public void LoadCertificateWithPublicKey() { using X509Certificate2 certificate = PemReader.LoadCertificate(RsaPemPrivateKey.AsSpan(), s_rsaCertificateBytes, keyType: PemReader.KeyType.RSA); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificateAutomatically() { using X509Certificate2 certificate = PemReader.LoadCertificate(RsaPem.AsSpan()); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificateWithPublicKey() { using X509Certificate2 certificate = PemReader.LoadCertificate(PEMPrivateKey.AsSpan(), CertificateBytes); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificatePemOverridesCer() { using X509Certificate2 certificate = PemReader.LoadCertificate(RsaPem.AsSpan(), Encoding.UTF8.GetBytes("This is not a certificate"), keyType: PemReader.KeyType.RSA); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
private async ValueTask <X509Certificate2> LoadCertificateFromPemFileAsync(bool async, string clientCertificatePath, CancellationToken cancellationToken) { if (!(Certificate is null)) { return(Certificate); } string certficateText; try { if (!async) { certficateText = File.ReadAllText(clientCertificatePath); } else { cancellationToken.ThrowIfCancellationRequested(); using (StreamReader sr = new StreamReader(clientCertificatePath)) { certficateText = await sr.ReadToEndAsync().ConfigureAwait(false); } } Certificate = PemReader.LoadCertificate(certficateText.AsSpan(), keyType: PemReader.KeyType.RSA); return(Certificate); } catch (Exception e) when(!(e is OperationCanceledException)) { throw new CredentialUnavailableException("Could not load certificate file", e); } }
public void LoadCertificate() { using X509Certificate2 certificate = PemReader.LoadCertificate(RsaPem.AsSpan(), keyType: PemReader.KeyType.RSA); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.GetRSAPrivateKey().KeySize); }
public void LoadCertificateReversed() { string pem = PEMPublicKey + "\n" + PEMPrivateKey; using X509Certificate2 certificate = PemReader.LoadCertificate(pem.AsSpan()); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificateReversed() { string pem = RsaPemCertificate + "\n" + RsaPemPrivateKey; using X509Certificate2 certificate = PemReader.LoadCertificate(pem.AsSpan(), keyType: PemReader.KeyType.RSA); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); Assert.AreEqual(2048, certificate.PrivateKey.KeySize); }
public void LoadCertificateAutomatically() { #if NET461 Assert.Ignore("Loading X509Certificate2 with private EC key not supported on this platform"); #endif using X509Certificate2 certificate = PemReader.LoadCertificate(s_ecdsaFullCertificate.AsSpan()); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); }
public void LoadCertificatePemOverridesCer() { #if NET461 Assert.Ignore("Loading X509Certificate2 with private EC key not supported on this platform"); #endif using X509Certificate2 certificate = PemReader.LoadCertificate(s_ecdsaFullCertificate.AsSpan(), cer: Encoding.UTF8.GetBytes("This is not a certificate"), keyType: PemReader.KeyType.ECDsa); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); }
public void LoadCertificateWithPublicKey() { #if NET461 Assert.Ignore("Loading X509Certificate2 with private EC key not supported on this platform"); #endif using X509Certificate2 certificate = PemReader.LoadCertificate(ECDsaPrivateKey.AsSpan(), cer: s_ecdsaCertificateBytes, keyType: PemReader.KeyType.ECDsa); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); }
public void LoadRSACertificate() { #if NET461 // Compatible with previous release. Goes through the LightweightPkcs8Decoder.DecodeECDsaPkcs8(). Assert.Throws <InvalidDataException>(() => PemReader.LoadCertificate(RSACertificate.AsSpan(), keyType: PemReader.KeyType.ECDsa)); #else // Compatible with the previous release. Goes through RSA.ImportPKcs8PrivateKey(). Assert.That(() => PemReader.LoadCertificate(RSACertificate.AsSpan(), keyType: PemReader.KeyType.ECDsa), Throws.InstanceOf <CryptographicException>()); #endif }
public void LoadECDsaPrime256v1Certificate() { #if NET461 Assert.Ignore("Loading X509Certificate2 with private EC key not supported on this platform"); #elif NETCOREAPP2_1 Assert.Ignore("Different OIDs in the certificate and private key prevent this from passing currently"); #endif using X509Certificate2 certificate = PemReader.LoadCertificate(ECDsaPrime256v1Certificate.AsSpan(), keyType: PemReader.KeyType.ECDsa); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsTrue(certificate.HasPrivateKey); }
/// <summary> /// Parses the response from <see cref="GetLedgerIdentity"/> or <see cref="GetLedgerIdentityAsync"/>. /// </summary> /// <param name="getIdentityResponse">The response from <see cref="GetLedgerIdentity"/> or <see cref="GetLedgerIdentityAsync"/>.</param> /// <returns>The <see cref="X509Certificate2"/>.</returns> public static X509Certificate2 ParseCertificate(Response getIdentityResponse) { var eccPem = JsonDocument.Parse(getIdentityResponse.Content) .RootElement .GetProperty("ledgerTlsCertificate") .GetString(); // construct an X509Certificate2 with the ECC PEM value. var span = new ReadOnlySpan <char>(eccPem.ToCharArray()); return(PemReader.LoadCertificate(span, null, PemReader.KeyType.Auto, true)); }
public void LoadedCertificateNotDisposed() { using X509Certificate2 certificate = PemReader.LoadCertificate(RsaPem.AsSpan(), keyType: PemReader.KeyType.RSA); using RSA publicKey = certificate.GetRSAPublicKey(); using RSA privateKey = certificate.GetRSAPrivateKey(); byte[] plaintext = Encoding.UTF8.GetBytes("test"); byte[] ciphertext = publicKey.Encrypt(plaintext, RSAEncryptionPadding.Pkcs1); byte[] decrypted = privateKey.Decrypt(ciphertext, RSAEncryptionPadding.Pkcs1); Assert.AreEqual(plaintext, decrypted); }
internal static HttpPipelineTransportOptions GetIdentityServerTlsCertAndTrust(Uri ledgerUri, ConfidentialLedgerClientOptions options) { var identityClient = new ConfidentialLedgerIdentityServiceClient(new Uri("https://identity.accledger.azure.com"), options); // Get the ledger's TLS certificate for our ledger. var ledgerId = ledgerUri.Host.Substring(0, ledgerUri.Host.IndexOf('.')); Response response = identityClient.GetLedgerIdentity(ledgerId, new()); // extract the ECC PEM value from the response. var eccPem = JsonDocument.Parse(response.Content) .RootElement .GetProperty("ledgerTlsCertificate") .GetString(); // construct an X509Certificate2 with the ECC PEM value. var span = new ReadOnlySpan <char>(eccPem.ToCharArray()); var ledgerTlsCert = PemReader.LoadCertificate(span, null, PemReader.KeyType.Auto, true); X509Chain certificateChain = new(); certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot; certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; certificateChain.ChainPolicy.VerificationTime = DateTime.Now; certificateChain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0); certificateChain.ChainPolicy.ExtraStore.Add(ledgerTlsCert); // Define a validation function to ensure that the ledger certificate is trusted by the ledger identity TLS certificate. bool CertValidationCheck(X509Certificate2 cert) { bool isChainValid = certificateChain.Build(cert); if (!isChainValid) { return(false); } var isCertSignedByTheTlsCert = certificateChain.ChainElements.Cast <X509ChainElement>() .Any(x => x.Certificate.Thumbprint == ledgerTlsCert.Thumbprint); return(isCertSignedByTheTlsCert); } return(new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = args => CertValidationCheck(args.Certificate) }); }
public void LoadCertificateWithNoKeys() { Exception ex = Assert.Throws <InvalidDataException>(() => PemReader.LoadCertificate(Span <char> .Empty, keyType: PemReader.KeyType.ECDsa)); Assert.AreEqual("The certificate is missing the public key", ex.Message); }
public void LoadCertificateWithOnlyPublicKeyAllowed() { using X509Certificate2 certificate = PemReader.LoadCertificate(ECDsaCertificate.AsSpan(), allowCertificateOnly: true, keyType: PemReader.KeyType.ECDsa); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsFalse(certificate.HasPrivateKey); }
public void LoadCertificateWithoutPrivateKey() { Exception ex = Assert.Throws <InvalidDataException>(() => PemReader.LoadCertificate(ECDsaCertificate.AsSpan(), keyType: PemReader.KeyType.ECDsa)); Assert.AreEqual("The certificate is missing the private key", ex.Message); }
public void LoadECDsaCertificateAutomatically() { // Support for ECDsa certificates are not supported by default. See Azure.Security.KeyVault.Certificates for support. Assert.Throws <NotSupportedException>(() => PemReader.LoadCertificate(ECDsaCertificate.AsSpan(), keyType: PemReader.KeyType.Auto)); }
public void LoadCertificateWithoutPublicKey() { Exception ex = Assert.Throws <InvalidDataException>(() => PemReader.LoadCertificate(PEMPrivateKey.AsSpan())); Assert.AreEqual("The certificate is missing the public key", ex.Message); }
public void LoadCertificateWithOnlyPublicKeyAllowed() { using X509Certificate2 certificate = PemReader.LoadCertificate(PEMPublicKey.AsSpan(), CertificateBytes, allowCertificateOnly: true); Assert.AreEqual("CN=Azure SDK", certificate.Subject); Assert.IsFalse(certificate.HasPrivateKey); }