/// <summary>
/// Computes a thumbprint of the JWK using the argument Hash Algorithm
/// as per <see href="https://tools.ietf.org/html/rfc7638">RFC 7638</see>,
/// JSON Web Key (JWK) Thumbprint.
/// </summary>
public static byte[] ComputeThumbprint(IJwsTool signer, HashAlgorithm algor)
{
// As per RFC 7638 Section 3, we export the JWK in a canonical form
// and then produce a JSON object with no whitespace or line breaks
var jwkCanon = signer.ExportJwk(true);
var jwkJson = JsonConvert.SerializeObject(jwkCanon, Formatting.None);
var jwkBytes = Encoding.UTF8.GetBytes(jwkJson);
var jwkHash = algor.ComputeHash(jwkBytes);
return(jwkHash);
}
// TODO: handle "Change of TOS" error response
// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.3.4
/// <summary>
/// Rotates the current Public key that is associated with this Account by the
/// target ACME CA with a new Public key. If successful, updates the current
/// Account key pair registered with the client.
/// </summary>
/// <remarks>
/// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.3.6
/// </remarks>
public async Task <AccountDetails> ChangeAccountKeyAsync(IJwsTool newSigner,
CancellationToken cancel = default(CancellationToken))
{
var requUrl = new Uri(_http.BaseAddress, Directory.KeyChange);
var message = new KeyChangeRequest
{
Account = Account.Kid,
NewKey = newSigner.ExportJwk(),
};
var innerPayload = ComputeAcmeSigned(message, requUrl.ToString(),
signer: newSigner, includePublicKey: true, excludeNonce: true);
var resp = await SendAcmeAsync(
requUrl,
method : HttpMethod.Post,
message : innerPayload,
cancel : cancel);
Signer = newSigner;
return(await DecodeAccountResponseAsync(resp, existing : Account));
}
