/// <inheritdoc /> public CertificateResponse GenerateSelfSignedCertificate(APICertificateRequest request) { //var certificate = CreateCertificate(request, true); AsymmetricKeyParameter myCAprivateKey = null; CertificateResponse response; _logger.LogDebug("Create CA Certificate for EIDAS Certificate request"); using (X509Certificate2 certificateAuthorityCertificate = CreateCertificateAuthorityCertificate($"CN={request.CommonName}CA", ref myCAprivateKey)) { _logger.LogDebug("Creating certificate based on CA"); //X509Certificate2 certificate = CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey("CN=" + certSubjectName, "CN=" + certSubjectName + "CA", myCAprivateKey); AsymmetricKeyParameter myPrivateKey = null; using (X509Certificate2 certificate = CreateSelfSignedCertificateBasedOnCertificateAuthorityPrivateKey(request, myCAprivateKey, ref myPrivateKey)) { TextWriter textWriter = new StringWriter(); PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(myPrivateKey); pemWriter.Writer.Flush(); string privateKey = textWriter.ToString(); response = new CertificateResponse() { EncodedCert = GetCertificateAsString(certificate), PrivateKey = privateKey }; } } return(response); }
private async Task <CertificateResponse> FlagServerAsync(CertificateResponse certificateResponse) { try { certificateResponse.remoteCreateDate = DateTime.UtcNow; if (!string.IsNullOrEmpty(certificateResponse?.remoteCreate)) { certificateResponse.remoteCreate = $"{certificateResponse.remoteCreate},{_certificateBotOptions.Value.serverIdentifier}"; } else { certificateResponse.remoteCreate = _certificateBotOptions.Value.serverIdentifier; } CertificateResponse updatedCert = await _certificateService .PostCertificateAsync(certificateResponse); return(updatedCert); } catch (Exception ex) { throw new Exception($"Could not flag server for locally saved certificate, {ex.Message}"); } }
private void SetIotDpsCertificate() { string certificate = string.Empty; FileInfo fileInfo = new FileInfo(this.Path); switch (fileInfo.Extension.ToLower(CultureInfo.InvariantCulture)) { case ".cer": var certificateByteContent = AzureSession.Instance.DataStore.ReadFileAsBytes(this.Path); certificate = Convert.ToBase64String(certificateByteContent); break; case ".pem": certificate = AzureSession.Instance.DataStore.ReadFileAsText(this.Path); break; default: certificate = this.Path; break; } certificate = Encoding.UTF8.GetString(Encoding.UTF8.GetBytes(certificate)); VerificationCodeRequest verificationCodeRequest = new VerificationCodeRequest(); verificationCodeRequest.Certificate = certificate; CertificateResponse certificateResponse = this.IotDpsClient.DpsCertificate.VerifyCertificate(this.CertificateName, this.Etag, verificationCodeRequest, this.ResourceGroupName, this.Name); this.WriteObject(IotDpsUtils.ToPSCertificateResponse(certificateResponse)); }
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message) where TResult : class { Verbose($"{method} {uri} {message?.GetType()}"); var nonceHeader = new AcmeHeader { Nonce = nonce }; Verbose($"sending nonce {nonce}"); HttpContent content = null; if (message != null) { var encodedMessage = jws.Encode(message, nonceHeader); var json = JsonConvert.SerializeObject(encodedMessage, new JsonSerializerSettings() { NullValueHandling = NullValueHandling.Ignore, Formatting = Formatting.Indented }); content = new StringContent(json, Encoding.UTF8, "application/json"); } var request = new HttpRequestMessage(method, uri) { Content = content }; var response = await client.SendAsync(request).ConfigureAwait(false); Verbose($"response status: {(int)response.StatusCode} {response.ReasonPhrase}"); RememberNonce(response); if (response.Content.Headers.ContentType.MediaType == "application/problem+json") { var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false); var problem = JsonConvert.DeserializeObject <Problem>(problemJson); Verbose($"error response from server: {problem.Type}: {problem.Detail}"); throw new AcmeException(problem, response); } if (typeof(TResult) == typeof(CertificateResponse) && response.Content.Headers.ContentType.MediaType == "application/pkix-cert") { var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false); var certificateResponse = new CertificateResponse() { Certificate = certificateBytes }; GetHeaderValues(response, certificateResponse); return(certificateResponse as TResult); } var responseContent = await response.Content.ReadAsAsync <TResult>().ConfigureAwait(false); GetHeaderValues(response, responseContent); return(responseContent); }
public async Task CreateAndDelete() { using MockContext context = MockContext.Start(GetType()); Initialize(context); var testName = "unitTestingDPSCertificatesCreateAndDelete"; ResourceGroup rg = await GetResourceGroupAsync(testName).ConfigureAwait(false); ProvisioningServiceDescription service = await GetServiceAsync(testName, rg.Name).ConfigureAwait(false); //add a cert await _provisioningClient.DpsCertificate .CreateOrUpdateAsync( rg.Name, testName, Constants.Certificate.Name, null, Constants.Certificate.Content) .ConfigureAwait(false); CertificateListDescription certificateList = await _provisioningClient.DpsCertificate .ListAsync(rg.Name, testName) .ConfigureAwait(false); certificateList.Value.Should().Contain(x => x.Name == Constants.Certificate.Name); // verify certificate details CertificateResponse certificateDetails = certificateList.Value.FirstOrDefault(x => x.Name == Constants.Certificate.Name); certificateDetails.Should().NotBeNull(); certificateDetails.Properties.Subject.Should().Be(Constants.Certificate.Subject); certificateDetails.Properties.Thumbprint.Should().Be(Constants.Certificate.Thumbprint); // can get a verification code VerificationCodeResponse verificationCodeResponse = await _provisioningClient.DpsCertificate .GenerateVerificationCodeAsync( certificateDetails.Name, certificateDetails.Etag, rg.Name, service.Name) .ConfigureAwait(false); verificationCodeResponse.Properties.Should().NotBeNull(); verificationCodeResponse.Properties.VerificationCode.Should().NotBeNullOrEmpty(); // delete certificate await _provisioningClient.DpsCertificate .DeleteAsync( rg.Name, verificationCodeResponse.Etag, service.Name, Constants.Certificate.Name) .ConfigureAwait(false); certificateList = await _provisioningClient.DpsCertificate .ListAsync(rg.Name, testName) .ConfigureAwait(false); certificateList.Value.Should().NotContain(x => x.Name == Constants.Certificate.Name); }
private static string SaveCertificateReturnedByServer(string domain, CertificateResponse response) { var certificatePath = Path.Combine(Environment.CurrentDirectory, $"{domain}.cer"); Info($"saving certificate returned by ACME server to {certificatePath}"); File.WriteAllBytes(certificatePath, response.Certificate); return(certificatePath); }
public async Task GetServerCertificatesFromEdgeletShouldReturnCert() { var workloadClient = new WorkloadClient(this.serverUri, WorkloadApiVersion, ModuleId, ModulegenerationId); CertificateResponse response = await workloadClient.CreateServerCertificateAsync("hostname", DateTime.UtcNow.AddDays(1)); Assert.Equal(new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem)), new X509Certificate2(Encoding.UTF8.GetBytes(response.Certificate))); Assert.Equal(TestCertificateHelper.PrivateKeyPem, response.PrivateKey.Bytes); }
private string SaveCertificateReturnedByServer(string domain, CertificateResponse response) { var certificatePath = Path.Combine(this.options.StoreDirectory, $"{domain}.cer"); Log.Info($"saving certificate returned by ACME server to {certificatePath}"); File.WriteAllBytes(certificatePath, response.Certificate); return(certificatePath); }
public void ParseCertificatesResponseInvalidCertificateShouldThrow() { var response = new CertificateResponse() { Certificate = "InvalidCert", }; Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response)); }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req) { string name = req.Query["name"]; CertificateResponse certificateResponse = await _certificateService .GetCertificateAsync(name); return(new OkObjectResult(certificateResponse)); }
ActionResult IDriver.CertDownload(string thumb) { CertificateResponse response = service.GetCertificate(thumb, Guid.Empty, token); return(new WebDavDownloadFileResult(new DirInfo() { ContentLenght = response.CertificateFileBytes.Length, DisplayName = thumb + ".cer" }, response.CertificateFileBytes, true)); }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req) { string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); CertificateResponse data = JsonConvert.DeserializeObject <CertificateResponse>(requestBody); CertificateResponse certificateResponse = await _certificateService. PostCertificateAsync(data); return(new OkObjectResult(certificateResponse)); }
private async Task <CertificateResponse> PostCertificateAsync() { CertificateResponse certificateResponse = new CertificateResponse { id = 123, name = "contoso.com", remoteCreateDate = DateTime.Now }; return(await _certificateService.PostCertificateAsync(certificateResponse)); }
public static async Task <(X509Certificate2 ServerCertificate, IEnumerable <X509Certificate2> CertificateChain)> GetServerCertificatesFromEdgelet(Uri workloadUri, string workloadApiVersion, string moduleId, string moduleGenerationId, string edgeHubHostname, DateTime expiration) { if (string.IsNullOrEmpty(edgeHubHostname)) { throw new InvalidOperationException($"{nameof(edgeHubHostname)} is required."); } CertificateResponse response = await new WorkloadClient(workloadUri, workloadApiVersion, moduleId, moduleGenerationId).CreateServerCertificateAsync(edgeHubHostname, expiration); return(ParseCertificateResponse(response)); }
public ActionResult GetCertificatesInfo(List <string> thumbprints, Guid?userId) { Guid token = CheckSessionAuthState(CurrentUser, _authService); if (token == Guid.Empty) { return(Json(new { Status = "logoff" }, JsonRequestBehavior.AllowGet)); } var certificates = new List <CertificateInfoContactAdd>(); foreach (string thumbprint in thumbprints) { CertificateResponse response = _cryptxService.GetCertificate(thumbprint, (userId == null ? Guid.Empty : (Guid)userId), token); CertificateInfo certificateInfo = response.Certificate; var curCert = new CertificateInfoContactAdd(); curCert.IsMyCert = certificateInfo.MyCertificate != null; if (certificateInfo.RecipientCertificate != null && certificateInfo.RecipientCertificate.FriendlyName != null) { curCert.FriendlyName = certificateInfo.RecipientCertificate.FriendlyName; } curCert.CertificateId = certificateInfo.CertificateId; curCert.SubjectName = certificateInfo.SubjectName; curCert.IssureName = certificateInfo.IssureName; curCert.Thumbprint = certificateInfo.Thumbprint; curCert.Organization = certificateInfo.Organization; curCert.IsTest = certificateInfo.IsTest; if (DateTime.Now < certificateInfo.NotBefore) { curCert.TimeMessage = "Недействителен до " + certificateInfo.NotBefore.Date.ToShortDateString().Replace("/", "."); } if (DateTime.Now > certificateInfo.NotBefore && DateTime.Now < certificateInfo.NotAfter) { curCert.TimeMessage = "Действителен до " + certificateInfo.NotAfter.Date.ToShortDateString().Replace("/", "."); } else { curCert.TimeMessage = "Недействителен с " + certificateInfo.NotAfter.Date.ToShortDateString().Replace("/", "."); } certificates.Add(curCert); } return(Json(new { Status = "ok", certificates }, JsonRequestBehavior.AllowGet)); }
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message, CancellationToken token) where TResult : class { var nonceHeader = new AcmeHeader { Nonce = _nonce }; var request = new HttpRequestMessage(method, uri); if (message != null) { var encodedMessage = _jws.Encode(message, nonceHeader); var json = JsonConvert.SerializeObject(encodedMessage, jsonSettings); request.Content = new StringContent(json, Encoding.UTF8, "application/json"); } var response = await _client.SendAsync(request, token).ConfigureAwait(false); RememberNonce(response); if (response.Content.Headers.ContentType.MediaType == "application/problem+json") { var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false); var problem = JsonConvert.DeserializeObject <Problem>(problemJson); throw new AcmeException(problem, response); } if (typeof(TResult) == typeof(CertificateResponse) && response.Content.Headers.ContentType.MediaType == "application/pkix-cert") { var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false); var certificateResponse = new CertificateResponse { Certificate = certificateBytes }; GetHeaderValues(response, certificateResponse); return(certificateResponse as TResult); } var responseText = await response.Content.ReadAsStringAsync().ConfigureAwait(false); var responseContent = JObject.Parse(responseText).ToObject <TResult>(); GetHeaderValues(response, responseContent); return(responseContent); }
public Task <CertificateResponse> CreateServerCertificateAsync(string api_version, string name, string genid, ServerCertificateRequest request) { var response = new CertificateResponse() { Certificate = $"{CertificateHelper.CertificatePem}\n{CertificateHelper.CertificatePem}", PrivateKey = new PrivateKey() { Type = PrivateKeyType.Key, Bytes = CertificateHelper.PrivateKeyPem } }; return(Task.FromResult(response)); }
public void ParseCertificatesResponseInvalidKeyShouldThrow() { var response = new CertificateResponse() { Certificate = TestCertificateHelper.CertificatePem, Expiration = DateTime.UtcNow.AddDays(1), PrivateKey = new PrivateKey() { Bytes = "InvalidKey" } }; Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response)); }
private async Task SaveCertificateFileAndFlagServer(CertificateResponse cert) { string folderPath = FolderNameHelper.GetFolderPath(cert.name, _certificateBotOptions.Value.saveCertificatePath); await SaveFileAsync(_pfxCertificateFileName, folderPath, cert.pfxUri); await SaveFileAsync(_privateKeyFileName, folderPath, cert.privateKeyUri); await SaveFileAsync(_primaryCertificateFileName, folderPath, cert.certificateUri); await SaveFileAsync(_caBundleFileName, folderPath, cert.intermediateCertificateUri); await SaveFileAsync(_fullChainCertificateFileName, folderPath, cert.fullChainCertificateUri); CertificateResponse certUpdated = await FlagServerAsync(cert); lstCertNames.Add(certUpdated.name); certificateResponses.Add(certUpdated); }
public async Task GetCertificateTest() { try { CertificateResponse certificateResponse = await _certificateService .GetCertificateAsync("shopeneur.com"); Assert.IsNotNull(certificateResponse); } catch (Exception ex) { string err = ex.Message; Assert.Fail(); } }
static async Task Main(string[] args) { CertificateResponse certificateResponse = await GetCertificateAsync(); Console.WriteLine($"GetCertificate returned : {JsonConvert.SerializeObject(certificateResponse)} \r\n"); List <CertificateResponse> lstCertificateResponse = await GetCertificateListAsync(); Console.WriteLine($"GetCertificateList returned : {JsonConvert.SerializeObject(lstCertificateResponse)} \r\n"); List <CertificateResponse> lstCertificateResponse1 = await PostCertificateRenewalAsync(); Console.WriteLine($"PostCertificateRenewal returned : {JsonConvert.SerializeObject(lstCertificateResponse1)} \r\n"); CertificateResponse certificateResponse1 = await PostCertificateAsync(); Console.WriteLine($"PostCertificate returned : {JsonConvert.SerializeObject(certificateResponse1)} \r\n"); }
public override AccessCredentials GetCredentials() { if (credentials != null && !credentials.AreExpired()) { return(credentials); } if (httpClient == null) { throw new ArgumentException("httpClient cannot be null or empty"); } if (clientCertificate == null) { throw new ArgumentException("clientCertificate cannot be null or empty"); } var t = Task.Run(async() => await httpClient.PostAsync(postEndpoint, null)); t.Wait(); var response = t.Result; var certResponse = new CertificateResponse(); if (response.IsSuccessStatusCode) { var content = response.Content.ReadAsStringAsync().Result; var contentBytes = Encoding.UTF8.GetBytes(content); using (var stream = new MemoryStream(contentBytes)) { certResponse = (CertificateResponse) new XmlSerializer(typeof(CertificateResponse)).Deserialize(stream); } } if (credentials == null && certResponse != null && certResponse.cr != null) { credentials = certResponse.cr.Credentials; } return(credentials); }
/// <summary> /// Получение информации по сертификату /// </summary> /// <param name="thumbprints"></param> /// <returns></returns> public ActionResult GetCertificatesInfo(List <string> thumbprints) { Guid token = CheckSessionAuthState(CurrentUser, _authService); if (token == Guid.Empty) { return(Json(new { status = "Error", errorCode = "401", errorMessage = "" }, JsonRequestBehavior.AllowGet)); } var certificates = new List <CertificateInfo>(); foreach (string thumbprint in thumbprints) { CertificateResponse response = _cryptxService.GetCertificate(thumbprint, Guid.Empty, token); certificates.Add(response.Certificate); } return(Json(new { certificates }, JsonRequestBehavior.AllowGet)); }
public async Task <CertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration) { var request = new ServerCertificateRequest { CommonName = hostname, Expiration = expiration }; using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri)) { var edgeletHttpClient = new HttpWorkloadClient(httpClient) { BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri) }; CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.apiVersion, this.moduleId, this.moduleGenerationId, request), "CreateServerCertificateAsync"); return(result); } }
public void ParseCertificatesResponseShouldReturnCert() { TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert); var response = new CertificateResponse() { Certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}", Expiration = DateTime.UtcNow.AddDays(1), PrivateKey = new PrivateKey() { Bytes = TestCertificateHelper.PrivateKeyPem } }; (X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateResponse(response); var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem)); Assert.Equal(expected, cert); Assert.True(cert.HasPrivateKey); Assert.Equal(chain.Count(), 1); Assert.Equal(expected, chain.First()); }
public override async Task <ServerCertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration) { var request = new ServerCertificateRequest { CommonName = hostname, Expiration = expiration }; using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri)) { var edgeletHttpClient = new HttpWorkloadClient(httpClient) { BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri) }; CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, request), "CreateServerCertificateAsync"); return(new ServerCertificateResponse() { Certificate = result.Certificate, PrivateKey = result.PrivateKey.Bytes }); } }
public async Task PostCertificateTest() { try { CertificateResponse certificateResponse = new CertificateResponse { id = 174, name = "shopeneur.com", remoteCreateDate = DateTime.UtcNow, remoteCreate = $"dev-server;test-server;prod-server" }; CertificateResponse _certificateResponse = await _certificateService .PostCertificateAsync(certificateResponse); Assert.IsNotNull(_certificateResponse); } catch (Exception ex) { string err = ex.Message; Assert.Fail(); } }
private async Task <TResult> SendAsync <TResult>(HttpMethod method, Uri uri, object message, CancellationToken token) where TResult : class { var hasNonce = _nonce != null; HttpResponseMessage response; do { var nonceHeader = new AcmeHeader { Nonce = _nonce }; var request = new HttpRequestMessage(method, uri); if (message != null) { var encodedMessage = _jws.Encode(message, nonceHeader); var json = JsonConvert.SerializeObject(encodedMessage, jsonSettings); request.Content = new StringContent(json, Encoding.UTF8, "application/json"); } response = await _client.SendAsync(request, token).ConfigureAwait(false); if (response.Headers.TryGetValues("Replay-Nonce", out var vals)) { _nonce = vals.FirstOrDefault(); } else { _nonce = null; } if (response.IsSuccessStatusCode || hasNonce || _nonce == null) { break; // either successful or no point in retry } hasNonce = true; // we only allow it once } while (true); if (response.Content.Headers.ContentType.MediaType == "application/problem+json") { var problemJson = await response.Content.ReadAsStringAsync().ConfigureAwait(false); var problem = JsonConvert.DeserializeObject <Problem>(problemJson); throw new AcmeException(problem, response); } if (typeof(TResult) == typeof(CertificateResponse) && response.Content.Headers.ContentType.MediaType == "application/pkix-cert") { var certificateBytes = await response.Content.ReadAsByteArrayAsync().ConfigureAwait(false); var certificateResponse = new CertificateResponse { Certificate = certificateBytes }; GetHeaderValues(response, certificateResponse); return(certificateResponse as TResult); } var responseText = await response.Content.ReadAsStringAsync().ConfigureAwait(false); var responseContent = JObject.Parse(responseText).ToObject <TResult>(); GetHeaderValues(response, responseContent); return(responseContent); }
internal static (X509Certificate2, IEnumerable <X509Certificate2>) ParseCertificateResponse(CertificateResponse response) { return(ParseCertificateAndKey(response.Certificate, response.PrivateKey.Bytes)); }
internal static (X509Certificate2, IEnumerable <X509Certificate2>) ParseCertificateResponse(CertificateResponse response) { IEnumerable <string> pemCerts = ParsePemCerts(response.Certificate); if (pemCerts.FirstOrDefault() == null) { throw new InvalidOperationException("Certificate is required"); } IEnumerable <X509Certificate2> certsChain = GetCertificatesFromPem(pemCerts.Skip(1)); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); IList <X509CertificateEntry> chain = new List <X509CertificateEntry>(); var sr = new StringReader(pemCerts.First() + "\r\n" + response.PrivateKey.Bytes); var pemReader = new PemReader(sr); RsaPrivateCrtKeyParameters keyParams = null; object certObject = pemReader.ReadObject(); while (certObject != null) { if (certObject is Org.BouncyCastle.X509.X509Certificate x509Cert) { chain.Add(new X509CertificateEntry(x509Cert)); } if (certObject is RsaPrivateCrtKeyParameters) { keyParams = ((RsaPrivateCrtKeyParameters)certObject); } certObject = pemReader.ReadObject(); } if (keyParams == null) { throw new InvalidOperationException("Private key is required"); } store.SetKeyEntry("Edge", new AsymmetricKeyEntry(keyParams), chain.ToArray()); using (var p12File = new MemoryStream()) { store.Save(p12File, new char[] { }, new SecureRandom()); var cert = new X509Certificate2(p12File.ToArray()); return(cert, certsChain); } }