/// <inheritdoc/>
public AcmeResponse GetCertificate(AcmeRequest request, string thumbprint)
{
return(WrapAction((response) =>
{
var account = GetAccount(request);
var certs = OrderService.GetCertificate(account.Id, thumbprint);
switch (Options.DownloadCertificateFormat)
{
case DownloadCertificateFormat.PemCertificateChain:
{
var pem = PemConverter.Encode(certs.Select(o => o.RawData).ToArray(), "certificate");
response.Content = new MediaTypeContent("application/pem-certificate-chain", pem);
}
break;
case DownloadCertificateFormat.PkixCert:
{
var cert = new X509Certificate2(certs[0].RawData);
response.Content = new MediaTypeContent("application/pkix-cert", cert.RawData);
}
break;
case DownloadCertificateFormat.Pkcs7Mime:
{
var x509Certs = certs.Select(o => new X509Certificate2(o.RawData)).ToArray();
var x509Collection = new X509Certificate2Collection(x509Certs);
response.Content = new MediaTypeContent("application/pkcs7-mime", x509Collection.Export(X509ContentType.Pkcs7));
}
break;
}
}, request));
}
public void Encode()
{
var rawData = Convert.FromBase64String("TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1");
var expected = "-----BEGIN CERTIFICATE-----\n" +
"TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1\n" +
"-----END CERTIFICATE-----";
var res = PemConverter.Encode(rawData, "certificate");
Assert.Equal(expected, res);
}
public void Encode_Array()
{
var rawData = Convert.FromBase64String(DATA);
var rawDataArray = new byte[][]
{
rawData,
rawData,
rawData
};
var res = PemConverter.Encode(rawDataArray, "certificate");
Assert.Equal(PEM, res);
}
/// <summary>
/// Download the issued certificate.
/// </summary>
/// <see cref="https://tools.ietf.org/html/rfc8555#section-7.4.2"/>
public async Task <AcmeResponse <X509Certificate2Collection> > OrderCertificateGetAsync(string certificateUrl)
{
Logger.Info("Getting an ACME certificate list. Params:{@params}", certificateUrl);
var response = await Request(certificateUrl,
new RequestParams
{
Method = HttpMethod.Post,
Payload = ""
});
var chain = new X509Certificate2Collection();
var mediaContnet = (MediaTypeContent)response.Content;
var rawData = mediaContnet.ToArray();
switch (mediaContnet.Type)
{
case "application/pkix-cert":
chain.Add(new X509Certificate2(rawData));
break;
case "application/pem-certificate-chain":
var dec = Encoding.UTF8.GetString(rawData);
chain.AddRange(PemConverter.Decode(dec).Select(o => new X509Certificate2(o)).ToArray());
break;
case "application/pkcs7-mime":
chain.Import(rawData);
break;
default:
throw new Exception("Wrong Content type");
}
var resp = new AcmeResponse <X509Certificate2Collection>()
{
StatusCode = (int)response.StatusCode,
// todo need upgrade
//ReplayNonce = replayNonceValues?.FirstOrDefault(),
//Location = locationValues?.FirstOrDefault(),
//Links = linksValues != null ? new LinkHeaderCollection(linksValues.ToArray()) : null,
Content = chain,
};
return(resp);
}
protected override void OnExecute()
{
var bytes = System.IO.File.ReadAllBytes(File);
var raw = PemConverter.IsPEM(bytes)
? PemConverter.Decode(bytes)
: bytes;
var signedCms = new SignedCms();
signedCms.Decode(raw);
PrintInfoCms(signedCms);
try
{
signedCms.CheckSignature(false);
Print.Info("Valid signature.");
} catch (Exception e)
{
Print.Info($"{e.Message}");
Environment.Exit(1);
}
}
public void Decode()
{
var res = PemConverter.Decode(PEM);
Assert.Equal(DATA, Convert.ToBase64String(res[0]));
}