C# (CSharp) StsServerIdentity.Services.Certificate KeyVaultCertificateService Examples

Example #1

        public static (X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate) GetCertificates(CertificateConfiguration certificateConfiguration)
        {
            (X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null);

            if (certificateConfiguration.UseLocalCertStore)
            {
                using X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                store.Open(OpenFlags.ReadOnly);
                var storeCerts = store.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.CertificateThumbprint, false);
                certs.ActiveCertificate = storeCerts[0];
                store.Close();
            }
            else
            {
                if (!string.IsNullOrEmpty(certificateConfiguration.KeyVaultEndpoint))
                {
                    var keyVaultCertificateService = new KeyVaultCertificateService(
                        certificateConfiguration.KeyVaultEndpoint,
                        certificateConfiguration.CertificateNameKeyVault);

                    certs = keyVaultCertificateService.GetCertificatesFromKeyVault().GetAwaiter().GetResult();
                }
            }

            // search for local PFX with password, usually local dev
            if (certs.ActiveCertificate == null)
            {
                certs.ActiveCertificate = new X509Certificate2(
                    certificateConfiguration.DevelopmentCertificatePfx,
                    certificateConfiguration.DevelopmentCertificatePassword);
            }

            return(certs);
        }

Example #2

        public static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(CertificateConfiguration certificateConfiguration)
        {
            (X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null);

            if (certificateConfiguration.UseLocalCertStore)
            {
                using X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                store.Open(OpenFlags.ReadOnly);
                var storeCerts = store.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.CertificateThumbprint, false);
                certs.ActiveCertificate = storeCerts[0];
                store.Close();
            }
            else
            {
                if (!string.IsNullOrEmpty(certificateConfiguration.KeyVaultEndpoint))
                {
                    var credential = new DefaultAzureCredential();
                    var keyVaultCertificateService = new KeyVaultCertificateService(
                        certificateConfiguration.KeyVaultEndpoint,
                        certificateConfiguration.CertificateNameKeyVault);

                    var secretClient = new SecretClient(
                        vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint),
                        credential);

                    var certificateClient = new CertificateClient(
                        vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint),
                        credential);

                    certs = await keyVaultCertificateService.GetCertificatesFromKeyVault(secretClient, certificateClient).ConfigureAwait(false);
                }
            }

            // search for local PFX with password, usually local dev
            if (certs.ActiveCertificate == null)
            {
                certs.ActiveCertificate = new X509Certificate2(
                    certificateConfiguration.DevelopmentCertificatePfx,
                    certificateConfiguration.DevelopmentCertificatePassword);
            }

            return(certs);
        }