/// <summary>
/// Computes a thumbprint of the JWK using the argument Hash Algorithm
/// as per <see cref="https://tools.ietf.org/html/rfc7638">RFC 7638</see>,
/// JSON Web Key (JWK) Thumbprint.
/// </summary>
/// <param name="algor"></param>
/// <returns></returns>
public static byte[] ComputeThumbprint(ISigner signer, HashAlgorithm algor)
{
// As per RFC 7638 Section 3, we export the JWK in a canonical form
// and then produce a JSON object with no whitespace or line breaks
var jwkCanon = signer.ExportJwk(true);
var jwkJson = JsonConvert.SerializeObject(jwkCanon, Formatting.None);
var jwkBytes = Encoding.UTF8.GetBytes(jwkJson);
var jwkHash = algor.ComputeHash(jwkBytes);
return(jwkHash);
}
/// <summary>
/// Returns a key-value pair that represents the Simple HTTP resource path that
/// needs to be configured (the key) and the resource content that should be returned
/// for an HTTP request for this path on a server that the target DNS resolve to.
/// </summary>
/// <param name="dnsId"></param>
/// <param name="signer"></param>
/// <param name="tls"></param>
/// <returns></returns>
public KeyValuePair<string, string> GenerateHttpChallengeAnswer(string dnsId, ISigner signer, bool tls)
{
var resp = new
{
type = "simpleHttp",
token = Token,
tls = tls
};
var json = JsonConvert.SerializeObject(resp);
var hdrs = new { alg = signer.JwsAlg, jwk = signer.ExportJwk() };
var signed = JwsHelper.SignFlatJsonAsObject(
signer.Sign, json, unprotectedHeaders: hdrs);
return new KeyValuePair<string, string>(
$"{HTTP_CHALLENGE_PATHPREFIX}{Token}",
JsonConvert.SerializeObject(signed, Formatting.Indented));
}
/// <summary>
/// Returns a key-value pair that represents the DNS domain name that needs
/// to be configured (the key) and the value that should be returned (the value)
/// for a query against that domain name for a record of type TXT.
/// </summary>
/// <param name="dnsId"></param>
/// <param name="signer"></param>
/// <returns></returns>
public KeyValuePair<string, string> GenerateDnsChallengeAnswer(string dnsId, ISigner signer)
{
var resp = new
{
type = "dns",
token = Token
};
var json = JsonConvert.SerializeObject(resp);
var hdrs = new { alg = signer.JwsAlg, jwk = signer.ExportJwk() };
var signed = JwsHelper.SignFlatJsonAsObject(
signer.Sign, json, unprotectedHeaders: hdrs);
/*
// We format it as a set of lines broken on 100-character boundaries to make it
// easier to copy and put into a DNS TXT RR which normally have a 255-char limit
// so this result may need to be broken up into multiple smaller TXT RR entries
var sigFormatted = Regex.Replace(signed.signature,
"(.{100,100})", "$1\r\n");
*/
return new KeyValuePair<string, string>(
$"{DNS_CHALLENGE_NAMEPREFIX}{dnsId}",
signed.signature); /*sigFormatted);*/
}
/// <summary>
/// Returns a key-value pair that represents the DNS domain name that needs
/// to be configured (the key) and the value that should be returned (the value)
/// for a query against that domain name for a record of type TXT.
/// </summary>
/// <param name="dnsId"></param>
/// <param name="signer"></param>
/// <returns></returns>
public KeyValuePair<string, string> GenerateDnsChallengeAnswer(string dnsId, ISigner signer)
{
var resp = new
{
type = "dns",
token = Token
};
var json = JsonConvert.SerializeObject(resp);
var hdrs = new { alg = signer.JwsAlg, jwk = signer.ExportJwk() };
var signed = JwsHelper.SignFlatJsonAsObject(
signer.Sign, json, unprotectedHeaders: hdrs);
/*
// We format it as a set of lines broken on 100-character boundaries to make it
// easier to copy and put into a DNS TXT RR which normally have a 255-char limit
// so this result may need to be broken up into multiple smaller TXT RR entries
var sigFormatted = Regex.Replace(signed.signature,
"(.{100,100})", "$1\r\n");
*/
return new KeyValuePair<string, string>(
$"{DNS_CHALLENGE_NAMEPREFIX}{dnsId}",
signed.signature); /*sigFormatted);*/
}
/// <summary>
/// Returns a key-value pair that represents the Simple HTTP resource path that
/// needs to be configured (the key) and the resource content that should be returned
/// for an HTTP request for this path on a server that the target DNS resolve to.
/// </summary>
/// <param name="dnsId"></param>
/// <param name="signer"></param>
/// <param name="tls"></param>
/// <returns></returns>
public KeyValuePair<string, string> GenerateHttpChallengeAnswer(string dnsId, ISigner signer, bool tls)
{
var resp = new
{
type = "simpleHttp",
token = Token,
tls = tls
};
var json = JsonConvert.SerializeObject(resp);
var hdrs = new { alg = signer.JwsAlg, jwk = signer.ExportJwk() };
var signed = JwsHelper.SignFlatJsonAsObject(
signer.Sign, json, unprotectedHeaders: hdrs);
return new KeyValuePair<string, string>(
$"{HTTP_CHALLENGE_PATHPREFIX}{Token}",
JsonConvert.SerializeObject(signed, Formatting.Indented));
}
/// <summary>
/// Computes a thumbprint of the JWK using the argument Hash Algorithm
/// as per <see cref="https://tools.ietf.org/html/rfc7638">RFC 7638</see>,
/// JSON Web Key (JWK) Thumbprint.
/// </summary>
/// <param name="algor"></param>
/// <returns></returns>
public static byte[] ComputeThumbprint(ISigner signer, HashAlgorithm algor)
{
// As per RFC 7638 Section 3, we export the JWK in a canonical form
// and then produce a JSON object with no whitespace or line breaks
var jwkCanon = signer.ExportJwk(true);
var jwkJson = JsonConvert.SerializeObject(jwkCanon, Formatting.None);
var jwkBytes = Encoding.UTF8.GetBytes(jwkJson);
var jwkHash = algor.ComputeHash(jwkBytes);
return jwkHash;
}
