public void CreateProblemKey()
{
var userAgent = Util.GetUserAgent();
var certes = new CertesACMEProvider(Util.GetAppDataFolder() + "\\certes", userAgent);
var keyFound = false;
newKey = null;
var attempts = 0;
while (!keyFound)
{
var generator = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
var generatorParams = new ECKeyGenerationParameters(
CustomNamedCurves.GetOid("P-256"),
new SecureRandom()
);
generator.Init(generatorParams);
var keyPair = generator.GenerateKeyPair();
var publicKey = (ECPublicKeyParameters)keyPair.Public;
var xBytes = publicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned();
var yBytes = publicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned();
if (xBytes.Length != yBytes.Length)
{
System.Diagnostics.Debug.WriteLine($"Problem key found in {attempts} attempts");
keyFound = true;
var pem = "";
using (var sr = new StringWriter())
{
var pemWriter = new PemWriter(sr);
pemWriter.WriteObject(keyPair);
pem = sr.ToString();
}
System.Diagnostics.Debug.WriteLine($"{pem}");
newKey = KeyFactory.FromPem(pem);
}
attempts++;
}
//certes.InitProvider().Wait();
}
public CertifyManager()
{
var serverConfig = SharedUtils.ServiceConfigManager.GetAppServiceConfig();
SettingsManager.LoadAppSettings();
InitLogging(serverConfig);
Util.SetSupportedTLSVersions();
_itemManager = new ItemManager();
_serverProvider = (ICertifiedServer) new ServerProviderIIS();
_progressResults = new ObservableCollection <RequestProgressState>();
_pluginManager = new PluginManager();
_pluginManager.LoadPlugins(new List <string> {
"Licensing", "DashboardClient", "DeploymentTasks"
});
// TODO: convert providers to plugins, allow for async init
var userAgent = Util.GetUserAgent();
var certes = new CertesACMEProvider(Management.Util.GetAppDataFolder() + "\\certes", userAgent);
certes.InitProvider(_serviceLog).Wait();
_acmeClientProvider = certes;
_vaultProvider = certes;
// init remaining utilities and optionally enable telematics
_challengeDiagnostics = new ChallengeDiagnostics(CoreAppSettings.Current.EnableValidationProxyAPI);
if (CoreAppSettings.Current.EnableAppTelematics)
{
_tc = new Util().InitTelemetry();
}
_httpChallengePort = serverConfig.HttpChallengeServerPort;
_httpChallengeServerClient.Timeout = new TimeSpan(0, 0, 5);
if (_tc != null)
{
_tc.TrackEvent("ServiceStarted");
}
_serviceLog?.Information("Certify Manager Started");
PerformUpgrades().Wait();
}
private async Task <IACMEClientProvider> GetACMEProvider(AccountDetails account, string acmeApiEndpoint = null)
{
// get or init acme provider required for the given account
if (_acmeClientProviders.TryGetValue(account.StorageKey, out var provider))
{
return(provider);
}
else
{
var userAgent = Util.GetUserAgent();
var newProvider = new CertesACMEProvider(acmeApiEndpoint, Management.Util.GetAppDataFolder() + "\\certes_" + account.StorageKey, userAgent);
await newProvider.InitProvider(_serviceLog, account);
_acmeClientProviders.TryAdd(account.StorageKey, newProvider);
return(newProvider);
}
}
private async Task <IACMEClientProvider> GetACMEProvider(string storageKey, string acmeApiEndpoint = null, AccountDetails account = null, bool allowUntrustedTsl = false)
{
// get or init acme provider required for the given account
if (_acmeClientProviders.TryGetValue(storageKey, out var provider))
{
return(provider);
}
else
{
var userAgent = Util.GetUserAgent();
var providerPath = Path.Combine(Management.Util.GetAppDataFolder(), "certes_" + storageKey);
var newProvider = new CertesACMEProvider(acmeApiEndpoint, providerPath, userAgent, allowUntrustedTsl);
await newProvider.InitProvider(_serviceLog, account);
_acmeClientProviders.TryAdd(storageKey, newProvider);
return(newProvider);
}
}
private async Task PerformAccountUpgrades()
{
// check if there are no registered contacts, if so see if we are upgrading from a vault
var accounts = await GetAccountRegistrations();
if (!accounts.Any())
{
// if we have no accounts we need to check for required upgrades
// contacts may be JSON or legacy vault
// create provider pointing to legacy storage
var apiEndpoint = _certificateAuthorities[StandardCertAuthorities.LETS_ENCRYPT].ProductionAPIEndpoint;
var provider = new CertesACMEProvider(apiEndpoint, Management.Util.GetAppDataFolder() + "\\certes", Util.GetUserAgent());
await provider.InitProvider(_serviceLog);
var acc = (provider as CertesACMEProvider).GetCurrentAcmeAccount();
if (acc != null)
{
// we have a legacy certes account to migrate to the newer account store
var newId = Guid.NewGuid().ToString();
acc.ID = newId;
acc.StorageKey = newId;
acc.IsStagingAccount = false;
acc.CertificateAuthorityId = StandardCertAuthorities.LETS_ENCRYPT;
accounts.Add(acc);
await StoreAccountAsCredential(acc);
}
if (accounts.Count() == 0)
{
// still no accounts, check for old vault upgrade
var acmeVaultMigration = new Models.Compat.ACMEVaultUpgrader();
if (acmeVaultMigration.HasACMEVault())
{
var email = acmeVaultMigration.GetContact();
if (!string.IsNullOrEmpty(email))
{
var registerResult = await provider.AddNewAccountAndAcceptTOS(_serviceLog, email);
if (registerResult.IsSuccess)
{
var newId = Guid.NewGuid().ToString();
acc = registerResult.Result;
acc.ID = newId;
acc.StorageKey = newId;
acc.IsStagingAccount = false;
acc.CertificateAuthorityId = StandardCertAuthorities.LETS_ENCRYPT;
accounts.Add(acc);
await StoreAccountAsCredential(acc);
_serviceLog?.Information("Account upgrade completed (vault)");
}
else
{
_serviceLog?.Information($"Account upgrade failed (vault):{registerResult?.Message}");
}
}
}
}
}
}
