public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer) { if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_DNS) { throw new InvalidDataException("unsupported Challenge type") .With("challengeType", cp.Type) .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_DNS); } //var token = (string)cp["token"]; var token = cp.Token; // This response calculation is described in: // https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.5 var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, token); var keyAuthzDig = JwsHelper.ComputeKeyAuthorizationDigest(signer, token); var ca = new DnsChallengeAnswer { KeyAuthorization = keyAuthz, }; var c = new DnsChallenge(cp.Type, ca) { Token = token, RecordName = $"{AcmeProtocol.DNS_CHALLENGE_NAMEPREFIX}{ip.Value}", RecordValue = keyAuthzDig, }; return(c); }
/// <summary> /// Returns a key-value pair that represents the HTTP resource path that /// needs to be configured (the key) and the resource content that should be returned /// for an HTTP request for this path on a server that the target DNS resolve to. /// </summary> /// <param name="dnsId"></param> /// <param name="signer"></param> /// <returns></returns> public KeyValuePair <string, string> GenerateHttpChallengeAnswer(string dnsId, ISigner signer) { var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, Token); return(new KeyValuePair <string, string>( $"{AcmeProtocol.HTTP_CHALLENGE_PATHPREFIX}{Token}", keyAuthz)); }
public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer) { if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_HTTP) { throw new InvalidDataException("unsupported Challenge type") .With("challengeType", cp.Type) .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_HTTP); } //var token = (string)cp["token"]; var token = cp.Token; // This response calculation is described in: // https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.2 var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, token); var path = $"{AcmeProtocol.HTTP_CHALLENGE_PATHPREFIX}{token}"; var url = $"http://{ip.Value}/{path}"; var ca = new HttpChallengeAnswer { KeyAuthorization = keyAuthz, }; var c = new HttpChallenge(cp.Type, ca) { Token = token, FileUrl = url, FilePath = path, FileContent = keyAuthz, }; return(c); }
public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer) { if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_SNI) { throw new InvalidDataException("unsupported Challenge type") .With("challengeType", cp.Type) .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_SNI); } var token = cp.Token; // This response calculation is described in: // https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3 var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, token); var keyAuthzDig = JwsHelper.ComputeKeyAuthorizationDigest(signer, token); LOG.Debug("Computed key authorization {0} and digest {1}", keyAuthz, keyAuthzDig); var ca = new TlsSniChallengeAnswer { KeyAuthorization = keyAuthz, }; var c = new TlsSniChallenge(cp.Type, ca) { Token = token, IterationCount = 1 // see: https://github.com/ietf-wg-acme/acme/pull/22 for reason n=1 }; return(c); }
/// <summary> /// </summary> /// <remarks> /// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 /// </remarks> public static TlsAlpn01ChallengeValidationDetails ResolveChallengeForTlsAlpn01( Authorization authz, Challenge challenge, IJwsTool signer) { var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, challenge.Token); return(new TlsAlpn01ChallengeValidationDetails { TokenValue = keyAuthz, }); }
/// <summary> /// </summary> /// <remarks> /// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-8.3 /// </remarks> public static Http01ChallengeValidationDetails ResolveChallengeForHttp01( Authorization authz, Challenge challenge, IJwsTool signer) { var keyAuthz = JwsHelper.ComputeKeyAuthorization( signer, challenge.Token); return(new Http01ChallengeValidationDetails { HttpResourceUrl = $@"http://{authz.Identifier.Value}/{ Http01ChallengeValidationDetails.HttpPathPrefix}/{ challenge.Token}", HttpResourcePath = $@"{Http01ChallengeValidationDetails.HttpPathPrefix}/{ challenge.Token}", HttpResourceContentType = Http01ChallengeValidationDetails.HttpResourceContentTypeDefault, HttpResourceValue = keyAuthz, }); }