public async Task ItRoundTripsCert(string?password)
{
var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName()));
var repo = new FileSystemCertificateRepository(dir, password);
var writeCert = CreateTestCert("localhost");
await repo.SaveAsync(writeCert, default);
var certs = await repo.GetCertificatesAsync(default);
public async Task ItCanSaveCertsWithoutPassword(string?password)
{
var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName()));
var repo = new FileSystemCertificateRepository(dir, password);
var cert = CreateTestCert("localhost");
var expectedFile = Path.Combine(dir.FullName, "certs", cert.Thumbprint + ".pfx");
await repo.SaveAsync(cert, default);
Assert.NotNull(new X509Certificate2(expectedFile));
}
public async Task ItCreatesCertOnDiskAsync()
{
var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName()));
var repo = new FileSystemCertificateRepository(dir, "testpassword");
var cert = CreateTestCert("localhost");
var expectedFile = Path.Combine(dir.FullName, cert.Thumbprint + ".pfx");
Assert.False(dir.Exists, "Directory should not exist yet created");
await repo.SaveAsync(cert, default);
dir.Refresh();
Assert.True(dir.Exists, "Directory was created");
Assert.True(File.Exists(expectedFile), "Cert exists");
}
/// <summary>
/// Save certificates and account data to a directory.
/// Certificates are stored in the .pfx (PKCS #12) format in a subdirectory of <paramref name="directory"/>.
/// Account key information is stored in a JSON format in a different subdirectory of <paramref name="directory"/>.
/// </summary>
/// <param name="builder"></param>
/// <param name="directory">The root directory for storing information. Information may be stored in subdirectories.</param>
/// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param>
/// <returns></returns>
public static ILettuceEncryptServiceBuilder PersistDataToDirectory(
this ILettuceEncryptServiceBuilder builder,
DirectoryInfo directory,
string?pfxPassword)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
if (directory is null)
{
throw new ArgumentNullException(nameof(directory));
}
var otherFileSystemRepoServices = builder
.Services
.Where(d => d.ServiceType == typeof(ICertificateRepository) &&
d.ImplementationInstance != null &&
d.ImplementationInstance.GetType() == typeof(FileSystemCertificateRepository));
foreach (var serviceDescriptor in otherFileSystemRepoServices)
{
var otherRepo = (FileSystemCertificateRepository)serviceDescriptor.ImplementationInstance !;
if (otherRepo.RootDir.Equals(directory))
{
if (otherRepo.PfxPassword != pfxPassword)
{
throw new ArgumentException($"Another file system repo has been configured for {directory}, but with a different password.");
}
return(builder);
}
}
var implementationInstance = new FileSystemCertificateRepository(directory, pfxPassword);
builder.Services
.AddSingleton <ICertificateRepository>(implementationInstance)
.AddSingleton <ICertificateSource>(implementationInstance);
builder.Services.TryAddSingleton <IAccountStore>(services => new FileSystemAccountStore(directory,
services.GetRequiredService <ILogger <FileSystemAccountStore> >(),
services.GetRequiredService <ICertificateAuthorityConfiguration>()));
return(builder);
}
public async Task ItCreatesCertOnDiskAsync()
{
var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName()));
var repo = new FileSystemCertificateRepository(dir, "testpassword");
var key = RSA.Create(2048);
var csr = new CertificateRequest("CN=localhost", key, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var cert = csr.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddHours(1));
var expectedFile = Path.Combine(dir.FullName, cert.Thumbprint + ".pfx");
Assert.False(dir.Exists, "Directory should not exist yet created");
await repo.SaveAsync(cert, default);
dir.Refresh();
Assert.True(dir.Exists, "Directory was created");
Assert.True(File.Exists(expectedFile), "Cert exists");
}
