/*** * Creates a TLSCertificateKeyPair out of the given {@link X509Certificate} and {@link KeyPair} * encoded in PEM and also in DER for the certificate * @param x509Cert the certificate to process * @param keyPair the key pair to process * @return a TLSCertificateKeyPair * @throws IOException upon failure */ public TLSCertificateKeyPair(Certificate x509Cert, KeyPair keyPair) { using (MemoryStream baos = new MemoryStream()) { StreamWriter writer = new StreamWriter(baos); PemWriter w = new PemWriter(writer); w.WriteObject(x509Cert.X509Certificate); writer.Flush(); writer.Close(); CertPEMBytes = baos.ToArray(); } using (MemoryStream isr = new MemoryStream(CertPEMBytes)) { StreamReader reader = new StreamReader(isr); PemReader pr = new PemReader(reader); PemObject po = pr.ReadPemObject(); CertDERBytes = po.Content; } using (MemoryStream baos = new MemoryStream()) { StreamWriter writer = new StreamWriter(baos); PemWriter w = new PemWriter(writer); w.WriteObject(keyPair.PrivateKey); writer.Flush(); writer.Close(); KeyPEMBytes = baos.ToArray(); } }
/// <summary> /// Convert RSA pem files to <see cref="AsymmetricKeyParameter"/> /// </summary> /// <param name="pemFile">The content of the file. (NOT THE FILE NAME)</param> /// <returns>The key to use in bouncy castle</returns> public static AsymmetricKeyParameter ReadAsymmetricKeyParameter(string pemFile) { using (StringReader reader = new StringReader(pemFile)) { Org.BouncyCastle.OpenSsl.PemReader pr = new Org.BouncyCastle.OpenSsl.PemReader(reader); Org.BouncyCastle.Utilities.IO.Pem.PemObject po = pr.ReadPemObject(); return(PublicKeyFactory.CreateKey(po.Content)); } }
public static List <X509Certificate2> LoadCerts(string cert) { using var stream = GetResourceStream(cert); using var reader = new StreamReader(stream); var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(reader); var pemObjs = new List <PemObject>(); while (pemReader.Reader.Peek() > -1) { var pemObj = pemReader.ReadPemObject(); if (pemObj != null) { pemObjs.Add(pemObj); } } return(pemObjs.Select(po => new X509Certificate2(po.Content)).ToList()); }
public static X509Certificate2[] LoadCertificatesFromPemStream(Stream inStream) { if (inStream == null) { return(null); } try { using var stream = new StreamReader(inStream); var c = new X509Certificate2(); var pemReader = new PemReader(stream); var obj = pemReader.ReadPemObject(); c.Import(obj.Content); return(new[] { c }); } catch (Exception e) when(e is CertificateException || e is IOException) { throw new CertificateException("Certificate loading error", e); } }
public static byte[] ExtractDER(string pemcert) { byte[] content = null; try { using (StringReader sr = new StringReader(pemcert)) { PemReader pemReader = new PemReader(sr); PemObject pemObject = pemReader.ReadPemObject(); content = pemObject.Content; } } catch (Exception) { // best attempt } return(content); }
public TLSCertificateKeyPair(Properties properties) { // check for mutual TLS - both clientKey and clientCert must be present if (properties.Contains("clientKeyFile") && properties.Contains("clientKeyBytes")) { throw new ArgumentException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set"); } if (properties.Contains("clientCertFile") && properties.Contains("clientCertBytes")) { throw new ArgumentException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set"); } if (properties.Contains("clientKeyFile") || properties.Contains("clientCertFile")) { if (properties.Contains("clientKeyFile") && properties.Contains("clientCertFile")) { try { logger.Trace($"Reading clientKeyFile: {properties["clientKeyFile"]}"); KeyPEMBytes = File.ReadAllBytes(Path.GetFullPath(properties["clientKeyFile"])); logger.Trace($"Reading clientCertFile: {properties["clientCertFile"]}"); CertPEMBytes = File.ReadAllBytes(Path.GetFullPath(properties["clientCertFile"])); //Check if both right GetCertificate(); GetPrivateKey(); } catch (Exception e) { throw new ArgumentException("Failed to parse TLS client key and/or cert", e); } } else { throw new ArgumentException("Properties \"clientKeyFile\" and \"clientCertFile\" must both be set or both be null"); } } else if (properties.Contains("clientKeyThumbprint")) { X509Certificate2 certi = SearchCertificateByFingerprint(properties["clientKeyThumbprint"]); if (certi == null) { throw new ArgumentException($"Thumbprint {properties["clientKeyThumbprint"]} not found in KeyStore"); } CertPEMBytes = ExportToPEMCert(certi); KeyPEMBytes = ExportToPEMKey(certi); //Check if both right GetCertificate(); GetPrivateKey(); } else if (properties.Contains("clientKeySubject")) { X509Certificate2 certi = SearchCertificateBySubject(properties["clientKeySubject"]); if (certi == null) { throw new ArgumentException($"Subject {properties["clientKeySubject"]} not found in KeyStore"); } CertPEMBytes = ExportToPEMCert(certi); KeyPEMBytes = ExportToPEMKey(certi); //Check if both right GetCertificate(); GetPrivateKey(); } else if (properties.Contains("clientKeyBytes") || properties.Contains("clientCertBytes")) { KeyPEMBytes = properties["clientKeyBytes"]?.ToBytes(); CertPEMBytes = properties["clientCertBytes"]?.ToBytes(); if (KeyPEMBytes == null || CertPEMBytes == null) { throw new ArgumentException("Properties \"clientKeyBytes\" and \"clientCertBytes\" must both be set or both be null"); } //Check if both right GetCertificate(); GetPrivateKey(); } if (CertPEMBytes != null) { using (MemoryStream isr = new MemoryStream(CertPEMBytes)) { StreamReader reader = new StreamReader(isr); PemReader pr = new PemReader(reader); PemObject po = pr.ReadPemObject(); CertDERBytes = po.Content; } } }