protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (UseSystem) { v.Proxy = null; } else { v.Proxy = new Vault.ProxyConfig { UseNoProxy = UseNoProxy, ProxyURI = UseProxy, UseDefCred = DefaultCredential, Username = Credential?.UserName, PasswordEncoded = Credential?.GetNetworkCredential()?.Password, }; if (!string.IsNullOrEmpty(v.Proxy.PasswordEncoded)) { v.Proxy.PasswordEncoded = Convert.ToBase64String(Encoding.Unicode.GetBytes( v.Proxy.PasswordEncoded)); } }; vp.SaveVault(v); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.IssuerCertificates == null || v.IssuerCertificates.Count < 1) { throw new InvalidOperationException("No issuer certificates found"); } if (string.IsNullOrEmpty(SerialNumber)) { WriteObject(v.IssuerCertificates.Values, true); } else { if (!v.IssuerCertificates.ContainsKey(SerialNumber)) { throw new ItemNotFoundException("Unable to find an Issuer Certificate for the given serial number"); } WriteObject(v.IssuerCertificates[SerialNumber]); } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.ProviderConfigs == null || v.ProviderConfigs.Count < 1) { throw new InvalidOperationException("No provider configs found"); } if (List) { foreach (var item in v.ProviderConfigs.Values) { WriteObject(item); } } else { var pc = v.ProviderConfigs.GetByRef(Ref); if (pc == null) { throw new Exception("Unable to find Provider Config for the given reference"); } var pcFilePath = Path.GetFullPath($"{pc.Id}.json"); WriteObject(pcFilePath); } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(Ref); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; if (!LocalOnly) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); if (string.IsNullOrEmpty(Challenge)) { authzState = c.RefreshIdentifierAuthorization(authzState, UseBaseURI); ii.AuthorizationUpdate = authzState; } else { c.RefreshAuthorizeChallenge(authzState, Challenge, UseBaseURI); ii.Authorization = authzState; } } } v.Alias = StringHelper.IfNullOrEmpty(Alias); v.Label = StringHelper.IfNullOrEmpty(Label); v.Memo = StringHelper.IfNullOrEmpty(Memo); vp.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { var pc = new ProviderConfig { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, DnsProvider = DnsProvider, WebServerProvider = WebServerProvider, }; var pcFilePath = Path.GetFullPath($"{pc.Id}.json"); using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.ProviderConfigs == null) { v.ProviderConfigs = new EntityDictionary <ProviderConfig>(); } v.ProviderConfigs.Add(pc); vp.SaveVault(v); } // TODO: this is *so* hardcoded, clean // up this provider resolution mechanism Stream s = null; if (!string.IsNullOrEmpty(DnsProvider)) { s = typeof(ProviderConfig).Assembly.GetManifestResourceStream( "LetsEncrypt.ACME.POSH.ProviderConfigSamples." + $"dnsInfo.json.sample-{DnsProvider}DnsProvider"); } if (!string.IsNullOrEmpty(WebServerProvider)) { s = typeof(ProviderConfig).Assembly.GetManifestResourceStream( "LetsEncrypt.ACME.POSH.ProviderConfigSamples." + $"webServerInfo.json.sample-{WebServerProvider}WebServerProvider"); } using (var fs = new FileStream(pcFilePath, FileMode.CreateNew)) { s.CopyTo(fs); } s.Close(); s.Dispose(); WriteObject(pcFilePath); }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.IssuerCertificates == null || v.IssuerCertificates.Count < 1) { throw new InvalidOperationException("No issuer certificates found"); } if (string.IsNullOrEmpty(SerialNumber)) { WriteObject(v.IssuerCertificates.Values, true); } else { if (!v.IssuerCertificates.ContainsKey(SerialNumber)) { throw new ItemNotFoundException("Unable to find an Issuer Certificate for the given serial number"); } var ic = v.IssuerCertificates[SerialNumber]; var mode = Overwrite ? FileMode.Create : FileMode.CreateNew; if (!string.IsNullOrEmpty(ExportCertificatePEM)) { if (string.IsNullOrEmpty(ic.CrtPemFile)) { throw new InvalidOperationException("Cannot export CRT; CRT hasn't been retrieved"); } GetCertificate.CopyTo(vp, Vault.VaultAssetType.IssuerPem, ic.CrtPemFile, ExportCertificatePEM, mode); } if (!string.IsNullOrEmpty(ExportCertificateDER)) { if (string.IsNullOrEmpty(ic.CrtDerFile)) { throw new InvalidOperationException("Cannot export CRT; CRT hasn't been retrieved"); } GetCertificate.CopyTo(vp, Vault.VaultAssetType.IssuerDer, ic.CrtDerFile, ExportCertificateDER, mode); } WriteObject(v.IssuerCertificates[SerialNumber]); } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(Force); var v = vp.LoadVault(); v.Alias = StringHelper.IfNullOrEmpty(Alias); v.Label = StringHelper.IfNullOrEmpty(Label); v.Memo = StringHelper.IfNullOrEmpty(Memo); v.BaseURI = StringHelper.IfNullOrEmpty(BaseURI); vp.SaveVault(v); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.ProviderConfigs == null || v.ProviderConfigs.Count < 1) { throw new InvalidOperationException("No provider configs found"); } if (List) { foreach (var item in v.ProviderConfigs.Values) { WriteObject(item); } } else { var pc = v.ProviderConfigs.GetByRef(Ref); if (pc == null) { throw new Exception("Unable to find Provider Config for the given reference"); } var pcFilePath = Path.GetFullPath($"{pc.Id}.json"); // Copy out the asset to a temp file for editing var pcAsset = vp.GetAsset(VaultAssetType.ProviderConfigInfo, $"{pc.Id}.json"); var temp = Path.GetTempFileName(); using (var s = vp.LoadAsset(pcAsset)) { using (var fs = new FileStream(temp, FileMode.Create)) { s.CopyTo(fs); } } NewProviderConfig.EditFile(temp, EditWith); using (Stream fs = new FileStream(temp, FileMode.Open), assetStream = vp.SaveAsset(pcAsset)) { fs.CopyTo(assetStream); } } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; AuthorizationState authzState = null; var ii = new IdentifierInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, RegistrationRef = ri.Id, Dns = Dns, }; using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); authzState = c.AuthorizeIdentifier(Dns); ii.Authorization = authzState; if (v.Identifiers == null) { v.Identifiers = new EntityDictionary <IdentifierInfo>(); } v.Identifiers.Add(ii); } vp.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; WriteObject(r); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(Ref); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); var challenge = c.SubmitAuthorizeChallengeAnswer(authzState, Challenge, UseBaseURI); ii.Challenges[Challenge] = challenge; } vp.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } if (string.IsNullOrEmpty(Ref)) { int seq = 0; WriteObject(v.Identifiers.Values.Select(x => new { Seq = seq++, Id = x.Id, Alias = x.Alias, Label = x.Label, Dns = x.Dns, Status = x.Authorization.Status }), true); } else { var ii = v.Identifiers.GetByRef(Ref); if (ii == null) { throw new ItemNotFoundException("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; WriteObject(authzState); } } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (GetInitialDirectory.HasValue) { v.GetInitialDirectory = GetInitialDirectory.Value; } if (UseRelativeInitialDirectory.HasValue) { v.UseRelativeInitialDirectory = UseRelativeInitialDirectory.Value; } if (!string.IsNullOrEmpty(IssuerCert)) { SetResEntry(v.ServerDirectory, AcmeServerDirectory.RES_ISSUER_CERT, IssuerCert); } if (!string.IsNullOrEmpty(Resource) && !string.IsNullOrEmpty(Resource)) { SetResEntry(v.ServerDirectory, Resource, Path); } if (ResourceMap != null) { foreach (var ent in ResourceMap) { var dent = (DictionaryEntry)ent; SetResEntry(v.ServerDirectory, dent.Key as string, dent.Value as string); } } vp.SaveVault(v); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); AcmeRegistration r = null; var ri = new RegistrationInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, SignerProvider = Signer, }; using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); r = c.Register(Contacts); ri.Registration = r; if (v.Registrations == null) { v.Registrations = new EntityDictionary <RegistrationInfo>(); } v.Registrations.Add(ri); } vp.SaveVault(v); WriteObject(r); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (!LocalOnly) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); r = c.UpdateRegistration(UseBaseURI, AcceptTOS, Contacts); ri.Registration = r; } vp.SaveVault(v); } v.Alias = StringHelper.IfNullOrEmpty(Alias); v.Label = StringHelper.IfNullOrEmpty(Label); v.Memo = StringHelper.IfNullOrEmpty(Memo); vp.SaveVault(v); WriteObject(r); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(Ref); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; if (ii.Challenges == null) { ii.Challenges = new Dictionary <string, AuthorizeChallenge>(); } if (ii.ChallengeCompleted == null) { ii.ChallengeCompleted = new Dictionary <string, DateTime?>(); } if (v.ProviderConfigs == null || v.ProviderConfigs.Count < 1) { throw new InvalidOperationException("No provider configs found"); } var pc = v.ProviderConfigs.GetByRef(ProviderConfig); if (pc == null) { throw new InvalidOperationException("Unable to find a Provider Config for the given reference"); } var pcFilePath = Path.GetFullPath($"{pc.Id}.json"); AuthorizeChallenge challenge = null; DateTime? challengCompleted = null; ii.Challenges.TryGetValue(Challenge, out challenge); ii.ChallengeCompleted.TryGetValue(Challenge, out challengCompleted); if (challenge == null || Regenerate) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); challenge = c.GenerateAuthorizeChallengeAnswer(authzState, Challenge); ii.Challenges[Challenge] = challenge; } } if (Repeat || challengCompleted == null) { if (Challenge == "dns") { if (string.IsNullOrEmpty(pc.DnsProvider)) { throw new InvalidOperationException("Referenced Provider Configuration does not support the selected Challenge"); } var dnsName = challenge.ChallengeAnswer.Key; var dnsValue = Regex.Replace(challenge.ChallengeAnswer.Value, "\\s", ""); var dnsValues = Regex.Replace(dnsValue, "(.{100,100})", "$1\n").Split('\n'); using (var fs = new FileStream(pcFilePath, FileMode.Open)) { var dnsInfo = DnsInfo.Load(fs); dnsInfo.Provider.EditTxtRecord(dnsName, dnsValues); ii.ChallengeCompleted[Challenge] = DateTime.Now; } } else if (Challenge == "simpleHttp") { if (string.IsNullOrEmpty(pc.WebServerProvider)) { throw new InvalidOperationException("Referenced Provider Configuration does not support the selected Challenge"); } var wsFilePath = challenge.ChallengeAnswer.Key; var wsFileBody = challenge.ChallengeAnswer.Value; var wsFileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); using (var fs = new FileStream(pcFilePath, FileMode.Open)) { var webServerInfo = WebServerInfo.Load(fs); using (var ms = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { webServerInfo.Provider.UploadFile(wsFileUrl, ms); ii.ChallengeCompleted[Challenge] = DateTime.Now; } } } } vp.SaveVault(v); WriteObject(authzState); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } if (!LocalOnly) { if (ci.CertificateRequest == null) { throw new Exception("Certificate has not been submitted yet; cannot update status"); } using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); c.RefreshCertificateRequest(ci.CertificateRequest, UseBaseURI); } if ((Repeat || string.IsNullOrEmpty(ci.CrtPemFile)) && !string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var fileMode = Repeat ? FileMode.Create : FileMode.CreateNew; var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; using (var fs = new FileStream(crtDerFile, fileMode)) { ci.CertificateRequest.SaveCertificate(fs); ci.CrtDerFile = crtDerFile; } CsrHelper.Crt.ConvertDerToPem(crtDerFile, crtPemFile, fileMode); ci.CrtPemFile = crtPemFile; var crt = new X509Certificate2(crtDerFile); ci.SerialNumber = crt.SerialNumber; ci.Thumbprint = crt.Thumbprint; ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName; ci.Signature = crt.GetCertHashString(); } if (Repeat || string.IsNullOrEmpty(ci.IssuerSerialNumber)) { var linksEnum = ci.CertificateRequest.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { if (v.Proxy != null) { web.Proxy = v.Proxy.GetWebProxy(); } var uri = new Uri(new Uri(v.BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); if (v.IssuerCertificates == null) { v.IssuerCertificates = new OrderedNameMap <IssuerCertificateInfo>(); } if (!v.IssuerCertificates.ContainsKey(sernum)) { var cacertDerFile = $"ca-{sernum}-crt.der"; var cacertPemFile = $"ca-{sernum}-crt.pem"; if (Repeat || !File.Exists(cacertDerFile)) { File.Copy(tmp, cacertDerFile, true); } if (Repeat || !File.Exists(cacertPemFile)) { CsrHelper.Crt.ConvertDerToPem(cacertDerFile, cacertPemFile); } v.IssuerCertificates[sernum] = new IssuerCertificateInfo { SerialNumber = sernum, Thumbprint = tprint, SignatureAlgorithm = sigalg, Signature = sigval, CrtDerFile = cacertDerFile, CrtPemFile = cacertPemFile, }; } ci.IssuerSerialNumber = sernum; } finally { if (File.Exists(tmp)) { File.Delete(tmp); } } } } } } v.Alias = StringHelper.IfNullOrEmpty(Alias); v.Label = StringHelper.IfNullOrEmpty(Label); v.Memo = StringHelper.IfNullOrEmpty(Memo); vp.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider()) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } if (!string.IsNullOrEmpty(ci.GenerateDetailsFile)) { // Generate a private key and CSR: // Key: RSA 2048-bit // MD: SHA 256 // CSR: Details pulled from CSR Details JSON file CsrHelper.CsrDetails csrDetails; using (var fs = new FileStream(Path.GetFullPath(ci.GenerateDetailsFile), FileMode.Open)) { csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(fs); } var keyGenFile = $"{ci.Id}-gen-key.json"; var keyPemFile = $"{ci.Id}-key.pem"; var csrGenFile = $"{ci.Id}-gen-csr.json"; var csrPemFile = $"{ci.Id}-csr.pem"; var genKey = CsrHelper.GenerateRsaPrivateKey(); using (var fs = new FileStream(keyGenFile, FileMode.CreateNew)) { genKey.Save(fs); File.WriteAllText(keyPemFile, genKey.Pem); } var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey); using (var fs = new FileStream(csrGenFile, FileMode.CreateNew)) { genCsr.Save(fs); File.WriteAllText(csrPemFile, genCsr.Pem); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } byte[] derRaw; using (var fs = new FileStream(ci.CsrPemFile, FileMode.Open)) { using (var ms = new MemoryStream()) { CsrHelper.Csr.ConvertPemToDer(fs, ms); derRaw = ms.ToArray(); } } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); ci.CertificateRequest = c.RequestCertificate(derB64u); } if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; using (var fs = new FileStream(crtDerFile, FileMode.CreateNew)) { ci.CertificateRequest.SaveCertificate(fs); ci.CrtDerFile = crtDerFile; } using (FileStream source = new FileStream(crtDerFile, FileMode.Open), target = new FileStream(crtPemFile, FileMode.CreateNew)) { CsrHelper.Crt.ConvertDerToPem(source, target); ci.CrtPemFile = crtPemFile; } } vp.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new ItemNotFoundException("Unable to find a Certificate for the given reference"); } var mode = Overwrite ? FileMode.Create : FileMode.CreateNew; if (!string.IsNullOrEmpty(ExportKeyPEM)) { if (string.IsNullOrEmpty(ci.KeyPemFile)) { throw new InvalidOperationException("Cannot export private key; it hasn't been imported or generated"); } CopyTo(vp, VaultAssetType.KeyPem, ci.KeyPemFile, ExportKeyPEM, mode); } if (!string.IsNullOrEmpty(ExportCsrPEM)) { if (string.IsNullOrEmpty(ci.CsrPemFile)) { throw new InvalidOperationException("Cannot export CSR; it hasn't been imported or generated"); } CopyTo(vp, VaultAssetType.CsrPem, ci.CsrPemFile, ExportCsrPEM, mode); } if (!string.IsNullOrEmpty(ExportCertificatePEM)) { if (ci.CertificateRequest == null || string.IsNullOrEmpty(ci.CrtPemFile)) { throw new InvalidOperationException("Cannot export CRT; CSR hasn't been submitted or CRT hasn't been retrieved"); } CopyTo(vp, VaultAssetType.CrtPem, ci.CrtPemFile, ExportCertificatePEM, mode); } if (!string.IsNullOrEmpty(ExportCertificateDER)) { if (ci.CertificateRequest == null || string.IsNullOrEmpty(ci.CrtDerFile)) { throw new InvalidOperationException("Cannot export CRT; CSR hasn't been submitted or CRT hasn't been retrieved"); } CopyTo(vp, VaultAssetType.CrtDer, ci.CrtDerFile, ExportCertificateDER, mode); } if (!string.IsNullOrEmpty(ExportPkcs12)) { if (string.IsNullOrEmpty(ci.KeyPemFile)) { throw new InvalidOperationException("Cannot export PKCS12; private hasn't been imported or generated"); } if (string.IsNullOrEmpty(ci.CrtPemFile)) { throw new InvalidOperationException("Cannot export PKCS12; CSR hasn't been submitted or CRT hasn't been retrieved"); } if (string.IsNullOrEmpty(ci.IssuerSerialNumber) || !v.IssuerCertificates.ContainsKey(ci.IssuerSerialNumber)) { throw new InvalidOperationException("Cannot export PKCS12; Issuer certificate hasn't been resolved"); } var keyPemAsset = vp.GetAsset(VaultAssetType.KeyPem, ci.KeyPemFile); var crtPemAsset = vp.GetAsset(VaultAssetType.CrtPem, ci.CrtPemFile); var isuPemAsset = vp.GetAsset(VaultAssetType.IssuerPem, v.IssuerCertificates[ci.IssuerSerialNumber].CrtPemFile); using (Stream keyStream = vp.LoadAsset(keyPemAsset), crtStream = vp.LoadAsset(crtPemAsset), isuStream = vp.LoadAsset(isuPemAsset), fs = new FileStream(ExportPkcs12, mode)) { CsrHelper.Crt.ConvertToPfx(keyStream, crtStream, isuStream, fs); } } WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Certificates == null || v.Certificates.Count < 1) { throw new InvalidOperationException("No certificates found"); } var ci = v.Certificates.GetByRef(Ref); if (ci == null) { throw new Exception("Unable to find a Certificate for the given reference"); } if (!string.IsNullOrEmpty(ci.GenerateDetailsFile)) { // Generate a private key and CSR: // Key: RSA 2048-bit // MD: SHA 256 // CSR: Details pulled from CSR Details JSON file CsrHelper.CsrDetails csrDetails; var csrDetailsAsset = vp.GetAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile); using (var s = vp.LoadAsset(csrDetailsAsset)) { csrDetails = JsonHelper.Load <CsrHelper.CsrDetails>(s); } var keyGenFile = $"{ci.Id}-gen-key.json"; var keyPemFile = $"{ci.Id}-key.pem"; var csrGenFile = $"{ci.Id}-gen-csr.json"; var csrPemFile = $"{ci.Id}-csr.pem"; var keyGenAsset = vp.CreateAsset(VaultAssetType.KeyGen, keyGenFile); var keyPemAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile); var csrGenAsset = vp.CreateAsset(VaultAssetType.CsrGen, csrGenFile); var csrPemAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile); var genKey = CsrHelper.GenerateRsaPrivateKey(); using (var s = vp.SaveAsset(keyGenAsset)) { genKey.Save(s); } using (var w = new StreamWriter(vp.SaveAsset(keyPemAsset))) { w.Write(genKey.Pem); } var genCsr = CsrHelper.GenerateCsr(csrDetails, genKey); using (var s = vp.SaveAsset(csrGenAsset)) { genCsr.Save(s); } using (var w = new StreamWriter(vp.SaveAsset(csrPemAsset))) { w.Write(genCsr.Pem); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } var asset = vp.GetAsset(VaultAssetType.CsrPem, ci.CsrPemFile); byte[] derRaw; using (var s = vp.LoadAsset(asset)) { using (var ms = new MemoryStream()) { CsrHelper.Csr.ConvertPemToDer(s, ms); derRaw = ms.ToArray(); } } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); ci.CertificateRequest = c.RequestCertificate(derB64u); } if (!string.IsNullOrEmpty(ci.CertificateRequest.CertificateContent)) { var crtDerFile = $"{ci.Id}-crt.der"; var crtPemFile = $"{ci.Id}-crt.pem"; var crtDerAsset = vp.CreateAsset(VaultAssetType.CrtDer, crtDerFile); var crtPemAsset = vp.CreateAsset(VaultAssetType.CrtPem, crtPemFile); using (var s = vp.SaveAsset(crtDerAsset)) { ci.CertificateRequest.SaveCertificate(s); ci.CrtDerFile = crtDerFile; } using (Stream source = vp.LoadAsset(crtDerAsset), target = vp.SaveAsset(crtPemAsset)) { CsrHelper.Crt.ConvertDerToPem(source, target); ci.CrtPemFile = crtPemFile; } var crt = new X509Certificate2(ci.CertificateRequest.GetCertificateContent()); ci.SerialNumber = crt.SerialNumber; ci.Thumbprint = crt.Thumbprint; ci.SignatureAlgorithm = crt.SignatureAlgorithm?.FriendlyName; ci.Signature = crt.GetCertHashString(); } vp.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(Identifier); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var ci = new CertificateInfo { Id = EntityHelper.NewId(), Alias = Alias, Label = Label, Memo = Memo, IdentifierRef = ii.Id, }; if (Generate) { var csrDetails = new CsrHelper.CsrDetails { CommonName = ii.Dns, }; ci.GenerateDetailsFile = $"{ci.Id}-gen.json"; var asset = vp.CreateAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile); using (var s = vp.SaveAsset(asset)) { JsonHelper.Save(s, csrDetails); } } else { if (!File.Exists(KeyPemFile)) { throw new FileNotFoundException("Missing specified RSA Key file path"); } if (!File.Exists(CsrPemFile)) { throw new FileNotFoundException("Missing specified CSR details file path"); } var keyPemFile = $"{ci.Id}-key.pem"; var csrPemFile = $"{ci.Id}-csr.pem"; var keyAsset = vp.CreateAsset(VaultAssetType.KeyPem, keyPemFile, true); var csrAsset = vp.CreateAsset(VaultAssetType.CsrPem, csrPemFile); using (Stream fs = new FileStream(KeyPemFile, FileMode.Open), s = vp.SaveAsset(keyAsset)) { fs.CopyTo(s); } using (Stream fs = new FileStream(KeyPemFile, FileMode.Open), s = vp.SaveAsset(csrAsset)) { fs.CopyTo(s); } ci.KeyPemFile = keyPemFile; ci.CsrPemFile = csrPemFile; } if (v.Certificates == null) { v.Certificates = new EntityDictionary <CertificateInfo>(); } v.Certificates.Add(ci); vp.SaveVault(v); WriteObject(ci); } }
protected override void ProcessRecord() { using (var vp = InitializeVault.GetVaultProvider(VaultProfile)) { vp.OpenStorage(); var v = vp.LoadVault(); if (v.Registrations == null || v.Registrations.Count < 1) { throw new InvalidOperationException("No registrations found"); } var ri = v.Registrations[0]; var r = ri.Registration; if (v.Identifiers == null || v.Identifiers.Count < 1) { throw new InvalidOperationException("No identifiers found"); } var ii = v.Identifiers.GetByRef(Ref); if (ii == null) { throw new Exception("Unable to find an Identifier for the given reference"); } var authzState = ii.Authorization; if (ii.Challenges == null) { ii.Challenges = new Dictionary <string, AuthorizeChallenge>(); } if (ii.ChallengeCompleted == null) { ii.ChallengeCompleted = new Dictionary <string, DateTime?>(); } if (v.ProviderConfigs == null || v.ProviderConfigs.Count < 1) { throw new InvalidOperationException("No provider configs found"); } var pc = v.ProviderConfigs.GetByRef(ProviderConfig); if (pc == null) { throw new InvalidOperationException("Unable to find a Provider Config for the given reference"); } AuthorizeChallenge challenge = null; DateTime? challengCompleted = null; ii.Challenges.TryGetValue(Challenge, out challenge); ii.ChallengeCompleted.TryGetValue(Challenge, out challengCompleted); if (challenge == null || Regenerate) { using (var c = ClientHelper.GetClient(v, ri)) { c.Init(); c.GetDirectory(true); challenge = c.GenerateAuthorizeChallengeAnswer(authzState, Challenge); ii.Challenges[Challenge] = challenge; } } if (Repeat || challengCompleted == null) { var pcFilePath = $"{pc.Id}.json"; var pcAsset = vp.GetAsset(Vault.VaultAssetType.ProviderConfigInfo, pcFilePath); // TODO: There's *way* too much logic buried in here // this needs to be refactored and extracted out to be // more manageble and more reusable if (Challenge == AcmeProtocol.CHALLENGE_TYPE_DNS || Challenge == AcmeProtocol.CHALLENGE_TYPE_LEGACY_DNS) { if (string.IsNullOrEmpty(pc.DnsProvider)) { throw new InvalidOperationException("Referenced Provider Configuration does not support the selected Challenge"); } var dnsName = challenge.ChallengeAnswer.Key; var dnsValue = Regex.Replace(challenge.ChallengeAnswer.Value, "\\s", ""); var dnsValues = Regex.Replace(dnsValue, "(.{100,100})", "$1\n").Split('\n'); using (var s = vp.LoadAsset(pcAsset)) // new FileStream(pcFilePath, FileMode.Open)) { var dnsInfo = DnsInfo.Load(s); dnsInfo.Provider.EditTxtRecord(dnsName, dnsValues); ii.ChallengeCompleted[Challenge] = DateTime.Now; } } else if (Challenge == AcmeProtocol.CHALLENGE_TYPE_HTTP || Challenge == AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP) { if (string.IsNullOrEmpty(pc.WebServerProvider)) { throw new InvalidOperationException("Referenced Provider Configuration does not support the selected Challenge"); } var wsFilePath = challenge.ChallengeAnswer.Key; var wsFileBody = challenge.ChallengeAnswer.Value; var wsFileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); using (var s = vp.LoadAsset(pcAsset)) // new FileStream(pcFilePath, FileMode.Open)) { var webServerInfo = WebServerInfo.Load(s); using (var ms = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { webServerInfo.Provider.UploadFile(wsFileUrl, ms); ii.ChallengeCompleted[Challenge] = DateTime.Now; } } } } vp.SaveVault(v); WriteObject(authzState); } }