예제 #1
0
        public void Install(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain,
                            IPkiTool cp)
        {
            AssertNotDisposed();

            string pkPem;

            using (var ms = new MemoryStream())
            {
                cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
                pkPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string crtPem;

            using (var ms = new MemoryStream())
            {
                cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
                crtPem = Encoding.UTF8.GetString(ms.ToArray());
            }

            string chainPem = null;

            if (chain != null)
            {
                using (var ms = new MemoryStream())
                {
                    foreach (var c in chain)
                    {
                        cp.ExportCertificate(c, EncodingFormat.PEM, ms);
                    }
                    chainPem = Encoding.UTF8.GetString(ms.ToArray());
                }
            }

            using (var client = new AmazonIdentityManagementServiceClient(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                var iamRequ = new UploadServerCertificateRequest
                {
                    PrivateKey       = pkPem,
                    CertificateBody  = crtPem,
                    CertificateChain = chainPem,

                    ServerCertificateName = this.ServerCertificateName,
                    Path = this.Path
                };

                var iamResp = client.UploadServerCertificate(iamRequ);
                // TODO:  any checks we should do?
            }
        }
예제 #2
0
        private void EditFile(HttpChallenge httpChallenge, bool delete, TextWriter msg)
        {
            var filePath = httpChallenge.FilePath;

            // We need to strip off any leading '/' in the path or
            // else it creates a path with an empty leading segment
            if (filePath.StartsWith("/"))
            {
                filePath = filePath.Substring(1);
            }

            using (var s3 = new Amazon.S3.AmazonS3Client(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                if (delete)
                {
                    LOG.Debug("Deleting S3 object at Bucket [{0}] and Key [{1}]", BucketName, filePath);
                    var s3Requ = new Amazon.S3.Model.DeleteObjectRequest
                    {
                        BucketName = BucketName,
                        Key        = filePath,
                    };
                    var s3Resp = s3.DeleteObject(s3Requ);
                    if (LOG.IsDebugEnabled)
                    {
                        LOG.Debug("Delete response: [{0}]",
                                  NLog.Targets.DefaultJsonSerializer.Instance.SerializeObject(s3Resp));
                    }

                    msg.WriteLine("* Challenge Response has been deleted from S3");
                    msg.WriteLine("    at Bucket/Key: [{0}/{1}]", BucketName, filePath);
                }
                else
                {
                    var s3Requ = new Amazon.S3.Model.PutObjectRequest
                    {
                        BucketName  = BucketName,
                        Key         = filePath,
                        ContentBody = httpChallenge.FileContent,
                        ContentType = ContentType,
                        CannedACL   = S3CannedAcl,
                    };
                    var s3Resp = s3.PutObject(s3Requ);

                    msg.WriteLine("* Challenge Response has been written to S3");
                    msg.WriteLine("    at Bucket/Key: [{0}/{1}]", BucketName, filePath);
                    msg.WriteLine("* Challenge Response should be accessible with a MIME type of [text/json]");
                    msg.WriteLine("    at: [{0}]", httpChallenge.FileUrl);
                }
            }
        }
예제 #3
0
        public void Uninstall(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain,
                              IPkiTool cp)
        {
            AssertNotDisposed();

            using (var client = new AmazonIdentityManagementServiceClient(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                var iamRequ = new DeleteServerCertificateRequest
                {
                    ServerCertificateName = this.ServerCertificateName,
                };

                var iamResp = client.DeleteServerCertificate(iamRequ);
                // TODO:  any checks we should do?
            }
        }
예제 #4
0
        private void EditFile(HttpChallenge httpChallenge, bool delete)
        {
            var filePath = httpChallenge.FilePath;

            // We need to strip off any leading '/' in the path or
            // else it creates a path with an empty leading segment
            if (filePath.StartsWith("/"))
            {
                filePath = filePath.Substring(1);
            }

            using (var s3 = new Amazon.S3.AmazonS3Client(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                if (delete)
                {
                    var s3Requ = new Amazon.S3.Model.DeleteObjectRequest
                    {
                        BucketName = BucketName,
                        Key        = filePath,
                    };
                    var s3Resp = s3.DeleteObject(s3Requ);
                }
                else
                {
                    var s3Requ = new Amazon.S3.Model.PutObjectRequest
                    {
                        BucketName  = BucketName,
                        Key         = filePath,
                        ContentBody = httpChallenge.FileContent,
                        ContentType = ContentType,
                        CannedACL   = S3CannedAcl,
                    };
                    var s3Resp = s3.PutObject(s3Requ);
                }
            }
        }
예제 #5
0
        public void Install(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain,
                            IPkiTool cp)
        {
            AssertNotDisposed();

            if (CertInstaller != null)
            {
                CertInstaller.Install(pk, crt, chain, cp);
                ExistingServerCertificateName = CertInstaller.ServerCertificateName;

                // Now that the cert has been installed in IAM, we need to
                // poll to see when it becomes effective because there could
                // be a slight delay till it's available for reference
                using (var client = new AmazonIdentityManagementServiceClient(
                           CommonParams.ResolveCredentials(),
                           CommonParams.RegionEndpoint))
                {
                    var iamRequ = new GetServerCertificateRequest
                    {
                        ServerCertificateName = ExistingServerCertificateName,
                    };
                    var    triesLeft = 10;
                    string arn       = null;
                    while (triesLeft-- > 0)
                    {
                        try
                        {
                            var iamResp = client.GetServerCertificate(iamRequ);
                            arn = iamResp?.ServerCertificate?.ServerCertificateMetadata?.Arn;
                            if (!string.IsNullOrEmpty(arn))
                            {
                                break;
                            }
                        }
                        catch (Exception)
                        {
                            // TODO:  integrate with logging to log some warnings
                        }
                        System.Threading.Thread.Sleep(10 * 1000);
                    }
                    if (string.IsNullOrEmpty(arn))
                    {
                        throw new InvalidOperationException("unable to resolve uploaded certificate");
                    }
                }
            }

            string certArn;

            using (var client = new AmazonIdentityManagementServiceClient(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                var iamRequ = new GetServerCertificateRequest
                {
                    ServerCertificateName = ExistingServerCertificateName,
                };

                var iamResp = client.GetServerCertificate(iamRequ);
                certArn = iamResp?.ServerCertificate?.ServerCertificateMetadata?.Arn;
            }

            if (string.IsNullOrEmpty(certArn))
            {
                throw new InvalidOperationException("unable to resolve server certificate against IAM store");
            }

            using (var client = new AmazonElasticLoadBalancingClient(
                       CommonParams.ResolveCredentials(),
                       CommonParams.RegionEndpoint))
            {
                // We've found through experience/experimentation that even if the
                // cert is successfully installed and retrievable up above, it can
                // still fail here temporarily till the ELB reference can resolve it
                int       triesLeft = 10;
                Exception lastEx    = null;
                while (triesLeft-- > 0)
                {
                    if (!string.IsNullOrEmpty(LoadBalancerProtocol))
                    {
                        var iamRequ = new CreateLoadBalancerListenersRequest
                        {
                            LoadBalancerName = this.LoadBalancerName,
                            Listeners        = new List <Listener>
                            {
                                new Listener
                                {
                                    LoadBalancerPort = this.LoadBalancerPort,
                                    Protocol         = this.LoadBalancerProtocol,
                                    InstancePort     = this.InstancePort,
                                    InstanceProtocol = this.InstanceProtocol,
                                    SSLCertificateId = certArn,
                                }
                            }
                        };

                        try
                        {
                            var iamResp = client.CreateLoadBalancerListeners(iamRequ);
                            // TODO:  any checks we should do?

                            // Break out of the outer retry loop
                            lastEx = null;
                            break;
                        }
                        catch (Exception ex)
                        {
                            // TODO:  integrate with logging to log some warnings
                            lastEx = ex;
                        }
                    }
                    else
                    {
                        var iamRequ = new SetLoadBalancerListenerSSLCertificateRequest
                        {
                            LoadBalancerName = this.LoadBalancerName,
                            LoadBalancerPort = this.LoadBalancerPort,
                            SSLCertificateId = certArn,
                        };

                        try
                        {
                            var iamResp = client.SetLoadBalancerListenerSSLCertificate(iamRequ);
                            // TODO:  any checks we should do?

                            // Break out of the outer retry loop
                            lastEx = null;
                            break;
                        }
                        catch (Exception ex)
                        {
                            // TODO:  integrate with logging to log some warnings
                            lastEx = ex;
                        }
                    }

                    System.Threading.Thread.Sleep(10 * 1000);
                }

                if (lastEx != null)
                {
                    throw new InvalidOperationException(
                              "valid to create/update ELB listener with certificate reference", lastEx);
                }
            }
        }