/// <summary>
/// Attempt to create an account using specific parameters
/// </summary>
/// <param name="client"></param>
/// <param name="signer"></param>
/// <param name="contacts"></param>
/// <param name="eabAlg"></param>
/// <param name="eabKid"></param>
/// <param name="eabKey"></param>
/// <returns></returns>
private async Task CreateAccount(
AcmeProtocolClient client, AccountSigner signer,
string[]?contacts,
string eabAlg, string?eabKid, string?eabKey)
{
if (client.Account != null)
{
throw new Exception("Client already has an account!");
}
ExternalAccountBinding?externalAccount = null;
if (!string.IsNullOrWhiteSpace(eabKey) &&
!string.IsNullOrWhiteSpace(eabKid))
{
externalAccount = new ExternalAccountBinding(
eabAlg,
JsonConvert.SerializeObject(
signer.JwsTool().ExportJwk(),
Formatting.None),
eabKid,
eabKey,
client.Directory?.NewAccount ?? "");
}
await client.ChangeAccountKeyAsync(signer.JwsTool());
client.Account = await Retry(client,
() => client.CreateAccountAsync(
contacts,
termsOfServiceAgreed: true,
externalAccountBinding: externalAccount?.Payload() ?? null));
_accountManager.CurrentSigner = signer;
_accountManager.CurrentAccount = client.Account;
}
private async Task <AccountDetails?> LoadAccount(AcmeProtocolClient client, IJwsTool?signer)
{
AccountDetails?account = null;
if (File.Exists(AccountPath))
{
if (signer != null)
{
_log.Debug("Loading account information from {registrationPath}", AccountPath);
account = JsonConvert.DeserializeObject <AccountDetails>(File.ReadAllText(AccountPath));
client.Account = account;
// Maybe we should update the account details
// on every start of the program to figure out
// if it hasn't been suspended or cancelled?
// UpdateAccount();
}
else
{
_log.Error("Account found but no valid signer could be loaded");
}
}
else
{
var contacts = await GetContacts();
var(_, filename, content) = await client.GetTermsOfServiceAsync();
if (!string.IsNullOrEmpty(filename))
{
if (!await AcceptTos(filename, content))
{
return(null);
}
}
account = await client.CreateAccountAsync(contacts, termsOfServiceAgreed : true);
_log.Debug("Saving registration");
var accountKey = new AccountSigner
{
KeyType = client.Signer.JwsAlg,
KeyExport = client.Signer.Export(),
};
AccountSigner = accountKey;
File.WriteAllText(AccountPath, JsonConvert.SerializeObject(account));
}
return(account);
}
private async Task <AccountDetails?> LoadAccount(AcmeProtocolClient client, IJwsTool?signer)
{
_log.Verbose("Loading ACME account");
AccountDetails?account = null;
if (File.Exists(AccountPath))
{
if (signer != null)
{
_log.Debug("Loading account information from {registrationPath}", AccountPath);
account = JsonConvert.DeserializeObject <AccountDetails>(File.ReadAllText(AccountPath));
client.Account = account;
// Maybe we should update the account details
// on every start of the program to figure out
// if it hasn't been suspended or cancelled?
// UpdateAccount();
}
else
{
_log.Error("Account found but no valid signer could be loaded");
}
}
else
{
_log.Verbose("No account found at {path}, creating new one", AccountPath);
try
{
var(_, filename, content) = await client.GetTermsOfServiceAsync();
_log.Verbose("Terms of service downloaded");
if (!string.IsNullOrEmpty(filename))
{
if (!await AcceptTos(filename, content))
{
return(null);
}
}
}
catch (Exception ex)
{
_log.Error(ex, "Error getting terms of service");
}
var contacts = default(string[]);
var externalAccount = default(ExternalAccountBinding);
var kid = _accountArguments.EabKeyIdentifier;
var key = _accountArguments.EabKey;
var alg = _accountArguments.EabAlgorithm ?? "HS256";
var eabFlow = client.Directory?.Meta?.ExternalAccountRequired == "true";
if (eabFlow)
{
_input.CreateSpace();
_input.Show(null, "This ACME endpoint requires an external account. You will " +
"need to provide a key identifier and a key to proceed. Please refer to the " +
"providers instructions on how to obtain these.");
}
else if (!string.IsNullOrWhiteSpace(kid))
{
eabFlow = true;
_input.CreateSpace();
_input.Show(null, "You have provided external account binding key, but the server" +
"claims that is not required. We will attempt to register using this key anyway.");
}
if (eabFlow)
{
if (string.IsNullOrWhiteSpace(kid))
{
kid = await _input.RequestString("Key identifier");
}
if (string.IsNullOrWhiteSpace(key))
{
key = await _input.ReadPassword("Key (base64url encoded)");
}
externalAccount = new ExternalAccountBinding(
alg,
JsonConvert.SerializeObject(client.Signer.ExportJwk(), Formatting.None),
kid,
key ?? "",
client.Directory?.NewAccount ?? "");
}
else
{
contacts = await GetContacts();
}
try
{
account = await client.CreateAccountAsync(
contacts,
termsOfServiceAgreed : true,
externalAccountBinding : externalAccount?.Payload() ?? null);
}
catch (Exception ex)
{
_log.Error(ex, "Error creating account");
}
if (account != null)
{
try
{
_log.Debug("Saving account");
var accountKey = new AccountSigner
{
KeyType = client.Signer.JwsAlg,
KeyExport = client.Signer.Export(),
};
AccountSigner = accountKey;
await File.WriteAllTextAsync(AccountPath, JsonConvert.SerializeObject(account));
}
catch (Exception ex)
{
_log.Error(ex, "Error saving account");
account = null;
}
}
}
return(account);
}
private async Task <AccountDetails?> LoadAccount(AcmeProtocolClient client, IJwsTool?signer)
{
_log.Verbose("Loading ACME account");
AccountDetails?account = null;
if (File.Exists(AccountPath))
{
if (signer != null)
{
_log.Debug("Loading account information from {registrationPath}", AccountPath);
account = JsonConvert.DeserializeObject <AccountDetails>(File.ReadAllText(AccountPath));
client.Account = account;
// Maybe we should update the account details
// on every start of the program to figure out
// if it hasn't been suspended or cancelled?
// UpdateAccount();
}
else
{
_log.Error("Account found but no valid signer could be loaded");
}
}
else
{
_log.Verbose("No account found at {path}, creating new one", AccountPath);
try
{
var(_, filename, content) = await client.GetTermsOfServiceAsync();
_log.Verbose("Terms of service downloaded");
if (!string.IsNullOrEmpty(filename))
{
if (!await AcceptTos(filename, content))
{
return(null);
}
}
}
catch (Exception ex)
{
_log.Error(ex, "Error getting terms of service");
}
var contacts = default(string[]);
var externalAccount = default(ExternalAccountBinding);
var kid = _accountArguments.EabKeyIdentifier;
var key = _accountArguments.EabKey;
var alg = _accountArguments.EabAlgorithm ?? "HS256";
var eabFlow = client.Directory?.Meta?.ExternalAccountRequired == "true";
var zeroSslFlow = _settings.BaseUri.Host.Contains("zerossl.com");
// Warn about unneeded EAB
if (!eabFlow && !string.IsNullOrWhiteSpace(kid))
{
eabFlow = true;
_input.CreateSpace();
_input.Show(null, "You have provided an external account binding key, even though " +
"the server does not indicate that this is required. We will attempt to register " +
"using this key anyway.");
}
if (zeroSslFlow)
{
async Task emailRegistration()
{
var registration = await GetContacts(allowMultiple : false, prefix : "");
var eab = await _zeroSsl.Register(registration.FirstOrDefault() ?? "");
if (eab != null)
{
kid = eab.Kid;
key = eab.Hmac;
}
else
{
_log.Error("Unable to retrieve EAB credentials using the provided email address");
}
}
async Task apiKeyRegistration()
{
var accessKey = await _input.ReadPassword("API access key");
var eab = await _zeroSsl.Obtain(accessKey ?? "");
if (eab != null)
{
kid = eab.Kid;
key = eab.Hmac;
}
else
{
_log.Error("Unable to retrieve EAB credentials using the provided API access key");
}
}
if (!string.IsNullOrWhiteSpace(_accountArguments.EmailAddress))
{
await emailRegistration();
}
else
{
var instruction = "ZeroSsl can be used either by setting up a new " +
"account using your email address or by connecting it to your existing " +
"account using the API access key or pre-generated EAB credentials, which can " +
"be obtained from the Developer section of the dashboard.";
_input.CreateSpace();
_input.Show(null, instruction);
var chosen = await _input.ChooseFromMenu(
"How would you like to create the account?",
new List <Choice <Func <Task> > >()
{
Choice.Create((Func <Task>)apiKeyRegistration, "API access key"),
Choice.Create((Func <Task>)emailRegistration, "Email address"),
Choice.Create <Func <Task> >(() => Task.CompletedTask, "Input EAB credentials directly")
});
await chosen.Invoke();
}
}
if (eabFlow)
{
if (string.IsNullOrWhiteSpace(kid))
{
var instruction = "This ACME endpoint requires an external account. " +
"You will need to provide a key identifier and a key to proceed. " +
"Please refer to the providers instructions on how to obtain these.";
_input.CreateSpace();
_input.Show(null, instruction);
kid = await _input.RequestString("Key identifier");
}
if (string.IsNullOrWhiteSpace(key))
{
key = await _input.ReadPassword("Key (base64url encoded)");
}
externalAccount = new ExternalAccountBinding(
alg,
JsonConvert.SerializeObject(
client.Signer.ExportJwk(),
Formatting.None),
kid,
key ?? "",
client.Directory?.NewAccount ?? "");
}
else
{
contacts = await GetContacts();
}
try
{
account = await client.CreateAccountAsync(
contacts,
termsOfServiceAgreed : true,
externalAccountBinding : externalAccount?.Payload() ?? null);
}
catch (Exception ex)
{
_log.Error(ex, "Error creating account");
}
if (account != null)
{
try
{
_log.Debug("Saving account");
var accountKey = new AccountSigner
{
KeyType = client.Signer.JwsAlg,
KeyExport = client.Signer.Export(),
};
AccountSigner = accountKey;
await File.WriteAllTextAsync(AccountPath, JsonConvert.SerializeObject(account));
}
catch (Exception ex)
{
_log.Error(ex, "Error saving account");
account = null;
}
}
}
return(account);
}
