我已经在C#中编写了一个ASP.NET Core 2.0网站并启用了Facebook身份验证,因此它需要HTTPS。我使用原生的Kestrel网络服务器来托管网站,并设置一个监听器,以便按照MS'文档。在Key Key召回之后,我似乎无法找到让Kestrel识别私钥的方法。我知道它存在,因为我写了两个调试语句,表明它实际上存在。
这是我用来检索正在运行的秘密的功能。
public static async Task<X509Certificate2> GetKeyVaultCert()
{
X509Certificate2 pfx;
try
{
var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
var secret = await kvClient
.GetSecretAsync("https://macscampvault.vault.azure.net/secrets/letsencrypt").ConfigureAwait(false);
byte[] bytes;
if(secret.ContentType == "application/x-pkcs12")
bytes = Convert.FromBase64String(secret.Value);
else
{
bytes = new byte[0];
Console.WriteLine("secret is not PFX!!");
throw new ArgumentException("This is not a PFX string!!");
}
var password = new SecureString();
var coll = new X509Certificate2Collection();
coll.Import(bytes, null, X509KeyStorageFlags.Exportable);
pfx = coll[0];
// File output added in case I end up needing to write cert to container
// File.WriteAllBytes(Directory.GetCurrentDirectory().ToString() + "/Macs.pfx", bytes);
Console.WriteLine(pfx.HasPrivateKey);
Console.WriteLine(pfx.GetRSAPrivateKey());
}
catch (Exception ex)
{
Console.WriteLine($"There was a problem during the key vault operation\n{ex.Message}");
throw;
}
return pfx;
}
分配调用pfx = coll[0];之后的调试语句告诉我该私钥存在,但当我尝试使用lynx https://localhost连接到该网站时,我收到以下异常:
System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
那么,我该如何使用私钥?这是对相关文件的gist。
我已经得到了How to serialize and deserialize a PFX certificate in Azure Key Vault?的帮助,但在关注之后,我进入了这个状态。
答案 0 :(得分:1)
在你的要点中,你有以下代码:
public class ResultActivity extends AppCompatActivity {
public static final String RESULT_ACTIVITY_INFO_KEY = "resultActivityInfo";
public static final String RESULT_ACTIVITY_NAME_KEY = "resultActivityName";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_result);
if (getIntent() != null) {
Bundle extras = getIntent().getExtras();
assert extras != null;
String tileState = extras.getString(RESULT_ACTIVITY_INFO_KEY);
String tileName = extras.getString(RESULT_ACTIVITY_NAME_KEY);
TextView outputText = findViewById(R.id.result_info);
outputText.setText(String.format(Locale.US,
getString(R.string.result_output),
tileName,
tileState));
TextView returnHome = findViewById(R.id.result_return_main);
returnHome.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
Intent goHome = new Intent(getApplicationContext(),
MainActivity.class);
startActivity(goHome);
}
});
}
}
第二行删除了私钥,因为config.action_mailer.raise_delivery_errors = false
属性只返回DER编码的X.509对象。
var keyVaultCert = GetKeyVaultCert().Result ??
throw new ArgumentNullException("GetKeyVaultCert().Result");
pfx = new X509Certificate2(keyVaultCert.RawData);
已经是带有私钥的RawData,您可能只想使用它。
keyVaultCert