示例#1
0
        public void Install(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain,
                            IPkiTool cp)
        {
            AssertNotDisposed();

            string pkPem;

            using (var ms = new MemoryStream())
            {
                cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
                pkPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string crtPem;

            using (var ms = new MemoryStream())
            {
                cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
                crtPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string chainPem = null;

            if (chain != null)
            {
                using (var ms = new MemoryStream())
                {
                    foreach (var c in chain)
                    {
                        cp.ExportCertificate(c, EncodingFormat.PEM, ms);
                    }
                    chainPem = Encoding.UTF8.GetString(ms.ToArray());
                }
            }

            using (var client = new AmazonIdentityManagementServiceClient(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                var iamRequ = new UploadServerCertificateRequest
                {
                    PrivateKey       = pkPem,
                    CertificateBody  = crtPem,
                    CertificateChain = chainPem,

                    ServerCertificateName = this.ServerCertificateName,
                    Path = this.Path
                };

                var iamResp = client.UploadServerCertificate(iamRequ);
                // TODO:  any checks we should do?
            }
        }
        public void Install(PrivateKey pk, Crt crt, IEnumerable<PKI.Crt> chain,
                IPkiTool cp)
        {
            AssertNotDisposed();

            string pkPem;
            using (var ms = new MemoryStream())
            {
                cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
                pkPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string crtPem;
            using (var ms = new MemoryStream())
            {
                cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
                crtPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string chainPem = null;
            if (chain != null)
            {
                using (var ms = new MemoryStream())
                {
                    foreach (var c in chain)
                    {
                        cp.ExportCertificate(c, EncodingFormat.PEM, ms);
                    }
                    chainPem = Encoding.UTF8.GetString(ms.ToArray());
                }
            }

            using (var client = new AmazonIdentityManagementServiceClient(
                CommonParams.ResolveCredentials(),
                CommonParams.RegionEndpoint))
            {
                var iamRequ = new UploadServerCertificateRequest
                {
                    PrivateKey = pkPem,
                    CertificateBody = crtPem,
                    CertificateChain = chainPem,

                    ServerCertificateName = this.ServerCertificateName,
                    Path = this.Path
                };

                var iamResp = client.UploadServerCertificate(iamRequ);
                // TODO:  any checks we should do?
            }
        }
示例#3
0
        private string GetIssuerCertificate(CertificateRequest certificate, IPkiTool cp,
                                            string certificateFolder, TargetApplication targetApplication)
        {
            var linksEnum = certificate.Links;

            if (linksEnum == null)
            {
                return(null);
            }

            var links  = new LinkCollection(linksEnum);
            var upLink = links.GetFirstOrDefault("up");

            if (upLink == null)
            {
                return(null);
            }

            var temporaryFileName = Path.GetTempFileName();

            try
            {
                using (var web = new WebClient())
                {
                    var acmeServerBaseUri = _configuration.GetAcmeServerBaseUri(targetApplication);
                    var uri = new Uri(acmeServerBaseUri, upLink.Uri);
                    web.DownloadFile(uri, temporaryFileName);
                }

                var cacert = new X509Certificate2(temporaryFileName);
                var sernum = cacert.GetSerialNumberString();

                var cacertDerFile = Path.Combine(certificateFolder, $"ca-{sernum}-crt.der");
                var cacertPemFile = Path.Combine(certificateFolder, $"ca-{sernum}-crt.pem");

                if (!File.Exists(cacertDerFile))
                {
                    File.Copy(temporaryFileName, cacertDerFile, true);
                }

                _logger.Information("Saving issuer certificate to {cacertPemFile}", cacertPemFile);
                if (File.Exists(cacertPemFile))
                {
                    return(cacertPemFile);
                }

                using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
                       target = new FileStream(cacertPemFile, FileMode.Create))
                {
                    var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
                    cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
                }

                return(cacertPemFile);
            }
            finally
            {
                if (File.Exists(temporaryFileName))
                {
                    File.Delete(temporaryFileName);
                }
            }
        }