Public static class SslConfigExt {

Question

Public static class SslConfigExt {

/// <summary>
/// Load SSL certificate given in the config parameters
/// </summary>
/// <param name="sslConfig"></param>
/// <returns></returns>
public static X509Certificate2 LoadCertificate(this SslConfig sslConfig)
{
if (sslConfig == null) throw new ArgumentNullException(nameof(sslConfig));

return sslConfig.CertificateType switch
{
CertificateType.Pfx => sslConfig.LoadPfxCertificate(),
CertificateType.Pem => sslConfig.LoadPemCertificate(),
_ => throw new NotImplementedException()
};
}

/// <summary>
/// Load PFX certificate given in the config parameters
/// </summary>
/// <param name="sslConfig"></param>
/// <returns></returns>
private static X509Certificate2 LoadPfxCertificate(this SslConfig sslConfig)
{
if (sslConfig == null) throw new ArgumentNullException(nameof(sslConfig));

return string.IsNullOrEmpty(sslConfig.CertificatePassword)
? new X509Certificate2(sslConfig.PfxCertificatePath)
: new X509Certificate2(sslConfig.PfxCertificatePath, sslConfig.CertificatePassword);
}

/// <summary>
/// Load PEM certificate given in the config parameters
/// </summary>
/// <param name="sslConfig"></param>
/// <returns></returns>
private static X509Certificate2 LoadPemCertificate(this SslConfig sslConfig)
{
if (sslConfig == null) throw new ArgumentNullException(nameof(sslConfig));

using var reader = File.OpenText(sslConfig.PrivatePemPath);
var pemReader = new bc.OpenSsl.PemReader(reader);
var pem = pemReader.ReadObject();

var key = pem switch
{
bc.Crypto.Parameters.RsaPrivateCrtKeyParameters x => x,
AsymmetricCipherKeyPair pair => (bc.Crypto.Parameters.RsaPrivateCrtKeyParameters)pair.Private,
_ => throw new CryptoException("Unsupported certificate type")
};

var rsa = key.AsRSACryptoServiceProvider();

var fullChain = string.IsNullOrEmpty(sslConfig.CertificatePassword)
? new X509Certificate(sslConfig.FullchainPemPath, string.Empty, X509KeyStorageFlags.EphemeralKeySet)
: new X509Certificate(sslConfig.FullchainPemPath, sslConfig.CertificatePassword,
X509KeyStorageFlags.EphemeralKeySet);

using var cert = new X509Certificate2(fullChain).CopyWithPrivateKey(rsa);
return new X509Certificate2(cert.Export(X509ContentType.Pfx));
}

/// <summary>
/// Convert BouncyCastle RSA private key parameters to the AsymmetricAlgorithm
/// </summary>
/// <param name="key"></param>
/// <returns></returns>
private static RSACryptoServiceProvider AsRSACryptoServiceProvider(
this bc.Crypto.Parameters.RsaPrivateCrtKeyParameters key)
{
var parameters = new RSAParameters
{
Exponent = key.PublicExponent.ToByteArrayUnsigned(),
Modulus = key.Modulus.ToByteArrayUnsigned(),
P = key.P.ToByteArrayUnsigned(),
Q = key.Q.ToByteArrayUnsigned()
};

parameters.InverseQ = key.QInv.AsPaddedByteArray(parameters.Q.Length);
parameters.D = key.Exponent.AsPaddedByteArray(parameters.Modulus.Length);
parameters.DP = key.DP.AsPaddedByteArray(parameters.P.Length);
parameters.DQ = key.DQ.AsPaddedByteArray(parameters.Q.Length);

var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(parameters);

return rsa;
}