public X509Certificate2 CreateAndStoreTestCertificate(string domain, DateTime dateFrom, DateTime dateTo)
{
var cert = CertificateManager.GenerateSelfSignedCertificate(domain, dateFrom, dateTo);
CertificateManager.StoreCertificate(cert);
return(cert);
}
private Func <bool> PrepareChallengeResponse_TlsSni01(ILog log, ICertifiedServer iisManager, string domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth)
{
var requestConfig = managedCertificate.RequestConfig;
var tlsSniChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI);
if (tlsSniChallenge == null)
{
log.Warning($"No tls-sni-01 challenge to complete for {managedCertificate.Name}. Request cannot continue.");
return(() => false);
}
var sha256 = System.Security.Cryptography.SHA256.Create();
var z = new byte[tlsSniChallenge.HashIterationCount][];
// compute n sha256 hashes, where n=challengedata.iterationcount
z[0] = sha256.ComputeHash(Encoding.UTF8.GetBytes(tlsSniChallenge.Value));
for (var i = 1; i < z.Length; i++)
{
z[i] = sha256.ComputeHash(z[i - 1]);
}
// generate certs and install iis bindings
var cleanupQueue = new List <Action>();
var checkQueue = new List <Func <bool> >();
foreach (var hex in z.Select(b =>
BitConverter.ToString(b).Replace("-", "").ToLower()))
{
var sni = $"{hex.Substring(0, 32)}.{hex.Substring(32)}.acme.invalid";
log.Information($"Preparing binding at: https://{domain}, sni: {sni}");
var x509 = CertificateManager.GenerateSelfSignedCertificate(sni);
CertificateManager.StoreCertificate(x509);
var certStoreName = CertificateManager.GetStore().Name;
// iisManager.InstallCertificateforBinding(certStoreName, x509.GetCertHash(),
// managedCertificate.ServerSiteId, sni);
// add check to the queue
checkQueue.Add(() => _netUtil.CheckSNI(domain, sni).Result);
// add cleanup actions to queue
cleanupQueue.Add(() => iisManager.RemoveHttpsBinding(managedCertificate.ServerSiteId, sni));
cleanupQueue.Add(() => CertificateManager.RemoveCertificate(x509));
}
// configure cleanup to execute the cleanup queue
pendingAuth.Cleanup = () => cleanupQueue.ForEach(a => a());
// perform our own config checks
return(() => checkQueue.All(check => check()));
}
public bool InstallSelfSignedCert(string host, int port)
{
var certSubject = "Certify Admin Service";
var certStore = CertificateManager.DEFAULT_STORE_NAME;
var currentCert = CertificateManager.GetCertificateFromStore(certSubject, certStore);
var certUpdated = false;
// if cert expired will need a new one
if (currentCert != null && currentCert.NotAfter <= DateTime.Now)
{
CertificateManager.RemoveCertificate(currentCert, certStore);
currentCert = null;
}
if (currentCert == null)
{
// create and install new cert
var newCert = CertificateManager.GenerateSelfSignedCertificate(certSubject, DateTime.Now, DateTime.Now.AddYears(3), "[Certify Background API]");
currentCert = CertificateManager.StoreCertificate(newCert, storeName: certStore);
certUpdated = true;
}
// bind cert to our port
if (currentCert != null && certUpdated)
{
var deleteCertBinding = "http delete sslcert ipport=0.0.0.0:" + port;
var addCertBinding = "http add sslcert ipport=0.0.0.0:" + port + " certhash=" + currentCert.GetCertHashString() + " appid={af3a0c50-73eb-4159-a36f-82c7c77a2766}";
var procStartInfo = new ProcessStartInfo("netsh", deleteCertBinding)
{
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
var proc = Process.Start(procStartInfo);
proc.WaitForExit(10000);
procStartInfo.Arguments = addCertBinding;
proc = Process.Start(procStartInfo);
proc.WaitForExit(10000);
}
return(true);
}
public static ActionResult CreateCertificate(Session session)
{
ActionResult result;
var methodName =
MethodBase.GetCurrentMethod().Name;
session.Log("{0}: BEGIN", methodName);
try
{
var filePath =
session.CustomActionData["SessionData"];
var sessionData =
SessionManager.Load(filePath);
session.Log("{0}: Product Version = {1}", methodName, sessionData.InstallerVersion);
var certificate =
CertificateManager.GenerateSelfSignedCertificate();
sessionData.Certificate = certificate.Thumbprint;
session.Log("{0}: THUMBPRINT = {1}", methodName, sessionData.Certificate);
SessionManager.Save(filePath, sessionData);
result = ActionResult.Success;
}
catch (Exception e)
{
session.Log("{0}", e);
result = ActionResult.Failure;
}
session.Log("{0}: RESULT = {1}", methodName, result);
session.Log("{0}: END", methodName);
return(result);
}
