-
-
Notifications
You must be signed in to change notification settings - Fork 273
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Use built-in PEM certificate import on .NET 6 and onwards (#1139)
Co-authored-by: Andre Hofmeister <[email protected]>
- Loading branch information
1 parent
1cfc850
commit 6e6ccb5
Showing
4 changed files
with
82 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
#if NETSTANDARD | ||
namespace DotNet.Testcontainers.Polyfills | ||
{ | ||
using System; | ||
using System.IO; | ||
using Org.BouncyCastle.Crypto; | ||
using Org.BouncyCastle.Crypto.Parameters; | ||
using Org.BouncyCastle.OpenSsl; | ||
using Org.BouncyCastle.Pkcs; | ||
using Org.BouncyCastle.Security; | ||
using Org.BouncyCastle.X509; | ||
|
||
public static class X509Certificate2 | ||
{ | ||
private static readonly X509CertificateParser CertificateParser = new X509CertificateParser(); | ||
|
||
public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateFromPemFile(string certPemFilePath, string keyPemFilePath) | ||
{ | ||
if (!File.Exists(certPemFilePath)) | ||
{ | ||
throw new FileNotFoundException(certPemFilePath); | ||
} | ||
|
||
if (!File.Exists(keyPemFilePath)) | ||
{ | ||
throw new FileNotFoundException(keyPemFilePath); | ||
} | ||
|
||
using (var keyPairStream = new StreamReader(keyPemFilePath)) | ||
{ | ||
var store = new Pkcs12StoreBuilder().Build(); | ||
|
||
var certificate = CertificateParser.ReadCertificate(File.ReadAllBytes(certPemFilePath)); | ||
|
||
var password = Guid.NewGuid().ToString("D"); | ||
|
||
var keyObject = new PemReader(keyPairStream).ReadObject(); | ||
|
||
var certificateEntry = new X509CertificateEntry(certificate); | ||
|
||
var keyParameter = ResolveKeyParameter(keyObject); | ||
|
||
var keyEntry = new AsymmetricKeyEntry(keyParameter); | ||
store.SetKeyEntry(certificate.SubjectDN + "_key", keyEntry, new[] { certificateEntry }); | ||
|
||
using (var certificateStream = new MemoryStream()) | ||
{ | ||
store.Save(certificateStream, password.ToCharArray(), new SecureRandom()); | ||
return new System.Security.Cryptography.X509Certificates.X509Certificate2(Pkcs12Utilities.ConvertToDefiniteLength(certificateStream.ToArray()), password); | ||
} | ||
} | ||
} | ||
|
||
private static AsymmetricKeyParameter ResolveKeyParameter(object keyObject) | ||
{ | ||
switch (keyObject) | ||
{ | ||
case AsymmetricCipherKeyPair ackp: | ||
return ackp.Private; | ||
case RsaPrivateCrtKeyParameters rpckp: | ||
return rpckp; | ||
default: | ||
throw new ArgumentOutOfRangeException(nameof(keyObject), $"Unsupported asymmetric key entry encountered while trying to resolve key from input object '{keyObject.GetType()}'."); | ||
} | ||
} | ||
} | ||
} | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters