/***
* Creates a TLSCertificateKeyPair out of the given {@link X509Certificate} and {@link KeyPair}
* encoded in PEM and also in DER for the certificate
* @param x509Cert the certificate to process
* @param keyPair the key pair to process
* @return a TLSCertificateKeyPair
* @throws IOException upon failure
*/
public TLSCertificateKeyPair(Certificate x509Cert, KeyPair keyPair)
{
using (MemoryStream baos = new MemoryStream())
{
StreamWriter writer = new StreamWriter(baos);
PemWriter w = new PemWriter(writer);
w.WriteObject(x509Cert.X509Certificate);
writer.Flush();
writer.Close();
CertPEMBytes = baos.ToArray();
}
using (MemoryStream isr = new MemoryStream(CertPEMBytes))
{
StreamReader reader = new StreamReader(isr);
PemReader pr = new PemReader(reader);
PemObject po = pr.ReadPemObject();
CertDERBytes = po.Content;
}
using (MemoryStream baos = new MemoryStream())
{
StreamWriter writer = new StreamWriter(baos);
PemWriter w = new PemWriter(writer);
w.WriteObject(keyPair.PrivateKey);
writer.Flush();
writer.Close();
KeyPEMBytes = baos.ToArray();
}
}
/// <summary>
/// Convert RSA pem files to <see cref="AsymmetricKeyParameter"/>
/// </summary>
/// <param name="pemFile">The content of the file. (NOT THE FILE NAME)</param>
/// <returns>The key to use in bouncy castle</returns>
public static AsymmetricKeyParameter ReadAsymmetricKeyParameter(string pemFile)
{
using (StringReader reader = new StringReader(pemFile))
{
Org.BouncyCastle.OpenSsl.PemReader pr =
new Org.BouncyCastle.OpenSsl.PemReader(reader);
Org.BouncyCastle.Utilities.IO.Pem.PemObject po = pr.ReadPemObject();
return(PublicKeyFactory.CreateKey(po.Content));
}
}
public static List <X509Certificate2> LoadCerts(string cert)
{
using var stream = GetResourceStream(cert);
using var reader = new StreamReader(stream);
var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(reader);
var pemObjs = new List <PemObject>();
while (pemReader.Reader.Peek() > -1)
{
var pemObj = pemReader.ReadPemObject();
if (pemObj != null)
{
pemObjs.Add(pemObj);
}
}
return(pemObjs.Select(po => new X509Certificate2(po.Content)).ToList());
}
public static X509Certificate2[] LoadCertificatesFromPemStream(Stream inStream)
{
if (inStream == null)
{
return(null);
}
try
{
using var stream = new StreamReader(inStream);
var c = new X509Certificate2();
var pemReader = new PemReader(stream);
var obj = pemReader.ReadPemObject();
c.Import(obj.Content);
return(new[] { c });
}
catch (Exception e) when(e is CertificateException || e is IOException)
{
throw new CertificateException("Certificate loading error", e);
}
}
public static byte[] ExtractDER(string pemcert)
{
byte[] content = null;
try
{
using (StringReader sr = new StringReader(pemcert))
{
PemReader pemReader = new PemReader(sr);
PemObject pemObject = pemReader.ReadPemObject();
content = pemObject.Content;
}
}
catch (Exception)
{
// best attempt
}
return(content);
}
public TLSCertificateKeyPair(Properties properties)
{
// check for mutual TLS - both clientKey and clientCert must be present
if (properties.Contains("clientKeyFile") && properties.Contains("clientKeyBytes"))
{
throw new ArgumentException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set");
}
if (properties.Contains("clientCertFile") && properties.Contains("clientCertBytes"))
{
throw new ArgumentException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set");
}
if (properties.Contains("clientKeyFile") || properties.Contains("clientCertFile"))
{
if (properties.Contains("clientKeyFile") && properties.Contains("clientCertFile"))
{
try
{
logger.Trace($"Reading clientKeyFile: {properties["clientKeyFile"]}");
KeyPEMBytes = File.ReadAllBytes(Path.GetFullPath(properties["clientKeyFile"]));
logger.Trace($"Reading clientCertFile: {properties["clientCertFile"]}");
CertPEMBytes = File.ReadAllBytes(Path.GetFullPath(properties["clientCertFile"]));
//Check if both right
GetCertificate();
GetPrivateKey();
}
catch (Exception e)
{
throw new ArgumentException("Failed to parse TLS client key and/or cert", e);
}
}
else
{
throw new ArgumentException("Properties \"clientKeyFile\" and \"clientCertFile\" must both be set or both be null");
}
}
else if (properties.Contains("clientKeyThumbprint"))
{
X509Certificate2 certi = SearchCertificateByFingerprint(properties["clientKeyThumbprint"]);
if (certi == null)
{
throw new ArgumentException($"Thumbprint {properties["clientKeyThumbprint"]} not found in KeyStore");
}
CertPEMBytes = ExportToPEMCert(certi);
KeyPEMBytes = ExportToPEMKey(certi);
//Check if both right
GetCertificate();
GetPrivateKey();
}
else if (properties.Contains("clientKeySubject"))
{
X509Certificate2 certi = SearchCertificateBySubject(properties["clientKeySubject"]);
if (certi == null)
{
throw new ArgumentException($"Subject {properties["clientKeySubject"]} not found in KeyStore");
}
CertPEMBytes = ExportToPEMCert(certi);
KeyPEMBytes = ExportToPEMKey(certi);
//Check if both right
GetCertificate();
GetPrivateKey();
}
else if (properties.Contains("clientKeyBytes") || properties.Contains("clientCertBytes"))
{
KeyPEMBytes = properties["clientKeyBytes"]?.ToBytes();
CertPEMBytes = properties["clientCertBytes"]?.ToBytes();
if (KeyPEMBytes == null || CertPEMBytes == null)
{
throw new ArgumentException("Properties \"clientKeyBytes\" and \"clientCertBytes\" must both be set or both be null");
}
//Check if both right
GetCertificate();
GetPrivateKey();
}
if (CertPEMBytes != null)
{
using (MemoryStream isr = new MemoryStream(CertPEMBytes))
{
StreamReader reader = new StreamReader(isr);
PemReader pr = new PemReader(reader);
PemObject po = pr.ReadPemObject();
CertDERBytes = po.Content;
}
}
}
