.Parts.First().Identifiers.OfType <DnsIdentifier>().Count() == 2);
Assert.IsTrue(target.Parts.First().Identifiers.OfType <EmailIdentifier>().Count() == 1);
Assert.IsTrue(target.Parts.First().Identifiers.OfType <IpIdentifier>().Any(x => x.Value == "1.1.1.1"));
Assert.IsTrue(target.Parts.First().Identifiers.OfType <DnsIdentifier>().Any(x => x.Value == "www.win-acme.com"));
Assert.IsTrue(target.Parts.First().Identifiers.OfType <EmailIdentifier>().Any(x => x.Value == "*****@*****.**"));
}
finally
{
File.Delete(tempFile);
}
}
public void TryGenerateCSRCustomOID()
{
int rc;
KeyBlob keyBlob = new KeyBlob();
Template template = new Template();
Csr csr = new Csr();
byte[] output = new byte[Device.MAX_TPM_BUFFER];
string subject = "/C=US/ST=Oregon/L=Portland/SN=Development" +
"/O=wolfSSL/OU=RSA/CN=www.wolfssl.com" +
"/[email protected]";
string keyUsage = "serverAuth,clientAuth,codeSigning";
string custOid = "1.2.3.4.5";
string custOidVal = "This is NOT a critical extension";
Console.WriteLine("Testing generate CSR custom");
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.CreateKey(keyBlob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetSubject(subject);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetKeyUsage(keyUsage);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.SetCustomExtension(custOid, custOidVal, 0);
/* if custom OID support is not compiled in then test is
* inconclusive */
if (rc == (int)Status.NOT_COMPILED_IN)
{
device.UnloadHandle(keyBlob);
Assert.Inconclusive();
}
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
Assert.That(rc, Is.GreaterThan(0));
Console.WriteLine("CSR PEM {0} bytes", rc.ToString());
rc = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
public override int GetHashCode()
{
unchecked
{
int hashCode = base.GetHashCode();
hashCode = (hashCode * 397) ^ (Csr?.GetHashCode() ?? 0);
hashCode = (hashCode * 397) ^ (HighestCsr?.GetHashCode() ?? 0);
hashCode = (hashCode * 397) ^ MeasurementMatchesLeft;
hashCode = (hashCode * 397) ^ PlaylistId.GetHashCode();
return(hashCode);
}
}
public void TestReplace()
{
var orderId = "123";
var csr = new Csr
{
};
using (var server = new HttpServer(new RequestHandler
{
EstimatedMethod = "PUT",
EstimatedPathAndQuery = $"/v1.0/accounts/{Helper.AccountId}/csrs/{orderId}",
ContentToSend = new StringContent(TestXmlStrings.csrResponse, Encoding.UTF8, "application/xml")
}))
{
var client = Helper.CreateClient();
var result = Csr.Replace(client, orderId, csr).Result;
if (server.Error != null)
{
throw server.Error;
}
Assert.AreEqual(result.CustomerOrderId, "TEST BWDB-6506");
Assert.AreEqual(result.LastModifiedBy, "systemUser");
Assert.AreEqual(result.OrderCreateDate, "2020-01-13T21:14:35Z");
Assert.AreEqual(result.AccountId, "14");
Assert.AreEqual(result.OrderId, "5c3b8240-52b5-45a5-8d7d-42a71ebcd1ba");
Assert.AreEqual(result.LastModifiedDate, "2020-01-13T16:51:21.920Z");
Assert.AreEqual(result.Status, "COMPLETE");
Assert.AreEqual(result.AccountNumber, "987654321");
Assert.AreEqual(result.AccountTelephoneNumber, "9196194444");
Assert.AreEqual(result.EndUserName, "bandwidthGuy");
Assert.AreEqual(result.AuthorizingUserName, "importantAuthGuy");
Assert.AreEqual(result.CustomerCode, "123");
Assert.AreEqual(result.EndUserPIN, "12345");
Assert.AreEqual(result.EndUserPassword, "enduserpassword123");
Assert.AreEqual(result.AddressLine1, "900 Main Campus Dr");
Assert.AreEqual(result.City, "Raleigh");
Assert.AreEqual(result.State, "NC");
Assert.AreEqual(result.ZIPCode, "27612");
Assert.AreEqual(result.TypeOfService, "residential");
Assert.AreEqual(result.CsrData.AccountNumber, "123456789");
Assert.AreEqual(result.CsrData.CustomerName, "JOHN SMITH");
Assert.AreEqual(result.CsrData.WorkingTelephoneNumber, "9196191156");
Assert.AreEqual(result.CsrData.WorkingTelephoneNumbersOnAccount.Length, 1);
Assert.AreEqual(result.CsrData.WorkingTelephoneNumbersOnAccount[0], "9196191156");
Assert.IsNotNull(result.CsrData.ServiceAddress);
}
}
public override void ExportCsr(Csr csr, EncodingFormat fmt, Stream target)
{
string outform;
switch (fmt)
{
case EncodingFormat.PEM:
outform = "PEM";
break;
case EncodingFormat.DER:
outform = "DER";
break;
default:
throw new NotSupportedException("unsupported encoding format");
}
var ceReq = new CERTENROLLLib.CX509CertificateRequestCertificate();
ceReq.InitializeDecode(csr.Pem);
if (fmt == EncodingFormat.DER)
{
var bytes = EncodeRaw(ceReq.RawData[CERTENROLLLib.EncodingType.XCN_CRYPT_STRING_BINARY]);
target.Write(bytes, 0, bytes.Length);
}
else if (fmt == EncodingFormat.PEM)
{
var ceCsr = new CERTENROLLLib.CX509Enrollment();
ceCsr.InitializeFromRequest(ceReq);
var pem = ceCsr.CreateRequest(
CERTENROLLLib.EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER);
var bytes = Encoding.UTF8.GetBytes(pem);
target.Write(bytes, 0, bytes.Length);
}
else
{
throw new NotSupportedException("unsupported encoding format");
}
}
/// <summary>
/// Support exporting CSR to <see cref="EncodingFormat.PEM">PEM</see>
/// and <see cref="EncodingFormat.DER">DER</see> formats.
/// </summary>
public override void ExportCsr(Csr csr, EncodingFormat fmt, Stream target)
{
if (fmt == EncodingFormat.PEM)
{
var bytes = Encoding.UTF8.GetBytes(csr.Pem);
target.Write(bytes, 0, bytes.Length);
}
else if (fmt == EncodingFormat.DER)
{
using (var tr = new StringReader(csr.Pem))
{
PemReader pr = new PemReader(tr);
var bcCsr = (Pkcs10CertificationRequest)pr.ReadObject();
var derBytes = bcCsr.GetDerEncoded();
target.Write(derBytes, 0, derBytes.Length);
}
}
else
{
throw new NotSupportedException("encoding format has not been implemented");
}
}
public override Csr ImportCsr(EncodingFormat fmt, Stream source)
{
string inform;
switch (fmt)
{
case EncodingFormat.PEM:
inform = "PEM";
break;
case EncodingFormat.DER:
inform = "DER";
break;
default:
throw new NotSupportedException("unsupported encoding format");
}
var tempSource = Path.GetTempFileName();
var tempTarget = Path.GetTempFileName();
try
{
using (var fs = new FileStream(tempSource, FileMode.Create))
{
source.CopyTo(fs);
}
RunCli($"req -inform {inform} -in {tempSource} -outform PEM -out {tempTarget}");
var csr = new Csr(File.ReadAllText(tempTarget));
return(csr);
}
finally
{
File.Delete(tempSource);
File.Delete(tempTarget);
}
}
public void TestUpdateNote()
{
var orderId = "123";
var noteId = "note123";
var note = new Note
{
};
using (var server = new HttpServer(new RequestHandler
{
EstimatedMethod = "PUT",
EstimatedPathAndQuery = $"/v1.0/accounts/{Helper.AccountId}/csrs/{orderId}/notes/{noteId}",
}))
{
var client = Helper.CreateClient();
Csr.UpdateNote(client, orderId, noteId, note).Wait();
if (server.Error != null)
{
throw server.Error;
}
}
}
/// <summary>
/// Support exporting CSR to <see cref="EncodingFormat.PEM">PEM</see>
/// and <see cref="EncodingFormat.DER">DER</see> formats.
/// </summary>
public override void ExportCsr(Csr csr, EncodingFormat fmt, Stream target)
{
if (fmt == EncodingFormat.PEM)
{
var bytes = Encoding.UTF8.GetBytes(csr.Pem);
target.Write(bytes, 0, bytes.Length);
}
else if (fmt == EncodingFormat.DER)
{
using (var xr = new X509Request(csr.Pem))
{
using (var bio = BIO.MemoryBuffer())
{
xr.Write_DER(bio);
var arr = bio.ReadBytes((int)bio.BytesPending);
target.Write(arr.Array, arr.Offset, arr.Count);
}
}
}
else
{
throw new NotSupportedException("encoding format has not been implemented");
}
}
/// <summary>
/// Support importing CSR from <see cref="EncodingFormat.PEM">PEM</see>
/// and <see cref="EncodingFormat.DER">DER</see> formats.
/// </summary>
public override Csr ImportCsr(EncodingFormat fmt, Stream source)
{
if (fmt == EncodingFormat.PEM)
{
using (var r = new StreamReader(source))
{
using (var x509 = new X509Request(r.ReadToEnd()))
{
var csr = new Csr(x509.PEM);
return(csr);
}
}
}
else if (fmt == EncodingFormat.DER)
{
// TODO: Managed OpenSSL Library has not implemented
// d2i_X509_REQ_bio(...) routine yet
throw new NotImplementedException("x509 CSR export to DER has not yet been implemented");
}
else
{
throw new NotSupportedException("unsupported encoding format");
}
}
static void GenerateCertFiles(CertificateProvider provider, PrivateKey rsaKeys,
Csr csr, CertificateRequest request, string certificatesFolder, string domain)
{
var crt = default(Crt);
var keyGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-key.json");
Log.Debug($"Gerando arquivo: {keyGenFile}");
using (var fs = new FileStream(keyGenFile, FileMode.Create))
provider.SavePrivateKey(rsaKeys, fs);
var keyPemFile = Path.Combine(certificatesFolder, $"{domain}-key.pem");
Log.Debug($"Gerando arquivo: {keyPemFile}");
using (var fs = new FileStream(keyPemFile, FileMode.Create))
provider.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
var csrGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-csr.json");
Log.Debug($"Gerando arquivo: {csrGenFile}");
using (var fs = new FileStream(csrGenFile, FileMode.Create))
provider.SaveCsr(csr, fs);
var csrPemFile = Path.Combine(certificatesFolder, $"{domain}-csr.pem");
Log.Debug($"Gerando arquivo: {csrPemFile}");
using (var fs = new FileStream(csrPemFile, FileMode.Create))
provider.ExportCsr(csr, EncodingFormat.PEM, fs);
var crtDerFile = Path.Combine(certificatesFolder, $"{domain}-crt.der");
Log.Debug($"Gerando arquivo: {crtDerFile}");
using (var file = File.Create(crtDerFile))
request.SaveCertificate(file);
var crtPemFile = Path.Combine(certificatesFolder, $"{domain}-crt.pem");
var chainPemFile = Path.Combine(certificatesFolder, $"{domain}-chain.pem");
Log.Debug($"Gerando arquivo: {crtPemFile}");
Log.Debug($"Gerando arquivo: {chainPemFile}");
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.Create))
{
crt = provider.ImportCertificate(EncodingFormat.DER, source);
provider.ExportCertificate(crt, EncodingFormat.PEM, target);
}
var pemFile = DownloadIssuerCertificate(provider, request, ACME_API, certificatesFolder);
using (FileStream intermediate = new FileStream(pemFile, FileMode.Open),
certificate = new FileStream(crtPemFile, FileMode.Open),
chain = new FileStream(chainPemFile, FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
var crtPfxFile = Path.Combine(certificatesFolder, $"{domain}-all.pfx");
Log.Debug($"Gerando arquivo: {crtPfxFile}");
using (FileStream source = new FileStream(pemFile, FileMode.Open),
target = new FileStream(crtPfxFile, FileMode.Create))
{
try
{
var isuCrt = provider.ImportCertificate(EncodingFormat.PEM, source);
provider.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, string.Empty);
}
catch (Exception ex)
{
Log.Error($"Erro ao exportar o arquivo {crtPfxFile}", ex);
}
}
}
/// <summary>
/// Creates or modifies an existing certificate signing request.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// Name of the resource group
/// </param>
/// <param name='name'>
/// Name of the certificate.
/// </param>
/// <param name='csrEnvelope'>
/// Details of certificate signing request if it exists already.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <Csr> UpdateCsrAsync(this ICertificatesOperations operations, string resourceGroupName, string name, Csr csrEnvelope, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.UpdateCsrWithHttpMessagesAsync(resourceGroupName, name, csrEnvelope, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
private void GetCertificate()
{
Log.Information("Requesting Certificate");
using (CertificateProvider cp = CertificateProvider.GetProvider())
{
RsaPrivateKeyParams rsaPkp = new RsaPrivateKeyParams();
PrivateKey rsaKeys = cp.GeneratePrivateKey(rsaPkp);
CsrParams csrParams = new CsrParams
{
Details = new CsrDetails
{
CommonName = _options.HostName,
},
};
Csr csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);
byte[] derRaw;
using (MemoryStream bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
string derB64U = JwsHelper.Base64UrlEncode(derRaw);
CertificateRequest certReq = _acmeClient.RequestCertificate(derB64U);
if (certReq.StatusCode != HttpStatusCode.Created)
{
throw new Exception($"Request status = {certReq.StatusCode}");
}
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyGen], FileMode.Create))
cp.SavePrivateKey(rsaKeys, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyPem], FileMode.Create))
cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrGen], FileMode.Create))
cp.SaveCsr(csr, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrPem], FileMode.Create))
cp.ExportCsr(csr, EncodingFormat.PEM, fs);
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtDer]}");
using (FileStream file = File.Create(_options.WellKnownFilePaths[WellKnownFile.CrtDer]))
certReq.SaveCertificate(file);
Crt crt;
using (FileStream source = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtDer], FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Create))
{
crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
// To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
string isuPemFile = GetIssuerCertificate(certReq, cp);
using (FileStream intermediate = new FileStream(isuPemFile, FileMode.Open),
certificate = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Open),
chain = new FileStream(_options.WellKnownFilePaths[WellKnownFile.ChainPem], FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtPfx]}");
using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], FileMode.Create))
{
Crt isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, _options.PfxPassword);
}
}
}
public int Service_CsrSave(Csr csr)
{
return(DataAccess.Service.ServiceBook.Service_CsrSave(csr));
}
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var rsaPk = pk as CeRsaPrivateKey;
if (rsaPk != null)
{
var cePk = new CERTENROLLLib.CX509PrivateKey();
// MS_DEF_PROV
//cePk.ProviderName = "Microsoft Base Cryptographic Provider";
cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
// Don't store in the machine's local cert store and allow exporting of private key
cePk.MachineContext = false;
cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
cePk.Import(BCRYPT_PRIVATE_KEY_BLOB, rsaPk.Exported);
var ceReq = new CERTENROLLLib.CX509CertificateRequestCertificate();
ceReq.InitializeFromPrivateKey(
CERTENROLLLib.X509CertificateEnrollmentContext.ContextUser,
cePk, "");
// CN=Test Cert, OU=Sandbox
var subjParts = new[]
{
new { name = "C", value = csrParams?.Details?.Country },
new { name = "ST", value = csrParams?.Details?.StateOrProvince },
new { name = "L", value = csrParams?.Details?.Locality },
new { name = "O", value = csrParams?.Details?.Organization },
new { name = "OU", value = csrParams?.Details?.OrganizationUnit },
new { name = "CN", value = csrParams?.Details?.CommonName },
new { name = "E", value = csrParams?.Details?.Email },
};
// Escape any non-standard character
var re = new Regex("[^A-Za-z0-9\\._-]");
var subj = "";
foreach (var sp in subjParts)
{
if (!string.IsNullOrEmpty(sp.value))
{
var spVal = re.Replace(sp.value, "\\$0");
subj += $",{sp.name}={spVal}";
}
}
if (string.IsNullOrEmpty(subj))
{
throw new InvalidOperationException("invalid CSR details");
}
subj = subj.Substring(1); // Skip over the first comma
// http://msdn.microsoft.com/en-us/library/aa377051(VS.85).aspx
var subjDN = new CERTENROLLLib.CX500DistinguishedName();
subjDN.Encode(subj);
ceReq.Subject = subjDN;
if (csrParams.NotBefore != null)
{
ceReq.NotBefore = csrParams.NotBefore.Value;
}
if (csrParams.NotAfter != null)
{
ceReq.NotAfter = csrParams.NotAfter.Value;
}
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var mdOid = new System.Security.Cryptography.Oid(mdVal);
var mdAlg = new CERTENROLLLib.CObjectId();
mdAlg.InitializeFromValue(mdOid.Value);
ceReq.SignatureInformation.HashAlgorithm = mdAlg;
ceReq.Encode();
var csr = new Csr(ceReq.RawData);
return(csr);
}
else
{
throw new NotSupportedException("unsuppored private key type");
}
}
/// <summary>
/// Creates or modifies an existing certificate signing request.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// Name of the resource group
/// </param>
/// <param name='name'>
/// Name of the certificate.
/// </param>
/// <param name='csrEnvelope'>
/// Details of certificate signing request if it exists already.
/// </param>
public static Csr UpdateCsr(this ICertificatesOperations operations, string resourceGroupName, string name, Csr csrEnvelope)
{
return(Task.Factory.StartNew(s => ((ICertificatesOperations)s).UpdateCsrAsync(resourceGroupName, name, csrEnvelope), operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult());
}
public override void ExportCsr(Csr csr, EncodingFormat fmt, Stream target)
{
_cp.ExportCsr(csr, fmt, target);
}
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md)
{
var rsaPk = pk as RsaPrivateKey;
if (rsaPk != null)
{
var tempCfgFile = Path.GetTempFileName();
var tempKeyFile = Path.GetTempFileName();
var tempCsrFile = Path.GetTempFileName();
try
{
var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md);
var args = $"req -batch -new -keyform PEM -key {tempKeyFile} -{mdVal}";
args += $" -config {tempCfgFile} -outform PEM -out {tempCsrFile} -subj \"";
var subjParts = new[]
{
new { name = "C", value = csrParams?.Details?.Country },
new { name = "ST", value = csrParams?.Details?.StateOrProvince },
new { name = "L", value = csrParams?.Details?.Locality },
new { name = "O", value = csrParams?.Details?.Organization },
new { name = "OU", value = csrParams?.Details?.OrganizationUnit },
new { name = "CN", value = csrParams?.Details?.CommonName },
new { name = "emailAddress", value = csrParams?.Details?.Email },
};
// Escape any non-standard character
var re = new Regex("[^A-Za-z0-9\\._-]");
foreach (var sp in subjParts)
{
if (!string.IsNullOrEmpty(sp.value))
{
var spVal = re.Replace(sp.value, "\\$0");
args += $"/{sp.name}={spVal}";
}
}
args += "\"";
File.WriteAllText(tempKeyFile, rsaPk.Pem);
using (Stream source = Assembly.GetExecutingAssembly()
.GetManifestResourceStream(typeof(OpenSslCliProvider),
"OpenSslCliProvider_Config.txt"),
target = new FileStream(tempCfgFile, FileMode.Create))
{
source.CopyTo(target);
}
RunCli(args);
var csr = new Csr(File.ReadAllText(tempCsrFile));
return(csr);
}
finally
{
File.Delete(tempCfgFile);
File.Delete(tempKeyFile);
File.Delete(tempCsrFile);
}
}
throw new NotSupportedException("unsupported private key type");
}
