static Crt GetCACertificate(CertificateProvider cp, CertificateRequest certRequest) { var links = new LinkCollection(certRequest.Links); var upLink = links.GetFirstOrDefault("up"); var temporaryFileName = Path.GetTempFileName(); try { var uri = new Uri(new Uri(Program.GlobalConfiguration.AcmeServerBaseUri), upLink.Uri); TheWebClient.DownloadFile(uri, temporaryFileName); var cacert = new X509Certificate2(temporaryFileName); var serverSN = cacert.GetSerialNumberString(); using (Stream source = new FileStream(temporaryFileName, FileMode.Open)) { return(cp.ImportCertificate(EncodingFormat.DER, source)); } } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } }
public static IssuedCertificate RequestCertificate(AcmeClient client, CertificateProvider certProvider, string hostName, List <string> alternativeNames = null) { if (alternativeNames == null) { alternativeNames = new List <string>(); } PrivateKey pk; var csr = GenerateCSR(certProvider, hostName, alternativeNames, out pk); var certRequest = client.RequestCertificate(JwsHelper.Base64UrlEncode(csr)); if (certRequest.StatusCode != HttpStatusCode.Created) { throw new CertificateApplicationException(certRequest, hostName, alternativeNames.ToArray()); } Crt crt; using (var ms = new MemoryStream()) { certRequest.SaveCertificate(ms); ms.Seek(0, SeekOrigin.Begin); crt = certProvider.ImportCertificate(EncodingFormat.DER, ms); } var caCrt = GetCACertificate(certProvider, certRequest); return(new IssuedCertificate { PublicKey = crt, PrivateKey = pk, CAPublicKey = caCrt }); }
public string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(this.baseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(tmp, cacertDerFile, true); } Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Trace.TraceInformation("Saving Issuer Certificate to {0}", cacertPemFile); if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } return(cacertPemFile); } finally { if (File.Exists(tmp)) { File.Delete(tmp); } } } } return(null); }
static string DownloadIssuerCertificate(CertificateProvider provider, CertificateRequest request, string api, string certificatesFolder) { var linksEnum = request.Links; var isuPemFile = string.Empty; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault(SERVER_UP_STRING); if (upLink != null) { var temporaryFileName = Path.GetTempFileName(); try { using (var web = new WebClient()) { var apiUri = new Uri(new Uri(api), upLink.Uri); web.DownloadFile(apiUri, temporaryFileName); } var cacert = new X509Certificate2(temporaryFileName); var sernum = cacert.GetSerialNumberString(); var cacertDerFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatesFolder, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(temporaryFileName, cacertDerFile, true); } if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = provider.ImportCertificate(EncodingFormat.DER, source); provider.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } isuPemFile = cacertPemFile; } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } } } return(isuPemFile); }
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(acmeUri), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) { File.Copy(tmp, cacertDerFile, true); } logger.Debug($"Saving Issuer Certificate to {cacertPemFile}"); if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } return(cacertPemFile); } finally { if (File.Exists(tmp)) { File.Delete(tmp); } } } } return(null); }
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum == null) { return(null); } LinkCollection links = new LinkCollection(linksEnum); Link upLink = links.GetFirstOrDefault("up"); if (upLink == null) { return(null); } string temporaryFileName = Path.GetTempFileName(); try { using (WebClient web = new WebClient()) { Uri uri = new Uri(new Uri(_options.BaseUri), upLink.Uri); web.DownloadFile(uri, temporaryFileName); } X509Certificate2 cacert = new X509Certificate2(temporaryFileName); string sernum = cacert.GetSerialNumberString(); string cacertDerFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.der"); string cacertPemFile = Path.Combine(_options.CertificateFolder, $"ca-{sernum}-crt.pem"); File.Copy(temporaryFileName, cacertDerFile, true); Log.Information($"Saving Issuer Certificate to {cacertPemFile}"); using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { Crt caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return(cacertPemFile); } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } }
/// <summary> /// Get the issuer certificate /// </summary> /// <param name="certificate"></param> /// <param name="cp"></param> /// <returns></returns> private Crt GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { using (var web = new WebClient()) using (var stream = web.OpenRead(new Uri(new Uri(_options.BaseUri), upLink.Uri))) { return(cp.ImportCertificate(EncodingFormat.DER, stream)); } } } return(null); }
public override Crt ImportCertificate(EncodingFormat fmt, Stream source) { return(_cp.ImportCertificate(fmt, source)); }
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) File.Copy(tmp, cacertDerFile, true); Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile); if (!File.Exists(cacertPemFile)) using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return cacertPemFile; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } return null; }
private void GetCertificate() { Log.Information("Requesting Certificate"); using (CertificateProvider cp = CertificateProvider.GetProvider()) { RsaPrivateKeyParams rsaPkp = new RsaPrivateKeyParams(); PrivateKey rsaKeys = cp.GeneratePrivateKey(rsaPkp); CsrParams csrParams = new CsrParams { Details = new CsrDetails { CommonName = _options.HostName, }, }; Csr csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256); byte[] derRaw; using (MemoryStream bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } string derB64U = JwsHelper.Base64UrlEncode(derRaw); CertificateRequest certReq = _acmeClient.RequestCertificate(derB64U); if (certReq.StatusCode != HttpStatusCode.Created) { throw new Exception($"Request status = {certReq.StatusCode}"); } using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyGen], FileMode.Create)) cp.SavePrivateKey(rsaKeys, fs); using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyPem], FileMode.Create)) cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs); using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrGen], FileMode.Create)) cp.SaveCsr(csr, fs); using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrPem], FileMode.Create)) cp.ExportCsr(csr, EncodingFormat.PEM, fs); Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtDer]}"); using (FileStream file = File.Create(_options.WellKnownFilePaths[WellKnownFile.CrtDer])) certReq.SaveCertificate(file); Crt crt; using (FileStream source = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtDer], FileMode.Open), target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Create)) { crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.PEM, target); } // To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate string isuPemFile = GetIssuerCertificate(certReq, cp); using (FileStream intermediate = new FileStream(isuPemFile, FileMode.Open), certificate = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Open), chain = new FileStream(_options.WellKnownFilePaths[WellKnownFile.ChainPem], FileMode.Create)) { certificate.CopyTo(chain); intermediate.CopyTo(chain); } Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtPfx]}"); using (FileStream source = new FileStream(isuPemFile, FileMode.Open), target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], FileMode.Create)) { Crt isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source); cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, _options.PfxPassword); } } }
private string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { Log("\t\t\t\tGetIssuerCertificate started"); var linksEnum = certificate.Links; if (linksEnum == null) { Log("\t\t\t\t\tGetIssuerCertificate error linksEnum == null"); Log("\t\t\t\tGetIssuerCertificate ended"); return(null); } var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink == null) { Log("\t\t\t\t\tGetIssuerCertificate error upLink == null"); Log("\t\t\t\tGetIssuerCertificate ended"); return(null); } var temporaryFileName = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(this.BaseUri, upLink.Uri); web.DownloadFile(uri, temporaryFileName); } var cacert = new X509Certificate2(temporaryFileName); var sernum = cacert.GetSerialNumberString(); var cacertDerFile = string.Format("ca-{0}-crt.der", sernum); var cacertPemFile = string.Format("ca-{0}-crt.pem", sernum); if (!File.Exists(cacertDerFile)) { File.Copy(temporaryFileName, cacertDerFile, true); } if (!File.Exists(cacertPemFile)) { using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } } Log("\t\t\t\tGetIssuerCertificate ended"); return(cacertPemFile); } catch (Exception ex) { Log("\t\t\t\t\tGetIssuerCertificate error {0}", ex.Message); } finally { if (File.Exists(temporaryFileName)) { File.Delete(temporaryFileName); } } Log("\t\t\t\tGetIssuerCertificate ended"); return(null); }
static void GenerateCertFiles(CertificateProvider provider, PrivateKey rsaKeys, Csr csr, CertificateRequest request, string certificatesFolder, string domain) { var crt = default(Crt); var keyGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-key.json"); Log.Debug($"Gerando arquivo: {keyGenFile}"); using (var fs = new FileStream(keyGenFile, FileMode.Create)) provider.SavePrivateKey(rsaKeys, fs); var keyPemFile = Path.Combine(certificatesFolder, $"{domain}-key.pem"); Log.Debug($"Gerando arquivo: {keyPemFile}"); using (var fs = new FileStream(keyPemFile, FileMode.Create)) provider.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs); var csrGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-csr.json"); Log.Debug($"Gerando arquivo: {csrGenFile}"); using (var fs = new FileStream(csrGenFile, FileMode.Create)) provider.SaveCsr(csr, fs); var csrPemFile = Path.Combine(certificatesFolder, $"{domain}-csr.pem"); Log.Debug($"Gerando arquivo: {csrPemFile}"); using (var fs = new FileStream(csrPemFile, FileMode.Create)) provider.ExportCsr(csr, EncodingFormat.PEM, fs); var crtDerFile = Path.Combine(certificatesFolder, $"{domain}-crt.der"); Log.Debug($"Gerando arquivo: {crtDerFile}"); using (var file = File.Create(crtDerFile)) request.SaveCertificate(file); var crtPemFile = Path.Combine(certificatesFolder, $"{domain}-crt.pem"); var chainPemFile = Path.Combine(certificatesFolder, $"{domain}-chain.pem"); Log.Debug($"Gerando arquivo: {crtPemFile}"); Log.Debug($"Gerando arquivo: {chainPemFile}"); using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.Create)) { crt = provider.ImportCertificate(EncodingFormat.DER, source); provider.ExportCertificate(crt, EncodingFormat.PEM, target); } var pemFile = DownloadIssuerCertificate(provider, request, ACME_API, certificatesFolder); using (FileStream intermediate = new FileStream(pemFile, FileMode.Open), certificate = new FileStream(crtPemFile, FileMode.Open), chain = new FileStream(chainPemFile, FileMode.Create)) { certificate.CopyTo(chain); intermediate.CopyTo(chain); } var crtPfxFile = Path.Combine(certificatesFolder, $"{domain}-all.pfx"); Log.Debug($"Gerando arquivo: {crtPfxFile}"); using (FileStream source = new FileStream(pemFile, FileMode.Open), target = new FileStream(crtPfxFile, FileMode.Create)) { try { var isuCrt = provider.ImportCertificate(EncodingFormat.PEM, source); provider.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, string.Empty); } catch (Exception ex) { Log.Error($"Erro ao exportar o arquivo {crtPfxFile}", ex); } } }