public string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var uri = new Uri(new Uri(this.baseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
{
File.Copy(tmp, cacertDerFile, true);
}
Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
Trace.TraceInformation("Saving Issuer Certificate to {0}", cacertPemFile);
if (!File.Exists(cacertPemFile))
{
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
}
return(cacertPemFile);
}
finally
{
if (File.Exists(tmp))
{
File.Delete(tmp);
}
}
}
}
return(null);
}
static void ExportPem(CertificateProvider certProvider, IssuedCertificate certificate, string filePath)
{
using (var fileStream = File.Create(filePath))
{
certProvider.ExportCertificate(certificate.PublicKey, EncodingFormat.PEM, fileStream);
certProvider.ExportPrivateKey(certificate.PrivateKey, EncodingFormat.PEM, fileStream);
}
}
static string DownloadIssuerCertificate(CertificateProvider provider,
CertificateRequest request, string api, string certificatesFolder)
{
var linksEnum = request.Links;
var isuPemFile = string.Empty;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault(SERVER_UP_STRING);
if (upLink != null)
{
var temporaryFileName = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var apiUri = new Uri(new Uri(api), upLink.Uri);
web.DownloadFile(apiUri, temporaryFileName);
}
var cacert = new X509Certificate2(temporaryFileName);
var sernum = cacert.GetSerialNumberString();
var cacertDerFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
{
File.Copy(temporaryFileName, cacertDerFile, true);
}
if (!File.Exists(cacertPemFile))
{
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = provider.ImportCertificate(EncodingFormat.DER, source);
provider.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
}
isuPemFile = cacertPemFile;
}
finally
{
if (File.Exists(temporaryFileName))
{
File.Delete(temporaryFileName);
}
}
}
}
return(isuPemFile);
}
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var uri = new Uri(new Uri(acmeUri), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
{
File.Copy(tmp, cacertDerFile, true);
}
logger.Debug($"Saving Issuer Certificate to {cacertPemFile}");
if (!File.Exists(cacertPemFile))
{
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
}
return(cacertPemFile);
}
finally
{
if (File.Exists(tmp))
{
File.Delete(tmp);
}
}
}
}
return(null);
}
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
var linksEnum = certificate.Links;
if (linksEnum == null)
{
return(null);
}
LinkCollection links = new LinkCollection(linksEnum);
Link upLink = links.GetFirstOrDefault("up");
if (upLink == null)
{
return(null);
}
string temporaryFileName = Path.GetTempFileName();
try
{
using (WebClient web = new WebClient())
{
Uri uri = new Uri(new Uri(_options.BaseUri), upLink.Uri);
web.DownloadFile(uri, temporaryFileName);
}
X509Certificate2 cacert = new X509Certificate2(temporaryFileName);
string sernum = cacert.GetSerialNumberString();
string cacertDerFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.der");
string cacertPemFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.pem");
File.Copy(temporaryFileName, cacertDerFile, true);
Log.Information($"Saving Issuer Certificate to {cacertPemFile}");
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
Crt caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
return(cacertPemFile);
}
finally
{
if (File.Exists(temporaryFileName))
{
File.Delete(temporaryFileName);
}
}
}
public override void ExportCertificate(Crt cert, EncodingFormat fmt, Stream target)
{
_cp.ExportCertificate(cert, fmt, target);
}
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
var linksEnum = certificate.Links;
if (linksEnum != null)
{
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink != null)
{
var tmp = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var uri = new Uri(new Uri(BaseURI), upLink.Uri);
web.DownloadFile(uri, tmp);
}
var cacert = new X509Certificate2(tmp);
var sernum = cacert.GetSerialNumberString();
var tprint = cacert.Thumbprint;
var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
var sigval = cacert.GetCertHashString();
var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der");
var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem");
if (!File.Exists(cacertDerFile))
File.Copy(tmp, cacertDerFile, true);
Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile);
if (!File.Exists(cacertPemFile))
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
return cacertPemFile;
}
finally
{
if (File.Exists(tmp))
File.Delete(tmp);
}
}
}
return null;
}
private void GetCertificate()
{
Log.Information("Requesting Certificate");
using (CertificateProvider cp = CertificateProvider.GetProvider())
{
RsaPrivateKeyParams rsaPkp = new RsaPrivateKeyParams();
PrivateKey rsaKeys = cp.GeneratePrivateKey(rsaPkp);
CsrParams csrParams = new CsrParams
{
Details = new CsrDetails
{
CommonName = _options.HostName,
},
};
Csr csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);
byte[] derRaw;
using (MemoryStream bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
string derB64U = JwsHelper.Base64UrlEncode(derRaw);
CertificateRequest certReq = _acmeClient.RequestCertificate(derB64U);
if (certReq.StatusCode != HttpStatusCode.Created)
{
throw new Exception($"Request status = {certReq.StatusCode}");
}
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyGen], FileMode.Create))
cp.SavePrivateKey(rsaKeys, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyPem], FileMode.Create))
cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrGen], FileMode.Create))
cp.SaveCsr(csr, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrPem], FileMode.Create))
cp.ExportCsr(csr, EncodingFormat.PEM, fs);
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtDer]}");
using (FileStream file = File.Create(_options.WellKnownFilePaths[WellKnownFile.CrtDer]))
certReq.SaveCertificate(file);
Crt crt;
using (FileStream source = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtDer], FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Create))
{
crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
// To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
string isuPemFile = GetIssuerCertificate(certReq, cp);
using (FileStream intermediate = new FileStream(isuPemFile, FileMode.Open),
certificate = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Open),
chain = new FileStream(_options.WellKnownFilePaths[WellKnownFile.ChainPem], FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtPfx]}");
using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], FileMode.Create))
{
Crt isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, _options.PfxPassword);
}
}
}
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
{
Log("\t\t\t\tGetIssuerCertificate started");
var linksEnum = certificate.Links;
if (linksEnum == null)
{
Log("\t\t\t\t\tGetIssuerCertificate error linksEnum == null");
Log("\t\t\t\tGetIssuerCertificate ended");
return(null);
}
var links = new LinkCollection(linksEnum);
var upLink = links.GetFirstOrDefault("up");
if (upLink == null)
{
Log("\t\t\t\t\tGetIssuerCertificate error upLink == null");
Log("\t\t\t\tGetIssuerCertificate ended");
return(null);
}
var temporaryFileName = Path.GetTempFileName();
try
{
using (var web = new WebClient())
{
var uri = new Uri(this.BaseUri, upLink.Uri);
web.DownloadFile(uri, temporaryFileName);
}
var cacert = new X509Certificate2(temporaryFileName);
var sernum = cacert.GetSerialNumberString();
var cacertDerFile = string.Format("ca-{0}-crt.der", sernum);
var cacertPemFile = string.Format("ca-{0}-crt.pem", sernum);
if (!File.Exists(cacertDerFile))
{
File.Copy(temporaryFileName, cacertDerFile, true);
}
if (!File.Exists(cacertPemFile))
{
using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
target = new FileStream(cacertPemFile, FileMode.Create))
{
var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
}
}
Log("\t\t\t\tGetIssuerCertificate ended");
return(cacertPemFile);
}
catch (Exception ex)
{
Log("\t\t\t\t\tGetIssuerCertificate error {0}", ex.Message);
}
finally
{
if (File.Exists(temporaryFileName))
{
File.Delete(temporaryFileName);
}
}
Log("\t\t\t\tGetIssuerCertificate ended");
return(null);
}
static void GenerateCertFiles(CertificateProvider provider, PrivateKey rsaKeys,
Csr csr, CertificateRequest request, string certificatesFolder, string domain)
{
var crt = default(Crt);
var keyGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-key.json");
Log.Debug($"Gerando arquivo: {keyGenFile}");
using (var fs = new FileStream(keyGenFile, FileMode.Create))
provider.SavePrivateKey(rsaKeys, fs);
var keyPemFile = Path.Combine(certificatesFolder, $"{domain}-key.pem");
Log.Debug($"Gerando arquivo: {keyPemFile}");
using (var fs = new FileStream(keyPemFile, FileMode.Create))
provider.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
var csrGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-csr.json");
Log.Debug($"Gerando arquivo: {csrGenFile}");
using (var fs = new FileStream(csrGenFile, FileMode.Create))
provider.SaveCsr(csr, fs);
var csrPemFile = Path.Combine(certificatesFolder, $"{domain}-csr.pem");
Log.Debug($"Gerando arquivo: {csrPemFile}");
using (var fs = new FileStream(csrPemFile, FileMode.Create))
provider.ExportCsr(csr, EncodingFormat.PEM, fs);
var crtDerFile = Path.Combine(certificatesFolder, $"{domain}-crt.der");
Log.Debug($"Gerando arquivo: {crtDerFile}");
using (var file = File.Create(crtDerFile))
request.SaveCertificate(file);
var crtPemFile = Path.Combine(certificatesFolder, $"{domain}-crt.pem");
var chainPemFile = Path.Combine(certificatesFolder, $"{domain}-chain.pem");
Log.Debug($"Gerando arquivo: {crtPemFile}");
Log.Debug($"Gerando arquivo: {chainPemFile}");
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.Create))
{
crt = provider.ImportCertificate(EncodingFormat.DER, source);
provider.ExportCertificate(crt, EncodingFormat.PEM, target);
}
var pemFile = DownloadIssuerCertificate(provider, request, ACME_API, certificatesFolder);
using (FileStream intermediate = new FileStream(pemFile, FileMode.Open),
certificate = new FileStream(crtPemFile, FileMode.Open),
chain = new FileStream(chainPemFile, FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
var crtPfxFile = Path.Combine(certificatesFolder, $"{domain}-all.pfx");
Log.Debug($"Gerando arquivo: {crtPfxFile}");
using (FileStream source = new FileStream(pemFile, FileMode.Open),
target = new FileStream(crtPfxFile, FileMode.Create))
{
try
{
var isuCrt = provider.ImportCertificate(EncodingFormat.PEM, source);
provider.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, string.Empty);
}
catch (Exception ex)
{
Log.Error($"Erro ao exportar o arquivo {crtPfxFile}", ex);
}
}
}
