public async Task SavePrivateKeyAsync(string orderUrl, AsymmetricCipherKeyPair privateKey, long expires)
{
FileSystemKeysCollectionFormat keysFormat = await GetFileSystemKeyCollectionFormat();
if (keysFormat.Keys.Count > 64)
{
_logger.LogInformation("Too many saved private keys, culling old records");
IEnumerable <KeyValuePair <string, FileSystemPrivateKeyFormat> > oldRecords =
keysFormat.Keys.ToArray().OrderBy(i => i.Value.Expires).Take(32);
foreach (KeyValuePair <string, FileSystemPrivateKeyFormat> oldRecord in oldRecords)
{
_logger.LogInformation($"Remove private key {oldRecord.Key}");
keysFormat.Keys.Remove(oldRecord.Key);
}
}
byte[] serialized = _privateKeyCodec.Encode(new CertPrivateKey
{
KeyPair = privateKey
});
string serializedStr = Convert.ToBase64String(serialized);
keysFormat.Keys[orderUrl] = new FileSystemPrivateKeyFormat()
{
Expires = expires,
Val = serializedStr
};
await SaveFileSystemKeyCollectionFormat(keysFormat);
}
public async Task <X509Certificate2> GetActiveCertificateAsync(long fromTimeStamp, long toTimeStamp)
{
if (toTimeStamp < fromTimeStamp)
{
throw new ArgumentOutOfRangeException(
$"Invalid time range. FromTimeStamp {fromTimeStamp}, ToTimeStamp {toTimeStamp}");
}
FileSystemPrivateKeyFormat keyFormat = null;
FileSystemCertFormat certFormat = null;
FileSystemCertCollectionFormat certsCollection = await GetFileSystemCertCollectionFormat();
FileSystemKeysCollectionFormat keysCollection = await GetFileSystemKeyCollectionFormat();
foreach (KeyValuePair <string, FileSystemCertFormat> keyValuePair in certsCollection.Certs)
{
string orderUrl = keyValuePair.Key;
if (keysCollection.Keys.TryGetValue(orderUrl, out FileSystemPrivateKeyFormat currentPrivateKey))
{
FileSystemCertFormat currentCert = keyValuePair.Value;
if (currentCert.NotAfter > fromTimeStamp && currentCert.NotBefore <= toTimeStamp)
{
if (certFormat == null || certFormat.NotAfter < currentCert.NotAfter)
{
certFormat = currentCert;
keyFormat = currentPrivateKey;
}
}
}
}
if (certFormat == null)
{
return(null);
}
byte[] certBytes = Convert.FromBase64String(certFormat.Val);
X509Certificate certificate = _certCodec.Decode(certBytes);
byte[] privateKeyBytes = Convert.FromBase64String(keyFormat.Val);
CertPrivateKey privateKey = _privateKeyCodec.Decode(privateKeyBytes);
return(CertHelper.ToX509Certificate2(privateKey, certificate));
}
private Task SaveFileSystemKeyCollectionFormat(FileSystemKeysCollectionFormat fileSystemCertCollectionFormat)
{
string json = JsonSerializer.Serialize(fileSystemCertCollectionFormat);
return(_fileSystem.WriteStringAsync("keys.json", json));
}
