Fallback to using ECDsaCng on Windows

Altinn · Feb 6, 2025 · 46bc859 · 46bc859
1 parent fa0e379
commit 46bc859
Showing 1 changed file with 24 additions and 3 deletions.
diff --git a/TokenGenerator/Services/Issuer.cs b/TokenGenerator/Services/Issuer.cs
@@ -47,9 +47,30 @@ public Issuer(IOptions<Settings> settings, ILogger<Issuer> logger)
     private static ECDsa LoadPrivateKeyFromBase64(string base64)
     {
         var keyBytes = Convert.FromBase64String(base64);
-        var ecDsa = ECDsa.Create();
-        ecDsa.ImportPkcs8PrivateKey(keyBytes, out _);
-        return ecDsa;
+
+        try
+        {
+            // First attempt: Direct PKCS#8 import (works on macOS/Linux with OpenSSL)
+            var ecDsa = ECDsa.Create();
+            ecDsa.ImportPkcs8PrivateKey(keyBytes, out _);
+
+            // Check if running on Windows and re-import using CNG if necessary
+            if (OperatingSystem.IsWindows())
+            {
+                // Export parameters and import them into an ECDsaCng instance
+                var parameters = ecDsa.ExportParameters(true);
+                var ecDsaCng = new ECDsaCng();
+                ecDsaCng.ImportParameters(parameters);
+                ecDsa.Dispose();
+                return ecDsaCng;
+            }
+
+            return ecDsa;
+        }
+        catch (Exception ex)
+        {
+            throw new InvalidOperationException("Failed to load private key", ex);
+        }
     }
 
     private static JsonWebKey CreateJsonWebKey(ECDsa ecDsa, string keyId)