private void CheckPEMWriter(X509Certificate2 certificate, string password = null)
{
PEMWriter.ExportCertificateAsPEM(certificate);
if (certificate.HasPrivateKey)
{
PEMWriter.ExportPrivateKeyAsPEM(certificate, password);
PEMWriter.ExportECDsaPrivateKeyAsPEM(certificate);
}
}
public void UpdateCertificateSelfSigned(string keyFormat)
{
ConnectPushClient(true);
var keyFormats = _pushClient.PushClient.GetSupportedKeyFormats();
if (!keyFormats.Contains(keyFormat))
{
Assert.Ignore("Push server doesn't support {0} key update", keyFormat);
}
X509Certificate2 newCert = CertificateFactory.CreateCertificate(
null, null, null,
_applicationRecord.ApplicationUri,
_applicationRecord.ApplicationNames[0].Text,
_selfSignedServerCert.Subject,
null,
CertificateFactory.DefaultKeySize,
DateTime.UtcNow,
CertificateFactory.DefaultLifeTime,
CertificateFactory.DefaultHashSize);
byte[] privateKey = null;
if (keyFormat == "PFX")
{
Assert.IsTrue(newCert.HasPrivateKey);
privateKey = newCert.Export(X509ContentType.Pfx);
}
else if (keyFormat == "PEM")
{
Assert.IsTrue(newCert.HasPrivateKey);
privateKey = PEMWriter.ExportPrivateKeyAsPEM(newCert);
}
else
{
Assert.Fail("Testing unsupported key format {0}.", keyFormat);
}
var success = _pushClient.PushClient.UpdateCertificate(
_pushClient.PushClient.DefaultApplicationGroup,
_pushClient.PushClient.ApplicationCertificateType,
newCert.RawData,
keyFormat,
privateKey,
null);
if (success)
{
_pushClient.PushClient.ApplyChanges();
}
VerifyNewPushServerCert(newCert.RawData);
}
public void VerifyPemWriterPrivateKeys()
{
// all app certs are trusted
foreach (var appCert in m_appSelfSignedCerts)
{
var pemDataBlob = PEMWriter.ExportPrivateKeyAsPEM(appCert);
var pemString = Encoding.UTF8.GetString(pemDataBlob);
TestContext.Out.WriteLine(pemString);
CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert.RawData), pemDataBlob);
// note: password is ignored
var newCert = CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert.RawData), pemDataBlob, "password");
X509Utils.VerifyRSAKeyPair(newCert, newCert, true);
}
}
private void CheckPEMWriter(X509Certificate2 certificate, string password = null)
{
PEMWriter.ExportCertificateAsPEM(certificate);
if (certificate.HasPrivateKey)
{
#if NETFRAMEWORK || NETCOREAPP2_1
// The implementation based on bouncy castle has no support to export with password
password = null;
#endif
PEMWriter.ExportPrivateKeyAsPEM(certificate, password);
#if NETCOREAPP3_1_OR_GREATER
PEMWriter.ExportRSAPrivateKeyAsPEM(certificate);
#endif
}
}
public void VerifyPemWriterPasswordPrivateKeys()
{
// all app certs are trusted
foreach (var appCert in m_appSelfSignedCerts)
{
var password = Guid.NewGuid().ToString().Substring(0, 8);
TestContext.Out.WriteLine("Password: {0}", password);
var pemDataBlob = PEMWriter.ExportPrivateKeyAsPEM(appCert, password);
var pemString = Encoding.UTF8.GetString(pemDataBlob);
TestContext.Out.WriteLine(pemString);
var newCert = CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert), pemDataBlob, password);
var exception = Assert.Throws <CryptographicException>(() => { CertificateFactory.CreateCertificateWithPEMPrivateKey(new X509Certificate2(appCert), pemDataBlob); });
X509Utils.VerifyRSAKeyPair(newCert, newCert, true);
}
}
/// <summary>
/// Create a certificate with a new key pair signed by the CA of the cert group.
/// </summary>
/// <param name="application">The application record.</param>
/// <param name="subjectName">The subject of the certificate.</param>
/// <param name="domainNames">The domain names for the subject alt name extension.</param>
/// <param name="privateKeyFormat">The private key format as PFX or PEM.</param>
/// <param name="privateKeyPassword">A password for the private key.</param>
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
if (application == null)
{
throw new ArgumentNullException(nameof(application));
}
if (application.ApplicationUri == null)
{
throw new ArgumentNullException(nameof(application.ApplicationUri));
}
if (application.ApplicationNames == null)
{
throw new ArgumentNullException(nameof(application.ApplicationNames));
}
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty).ConfigureAwait(false))
using (var certificate = CertificateFactory.CreateCertificate(
application.ApplicationUri,
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames)
.SetIssuer(signingKey)
.CreateForRSA())
{
byte[] privateKey;
if (privateKeyFormat == "PFX")
{
privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat == "PEM")
{
privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate, privateKeyPassword);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey));
}
}
public virtual async Task <X509Certificate2KeyPair> NewKeyPairRequestAsync(
ApplicationRecordDataType application,
string subjectName,
string[] domainNames,
string privateKeyFormat,
string privateKeyPassword)
{
using (var signingKey = await LoadSigningKeyAsync(Certificate, string.Empty))
using (var certificate = CertificateFactory.CreateCertificate(
null, null, null,
application.ApplicationUri ?? "urn:ApplicationURI",
application.ApplicationNames.Count > 0 ? application.ApplicationNames[0].Text : "ApplicationName",
subjectName,
domainNames,
Configuration.DefaultCertificateKeySize,
DateTime.UtcNow.AddDays(-1),
Configuration.DefaultCertificateLifetime,
Configuration.DefaultCertificateHashSize,
false,
signingKey,
null))
{
byte[] privateKey;
if (privateKeyFormat == "PFX")
{
privateKey = certificate.Export(X509ContentType.Pfx, privateKeyPassword);
}
else if (privateKeyFormat == "PEM")
{
privateKey = PEMWriter.ExportPrivateKeyAsPEM(certificate);
}
else
{
throw new ServiceResultException(StatusCodes.BadInvalidArgument, "Invalid private key format");
}
return(new X509Certificate2KeyPair(new X509Certificate2(certificate.RawData), privateKeyFormat, privateKey));
}
}
public void ExportPrivateKeyAsPEM()
{
_ = PEMWriter.ExportPrivateKeyAsPEM(m_certificate);
}
