コード例 #1
0
        private static async Task <IOrderContext> AuthorizeHttp(AcmeContext ctx, IList <string> hosts)
        {
            for (var i = 0; i < 10; ++i)
            {
                var orderCtx = await ctx.NewOrder(hosts);

                var order = await orderCtx.Resource();

                Assert.NotNull(order);
                Assert.Equal(hosts.Count, order.Authorizations?.Count);
                Assert.True(OrderStatus.Pending == order.Status || OrderStatus.Ready == order.Status || OrderStatus.Processing == order.Status);

                var authrizations = await orderCtx.Authorizations();

                foreach (var authz in authrizations)
                {
                    var httpChallenge = await authz.Http();

                    await httpChallenge.Validate();
                }

                while (true)
                {
                    await Task.Delay(100);

                    var statuses = new List <AuthorizationStatus>();
                    foreach (var authz in authrizations)
                    {
                        var a = await authz.Resource();

                        statuses.Add(a.Status ?? AuthorizationStatus.Pending);
                    }

                    if (statuses.All(s => s == AuthorizationStatus.Valid))
                    {
                        return(orderCtx);
                    }


                    if (statuses.Any(s => s == AuthorizationStatus.Invalid))
                    {
                        break;
                    }
                }
            }

            Assert.True(false, "Authorization failed.");
            return(null);
        }
コード例 #2
0
ファイル: Readme.cs プロジェクト: jimmytoenners/certes
        public async Task Account()
        {
            var acmeDir = await IntegrationHelper.GetAcmeUriV2();

            var accountKey = Helper.GetKeyV2(KeyAlgorithm.RS256);
            var httpClient = IntegrationHelper.GetAcmeHttpClient(acmeDir);

            var acme    = new AcmeContext(acmeDir, accountKey, httpClient);
            var account = await acme.Account();

            var order = await acme.NewOrder(new[] { "www.certes-ci.dymetis.com" });

            var authz         = (await order.Authorizations()).First();
            var httpChallenge = await authz.Http();

            var token    = httpChallenge.Token;
            var keyAuthz = httpChallenge.KeyAuthz;

            var orderUri = order.Location;

            await httpChallenge.Validate();

            var res = await authz.Resource();

            while (res.Status != AuthorizationStatus.Valid && res.Status != AuthorizationStatus.Invalid)
            {
                res = await authz.Resource();
            }

            acme  = new AcmeContext(acmeDir, accountKey, httpClient);
            order = acme.Order(orderUri);
            var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
            var cert       = await order.Generate(new CsrInfo
            {
                CountryName      = "CA",
                State            = "Ontario",
                Locality         = "Toronto",
                Organization     = "Certes",
                OrganizationUnit = "Dev",
                CommonName       = "www.certes-ci.dymetis.com",
            }, privateKey, null);

            var pfxBuilder = cert.ToPfx(privateKey);

            pfxBuilder.AddTestCerts();
            var pfx = pfxBuilder.Build("my-cert", "abcd1234");
        }
コード例 #3
0
            public async Task CanGenerateCertificateTlsAlpn()
            {
                var dirUri = await GetAcmeUriV2();

                var hosts    = new[] { $"{DomainSuffix}.tls-alpn.certes-ci.dymetis.com" };
                var ctx      = new AcmeContext(dirUri, GetKeyV2(), http: GetAcmeHttpClient(dirUri));
                var orderCtx = await ctx.NewOrder(hosts);

                var order = await orderCtx.Resource();

                Assert.NotNull(order);
                Assert.Equal(hosts.Length, order.Authorizations?.Count);
                Assert.True(
                    OrderStatus.Ready == order.Status || OrderStatus.Pending == order.Status || OrderStatus.Processing == order.Status,
                    $"Invalid order status: {order.Status}");

                var authrizations = await orderCtx.Authorizations();

                foreach (var authzCtx in authrizations)
                {
                    var authz = await authzCtx.Resource();

                    var tlsAlpnChallenge = await authzCtx.TlsAlpn();

                    var alpnCertKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
                    var alpnCert    = ctx.AccountKey.TlsAlpnCertificate(tlsAlpnChallenge.Token, authz.Identifier.Value, alpnCertKey);

                    await SetupValidationResponder(authz, alpnCert, alpnCertKey);

                    await tlsAlpnChallenge.Validate();
                }

                while (true)
                {
                    await Task.Delay(100);

                    var statuses = new List <AuthorizationStatus>();
                    foreach (var authz in authrizations)
                    {
                        var a = await authz.Resource();

                        statuses.Add(a.Status ?? AuthorizationStatus.Pending);
                    }

                    if (statuses.All(s => s == AuthorizationStatus.Valid || s == AuthorizationStatus.Invalid))
                    {
                        break;
                    }
                }

                var certKey        = KeyFactory.NewKey(KeyAlgorithm.RS256);
                var finalizedOrder = await orderCtx.Finalize(new CsrInfo
                {
                    CountryName      = "CA",
                    State            = "Ontario",
                    Locality         = "Toronto",
                    Organization     = "Certes",
                    OrganizationUnit = "Dev",
                    CommonName       = hosts[0],
                }, certKey);

                var certChain = await orderCtx.Download(null);

                var pfxBuilder = certChain.ToPfx(certKey);

                pfxBuilder.AddTestCerts();

                var pfx = pfxBuilder.Build("my-pfx", "abcd1234");

                // revoke certificate
                var certParser  = new X509CertificateParser();
                var certificate = certParser.ReadCertificate(certChain.Certificate.ToDer());
                var der         = certificate.GetEncoded();

                await ctx.RevokeCertificate(der, RevocationReason.Unspecified, null);

                // deactivate authz so the subsequence can trigger challenge validation
                foreach (var authz in authrizations)
                {
                    var authzRes = await authz.Deactivate();

                    Assert.Equal(AuthorizationStatus.Deactivated, authzRes.Status);
                }
            }
コード例 #4
0
        protected async Task CanGenerateCertificateWithEC(KeyAlgorithm algo)
        {
            var dirUri = await GetAcmeUriV2();

            var hosts    = new[] { $"www-ec-{DomainSuffix}.{algo}.certes-ci.dymetis.com".ToLower() };
            var ctx      = new AcmeContext(dirUri, GetKeyV2(algo), http: GetAcmeHttpClient(dirUri));
            var orderCtx = await ctx.NewOrder(hosts);

            var order = await orderCtx.Resource();

            Assert.NotNull(order);
            Assert.Equal(hosts.Length, order.Authorizations?.Count);
            Assert.True(OrderStatus.Pending == order.Status || OrderStatus.Processing == order.Status);

            var authrizations = await orderCtx.Authorizations();

            foreach (var authz in authrizations)
            {
                var httpChallenge = await authz.Http();

                await httpChallenge.Validate();
            }

            while (true)
            {
                await Task.Delay(100);

                var statuses = new List <AuthorizationStatus>();
                foreach (var authz in authrizations)
                {
                    var a = await authz.Resource();

                    statuses.Add(a.Status ?? AuthorizationStatus.Pending);
                }

                if (statuses.All(s => s == AuthorizationStatus.Valid || s == AuthorizationStatus.Invalid))
                {
                    break;
                }
            }

            var certKey        = KeyFactory.NewKey(algo);
            var finalizedOrder = await orderCtx.Finalize(new CsrInfo
            {
                CountryName      = "CA",
                State            = "Ontario",
                Locality         = "Toronto",
                Organization     = "Certes",
                OrganizationUnit = "Dev",
                CommonName       = hosts[0],
            }, certKey);

            var cert = await orderCtx.Download();

            var x509 = new X509Certificate2(cert.Certificate.ToDer());

            Assert.Contains(hosts[0], x509.Subject);

            // deactivate authz so the subsequence can trigger challenge validation
            foreach (var authz in authrizations)
            {
                var authzRes = await authz.Deactivate();

                Assert.Equal(AuthorizationStatus.Deactivated, authzRes.Status);
            }
        }
コード例 #5
0
        protected async Task <IOrderContext> AuthzDns(AcmeContext ctx, string[] hosts)
        {
            var orderCtx = await ctx.NewOrder(hosts);

            var order = await orderCtx.Resource();

            Assert.NotNull(order);
            Assert.Equal(hosts.Length, order.Authorizations?.Count);
            Assert.True(OrderStatus.Pending == order.Status || OrderStatus.Processing == order.Status);

            var authrizations = await orderCtx.Authorizations();

            var tokens = new Dictionary <string, string>();

            foreach (var authz in authrizations)
            {
                var res = await authz.Resource();

                var dnsChallenge = await authz.Dns();

                tokens.Add(res.Identifier.Value, dnsChallenge.Token);
            }

            await DeployDns01(KeyAlgorithm.ES256, tokens);

            await Task.Delay(1000);

            foreach (var authz in authrizations)
            {
                var res = await authz.Resource();

                var dnsChallenge = await authz.Dns();

                await dnsChallenge.Validate();
            }

            while (true)
            {
                await Task.Delay(100);

                var statuses = new List <AuthorizationStatus>();
                foreach (var authz in authrizations)
                {
                    var a = await authz.Resource();

                    if (AuthorizationStatus.Invalid == a.Status)
                    {
                        return(null);
                    }
                    else
                    {
                        statuses.Add(a.Status ?? AuthorizationStatus.Pending);
                    }
                }

                if (statuses.All(s => s == AuthorizationStatus.Valid))
                {
                    break;
                }
            }

            return(orderCtx);
        }