int Execute(RegisterCommandOptions options)
{
if (!options.AcceptTos)
{
ConsoleErrorOutput("Could not create a registration before you accept the terms of services at https://letsencrypt.org/repository/.\r\nPlease specify --accept-tos option to accept the terms of services.");
return(11);
}
UseDefaultOptionsIfNeed(ref options);
Console.Write("Initializing...");
var signer = new RS256Signer();
signer.Init();
var client = ClientHelper.CreateAcmeClient(signer, null);
Console.WriteLine("Done.");
Console.WriteLine("Requesting new registration for {0}...", options.ContactEmailAddress);
var registration = RegistrationHelper.CreateNew(client, options.ContactEmailAddress);
RegistrationHelper.SaveToFile(registration, options.OutputPathRegisteration);
SignerHelper.SaveToFile(signer, options.OutputPathSigner);
Console.WriteLine("Registration created for {0}.", options.ContactEmailAddress);
Console.WriteLine("Registration profile saved at {0}.", options.OutputPathRegisteration);
Console.WriteLine("Registration signer saved at {0}.", options.OutputPathSigner);
return(0);
}
public void Test0020_GetDirectory()
{
var boulderResMap = new Dictionary <string, string>
{
["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz",
["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert",
["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg",
["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert",
};
using (var signer = new RS256Signer())
{
using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0020_GetDirectory)))
{
client.Init();
// Test absolute URI paths
var acmeDirAbs = client.GetDirectory(false);
foreach (var ent in boulderResMap)
{
Assert.IsTrue(acmeDirAbs.Contains(ent.Key));
Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]);
}
// Test relative URI paths
var acmeDirRel = client.GetDirectory(true);
foreach (var ent in boulderResMap)
{
var relUrl = ent.Value.Replace(_dirUrlBase, "/");
Assert.IsTrue(acmeDirRel.Contains(ent.Key));
Assert.AreEqual(relUrl, acmeDirRel[ent.Key]);
}
}
}
}
public void Test0020_GetDirectory()
{
var boulderResMap = new Dictionary<string, string>
{
["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz",
["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert",
["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg",
["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert",
};
using (var signer = new RS256Signer())
{
using (var client = new AcmeClient(_rootUrl, signer: signer))
{
client.Init();
// Test absolute URI paths
var acmeDirAbs = client.GetDirectory(false);
foreach (var ent in boulderResMap)
{
Assert.IsTrue(acmeDirAbs.Contains(ent.Key));
Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]);
}
// Test relative URI paths
var acmeDirRel = client.GetDirectory(true);
foreach (var ent in boulderResMap)
{
var relUrl = ent.Value.Replace(_dirUrlBase, "/");
Assert.IsTrue(acmeDirRel.Contains(ent.Key));
Assert.AreEqual(relUrl, acmeDirRel[ent.Key]);
}
}
}
}
public async Task <CertificateInfo> RequestCertificate()
{
using (var signer = new RS256Signer())
using (var client = Register(signer))
{
IdnMapping idn = new IdnMapping();
var auth = await this.authorizeChallengeProvider.Authorize(client, config.Hostnames.Select(s => idn.GetAscii(s)).ToList());
//GetCertificate
if (auth.Status == "valid")
{
var pfxFilename = GetCertificate(client);
X509Certificate2 certificate;
certificate = new X509Certificate2(pfxFilename, config.PFXPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
certificate.FriendlyName = $"{config.Host} {DateTime.Now}";
var bytes = File.ReadAllBytes(pfxFilename);
return(new CertificateInfo()
{
Certificate = certificate,
PfxCertificate = bytes,
Name = pfxFilename,
Password = config.PFXPassword
});
}
throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + auth.Status);
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[] { TEST_EM1, TEST_PH1, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Create))
{
client.Registration.Save(fs);
}
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Create))
{
signer.Save(fs);
}
}
}
private bool disposedValue = false; // To detect redundant calls
protected virtual void Dispose(bool disposing)
{
if (!disposedValue)
{
if (disposing)
{
// dispose managed state (managed objects).
if (_Client != null)
{
_Client.Dispose();
_Client = null;
}
if (_Signer != null)
{
_Signer.Dispose();
_Signer = null;
}
}
// free unmanaged resources (unmanaged objects) and override a finalizer below.
// set large fields to null.
disposedValue = true;
}
}
private async void loadToolStripMenuItem_Click(object sender, EventArgs e)
{
var account = cmbAccounts.SelectedItem as Account;
if (account == null)
{
log.Error("not account.");
await Task.FromResult(0);
return;
}
RS256Signer signer = null;
AcmeClient client = null;
try
{
signer = account.Signer;
client = new AcmeClient(new Uri(account.uri), new AcmeServerDirectory(), signer);
client.Init();
log.Info("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
client.Registration = account.Registration;
this.client = client;
this.account = account;
log.Info("load done.");
labInfo.Text = account.ToString();
btnRefreshDomains.PerformClick();
}
catch (Exception ex)
{
if (client != null)
{
client.Dispose();
client = null;
}
if (signer != null)
{
signer.Dispose();
signer = null;
}
var acmeWebException = ex as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
log.Error(acmeWebException.Message);
log.Error("ACME Server Returned:");
log.Error(acmeWebException.Response.ContentAsString);
}
else
{
log.Error(ex);
}
}
}
/// <summary>
/// Load a certificate signer from a file
/// </summary>
/// <param name="signer"></param>
/// <param name="signerPath"></param>
protected void LoadSignerFromFile(RS256Signer signer, string signerPath)
{
this.Logger.LogInfo(true, $"Loading Signer from {signerPath}");
using (var signerStream = File.OpenRead(signerPath))
{
signer.Load(signerStream);
}
}
private bool TryLoad(bool force = false)
{
if (force == false && this.client != null)
{
return(true);
}
RS256Signer signer = null;
AcmeClient client = null;
try
{
signer = account.Signer;
client = new AcmeClient(new Uri(account.uri), new AcmeServerDirectory(), signer);
client.Init();
log.Info("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
client.Registration = account.Registration;
this.client = client;
log.Info("load done.");
labInfo.Text = account.ToString();
//
return(true);
}
catch (Exception ex)
{
if (client != null)
{
client.Dispose();
client = null;
}
if (signer != null)
{
signer.Dispose();
signer = null;
}
var acmeWebException = ex as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
log.Error(acmeWebException.Message);
log.Error("ACME Server Returned:");
log.Error(acmeWebException.Response.ContentAsString);
}
else
{
log.Error(ex);
}
}
return(false);
}
public static RS256Signer LoadFromFile(string signerPath)
{
var signer = new RS256Signer();
signer.Init();
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
return(signer);
}
public void Test0190_RefreshCertificateRequest()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
//var csrRaw = File.ReadAllBytes($"{_baseLocalStore}\\test-csr.der");
//var csrB64u = JwsHelper.Base64UrlEncode(csrRaw);
using (var client = BuildClient(testTagHeader: nameof(Test0190_RefreshCertificateRequest)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
CertificateRequest certRequ;
using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Open))
{
certRequ = CertificateRequest.Load(fs);
}
client.RefreshCertificateRequest(certRequ, true);
_testCertRequRefreshed_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.acmeCertRequ";
using (var fs = new FileStream(_testCertRequRefreshed_AcmeCertRequFile, FileMode.Create))
{
certRequ.Save(fs);
}
if (!string.IsNullOrEmpty(certRequ.CertificateContent))
{
_testCertRequRefreshed_CerFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.cer";
using (var fs = new FileStream(_testCertRequRefreshed_CerFile, FileMode.Create))
{
certRequ.SaveCertificate(fs);
}
}
}
}
}
[Ignore] // *Normally*, we skip this test because it depends on a local Boulder setup to accessible
public void TestNewRegRequest()
{
var requ = WebRequest.Create(_rootUrl);
var resp = requ.GetResponse();
Assert.IsNotNull(resp);
var nonceKey = resp.Headers.AllKeys.FirstOrDefault(
x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase));
Assert.IsFalse(string.IsNullOrEmpty(nonceKey));
var nonceValue = resp.Headers[nonceKey];
var newReg = new
{
resource = "new-reg",
contact = new string[]
{
"mailto:[email protected]",
// Tel contact method is no longer supported by Boulder
//"tel:+12025551212"
},
};
var newRegSer = JsonConvert.SerializeObject(newReg);
var algSigner = new RS256Signer();
algSigner.Init();
var unprotectedHeader = new
{
alg = "RS256",
jwk = algSigner.ExportJwk()
};
var protectedHeader = new
{
nonce = nonceValue,
};
var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer,
protectedHeader, unprotectedHeader);
var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson);
requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg"));
requ.Method = "POST";
requ.ContentType = "application/json";
requ.ContentLength = acmeJsonBytes.Length;
using (var s = requ.GetRequestStream())
{
s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length);
}
resp = requ.GetResponse();
}
public void Test0141_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
_testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
var wsFilePath = authzChallenge.ChallengeAnswer.Key;
var wsFileBody = authzChallenge.ChallengeAnswer.Value;
var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json"));
using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody)))
{
var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}");
wsInfo.Provider.UploadFile(fileUrl, s);
}
}
}
Thread.Sleep(90 * 1000);
}
public void Test0010_Init()
{
using (var signer = new RS256Signer())
{
using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0010_Init)))
{
client.Init();
Assert.IsNotNull(client.Directory);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce));
}
}
}
public void Test0010_Init()
{
using (var signer = new RS256Signer())
{
using (var client = BuildClient(_rootUrl, signer: signer))
{
client.Init();
Assert.IsNotNull(client.Directory);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce));
}
}
}
public void Test0140_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp");
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
var wsFilePath = authzChallenge.ChallengeAnswer.Key;
var wsFileBody = authzChallenge.ChallengeAnswer.Value;
var wsInfo = WebServerInfo.Load(File.ReadAllText("webServerInfo.json"));
using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody)))
{
var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}");
wsInfo.Provider.UploadFile(fileUrl, s);
}
}
}
Thread.Sleep(90 * 1000);
}
public void Test0190_RefreshCertificateRequest()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
//var csrRaw = File.ReadAllBytes($"{BASE_LOCAL_STORE}test-csr.der");
//var csrB64u = JwsHelper.Base64UrlEncode(csrRaw);
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
CertificateRequest certRequ;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Open))
{
certRequ = CertificateRequest.Load(fs);
}
client.RefreshCertificateRequest(certRequ, true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.acmeCertRequ", FileMode.Create))
{
certRequ.Save(fs);
}
if (!string.IsNullOrEmpty(certRequ.CertificateContent))
{
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.cer", FileMode.Create))
{
certRequ.SaveCertificate(fs);
}
}
}
}
}
public void Test0090_AuthorizeIdentifier()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var authzState = client.AuthorizeIdentifier(TEST_CN1);
foreach (var c in authzState.Challenges)
{
if (c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS)
{
var dnsResponse = c.GenerateDnsChallengeAnswer(
authzState.Identifier, signer);
}
else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP)
{
var httpResponse = c.GenerateHttpChallengeAnswer(
authzState.Identifier, signer);
}
}
_testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz";
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0130_HandleDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "dns");
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleDns.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
var dnsName = authzChallenge.ChallengeAnswer.Key;
var dnsValue = Regex.Replace(authzChallenge.ChallengeAnswer.Value, "\\s", "");
var dnsValues = Regex.Replace(dnsValue, "(.{100,100})", "$1\n").Split('\n');
var dnsInfo = DnsInfo.Load(File.ReadAllText("dnsInfo.json"));
dnsInfo.Provider.EditTxtRecord(dnsName, dnsValues);
}
}
Thread.Sleep(90 * 1000);
}
public AcmeClientWrapper(
IInputService inputService,
IOptionsService optionsService,
ILogService log,
SettingsService settings,
ProxyService proxy)
{
_log = log;
_settings = settings;
_optionsService = optionsService;
_input = inputService;
_directory = new AcmeServerDirectory();
_signer = new RS256Signer();
_signer.Init();
_proxyService = proxy;
_client = new AcmeClient(new Uri(optionsService.Options.BaseUri), _directory, _signer);
ConfigureAcmeClient();
}
public AcmeClient Configure(TargetApplication targetApplication)
{
var contacts = NormalizeContacts();
var signer = new RS256Signer();
var basePath = _configuration.GetBaseOutPutPath(targetApplication);
ConfigureSigner(signer, basePath);
var acmeServerBaseUri = _configuration.GetAcmeServerBaseUri(targetApplication);
var acmeClient = new AcmeClient(acmeServerBaseUri, new AcmeServerDirectory(), signer);
acmeClient.Init();
acmeClient.GetDirectory(saveRelative: true);
ProcessRegistration(acmeClient, contacts.ToArray(), basePath);
return(acmeClient);
}
public void Test0120_GenerateChallengeAnswers()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0120_GenerateChallengeAnswers)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
//client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS);
//client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP);
client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
_testAuthzChallengeAnswers_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswers.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeAnswers_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0090_AuthorizeIdentifier()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var authzState = client.AuthorizeIdentifier(TEST_CN1);
foreach (var c in authzState.Challenges)
{
if (c.Type == "dns")
{
var dnsResponse = c.GenerateDnsChallengeAnswer(
authzState.Identifier, signer);
}
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0095_RefreshIdentifierAuthorization()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0095_RefreshIdentifierAuthorization)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true);
_testAuthzRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-Refresh.acmeAuthz";
using (var fs = new FileStream(_testAuthzRefresh_AcmeAuthzFile, FileMode.Create))
{
authzRefreshState.Save(fs);
}
}
}
}
public void Test0080_AuthorizeDnsBlacklisted()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0080_AuthorizeDnsBlacklisted)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.AuthorizeIdentifier("acme-win-test.example.com");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.IsNotNull(ex.Response.ProblemDetail);
Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode);
Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type);
StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist");
}
}
}
}
public void Test0145_SubmitHttpChallengeAnswers()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp");
client.SubmitAuthorizeChallengeAnswer(authzState, "simpleHttp", true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-HttpChallengeAnswered.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
static void SetupAcmeClient(AcmeClient client, RS256Signer signer, string registrationFile, string signerFile, string email)
{
client.Init();
client.GetDirectory(true);
if (!File.Exists(registrationFile))
{
client.Register(new string[] { $"mailto:{email}" });
using (var registrationStream = File.OpenWrite(registrationFile))
client.Registration.Save(registrationStream);
}
using (var registrationStream = File.OpenRead(registrationFile))
client.Registration = AcmeRegistration.Load(registrationStream);
client.UpdateRegistration(true, true);
using (var signerStream = File.OpenWrite(signerFile))
signer.Save(signerStream);
}
public void Test0095_RefreshIdentifierAuthorization()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-Refresh.acmeAuthz", FileMode.Create))
{
authzRefreshState.Save(fs);
}
}
}
}
public void Test0100_RefreshAuthzDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.RefreshAuthorizeChallenge(authzState, "dns", true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-DnsChallengeRefreshed.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
if (!_wpConfig.UseNewSigner)
{
// Re-use existing Signer config from stable local store
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
}
_testRegister_AcmeSignerFile = $"{_baseLocalStore}\\TestRegister.acmeSigner";
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Create))
{
signer.Save(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0030_Register)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[] { TEST_EM1, TEST_PH1, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegister_AcmeRegFile = $"{_baseLocalStore}\\TestRegister.acmeReg";
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0160_RequestCertificateInvalidCsr()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0160_RequestCertificateInvalidCsr)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.RequestCertificate("FOOBARNON");
Assert.Fail("WebException expected");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode);
}
}
}
}
public void Test0040_RegisterEmptyUpdate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0040_RegisterEmptyUpdate)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
// Do a simple update with no data changes requested
client.UpdateRegistration(true);
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterEmptyUpdate.acmeReg";
using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0060_RegisterUpdateContacts()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegisterUpdate.acmeReg", FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0070_RegisterDuplicate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
try
{
client.Register(new string[]
{
"mailto:[email protected]",
"tel:+14105551212",
});
Assert.Fail("WebException expected");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.AreEqual(HttpStatusCode.Conflict, ex.Response.StatusCode);
}
}
}
}
public void Test0170_GenCsrAndRequestCertificate()
{
var rsaKeys = CsrHelper.GenerateRsaPrivateKey();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-rsaKeys.txt", FileMode.Create))
{
rsaKeys.Save(fs);
}
var csrDetails = new CsrHelper.CsrDetails
{
CommonName = TEST_CN1
};
var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csrDetails.txt", FileMode.Create))
{
csrDetails.Save(fs);
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csr.txt", FileMode.Create))
{
csr.Save(fs);
}
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
byte[] derRaw;
using (var bs = new MemoryStream())
{
csr.ExportAsDer(bs);
derRaw = bs.ToArray();
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var certRequ = client.RequestCertificate(derB64u);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Create))
{
certRequ.Save(fs);
}
}
}
}
public void Test0090_AuthorizeIdentifier()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var authzState = client.AuthorizeIdentifier(TEST_CN1);
foreach (var c in authzState.Challenges)
{
if (c.Type == AcmeProtocol.CHALLENGE_TYPE_LEGACY_DNS
|| c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS)
{
var dnsResponse = c.GenerateDnsChallengeAnswer(
authzState.Identifier, signer);
}
else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP)
{
var httpResponse = c.GenerateLegacyHttpChallengeAnswer(
authzState.Identifier, signer, false);
}
else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP)
{
var httpResponse = c.GenerateHttpChallengeAnswer(
authzState.Identifier, signer);
}
}
_testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz";
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0110_RefreshAuthzLegacyHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0110_RefreshAuthzLegacyHttpChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.RefreshAuthorizeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP, true);
_testAuthzChallengeLegacyHttpRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-LegacyHttpChallengeRefreshed.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeLegacyHttpRefresh_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0146_SubmitHttpChallengeAnswers()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0146_SubmitHttpChallengeAnswers)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
client.SubmitAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, true);
_testAuthzChallengeHttpAnswered_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-HttpChallengeAnswered.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpAnswered_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[] { TEST_EM1, TEST_PH1, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Create))
{
client.Registration.Save(fs);
}
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Create))
{
signer.Save(fs);
}
}
}
public void Test0100_RefreshAuthzDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.RefreshAuthorizeChallenge(authzState, "dns", true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-DnsChallengeRefreshed.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0130_HandleDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "dns");
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleDns.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
var dnsName = authzChallenge.ChallengeAnswer.Key;
var dnsValue = Regex.Replace(authzChallenge.ChallengeAnswer.Value, "\\s", "");
var dnsValues = Regex.Replace(dnsValue, "(.{100,100})", "$1\n").Split('\n');
var dnsInfo = DnsInfo.Load(File.ReadAllText("dnsInfo.json"));
dnsInfo.Provider.EditTxtRecord(dnsName, dnsValues);
}
}
Thread.Sleep(90 * 1000);
}
public void Test0140_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp");
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
var wsFilePath = authzChallenge.ChallengeAnswer.Key;
var wsFileBody = authzChallenge.ChallengeAnswer.Value;
var wsInfo = WebServerInfo.Load(File.ReadAllText("webServerInfo.json"));
using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody)))
{
var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}");
wsInfo.Provider.UploadFile(fileUrl, s);
}
}
}
Thread.Sleep(90 * 1000);
}
public void Test0145_SubmitHttpChallengeAnswers()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp");
client.SubmitAuthorizeChallengeAnswer(authzState, "simpleHttp", true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-HttpChallengeAnswered.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
static void Main(string[] args)
{
var commandLineParseResult = Parser.Default.ParseArguments<Options>(args);
var parsed = commandLineParseResult as Parsed<Options>;
if (parsed == null)
{
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return; // not parsed
}
Options = parsed.Value;
Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)");
BaseURI = Options.BaseURI;
if (Options.Test)
BaseURI = "https://acme-staging.api.letsencrypt.org/";
//Console.Write("\nUse production Let's Encrypt server? (Y/N) ");
//if (PromptYesNo())
// BaseURI = ProductionBaseURI;
Console.WriteLine($"\nACME Server: {BaseURI}");
settings = new Settings(clientName, BaseURI);
configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI));
Console.WriteLine("Config Folder: " + configPath);
Directory.CreateDirectory(configPath);
try
{
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(configPath, "Signer");
if (File.Exists(signerPath))
{
Console.WriteLine($"Loading Signer from {signerPath}");
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer))
{
client.Init();
Console.WriteLine("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
var registrationPath = Path.Combine(configPath, "Registration");
if (File.Exists(registrationPath))
{
Console.WriteLine($"Loading Registration from {registrationPath}");
using (var registrationStream = File.OpenRead(registrationPath))
client.Registration = AcmeRegistration.Load(registrationStream);
}
else
{
Console.WriteLine("Calling Register");
var registration = client.Register(new string[] { });
if (!Options.AcceptTOS && !Options.Renew)
{
Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
if (!PromptYesNo())
return;
}
Console.WriteLine("Updating Registration");
client.UpdateRegistration(true, true);
Console.WriteLine("Saving Registration");
using (var registrationStream = File.OpenWrite(registrationPath))
client.Registration.Save(registrationStream);
Console.WriteLine("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
if (Options.Renew)
{
CheckRenewals();
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return;
}
var targets = new List<Target>();
foreach (var plugin in Target.Plugins.Values)
{
targets.AddRange(plugin.GetTargets());
}
if (targets.Count == 0)
{
Console.WriteLine("No targets found.");
}
else
{
var count = 1;
foreach (var binding in targets)
{
Console.WriteLine($" {count}: {binding}");
count++;
}
}
Console.WriteLine();
foreach (var plugin in Target.Plugins.Values)
{
plugin.PrintMenu();
}
Console.WriteLine(" A: Get certificates for all hosts");
Console.WriteLine(" Q: Quit");
Console.Write("Which host do you want to get a certificate for: ");
var response = Console.ReadLine().ToLowerInvariant();
switch (response)
{
case "a":
foreach (var target in targets)
{
Auto(target);
}
break;
case "q":
return;
default:
var targetId = 0;
if (Int32.TryParse(response, out targetId))
{
targetId--;
if (targetId >= 0 && targetId < targets.Count)
{
var binding = targets[targetId];
Auto(binding);
}
}
else
{
foreach (var plugin in Target.Plugins.Values)
{
plugin.HandleMenuResponse(response, targets);
}
}
break;
}
}
}
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
var acmeWebException = e as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
Console.WriteLine(acmeWebException.Message);
Console.WriteLine("ACME Server Returned:");
Console.WriteLine(acmeWebException.Response.ContentAsString);
}
else
{
Console.WriteLine(e);
}
Console.ResetColor();
}
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
}
public void Test0060_RegisterUpdateContacts()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0060_RegisterUpdateContacts)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterUpdate.acmeReg";
using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void TestNewRegRequest()
{
var requ = WebRequest.Create(_rootUrl);
var resp = requ.GetResponse();
Assert.IsNotNull(resp);
var nonceKey = resp.Headers.AllKeys.FirstOrDefault(
x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase));
Assert.IsFalse(string.IsNullOrEmpty(nonceKey));
var nonceValue = resp.Headers[nonceKey];
var newReg = new
{
resource = "new-reg",
contact = new string[]
{
"mailto:[email protected]",
"tel:+12025551212"
},
};
var newRegSer = JsonConvert.SerializeObject(newReg);
var algSigner = new RS256Signer();
algSigner.Init();
var unprotectedHeader = new
{
alg = "RS256",
jwk = algSigner.ExportJwk()
};
var protectedHeader = new
{
nonce = nonceValue,
};
var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer,
protectedHeader, unprotectedHeader);
var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson);
requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg"));
requ.Method = "POST";
requ.ContentType = "application/json";
requ.ContentLength = acmeJsonBytes.Length;
using (var s = requ.GetRequestStream())
{
s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length);
}
resp = requ.GetResponse();
}
public void Test0040_RegisterEmptyUpdate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
// Do a simple update with no data changes requested
client.UpdateRegistration(true);
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegisterUpdate.acmeReg", FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var client = new AcmeClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[]
{
"mailto:[email protected]",
"tel:+14109361212",
});
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Create))
{
client.Registration.Save(fs);
}
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Create))
{
signer.Save(fs);
}
}
}
public void Test0095_RefreshIdentifierAuthorization()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-Refresh.acmeAuthz", FileMode.Create))
{
authzRefreshState.Save(fs);
}
}
}
}
public void Test0190_RefreshCertificateRequest()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
//var csrRaw = File.ReadAllBytes($"{_baseLocalStore}\\test-csr.der");
//var csrB64u = JwsHelper.Base64UrlEncode(csrRaw);
using (var client = BuildClient(testTagHeader: nameof(Test0190_RefreshCertificateRequest)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
CertificateRequest certRequ;
using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Open))
{
certRequ = CertificateRequest.Load(fs);
}
client.RefreshCertificateRequest(certRequ, true);
_testCertRequRefreshed_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.acmeCertRequ";
using (var fs = new FileStream(_testCertRequRefreshed_AcmeCertRequFile, FileMode.Create))
{
certRequ.Save(fs);
}
if (!string.IsNullOrEmpty(certRequ.CertificateContent))
{
_testCertRequRefreshed_CerFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.cer";
using (var fs = new FileStream(_testCertRequRefreshed_CerFile, FileMode.Create))
{
certRequ.SaveCertificate(fs);
}
}
}
}
}
static void Main(string[] args)
{
var commandLineParseResult = Parser.Default.ParseArguments<Options>(args);
var parsed = commandLineParseResult as Parsed<Options>;
if (parsed == null)
{
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return; // not parsed
}
options = parsed.Value;
Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)");
BaseURI = options.BaseURI;
if (options.Test)
BaseURI = "https://acme-staging.api.letsencrypt.org/";
//Console.Write("\nUse production Let's Encrypt server? (Y/N) ");
//if (PromptYesNo())
// BaseURI = ProductionBaseURI;
Console.WriteLine($"\nACME Server: {BaseURI}");
settings = new Settings(clientName, BaseURI);
configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI));
Console.WriteLine("Config Folder: " + configPath);
Directory.CreateDirectory(configPath);
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(configPath, "Signer");
if (File.Exists(signerPath))
{
Console.WriteLine($"Loading Signer from {signerPath}");
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer))
{
client.Init();
Console.WriteLine("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
var registrationPath = Path.Combine(configPath, "Registration");
if (File.Exists(registrationPath))
{
Console.WriteLine($"Loading Registration from {registrationPath}");
using (var registrationStream = File.OpenRead(registrationPath))
client.Registration = AcmeRegistration.Load(registrationStream);
}
else
{
Console.WriteLine("Calling Register");
var registration = client.Register(new string[] { });
if (!options.AcceptTOS && !options.Renew)
{
Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
if (!PromptYesNo())
return;
}
Console.WriteLine("Updating Registration");
client.UpdateRegistration(true, true);
Console.WriteLine("Saving Registration");
using (var registrationStream = File.OpenWrite(registrationPath))
client.Registration.Save(registrationStream);
Console.WriteLine("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
if (options.Renew)
{
CheckRenewals();
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return;
}
Console.WriteLine("\nScanning IIS 7 Site Bindings for Hosts (Elevated Permissions Required)");
if (!IsElevated)
{
Console.WriteLine("Elevated Permissions Required. Please run under an administrator console.");
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return;
}
var bindings = GetHostNames();
if (bindings.Count == 0)
{
Console.WriteLine("No IIS bindings with host names were found. Please add one using IIS Manager. A host name and site path are required to verify domain ownership.");
return;
}
Console.WriteLine("IIS Bindings");
var count = 1;
foreach (var binding in bindings)
{
Console.WriteLine($" {count}: {binding}");
count++;
}
Console.WriteLine();
Console.WriteLine(" A: Get Certificates for All Bindings");
Console.WriteLine(" Q: Quit");
Console.Write("Which binding do you want to get a cert for: ");
var response = Console.ReadLine();
switch (response.ToLowerInvariant())
{
case "a":
foreach (var binding in bindings)
{
Auto(binding);
}
break;
case "q":
return;
default:
var bindingId = 0;
if (Int32.TryParse(response, out bindingId))
{
bindingId--;
if (bindingId >= 0 && bindingId < bindings.Count)
{
var binding = bindings[bindingId];
Auto(binding);
}
}
break;
}
}
}
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
}
public void Test0141_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
_testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
var wsFilePath = authzChallenge.ChallengeAnswer.Key;
var wsFileBody = authzChallenge.ChallengeAnswer.Value;
var wsInfo = WebServerInfo.Load(File.ReadAllText("webServerInfo.json"));
using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody)))
{
var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}");
wsInfo.Provider.UploadFile(fileUrl, s);
}
}
}
Thread.Sleep(90 * 1000);
}
public void Test0090_AuthorizeIdentifier()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var authzState = client.AuthorizeIdentifier(TEST_CN1);
foreach (var c in authzState.Challenges)
{
if (c.Type == "dns")
{
var dnsResponse = c.GenerateDnsChallengeAnswer(
authzState.Identifier, signer);
}
}
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0095_RefreshIdentifierAuthorization()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0095_RefreshIdentifierAuthorization)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true);
_testAuthzRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-Refresh.acmeAuthz";
using (var fs = new FileStream(_testAuthzRefresh_AcmeAuthzFile, FileMode.Create))
{
authzRefreshState.Save(fs);
}
}
}
}
public void Test0080_AuthorizeDnsBlacklisted()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.AuthorizeIdentifier("acme-win-test.example.com");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.IsNotNull(ex.Response.ProblemDetail);
Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode);
Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type);
StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist");
}
}
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
if (!_wpConfig.UseNewSigner)
{
// Re-use existing Signer config from stable local store
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
}
_testRegister_AcmeSignerFile = $"{_baseLocalStore}\\TestRegister.acmeSigner";
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Create))
{
signer.Save(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0030_Register)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[] { TEST_EM1, TEST_PH1, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegister_AcmeRegFile = $"{_baseLocalStore}\\TestRegister.acmeReg";
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0190_RefreshCertificateRequest()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
//var csrRaw = File.ReadAllBytes($"{BASE_LOCAL_STORE}test-csr.der");
//var csrB64u = JwsHelper.Base64UrlEncode(csrRaw);
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
CertificateRequest certRequ;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Open))
{
certRequ = CertificateRequest.Load(fs);
}
client.RefreshCertificateRequest(certRequ, true);
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.acmeCertRequ", FileMode.Create))
{
certRequ.Save(fs);
}
if (!string.IsNullOrEmpty(certRequ.CertificateContent))
{
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.cer", FileMode.Create))
{
certRequ.SaveCertificate(fs);
}
}
}
}
}
public void Test0160_RequestCertificateInvalidCsr()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient())
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.RequestCertificate("FOOBARNON");
Assert.Fail("WebException expected");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode);
}
}
}
}
public void Test0040_RegisterEmptyUpdate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0040_RegisterEmptyUpdate)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
// Do a simple update with no data changes requested
client.UpdateRegistration(true);
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterEmptyUpdate.acmeReg";
using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
