private void OnCertRefresh(CertificateOptions cert) { if (CloudFoundryInstanceCertificate.TryParse(cert.Certificate, out var cfCert, _logger)) { _cloudFoundryCertificate = cfCert; } }
/// <summary> /// Returns a <see cref="ConfigServerConfigurationProvider"/> configured using the values from this <see cref="ConfigServerConfigurationSource"/> /// </summary> /// <param name="builder">not required</param> /// <returns>configuration provider</returns> public virtual IConfigurationProvider Build(IConfigurationBuilder builder) { if (Configuration == null) { // Create our own builder to build sources ConfigurationBuilder configBuilder = new ConfigurationBuilder(); foreach (IConfigurationSource s in _sources) { configBuilder.Add(s); } // Use properties provided foreach (var p in _properties) { configBuilder.Properties.Add(p); } // Create configuration Configuration = configBuilder.Build(); } var certificateSource = _sources.FirstOrDefault(cSource => cSource is ICertificateSource); if (certificateSource != null && DefaultSettings.ClientCertificate == null) { var certConfigurer = Activator.CreateInstance((certificateSource as ICertificateSource).OptionsConfigurer, Configuration) as IConfigureNamedOptions <CertificateOptions>; var certOptions = new CertificateOptions(); certConfigurer.Configure(certOptions); DefaultSettings.ClientCertificate = certOptions.Certificate; } return(new ConfigServerConfigurationProvider(this)); }
internal override int TrustAllCertificates(SafeHandle ld, CertificateOptions certificateType) { var value = (int)Native.LdapOption.LDAP_OPT_X_TLS_ALLOW; return(ldap_set_option(new LdapHandle(IntPtr.Zero), (int)Native.LdapOption.LDAP_OPT_X_TLS_REQUIRE_CERT, ref value)); }
private static X509Certificate2 LoadCertificate(CertificateOptions options) { if (options != null) { if (options.Store != null && options.Location != null) { using (var store = new X509Store(options.Store, Enum.Parse <StoreLocation>(options.Location))) { store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find( X509FindType.FindBySubjectName, options.Subject, validOnly: !options.AllowInvalid); if (certificate.Count == 0) { throw new InvalidOperationException($"Certificate not found for {options.Subject}."); } return(certificate[0]); } } if (options.Path != null && options.Password != null) { return(new X509Certificate2(options.Path, options.Password)); } } throw new InvalidOperationException("No valid certificate configuration found for the current endpoint."); }
private CertificateOptions DefineCertificateCommand(ArgumentSyntax syntax) { var options = new CertificateOptions(); syntax.DefineCommand("cert", ref command, Command.Certificate, "Authorization"); syntax.DefineOption("n|name", ref options.Name, "Friendly name of the cert."); syntax.DefineOption("dn|distinguished-name", ref options.DistinguishedName, $"The distinguished name of the cert."); syntax.DefineOptionList("v|value", ref options.Values, $"The distinguished name of the cert."); syntax.DefineOption("value-path", ref options.ValuesFile, $"The subject alt names."); syntax.DefineOption("cer|export-cer", ref options.ExportCer, "Path to export PEM cer."); syntax.DefineOption("export-key", ref options.ExportKey, "Path to export PEM key."); syntax.DefineOption("pfx|export-pfx", ref options.ExportPfx, "Path to export pfx."); syntax.DefineOption("revoke", ref options.RevokeCer, "Revoke certificate."); syntax.DefineOption("pw|password", ref options.Password, "Password for the pfx."); syntax.DefineOption("full-chain-off", ref options.NoChain, "Skip full cert chain."); syntax.DefineOption("server", ref options.Server, s => new Uri(s), $"ACME Directory Resource URI. (default: {options.Server})"); syntax.DefineOption("p|path", ref options.Path, $"File path used to load/save the registration. (default: {options.Path})"); syntax.DefineOption("f|force", ref options.Force, $"Force"); return(options); }
public static X509Certificate2 LoadCertificate(IServiceCollection services) { var openIdOptions = services.BuildServiceProvider().GetRequiredService <OIDCAuthorizationServerOptions>(); CertificateOptions options = openIdOptions.SigningCertificate; if (options != null) { if (options.Store != null && options.Location != null) { using (var store = new X509Store(options.Store, (StoreLocation)Enum.Parse(typeof(StoreLocation), options.Location))) { store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find( X509FindType.FindBySubjectName, options.Subject, validOnly: !options.AllowInvalid); if (certificate.Count == 0) { throw new InvalidOperationException($"Certificate not found for {options.Subject}."); } return(certificate[0]); } } } throw new InvalidOperationException("No valid certificate configuration found for the current endpoint."); }
public async Task <Certificate> Select(CertificateOptions certificate) { var param = new DynamicParameters(); param.Add("@Number", certificate.Number); param.Add("@Status", certificate.Status); param.Add("@Scheme", certificate.Number); param.Add("@SubScheme", certificate.SubScheme); param.Add("@CustomerID", certificate.CustomerID); param.Add("@PremiseID", certificate.PremiseID); var mapper = new CertificateMapper(); return((await SqlMapper.QueryAsync(_unitOfWork.Connection, "SelectCertificateFull", new[] { typeof(Certificate), typeof(Premise), typeof(Customer) }, obj => { Certificate ce = obj[0] as Certificate; Premise pr = obj[1] as Premise; Customer cu = obj[2] as Customer; return mapper.Map(ce, pr, cu); }, param, splitOn: "PremiseID,CustomerID", commandType: CommandType.StoredProcedure, transaction: _unitOfWork.Transaction)).FirstOrDefault()); }
public IOfferInfrastructure FromStore(X509FindType findType, string findValue, Action <IOfferCertificateOptions> options) { var certOpt = new CertificateOptions(); options(certOpt); var certOp = new CertificateFromStoreOperation(findType, findValue, certOpt); var compositeSequence = _infrastructureSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return(_infrastructureBuilder); }
/// <summary> /// Will deploy certificate found by find type and find value from the local certificate store, to remote certificate store on server with provided options. /// </summary> /// <param name="findType"></param> /// <param name="findValue"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteConfiguration FromStore(this IOfferSslInfrastructure sslInfra, X509FindType findType, string findValue, Action <IOfferCertificateOptions> options) { var infraBuilder = ((SslInfrastructureBuilder)sslInfra).InfrastructureBuilder; var certOpt = new CertificateOptions(); options(certOpt); var certOp = new CertificateFromStoreOperation(findType, findValue, certOpt); Configure.Operation(infraBuilder, certOp); return(infraBuilder); }
public IOfferInfrastructure FromFile(string path, string password, Action <IOfferCertificateOptions> options) { var certOpt = new CertificateOptions(); options(certOpt); var certOp = new CertificateFromFileOperation(path, password, certOpt); var compositeSequence = _infrastructureSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return(_infrastructureBuilder); }
/// <summary> /// Will deploy certificate from local file path given correct password for private key, and deploy to certificate store on remote server with provided options. /// </summary> /// <param name="path"></param> /// <param name="password"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteConfiguration FromFile(this IOfferSslInfrastructure sslInfra, string path, string password, Action <IOfferCertificateOptions> options) { var infraBuilder = ((SslInfrastructureBuilder)sslInfra).InfrastructureBuilder; var certOpt = new CertificateOptions(); options(certOpt); var certOp = new CertificateFromFileOperation(path, password, certOpt); Configure.Operation(infraBuilder, certOp); return(infraBuilder); }
/// <summary> /// Will deploy certificate from local file path given correct password for private key, and deploy to certificate store on remote server with provided options. /// </summary> /// <param name="remoteCert"></param> /// <param name="path"></param> /// <param name="password"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteDeployment FromFile(this IOfferRemoteCertDeployment remoteCert, string path, string password, Action <IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var certOp = new CertificateFromFileOperation(path, password, certOptions); OperationExecutor.Execute((RemoteBuilder)remoteCert, certOp); return(((RemoteCertDeploymentBuilder)remoteCert).RemoteDeployment); }
/// <summary> /// Will deploy certificate found by find type and find value from the local certificate store, to remote certificate store on server with provided options. /// </summary> /// <param name="remoteCert"></param> /// <param name="findType"></param> /// <param name="findValue"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteDeployment FromStore(this IOfferRemoteCertDeployment remoteCert, X509FindType findType, string findValue, Action <IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var certOp = new CertificateFromStoreOperation(findType, findValue, certOptions); OperationExecutor.Execute((RemoteBuilder)remoteCert, certOp); return(((RemoteCertDeploymentBuilder)remoteCert).RemoteDeployment); }
/// <summary> /// Will deploy certificate from local file path given correct password for private key, and deploy to certificate store on remote server with provided options. /// </summary> /// <param name="path"></param> /// <param name="password"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteDeployment FromFile(this IOfferRemoteCertDeployment remoteCert, string path, string password, Action <IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var remoteCertBuilder = ((RemoteCertDeploymentBuilder)remoteCert).RemoteDeployment; var certOp = new CertificateFromFileOperation(path, password, certOptions); Configure.Operation(remoteCertBuilder, certOp); return(remoteCertBuilder); }
public IOfferRemoteDeployment FromStore(X509FindType findType, string findValue, Action <IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var certOp = new CertificateFromStoreOperation(findType, findValue, certOptions); var compositeSequence = _remoteSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return(_remoteDeploymentBuilder); }
public IOfferRemoteDeployment FromFile(string path, string password, Action <IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var certOp = new CertificateFromFileOperation(path, password, certOptions); var compositeSequence = _remoteSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return(_remoteDeploymentBuilder); }
internal override int TrustAllCertificates(SafeHandle ld, CertificateOptions certificateType) { var sslEnabled = 0; ThrowIfError(ldap_get_option(ld, (int)Native.LdapOption.LDAP_OPT_SSL, ref sslEnabled), nameof(ldap_get_option)); if (sslEnabled == 0 && certificateType == CertificateOptions.SslTls) { sslEnabled = 1; ThrowIfError(ldap_set_option(ld, (int)Native.LdapOption.LDAP_OPT_SSL, ref sslEnabled), nameof(ldap_set_option)); } return(ldap_set_option(ld, (int)Native.LdapOption.LDAP_OPT_SERVER_CERTIFICATE, Marshal.GetFunctionPointerForDelegate <VERIFYSERVERCERT>((connection, serverCert) => true))); }
public void AddPemFiles_ReadsFiles_CreatesCertificate() { var config = new ConfigurationBuilder() .AddPemFiles("instance.crt", "instance.key") .Build(); Assert.NotNull(config["certificate"]); Assert.NotNull(config["privateKey"]); var pemConfig = new PemConfigureCertificateOptions(config); var opts = new CertificateOptions(); pemConfig.Configure(opts); Assert.NotNull(opts.Certificate); Assert.Equal(Microsoft.Extensions.Options.Options.DefaultName, opts.Name); Assert.True(opts.Certificate.HasPrivateKey); }
public void ConfigureCertificateOptions_NoPath_NoCertificate() { var config = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary <string, string> { { "certificate", string.Empty } }) .Build(); Assert.NotNull(config["certificate"]); var pkcs12Config = new ConfigureCertificateOptions(config); var opts = new CertificateOptions(); pkcs12Config.Configure(opts); Assert.Null(opts.Certificate); Assert.Equal(Microsoft.Extensions.Options.Options.DefaultName, opts.Name); }
public void ConfigureCertificateOptions_ReadsFile_CreatesCertificate() { // Skipped on Mac due to inability to open a PKCS#12 with no password // https://github.com/dotnet/runtime/issues/23635 var config = new ConfigurationBuilder() .AddCertificateFile("instance.p12") .Build(); Assert.NotNull(config["certificate"]); var pkcs12Config = new ConfigureCertificateOptions(config); var opts = new CertificateOptions(); pkcs12Config.Configure(opts); Assert.NotNull(opts.Certificate); Assert.Equal(Microsoft.Extensions.Options.Options.DefaultName, opts.Name); Assert.True(opts.Certificate.HasPrivateKey); }
public StartupCertificateLoader(string named, IServiceProvider sp) { _httpChallenge = sp.GetRequiredService <HttpChallenge>(); _certificateValidator = sp.GetRequiredService <ICertificateValidator>(); _accountOptions = sp.GetRequiredService <IOptionsMonitor <AcmeAccountOptions> >().Get(named); _certificateOptions = sp.GetRequiredService <IOptionsMonitor <CertificateOptions> >().Get(named); _developmentCertificate = sp.GetRequiredService <DevelopmentCertificate>(); _stores = sp.GetRequiredService <IEnumerable <ICertificateStore> >(); _certificateSelector = sp.GetRequiredService <KestrelCertificateSelector>(); _server = sp.GetRequiredService <IServer>(); _config = sp.GetRequiredService <IConfiguration>(); _logger = sp.GetRequiredService <ILogger <StartupCertificateLoader> >(); }
public async Task <IEnumerable <Certificate> > Select(CertificateOptions options) { var param = new DynamicParameters(); param.Add("@Number", options.Number); param.Add("@Status", options.Status); param.Add("@Scheme", options.Scheme); param.Add("@SubScheme", options.SubScheme); param.Add("@CustomerID", options.CustomerID); param.Add("@PremiseID", options.PremiseID); param.Add("@IsDeleted", options.IsDeleted); return((await SqlMapper.QueryAsync <Certificate>(_unitOfWork.Connection, "SelectCertificateBasic", param, commandType: CommandType.StoredProcedure, transaction: _unitOfWork.Transaction)).ToList()); }
private async Task <X509Certificate2?> CreateAcmeOrder( string domainName, HttpChallenge httpChallenge, CertificateOptions certificateOptions, ICertificateStore store, CancellationToken cancellationToken) { var certificateBytes = await httpChallenge.GetCertificateAsync(store.NamedOption, cancellationToken); if (certificateBytes == null) { return(await Task.FromResult <X509Certificate2?>(null)); } await store.SaveAsync(certificateBytes, domainName, cancellationToken); #pragma warning disable CA2000 // Dispose objects before losing scope return(await Task.FromResult(new X509Certificate2(certificateBytes, certificateOptions?.CertificatePassword ?? string.Empty))); #pragma warning restore CA2000 // Dispose objects before losing scope }
private async Task <byte[]> AcquireCertificateBytesFromOrderAsync( IOrderContext order, AcmeOrderOptions orderOptions, AcmeAccountOptions accountOptions, CertificateOptions certificateOptions) { _logger.LogInformation("[LetsEncrypt][Certificate] Acquiring certificate through signing request."); var privateKey = KeyFactory.NewKey((Certes.KeyAlgorithm)orderOptions.KeyAlgorithm); if (orderOptions?.CertificateSigningRequest == null) { var commonName = accountOptions.Domains[0]; _logger.LogDebug("Creating cert for {commonName}", commonName); var csrInfo = new CsrInfo { CommonName = commonName, }; if (orderOptions != null) { orderOptions.CertificateSigningRequest = csrInfo; } } var certificateChain = await order.Generate(orderOptions?.CertificateSigningRequest, privateKey); var pfxBuilder = certificateChain.ToPfx(privateKey); pfxBuilder.FullChain = true; var pfxBytes = pfxBuilder.Build( $"Let's Encrypt - {accountOptions.Domains[0]} ", certificateOptions?.CertificatePassword ?? string.Empty); _logger.LogInformation("[LetsEncrypt][Certificate] Certificate acquired."); return(pfxBytes); }
private void RotateCert(CertificateOptions newCert) { if (newCert.Certificate == null) { return; } var personalCertStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); var authorityCertStore = new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser); personalCertStore.Open(OpenFlags.ReadWrite); authorityCertStore.Open(OpenFlags.ReadWrite); if (_lastValue != null) { personalCertStore.Certificates.Remove(_lastValue.Certificate); } personalCertStore.Certificates.Add(newCert.Certificate); personalCertStore.Close(); authorityCertStore.Close(); _lastValue = _certificateOptions.CurrentValue; }
public CertificateFromFileOperation(string path, string password, CertificateOptions certOptions = null) { _path = path; _password = password; _certOptions = certOptions; }
public CertificateFromStoreOperation(X509FindType findType, string findValue, CertificateOptions certOptions = null) { _findType = findType; _findValue = findValue; _certOptions = certOptions; }
internal abstract int TrustAllCertificates(SafeHandle ld, CertificateOptions certificateType = CertificateOptions.SslTls);
public async Task <bool> Process(string[] args) { try { ArgumentSyntax.Parse(args, syntax => { syntax.HandleErrors = false; registerOptions = DefineRegisterCommand(syntax); authorizationOptions = DefineAuthorizationCommand(syntax); certificateOptions = DefineCertificateCommand(syntax); }); } catch (ArgumentSyntaxException ex) { consoleLogger.Error(ex.Message); } jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver(), NullValueHandling = NullValueHandling.Ignore }; jsonSettings.Converters.Add(new StringEnumConverter()); #if DEBUG formatting = Formatting.Indented; #endif try { switch (command) { case Command.Register: await this.ProcessCommand <RegisterCommand, RegisterOptions>(new RegisterCommand(registerOptions, this.consoleLogger)); break; case Command.Authorization: await this.ProcessCommand <AuthorizationCommand, AuthorizationOptions>(new AuthorizationCommand(authorizationOptions, this.consoleLogger)); break; case Command.Certificate: await this.ProcessCommand <CertificateCommand, CertificateOptions>(new CertificateCommand(certificateOptions, this.consoleLogger)); break; } return(true); } catch (AggregateException ex) { foreach (var err in ex.InnerExceptions) { consoleLogger.Error(err, err.Message); } } catch (Exception ex) { consoleLogger.Error(ex, ex.Message); } return(false); }
/// <summary>Constructor.</summary> /// <exception cref="ArgumentNullException"> Thrown when one or more required arguments are /// null. </exception> /// <param name="options"> Options for controlling the operation. </param> public CertificateCredentialStore(CertificateOptions options) { _options = options ?? throw new ArgumentNullException(nameof(options)); }