private void CheckPEMWriter(X509Certificate2 certificate, string password = null) { PEMWriter.ExportCertificateAsPEM(certificate); if (certificate.HasPrivateKey) { PEMWriter.ExportPrivateKeyAsPEM(certificate, password); PEMWriter.ExportECDsaPrivateKeyAsPEM(certificate); } }
public void UpdateCertificateSelfSigned(string keyFormat) { ConnectPushClient(true); var keyFormats = _pushClient.PushClient.GetSupportedKeyFormats(); if (!keyFormats.Contains(keyFormat)) { Assert.Ignore("Push server doesn't support {0} key update", keyFormat); } X509Certificate2 newCert = CertificateFactory.CreateCertificate( null, null, null, _applicationRecord.ApplicationUri, _applicationRecord.ApplicationNames[0].Text, _selfSignedServerCert.Subject, null, CertificateFactory.DefaultKeySize, DateTime.UtcNow, CertificateFactory.DefaultLifeTime, CertificateFactory.DefaultHashSize); byte[] privateKey = null; if (keyFormat == "PFX") { Assert.IsTrue(newCert.HasPrivateKey); privateKey = newCert.Export(X509ContentType.Pfx); } else if (keyFormat == "PEM") { Assert.IsTrue(newCert.HasPrivateKey); privateKey = PEMWriter.ExportPrivateKeyAsPEM(newCert); } else { Assert.Fail("Testing unsupported key format {0}.", keyFormat); } var success = _pushClient.PushClient.UpdateCertificate( _pushClient.PushClient.DefaultApplicationGroup, _pushClient.PushClient.ApplicationCertificateType, newCert.RawData, keyFormat, privateKey, null); if (success) { _pushClient.PushClient.ApplyChanges(); } VerifyNewPushServerCert(newCert.RawData); }
public void VerifyPemWriterPrivateKeys() { // all app certs are trusted foreach (var appCert in m_appSelfSignedCerts) { var pemDataBlob = PEMWriter.ExportPrivateKeyAsPEM(appCert); var pemString = Encoding.UTF8.GetString(pemDataBlob); TestContext.Out.WriteLine(pemString); CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert.RawData), pemDataBlob); // note: password is ignored var newCert = CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert.RawData), pemDataBlob, "password"); X509Utils.VerifyRSAKeyPair(newCert, newCert, true); } }
private void CheckPEMWriter(X509Certificate2 certificate, string password = null) { PEMWriter.ExportCertificateAsPEM(certificate); if (certificate.HasPrivateKey) { #if NETFRAMEWORK || NETCOREAPP2_1 // The implementation based on bouncy castle has no support to export with password password = null; #endif PEMWriter.ExportPrivateKeyAsPEM(certificate, password); #if NETCOREAPP3_1_OR_GREATER PEMWriter.ExportRSAPrivateKeyAsPEM(certificate); #endif } }
public void VerifyPemWriterPasswordPrivateKeys() { // all app certs are trusted foreach (var appCert in m_appSelfSignedCerts) { var password = Guid.NewGuid().ToString().Substring(0, 8); TestContext.Out.WriteLine("Password: {0}", password); var pemDataBlob = PEMWriter.ExportPrivateKeyAsPEM(appCert, password); var pemString = Encoding.UTF8.GetString(pemDataBlob); TestContext.Out.WriteLine(pemString); var newCert = CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert), pemDataBlob, password); var exception = Assert.Throws <CryptographicException>(() => { CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert), pemDataBlob); }); X509Utils.VerifyRSAKeyPair(newCert, newCert, true); } }
/// <summary> /// Create a certificate with a new key pair signed by the CA of the cert group. /// </summary> /// <param name="application">The application record.</param> /// <param name="subjectName">The subject of the certificate.</param> /// <param name="domainNames">The domain names for the subject alt name extension.</param> /// <param name="privateKeyFormat">The private key format as PFX or PEM.</param> /// <param name="privateKeyPassword">A password for the private key.</param> public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { if (application == null) { throw new ArgumentNullException(nameof(application)); } if (application.ApplicationUri == null) { throw new ArgumentNullException(nameof(application.ApplicationUri)); } if (application.ApplicationNames == null) { throw new ArgumentNullException(nameof(application.ApplicationNames)); } using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false)) using (var certificate = CertificateFactory.CreateCertificate( application.ApplicationUri, application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames) .SetIssuer(signingKey) .CreateForRSA()) { byte[] privateKey; if (privateKeyFormat == "PFX") { privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat == "PEM") { privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate, privateKeyPassword); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey)); } }
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync( ApplicationRecordDataType application, string subjectName, string[] domainNames, string privateKeyFormat, string privateKeyPassword) { using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty)) using (var certificate = CertificateFactory.CreateCertificate( null, null, null, application.ApplicationUri ?? "urn:ApplicationURI", application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName", subjectName, domainNames, Configuration.DefaultCertificateKeySize, DateTime.UtcNow.AddDays(-1), Configuration.DefaultCertificateLifetime, Configuration.DefaultCertificateHashSize, false, signingKey, null)) { byte[] privateKey; if (privateKeyFormat == "PFX") { privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword); } else if (privateKeyFormat == "PEM") { privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate); } else { throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format"); } return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey)); } }
public void ExportPrivateKeyAsPEM() { _ = PEMWriter.ExportPrivateKeyAsPEM(m_certificate); }