public async Task <StatusMessage> RevokeCertificate(ILog log, ManagedCertificate managedCertificate)
{
try
{
var pkcs = new Org.BouncyCastle.Pkcs.Pkcs12Store(File.Open(managedCertificate.CertificatePath, FileMode.Open), "".ToCharArray());
var certAliases = pkcs.Aliases.GetEnumerator();
certAliases.MoveNext();
var certEntry = pkcs.GetCertificate(certAliases.Current.ToString());
var certificate = certEntry.Certificate;
// revoke certificate
var der = certificate.GetEncoded();
await _client.RevokeCertificateAsync(der, RevokeReason.Unspecified);
return(new StatusMessage {
IsOK = true, Message = $"Certificate revoke completed."
});
}
catch (Exception exp)
{
return(new StatusMessage {
IsOK = false, Message = $"Failed to revoke certificate: {exp.Message}"
});
}
}
internal void RevokeCertificate(byte[] crt)
{
Retry(() => _client.RevokeCertificateAsync(crt, RevokeReason.Unspecified));
}
public async Task RevokeCertificate()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var dnsIds = new[] {
"foo.mock.acme2.zyborg.io",
"foo-alt-1.mock.acme2.zyborg.io",
"foo-alt-2.mock.acme2.zyborg.io",
"foo-alt-3.mock.acme2.zyborg.io",
};
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length);
Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length);
var authzUrl = order.Payload.Authorizations[0];
var authz = await acme.GetAuthorizationDetailsAsync(authzUrl);
Assert.IsNotNull(authz);
Assert.IsFalse(authz.Wildcard ?? false);
Assert.AreEqual(dnsIds[0], authz.Identifier.Value);
foreach (var chlng in authz.Challenges)
{
var chlng2 = await acme.AnswerChallengeAsync(chlng.Url);
Assert.IsNotNull(chlng2);
Assert.AreEqual("valid", chlng2.Status);
}
var kpr = PkiKeyPair.GenerateRsaKeyPair(2048);
var csr = new PkiCertificateSigningRequest($"cn={dnsIds[0]}", kpr,
PkiHashAlgorithm.Sha256);
csr.CertificateExtensions.Add(
PkiCertificateExtension.CreateDnsSubjectAlternativeNames(dnsIds.Skip(1)));
var csrDer = csr.ExportSigningRequest(PkiEncodingFormat.Der);
var finalizedOrder = await acme.FinalizeOrderAsync(order.Payload.Finalize, csrDer);
Assert.AreEqual("valid", finalizedOrder.Payload.Status);
Assert.IsNotNull(finalizedOrder.Payload.Certificate);
var getResp = await acme.GetAsync(finalizedOrder.Payload.Certificate);
getResp.EnsureSuccessStatusCode();
var certPemBytes = await getResp.Content.ReadAsByteArrayAsync();
using (var fs = new FileStream(Path.Combine(DataFolder, "finalize-cert-beforeRevoke.pem"),
FileMode.Create))
{
await fs.WriteAsync(certPemBytes);
}
var cert = new X509Certificate2(certPemBytes);
var certDerBytes = cert.Export(X509ContentType.Cert);
await acme.RevokeCertificateAsync(certDerBytes);
}
}
}
internal async Task RevokeCertificate(byte[] crt) => await Retry(async() => {
await _client.RevokeCertificateAsync(crt, RevokeReason.Unspecified);
return(Task.CompletedTask);
});