public void Install(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain,
IPkiTool cp)
{
AssertNotDisposed();
string pkPem;
using (var ms = new MemoryStream())
{
cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
pkPem = Encoding.UTF8.GetString(ms.ToArray());
}
string crtPem;
using (var ms = new MemoryStream())
{
cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
crtPem = Encoding.UTF8.GetString(ms.ToArray());
}
string chainPem = null;
if (chain != null)
{
using (var ms = new MemoryStream())
{
foreach (var c in chain)
{
cp.ExportCertificate(c, EncodingFormat.PEM, ms);
}
chainPem = Encoding.UTF8.GetString(ms.ToArray());
}
}
using (var client = new AmazonIdentityManagementServiceClient(
CommonParams.ResolveCredentials(),
CommonParams.RegionEndpoint))
{
var iamRequ = new UploadServerCertificateRequest
{
PrivateKey = pkPem,
CertificateBody = crtPem,
CertificateChain = chainPem,
ServerCertificateName = this.ServerCertificateName,
Path = this.Path
};
var iamResp = client.UploadServerCertificate(iamRequ);
// TODO: any checks we should do?
}
}
public void Install(PrivateKey pk, Crt crt, IEnumerable<PKI.Crt> chain,
IPkiTool cp)
{
AssertNotDisposed();
string pkPem;
using (var ms = new MemoryStream())
{
cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
pkPem = Encoding.UTF8.GetString(ms.ToArray());
}
string crtPem;
using (var ms = new MemoryStream())
{
cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
crtPem = Encoding.UTF8.GetString(ms.ToArray());
}
string chainPem = null;
if (chain != null)
{
using (var ms = new MemoryStream())
{
foreach (var c in chain)
{
cp.ExportCertificate(c, EncodingFormat.PEM, ms);
}
chainPem = Encoding.UTF8.GetString(ms.ToArray());
}
}
using (var client = new AmazonIdentityManagementServiceClient(
CommonParams.ResolveCredentials(),
CommonParams.RegionEndpoint))
{
var iamRequ = new UploadServerCertificateRequest
{
PrivateKey = pkPem,
CertificateBody = crtPem,
CertificateChain = chainPem,
ServerCertificateName = this.ServerCertificateName,
Path = this.Path
};
var iamResp = client.UploadServerCertificate(iamRequ);
// TODO: any checks we should do?
}
}
private string GetIssuerCertificate(CertificateRequest certificate, IPkiTool cp,
string certificateFolder, TargetApplication targetApplication)
{
var linksEnum = certificate.Links;
if (linksEnum == null)
{
return(null);
}
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink == null)
{
return(null);
}
var temporaryFileName = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var acmeServerBaseUri = _configuration.GetAcmeServerBaseUri(targetApplication);
var uri = new Uri(acmeServerBaseUri, upLink.Uri);
web.DownloadFile(uri, temporaryFileName);
}
var cacert = new X509Certificate2(temporaryFileName);
var sernum = cacert.GetSerialNumberString();
var cacertDerFile = Path.Combine(certificateFolder, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(certificateFolder, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
{
File.Copy(temporaryFileName, cacertDerFile, true);
}
_logger.Information("Saving issuer certificate to {cacertPemFile}", cacertPemFile);
if (File.Exists(cacertPemFile))
{
return(cacertPemFile);
}
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
return(cacertPemFile);
}
finally
{
if (File.Exists(temporaryFileName))
{
File.Delete(temporaryFileName);
}
}
}