/// <inheritdoc />
public CertificateResponse GenerateSelfSignedCertificate(APICertificateRequest request)
{
//var certificate = CreateCertificate(request, true);
AsymmetricKeyParameter myCAprivateKey = null;
CertificateResponse response;
_logger.LogDebug("Create CA Certificate for EIDAS Certificate request");
using (X509Certificate2 certificateAuthorityCertificate = CreateCertificateAuthorityCertificate($"CN={request.CommonName}CA", ref myCAprivateKey))
{
_logger.LogDebug("Creating certificate based on CA");
//X509Certificate2 certificate = CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey("CN=" + certSubjectName, "CN=" + certSubjectName + "CA", myCAprivateKey);
AsymmetricKeyParameter myPrivateKey = null;
using (X509Certificate2 certificate = CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey(request, myCAprivateKey, ref myPrivateKey))
{
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(myPrivateKey);
pemWriter.Writer.Flush();
string privateKey = textWriter.ToString();
response = new CertificateResponse()
{
EncodedCert = GetCertificateAsString(certificate), PrivateKey = privateKey
};
}
}
return(response);
}
private async Task <CertificateResponse> FlagServerAsync(CertificateResponse certificateResponse)
{
try
{
certificateResponse.remoteCreateDate = DateTime.UtcNow;
if (!string.IsNullOrEmpty(certificateResponse?.remoteCreate))
{
certificateResponse.remoteCreate = $"{certificateResponse.remoteCreate},{_certificateBotOptions.Value.serverIdentifier}";
}
else
{
certificateResponse.remoteCreate = _certificateBotOptions.Value.serverIdentifier;
}
CertificateResponse updatedCert = await _certificateService
.PostCertificateAsync(certificateResponse);
return(updatedCert);
}
catch (Exception ex)
{
throw new Exception($"Could not flag server for locally saved certificate, {ex.Message}");
}
}
private void SetIotDpsCertificate()
{
string certificate = string.Empty;
FileInfo fileInfo = new FileInfo(this.Path);
switch (fileInfo.Extension.ToLower(CultureInfo.InvariantCulture))
{
case ".cer":
var certificateByteContent = AzureSession.Instance.DataStore.ReadFileAsBytes(this.Path);
certificate = Convert.ToBase64String(certificateByteContent);
break;
case ".pem":
certificate = AzureSession.Instance.DataStore.ReadFileAsText(this.Path);
break;
default:
certificate = this.Path;
break;
}
certificate = Encoding.UTF8.GetString(Encoding.UTF8.GetBytes(certificate));
VerificationCodeRequest verificationCodeRequest = new VerificationCodeRequest();
verificationCodeRequest.Certificate = certificate;
CertificateResponse certificateResponse = this.IotDpsClient.DpsCertificate.VerifyCertificate(this.CertificateName, this.Etag, verificationCodeRequest, this.ResourceGroupName, this.Name);
this.WriteObject(IotDpsUtils.ToPSCertificateResponse(certificateResponse));
}
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message) where TResult : class
{
Verbose($"{method} {uri} {message?.GetType()}");
var nonceHeader = new AcmeHeader {
Nonce = nonce
};
Verbose($"sending nonce {nonce}");
HttpContent content = null;
if (message != null)
{
var encodedMessage = jws.Encode(message, nonceHeader);
var json = JsonConvert.SerializeObject(encodedMessage, new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore, Formatting = Formatting.Indented
});
content = new StringContent(json, Encoding.UTF8, "application/json");
}
var request = new HttpRequestMessage(method, uri)
{
Content = content
};
var response = await client.SendAsync(request).ConfigureAwait(false);
Verbose($"response status: {(int)response.StatusCode} {response.ReasonPhrase}");
RememberNonce(response);
if (response.Content.Headers.ContentType.MediaType == "application/problem+json")
{
var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var problem = JsonConvert.DeserializeObject <Problem>(problemJson);
Verbose($"error response from server: {problem.Type}: {problem.Detail}");
throw new AcmeException(problem, response);
}
if (typeof(TResult) == typeof(CertificateResponse) && response.Content.Headers.ContentType.MediaType == "application/pkix-cert")
{
var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false);
var certificateResponse = new CertificateResponse()
{
Certificate = certificateBytes
};
GetHeaderValues(response, certificateResponse);
return(certificateResponse as TResult);
}
var responseContent = await response.Content.ReadAsAsync <TResult>().ConfigureAwait(false);
GetHeaderValues(response, responseContent);
return(responseContent);
}
public async Task CreateAndDelete()
{
using MockContext context = MockContext.Start(GetType());
Initialize(context);
var testName = "unitTestingDPSCertificatesCreateAndDelete";
ResourceGroup rg = await GetResourceGroupAsync(testName).ConfigureAwait(false);
ProvisioningServiceDescription service = await GetServiceAsync(testName, rg.Name).ConfigureAwait(false);
//add a cert
await _provisioningClient.DpsCertificate
.CreateOrUpdateAsync(
rg.Name,
testName,
Constants.Certificate.Name,
null,
Constants.Certificate.Content)
.ConfigureAwait(false);
CertificateListDescription certificateList = await _provisioningClient.DpsCertificate
.ListAsync(rg.Name, testName)
.ConfigureAwait(false);
certificateList.Value.Should().Contain(x => x.Name == Constants.Certificate.Name);
// verify certificate details
CertificateResponse certificateDetails = certificateList.Value.FirstOrDefault(x => x.Name == Constants.Certificate.Name);
certificateDetails.Should().NotBeNull();
certificateDetails.Properties.Subject.Should().Be(Constants.Certificate.Subject);
certificateDetails.Properties.Thumbprint.Should().Be(Constants.Certificate.Thumbprint);
// can get a verification code
VerificationCodeResponse verificationCodeResponse = await _provisioningClient.DpsCertificate
.GenerateVerificationCodeAsync(
certificateDetails.Name,
certificateDetails.Etag,
rg.Name,
service.Name)
.ConfigureAwait(false);
verificationCodeResponse.Properties.Should().NotBeNull();
verificationCodeResponse.Properties.VerificationCode.Should().NotBeNullOrEmpty();
// delete certificate
await _provisioningClient.DpsCertificate
.DeleteAsync(
rg.Name,
verificationCodeResponse.Etag,
service.Name,
Constants.Certificate.Name)
.ConfigureAwait(false);
certificateList = await _provisioningClient.DpsCertificate
.ListAsync(rg.Name, testName)
.ConfigureAwait(false);
certificateList.Value.Should().NotContain(x => x.Name == Constants.Certificate.Name);
}
private static string SaveCertificateReturnedByServer(string domain, CertificateResponse response)
{
var certificatePath = Path.Combine(Environment.CurrentDirectory, $"{domain}.cer");
Info($"saving certificate returned by ACME server to {certificatePath}");
File.WriteAllBytes(certificatePath, response.Certificate);
return(certificatePath);
}
public async Task GetServerCertificatesFromEdgeletShouldReturnCert()
{
var workloadClient = new WorkloadClient(this.serverUri, WorkloadApiVersion, ModuleId, ModulegenerationId);
CertificateResponse response = await workloadClient.CreateServerCertificateAsync("hostname", DateTime.UtcNow.AddDays(1));
Assert.Equal(new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem)), new X509Certificate2(Encoding.UTF8.GetBytes(response.Certificate)));
Assert.Equal(TestCertificateHelper.PrivateKeyPem, response.PrivateKey.Bytes);
}
private string SaveCertificateReturnedByServer(string domain, CertificateResponse response)
{
var certificatePath = Path.Combine(this.options.StoreDirectory, $"{domain}.cer");
Log.Info($"saving certificate returned by ACME server to {certificatePath}");
File.WriteAllBytes(certificatePath, response.Certificate);
return(certificatePath);
}
public void ParseCertificatesResponseInvalidCertificateShouldThrow()
{
var response = new CertificateResponse()
{
Certificate = "InvalidCert",
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req)
{
string name = req.Query["name"];
CertificateResponse certificateResponse = await _certificateService
.GetCertificateAsync(name);
return(new OkObjectResult(certificateResponse));
}
ActionResult IDriver.CertDownload(string thumb)
{
CertificateResponse response = service.GetCertificate(thumb, Guid.Empty, token);
return(new WebDavDownloadFileResult(new DirInfo()
{
ContentLenght = response.CertificateFileBytes.Length,
DisplayName = thumb + ".cer"
}, response.CertificateFileBytes, true));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req)
{
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
CertificateResponse data = JsonConvert.DeserializeObject <CertificateResponse>(requestBody);
CertificateResponse certificateResponse = await _certificateService.
PostCertificateAsync(data);
return(new OkObjectResult(certificateResponse));
}
private async Task <CertificateResponse> PostCertificateAsync()
{
CertificateResponse certificateResponse = new CertificateResponse
{
id = 123,
name = "contoso.com",
remoteCreateDate = DateTime.Now
};
return(await _certificateService.PostCertificateAsync(certificateResponse));
}
public static async Task <(X509Certificate2 ServerCertificate, IEnumerable <X509Certificate2> CertificateChain)> GetServerCertificatesFromEdgelet(Uri workloadUri, string workloadApiVersion, string moduleId, string moduleGenerationId, string edgeHubHostname, DateTime expiration)
{
if (string.IsNullOrEmpty(edgeHubHostname))
{
throw new InvalidOperationException($"{nameof(edgeHubHostname)} is required.");
}
CertificateResponse response = await new WorkloadClient(workloadUri, workloadApiVersion, moduleId, moduleGenerationId).CreateServerCertificateAsync(edgeHubHostname, expiration);
return(ParseCertificateResponse(response));
}
public ActionResult GetCertificatesInfo(List <string> thumbprints, Guid?userId)
{
Guid token = CheckSessionAuthState(CurrentUser, _authService);
if (token == Guid.Empty)
{
return(Json(new { Status = "logoff" }, JsonRequestBehavior.AllowGet));
}
var certificates = new List <CertificateInfoContactAdd>();
foreach (string thumbprint in thumbprints)
{
CertificateResponse response = _cryptxService.GetCertificate(thumbprint,
(userId == null ? Guid.Empty : (Guid)userId), token);
CertificateInfo certificateInfo = response.Certificate;
var curCert = new CertificateInfoContactAdd();
curCert.IsMyCert = certificateInfo.MyCertificate != null;
if (certificateInfo.RecipientCertificate != null &&
certificateInfo.RecipientCertificate.FriendlyName != null)
{
curCert.FriendlyName = certificateInfo.RecipientCertificate.FriendlyName;
}
curCert.CertificateId = certificateInfo.CertificateId;
curCert.SubjectName = certificateInfo.SubjectName;
curCert.IssureName = certificateInfo.IssureName;
curCert.Thumbprint = certificateInfo.Thumbprint;
curCert.Organization = certificateInfo.Organization;
curCert.IsTest = certificateInfo.IsTest;
if (DateTime.Now < certificateInfo.NotBefore)
{
curCert.TimeMessage = "Недействителен до " +
certificateInfo.NotBefore.Date.ToShortDateString().Replace("/", ".");
}
if (DateTime.Now > certificateInfo.NotBefore && DateTime.Now < certificateInfo.NotAfter)
{
curCert.TimeMessage = "Действителен до " +
certificateInfo.NotAfter.Date.ToShortDateString().Replace("/", ".");
}
else
{
curCert.TimeMessage = "Недействителен с " +
certificateInfo.NotAfter.Date.ToShortDateString().Replace("/", ".");
}
certificates.Add(curCert);
}
return(Json(new { Status = "ok", certificates }, JsonRequestBehavior.AllowGet));
}
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message, CancellationToken token) where TResult : class
{
var nonceHeader = new AcmeHeader
{
Nonce = _nonce
};
var request = new HttpRequestMessage(method, uri);
if (message != null)
{
var encodedMessage = _jws.Encode(message, nonceHeader);
var json = JsonConvert.SerializeObject(encodedMessage, jsonSettings);
request.Content = new StringContent(json, Encoding.UTF8, "application/json");
}
var response = await _client.SendAsync(request, token).ConfigureAwait(false);
RememberNonce(response);
if (response.Content.Headers.ContentType.MediaType == "application/problem+json")
{
var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var problem = JsonConvert.DeserializeObject <Problem>(problemJson);
throw new AcmeException(problem, response);
}
if (typeof(TResult) == typeof(CertificateResponse) &&
response.Content.Headers.ContentType.MediaType == "application/pkix-cert")
{
var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false);
var certificateResponse = new CertificateResponse
{
Certificate = certificateBytes
};
GetHeaderValues(response, certificateResponse);
return(certificateResponse as TResult);
}
var responseText = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var responseContent = JObject.Parse(responseText).ToObject <TResult>();
GetHeaderValues(response, responseContent);
return(responseContent);
}
public Task <CertificateResponse> CreateServerCertificateAsync(string api_version, string name, string genid, ServerCertificateRequest request)
{
var response = new CertificateResponse()
{
Certificate = $"{CertificateHelper.CertificatePem}\n{CertificateHelper.CertificatePem}",
PrivateKey = new PrivateKey()
{
Type = PrivateKeyType.Key,
Bytes = CertificateHelper.PrivateKeyPem
}
};
return(Task.FromResult(response));
}
public void ParseCertificatesResponseInvalidKeyShouldThrow()
{
var response = new CertificateResponse()
{
Certificate = TestCertificateHelper.CertificatePem,
Expiration = DateTime.UtcNow.AddDays(1),
PrivateKey = new PrivateKey()
{
Bytes = "InvalidKey"
}
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response));
}
private async Task SaveCertificateFileAndFlagServer(CertificateResponse cert)
{
string folderPath = FolderNameHelper.GetFolderPath(cert.name, _certificateBotOptions.Value.saveCertificatePath);
await SaveFileAsync(_pfxCertificateFileName, folderPath, cert.pfxUri);
await SaveFileAsync(_privateKeyFileName, folderPath, cert.privateKeyUri);
await SaveFileAsync(_primaryCertificateFileName, folderPath, cert.certificateUri);
await SaveFileAsync(_caBundleFileName, folderPath, cert.intermediateCertificateUri);
await SaveFileAsync(_fullChainCertificateFileName, folderPath, cert.fullChainCertificateUri);
CertificateResponse certUpdated = await FlagServerAsync(cert);
lstCertNames.Add(certUpdated.name);
certificateResponses.Add(certUpdated);
}
public async Task GetCertificateTest()
{
try
{
CertificateResponse certificateResponse = await _certificateService
.GetCertificateAsync("shopeneur.com");
Assert.IsNotNull(certificateResponse);
}
catch (Exception ex)
{
string err = ex.Message;
Assert.Fail();
}
}
static async Task Main(string[] args)
{
CertificateResponse certificateResponse = await GetCertificateAsync();
Console.WriteLine($"GetCertificate returned : {JsonConvert.SerializeObject(certificateResponse)} \r\n");
List <CertificateResponse> lstCertificateResponse = await GetCertificateListAsync();
Console.WriteLine($"GetCertificateList returned : {JsonConvert.SerializeObject(lstCertificateResponse)} \r\n");
List <CertificateResponse> lstCertificateResponse1 = await PostCertificateRenewalAsync();
Console.WriteLine($"PostCertificateRenewal returned : {JsonConvert.SerializeObject(lstCertificateResponse1)} \r\n");
CertificateResponse certificateResponse1 = await PostCertificateAsync();
Console.WriteLine($"PostCertificate returned : {JsonConvert.SerializeObject(certificateResponse1)} \r\n");
}
public override AccessCredentials GetCredentials()
{
if (credentials != null && !credentials.AreExpired())
{
return(credentials);
}
if (httpClient == null)
{
throw new ArgumentException("httpClient cannot be null or empty");
}
if (clientCertificate == null)
{
throw new ArgumentException("clientCertificate cannot be null or empty");
}
var t = Task.Run(async() => await httpClient.PostAsync(postEndpoint, null));
t.Wait();
var response = t.Result;
var certResponse = new CertificateResponse();
if (response.IsSuccessStatusCode)
{
var content = response.Content.ReadAsStringAsync().Result;
var contentBytes = Encoding.UTF8.GetBytes(content);
using (var stream = new MemoryStream(contentBytes))
{
certResponse =
(CertificateResponse) new XmlSerializer(typeof(CertificateResponse)).Deserialize(stream);
}
}
if (credentials == null &&
certResponse != null &&
certResponse.cr != null)
{
credentials = certResponse.cr.Credentials;
}
return(credentials);
}
/// <summary>
/// Получение информации по сертификату
/// </summary>
/// <param name="thumbprints"></param>
/// <returns></returns>
public ActionResult GetCertificatesInfo(List <string> thumbprints)
{
Guid token = CheckSessionAuthState(CurrentUser, _authService);
if (token == Guid.Empty)
{
return(Json(new { status = "Error", errorCode = "401", errorMessage = "" }, JsonRequestBehavior.AllowGet));
}
var certificates = new List <CertificateInfo>();
foreach (string thumbprint in thumbprints)
{
CertificateResponse response = _cryptxService.GetCertificate(thumbprint, Guid.Empty, token);
certificates.Add(response.Certificate);
}
return(Json(new { certificates }, JsonRequestBehavior.AllowGet));
}
public async Task <CertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration)
{
var request = new ServerCertificateRequest
{
CommonName = hostname,
Expiration = expiration
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri)
};
CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.apiVersion, this.moduleId, this.moduleGenerationId, request), "CreateServerCertificateAsync");
return(result);
}
}
public void ParseCertificatesResponseShouldReturnCert()
{
TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert);
var response = new CertificateResponse()
{
Certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}",
Expiration = DateTime.UtcNow.AddDays(1),
PrivateKey = new PrivateKey()
{
Bytes = TestCertificateHelper.PrivateKeyPem
}
};
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateResponse(response);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.Equal(expected, cert);
Assert.True(cert.HasPrivateKey);
Assert.Equal(chain.Count(), 1);
Assert.Equal(expected, chain.First());
}
public override async Task <ServerCertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration)
{
var request = new ServerCertificateRequest
{
CommonName = hostname,
Expiration = expiration
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, request), "CreateServerCertificateAsync");
return(new ServerCertificateResponse()
{
Certificate = result.Certificate,
PrivateKey = result.PrivateKey.Bytes
});
}
}
public async Task PostCertificateTest()
{
try
{
CertificateResponse certificateResponse = new CertificateResponse
{
id = 174,
name = "shopeneur.com",
remoteCreateDate = DateTime.UtcNow,
remoteCreate = $"dev-server;test-server;prod-server"
};
CertificateResponse _certificateResponse = await _certificateService
.PostCertificateAsync(certificateResponse);
Assert.IsNotNull(_certificateResponse);
}
catch (Exception ex)
{
string err = ex.Message;
Assert.Fail();
}
}
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message, CancellationToken token) where TResult : class
{
var hasNonce = _nonce != null;
HttpResponseMessage response;
do
{
var nonceHeader = new AcmeHeader
{
Nonce = _nonce
};
var request = new HttpRequestMessage(method, uri);
if (message != null)
{
var encodedMessage = _jws.Encode(message, nonceHeader);
var json = JsonConvert.SerializeObject(encodedMessage, jsonSettings);
request.Content = new StringContent(json, Encoding.UTF8, "application/json");
}
response = await _client.SendAsync(request, token).ConfigureAwait(false);
if (response.Headers.TryGetValues("Replay-Nonce", out var vals))
{
_nonce = vals.FirstOrDefault();
}
else
{
_nonce = null;
}
if (response.IsSuccessStatusCode || hasNonce || _nonce == null)
{
break; // either successful or no point in retry
}
hasNonce = true; // we only allow it once
} while (true);
if (response.Content.Headers.ContentType.MediaType == "application/problem+json")
{
var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var problem = JsonConvert.DeserializeObject <Problem>(problemJson);
throw new AcmeException(problem, response);
}
if (typeof(TResult) == typeof(CertificateResponse) &&
response.Content.Headers.ContentType.MediaType == "application/pkix-cert")
{
var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false);
var certificateResponse = new CertificateResponse
{
Certificate = certificateBytes
};
GetHeaderValues(response, certificateResponse);
return(certificateResponse as TResult);
}
var responseText = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
var responseContent = JObject.Parse(responseText).ToObject <TResult>();
GetHeaderValues(response, responseContent);
return(responseContent);
}
internal static (X509Certificate2, IEnumerable <X509Certificate2>) ParseCertificateResponse(CertificateResponse response)
{
return(ParseCertificateAndKey(response.Certificate, response.PrivateKey.Bytes));
}
internal static (X509Certificate2, IEnumerable <X509Certificate2>) ParseCertificateResponse(CertificateResponse response)
{
IEnumerable <string> pemCerts = ParsePemCerts(response.Certificate);
if (pemCerts.FirstOrDefault() == null)
{
throw new InvalidOperationException("Certificate is required");
}
IEnumerable <X509Certificate2> certsChain = GetCertificatesFromPem(pemCerts.Skip(1));
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
IList <X509CertificateEntry> chain = new List <X509CertificateEntry>();
var sr = new StringReader(pemCerts.First() + "\r\n" + response.PrivateKey.Bytes);
var pemReader = new PemReader(sr);
RsaPrivateCrtKeyParameters keyParams = null;
object certObject = pemReader.ReadObject();
while (certObject != null)
{
if (certObject is Org.BouncyCastle.X509.X509Certificate x509Cert)
{
chain.Add(new X509CertificateEntry(x509Cert));
}
if (certObject is RsaPrivateCrtKeyParameters)
{
keyParams = ((RsaPrivateCrtKeyParameters)certObject);
}
certObject = pemReader.ReadObject();
}
if (keyParams == null)
{
throw new InvalidOperationException("Private key is required");
}
store.SetKeyEntry("Edge", new AsymmetricKeyEntry(keyParams), chain.ToArray());
using (var p12File = new MemoryStream())
{
store.Save(p12File, new char[] { }, new SecureRandom());
var cert = new X509Certificate2(p12File.ToArray());
return(cert, certsChain);
}
}
