public async Task SaveCertificateAsync(string orderUrl, X509Certificate certificate)
{
FileSystemCertCollectionFormat collectionFormat = await GetFileSystemCertCollectionFormat();
if (collectionFormat.Certs.Count > 64)
{
_logger.LogInformation("Too many saved certs, culling old records");
IEnumerable <KeyValuePair <string, FileSystemCertFormat> > oldRecords =
collectionFormat.Certs.ToArray().OrderBy(i => i.Value.NotAfter).Take(32);
foreach (var oldRecord in oldRecords)
{
_logger.LogInformation($"Remove cert {oldRecord.Key}");
collectionFormat.Certs.Remove(oldRecord.Key);
}
}
byte[] serialized = _certCodec.Encode(certificate);
string serializedStr = Convert.ToBase64String(serialized);
collectionFormat.Certs[orderUrl] = new FileSystemCertFormat
{
NotAfter = new DateTimeOffset(certificate.NotAfter).ToUnixTimeMilliseconds(),
NotBefore = new DateTimeOffset(certificate.NotBefore).ToUnixTimeMilliseconds(),
Val = serializedStr
};
await SaveFileSystemCertCollectionFormat(collectionFormat);
}
public async Task <X509Certificate2> GetActiveCertificateAsync(long fromTimeStamp, long toTimeStamp)
{
if (toTimeStamp < fromTimeStamp)
{
throw new ArgumentOutOfRangeException(
$"Invalid time range. FromTimeStamp {fromTimeStamp}, ToTimeStamp {toTimeStamp}");
}
FileSystemPrivateKeyFormat keyFormat = null;
FileSystemCertFormat certFormat = null;
FileSystemCertCollectionFormat certsCollection = await GetFileSystemCertCollectionFormat();
FileSystemKeysCollectionFormat keysCollection = await GetFileSystemKeyCollectionFormat();
foreach (KeyValuePair <string, FileSystemCertFormat> keyValuePair in certsCollection.Certs)
{
string orderUrl = keyValuePair.Key;
if (keysCollection.Keys.TryGetValue(orderUrl, out FileSystemPrivateKeyFormat currentPrivateKey))
{
FileSystemCertFormat currentCert = keyValuePair.Value;
if (currentCert.NotAfter > fromTimeStamp && currentCert.NotBefore <= toTimeStamp)
{
if (certFormat == null || certFormat.NotAfter < currentCert.NotAfter)
{
certFormat = currentCert;
keyFormat = currentPrivateKey;
}
}
}
}
if (certFormat == null)
{
return(null);
}
byte[] certBytes = Convert.FromBase64String(certFormat.Val);
X509Certificate certificate = _certCodec.Decode(certBytes);
byte[] privateKeyBytes = Convert.FromBase64String(keyFormat.Val);
CertPrivateKey privateKey = _privateKeyCodec.Decode(privateKeyBytes);
return(CertHelper.ToX509Certificate2(privateKey, certificate));
}
private Task SaveFileSystemCertCollectionFormat(FileSystemCertCollectionFormat fileSystemCertCollectionFormat)
{
string json = JsonSerializer.Serialize(fileSystemCertCollectionFormat);
return(_fileSystem.WriteStringAsync("certs.json", json));
}