Ejemplo n.º 1
0
        public PendingAuthorization DomainInitAndRegistration(CertRequestConfig requestConfig, string identifierAlias)
        {
            /*
             * //need to manipulate file created above to set file path or request key sshould be written too.
             *
             */
            //perform domain cert requests

            string domain = requestConfig.Domain;

            // powershellManager.SetWorkingDirectory(this.vaultFolderPath);

            if (GetIdentifier(identifierAlias) == null)
            {
                var result = powershellManager.NewIdentifier(domain, identifierAlias, "Identifier:" + domain);
                if (!result.IsOK)
                {
                    return(null);
                }
            }
            ReloadVaultConfig();

            var identifier = this.GetIdentifier(identifierAlias);

            /*
             * //config file now has a temp path to write to, begin challenge (writes to temp file with challenge content)
             */
            var ccrResult = powershellManager.CompleteChallenge(identifier.Alias, regenerate: true);

            if (ccrResult.IsOK)
            {
                bool extensionlessConfigOK = false;
                //get challenge info
                ReloadVaultConfig();
                identifier = GetIdentifier(identifierAlias);
                var challengeInfo = identifier.Challenges.FirstOrDefault(c => c.Value.Type == "http-01").Value;

                //if copying the file for the user, attempt that now
                if (challengeInfo != null && requestConfig.PerformChallengeFileCopy)
                {
                    var httpChallenge = (ACMESharp.ACME.HttpChallenge)challengeInfo.Challenge;
                    //copy temp file to path challenge expects in web folder
                    var destFile = Path.Combine(requestConfig.WebsiteRootPath, httpChallenge.FilePath);
                    var destPath = Path.GetDirectoryName(destFile);
                    if (!Directory.Exists(destPath))
                    {
                        Directory.CreateDirectory(destPath);
                    }

                    //copy challenge response to web folder /.well-known/acme-challenge
                    System.IO.File.WriteAllText(destFile, httpChallenge.FileContent);

                    var wellknownContentPath = httpChallenge.FilePath.Substring(0, httpChallenge.FilePath.LastIndexOf("/"));
                    var testFilePath         = Path.Combine(requestConfig.WebsiteRootPath, wellknownContentPath + "//configcheck");
                    System.IO.File.WriteAllText(testFilePath, "Extensionless File Config Test - OK");

                    //create a web.config for extensionless files
                    string webConfigContent = Properties.Resources.IISWebConfig;
                    if (!File.Exists(destPath + "\\web.config"))
                    {
                        System.IO.File.WriteAllText(destPath + "\\web.config", webConfigContent);
                    }

                    if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck"))
                    {
                        extensionlessConfigOK = true;
                    }

                    if (!extensionlessConfigOK)
                    {
                        webConfigContent = Properties.Resources.IISWebConfigAlt;

                        System.IO.File.WriteAllText(destPath + "\\web.config", webConfigContent);
                    }

                    if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck"))
                    {
                        extensionlessConfigOK = true;
                    }
                    //ready to complete challenge
                }
                return(new PendingAuthorization()
                {
                    Challenge = challengeInfo, Identifier = identifier, TempFilePath = "", ExtensionlessConfigCheckedOK = extensionlessConfigOK
                });
            }
            else
            {
                return(null);
            }
        }
Ejemplo n.º 2
0
        public PendingAuthorization BeginRegistrationAndValidation(CertRequestConfig requestConfig, string identifierAlias, string challengeType = "http-01", string domain = null)
        {
            //if no alternative domain specified, use the primary domains as the subject
            if (domain == null)
            {
                domain = requestConfig.PrimaryDomain;
            }

            if (GetIdentifier(identifierAlias) == null)
            {
                //if an identifier exists for the same dns in vault, remove it to avoid confusion
                this.DeleteIdentifierByDNS(domain);

                // ACME service requires international domain names in ascii mode

                if (UsePowershell)
                {
                    var result = powershellManager.NewIdentifier(idnMapping.GetAscii(domain), identifierAlias, "Identifier:" + domain);
                    if (!result.IsOK)
                    {
                        return(null);
                    }
                }
                else
                {
                    var cmd = new ACMESharp.POSH.NewIdentifier();
                    cmd.Dns   = idnMapping.GetAscii(domain);
                    cmd.Alias = identifierAlias;
                    cmd.Label = "Identifier:" + domain;

                    try
                    {
                        cmd.ExecuteCommand();
                    }
                    catch (Exception exp)
                    {
                        this.LogAction("NewIdentifier", exp.ToString());
                        return(null);
                    }
                }
            }

            var identifier = this.GetIdentifier(identifierAlias, reloadVaultConfig: true);

            if (identifier.Authorization.IsPending())
            {
                bool ccrResultOK = false;
                if (UsePowershell)
                {
                    var result = powershellManager.CompleteChallenge(identifier.Alias, challengeType, regenerate: true);
                    ccrResultOK = result.IsOK;
                }
                else
                {
                    var cmd = new ACMESharp.POSH.CompleteChallenge();
                    cmd.IdentifierRef = identifier.Alias;
                    cmd.ChallengeType = challengeType;
                    cmd.Handler       = "manual";
                    cmd.Regenerate    = new System.Management.Automation.SwitchParameter(true);
                    cmd.Repeat        = new System.Management.Automation.SwitchParameter(true);
                    cmd.ExecuteCommand();
                    ccrResultOK = true;
                }

                //get challenge info
                ReloadVaultConfig();
                identifier = GetIdentifier(identifierAlias);
                var challengeInfo = identifier.Challenges.FirstOrDefault(c => c.Value.Type == challengeType).Value;

                //identifier challenege specification is now ready for use to prepare and answer for LetsEncrypt to check
                return(new PendingAuthorization()
                {
                    Challenge = challengeInfo, Identifier = identifier, TempFilePath = "", ExtensionlessConfigCheckedOK = false
                });
            }
            else
            {
                //identifier is already valid (previously authorized)
                return(new PendingAuthorization()
                {
                    Challenge = null, Identifier = identifier, TempFilePath = "", ExtensionlessConfigCheckedOK = false
                });
            }
        }
Ejemplo n.º 3
0
        public PendingAuthorization BeginRegistrationAndValidation(CertRequestConfig requestConfig, string identifierAlias)
        {
            string domain = requestConfig.Domain;

            if (GetIdentifier(identifierAlias) == null)
            {
                //if an identifier exists for the same dns in vault, remove it to avoid confusion
                this.DeleteIdentifierByDNS(domain);
                var result = powershellManager.NewIdentifier(domain, identifierAlias, "Identifier:" + domain);
                if (!result.IsOK)
                {
                    return(null);
                }
            }

            var identifier = this.GetIdentifier(identifierAlias, reloadVaultConfig: true);

            /*
             * //config file now has a temp path to write to, begin challenge (writes to temp file with challenge content)
             */
            if (identifier.Authorization.IsPending())
            {
                var ccrResult = powershellManager.CompleteChallenge(identifier.Alias, regenerate: true);

                if (ccrResult.IsOK)
                {
                    bool extensionlessConfigOK = false;
                    bool checkViaProxy         = true;

                    //get challenge info
                    ReloadVaultConfig();
                    identifier = GetIdentifier(identifierAlias);
                    var challengeInfo = identifier.Challenges.FirstOrDefault(c => c.Value.Type == "http-01").Value;

                    //if copying the file for the user, attempt that now
                    if (challengeInfo != null && requestConfig.PerformChallengeFileCopy)
                    {
                        var httpChallenge = (ACMESharp.ACME.HttpChallenge)challengeInfo.Challenge;
                        this.LogAction("Preparing challenge response for LetsEncrypt server to check at: " + httpChallenge.FileUrl);
                        this.LogAction("If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.");

                        //copy temp file to path challenge expects in web folder
                        var destFile = Path.Combine(requestConfig.WebsiteRootPath, httpChallenge.FilePath);
                        var destPath = Path.GetDirectoryName(destFile);
                        if (!Directory.Exists(destPath))
                        {
                            Directory.CreateDirectory(destPath);
                        }

                        //copy challenge response to web folder /.well-known/acme-challenge
                        System.IO.File.WriteAllText(destFile, httpChallenge.FileContent);

                        var wellknownContentPath = httpChallenge.FilePath.Substring(0, httpChallenge.FilePath.LastIndexOf("/"));
                        var testFilePath         = Path.Combine(requestConfig.WebsiteRootPath, wellknownContentPath + "//configcheck");
                        System.IO.File.WriteAllText(testFilePath, "Extensionless File Config Test - OK");

                        //create a web.config for extensionless files, then test it (make a request for the extensionless configcheck file over http)
                        string webConfigContent = Properties.Resources.IISWebConfig;

                        if (!File.Exists(destPath + "\\web.config"))
                        {
                            //no existing config, attempt auto config and perform test
                            System.IO.File.WriteAllText(destPath + "\\web.config", webConfigContent);
                            if (requestConfig.PerformExtensionlessConfigChecks)
                            {
                                if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck", checkViaProxy))
                                {
                                    extensionlessConfigOK = true;
                                }
                            }
                        }
                        else
                        {
                            //web config already exists, don't overwrite it, just test it

                            if (requestConfig.PerformExtensionlessConfigChecks)
                            {
                                if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck", checkViaProxy))
                                {
                                    extensionlessConfigOK = true;
                                }
                                if (!extensionlessConfigOK && requestConfig.PerformExtensionlessAutoConfig)
                                {
                                    //didn't work, try our default config
                                    System.IO.File.WriteAllText(destPath + "\\web.config", webConfigContent);

                                    if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck", checkViaProxy))
                                    {
                                        extensionlessConfigOK = true;
                                    }
                                }
                            }
                        }

                        if (!extensionlessConfigOK && requestConfig.PerformExtensionlessAutoConfig)
                        {
                            //if first attempt(s) at config failed, try an alternative config
                            webConfigContent = Properties.Resources.IISWebConfigAlt;

                            System.IO.File.WriteAllText(destPath + "\\web.config", webConfigContent);

                            if (CheckURL("http://" + domain + "/" + wellknownContentPath + "/configcheck", checkViaProxy))
                            {
                                //ready to complete challenge
                                extensionlessConfigOK = true;
                            }
                        }
                    }

                    return(new PendingAuthorization()
                    {
                        Challenge = challengeInfo, Identifier = identifier, TempFilePath = "", ExtensionlessConfigCheckedOK = extensionlessConfigOK
                    });
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                //identifier is already valid (previously authorized)
                return(new PendingAuthorization()
                {
                    Challenge = null, Identifier = identifier, TempFilePath = "", ExtensionlessConfigCheckedOK = false
                });
            }
        }