public void displayOptions(IConfig config) { if (!config.isThereConfigParam("accountKey")) { Console.WriteLine("WinCertes is not configured yet"); return; } IDNSChallengeValidator dnsChallengeValidator = DNSChallengeValidatorFactory.GetDNSChallengeValidator(config); Console.WriteLine("Service URI:\t" + ((ServiceUri == null) ? Certes.Acme.WellKnownServers.LetsEncryptV2.ToString() : ServiceUri)); Console.WriteLine("Account Email:\t" + Email); Console.WriteLine("Registered:\t" + (config.ReadIntParameter("registered") == 1 ? "yes" : "no")); if (dnsChallengeValidator != null) { Console.WriteLine("Auth. Mode:\tdns-01 validation"); } else { Console.WriteLine("Auth. Mode:\t" + (Standalone ? "http-01 validation standalone" : "http-01 validation with external web server")); if (Standalone) { Console.WriteLine("HTTP Port:\t" + HttpPort); } else { Console.WriteLine("Web Root:\t" + WebRoot); } } Console.WriteLine("IIS Bind Name:\t" + (BindName ?? "none")); Console.WriteLine("Import in CSP:\t" + (config.isThereConfigParam("noCsp") ? "no" : "yes")); Console.WriteLine("PS Script File:\t" + (ScriptFile ?? "none")); Console.WriteLine("Renewal Delay:\t" + RenewalDelay + " days"); Console.WriteLine("Task Scheduled:\t" + (Utils.IsScheduledTaskCreated() ? "yes" : "no")); Console.WriteLine("Cert Enrolled:\t" + (config.isThereConfigParam("certSerial") ? "yes" : "no")); }
/// <summary> /// Display the active options/settings for this Certificate as stored in the registry /// </summary> public void DisplayOptions() { _logger.Info("Displaying WinCertes current configuration:"); _logger.Info("[{0}]", Registry.FullRegistryKey); IDNSChallengeValidator dnsChallengeValidator = DNSChallengeValidatorFactory.GetDNSChallengeValidator(); string ui = ServiceUri.ToString(); _logger.Info("Service URI:\t\t{0}", (ui == null) ? Certes.Acme.WellKnownServers.LetsEncryptV2.ToString() : ui); _logger.Info("Domain(s):\t\t{0}", Domains.Count > 0 ? string.Join(",", Domains) : "ERROR none specified"); _logger.Info("Account Email:\t{0}", AccountEmail == null ? "ERROR not set" : AccountEmail); string accountKey = Registry.ReadStringParameter("AccountKey"); _logger.Info("AccountKey:\t\t{0}", (accountKey == null || accountKey.Length < 1) ? "Account not registered" : "PrivateKey stored in registry"); _logger.Info("Registered:\t\t{0}", Registry.ReadIntParameter("Registered") == 1 ? "yes" : "no"); _logger.Info("Generated:\t\t{0}", Registry.ReadIntParameter("Generated") == 1 ? "yes" : "no"); if (dnsChallengeValidator != null) { _logger.Info("Auth. Mode:\t\tdns-01 validation"); } else { _logger.Info("Auth. Mode:\t\t{0}", Standalone ? "http-01 validation standalone" : "http-01 validation with external web server"); if (Standalone) { _logger.Info("HTTP Port:\t\t{0}", HttpPort); } else { _logger.Info("Web Root:\t\t{0}", WebRoot != null ? WebRoot : Standalone ? "NA" : "ERROR: Missing"); } } _logger.Info("IIS Bind Name:\t{0}", BindName ?? "none"); _logger.Info("Import in CSP:\t{0}", Registry.IsThereConfigParam("noCsp") ? "no" : "yes"); _logger.Info("PS Script File:\t{0}", ScriptFile ?? "none"); _logger.Info("Renewal Delay:\t{0}", RenewalDelay + " days"); _logger.Info("Task Scheduled:\t{0}", Utils.IsScheduledTaskCreated() ? "yes" : "no"); _logger.Info("Cert Enrolled:\t{0}", Registry.IsThereConfigParam("certSerial") ? "yes" : "no"); }
static int Main(string[] args) { // Main parameters with their default values string taskName = null; _winCertesOptions = new WinCertesOptions(); if (!Utils.IsAdministrator()) { Console.WriteLine("WinCertes.exe must be launched as Administrator"); return(ERROR); } // Command line options handling and initialization stuff if (!HandleOptions(args)) { return(ERROR_INCORRECT_PARAMETER); } if (_periodic) { taskName = Utils.DomainsToFriendlyName(_domains); } InitWinCertesDirectoryPath(); Utils.ConfigureLogger(_winCertesPath); _config = new RegistryConfig(_extra); _winCertesOptions.WriteOptionsIntoConfiguration(_config); if (_show) { _winCertesOptions.displayOptions(_config); return(0); } // Reset is a full reset ! if (_reset) { IConfig baseConfig = new RegistryConfig(false); baseConfig.DeleteAllParameters(); Utils.DeleteScheduledTasks(); return(0); } // Initialization and renewal/revocation handling try { InitCertesWrapper(_winCertesOptions.ServiceUri, _winCertesOptions.Email); } catch (Exception e) { _logger.Error(e.Message); return(ERROR); } if (_winCertesOptions.Revoke > -1) { RevokeCert(_domains, _winCertesOptions.Revoke); return(0); } // default mode: enrollment/renewal. check if there's something to be done // note that in any case, we want to be able to set the scheduled task (won't do anything if taskName is null) if (!IsThereCertificateAndIsItToBeRenewed(_domains)) { Utils.CreateScheduledTask(taskName, _domains, _extra); return(0); } // Now the real stuff: we register the order for the domains, and have them validated by the ACME service IHTTPChallengeValidator httpChallengeValidator = HTTPChallengeValidatorFactory.GetHTTPChallengeValidator(_winCertesOptions.Standalone, _winCertesOptions.HttpPort, _winCertesOptions.WebRoot); IDNSChallengeValidator dnsChallengeValidator = DNSChallengeValidatorFactory.GetDNSChallengeValidator(_config); if ((httpChallengeValidator == null) && (dnsChallengeValidator == null)) { WriteErrorMessageWithUsage(_options, "Specify either an HTTP or a DNS validation method."); return(ERROR_INCORRECT_PARAMETER); } if (!(Task.Run(() => _certesWrapper.RegisterNewOrderAndVerify(_domains, httpChallengeValidator, dnsChallengeValidator)).GetAwaiter().GetResult())) { if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } return(ERROR); } if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } // We get the certificate from the ACME service var pfxName = Task.Run(() => _certesWrapper.RetrieveCertificate(_domains, _winCertesPath, Utils.DomainsToFriendlyName(_domains))).GetAwaiter().GetResult(); if (pfxName == null) { return(ERROR); } AuthenticatedPFX pfx = new AuthenticatedPFX(_winCertesPath + "\\" + pfxName, _certesWrapper.PfxPassword); CertificateStorageManager certificateStorageManager = new CertificateStorageManager(pfx, ((_winCertesOptions.Csp == null) && (!_winCertesOptions.noCsp))); // Let's process the PFX into Windows Certificate objet. certificateStorageManager.ProcessPFX(); // and we write its information to the WinCertes configuration RegisterCertificateIntoConfiguration(certificateStorageManager.Certificate, _domains); // Import the certificate into the Windows store if (!_winCertesOptions.noCsp) { certificateStorageManager.ImportCertificateIntoCSP(_winCertesOptions.Csp); } // Bind certificate to IIS Site (won't do anything if option is null) Utils.BindCertificateForIISSite(certificateStorageManager.Certificate, _winCertesOptions.BindName); // Execute PowerShell Script (won't do anything if option is null) Utils.ExecutePowerShell(_winCertesOptions.ScriptFile, pfx); // Create the AT task that will execute WinCertes periodically (won't do anything if taskName is null) Utils.CreateScheduledTask(taskName, _domains, _extra); // Let's delete the PFX file RemoveFileAndLog(pfx.PfxFullPath); return(0); }
/// <summary> /// Main programme /// </summary> /// <param name="args">WinCertes command line arguments</param> /// <returns>Zero if successul, error code otherwise</returns> private static int Main(string[] args) { // WinCertes Certificate path... InitWinCertesDirectoryPath(); Utils.ConfigureLogger(_logPath); if (!Utils.IsAdministrator()) { string message = "WinCertes.exe must be launched as Administrator with elevated permissions"; _logger.Error(message); Thread.Sleep(1000); Utils.AdminRelauncher(); } // Merge command line parameters with registry defaults // TODO: Revamp this completely to use simple command line (like aloopkin\WinCertes) or configuration file int result = HandleOptions(args); if (result != 0) { return(MainExit(result)); } // Display settings, don't create or renew the certificate if (_show) { _winCertesOptions.DisplayOptions(); return(MainExit(SUCCESS)); } // Helper to create the DNS keys if (_creatednskeys) { _winCertesOptions.WriteDnsOptions(); return(MainExit(SUCCESS)); } // Reset is a full reset! if (_reset) { Console.WriteLine("\nWARNING: You should revoke the certificate before deleting it from the registry\nDelete [{0}]?\nPress Enter when ready...", _winCertesOptions.Registry.FullRegistryKey); Console.ReadLine(); _winCertesOptions.Registry.DeleteAllParameters(); Utils.DeleteScheduledTasks(); return(MainExit(SUCCESS)); } _logger.Info("Initialisation successful, processing your request..."); string taskName = null; if (_periodic) { taskName = Utils.DomainsToFriendlyName(_winCertesOptions.Domains); } // Initialization and renewal/revocation handling try { InitCertesWrapper(_winCertesOptions); } catch (Exception e) { _logger.Error(e.Message); return(MainExit(ERROR)); } if (_winCertesOptions.Revoke > -1) { RevokeCert(_winCertesOptions.Domains, _winCertesOptions.Revoke); return(MainExit(SUCCESS)); } // default mode: enrollment/renewal. check if there's something to be done // note that in any case, we want to be able to set the scheduled task (won't do anything if taskName is null) if (!IsThereCertificateAndIsItToBeRenewed(_winCertesOptions.Domains)) { Utils.CreateScheduledTask(taskName, _winCertesOptions.Domains, _extra); return(MainExit(SUCCESS)); } // Now the real stuff: we register the order for the domains, and have them validated by the ACME service IHTTPChallengeValidator httpChallengeValidator = HTTPChallengeValidatorFactory.GetHTTPChallengeValidator(_winCertesOptions.Standalone, _winCertesOptions.HttpPort, _winCertesOptions.WebRoot); IDNSChallengeValidator dnsChallengeValidator = DNSChallengeValidatorFactory.GetDNSChallengeValidator(); if ((httpChallengeValidator == null) && (dnsChallengeValidator == null)) { WriteErrorMessageWithUsage(_options, "Specify either an HTTP or a DNS validation method."); return(MainExit(ERROR_MISSING_HTTP_DNS)); } if (!(Task.Run(() => _certesWrapper.RegisterNewOrderAndVerify(_winCertesOptions.Domains, httpChallengeValidator, dnsChallengeValidator)).GetAwaiter().GetResult())) { if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } return(MainExit(ERROR)); } if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } // We get the certificate from the ACME service string pfxFullFileName = _winCertesPath + "\\" + _winCertesOptions.CertificateName; var pfx = Task.Run(() => _certesWrapper.RetrieveCertificate(_winCertesOptions.Domains, pfxFullFileName, Utils.DomainsToFriendlyName(_winCertesOptions.Domains), _winCertesOptions.ExportPem) ).GetAwaiter().GetResult(); if (pfx == null) { return(MainExit(ERROR)); } CertificateStorageManager certificateStorageManager = new CertificateStorageManager(pfx, (_winCertesOptions.Csp == null) && (!_winCertesOptions.noCsp)); // Let's process the PFX into Windows Certificate object. certificateStorageManager.ProcessPFX(); // and we write its information to the WinCertes configuration RegisterCertificateIntoConfiguration(certificateStorageManager.Certificate, _winCertesOptions.Domains); // Import the certificate into the Windows store if (!_winCertesOptions.noCsp) { certificateStorageManager.ImportCertificateIntoCSP(_winCertesOptions.Csp); } // Bind certificate to IIS Site (won't do anything if option is null) Utils.BindCertificateForIISSite(certificateStorageManager.Certificate, _winCertesOptions.BindName); // Execute PowerShell Script (won't do anything if option is null) Utils.ExecutePowerShell(_winCertesOptions.ScriptFile, pfx); // Create the AT task that will execute WinCertes periodically (won't do anything if taskName is null) Utils.CreateScheduledTask(taskName, _winCertesOptions.Domains, _extra); // Let's delete the PFX file, if export was not enabled if (!_winCertesOptions.ExportPem) { RemoveFileAndLog(pfx); } return(MainExit(SUCCESS)); }