public void LoadCertificatePemOverridesCer()
{
using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan(), Encoding.UTF8.GetBytes("This is not a certificate"));
Assert.AreEqual("CN=Azure SDK", certificate.Subject);
Assert.IsTrue(certificate.HasPrivateKey);
Assert.AreEqual(2048, certificate.PrivateKey.KeySize);
}
public void LoadCertificate()
{
using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan());
Assert.AreEqual("CN=Azure SDK", certificate.Subject);
Assert.IsTrue(certificate.HasPrivateKey);
Assert.AreEqual(2048, certificate.PrivateKey.KeySize);
}
public void ExportPublicKeyTest()
{
var json = File.ReadAllText(@"Resources/DkimConfig.json");
var jss = new JavaScriptSerializer();
var config = jss.Deserialize<DkimConfig>(json);
var pubKey = PEM.ExportPublicKey(config.PrivateKey);
Assert.AreEqual(expected, pubKey);
}
public static X509Certificate2 GetCertificateFromDualPEM(string data)
{
byte[] certBuffer = Helpers.GetBytesFromPEM(data, PemStringType.Certificate);
byte[] keyBuffer = Helpers.GetBytesFromPEM(data, PemStringType.RsaPrivateKey);
X509Certificate2 certificate = new X509Certificate2(certBuffer, "", X509KeyStorageFlags.Exportable);
RSACryptoServiceProvider prov = PEM.DecodeRsaPrivateKey(keyBuffer);
certificate.PrivateKey = prov;
return(certificate);
}
public void LoadedCertificateNotDisposed()
{
using X509Certificate2 certificate = PemReader.LoadCertificate(PEM.AsSpan());
using RSA publicKey = certificate.GetRSAPublicKey();
using RSA privateKey = certificate.GetRSAPrivateKey();
byte[] plaintext = Encoding.UTF8.GetBytes("test");
byte[] ciphertext = publicKey.Encrypt(plaintext, RSAEncryptionPadding.Pkcs1);
byte[] decrypted = privateKey.Decrypt(ciphertext, RSAEncryptionPadding.Pkcs1);
Assert.AreEqual(plaintext, decrypted);
}
public void ReadCertificateWithPrivateKey()
{
ReadOnlySpan <char> data = PEM.AsSpan();
// Expect to find the private key first.
Assert.IsTrue(PemReader.TryRead(data, out PemReader.PemField field));
Assert.AreEqual("PRIVATE KEY", field.Label.ToString());
Assert.AreEqual(PrivateKeyBytes, field.FromBase64Data());
// Expect to find the certificate second.
data = data.Slice(field.Start + field.Length);
Assert.IsTrue(PemReader.TryRead(data, out field));
Assert.AreEqual("CERTIFICATE", field.Label.ToString());
Assert.AreEqual(CertificateBytes, field.FromBase64Data());
}
// This function supports both PKCS#1 & PKCS#8 encodings
public RSAPrivateKey ParsePem(Stream input)
{
var der = PEM.Decode(input, PEM.PrivateKey);
using (var derStream = new MemoryStream(der))
{
// TODO add more validation, ensure that the algorithm used is RSA
var asn1 = (Sequence)parser.Parse(derStream).First();
var octet = (OctetString)asn1.Children.Last();
using (var octetStream = new MemoryStream(octet.UnencodedValue))
{
var rsaParser = new RSAPrivateKeyParser(parser);
return(rsaParser.ParseDer(octetStream));
}
}
}
public string ToPemString()
{
return(PEM.Encode(this.ToDerBytes(), PEM.RSAPrivateKey));
}
void Run(Arguments args)
{
ILogReceiver console = null;
if (args.IsOptionPresent("debug"))
{
if (console == null)
{
console = LogConsole.Create();
}
console.Level = LogLevel.Debug;
}
if (args.IsOptionPresent("verbose"))
{
if (console == null)
{
console = LogConsole.Create();
}
console.Level = LogLevel.Verbose;
}
LoadConfig();
List <XT> results = new List <XT>();
foreach (string dir in Directory.GetDirectories(Path.Combine(LetsEncryptPath, "live")))
{
string domainName = Path.GetFileName(dir);
var conf = Path.Combine(LetsEncryptPath, "renewal", domainName + ".conf");
if (!File.Exists(conf))
{
continue;
}
if (domainName.Split('.').Length != 2)
{
continue;
}
if (!domains.TryGetStruct(nameof(Domain.Name), domainName, out Domain domain))
{
var x = XT.Format("<red>Error: <default>Domain <red>{0}<default> removed from imscp!", domainName);
results.Add(x);
SystemConsole.WriteLine(x);
File.Delete(conf);
continue;
}
string certText = File.ReadAllText(Path.Combine(dir, "cert.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n";
string keyText = File.ReadAllText(Path.Combine(dir, "privkey.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n";
string chainText = File.ReadAllText(Path.Combine(dir, "chain.pem")).GetValidChars(ASCII.Strings.Printable + '\n') + "\n";
var sslCerts = ssl_certs.GetStructs(nameof(SslCerts.DomainID), domain.ID);
if (sslCerts.Count > 1)
{
var x = XT.Format("<red>Error: <default>Multiple ssl certs for domain {0}!", domain);
results.Add(x);
SystemConsole.WriteLine(x);
continue;
}
var newCert = PEM.ReadCert(certText.SplitNewLine());
if (sslCerts.Count == 1)
{
//already got one, check for update
var sslCert = sslCerts[0];
var oldCert = PEM.ReadCert(sslCert.Certificate.SplitNewLine());
if (newCert.Equals(oldCert))
{
this.LogInfo("Domain <green>{0}<default> valid till <green>{1}", domainName, oldCert.GetExpirationDateString());
//no change
continue;
}
if (!oldCert.Issuer.Contains("O=Let's Encrypt"))
{
//do not override users own certs
continue;
}
sslCert.Certificate = certText;
sslCert.PrivateKey = keyText;
sslCert.CaBundle = chainText;
sslCert.Status = "tochange";
ssl_certs.Update(sslCert);
}
else
{
var sslCert = new SslCerts()
{
AllowHsts = "off",
CaBundle = chainText,
Certificate = certText,
DomainID = (int)domain.ID,
DomainType = "dmn",
HstsIncludeSubdomains = "off",
HstsMaxAge = 31536000,
PrivateKey = keyText,
Status = "tochange",
};
ssl_certs.Insert(sslCert);
}
domain.Status = "tochange";
domains.Update(domain);
{
var x = XT.Format("<green>Certificate: <default>Domain {0} new certificate {1} valid till {2}!", domain, newCert.Subject, newCert.GetExpirationDateString());
results.Add(x);
SystemConsole.WriteLine(x);
}
}
this.LogInfo("Completed.");
if (results.Count > 0)
{
MailMessage msg = new MailMessage(mailSender, "*****@*****.**")
{
Subject = "CaveSystems LetsEncrypt",
IsBodyHtml = true,
Body = results.ToHtml()
};
smtpClient.Send(msg);
}
Logger.Flush();
Logger.CloseAll();
console?.Dispose();
}
private static byte[] DecodePem(Stream input)
{
return(PEM.Decode(input, PEM.RSAPrivateKey));
}
