internal TLSIdentity ImportTLSIdentityFromPkc12(string label)
{
using (_store = new X509Store(StoreName.My)) {
// Check if identity exists, use the id if it is.
var id = TLSIdentity.GetIdentity(_store, label, null);
if (id != null)
{
return(id);
}
try {
byte[] data = null;
using (var stream = ResourceLoader.GetEmbeddedResourceStream(typeof(ListenerViewModel).GetTypeInfo().Assembly, $"{ListenerCertKeyP12File}.p12")) {
using (var reader = new BinaryReader(stream)) {
data = reader.ReadBytes((int)stream.Length);
}
}
id = TLSIdentity.ImportIdentity(_store, data, ListenerCertKeyExportPassword, label, null);
} catch (Exception ex) {
Debug.WriteLine($"Error while loading self signed cert : {ex}");
}
return(id);
}
}
public void TestListenerWithImportIdentity()
{
byte[] serverData = null;
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client.p12"))
using (var reader = new BinaryReader(stream)) {
serverData = reader.ReadBytes((int)stream.Length);
}
// Cleanup
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
// Import identity
var id = TLSIdentity.ImportIdentity(_store, serverData, "123", ServerCertLabel, null);
// Create listener and start
var config = CreateListenerConfig(true, true, null, id);
_listener = Listen(config);
_listener.TlsIdentity.Should().NotBeNull();
using (var doc1 = new MutableDocument("doc1")) {
doc1.SetString("name", "Sam");
Db.Save(doc1);
}
OtherDb.Count.Should().Be(0);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
null, //authenticator
false, //accept only self signed server cert
_listener.TlsIdentity.Certs[0], //server cert
0,
0
);
OtherDb.Count.Should().Be(1);
_listener.Stop();
}
public void TestImportIdentity()
{
TLSIdentity id;
byte[] data = null;
using (var stream = typeof(TLSIdentityTest).GetTypeInfo().Assembly.GetManifestResourceStream("certs.p12"))
using (var reader = new BinaryReader(stream)) {
data = reader.ReadBytes((int)stream.Length);
}
// Import
id = TLSIdentity.ImportIdentity(_store, data, "123", ServerCertLabel, null);
id.Should().NotBeNull();
id.Certs.Count.Should().Be(2);
ValidateCertsInStore(id.Certs, _store).Should().BeTrue();
// Get
id = TLSIdentity.GetIdentity(_store, ServerCertLabel, null);
id.Should().NotBeNull();
}
public void TestClientCertAuthenticatorRootCerts()
{
byte[] caData, clientData;
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client-ca.der"))
using (var reader = new BinaryReader(stream)) {
caData = reader.ReadBytes((int)stream.Length);
}
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client.p12"))
using (var reader = new BinaryReader(stream)) {
clientData = reader.ReadBytes((int)stream.Length);
}
var rootCert = new X509Certificate2(caData);
var auth = new ListenerCertificateAuthenticator(new X509Certificate2Collection(rootCert));
_listener = CreateListener(true, true, auth);
var serverCert = _listener.TlsIdentity.Certs[0];
// Cleanup
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
// Create client identity
var id = TLSIdentity.ImportIdentity(_store, clientData, "123", ClientCertLabel, null);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
new ClientCertificateAuthenticator(id),
true,
serverCert,
0,
0
);
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
_listener.Stop();
}