google-code-export / google-api-dotnet-client

Automatically exported from code.google.com/p/google-api-dotnet-client
0 stars 0 forks source link

Overload FromCertificate to get byte array #528

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Ron Grabowski suggested the following:

I was having difficulties calling the X509Certificate2 constructor to load my 
key.p12 file on GoDaddy's shared .NET hosting (IIS 7.0, ASP.Net 4.0/4.5, Full 
Trust, GoDaddy Hosting Configuration: 2.1):

var certificate = new X509Certificate2(keyp12, "notasecret", 
X509KeyStorageFlags.Exportable);

I received a "System.Security.Cryptography.CryptographicException: An internal 
error occurred" message similar to this:

http://stackoverflow.com/questions/14263457/x509-certificate-not-loading-private
-key-file-on-server

I don't have control to run my app pool under an identity that allows p12 certs 
to be loaded. Because I'm using shared hosting I can't connect to an IIS admin 
panel to make the "Load User Profile" change. This technique doesn't seem to 
work:

http://blogs.msdn.com/b/vijaysk/archive/2009/03/08/iis-7-tip-3-you-can-now-load-
the-user-profile-of-the-application-pool-identity.aspx

I ended up having to extend ServiceAccountCredential.Initializer and use Bouncy 
Castle to load the key.p12 file, extract the private key, and override how 
ServiceAccountCredential.Initializer's Key property was set:

https://gist.github.com/ronosaurus/43fcadf43e78cd00c445

Perhaps an overload could be added that accepts a private key blob to bypass 
the X509Certificate2 container:

https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.
Auth.DotNet4/OAuth2/ServiceAccountCredential.cs#76

// proposed
public Initializer FromCertificate(X509Certificate2 certificate)
{
        // Workaround to correctly cast the private key as a RSACryptoServiceProvider type 24.
        RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey;
        byte[] privateKeyBlob = rsa.ExportCspBlob(true);
        return FromCertificate(privateKeyBlob);
}

// new
public Initializer FromCertificate(byte[] privateKeyBlob)
{
        Key = new RSACryptoServiceProvider();
        Key.ImportCspBlob(privateKeyBlob);
        return this;
}

We should just overload FromCertificate(byte[] privateKeyBlob) :)

Original issue reported on code.google.com by pele...@google.com on 14 Jan 2015 at 6:03

GoogleCodeExporter commented 9 years ago

Original comment by pele...@google.com on 15 Jan 2015 at 6:04