/* $Id: KeyCertsAsStrings.cs $ */

/* Example code using base64/PEM strings instead of filename for private keys and X.509 certificates.
 That is, you can pass a string directly instead of a filename for the `keyFile` or `certFile` argument.
 For example,
    certFile = "mycert.cer";  // A file
 or
    certFile = "MIICLDCCAZWgAwIBAgIQRjRrx4AA...";
*/

using System;
using System.Text;
using System.Diagnostics;
using CryptoSysPKI;

namespace PKI_keycerts_as_strings
{
    class KeyCertsAsStrings
    {
        static void Main(string[] args)
        {
            Console.WriteLine("PKI Version={0}", General.Version());

            // Encrypted private key with password 'password'
            string epkStr = "-----BEGIN ENCRYPTED PRIVATE KEY-----" +
                "MIICojAcBgoqhkiG9w0BDAEDMA4ECHPQz6NdAmoFAgIH0ASCAoBKn9KXr+dm" +
                "Vtc0ZhEog7t3Prs4rJazwUsXExU78ePLMquxLi/cPmqtyjb472r6XUOa9J/v" +
                "g2gYHlJ7D7FfAdTdVbHmXWfZzdIqI+AKZmrMoIfSVSSrI8mLDXLDgJVm2Gxa" +
                "r/YJ154L4fwqWjj0b06v8nTrXTp7G3ZSxjmXc3auf8tS1RatpDuSn027jBGt" +
                "Pg2CGPjeSomOU7Efd89R+gryW3RfXaMEv1TtGmdS+szxN4TAzgFTzjzE7qJ2" +
                "+WL09hBRxSyi5JybbxblrO5zDbGJD8rq4kGawWUj4PYDpOkxQYQyK/cALEvv" +
                "EipLeWvk03CadKER3EcpL7wQT3N5wJGNx7GR3efkO7lO/VfGf6kYFsJ8Qt94" +
                "vBlgq84abgSD+rlRX03re/NLJQ00Qxl3bDrkSiRoXSfBiOeVzBVTsh03Sj4B" +
                "V0v2KLENsMXr40rMqTGfKD3V+FyYUehWEkEl3NrIVpBSJir+g4H3tl76SdNe" +
                "mq/cTtQP+EY8fpC3I46dyDXFat3wQfubw+E5nGfv7xp6vRVRRolpZx7DpuB/" +
                "z1tzO3uP0vJ0pjATriO/ZAVs6UrXx+DJ6XsfrAVt0jpW5Ngr8rm2EiD3/1T9" +
                "7q1dELJ7GzCY1dG99XVjt9ZXb7cI8zsPpT/gzQJLfeLe3U5Mdw0hKZLfPCex" +
                "0urs3ytK0XNu+jZAYeSaysG8/rHJaH74WOgJ8gnSPY4QtWsu6+3qBErS2jbq" +
                "7E2jRvBKWICVd1yiQCDq/c6s9LeYhNhZsmcWxuX9b4lG9f1LHZy0djhIYi4x" +
                "IpcEfjkTH+7zUOkMQ+fXZHtSEVFt9L2Ci49jB8YReqbfOuDFzzwsk3xxfL2h" +
                "ZoRK" +
                "-----END ENCRYPTED PRIVATE KEY-----";
            StringBuilder sbKey = Rsa.ReadPrivateKey(epkStr, "password");
            Debug.Assert(sbKey.Length > 0, "Failed to read encrypted private key");
            Console.WriteLine("Private key is " + Rsa.KeyBits(sbKey.ToString()) + " bits long");
            Console.WriteLine("KeyHashCode={0,8:X}", Rsa.KeyHashCode(sbKey.ToString()));

            // Same again but with unencrypted key
            string priStr = 
                "-----BEGIN PRIVATE KEY-----" +
                "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOCJczmN2PX16Id2" +
                "OX9OsAW7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8l+z6glEPMIC+sVCeRkTx" +
                "LLvYMs/GaG8H2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Zf8mB5vhs6odAcO+sbSx0" +
                "ny36VTq5mXcCpkhSjE7zVzhXdFdfAgMBAAECgYAApAPDJ0d2NDRspoa1eUkBSy6K" +
                "0shissfXSAlqi5H3NvJ11ujNFZBgJzFHNWRNlc1nY860n1asLzduHO4Ovygt9DmQ" +
                "bzTYbghb1WVq2EHzE9ctOV7+M8v/KeQDCz0Foo+38Y6idjeweVfTLyvehwYifQRm" +
                "Xskbr4saw+yRRKt/IQJBAPbW4CIhTF8KcP8n/OWzUGqd5Q+1hZbGQPqoCrSbmwxV" +
                "wgEd+TeCihTI8pMOks2lZiG5PNIGv7RVMcncrcqYLdECQQDo3rARJQnSAlEB3oro" +
                "mFD1d3dhpEWTawhVlnNd9MhbEpMic4t/03B/9aSqu3T9PCJq2jiRKoZbbBTorkye" +
                "+o4vAkEAl0zwh5sXf+4bgxsUtgtqkF+GJ1Hht6B/9eSI41m5+R6b0yl3OCJI1yKx" +
                "JZi6PVlTt/oeILLIURYjdZNR56vN8QJALPAkW/qgzYUi6tBuT/pszSHTyOTxhERI" +
                "ZHPXKY9+RozsFd7kUbOU5yyZLVVleyTqo2IfPmxNZ0ERO+G+6YMCgwJAWIjZoVA4" +
                "hGqrA7y730v0nG+4tCol+/bkBS9u4oiJIW9LJZ7Qq1CTyr9AcewhJcV/+wLpIZa4" +
                "M83ixpXub41fKA==" +
                "-----END PRIVATE KEY-----";
            // NB No password 
            StringBuilder sbKey1 = Rsa.ReadPrivateKey(priStr, "");
            Debug.Assert(sbKey1.Length > 0, "Failed to read private key");
            Console.WriteLine("Private key is " + Rsa.KeyBits(sbKey1.ToString()) + " bits long");
            Console.WriteLine("KeyHashCode={0,8:X}", Rsa.KeyHashCode(sbKey1.ToString()));

            // Corresponding X.509 certificate as base64 string
            // No need for '-----BEGIN CERTIFICATE-----' for certificate
            // (but required for private key)
            string certStr =
                "MIICLDCCAZWgAwIBAgIQRjRrx4AAVrwR024uxBCzsDANBgkqhkiG9w0BAQUFADAS" +
                "MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDkxOTAxMDg0N1oXDTM5MTIzMTIzNTk1" +
                "OVowEzERMA8GA1UEAxMIQWxpY2VSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" +
                "AoGBAOCJczmN2PX16Id2OX9OsAW7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8" +
                "l+z6glEPMIC+sVCeRkTxLLvYMs/GaG8H2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Z" +
                "f8mB5vhs6odAcO+sbSx0ny36VTq5mXcCpkhSjE7zVzhXdFdfAgMBAAGjgYEwfzAM" +
                "BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTp4JAnrHgg" +
                "eprTTPJCN04irp44uzAdBgNVHQ4EFgQUd9K00bdMioqjzkWdzuw8oDrj/1AwHwYD" +
                "VR0RBBgwFoEUQWxpY2VSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADgYEA" +
                "PnBHqEjME1iPylFxa042GF0EfoCxjU3MyqOPzH1WyLzPbrMcWakgqgWBqE4lradw" +
                "FHUv9ceb0Q7pY9Jkt8ZmbnMhVN/0uiVdfUnTlGsiNnRzuErsL2Tt0z3Sp0LF6DeK" +
                "tNufZ+S9n/n+dO/q+e5jatg/SyUJtdgadq7rm9tJsCI=";
            // No need for StringBuilder for public key; use an ordinary string
            string pubKey = Rsa.ReadPublicKey(certStr).ToString();
            Debug.Assert(pubKey.Length > 0, "Failed to read X.509 certificate");
            Console.WriteLine("Public key is " + Rsa.KeyBits(pubKey) + " bits long");
            Console.WriteLine("KeyHashCode={0,8:X}", Rsa.KeyHashCode(pubKey));

            // Show that private key and certificate are matched
            int r = Rsa.KeyMatch(sbKey1.ToString(), pubKey);
            Console.WriteLine("Rsa.KeyMatch() returns {0} (expected 0)", r);
            Debug.Assert(0 == r, "Rsa.KeyMatch failed");

            //  Clean up private key StringBuilders
            Wipe.String(sbKey);
            Wipe.String(sbKey1);
        }
    }
}