Use CertificateManager to find development certificate.

Cesar Blum Silveira · Cesar Blum Silveira · commit 256e486bc5a6 · 2017-10-09T16:43:31.000-07:00
diff --git a/src/Kestrel/DefaultHttpsProvider.cs b/src/Kestrel/DefaultHttpsProvider.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.AspNetCore.Certificates.Generation;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.AspNetCore.Server.Kestrel.Core.Internal;
@@ -13,7 +13,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel
 {
     internal class DefaultHttpsProvider : IDefaultHttpsProvider
     {
-        private const string AspNetHttpsOid = "1.3.6.1.4.1.311.84.1.1";
+        private static readonly CertificateManager _certificateManager = new CertificateManager();
 
         public void ConfigureHttps(ListenOptions listenOptions)
         {
@@ -22,54 +22,16 @@ public void ConfigureHttps(ListenOptions listenOptions)
 
         private static X509Certificate2 FindDevelopmentCertificate()
         {
-            // TODO: replace this with call to
-            // CertificateManager.FindCertificates(CertificatePurpose.HTTPS, StoreName.My, StoreLocation.CurrentUser, isValid: true)
-            // when that becomes available.
-            using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
-            {
-                store.Open(OpenFlags.ReadOnly);
-
-                var certificates = store.Certificates.OfType<X509Certificate2>();
-                var certificate = certificates
-                    .FirstOrDefault(c => HasOid(c, AspNetHttpsOid) && !IsExpired(c) && HasPrivateKey(c));
-
-                if (certificate == null)
-                {
-                    throw new InvalidOperationException("Unable to find ASP.NET Core development certificate.");
-                }
-
-                DisposeCertificates(certificates.Except(new[] { certificate }));
-
-                return certificate;
-            }
-        }
+            var certificate = _certificateManager
+                .ListCertificates(CertificatePurpose.HTTPS, StoreName.My, StoreLocation.CurrentUser, isValid: true, requireExportable: false)
+                .FirstOrDefault();
 
-        private static bool HasOid(X509Certificate2 certificate, string oid) =>
-            certificate.Extensions
-                .OfType<X509Extension>()
-                .Any(e => string.Equals(oid, e.Oid.Value, StringComparison.Ordinal));
-
-        private static bool IsExpired(X509Certificate2 certificate)
-        {
-            var now = DateTimeOffset.Now;
-            return now < certificate.NotBefore || now > certificate.NotAfter;
-        }
-
-        private static bool HasPrivateKey(X509Certificate2 certificate)
-            => certificate.GetRSAPrivateKey() != null;
-
-        private static void DisposeCertificates(IEnumerable<X509Certificate2> certificates)
-        {
-            foreach (var certificate in certificates)
+            if (certificate == null)
             {
-                try
-                {
-                    certificate.Dispose();
-                }
-                catch
-                {
-                }
+                throw new InvalidOperationException("Unable to find ASP.NET Core development certificate.");
             }
+
+            return certificate;
         }
     }
 }
diff --git a/src/Kestrel/Kestrel.csproj b/src/Kestrel/Kestrel.csproj
@@ -12,6 +12,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Hosting" />
+    <PackageReference Include="Microsoft.AspNetCore.Certificates.Generation.Sources" PrivateAssets="All" />
+    <PackageReference Include="System.Security.Cryptography.Cng" />
   </ItemGroup>
 
   <ItemGroup>
