public async Task UpdateAccount_ShoudUpdateSuccessfully()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse updateAccountResponse = null;
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
updateAccountResponse = await api.UpdateAccountAsync(directory.Data, accountResponse.Nonce, accountResponse.Data);
//ASSERT
updateAccountResponse.ShouldNotBeNull();
updateAccountResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
updateAccountResponse.Nonce.Length.ShouldBeGreaterThan(0);
}
public async Task VerifyChallenge_ShouldVerifyTheChallenge()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "taco.com"
},
new DnsCertificateIdentifier()
{
Value = "www.taco.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
//ASSERT
challengeStatusResponse.ShouldNotBeNull();
challengeStatusResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
challengeStatusResponse.Data.ShouldNotBeNull();
challengeStatusResponse.Data.Status.ShouldBe("pending");
}
public async Task RequestCertificate_ShouldGetPromiseBack()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "taco.com"
},
new DnsCertificateIdentifier()
{
Value = "www.taco.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
//ASSERT
certificateFulfillmentPromise.ShouldNotBeNull();
certificateFulfillmentPromise.Status.ShouldBe(AcmeApiResponseStatus.Success);
certificateFulfillmentPromise.Data.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Status.ShouldBe("pending");
certificateFulfillmentPromise.Data.Identifiers.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Identifiers.Count.ShouldBe(2);
certificateFulfillmentPromise.Data.Authorizations.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Authorizations.Count.ShouldBe(2);
certificateFulfillmentPromise.Data.Finalize.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Finalize.Length.ShouldBeGreaterThan(0);
}
public async Task GetNewNonce_ShouldReturnNewReplayNonce()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directoryResponse;
AcmeApiResponse nonceResponse = null;
//EXECUTE
directoryResponse = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directoryResponse.Data);
//ASSERT
nonceResponse.ShouldNotBeNull();
nonceResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
nonceResponse.Nonce.Length.ShouldBeGreaterThan(0);
}
public async Task ChangeKey_ShouldUpdateLastNonce()
{
//ARRANGE
var acmeApiMock = new Mock <IAcmeRestApi>();
var directoryCacheMock = new Mock <ICachedRepository <AcmeDirectory> >();
var nonceCacheMock = new Mock <ICachedRepository <string> >();
AcmeApiResponse successResponse = TestHelpers.AcmeEmptyResponseWithNonce;
AcmeAccount account = TestHelpers.AcmeAccountResponse.Data;
acmeApiMock.Setup(method => method.RollOverAccountKeyAsync(It.IsAny <AcmeDirectory>(), It.IsAny <string>(), It.IsAny <AcmeAccount>()))
.ReturnsAsync(successResponse);
AcmeAccountService srv = new AcmeAccountService(acmeApiMock.Object, directoryCacheMock.Object, nonceCacheMock.Object);
//ACT
await srv.ChangeKeyAsync(account);
//ASSERT
nonceCacheMock.Verify(method => method.Update(successResponse.Nonce), Times.Once());
}
public async Task CreateAccount_ShouldReturnExpectedNewAccount()
{
//ARRANGE
var acmeApiMock = new Mock <IAcmeRestApi>();
var directoryCacheMock = new Mock <ICachedRepository <AcmeDirectory> >();
var nonceCacheMock = new Mock <ICachedRepository <string> >();
AcmeCreateAccount inputAccount = TestHelpers.CreateAccount;
AcmeApiResponse <AcmeAccount> accountResponse = TestHelpers.AcmeAccountResponse;
acmeApiMock.Setup(method => method.CreateAccountAsync(It.IsAny <AcmeDirectory>(), It.IsAny <string>(), It.IsAny <AcmeCreateAccount>()))
.ReturnsAsync(accountResponse);
AcmeAccountService srv = new AcmeAccountService(acmeApiMock.Object, directoryCacheMock.Object, nonceCacheMock.Object);
//ACT
var expected = await srv.CreateAsync(inputAccount);
//ASSERT
expected.ShouldBe(accountResponse.Data);
}
public async Task CreateAccount_ShouldUpdateLastNonce()
{
//ARRANGE
var acmeApiMock = new Mock <IAcmeRestApi>();
var directoryCacheMock = new Mock <ICachedRepository <AcmeDirectory> >();
var nonceCacheMock = new Mock <ICachedRepository <string> >();
AcmeCreateAccount inputAccount = TestHelpers.CreateAccount;
AcmeApiResponse <AcmeAccount> accountResponse = TestHelpers.AcmeAccountResponse;
acmeApiMock.Setup(method => method.CreateAccountAsync(It.IsAny <AcmeDirectory>(), It.IsAny <string>(), It.IsAny <AcmeCreateAccount>()))
.ReturnsAsync(accountResponse);
AcmeAccountService srv = new AcmeAccountService(acmeApiMock.Object, directoryCacheMock.Object, nonceCacheMock.Object);
//ACT
await srv.CreateAsync(inputAccount);
//ASSERT
nonceCacheMock.Verify(method => method.Update(accountResponse.Nonce), Times.Once());
}
/// <summary>
/// Gets challenges used to verify domain ownership.
/// </summary>
/// <param name="acmeCertificateFulfillmentPromise">The certificate fulfillment promise retrieved from the RequestCertificate call.</param>
/// <returns>An authorization object containing the available challenge types. Wrapped by a response object.</returns>
public async Task <List <AcmeApiResponse <AcmeAuthorization> > > GetChallengesAsync(AcmeCertificateFulfillmentPromise acmeCertificateFulfillmentPromise)
{
List <AcmeApiResponse <AcmeAuthorization> > response = new List <AcmeApiResponse <AcmeAuthorization> >();
if (acmeCertificateFulfillmentPromise == null)
{
throw new ArgumentNullException("acmeCertificateFulfillmentPromise");
}
if (acmeCertificateFulfillmentPromise.Authorizations == null || !acmeCertificateFulfillmentPromise.Authorizations.Any())
{
throw new ArgumentException("No Authorizations exist in the Acme Certification Fulfillment Promise");
}
foreach (string authUrl in acmeCertificateFulfillmentPromise.Authorizations)
{
AcmeApiResponse <AcmeAuthorization> result = new AcmeApiResponse <AcmeAuthorization>();
var apiResp = await _httpClient.GetAsync(authUrl);
string apiRespString = await apiResp.Content?.ReadAsStringAsync();
if (!apiResp.IsSuccessStatusCode)
{
result.Status = AcmeApiResponseStatus.Error;
result.Message = apiRespString;
}
else
{
result.Status = AcmeApiResponseStatus.Success;
result.Data = JsonConvert.DeserializeObject <AcmeAuthorization>(apiRespString);
}
response.Add(result);
}
return(response);
}
public async Task DownloadCertificate_ShouldComplete()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null;
AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null;
AcmeApiResponse <ArraySegment <byte> > certificateResult = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "test.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
while (
challengeVerificationResponse == null ||
challengeVerificationResponse.Data.Status == "pending")
{
challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge);
await Task.Delay(3000);
}
string csr = GenerateCSR(accountResponse.Data, "test.com");
certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr);
certificateResult = await api.GetCertificateAsync(certificatePromiseResult.Data, CertificateType.Cert);
//We will write the cert out to a temp directory if it exists. Otherwise, forget it.
if (Directory.Exists(@"c:\temp"))
{
using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create))
{
byte[] bytes = certificateResult.Data.Array;
fs.Write(bytes, 0, bytes.Length);
}
}
//ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here)
}
public async Task FinalizeChallenge_ShouldComplete()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null;
AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "test.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
while (
challengeVerificationResponse == null ||
challengeVerificationResponse.Data.Status == "pending")
{
challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge);
await Task.Delay(3000);
}
string csr = GenerateCSR(accountResponse.Data, "test.com");
certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr);
//ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here)
certificatePromiseResult.ShouldNotBeNull();
}
