public void Test0170_GenCsrAndRequestCertificate() { var rsaKeys = CsrHelper.GenerateRsaPrivateKey(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-rsaKeys.txt", FileMode.Create)) { rsaKeys.Save(fs); } var csrDetails = new CsrHelper.CsrDetails { CommonName = TEST_CN1 }; var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csrDetails.txt", FileMode.Create)) { csrDetails.Save(fs); } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csr.txt", FileMode.Create)) { csr.Save(fs); } using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } byte[] derRaw; using (var bs = new MemoryStream()) { csr.ExportAsDer(bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var certRequ = client.RequestCertificate(derB64u); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Create)) { certRequ.Save(fs); } } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) throw new InvalidOperationException("No registrations found"); var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) throw new InvalidOperationException("No identifiers found"); var ii = v.Identifiers.GetByRef(Identifier); if (ii == null) throw new Exception("Unable to find an Identifier for the given reference"); var ci = new CertificateInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, IdentifierRef = ii.Id, }; if (Generate) { var csrDetails = new CsrHelper.CsrDetails { CommonName = ii.Dns, }; ci.GenerateDetailsFile = $"{ci.Id}-gen.json"; var asset = vp.CreateAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile); using (var s = vp.SaveAsset(asset)) { JsonHelper.Save(s, csrDetails); } } else { if (!File.Exists(KeyPemFile)) throw new FileNotFoundException("Missing specified RSA Key file path"); if (!File.Exists(CsrPemFile)) throw new FileNotFoundException("Missing specified CSR details file path"); var keyPemFile = $"{ci.Id}-key.pem"; var csrPemFile = $"{ci.Id}-csr.pem"; var keyAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile, true); var csrAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile); using (Stream fs = new FileStream(KeyPemFile, FileMode.Open), s = vp.SaveAsset(keyAsset)) { fs.CopyTo(s); } using (Stream fs = new FileStream(KeyPemFile, FileMode.Open), s = vp.SaveAsset(csrAsset)) { fs.CopyTo(s); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } if (v.Certificates == null) v.Certificates = new EntityDictionary<CertificateInfo>(); v.Certificates.Add(ci); vp.SaveVault(v); WriteObject(ci); } }
static string GetCertificate(TargetBinding binding) { var dnsIdentifier = binding.Host; var rsaKeys = CsrHelper.GenerateRsaPrivateKey(); var csrDetails = new CsrHelper.CsrDetails { CommonName = dnsIdentifier }; var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys); byte[] derRaw; using (var bs = new MemoryStream()) { csr.ExportAsDer(bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); Console.WriteLine($"\nRequesting Certificate"); var certRequ = client.RequestCertificate(derB64u); Console.WriteLine($" Request Status: {certRequ.StatusCode}"); //Console.WriteLine($"Refreshing Cert Request"); //client.RefreshCertificateRequest(certRequ); if (certRequ.StatusCode == System.Net.HttpStatusCode.Created) { var keyGenFile = Path.Combine(configPath, $"{dnsIdentifier}-gen-key.json"); var keyPemFile = Path.Combine(configPath, $"{dnsIdentifier}-key.pem"); var csrGenFile = Path.Combine(configPath, $"{dnsIdentifier}-gen-csr.json"); var csrPemFile = Path.Combine(configPath, $"{dnsIdentifier}-csr.pem"); var crtDerFile = Path.Combine(configPath, $"{dnsIdentifier}-crt.der"); var crtPemFile = Path.Combine(configPath, $"{dnsIdentifier}-crt.pem"); var crtPfxFile = Path.Combine(configPath, $"{dnsIdentifier}-all.pfx"); using (var fs = new FileStream(keyGenFile, FileMode.Create)) { rsaKeys.Save(fs); File.WriteAllText(keyPemFile, rsaKeys.Pem); } using (var fs = new FileStream(csrGenFile, FileMode.Create)) { csr.Save(fs); File.WriteAllText(csrPemFile, csr.Pem); } Console.WriteLine($" Saving Certificate to {crtDerFile}"); using (var file = File.Create(crtDerFile)) certRequ.SaveCertificate(file); using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.Create)) { CsrHelper.Crt.ConvertDerToPem(source, target); } // can't create a pfx until we get an irsPemFile, which seems to be some issuer cert thing. var isrPemFile = GetIssuerCertificate(certRequ); Console.WriteLine($" Saving Certificate to {crtPfxFile} (with no password set)"); CsrHelper.Crt.ConvertToPfx(keyPemFile, crtPemFile, isrPemFile, crtPfxFile, FileMode.Create); return crtPfxFile; } throw new Exception($"Request status = {certRequ.StatusCode}"); }