Esempio n. 1
0
        private static async Task <IEnumerable <AuthorizationChallengeResponse> > RetrieveAuthz(ACMEClient acmeClient, Uri[] uris)
        {
            var challenges = new List <AuthorizationChallengeResponse>();

            foreach (Uri uri in uris)
            {
                try
                {
                    AuthorizationChallengeResponse result = await acmeClient.GetAuthorizationChallengeAsync(uri);

                    challenges.Add(result);
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
            }
            return(challenges);
        }
Esempio n. 2
0
        public async Task <Order> ValidateDomains()
        {
            if (acmeDirectory.NewAuthz != null)
            {
                Console.WriteLine("Target CA supports NewAuthz");
                Task <AuthorizationChallengeResponse>[] preAuthorizationChallenges = options.Domains.Where(x => !x.StartsWith("*"))
                                                                                     .Select(x => NewAuthorizationAsync(acmeClient, x))
                                                                                     .ToArray();

                AuthorizationChallengeResponse[] challengeResponses = await Task.WhenAll(preAuthorizationChallenges);
            }

            IEnumerable <OrderIdentifier> domains = options.Domains.Select(domain => new OrderIdentifier {
                Type = ChallengeType.DNSChallenge, Value = domain
            });
            Order order = await NewOrderAsync(acmeClient, domains);

            // todo: save order identifier
            Program.LogLine($"Order location: {order.Location}");

            Uri[] validations = order.Authorizations;
            var   dnsRecords  = new List <string>(order.Authorizations.Length);
            IEnumerable <AuthorizationChallengeResponse> auths = await RetrieveAuthz(acmeClient, validations);

            foreach (AuthorizationChallengeResponse item in auths)
            {
                Program.LogLine($"Processing validations for {item.Identifier.Value}");

                if (item.Status == ACMEStatus.Valid)
                {
                    Program.LogLine("Domain already validated succesfully.");
                    continue;
                }

                AuthorizationChallenge validChallenge = item.Challenges.Where(challenge => challenge.Status == ACMEStatus.Valid).FirstOrDefault();
                if (validChallenge != null)
                {
                    Program.LogLine("Found a valid challenge, skipping domain.", true);
                    Program.LogLine(validChallenge.Type, true);
                    continue;
                }

                // limit to DNS challenges, as we can handle them with Cloudflare.
                AuthorizationChallenge dnsChallenge = item.Challenges.FirstOrDefault(x => x.Type == "dns-01");
                Program.LogLine($"Got challenge for {item.Identifier.Value}");
                var recordId = await AddDNSEntry(item.Identifier.Value, dnsChallenge.AuthorizationToken);

                dnsRecords.Add(recordId);

                // validate the DNS record is accessible.
                await ValidateChallengeCompletion(dnsChallenge, item.Identifier.Value);

                AuthorizationChallengeResponse c = await CompleteChallenge(acmeClient, dnsChallenge);

                while (c.Status == ACMEStatus.Pending)
                {
                    await Task.Delay(5000);

                    c = await acmeClient.GetAuthorizationChallengeAsync(dnsChallenge.Url);
                }

                if (c.Status == ACMEStatus.Valid)
                {
                    // no reason to keep going, we have one succesfull challenge!
                    continue;
                }
            }

            var failedAuthorizations = new List <string>();

            foreach (Uri challenge in order.Authorizations)
            {
                AuthorizationChallengeResponse c;
                do
                {
                    await Task.Delay(5000);

                    c = await acmeClient.GetAuthorizationChallengeAsync(challenge);
                }while (c == null || c.Status == ACMEStatus.Pending);

                if (c.Status == ACMEStatus.Invalid)
                {
                    failedAuthorizations.Add(c.Identifier.Value);
                }
            }

            if (failedAuthorizations.Any())
            {
                throw new Exception($"Failed to authorize the following domains {string.Join(',', failedAuthorizations)}.");
            }

            return(order);
        }
Esempio n. 3
0
        private static async Task OrderDomains(ACMEClient acmeClient, params string[] domainNames)
        {
            IEnumerable <OrderIdentifier> domains = domainNames.Select(domain => new OrderIdentifier {
                Type = ChallengeType.DNSChallenge, Value = domain
            });

            Uri[] validations = null;
            Order order       = null;

            while (order == null)
            {
                order = await NewOrderAsync(acmeClient, domains);

                if (order == null)
                {
                    Console.WriteLine("Failed.. retrying");
                    await Task.Delay(5000);
                }
            }

            // todo: save order identifier
            Console.WriteLine($"Order location: {order.Location}");

            validations = order.Authorizations;
            IEnumerable <AuthorizationChallengeResponse> auths = await RetrieveAuthz(acmeClient, validations);

            foreach (AuthorizationChallengeResponse item in auths)
            {
                if (item.Status == ACMEStatus.Valid)
                {
                    Console.WriteLine("Domain already validated succesfully.");
                    continue;
                }

                AuthorizationChallenge validChallenge = item.Challenges.Where(challenge => challenge.Status == ACMEStatus.Valid).FirstOrDefault();
                if (validChallenge != null)
                {
                    Console.WriteLine("Found a valid challenge, skipping domain.");
                    Console.WriteLine(validChallenge.Type);
                    continue;
                }

                IEnumerable <AuthorizationChallenge> applicableChallenges = item.Wildcard ? item.Challenges.Where(x => x.Type == "dns-01") :
                                                                            item.Challenges;

                foreach (AuthorizationChallenge challenge in applicableChallenges)
                {
                    Console.WriteLine($"Status: {challenge.Status}");
                    Console.WriteLine($"Challenge: {challenge.Url}");
                    Console.WriteLine($"Type: {challenge.Type}");
                    Console.WriteLine($"Token: {challenge.Token}");
                    Console.WriteLine($"Value: {challenge.AuthorizationToken}");

                    if (challenge.Type == "http-01")
                    {
                        File.WriteAllText(challenge.Token, challenge.AuthorizationToken);
                        Console.WriteLine($"File saved as: {challenge.Token} in working directory.");
                        Console.WriteLine($"Please upload the file to {item.Identifier.Value}/.well-known/acme-challenge/{challenge.Token}");
                    }
                    else if (challenge.Type == "dns-01")
                    {
                        Console.WriteLine($"Please create a text entry for _acme-challenge.{item.Identifier.Value} with value: {challenge.AuthorizationToken}");
                    }
                    else
                    {
                        Console.WriteLine($"Unknown challenge type encountered '{challenge.Type}'. Please handle accourdingly.");
                    }

                    var result = HandleConsoleInput("Challenge completed? [y/n]", new[] { "y", "yes", "n", "no" });
                    if (result == "y" || result == "yes")
                    {
                        Console.WriteLine("Validating challenge");
                        var validation = await ValidateChallengeCompletion(challenge, item.Identifier.Value);

                        if (validation)
                        {
                            AuthorizationChallengeResponse c = await CompleteChallenge(acmeClient, challenge, challenge.AuthorizationToken);

                            while (c.Status == ACMEStatus.Pending)
                            {
                                await Task.Delay(5000);

                                c = await acmeClient.GetAuthorizationChallengeAsync(challenge.Url);
                            }

                            Console.WriteLine($"Challenge Status: {c.Status}");
                            if (c.Status == ACMEStatus.Valid)
                            {
                                // no reason to keep going, we have one succesfull challenge!
                                break;
                            }
                        }
                        else
                        {
                            Console.WriteLine($"Validation failed for {item.Identifier.Value}");
                        }
                    }
                    else
                    {
                        Console.WriteLine("Skipping challenge");
                    }
                }
            }

            foreach (Uri challenge in order.Authorizations)
            {
                AuthorizationChallengeResponse c;
                do
                {
                    c = await acmeClient.GetAuthorizationChallengeAsync(challenge);
                }while (c == null || c.Status == ACMEStatus.Pending);

                if (c.Status == ACMEStatus.Invalid)
                {
                    Console.WriteLine($"Failed to validate domain {c.Identifier.Value}. Aborting");
                    return;
                }
            }

            order = await acmeClient.UpdateOrderAsync(order);

            Console.WriteLine($"Order status:{order.Status}");

            while (order.Status == ACMEStatus.Processing)
            {
                Thread.Sleep(500);
                Console.WriteLine("Order status = processing; updating..");
                order = await acmeClient.UpdateOrderAsync(order);
            }

            var certKey = new RSACryptoServiceProvider(4096);

            SaveRSAKeyToFile(certKey, $"{FixFilename(order.Identifiers[0].Value)}.key");

            Order certOrder = null;

            try
            {
                certOrder = await acmeClient.RequestCertificateAsync(order, certKey);

                while (certOrder.Status == ACMEStatus.Processing)
                {
                    Thread.Sleep(500);
                    Console.WriteLine("Order status = processing; updating..");
                    certOrder = await acmeClient.UpdateOrderAsync(certOrder);
                }

                Console.WriteLine(certOrder.Status);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                return;
            }

            X509Certificate2 cert = await acmeClient.GetCertificateAsync(certOrder);

            var certdata          = cert.Export(X509ContentType.Cert);
            var publicKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.crt";

            File.WriteAllBytes(publicKeyFilename, certdata);
            Console.WriteLine($"Public certificate written to file {publicKeyFilename}");

            // combine the two!
            X509Certificate2 properCert = cert.CopyWithPrivateKey(certKey);

            Console.WriteLine("Enter password to secure PFX");
            System.Security.SecureString password = PasswordInput.ReadPassword();
            var pfxData = properCert.Export(X509ContentType.Pfx, password);

            var privateKeyFilename = $"{FixFilename(certOrder.Identifiers[0].Value)}.pfx";

            File.WriteAllBytes(privateKeyFilename, pfxData);
            Console.WriteLine($"Private certificate written to file {privateKeyFilename}");
        }