public static ChannelCredentials CreateChannelCredentials(
bool useTls,
[CanBeNull] string clientCertificate = null)
{
if (!useTls)
{
_msg.DebugFormat("Using insecure channel credentials");
return(ChannelCredentials.Insecure);
}
string rootCertificatesAsPem =
CertificateUtils.GetUserRootCertificatesInPemFormat();
if (_msg.IsVerboseDebugEnabled)
{
_msg.DebugFormat("Trusted root credentials provided: {0}",
rootCertificatesAsPem);
}
KeyCertificatePair sslClientCertificate = null;
if (!string.IsNullOrEmpty(clientCertificate))
{
KeyPair keyPair = CertificateUtils.FindKeyCertificatePairFromStore(
clientCertificate, new[]
{
X509FindType.FindBySubjectDistinguishedName,
X509FindType.FindByThumbprint,
X509FindType.FindBySubjectName
}, StoreName.My, StoreLocation.CurrentUser);
if (keyPair != null)
{
_msg.Debug("Using client-side certificate");
sslClientCertificate =
new KeyCertificatePair(keyPair.PublicKey, keyPair.PrivateKey);
}
else
{
throw new ArgumentException(
$"Could not usable find client certificate {clientCertificate} in certificate store.");
}
}
var result = new SslCredentials(rootCertificatesAsPem, sslClientCertificate);
return(result);
}
private static KeyPair TryGetServerCertificateKeyPair(
[NotNull] string certificate,
[CanBeNull] string privateKeyFilePath)
{
KeyPair result;
if (File.Exists(certificate))
{
_msg.DebugFormat("Using existing PEM file certificate: {0}.", certificate);
Assert.NotNullOrEmpty(privateKeyFilePath, "Private key PEM file was not provided.");
Assert.True(File.Exists(privateKeyFilePath),
$"Private key PEM file {privateKeyFilePath} was not found.");
result = new KeyPair(File.ReadAllText(certificate),
File.ReadAllText(privateKeyFilePath));
_msg.InfoFormat("Using certificate from file {0}", certificate);
}
else
{
_msg.DebugFormat(
"No certificate PEM file found using {0}. Getting certificate from store.",
certificate);
if (!string.IsNullOrEmpty(privateKeyFilePath))
{
result = GetMixedKeyPair(certificate, privateKeyFilePath);
}
else
{
// Find server certificate including private key from Store (Local Computer, Personal folder)
result =
CertificateUtils.FindKeyCertificatePairFromStore(
certificate,
new[]
{
X509FindType.FindBySubjectDistinguishedName,
X509FindType.FindByThumbprint
}, StoreName.My, StoreLocation.LocalMachine);
}
if (result == null)
{
_msg.InfoFormat(
"No certificate could be found by '{0}'. Using insecure credentials (no TLS).",
certificate);
}
else
{
_msg.InfoFormat("Using certificate from certificate store for TLS.");
}
}
if (result != null && _msg.IsVerboseDebugEnabled)
{
_msg.DebugFormat("Certificate chain: {0}", result.PublicKey);
}
return(result);
}
