internal async Task ConfigureAcmeClient()
{
var httpClient = _proxyService.GetHttpClient();
httpClient.BaseAddress = _settings.BaseUri;
_log.Verbose("Loading ACME account signer...");
IJwsTool?signer = null;
var accountSigner = AccountSigner;
if (accountSigner != null)
{
signer = accountSigner.JwsTool();
}
_log.Verbose("Constructing ACME protocol client...");
try
{
_client = new AcmeProtocolClient(
httpClient,
signer: signer,
usePostAsGet: _settings.Acme.PostAsGet);
}
catch (CryptographicException)
{
if (signer == null)
{
// There has been a problem generate a signer for the
// new account, possibly because some EC curve is not
// on available on the system? So we give it another
// shot with a less fancy RSA signer
_log.Verbose("First chance error generating new signer, retrying with RSA instead of ECC");
signer = new RSJwsTool
{
KeySize = _settings.Security.RSAKeyBits
};
signer.Init();
_client = new AcmeProtocolClient(
httpClient,
signer: signer,
usePostAsGet: _settings.Acme.PostAsGet);
}
else
{
throw;
}
}
_client.BeforeHttpSend = (x, r) => _log.Debug("Send {method} request to {uri}", r.Method, r.RequestUri);
_client.AfterHttpSend = (x, r) => _log.Verbose("Request completed with status {s}", r.StatusCode);
_client.Directory = await _client.GetDirectoryAsync();
await _client.GetNonceAsync();
_client.Account = await LoadAccount(_client, signer);
if (_client.Account == null)
{
throw new Exception("AcmeClient was unable to find or create an account");
}
}
/// <summary>
/// Warm up the target site, giving the application a little
/// time to start up before the validation request comes in.
/// Mostly relevant to classic FileSystem validation
/// </summary>
/// <param name="uri"></param>
private async Task <string> WarmupSite()
{
using var client = _proxy.GetHttpClient();
var response = await client.GetAsync(_challenge.HttpResourceUrl);
return(await response.Content.ReadAsStringAsync());
}
/// <summary>
/// Warm up the target site, giving the application a little
/// time to start up before the validation request comes in.
/// Mostly relevant to classic FileSystem validation
/// </summary>
/// <param name="uri"></param>
private async Task <string> WarmupSite(Http01ChallengeValidationDetails challenge)
{
using var client = _proxy.GetHttpClient(false);
var response = await client.GetAsync(challenge.HttpResourceUrl);
return(await response.Content.ReadAsStringAsync());
}
private async Task <DnsManagementClient> GetClient()
{
if (_azureDnsClient == null)
{
// Build the service credentials and DNS management client
ServiceClientCredentials credentials;
// Decide between Managed Service Identity (MSI)
// and service principal with client credentials
if (_options.UseMsi)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync(_resourceManagerEndpoint.ToString());
credentials = new TokenCredentials(accessToken);
}
else
{
credentials = await ApplicationTokenProvider.LoginSilentAsync(
_options.TenantId,
_options.ClientId,
_options.Secret.Value,
GetActiveDirectorySettingsForAzureEnvironment());
}
_azureDnsClient = new DnsManagementClient(credentials, _proxyService.GetHttpClient(), true)
{
BaseUri = _resourceManagerEndpoint,
SubscriptionId = _options.SubscriptionId
};
}
return(_azureDnsClient);
}
private async Task <DnsManagementClient> GetClient()
{
if (_azureDnsClient == null)
{
// Build the service credentials and DNS management client
ServiceClientCredentials credentials;
// Decide between Managed Service Identity (MSI) and service principal with client credentials
if (_options.UseMsi)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
credentials = new TokenCredentials(accessToken);
}
else
{
credentials = await ApplicationTokenProvider.LoginSilentAsync(
_options.TenantId,
_options.ClientId,
_options.Secret.Value);
}
_azureDnsClient = new DnsManagementClient(credentials, _proxyService.GetHttpClient(), true)
{
SubscriptionId = _options.SubscriptionId
};
}
return(_azureDnsClient);
}
private HttpClient GetClient()
{
var client = _proxyService.GetHttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes($"{_userName}:{_apiKey}")));
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
return(client);
}
public async Task CreateRecord(string record, string identifier, RecordType type, string value)
{
using (var client = _proxyService.GetHttpClient())
{
client.BaseAddress = new Uri(uri);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("Authorization", $"sso-key {_apiKey}");
var putData = new List <object>()
{
new { name = "_acme-challenge", ttl = 3600, data = value }
};
string serializedObject = Newtonsoft.Json.JsonConvert.SerializeObject(putData);
//Record successfully created
// Wrap our JSON inside a StringContent which then can be used by the HttpClient class
var typeTxt = type.ToString();
var httpContent = new StringContent(serializedObject, Encoding.UTF8, "application/json");
var buildApiUrl = $"v1/domains/{identifier}/records/{typeTxt}";
_logService.Information("Godaddy API with: {0}", buildApiUrl);
_logService.Information("Godaddy Data with: {0}", serializedObject);
var response = await client.PutAsync(buildApiUrl, httpContent);
if (response.StatusCode == HttpStatusCode.OK || response.StatusCode == HttpStatusCode.NoContent)
{
var content = await response.Content.ReadAsStringAsync();
//_logService.Information("Godaddy Created Responded with: {0}", content);
//_logService.Information("Waiting for 30 seconds");
//await Task.Delay(30000);
}
else
{
var content = await response.Content.ReadAsStringAsync();
throw new Exception(content);
}
};
}
internal async Task ConfigureAcmeClient()
{
var httpClient = _proxyService.GetHttpClient();
httpClient.BaseAddress = _settings.BaseUri;
_log.Verbose("Constructing ACME protocol client...");
var client = new AcmeProtocolClient(httpClient, usePostAsGet: _settings.Acme.PostAsGet);
try
{
client.Directory = await client.GetDirectoryAsync();
}
catch (Exception)
{
// Perhaps the BaseUri *is* the directory, such
// as implemented by Digicert (#1434)
client.Directory.Directory = "";
client.Directory = await client.GetDirectoryAsync();
}
// Try to load prexisting account
if (_accountManager.CurrentAccount != null &&
_accountManager.CurrentSigner != null)
{
_log.Verbose("Using existing ACME account");
await client.ChangeAccountKeyAsync(_accountManager.CurrentSigner.JwsTool());
client.Account = _accountManager.CurrentAccount;
}
else
{
_log.Verbose("No account found, creating new one");
await SetupAccount(client);
}
if (client.Account == null)
{
throw new Exception("AcmeClient was unable to find or create an account");
}
_client = client;
_log.Verbose("ACME client initialized");
}
public Cloudflare(
CloudflareOptions options,
DomainParseService domainParser,
ProxyService proxyService,
LookupClientProvider dnsClient,
ILogService log,
ISettingsService settings) : base(dnsClient, log, settings)
{
_options = options;
_hc = proxyService.GetHttpClient();
_domainParser = domainParser;
}
internal async Task ConfigureAcmeClient()
{
_log.Verbose("Loading ACME account signer...");
var accountSigner = AccountSigner;
IJwsTool?signer = null;
if (accountSigner != null)
{
signer = accountSigner.JwsTool();
}
var httpClient = _proxyService.GetHttpClient();
httpClient.BaseAddress = _settings.BaseUri;
var client = PrepareClient(httpClient, signer);
try
{
client.Directory = await client.GetDirectoryAsync();
}
catch (Exception)
{
// Perhaps the BaseUri *is* the directory, such
// as implemented by Digicert (#1434)
client.Directory.Directory = "";
client.Directory = await client.GetDirectoryAsync();
}
await client.GetNonceAsync();
client.Account = await LoadAccount(client, signer);
if (client.Account == null)
{
throw new Exception("AcmeClient was unable to find or create an account");
}
_client = client;
_log.Verbose("ACME client initialized");
}
private async Task <DnsManagementClient> GetClient()
{
if (_azureDnsClient == null)
{
var credentials = await _helpers.GetCredentials();
_azureDnsClient = new DnsManagementClient(credentials, _proxyService.GetHttpClient(), true)
{
BaseUri = _helpers.ResourceManagersEndpoint,
SubscriptionId = _options.SubscriptionId
};
}
return(_azureDnsClient);
}
private Task <CertificateClient> GetClient()
{
if (_azureKeyVaultClient == null)
{
var credential = _options.UseMsi
? new ManagedIdentityCredential()
: (TokenCredential) new ClientSecretCredential(
_options.TenantId,
_options.ClientId,
_options.Secret.Value);
var options = new CertificateClientOptions
{
Transport = new HttpClientTransport(_proxyService.GetHttpClient())
};
var client = new CertificateClient(new Uri($"https://{_options.VaultName}.vault.azure.net/"), credential, options);
_azureKeyVaultClient = client;
}
return(Task.FromResult(_azureKeyVaultClient));
}
public BaseService(ProxyService proxyService)
{
_client = proxyService.GetHttpClient();
_client.BaseAddress = new Uri("https://api.transip.nl/v6/");
}
public ZeroSsl(ProxyService proxy, ILogService log)
{
_httpClient = proxy.GetHttpClient();
_log = log;
}
