/// <inheritdoc/>
public async Task Init()
{
var certificateGroupCollection = await GetCertificateGroupConfigurationCollection().ConfigureAwait(false);
foreach (var certificateGroupConfiguration in certificateGroupCollection)
{
KeyVaultCertificateGroupProvider certificateGroup = null;
try
{
certificateGroup = KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, certificateGroupConfiguration, _servicesConfig.ServiceHost);
await certificateGroup.Init().ConfigureAwait(false);
#if LOADPRIVATEKEY
// test if private key can be loaded
await certificateGroup.LoadSigningKeyAsync(null, null);
#endif
continue;
}
catch (Exception ex)
{
_log.Error("Failed to initialize certificate group. ", () => new { ex });
if (certificateGroup == null)
{
throw ex;
}
}
_log.Error("Create new issuer CA certificate for group. ", () => new { certificateGroup });
if (!await certificateGroup.CreateIssuerCACertificateAsync().ConfigureAwait(false))
{
_log.Error("Failed to create issuer CA certificate. ", () => new { certificateGroup });
}
}
}
/// <inheritdoc/>
public async Task <X509Certificate2Collection> GetIssuerCACertificateChainAsync(string id, string thumbPrint = null, string nextPageLink = null, int?pageSize = null)
{
// TODO: implement paging (low priority, only when long chains are expected)
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
return(new X509Certificate2Collection(await certificateGroup.GetIssuerCACertificateAsync(id, thumbPrint).ConfigureAwait(false)));
}
/// <inheritdoc/>
public async Task <Opc.Ua.X509CRL> RevokeCertificateAsync(string id, X509Certificate2 certificate)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
await certificateGroup.RevokeCertificateAsync(certificate).ConfigureAwait(false);
return(certificateGroup.Crl);
}
/// <inheritdoc/>
public async Task <X509Certificate2> CreateIssuerCACertificateAsync(string id)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
if (await certificateGroup.CreateIssuerCACertificateAsync().ConfigureAwait(false))
{
return(certificateGroup.Certificate);
}
return(null);
}
/// <inheritdoc/>
public async Task <(X509Certificate2Collection, string)> GetIssuerCACertificateVersionsAsync(string id, bool?withCertificates, string nextPageLink, int?pageSize)
{
// TODO: implement withCertificates
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
X509Certificate2Collection result = new X509Certificate2Collection();
(result, nextPageLink) = await _keyVaultServiceClient.GetCertificateVersionsAsync(id, null, nextPageLink, pageSize);
return(result, nextPageLink);
}
/// <inheritdoc/>
public async Task <IList <X509CRL> > GetIssuerCACrlChainAsync(string id, string thumbPrint = null, string nextPageLink = null, int?pageSize = null)
{
// TODO: implement paging (low priority, only when long chains are expected)
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
var crlList = new List <Opc.Ua.X509CRL>
{
await certificateGroup.GetIssuerCACrlAsync(id, thumbPrint).ConfigureAwait(false)
};
return(crlList);
}
/// <inheritdoc/>
public async Task <X509Certificate2> SigningRequestAsync(
string id,
string applicationUri,
byte[] certificateRequest
)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
var app = new Opc.Ua.Gds.ApplicationRecordDataType
{
ApplicationNames = new Opc.Ua.LocalizedTextCollection(),
ApplicationUri = applicationUri
};
return(await certificateGroup.SigningRequestAsync(app, null, certificateRequest).ConfigureAwait(false));
}
/// <inheritdoc/>
public async Task <Opc.Ua.Gds.Server.X509Certificate2KeyPair> NewKeyPairRequestAsync(
string id,
string requestId,
string applicationUri,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword
)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
var app = new Opc.Ua.Gds.ApplicationRecordDataType
{
ApplicationNames = new Opc.Ua.LocalizedTextCollection(),
ApplicationUri = applicationUri
};
var keyPair = await certificateGroup.NewKeyPairRequestAsync(app, subjectName, domainNames, privateKeyFormat, privateKeyPassword).ConfigureAwait(false);
await certificateGroup.ImportCertKeySecret(id, requestId, keyPair.PrivateKey, keyPair.PrivateKeyFormat);
return(keyPair);
}
/// <inheritdoc/>
public async Task DeletePrivateKeyAsync(string id, string requestId)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
await certificateGroup.DeleteCertKeySecret(id, requestId);
}
/// <inheritdoc/>
public async Task <byte[]> LoadPrivateKeyAsync(string id, string requestId, string privateKeyFormat)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
return(await certificateGroup.LoadCertKeySecret(id, requestId, privateKeyFormat));
}
/// <inheritdoc/>
public async Task <X509Certificate2Collection> RevokeCertificatesAsync(string id, X509Certificate2Collection certificates)
{
var certificateGroup = await KeyVaultCertificateGroupProvider.Create(_keyVaultServiceClient, id, _serviceHost).ConfigureAwait(false);
return(await certificateGroup.RevokeCertificatesAsync(certificates).ConfigureAwait(false));
}
/// <inheritdoc/>
public async Task <CertificateGroupConfigurationModel> CreateCertificateGroupConfiguration(string id, string subject, string certType)
{
return(await KeyVaultCertificateGroupProvider.CreateCertificateGroupConfiguration(_keyVaultServiceClient, id, subject, certType).ConfigureAwait(false));
}
/// <inheritdoc/>
public async Task <CertificateGroupConfigurationModel> UpdateCertificateGroupConfiguration(string id, CertificateGroupConfigurationModel config)
{
return(await KeyVaultCertificateGroupProvider.UpdateCertificateGroupConfiguration(_keyVaultServiceClient, id, config).ConfigureAwait(false));
}
/// <inheritdoc/>
public async Task <string[]> GetCertificateGroupIds()
{
return(await KeyVaultCertificateGroupProvider.GetCertificateGroupIds(_keyVaultServiceClient).ConfigureAwait(false));
}
