protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; AuthorizationState authzState = null; var ii = new IdentifierInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, RegistrationRef = ri.Id, Dns = Dns, }; try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); authzState = c.AuthorizeIdentifier(Dns); ii.Authorization = authzState; if (v.Identifiers == null) { v.Identifiers = new EntityDictionary <IdentifierInfo>(); } v.Identifiers.Add(ii); } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii)); return; } vlt.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; // If we're renaming the Alias, do that // first in case there are any problems if (NewAlias != null) { v.Registrations.Rename("0", NewAlias); ri.Alias = NewAlias == "" ? null : NewAlias; } if (!LocalOnly) { try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); r = c.UpdateRegistration(UseBaseUri, AcceptTos, Contacts); ri.Registration = r; } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ri)); return; } vlt.SaveVault(v); } ri.Label = StringHelper.IfNullOrEmpty(Label); ri.Memo = StringHelper.IfNullOrEmpty(Memo); vlt.SaveVault(v); WriteObject(r); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); AcmeRegistration r = null; var ri = new RegistrationInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, SignerProvider = Signer, }; try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); r = c.Register(Contacts); if (AcceptTos) { r = c.UpdateRegistration(agreeToTos: true); } ri.Registration = r; if (v.Registrations == null) { v.Registrations = new EntityDictionary <RegistrationInfo>(); } v.Registrations.Add(ri); } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ri)); return; } vlt.SaveVault(v); WriteObject(r); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(IdentifierRef); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); var challenge = c.SubmitChallengeAnswer(authzState, ChallengeType, UseBaseUri); ii.Challenges[ChallengeType] = challenge; } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii)); return; } vlt.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; if (!Force) { if (!authzState.IsPending()) { throw new InvalidOperationException( "authorization is not in pending state;" + " use Force flag to override this validation"); } if (authzState.Challenges.Any(_ => _.IsInvalid())) { throw new InvalidOperationException( "authorization already contains challenges in an invalid state;" + " use Force flag to override this validation"); } } try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); var challenge = c.SubmitChallengeAnswer(authzState, ChallengeType, UseBaseUri); ii.Challenges[ChallengeType] = challenge; } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii)); return; } vlt.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(CertificateRef); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } using (var cp = CertificateProvider.GetProvider()) { if (!string.IsNullOrEmpty(ci.GenerateDetailsFile)) { // Generate a private key and CSR: // Key: RSA 2048-bit // MD: SHA 256 // CSR: Details pulled from CSR Details JSON file CsrDetails csrDetails; var csrDetailsAsset = vlt.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile); using (var s = vlt.LoadAsset(csrDetailsAsset)) { csrDetails = JsonHelper.Load <CsrDetails>(s); } var keyGenFile = $"{ci.Id}-gen-key.json"; var keyPemFile = $"{ci.Id}-key.pem"; var csrGenFile = $"{ci.Id}-gen-csr.json"; var csrPemFile = $"{ci.Id}-csr.pem"; var keyGenAsset = vlt.CreateAsset(VaultAssetType.KeyGen, keyGenFile, getOrCreate: Force); var keyPemAsset = vlt.CreateAsset(VaultAssetType.KeyPem, keyPemFile, isSensitive: true, getOrCreate: Force); var csrGenAsset = vlt.CreateAsset(VaultAssetType.CsrGen, csrGenFile, getOrCreate: Force); var csrPemAsset = vlt.CreateAsset(VaultAssetType.CsrPem, csrPemFile, getOrCreate: Force); var genKeyParams = new RsaPrivateKeyParams(); var genKey = cp.GeneratePrivateKey(genKeyParams); using (var s = vlt.SaveAsset(keyGenAsset)) { cp.SavePrivateKey(genKey, s); } using (var s = vlt.SaveAsset(keyPemAsset)) { cp.ExportPrivateKey(genKey, EncodingFormat.PEM, s); } // TODO: need to surface details of the CSR params up higher var csrParams = new CsrParams { Details = csrDetails }; var genCsr = cp.GenerateCsr(csrParams, genKey, Crt.MessageDigest.SHA256); using (var s = vlt.SaveAsset(csrGenAsset)) { cp.SaveCsr(genCsr, s); } using (var s = vlt.SaveAsset(csrPemAsset)) { cp.ExportCsr(genCsr, EncodingFormat.PEM, s); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } byte[] derRaw; var asset = vlt.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile); // Convert the stored CSR in PEM format to DER using (var source = vlt.LoadAsset(asset)) { var csr = cp.ImportCsr(EncodingFormat.PEM, source); using (var target = new MemoryStream()) { cp.ExportCsr(csr, EncodingFormat.DER, target); derRaw = target.ToArray(); } } var derB64u = JwsHelper.Base64UrlEncode(derRaw); try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); ci.CertificateRequest = c.RequestCertificate(derB64u); } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ci)); return; } if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; var crtDerBytes = ci.CertificateRequest.GetCertificateContent(); var crtDerAsset = vlt.CreateAsset(VaultAssetType.CrtDer, crtDerFile); var crtPemAsset = vlt.CreateAsset(VaultAssetType.CrtPem, crtPemFile); using (Stream source = new MemoryStream(crtDerBytes), derTarget = vlt.SaveAsset(crtDerAsset), pemTarget = vlt.SaveAsset(crtPemAsset)) { var crt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(crt, EncodingFormat.DER, derTarget); ci.CrtDerFile = crtDerFile; cp.ExportCertificate(crt, EncodingFormat.PEM, pemTarget); ci.CrtPemFile = crtPemFile; } // Extract a few pieces of info from the issued // cert that we like to have quick access to var x509 = new X509Certificate2(ci.CertificateRequest.GetCertificateContent()); ci.SerialNumber = x509.SerialNumber; ci.Thumbprint = x509.Thumbprint; ci.SignatureAlgorithm = x509.SignatureAlgorithm?.FriendlyName; ci.Signature = x509.GetCertHashString(); } } vlt.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; if (ii.Challenges == null) { ii.Challenges = new Dictionary <string, AuthorizeChallenge>(); } if (ii.ChallengeCompleted == null) { ii.ChallengeCompleted = new Dictionary <string, DateTime?>(); } if (ii.ChallengeCleanedUp == null) { ii.ChallengeCleanedUp = new Dictionary <string, DateTime?>(); } // Resolve details from inline or profile attributes string challengeType = null; string handlerName = null; IReadOnlyDictionary <string, object> handlerParams = null; IReadOnlyDictionary <string, object> cliHandlerParams = null; if (HandlerParameters?.Count > 0) { cliHandlerParams = (IReadOnlyDictionary <string, object> )PoshHelper.Convert <string, object>(HandlerParameters); } if (!Force && !CleanUp) { if (!authzState.IsPending()) { throw new InvalidOperationException( "authorization is not in pending state;" + " use Force flag to override this validation"); } if (authzState.Challenges.Any(_ => _.IsInvalid())) { throw new InvalidOperationException( "authorization already contains challenges in an invalid state;" + " use Force flag to override this validation"); } } if (!string.IsNullOrEmpty(HandlerProfileRef)) { var ppi = v.ProviderProfiles.GetByRef(HandlerProfileRef, throwOnMissing: false); if (ppi == null) { throw new ItemNotFoundException("no Handler profile found for the given reference") .With(nameof(HandlerProfileRef), HandlerProfileRef); } var ppAsset = vlt.GetAsset(Vault.VaultAssetType.ProviderConfigInfo, ppi.Id.ToString()); ProviderProfile pp; using (var s = vlt.LoadAsset(ppAsset)) { pp = JsonHelper.Load <ProviderProfile>(s); } if (pp.ProviderType != ProviderType.CHALLENGE_HANDLER) { throw new InvalidOperationException("referenced profile does not resolve to a Challenge Handler") .With(nameof(HandlerProfileRef), HandlerProfileRef) .With("actualProfileProviderType", pp.ProviderType.ToString()); } if (!pp.ProfileParameters.ContainsKey(nameof(ChallengeType))) { throw new InvalidOperationException("handler profile is incomplete; missing Challenge Type") .With(nameof(HandlerProfileRef), HandlerProfileRef); } challengeType = (string)pp.ProfileParameters[nameof(ChallengeType)]; handlerName = pp.ProviderName; handlerParams = pp.InstanceParameters; if (cliHandlerParams != null) { WriteVerbose("Override Handler parameters specified"); if (handlerParams == null || handlerParams.Count == 0) { WriteVerbose("Profile does not define any parameters, using override parameters only"); handlerParams = cliHandlerParams; } else { WriteVerbose("Merging Handler override parameters with profile"); var mergedParams = new Dictionary <string, object>(); foreach (var kv in pp.InstanceParameters) { mergedParams[kv.Key] = kv.Value; } foreach (var kv in cliHandlerParams) { mergedParams[kv.Key] = kv.Value; } handlerParams = mergedParams; } } } else { challengeType = ChallengeType; handlerName = Handler; handlerParams = cliHandlerParams; } AuthorizeChallenge challenge = null; DateTime? challengeCompleted = null; DateTime? challengeCleanedUp = null; ii.Challenges.TryGetValue(challengeType, out challenge); ii.ChallengeCompleted.TryGetValue(challengeType, out challengeCompleted); ii.ChallengeCleanedUp.TryGetValue(challengeType, out challengeCleanedUp); try { if (challenge == null || RepeatDecoder) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); challenge = c.DecodeChallenge(authzState, challengeType); ii.Challenges[challengeType] = challenge; } } if (CleanUp && (RepeatHandler || challengeCleanedUp == null)) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); challenge = c.HandleChallenge(authzState, challengeType, handlerName, handlerParams, CleanUp); ii.ChallengeCleanedUp[challengeType] = DateTime.Now; } } else if (RepeatHandler || challengeCompleted == null) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); challenge = c.HandleChallenge(authzState, challengeType, handlerName, handlerParams); ii.ChallengeCompleted[challengeType] = DateTime.Now; } } } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii)); return; } vlt.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } // If we're renaming the Alias, do that // first in case there are any problems if (NewAlias != null) { v.Identifiers.Rename(IdentifierRef, NewAlias); ii.Alias = NewAlias == "" ? null : NewAlias; } var authzState = ii.Authorization; if (!LocalOnly) { try { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); if (string.IsNullOrEmpty(ChallengeType)) { authzState = c.RefreshIdentifierAuthorization(authzState, UseBaseUri); } else { c.RefreshAuthorizeChallenge(authzState, ChallengeType, UseBaseUri); } } ii.Authorization = authzState; } catch (AcmeClient.AcmeWebException ex) { ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ii)); return; } } ii.Label = StringHelper.IfNullOrEmpty(Label); ii.Memo = StringHelper.IfNullOrEmpty(Memo); vlt.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vlt = Util.VaultHelper.GetVault(VaultProfile)) { vlt.OpenStorage(); var v = vlt.LoadVault(); if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } IssuerCertificateInfo ici = null; if (!string.IsNullOrEmpty(ci.IssuerSerialNumber)) { v.IssuerCertificates.TryGetValue(ci.IssuerSerialNumber, out ici); } PrivateKey pk = null; Crt crt = null; Crt issCrt = null; var keyAsset = vlt.GetAsset(Vault.VaultAssetType.KeyPem, ci.KeyPemFile); var crtAsset = vlt.GetAsset(Vault.VaultAssetType.CrtPem, ci.CrtPemFile); var issCrtAsset = ici != null ? vlt.GetAsset(Vault.VaultAssetType.IssuerPem, ici.CrtPemFile) : null; // Resolve details from inline or profile attributes string installerName = null; IReadOnlyDictionary <string, object> installerParams = null; IReadOnlyDictionary <string, object> cliInstallerParams = null; if (InstallerParameters?.Count > 0) { cliInstallerParams = (IReadOnlyDictionary <string, object> )PoshHelper.Convert <string, object>(InstallerParameters); } if (!string.IsNullOrEmpty(InstallerProfileRef)) { var ppi = v.InstallerProfiles.GetByRef(InstallerProfileRef, throwOnMissing: false); if (ppi == null) { throw new ItemNotFoundException("no Installer profile found for the given reference") .With(nameof(InstallerProfileRef), InstallerProfileRef); } var ppAsset = vlt.GetAsset(Vault.VaultAssetType.InstallerConfigInfo, ppi.Id.ToString()); InstallerProfile ip; using (var s = vlt.LoadAsset(ppAsset)) { ip = JsonHelper.Load <InstallerProfile>(s); } installerName = ip.InstallerProvider; installerParams = ip.InstanceParameters; if (cliInstallerParams != null) { WriteVerbose("Override Installer parameters specified"); if (installerParams?.Count == 0) { WriteVerbose("Profile does not define any parameters, using override parameters only"); installerParams = cliInstallerParams; } else { WriteVerbose("Merging Installer override parameters with profile"); var mergedParams = new Dictionary <string, object>(); foreach (var kv in ip.InstanceParameters) { mergedParams[kv.Key] = kv.Value; } foreach (var kv in cliInstallerParams) { mergedParams[kv.Key] = kv.Value; } installerParams = mergedParams; } } } else { installerName = Installer; installerParams = cliInstallerParams; } using (var pki = PkiHelper.GetPkiTool(v.PkiTool)) { // Load the Private Key // TODO: This is UGLY, but it works for now! using (var s = vlt.LoadAsset(keyAsset)) { try { pk = pki.ImportPrivateKey <RsaPrivateKey>(EncodingFormat.PEM, s); } catch { } } if (pk == null) { using (var s = vlt.LoadAsset(keyAsset)) { try { pk = pki.ImportPrivateKey <EcKeyPair>(EncodingFormat.PEM, s); } catch { } } } if (pk == null) { throw new NotSupportedException("unknown or unsupported private key format"); } // Load the Certificate using (var s = vlt.LoadAsset(crtAsset)) { crt = pki.ImportCertificate(EncodingFormat.PEM, s); } // Load the Issuer Certificate if (issCrtAsset != null) { using (var s = vlt.LoadAsset(issCrtAsset)) { issCrt = pki.ImportCertificate(EncodingFormat.PEM, s); } } // Finally, instantiate and invoke the installer var installerProvider = InstallerExtManager.GetProvider(installerName); using (var installer = installerProvider.GetInstaller(installerParams)) { var chain = new Crt[0]; if (issCrt != null) { chain = new[] { issCrt } } ; installer.Install(pk, crt, chain, pki); } } //try //{ //} //catch (AcmeClient.AcmeWebException ex) //{ // ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ci)); // return; //} } } }