private static void LoadCertificates(CertificateManager certificates) { var rsaCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.cert")); SecurityAssert.Assert(rsaCert.Count == 1); certificates.AddCertificate(rsaCert[0].RawData); var rsaKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.key")); SecurityAssert.Assert(rsaKey.Count == 1); certificates.AddPrivateKey(rsaKey[0].RawData); var ecCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.cert")); SecurityAssert.Assert(ecCert.Count == 1); certificates.AddCertificate(ecCert[0].RawData); var ecKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.key")); SecurityAssert.Assert(ecKey.Count == 1); certificates.AddPrivateKey(ecKey[0].RawData); var dhCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.cert")); SecurityAssert.Assert(dhCert.Count == 1); certificates.AddCertificate(dhCert[0].RawData); var dhKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.key")); SecurityAssert.Assert(dhKey.Count == 1); certificates.AddPrivateKey(dhKey[0].RawData); }
public void CertificateManager_AddCertificiate_AlreadyExists() { // Assemble byte[] cert = File.ReadAllBytes("test.cer"); CertificateManager manager = new CertificateManager(); manager.AddCertificate(cert);//Make sure its there already // Action ResponseType result = manager.AddCertificate(cert); // Assert result.Should().Be(ResponseType.AlreadyExists); }
public async Task <IHttpActionResult> GenerateAndInstall(GenerateAndInstallModel model, [FromUri(Name = "api-version")] string apiversion = null) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var mgr = new CertificateManager(model.AzureEnvironment, model.AcmeConfig, model.CertificateSettings, model.AuthorizationChallengeProviderConfig); return(Ok(await mgr.AddCertificate())); }
public void CertificateManager_AddCertificiate_Invalid() { // Assemble byte[] cert = File.ReadAllBytes("invalid.txt"); CertificateManager manager = new CertificateManager(); // Action ResponseType result = manager.AddCertificate(cert); // Assert result.Should().Be(ResponseType.InvalidCertificate); }
public void CertificateManager_AddCertificiate_Success() { // Assemble byte[] cert = File.ReadAllBytes("test.cer"); CertificateManager manager = new CertificateManager(); manager.RemoveCertificate(cert);//If its already there // Action ResponseType result = manager.AddCertificate(cert); // Assert result.Should().Be(ResponseType.Success); }
private static readonly RNGCryptoServiceProvider s_randomGenerator = new RNGCryptoServiceProvider(); // thread-safe public void Renew(RenewalParameters renewParams) { if (renewParams == null) { throw new ArgumentNullException(nameof(renewParams)); } Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewParams.WebApp); byte[] pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation("Adding SSL cert for '{0}'...", renewParams.WebApp); var manager = new CertificateManager( new AzureEnvironment( renewParams.TenantId, renewParams.SubscriptionId, renewParams.ClientId, renewParams.ClientSecret, renewParams.ResourceGroup, renewParams.WebApp, renewParams.ServicePlanResourceGroup, renewParams.SiteSlotName), new AcmeConfig { Host = renewParams.Hosts[0], AlternateNames = renewParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewParams.Email, RSAKeyLength = renewParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), #pragma warning disable S1075 BaseUri = (renewParams.AcmeBaseUri ?? new Uri("https://acme-v01.api.letsencrypt.org/")).ToString() #pragma warning restore S1075 }, new CertificateServiceSettings { UseIPBasedSSL = renewParams.UseIpBasedSsl }, new AuthProviderConfig()); manager.AddCertificate(); Trace.TraceInformation("SSL cert added successfully to '{0}'", renewParams.WebApp); }
private void SaveBtn_Click(object sender, EventArgs e) { try { if (string.IsNullOrEmpty(CertificateNameTextBox.Text)) { MessageBox.Show("Поле \"Название\" должно быть заполнено", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information); } else if (string.IsNullOrEmpty(CertificateNumberTextBox.Text)) { MessageBox.Show("Поле \"Номер сертификата\" должно быть заполнено", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information); } else if (string.IsNullOrEmpty(OrganizationComboBox.Text)) { MessageBox.Show("Нужно выбрать организацию", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information); } else { if (isEdit) { CertificateManager.EditCertificate(certificateId, CertificateNameTextBox.Text, CertificateNumberTextBox.Text, BeginDatePicker.Value, EndDatePicker.Value, currentOrganization.OrganizationId); } else { CertificateManager.AddCertificate(CertificateNameTextBox.Text, CertificateNumberTextBox.Text, BeginDatePicker.Value, EndDatePicker.Value, currentOrganization.OrganizationId); } DialogResult = DialogResult.OK; Close(); } } catch (DomainException CheckError) { MessageBox.Show(CheckError.Message, "Ошибка", MessageBoxButtons.OK, MessageBoxIcon.Warning); } }
public async Task AddCertificateDnsChallengeTest() { var config = new AppSettingsAuthConfig(); var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "letsencrypt"); var mgr = new CertificateManager(config, new AcmeConfig() { Host = "letsencrypt.ai4bots.com", PFXPassword = "******", RegistrationEmail = "*****@*****.**", RSAKeyLength = 2048 }, new WebAppCertificateService(config, new CertificateServiceSettings() { UseIPBasedSSL = config.UseIPBasedSSL }), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment)); var result = await mgr.AddCertificate(); Assert.IsNotNull(result); }
public static void Add(string path) { try { byte[] data = File.ReadAllBytes(path); CertificateManager manager = new CertificateManager(); ResponseType response = manager.AddCertificate(data); if (response == ResponseType.Success) { Console.WriteLine("Added Certificate: " + Path.GetFullPath(path)); } else { Console.WriteLine("Error: " + response.ToString()); } } catch { Console.WriteLine("Error: File doesn't exist at: " + Path.GetFullPath(path)); } }
public async Task AddCertificateHttpChallengeTest() { var config = new AppSettingsAuthConfig(); var mgr = new CertificateManager(config, new AcmeConfig() { Host = "letsencrypt.sjkp.dk", AlternateNames = new List <string>() { "letsencrypt2.sjkp.dk" }, PFXPassword = "******", RegistrationEmail = "*****@*****.**", RSAKeyLength = 2048 }, new WebAppCertificateService(config, new CertificateServiceSettings() { UseIPBasedSSL = config.UseIPBasedSSL }), new KuduFileSystemAuthorizationChallengeProvider(config, new AuthorizationChallengeProviderConfig())); var result = await mgr.AddCertificate(); Assert.IsNotNull(result); ValidateCertificate(new[] { result }, "https://letsencrypt.sjkp.dk"); }
private static async Task RenewCore(RenewalParameters renewalParams) { Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams); Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp); var pfxPassData = new byte[32]; s_randomGenerator.GetBytes(pfxPassData); Trace.TraceInformation( "Adding SSL cert for '{0}{1}'...", renewalParams.WebApp, renewalParams.GroupName == null ? string.Empty : $"[{renewalParams.GroupName}]"); var certServiceSettings = new CertificateServiceSettings { UseIPBasedSSL = renewalParams.UseIpBasedSsl }; var azureWebAppEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.WebApp, renewalParams.ServicePlanResourceGroup, renewalParams.SiteSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }; AzureWebAppEnvironment otherAzureWebAppEnvironment = null; WebAppCertificateService otherWebAppCertificateService = null; if (!string.IsNullOrEmpty(renewalParams.OtherWebAppResourceGroup) && !string.IsNullOrEmpty(renewalParams.OtherWebApp)) { otherAzureWebAppEnvironment = new AzureWebAppEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.OtherWebAppResourceGroup, renewalParams.OtherWebApp, renewalParams.ServicePlanResourceGroup, renewalParams.OtherSlotName) { AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName, AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri), ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint), TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService) }; otherWebAppCertificateService = new WebAppCertificateService(otherAzureWebAppEnvironment, certServiceSettings); } var azureStorageEnvironment = new AzureStorageEnvironment( renewalParams.TenantId, renewalParams.SubscriptionId, renewalParams.ClientId, renewalParams.ClientSecret, renewalParams.ResourceGroup, renewalParams.StorageConnectionString, renewalParams.StorageContainer); var webAppCertificateService = new WebAppCertificateService(azureWebAppEnvironment, certServiceSettings); var manager = new CertificateManager( azureWebAppEnvironment, new AcmeConfig { Host = renewalParams.Hosts[0], AlternateNames = renewalParams.Hosts.Skip(1).ToList(), RegistrationEmail = renewalParams.Email, RSAKeyLength = renewalParams.RsaKeyLength, PFXPassword = Convert.ToBase64String(pfxPassData), BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString() }, webAppCertificateService, new AzureStorageFileSystemAuthorizationChallengeProvider(azureStorageEnvironment)); if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0) { await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration); } else { var res = await manager.AddCertificate(); webAppCertificateService.RemoveExpired(); otherWebAppCertificateService?.Install(res); otherWebAppCertificateService?.RemoveExpired(); } Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp); }