private X509Certificate2 LoadPEMCertificate(CertificateConfigData certificateConfig, string certificatePath)
{
var certificateKeyPath = Path.Combine(_hostEnvironment.ContentRootPath, certificateConfig.KeyPath);
var certificate = GetCertificate(certificatePath);
if (certificate != null)
{
certificate = LoadCertificateKey(certificate, certificateKeyPath, certificateConfig.Password);
}
else
{
throw GetFailedToLoadCertificateKeyException(certificateKeyPath);
}
if (certificate != null)
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
return(PersistKey(certificate));
}
return(certificate);
}
throw GetFailedToLoadCertificateKeyException(certificateKeyPath);
}
public void LoadCertificate_PemKeyDoesntMatchTheCertificateKey_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("https-aspnet.crt"),
KeyPath = TestResources.GetCertPath("https-ecdsa.key")
};
Assert.Throws <ArgumentException>(() => loader.LoadCertificate(options));
}
public void LoadCertificate_PemPathAndKeySpecifiedButPasswordIsMissing_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("https-aspnet.crt"),
KeyPath = TestResources.GetCertPath("https-aspnet.key")
};
Assert.Throws <ArgumentException>(() => loader.LoadCertificate(options));
}
public void LoadCertificate_PfxPasswordIsNotCorrect_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("aspnetdevcert.pfx"),
Password = "******"
};
Assert.ThrowsAny <CryptographicException>(() => loader.LoadCertificate(options));
}
public void LoadCertificate_PemPasswordIsIncorrect_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("https-aspnet.crt"),
KeyPath = TestResources.GetCertPath("https-aspnet.key"),
Password = "******"
};
Assert.ThrowsAny <CryptographicException>(() => loader.LoadCertificate(options));
}
public void LoadCertificate_PfxPathAndPasswordSpecified_Success()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("aspnetdevcert.pfx"),
Password = "******"
};
var certificate = loader.LoadCertificate(options);
Assert.NotNull(certificate);
Assert.Equal("7E2467E85A9FA8824F6A37469334AD1C", certificate.SerialNumber);
}
public void LoadCertificate_PemLoadCertificate_Success(string certificateFile, string certificateKey, string password, string expectedSN)
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath(certificateFile),
KeyPath = TestResources.GetCertPath(certificateKey),
Password = password
};
var certificate = loader.LoadCertificate(options);
Assert.Equal(expectedSN, certificate.SerialNumber);
}
public void LoadCertificate_PfxFileNotFound_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("missingfile.pfx"),
Password = "******"
};
if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
Assert.ThrowsAny <FileNotFoundException>(() => loader.LoadCertificate(options));
}
else
{
Assert.ThrowsAny <CryptographicException>(() => loader.LoadCertificate(options));
}
}
/// <inheritdoc/>
public X509Certificate2 LoadCertificate(CertificateConfigData certificateConfig)
{
if (certificateConfig is null)
{
return(null);
}
if (certificateConfig.IsFileCert && certificateConfig.IsStoreCert)
{
throw new InvalidOperationException($"Multiple certificate sources are defined in the cluster configuration.");
}
else if (certificateConfig.IsFileCert)
{
var certificatePath = Path.Combine(_hostEnvironment.ContentRootPath, certificateConfig.Path);
if (certificateConfig.KeyPath == null)
{
return(new X509Certificate2(Path.Combine(_hostEnvironment.ContentRootPath, certificateConfig.Path), certificateConfig.Password));
}
else
{
#if NETCOREAPP5_0
return(LoadPEMCertificate(certificateConfig, certificatePath));
#elif NETCOREAPP3_1
throw new NotSupportedException("PEM certificate format is only supported on .NET 5 or higher.");
#else
#error A target framework was added to the project and needs to be added to this condition.
#endif
}
}
else if (certificateConfig.IsStoreCert)
{
return(LoadFromCertStore(certificateConfig));
}
throw new ArgumentException($"Passed {nameof(CertificateConfigData)} doesn't define a certificate in any known format.");
}
