protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
AuthorizationState authzState = null;
var ii = new IdentifierInfo
{
Id = EntityHelper.NewId(),
Alias = Alias,
Label = Label,
Memo = Memo,
RegistrationRef = ri.Id,
Dns = Dns,
};
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
authzState = c.AuthorizeIdentifier(Dns);
ii.Authorization = authzState;
if (v.Identifiers == null)
{
v.Identifiers = new EntityDictionary <IdentifierInfo>();
}
v.Identifiers.Add(ii);
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii));
return;
}
vlt.SaveVault(v);
WriteObject(authzState);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
// If we're renaming the Alias, do that
// first in case there are any problems
if (NewAlias != null)
{
v.Registrations.Rename("0", NewAlias);
ri.Alias = NewAlias == "" ? null : NewAlias;
}
if (!LocalOnly)
{
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
r = c.UpdateRegistration(UseBaseUri, AcceptTos, Contacts);
ri.Registration = r;
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ri));
return;
}
vlt.SaveVault(v);
}
ri.Label = StringHelper.IfNullOrEmpty(Label);
ri.Memo = StringHelper.IfNullOrEmpty(Memo);
vlt.SaveVault(v);
WriteObject(r);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
AcmeRegistration r = null;
var ri = new RegistrationInfo
{
Id = EntityHelper.NewId(),
Alias = Alias,
Label = Label,
Memo = Memo,
SignerProvider = Signer,
};
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
r = c.Register(Contacts);
if (AcceptTos)
{
r = c.UpdateRegistration(agreeToTos: true);
}
ri.Registration = r;
if (v.Registrations == null)
{
v.Registrations = new EntityDictionary <RegistrationInfo>();
}
v.Registrations.Add(ri);
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ri));
return;
}
vlt.SaveVault(v);
WriteObject(r);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Identifiers == null || v.Identifiers.Count < 1)
{
throw new InvalidOperationException("No identifiers found");
}
var ii = v.Identifiers.GetByRef(IdentifierRef);
if (ii == null)
{
throw new Exception("Unable to find an Identifier for the given reference");
}
var authzState = ii.Authorization;
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
var challenge = c.SubmitChallengeAnswer(authzState, ChallengeType, UseBaseUri);
ii.Challenges[ChallengeType] = challenge;
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii));
return;
}
vlt.SaveVault(v);
WriteObject(authzState);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Identifiers == null || v.Identifiers.Count < 1)
{
throw new InvalidOperationException("No identifiers found");
}
var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false);
if (ii == null)
{
throw new Exception("Unable to find an Identifier for the given reference");
}
var authzState = ii.Authorization;
if (!Force)
{
if (!authzState.IsPending())
{
throw new InvalidOperationException(
"authorization is not in pending state;"
+ " use Force flag to override this validation");
}
if (authzState.Challenges.Any(_ => _.IsInvalid()))
{
throw new InvalidOperationException(
"authorization already contains challenges in an invalid state;"
+ " use Force flag to override this validation");
}
}
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
var challenge = c.SubmitChallengeAnswer(authzState, ChallengeType, UseBaseUri);
ii.Challenges[ChallengeType] = challenge;
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii));
return;
}
vlt.SaveVault(v);
WriteObject(authzState);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Certificates == null || v.Certificates.Count < 1)
{
throw new InvalidOperationException("No certificates found");
}
var ci = v.Certificates.GetByRef(CertificateRef);
if (ci == null)
{
throw new Exception("Unable to find a Certificate for the given reference");
}
using (var cp = CertificateProvider.GetProvider())
{
if (!string.IsNullOrEmpty(ci.GenerateDetailsFile))
{
// Generate a private key and CSR:
// Key: RSA 2048-bit
// MD: SHA 256
// CSR: Details pulled from CSR Details JSON file
CsrDetails csrDetails;
var csrDetailsAsset = vlt.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile);
using (var s = vlt.LoadAsset(csrDetailsAsset))
{
csrDetails = JsonHelper.Load <CsrDetails>(s);
}
var keyGenFile = $"{ci.Id}-gen-key.json";
var keyPemFile = $"{ci.Id}-key.pem";
var csrGenFile = $"{ci.Id}-gen-csr.json";
var csrPemFile = $"{ci.Id}-csr.pem";
var keyGenAsset = vlt.CreateAsset(VaultAssetType.KeyGen, keyGenFile, getOrCreate: Force);
var keyPemAsset = vlt.CreateAsset(VaultAssetType.KeyPem, keyPemFile, isSensitive: true, getOrCreate: Force);
var csrGenAsset = vlt.CreateAsset(VaultAssetType.CsrGen, csrGenFile, getOrCreate: Force);
var csrPemAsset = vlt.CreateAsset(VaultAssetType.CsrPem, csrPemFile, getOrCreate: Force);
var genKeyParams = new RsaPrivateKeyParams();
var genKey = cp.GeneratePrivateKey(genKeyParams);
using (var s = vlt.SaveAsset(keyGenAsset))
{
cp.SavePrivateKey(genKey, s);
}
using (var s = vlt.SaveAsset(keyPemAsset))
{
cp.ExportPrivateKey(genKey, EncodingFormat.PEM, s);
}
// TODO: need to surface details of the CSR params up higher
var csrParams = new CsrParams
{
Details = csrDetails
};
var genCsr = cp.GenerateCsr(csrParams, genKey, Crt.MessageDigest.SHA256);
using (var s = vlt.SaveAsset(csrGenAsset))
{
cp.SaveCsr(genCsr, s);
}
using (var s = vlt.SaveAsset(csrPemAsset))
{
cp.ExportCsr(genCsr, EncodingFormat.PEM, s);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
byte[] derRaw;
var asset = vlt.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile);
// Convert the stored CSR in PEM format to DER
using (var source = vlt.LoadAsset(asset))
{
var csr = cp.ImportCsr(EncodingFormat.PEM, source);
using (var target = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, target);
derRaw = target.ToArray();
}
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
try
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
ci.CertificateRequest = c.RequestCertificate(derB64u);
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ci));
return;
}
if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent))
{
var crtDerFile = $"{ci.Id}-crt.der";
var crtPemFile = $"{ci.Id}-crt.pem";
var crtDerBytes = ci.CertificateRequest.GetCertificateContent();
var crtDerAsset = vlt.CreateAsset(VaultAssetType.CrtDer, crtDerFile);
var crtPemAsset = vlt.CreateAsset(VaultAssetType.CrtPem, crtPemFile);
using (Stream source = new MemoryStream(crtDerBytes),
derTarget = vlt.SaveAsset(crtDerAsset),
pemTarget = vlt.SaveAsset(crtPemAsset))
{
var crt = cp.ImportCertificate(EncodingFormat.DER, source);
cp.ExportCertificate(crt, EncodingFormat.DER, derTarget);
ci.CrtDerFile = crtDerFile;
cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget);
ci.CrtPemFile = crtPemFile;
}
// Extract a few pieces of info from the issued
// cert that we like to have quick access to
var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent());
ci.SerialNumber = x509.SerialNumber;
ci.Thumbprint = x509.Thumbprint;
ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName;
ci.Signature = x509.GetCertHashString();
}
}
vlt.SaveVault(v);
WriteObject(ci);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Identifiers == null || v.Identifiers.Count < 1)
{
throw new InvalidOperationException("No identifiers found");
}
var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false);
if (ii == null)
{
throw new Exception("Unable to find an Identifier for the given reference");
}
var authzState = ii.Authorization;
if (ii.Challenges == null)
{
ii.Challenges = new Dictionary <string, AuthorizeChallenge>();
}
if (ii.ChallengeCompleted == null)
{
ii.ChallengeCompleted = new Dictionary <string, DateTime?>();
}
if (ii.ChallengeCleanedUp == null)
{
ii.ChallengeCleanedUp = new Dictionary <string, DateTime?>();
}
// Resolve details from inline or profile attributes
string challengeType = null;
string handlerName = null;
IReadOnlyDictionary <string, object> handlerParams = null;
IReadOnlyDictionary <string, object> cliHandlerParams = null;
if (HandlerParameters?.Count > 0)
{
cliHandlerParams = (IReadOnlyDictionary <string, object>
)PoshHelper.Convert <string, object>(HandlerParameters);
}
if (!Force && !CleanUp)
{
if (!authzState.IsPending())
{
throw new InvalidOperationException(
"authorization is not in pending state;"
+ " use Force flag to override this validation");
}
if (authzState.Challenges.Any(_ => _.IsInvalid()))
{
throw new InvalidOperationException(
"authorization already contains challenges in an invalid state;"
+ " use Force flag to override this validation");
}
}
if (!string.IsNullOrEmpty(HandlerProfileRef))
{
var ppi = v.ProviderProfiles.GetByRef(HandlerProfileRef, throwOnMissing: false);
if (ppi == null)
{
throw new ItemNotFoundException("no Handler profile found for the given reference")
.With(nameof(HandlerProfileRef), HandlerProfileRef);
}
var ppAsset = vlt.GetAsset(Vault.VaultAssetType.ProviderConfigInfo,
ppi.Id.ToString());
ProviderProfile pp;
using (var s = vlt.LoadAsset(ppAsset))
{
pp = JsonHelper.Load <ProviderProfile>(s);
}
if (pp.ProviderType != ProviderType.CHALLENGE_HANDLER)
{
throw new InvalidOperationException("referenced profile does not resolve to a Challenge Handler")
.With(nameof(HandlerProfileRef), HandlerProfileRef)
.With("actualProfileProviderType", pp.ProviderType.ToString());
}
if (!pp.ProfileParameters.ContainsKey(nameof(ChallengeType)))
{
throw new InvalidOperationException("handler profile is incomplete; missing Challenge Type")
.With(nameof(HandlerProfileRef), HandlerProfileRef);
}
challengeType = (string)pp.ProfileParameters[nameof(ChallengeType)];
handlerName = pp.ProviderName;
handlerParams = pp.InstanceParameters;
if (cliHandlerParams != null)
{
WriteVerbose("Override Handler parameters specified");
if (handlerParams == null || handlerParams.Count == 0)
{
WriteVerbose("Profile does not define any parameters, using override parameters only");
handlerParams = cliHandlerParams;
}
else
{
WriteVerbose("Merging Handler override parameters with profile");
var mergedParams = new Dictionary <string, object>();
foreach (var kv in pp.InstanceParameters)
{
mergedParams[kv.Key] = kv.Value;
}
foreach (var kv in cliHandlerParams)
{
mergedParams[kv.Key] = kv.Value;
}
handlerParams = mergedParams;
}
}
}
else
{
challengeType = ChallengeType;
handlerName = Handler;
handlerParams = cliHandlerParams;
}
AuthorizeChallenge challenge = null;
DateTime? challengeCompleted = null;
DateTime? challengeCleanedUp = null;
ii.Challenges.TryGetValue(challengeType, out challenge);
ii.ChallengeCompleted.TryGetValue(challengeType, out challengeCompleted);
ii.ChallengeCleanedUp.TryGetValue(challengeType, out challengeCleanedUp);
try
{
if (challenge == null || RepeatDecoder)
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
challenge = c.DecodeChallenge(authzState, challengeType);
ii.Challenges[challengeType] = challenge;
}
}
if (CleanUp && (RepeatHandler || challengeCleanedUp == null))
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
challenge = c.HandleChallenge(authzState, challengeType,
handlerName, handlerParams, CleanUp);
ii.ChallengeCleanedUp[challengeType] = DateTime.Now;
}
}
else if (RepeatHandler || challengeCompleted == null)
{
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
challenge = c.HandleChallenge(authzState, challengeType,
handlerName, handlerParams);
ii.ChallengeCompleted[challengeType] = DateTime.Now;
}
}
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii));
return;
}
vlt.SaveVault(v);
WriteObject(authzState);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
{
throw new InvalidOperationException("No registrations found");
}
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Identifiers == null || v.Identifiers.Count < 1)
{
throw new InvalidOperationException("No identifiers found");
}
var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false);
if (ii == null)
{
throw new Exception("Unable to find an Identifier for the given reference");
}
// If we're renaming the Alias, do that
// first in case there are any problems
if (NewAlias != null)
{
v.Identifiers.Rename(IdentifierRef, NewAlias);
ii.Alias = NewAlias == "" ? null : NewAlias;
}
var authzState = ii.Authorization;
if (!LocalOnly)
{
try {
using (var c = ClientHelper.GetClient(v, ri))
{
c.Init();
c.GetDirectory(true);
if (string.IsNullOrEmpty(ChallengeType))
{
authzState = c.RefreshIdentifierAuthorization(authzState, UseBaseUri);
}
else
{
c.RefreshAuthorizeChallenge(authzState, ChallengeType, UseBaseUri);
}
}
ii.Authorization = authzState;
}
catch (AcmeClient.AcmeWebException ex)
{
ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii));
return;
}
}
ii.Label = StringHelper.IfNullOrEmpty(Label);
ii.Memo = StringHelper.IfNullOrEmpty(Memo);
vlt.SaveVault(v);
WriteObject(authzState);
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Certificates == null || v.Certificates.Count < 1)
{
throw new InvalidOperationException("No certificates found");
}
var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false);
if (ci == null)
{
throw new Exception("Unable to find a Certificate for the given reference");
}
IssuerCertificateInfo ici = null;
if (!string.IsNullOrEmpty(ci.IssuerSerialNumber))
{
v.IssuerCertificates.TryGetValue(ci.IssuerSerialNumber, out ici);
}
PrivateKey pk = null;
Crt crt = null;
Crt issCrt = null;
var keyAsset = vlt.GetAsset(Vault.VaultAssetType.KeyPem, ci.KeyPemFile);
var crtAsset = vlt.GetAsset(Vault.VaultAssetType.CrtPem, ci.CrtPemFile);
var issCrtAsset = ici != null
? vlt.GetAsset(Vault.VaultAssetType.IssuerPem, ici.CrtPemFile)
: null;
// Resolve details from inline or profile attributes
string installerName = null;
IReadOnlyDictionary <string, object> installerParams = null;
IReadOnlyDictionary <string, object> cliInstallerParams = null;
if (InstallerParameters?.Count > 0)
{
cliInstallerParams = (IReadOnlyDictionary <string, object>
)PoshHelper.Convert <string, object>(InstallerParameters);
}
if (!string.IsNullOrEmpty(InstallerProfileRef))
{
var ppi = v.InstallerProfiles.GetByRef(InstallerProfileRef, throwOnMissing: false);
if (ppi == null)
{
throw new ItemNotFoundException("no Installer profile found for the given reference")
.With(nameof(InstallerProfileRef), InstallerProfileRef);
}
var ppAsset = vlt.GetAsset(Vault.VaultAssetType.InstallerConfigInfo,
ppi.Id.ToString());
InstallerProfile ip;
using (var s = vlt.LoadAsset(ppAsset))
{
ip = JsonHelper.Load <InstallerProfile>(s);
}
installerName = ip.InstallerProvider;
installerParams = ip.InstanceParameters;
if (cliInstallerParams != null)
{
WriteVerbose("Override Installer parameters specified");
if (installerParams?.Count == 0)
{
WriteVerbose("Profile does not define any parameters, using override parameters only");
installerParams = cliInstallerParams;
}
else
{
WriteVerbose("Merging Installer override parameters with profile");
var mergedParams = new Dictionary <string, object>();
foreach (var kv in ip.InstanceParameters)
{
mergedParams[kv.Key] = kv.Value;
}
foreach (var kv in cliInstallerParams)
{
mergedParams[kv.Key] = kv.Value;
}
installerParams = mergedParams;
}
}
}
else
{
installerName = Installer;
installerParams = cliInstallerParams;
}
using (var pki = PkiHelper.GetPkiTool(v.PkiTool))
{
// Load the Private Key
// TODO: This is UGLY, but it works for now!
using (var s = vlt.LoadAsset(keyAsset))
{
try
{
pk = pki.ImportPrivateKey <RsaPrivateKey>(EncodingFormat.PEM, s);
}
catch { }
}
if (pk == null)
{
using (var s = vlt.LoadAsset(keyAsset))
{
try
{
pk = pki.ImportPrivateKey <EcKeyPair>(EncodingFormat.PEM, s);
}
catch { }
}
}
if (pk == null)
{
throw new NotSupportedException("unknown or unsupported private key format");
}
// Load the Certificate
using (var s = vlt.LoadAsset(crtAsset))
{
crt = pki.ImportCertificate(EncodingFormat.PEM, s);
}
// Load the Issuer Certificate
if (issCrtAsset != null)
{
using (var s = vlt.LoadAsset(issCrtAsset))
{
issCrt = pki.ImportCertificate(EncodingFormat.PEM, s);
}
}
// Finally, instantiate and invoke the installer
var installerProvider = InstallerExtManager.GetProvider(installerName);
using (var installer = installerProvider.GetInstaller(installerParams))
{
var chain = new Crt[0];
if (issCrt != null)
{
chain = new[] { issCrt }
}
;
installer.Install(pk, crt, chain, pki);
}
}
//try
//{
//}
//catch (AcmeClient.AcmeWebException ex)
//{
// ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ci));
// return;
//}
}
}
}
