public async Task ItRoundTripsCert(string?password) { var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName())); var repo = new FileSystemCertificateRepository(dir, password); var writeCert = CreateTestCert("localhost"); await repo.SaveAsync(writeCert, default); var certs = await repo.GetCertificatesAsync(default);
public async Task ItCanSaveCertsWithoutPassword(string?password) { var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName())); var repo = new FileSystemCertificateRepository(dir, password); var cert = CreateTestCert("localhost"); var expectedFile = Path.Combine(dir.FullName, "certs", cert.Thumbprint + ".pfx"); await repo.SaveAsync(cert, default); Assert.NotNull(new X509Certificate2(expectedFile)); }
public async Task ItCreatesCertOnDiskAsync() { var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName())); var repo = new FileSystemCertificateRepository(dir, "testpassword"); var cert = CreateTestCert("localhost"); var expectedFile = Path.Combine(dir.FullName, cert.Thumbprint + ".pfx"); Assert.False(dir.Exists, "Directory should not exist yet created"); await repo.SaveAsync(cert, default); dir.Refresh(); Assert.True(dir.Exists, "Directory was created"); Assert.True(File.Exists(expectedFile), "Cert exists"); }
/// <summary> /// Save certificates and account data to a directory. /// Certificates are stored in the .pfx (PKCS #12) format in a subdirectory of <paramref name="directory"/>. /// Account key information is stored in a JSON format in a different subdirectory of <paramref name="directory"/>. /// </summary> /// <param name="builder"></param> /// <param name="directory">The root directory for storing information. Information may be stored in subdirectories.</param> /// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param> /// <returns></returns> public static ILettuceEncryptServiceBuilder PersistDataToDirectory( this ILettuceEncryptServiceBuilder builder, DirectoryInfo directory, string?pfxPassword) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } if (directory is null) { throw new ArgumentNullException(nameof(directory)); } var otherFileSystemRepoServices = builder .Services .Where(d => d.ServiceType == typeof(ICertificateRepository) && d.ImplementationInstance != null && d.ImplementationInstance.GetType() == typeof(FileSystemCertificateRepository)); foreach (var serviceDescriptor in otherFileSystemRepoServices) { var otherRepo = (FileSystemCertificateRepository)serviceDescriptor.ImplementationInstance !; if (otherRepo.RootDir.Equals(directory)) { if (otherRepo.PfxPassword != pfxPassword) { throw new ArgumentException($"Another file system repo has been configured for {directory}, but with a different password."); } return(builder); } } var implementationInstance = new FileSystemCertificateRepository(directory, pfxPassword); builder.Services .AddSingleton <ICertificateRepository>(implementationInstance) .AddSingleton <ICertificateSource>(implementationInstance); builder.Services.TryAddSingleton <IAccountStore>(services => new FileSystemAccountStore(directory, services.GetRequiredService <ILogger <FileSystemAccountStore> >(), services.GetRequiredService <ICertificateAuthorityConfiguration>())); return(builder); }
public async Task ItCreatesCertOnDiskAsync() { var dir = new DirectoryInfo(Path.Combine(AppContext.BaseDirectory, Path.GetRandomFileName())); var repo = new FileSystemCertificateRepository(dir, "testpassword"); var key = RSA.Create(2048); var csr = new CertificateRequest("CN=localhost", key, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); var cert = csr.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddHours(1)); var expectedFile = Path.Combine(dir.FullName, cert.Thumbprint + ".pfx"); Assert.False(dir.Exists, "Directory should not exist yet created"); await repo.SaveAsync(cert, default); dir.Refresh(); Assert.True(dir.Exists, "Directory was created"); Assert.True(File.Exists(expectedFile), "Cert exists"); }