[Ignore] // *Normally*, we skip this test because it depends on a local Boulder setup to accessible public void TestNewRegRequest() { var requ = WebRequest.Create(_rootUrl); var resp = requ.GetResponse(); Assert.IsNotNull(resp); var nonceKey = resp.Headers.AllKeys.FirstOrDefault( x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase)); Assert.IsFalse(string.IsNullOrEmpty(nonceKey)); var nonceValue = resp.Headers[nonceKey]; var newReg = new { resource = "new-reg", contact = new string[] { "mailto:[email protected]", "tel:+12025551212" }, }; var newRegSer = JsonConvert.SerializeObject(newReg); var algSigner = new RS256Signer(); algSigner.Init(); var unprotectedHeader = new { alg = "RS256", jwk = algSigner.ExportJwk() }; var protectedHeader = new { nonce = nonceValue, }; var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer, protectedHeader, unprotectedHeader); var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson); requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg")); requ.Method = "POST"; requ.ContentType = "application/json"; requ.ContentLength = acmeJsonBytes.Length; using (var s = requ.GetRequestStream()) { s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length); } resp = requ.GetResponse(); }
public void Test0141_HandleHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); _testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } var wsFilePath = authzChallenge.ChallengeAnswer.Key; var wsFileBody = authzChallenge.ChallengeAnswer.Value; var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json")); using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); wsInfo.Provider.UploadFile(fileUrl, s); } } } Thread.Sleep(90 * 1000); }
public void Test0095_RefreshIdentifierAuthorization() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0095_RefreshIdentifierAuthorization))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true); _testAuthzRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-Refresh.acmeAuthz"; using (var fs = new FileStream(_testAuthzRefresh_AcmeAuthzFile, FileMode.Create)) { authzRefreshState.Save(fs); } } } }
public void Test0090_AuthorizeIdentifier() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var authzState = client.AuthorizeIdentifier(TEST_CN1); foreach (var c in authzState.Challenges) { if (c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS) { var dnsResponse = c.GenerateDnsChallengeAnswer( authzState.Identifier, signer); } else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP) { var httpResponse = c.GenerateHttpChallengeAnswer( authzState.Identifier, signer); } } _testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz"; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
static void Main(string[] args) { var commandLineParseResult = Parser.Default.ParseArguments<Options>(args); var parsed = commandLineParseResult as Parsed<Options>; if (parsed == null) { #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; // not parsed } Options = parsed.Value; Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)"); BaseURI = Options.BaseURI; if (Options.Test) BaseURI = "https://acme-staging.api.letsencrypt.org/"; //Console.Write("\nUse production Let's Encrypt server? (Y/N) "); //if (PromptYesNo()) // BaseURI = ProductionBaseURI; Console.WriteLine($"\nACME Server: {BaseURI}"); if (!string.IsNullOrWhiteSpace(Options.CentralSSLStore)) { Console.WriteLine("Using Centralized SSL Path: " + Options.CentralSSLStore); CentralSSL = true; } settings = new Settings(clientName, BaseURI); configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI)); Console.WriteLine("Config Folder: " + configPath); Directory.CreateDirectory(configPath); try { using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(configPath, "Signer"); if (File.Exists(signerPath)) { Console.WriteLine($"Loading Signer from {signerPath}"); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); } using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer)) { client.Init(); Console.WriteLine("\nGetting AcmeServerDirectory"); client.GetDirectory(true); var registrationPath = Path.Combine(configPath, "Registration"); if (File.Exists(registrationPath)) { Console.WriteLine($"Loading Registration from {registrationPath}"); using (var registrationStream = File.OpenRead(registrationPath)) client.Registration = AcmeRegistration.Load(registrationStream); } else { Console.Write("Enter an email address (not public, used for renewal fail notices): "); var email = Console.ReadLine().Trim(); var contacts = new string[] { }; if (!String.IsNullOrEmpty(email)) { email = "mailto:" + email; contacts = new string[] { email }; } Console.WriteLine("Calling Register"); var registration = client.Register(contacts); if (!Options.AcceptTOS && !Options.Renew) { Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) "); if (!PromptYesNo()) return; } Console.WriteLine("Updating Registration"); client.UpdateRegistration(true, true); Console.WriteLine("Saving Registration"); using (var registrationStream = File.OpenWrite(registrationPath)) client.Registration.Save(registrationStream); Console.WriteLine("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); } if (Options.Renew) { CheckRenewals(); #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; } var targets = new List<Target>(); foreach (var plugin in Target.Plugins.Values) { targets.AddRange(plugin.GetTargets()); } if (targets.Count == 0) { Console.WriteLine("No targets found."); } else { var count = 1; foreach (var binding in targets) { Console.WriteLine($" {count}: {binding}"); count++; } } Console.WriteLine(); foreach (var plugin in Target.Plugins.Values) { plugin.PrintMenu(); } Console.WriteLine(" A: Get certificates for all hosts"); Console.WriteLine(" Q: Quit"); Console.Write("Which host do you want to get a certificate for: "); var response = Console.ReadLine().ToLowerInvariant(); switch (response) { case "a": foreach (var target in targets) { Auto(target); } break; case "q": return; default: var targetId = 0; if (Int32.TryParse(response, out targetId)) { targetId--; if (targetId >= 0 && targetId < targets.Count) { var binding = targets[targetId]; Auto(binding); } } else { foreach (var plugin in Target.Plugins.Values) { plugin.HandleMenuResponse(response, targets); } } break; } } } } catch (Exception e) { Console.ForegroundColor = ConsoleColor.Red; var acmeWebException = e as AcmeClient.AcmeWebException; if (acmeWebException != null) { Console.WriteLine(acmeWebException.Message); Console.WriteLine("ACME Server Returned:"); Console.WriteLine(acmeWebException.Response.ContentAsString); } else { Console.WriteLine(e); } Console.ResetColor(); } Console.WriteLine("Press enter to continue."); Console.ReadLine(); }
public void Test0170_GenCsrAndRequestCertificate() { using (var cp = CertificateProvider.GetProvider()) { var rsaKeyParams = new RsaPrivateKeyParams(); var rsaKey = cp.GeneratePrivateKey(rsaKeyParams); _testGenCsr_RsaKeysFile = $"{_baseLocalStore}\\TestGenCsr-rsaKeys.txt"; using (var fs = new FileStream(_testGenCsr_RsaKeysFile, FileMode.Create)) { cp.SavePrivateKey(rsaKey, fs); } var csrParams = new CsrParams { Details = new CsrDetails { CommonName = TEST_CN1 } }; var csr = cp.GenerateCsr(csrParams, rsaKey, Crt.MessageDigest.SHA256); _testGenCsr_CsrDetailsFile = $"{_baseLocalStore}\\TestGenCsr-csrDetails.txt"; using (var fs = new FileStream(_testGenCsr_CsrDetailsFile, FileMode.Create)) { cp.SaveCsrParams(csrParams, fs); } _testGenCsr_CsrFile = $"{_baseLocalStore}\\TestGenCsr-csr.txt"; using (var fs = new FileStream(_testGenCsr_CsrFile, FileMode.Create)) { cp.SaveCsr(csr, fs); } using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } byte[] derRaw; using (var bs = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var client = BuildClient(testTagHeader: nameof(Test0170_GenCsrAndRequestCertificate))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var certRequ = client.RequestCertificate(derB64u); _testCertRequ_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ.acmeCertRequ"; using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Create)) { certRequ.Save(fs); } } } } }
private static void LoadSignerFromFile(RS256Signer signer, string signerPath) { Console.WriteLine($"Loading Signer from {signerPath}"); Log.Information("Loading Signer from {signerPath}", signerPath); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); }
public void Test0020_GetDirectory() { var boulderResMap = new Dictionary<string, string> { ["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz", ["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert", ["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg", ["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert", }; using (var signer = new RS256Signer()) { using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0020_GetDirectory))) { client.Init(); // Test absolute URI paths var acmeDirAbs = client.GetDirectory(false); foreach (var ent in boulderResMap) { Assert.IsTrue(acmeDirAbs.Contains(ent.Key)); Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]); } // Test relative URI paths var acmeDirRel = client.GetDirectory(true); foreach (var ent in boulderResMap) { var relUrl = ent.Value.Replace(_dirUrlBase, "/"); Assert.IsTrue(acmeDirRel.Contains(ent.Key)); Assert.AreEqual(relUrl, acmeDirRel[ent.Key]); } } } }
public void Test0030_Register() { using (var signer = new RS256Signer()) { signer.Init(); if (!_wpConfig.UseNewSigner) { // Re-use existing Signer config from stable local store using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } } _testRegister_AcmeSignerFile = $"{_baseLocalStore}\\TestRegister.acmeSigner"; using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Create)) { signer.Save(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0030_Register))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); client.Register(new string[] { TEST_EM1, TEST_PH1, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegister_AcmeRegFile = $"{_baseLocalStore}\\TestRegister.acmeReg"; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0190_RefreshCertificateRequest() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } //var csrRaw = File.ReadAllBytes($"{_baseLocalStore}\\test-csr.der"); //var csrB64u = JwsHelper.Base64UrlEncode(csrRaw); using (var client = BuildClient(testTagHeader: nameof(Test0190_RefreshCertificateRequest))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); CertificateRequest certRequ; using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Open)) { certRequ = CertificateRequest.Load(fs); } client.RefreshCertificateRequest(certRequ, true); _testCertRequRefreshed_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.acmeCertRequ"; using (var fs = new FileStream(_testCertRequRefreshed_AcmeCertRequFile, FileMode.Create)) { certRequ.Save(fs); } if (!string.IsNullOrEmpty(certRequ.CertificateContent)) { _testCertRequRefreshed_CerFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.cer"; using (var fs = new FileStream(_testCertRequRefreshed_CerFile, FileMode.Create)) { certRequ.SaveCertificate(fs); } } } } }
public void Test0010_Init() { using (var signer = new RS256Signer()) { using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0010_Init))) { client.Init(); Assert.IsNotNull(client.Directory); Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce)); } } }
public void Test0142_HandleHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0120_GenerateChallengeAnswers))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthzChallengeHttpAnswers_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json")); Assert.IsNotNull(wsInfo); var handlerConfig = wsInfo.Provider as AwsS3WebServerProvider; Assert.IsNotNull(handlerConfig); var handlerParams = new Dictionary<string, object> { [AwsCommonParams.ACCESS_KEY_ID.Name] /**/ = handlerConfig.AccessKeyId, [AwsCommonParams.SECRET_ACCESS_KEY.Name] /**/ = handlerConfig.SecretAccessKey, [AwsCommonParams.REGION.Name] /**/ = handlerConfig.Region, [AwsS3ChallengeHandlerProvider.BUCKET_NAME.Name] /**/ = handlerConfig.BucketName, }; var authzChallenge = client.HandleChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, "awsS3", handlerParams); _testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\140-TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0152_HandleDnsChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0152_HandleDnsChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthzChallengeDnsAnswers_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var dnsInfo = DnsInfo.Load(File.ReadAllText("config\\dnsInfo.json")); Assert.IsNotNull(dnsInfo); var handlerConfig = dnsInfo.Provider as AwsRoute53DnsProvider; Assert.IsNotNull(handlerConfig); var handlerParams = new Dictionary<string, object> {
public void Test0151_DecodeDnsChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0151_DecodeDnsChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.DecodeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS); _testAuthzChallengeDnsAnswers_AcmeAuthzFile = $"{_baseLocalStore}\\151-TestAuthz-DnsChallengeAnswers.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeDnsAnswers_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0146_SubmitHttpChallengeAnswers() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0146_SubmitHttpChallengeAnswers))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); client.SubmitAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, true); _testAuthzChallengeHttpAnswered_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-HttpChallengeAnswered.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpAnswered_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0040_RegisterEmptyUpdate() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0040_RegisterEmptyUpdate))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); // Do a simple update with no data changes requested client.UpdateRegistration(true); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterEmptyUpdate.acmeReg"; using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0160_RequestCertificateInvalidCsr() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0160_RequestCertificateInvalidCsr))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.RequestCertificate("FOOBARNON"); Assert.Fail("WebException expected"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode); } } } }
public void Test0060_RegisterUpdateContacts() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0060_RegisterUpdateContacts))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterUpdate.acmeReg"; using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
private static void SaveSignerToFile(RS256Signer signer, string signerPath) { Console.WriteLine("Saving Signer"); Log.Information("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); }
public void Test0070_RegisterDuplicate() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0070_RegisterDuplicate))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); try { client.Register(new string[] { "mailto:[email protected]", "tel:+14105551212", }); Assert.Fail("WebException expected"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.AreEqual(HttpStatusCode.Conflict, ex.Response.StatusCode); } } } }
private static void Main(string[] args) { CreateLogger(); ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; if (!TryParseOptions(args)) return; Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)"); BaseUri = Options.BaseUri; if (Options.Test) SetTestParameters(); if (Options.San) Log.Debug("San Option Enabled: Running per site and not per host"); ParseRenewalPeriod(); ParseCertificateStore(); Console.WriteLine($"\nACME Server: {BaseUri}"); Log.Information("ACME Server: {BaseUri}", BaseUri); ParseCentralSslStore(); CreateSettings(); CreateConfigPath(); SetAndCreateCertificatePath(); try { using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(_configPath, "Signer"); if (File.Exists(signerPath)) LoadSignerFromFile(signer, signerPath); using (_client = new AcmeClient(new Uri(BaseUri), new AcmeServerDirectory(), signer)) { _client.Init(); Console.WriteLine("\nGetting AcmeServerDirectory"); Log.Information("Getting AcmeServerDirectory"); _client.GetDirectory(true); var registrationPath = Path.Combine(_configPath, "Registration"); if (File.Exists(registrationPath)) LoadRegistrationFromFile(registrationPath); else { Console.Write("Enter an email address (not public, used for renewal fail notices): "); var email = Console.ReadLine().Trim(); string[] contacts = GetContacts(email); AcmeRegistration registration = CreateRegistration(contacts); if (!Options.AcceptTos && !Options.Renew) { Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) "); if (!PromptYesNo()) return; } UpdateRegistration(); SaveRegistrationToFile(registrationPath); SaveSignerToFile(signer, signerPath); } if (Options.Renew) { CheckRenewalsAndWaitForEnterKey(); return; } List<Target> targets = GetTargetsSorted(); WriteBindings(targets); Console.WriteLine(); PrintMenuForPlugins(); if (string.IsNullOrEmpty(Options.ManualHost)) { Console.WriteLine(" A: Get certificates for all hosts"); Console.WriteLine(" Q: Quit"); Console.Write("Which host do you want to get a certificate for: "); var command = ReadCommandFromConsole(); switch (command) { case "a": GetCertificatesForAllHosts(targets); break; case "q": return; default: ProcessDefaultCommand(targets, command); break; } } } } } catch (Exception e) { Log.Error("Error {@e}", e); Console.ForegroundColor = ConsoleColor.Red; var acmeWebException = e as AcmeClient.AcmeWebException; if (acmeWebException != null) { Console.WriteLine(acmeWebException.Message); Console.WriteLine("ACME Server Returned:"); Console.WriteLine(acmeWebException.Response.ContentAsString); } else { Console.WriteLine(e); } Console.ResetColor(); } Console.WriteLine("Press enter to continue."); Console.ReadLine(); }
public void Test0080_AuthorizeDnsBlacklisted() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0080_AuthorizeDnsBlacklisted))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.AuthorizeIdentifier("acme-win-test.example.com"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.IsNotNull(ex.Response.ProblemDetail); Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode); Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type); StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist"); } } } }
static void Main(string[] args) { Log.Logger = new LoggerConfiguration() .ReadFrom.AppSettings() .CreateLogger(); Log.Information("The global logger has been configured"); var commandLineParseResult = Parser.Default.ParseArguments<Options>(args); var parsed = commandLineParseResult as Parsed<Options>; if (parsed == null) { #if DEBUG Log.Debug("Program Debug Enabled"); Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; // not parsed } Options = parsed.Value; Log.Debug("{@Options}", Options); Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)"); BaseURI = Options.BaseURI; if (Options.Test) { BaseURI = "https://acme-staging.api.letsencrypt.org/"; Log.Debug("Test paramater set: {BaseURI}", BaseURI); } if (Options.SAN) { Log.Debug("SAN Option Enabled: Running per site and not per host"); } Console.WriteLine($"\nACME Server: {BaseURI}"); Log.Information("ACME Server: {BaseURI}", BaseURI); if (!string.IsNullOrWhiteSpace(Options.CentralSSLStore)) { Console.WriteLine("Using Centralized SSL Path: " + Options.CentralSSLStore); Log.Information("Using Centralized SSL Path: {CentralSSLStore}", Options.CentralSSLStore); CentralSSL = true; } settings = new Settings(clientName, BaseURI); Log.Debug("{@settings}", settings); configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI)); Console.WriteLine("Config Folder: " + configPath); Log.Information("Config Folder: {configPath}", configPath); Directory.CreateDirectory(configPath); certificatePath = Properties.Settings.Default.CertificatePath; if (string.IsNullOrWhiteSpace(certificatePath)) { certificatePath = configPath; } else { try { Directory.CreateDirectory(certificatePath); } catch (Exception ex) { Console.WriteLine($"Error creating the certificate directory, {certificatePath}. Defaulting to config path"); Log.Warning("Error creating the certificate directory, {certificatePath}. Defaulting to config path. Error: {@ex}", certificatePath, ex); certificatePath = configPath; } } Console.WriteLine("Certificate Folder: " + certificatePath); Log.Information("Certificate Folder: {certificatePath}", certificatePath); try { using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(configPath, "Signer"); if (File.Exists(signerPath)) { Console.WriteLine($"Loading Signer from {signerPath}"); Log.Information("Loading Signer from {signerPath}", signerPath); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); } using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer)) { client.Init(); Console.WriteLine("\nGetting AcmeServerDirectory"); Log.Information("Getting AcmeServerDirectory"); client.GetDirectory(true); var registrationPath = Path.Combine(configPath, "Registration"); if (File.Exists(registrationPath)) { Console.WriteLine($"Loading Registration from {registrationPath}"); Log.Information("Loading Registration from {registrationPath}", registrationPath); using (var registrationStream = File.OpenRead(registrationPath)) client.Registration = AcmeRegistration.Load(registrationStream); } else { Console.Write("Enter an email address (not public, used for renewal fail notices): "); var email = Console.ReadLine().Trim(); var contacts = new string[] { }; if (!String.IsNullOrEmpty(email)) { Log.Debug("Registration email: {email}", email); email = "mailto:" + email; contacts = new string[] { email }; } Console.WriteLine("Calling Register"); Log.Information("Calling Register"); var registration = client.Register(contacts); if (!Options.AcceptTOS && !Options.Renew) { Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) "); if (!PromptYesNo()) return; } Console.WriteLine("Updating Registration"); Log.Information("Updating Registration"); client.UpdateRegistration(true, true); Console.WriteLine("Saving Registration"); Log.Information("Saving Registration"); using (var registrationStream = File.OpenWrite(registrationPath)) client.Registration.Save(registrationStream); Console.WriteLine("Saving Signer"); Log.Information("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); } if (Options.Renew) { CheckRenewals(); #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; } var targets = new List<Target>(); if (!Options.SAN) { foreach (var plugin in Target.Plugins.Values) { targets.AddRange(plugin.GetTargets()); } } else { foreach (var plugin in Target.Plugins.Values) { targets.AddRange(plugin.GetSites()); } } if (targets.Count == 0) { Console.WriteLine("No targets found."); Log.Error("No targets found."); } else { int HostsPerPage = 50; try { HostsPerPage = Properties.Settings.Default.HostsPerPage; } catch (Exception ex) { Log.Error("Error getting HostsPerPage setting, setting to default value. Error: {@ex}", ex); } var count = 1; if (targets.Count > HostsPerPage) { do { if ((count + HostsPerPage) <= targets.Count) { int stop = count + HostsPerPage; for (int i = count; i < stop; i++) { if (!Options.SAN) { Console.WriteLine($" {count}: {targets[count - 1]}"); } else { Console.WriteLine($" {count}: SAN - {targets[count - 1]}"); } count++; } } else { for (int i = count; i <= targets.Count; i++) { if (!Options.SAN) { Console.WriteLine($" {count}: {targets[count - 1]}"); } else { Console.WriteLine($" {count}: SAN - {targets[count - 1]}"); } count++; } } if (count < targets.Count) { Console.WriteLine(" Q: Quit"); Console.Write("Press enter to continue to next page "); var continueResponse = Console.ReadLine().ToLowerInvariant(); switch (continueResponse) { case "q": throw new Exception($"Requested to quit application"); default: break; } } } while (count < targets.Count); } else { foreach (var binding in targets) { Console.WriteLine($" {count}: {binding}"); count++; } } } Console.WriteLine(); foreach (var plugin in Target.Plugins.Values) { plugin.PrintMenu(); } Console.WriteLine(" A: Get certificates for all hosts"); Console.WriteLine(" Q: Quit"); Console.Write("Which host do you want to get a certificate for: "); var response = Console.ReadLine().ToLowerInvariant(); switch (response) { case "a": foreach (var target in targets) { Auto(target); } break; case "q": return; default: var targetId = 0; if (Int32.TryParse(response, out targetId)) { targetId--; if (targetId >= 0 && targetId < targets.Count) { var binding = targets[targetId]; Auto(binding); } } else { foreach (var plugin in Target.Plugins.Values) { plugin.HandleMenuResponse(response, targets); } } break; } } } } catch (Exception e) { Log.Error("Error {@e}", e); Console.ForegroundColor = ConsoleColor.Red; var acmeWebException = e as AcmeClient.AcmeWebException; if (acmeWebException != null) { Console.WriteLine(acmeWebException.Message); Console.WriteLine("ACME Server Returned:"); Console.WriteLine(acmeWebException.Response.ContentAsString); } else { Console.WriteLine(e); } Console.ResetColor(); } Console.WriteLine("Press enter to continue."); Console.ReadLine(); }
public static string RequestAndInstallInternal(Target target) { BaseURI = target.BaseUri ?? "https://acme-staging.api.letsencrypt.org/"; configPath = ConfigPath(BaseURI); try { webSiteClient = ArmHelper.GetWebSiteManagementClient(target); } catch (Exception ex) { Trace.TraceError("Unabled to create Azure Web Site Management client " + ex.ToString()); throw; } if (!Directory.Exists(configPath)) { Directory.CreateDirectory(configPath); } var email = target.Email; try { using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(configPath, "Signer"); if (File.Exists(signerPath)) { Trace.TraceInformation($"Loading Signer from {signerPath}"); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); } using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer)) { client.Init(); Trace.TraceInformation("\nGetting AcmeServerDirectory"); client.GetDirectory(true); var registrationPath = Path.Combine(configPath, "Registration"); if (File.Exists(registrationPath)) { Trace.TraceInformation($"Loading Registration from {registrationPath}"); using (var registrationStream = File.OpenRead(registrationPath)) client.Registration = AcmeRegistration.Load(registrationStream); } else { var contacts = new string[] { }; if (!String.IsNullOrEmpty(email)) { email = "mailto:" + email; contacts = new string[] { email }; } Trace.TraceInformation("Calling Register"); var registration = client.Register(contacts); Trace.TraceInformation($"Do you agree to {registration.TosLinkUri}? (Y/N) "); Trace.TraceInformation("Updating Registration"); client.UpdateRegistration(true, true); Trace.TraceInformation("Saving Registration"); using (var registrationStream = File.OpenWrite(registrationPath)) client.Registration.Save(registrationStream); Trace.TraceInformation("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); } // if (Options.Renew) // { // CheckRenewals(); //#if DEBUG // Trace.TraceInformation("Press enter to continue."); // Trace.ReadLine(); //#endif // return; // } return Auto(target); } } } catch (Exception e) { var acmeWebException = e as AcmeClient.AcmeWebException; if (acmeWebException != null) { Trace.TraceError(acmeWebException.Message); Trace.TraceError("ACME Server Returned:"); Trace.TraceError(acmeWebException.Response.ContentAsString); } else { Trace.TraceError(e.ToString()); } throw; } return null; }