public async Task GetAuthzWildcard()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var dnsIds = new[] { "*.mock.acme2.zyborg.io" };
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length);
Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length);
var authz = await acme.GetAuthorizationDetailsAsync(
order.Payload.Authorizations[0]);
Assert.IsNotNull(authz);
Assert.IsTrue(authz.Wildcard ?? false);
Assert.AreEqual(dnsIds[0], authz.Identifier.Value);
}
}
}
public async Task NewOrder()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var dnsIds = new[] { "foo.mock.acme2.zyborg.io" };
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
var order2 = await acme.GetOrderDetailsAsync(order.OrderUrl);
Assert.AreEqual(order?.Payload?.Finalize, order2?.Payload?.Finalize);
}
}
}
public async Task TestRotateAccountKey()
{
var testCtx = SetTestContext();
var newKey = new Crypto.JOSE.Impl.RSJwsTool();
newKey.Init();
var acct = await Clients.Acme.ChangeAccountKeyAsync(newKey);
testCtx.SaveObject("acct-keychanged.json", acct);
}
public async Task GetAuthzMulti()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var dnsIds = new[]
{
"foo1.mock.acme2.zyborg.io",
"foo2.mock.acme2.zyborg.io",
"foo3.mock.acme2.zyborg.io",
};
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length);
Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length);
var dnsIdsList = new List <string>(dnsIds);
foreach (var authzUrl in order.Payload.Authorizations)
{
var authz = await acme.GetAuthorizationDetailsAsync(authzUrl);
Assert.IsNotNull(authz);
Assert.IsFalse(authz.Wildcard ?? false);
Assert.IsTrue(dnsIdsList.Remove(authz.Identifier.Value),
"DNS Identifiers contains authz DNS Identifier");
}
Assert.AreEqual(0, dnsIdsList.Count);
}
}
}
public async Task AnswerChallenge()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var dnsIds = new[] { "foo.mock.acme2.zyborg.io" };
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length);
Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length);
var authzUrl = order.Payload.Authorizations[0];
var authz = await acme.GetAuthorizationDetailsAsync(authzUrl);
Assert.IsNotNull(authz);
Assert.IsFalse(authz.Wildcard ?? false);
Assert.AreEqual(dnsIds[0], authz.Identifier.Value);
foreach (var chlng in authz.Challenges)
{
var chlng2 = await acme.AnswerChallengeAsync(chlng.Url);
Assert.IsNotNull(chlng2);
Assert.AreEqual("valid", chlng2.Status);
}
}
}
}
public async Task FinalizeOrder()
{
using (var http = _server.CreateClient())
{
var dir = await GetDir();
var signer = new Crypto.JOSE.Impl.RSJwsTool();
signer.Init();
using (var acme = new AcmeProtocolClient(http, dir,
signer: signer))
{
await acme.GetNonceAsync();
var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" });
acme.Account = acct;
var dnsIds = new[] {
"foo.mock.acme2.zyborg.io",
"foo-alt-1.mock.acme2.zyborg.io",
"foo-alt-2.mock.acme2.zyborg.io",
"foo-alt-3.mock.acme2.zyborg.io",
};
var order = await acme.CreateOrderAsync(dnsIds);
Assert.IsNotNull(order?.OrderUrl);
Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length);
Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length);
var authzUrl = order.Payload.Authorizations[0];
var authz = await acme.GetAuthorizationDetailsAsync(authzUrl);
Assert.IsNotNull(authz);
Assert.IsFalse(authz.Wildcard ?? false);
Assert.AreEqual(dnsIds[0], authz.Identifier.Value);
foreach (var chlng in authz.Challenges)
{
var chlng2 = await acme.AnswerChallengeAsync(chlng.Url);
Assert.IsNotNull(chlng2);
Assert.AreEqual("valid", chlng2.Status);
}
var kpr = PkiKeyPair.GenerateRsaKeyPair(2048);
var csr = new PkiCertificateSigningRequest($"cn={dnsIds[0]}", kpr,
PkiHashAlgorithm.Sha256);
csr.CertificateExtensions.Add(
PkiCertificateExtension.CreateDnsSubjectAlternativeNames(dnsIds.Skip(1)));
var csrDer = csr.ExportSigningRequest(PkiEncodingFormat.Der);
var finalizedOrder = await acme.FinalizeOrderAsync(order.Payload.Finalize, csrDer);
Assert.AreEqual("valid", finalizedOrder.Payload.Status);
Assert.IsNotNull(finalizedOrder.Payload.Certificate);
var getResp = await acme.GetAsync(finalizedOrder.Payload.Certificate);
getResp.EnsureSuccessStatusCode();
using (var fs = new FileStream(
@"C:\local\prj\bek\ACMESharp\ACMESharpCore\test\ACMESharp.MockServer.UnitTests\finalize-cert.pem",
FileMode.Create))
{
await getResp.Content.CopyToAsync(fs);
}
}
}
}
