private void GetCertificate()
{
Log.Information("Requesting Certificate");
using (CertificateProvider cp = CertificateProvider.GetProvider())
{
RsaPrivateKeyParams rsaPkp = new RsaPrivateKeyParams();
PrivateKey rsaKeys = cp.GeneratePrivateKey(rsaPkp);
CsrParams csrParams = new CsrParams
{
Details = new CsrDetails
{
CommonName = _options.HostName,
},
};
Csr csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);
byte[] derRaw;
using (MemoryStream bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
string derB64U = JwsHelper.Base64UrlEncode(derRaw);
CertificateRequest certReq = _acmeClient.RequestCertificate(derB64U);
if (certReq.StatusCode != HttpStatusCode.Created)
{
throw new Exception($"Request status = {certReq.StatusCode}");
}
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyGen], FileMode.Create))
cp.SavePrivateKey(rsaKeys, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyPem], FileMode.Create))
cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrGen], FileMode.Create))
cp.SaveCsr(csr, fs);
using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrPem], FileMode.Create))
cp.ExportCsr(csr, EncodingFormat.PEM, fs);
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtDer]}");
using (FileStream file = File.Create(_options.WellKnownFilePaths[WellKnownFile.CrtDer]))
certReq.SaveCertificate(file);
Crt crt;
using (FileStream source = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtDer], FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Create))
{
crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.PEM, target);
}
// To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
string isuPemFile = GetIssuerCertificate(certReq, cp);
using (FileStream intermediate = new FileStream(isuPemFile, FileMode.Open),
certificate = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Open),
chain = new FileStream(_options.WellKnownFilePaths[WellKnownFile.ChainPem], FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtPfx]}");
using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], FileMode.Create))
{
Crt isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, _options.PfxPassword);
}
}
}
static void GenerateCertFiles(CertificateProvider provider, PrivateKey rsaKeys,
Csr csr, CertificateRequest request, string certificatesFolder, string domain)
{
var crt = default(Crt);
var keyGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-key.json");
Log.Debug($"Gerando arquivo: {keyGenFile}");
using (var fs = new FileStream(keyGenFile, FileMode.Create))
provider.SavePrivateKey(rsaKeys, fs);
var keyPemFile = Path.Combine(certificatesFolder, $"{domain}-key.pem");
Log.Debug($"Gerando arquivo: {keyPemFile}");
using (var fs = new FileStream(keyPemFile, FileMode.Create))
provider.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
var csrGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-csr.json");
Log.Debug($"Gerando arquivo: {csrGenFile}");
using (var fs = new FileStream(csrGenFile, FileMode.Create))
provider.SaveCsr(csr, fs);
var csrPemFile = Path.Combine(certificatesFolder, $"{domain}-csr.pem");
Log.Debug($"Gerando arquivo: {csrPemFile}");
using (var fs = new FileStream(csrPemFile, FileMode.Create))
provider.ExportCsr(csr, EncodingFormat.PEM, fs);
var crtDerFile = Path.Combine(certificatesFolder, $"{domain}-crt.der");
Log.Debug($"Gerando arquivo: {crtDerFile}");
using (var file = File.Create(crtDerFile))
request.SaveCertificate(file);
var crtPemFile = Path.Combine(certificatesFolder, $"{domain}-crt.pem");
var chainPemFile = Path.Combine(certificatesFolder, $"{domain}-chain.pem");
Log.Debug($"Gerando arquivo: {crtPemFile}");
Log.Debug($"Gerando arquivo: {chainPemFile}");
using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
target = new FileStream(crtPemFile, FileMode.Create))
{
crt = provider.ImportCertificate(EncodingFormat.DER, source);
provider.ExportCertificate(crt, EncodingFormat.PEM, target);
}
var pemFile = DownloadIssuerCertificate(provider, request, ACME_API, certificatesFolder);
using (FileStream intermediate = new FileStream(pemFile, FileMode.Open),
certificate = new FileStream(crtPemFile, FileMode.Open),
chain = new FileStream(chainPemFile, FileMode.Create))
{
certificate.CopyTo(chain);
intermediate.CopyTo(chain);
}
var crtPfxFile = Path.Combine(certificatesFolder, $"{domain}-all.pfx");
Log.Debug($"Gerando arquivo: {crtPfxFile}");
using (FileStream source = new FileStream(pemFile, FileMode.Open),
target = new FileStream(crtPfxFile, FileMode.Create))
{
try
{
var isuCrt = provider.ImportCertificate(EncodingFormat.PEM, source);
provider.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, string.Empty);
}
catch (Exception ex)
{
Log.Error($"Erro ao exportar o arquivo {crtPfxFile}", ex);
}
}
}
