GetCertificates(IWebHostEnvironment environment, IConfiguration configuration)
{
var certificateConfiguration = new CertificateConfiguration
{
// Use an Azure key vault
CertificateNameKeyVault = configuration["CertificateNameKeyVault"],
KeyVaultEndpoint = configuration["AzureKeyVaultEndpoint"],
// development certificate
DevelopmentCertificatePfx = Path.Combine(environment.ContentRootPath, "sts_dev_cert.pfx"),
DevelopmentCertificatePassword = "******" //configuration["DevelopmentCertificatePassword"]
};
(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)
certs = await CertificateService.GetCertificates(
certificateConfiguration).ConfigureAwait(false);
return(certs);
}
public static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(CertificateConfiguration certificateConfiguration)
{
(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null);
if (certificateConfiguration.UseLocalCertStore)
{
using X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var storeCerts = store.Certificates.Find(
X509FindType.FindByThumbprint,
certificateConfiguration.CertificateThumbprint,
false);
//certs.ActiveCertificate = storeCerts[0];
store.Close();
}
else
{
if (!string.IsNullOrEmpty(certificateConfiguration.KeyVaultEndpoint))
{
var keyVaultCertificateService = new KeyVaultCertificateService(
certificateConfiguration.KeyVaultEndpoint,
certificateConfiguration.CertificateNameKeyVault);
certs = await keyVaultCertificateService
.GetCertificatesFromKeyVault().ConfigureAwait(false);
}
}
// search for local PFX with password, usually local dev
if (certs.ActiveCertificate == null)
{
certs.ActiveCertificate = new X509Certificate2(
certificateConfiguration.DevelopmentCertificatePfx,
certificateConfiguration.DevelopmentCertificatePassword);
}
return(certs);
}