public async Task SaveCertificateAsync(string orderUrl, X509Certificate certificate)
        {
            FileSystemCertCollectionFormat collectionFormat = await GetFileSystemCertCollectionFormat();

            if (collectionFormat.Certs.Count > 64)
            {
                _logger.LogInformation("Too many saved certs, culling old records");
                IEnumerable <KeyValuePair <string, FileSystemCertFormat> > oldRecords =
                    collectionFormat.Certs.ToArray().OrderBy(i => i.Value.NotAfter).Take(32);
                foreach (var oldRecord in oldRecords)
                {
                    _logger.LogInformation($"Remove cert {oldRecord.Key}");
                    collectionFormat.Certs.Remove(oldRecord.Key);
                }
            }

            byte[] serialized    = _certCodec.Encode(certificate);
            string serializedStr = Convert.ToBase64String(serialized);

            collectionFormat.Certs[orderUrl] = new FileSystemCertFormat
            {
                NotAfter  = new DateTimeOffset(certificate.NotAfter).ToUnixTimeMilliseconds(),
                NotBefore = new DateTimeOffset(certificate.NotBefore).ToUnixTimeMilliseconds(),
                Val       = serializedStr
            };
            await SaveFileSystemCertCollectionFormat(collectionFormat);
        }
        public async Task <X509Certificate2> GetActiveCertificateAsync(long fromTimeStamp, long toTimeStamp)
        {
            if (toTimeStamp < fromTimeStamp)
            {
                throw new ArgumentOutOfRangeException(
                          $"Invalid time range. FromTimeStamp {fromTimeStamp}, ToTimeStamp {toTimeStamp}");
            }

            FileSystemPrivateKeyFormat     keyFormat       = null;
            FileSystemCertFormat           certFormat      = null;
            FileSystemCertCollectionFormat certsCollection = await GetFileSystemCertCollectionFormat();

            FileSystemKeysCollectionFormat keysCollection = await GetFileSystemKeyCollectionFormat();

            foreach (KeyValuePair <string, FileSystemCertFormat> keyValuePair in certsCollection.Certs)
            {
                string orderUrl = keyValuePair.Key;
                if (keysCollection.Keys.TryGetValue(orderUrl, out FileSystemPrivateKeyFormat currentPrivateKey))
                {
                    FileSystemCertFormat currentCert = keyValuePair.Value;
                    if (currentCert.NotAfter > fromTimeStamp && currentCert.NotBefore <= toTimeStamp)
                    {
                        if (certFormat == null || certFormat.NotAfter < currentCert.NotAfter)
                        {
                            certFormat = currentCert;
                            keyFormat  = currentPrivateKey;
                        }
                    }
                }
            }

            if (certFormat == null)
            {
                return(null);
            }

            byte[]          certBytes   = Convert.FromBase64String(certFormat.Val);
            X509Certificate certificate = _certCodec.Decode(certBytes);

            byte[]         privateKeyBytes = Convert.FromBase64String(keyFormat.Val);
            CertPrivateKey privateKey      = _privateKeyCodec.Decode(privateKeyBytes);

            return(CertHelper.ToX509Certificate2(privateKey, certificate));
        }
        private Task SaveFileSystemCertCollectionFormat(FileSystemCertCollectionFormat fileSystemCertCollectionFormat)
        {
            string json = JsonSerializer.Serialize(fileSystemCertCollectionFormat);

            return(_fileSystem.WriteStringAsync("certs.json", json));
        }