From 46bc85934852a55850337ebda94f5b34bcdb7198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Dybvik=20Langfors?= <bdl@digdir.no>
Date: Thu, 6 Feb 2025 22:24:35 +0100
Subject: [PATCH] Fallback to using ECDsaCng on Windows

---
 TokenGenerator/Services/Issuer.cs | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/TokenGenerator/Services/Issuer.cs b/TokenGenerator/Services/Issuer.cs
index d7c7413..9e32eb3 100644
--- a/TokenGenerator/Services/Issuer.cs
+++ b/TokenGenerator/Services/Issuer.cs
@@ -47,9 +47,30 @@ public Issuer(IOptions<Settings> settings, ILogger<Issuer> logger)
     private static ECDsa LoadPrivateKeyFromBase64(string base64)
     {
         var keyBytes = Convert.FromBase64String(base64);
-        var ecDsa = ECDsa.Create();
-        ecDsa.ImportPkcs8PrivateKey(keyBytes, out _);
-        return ecDsa;
+        
+        try
+        {
+            // First attempt: Direct PKCS#8 import (works on macOS/Linux with OpenSSL)
+            var ecDsa = ECDsa.Create();
+            ecDsa.ImportPkcs8PrivateKey(keyBytes, out _);
+        
+            // Check if running on Windows and re-import using CNG if necessary
+            if (OperatingSystem.IsWindows())
+            {
+                // Export parameters and import them into an ECDsaCng instance
+                var parameters = ecDsa.ExportParameters(true);
+                var ecDsaCng = new ECDsaCng();
+                ecDsaCng.ImportParameters(parameters);
+                ecDsa.Dispose();
+                return ecDsaCng;
+            }
+
+            return ecDsa;
+        }
+        catch (Exception ex)
+        {
+            throw new InvalidOperationException("Failed to load private key", ex);
+        }
     }
 
     private static JsonWebKey CreateJsonWebKey(ECDsa ecDsa, string keyId)