public void RefreshCertificateRequest(CertificateRequest certRequ, bool useRootUrl = false) { AssertInit(); AssertRegistration(); var requUri = new Uri(certRequ.Uri); if (useRootUrl) requUri = new Uri(RootUrl, requUri.PathAndQuery); var acmeResp = RequestHttpGet(requUri); if (acmeResp.StatusCode != HttpStatusCode.OK && acmeResp.StatusCode != HttpStatusCode.Accepted) throw new AcmeProtocolException("Unexpected response status code", acmeResp); certRequ.StatusCode = acmeResp.StatusCode; certRequ.Links = acmeResp.Links; certRequ.SetCertificateContent(acmeResp.RawContent); certRequ.RetryAfter = null; var certContent = acmeResp.RawContent; var retryAfter = acmeResp.Headers[AcmeProtocol.HEADER_RETRY_AFTER]; if (!string.IsNullOrEmpty(retryAfter)) { // According to spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.37) // this could be a number of seconds or a date, so we have to parse appropriately if (Regex.IsMatch(retryAfter, "[0-9]+")) { certRequ.RetryAfter = DateTime.Now.AddSeconds(int.Parse(retryAfter)); } else { certRequ.RetryAfter = DateTime.Parse(retryAfter); } } }
public static string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp) { var linksEnum = certificate.Links; if (linksEnum != null) { var links = new LinkCollection(linksEnum); var upLink = links.GetFirstOrDefault("up"); if (upLink != null) { var tmp = Path.GetTempFileName(); try { using (var web = new WebClient()) { var uri = new Uri(new Uri(BaseURI), upLink.Uri); web.DownloadFile(uri, tmp); } var cacert = new X509Certificate2(tmp); var sernum = cacert.GetSerialNumberString(); var tprint = cacert.Thumbprint; var sigalg = cacert.SignatureAlgorithm?.FriendlyName; var sigval = cacert.GetCertHashString(); var cacertDerFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.der"); var cacertPemFile = Path.Combine(certificatePath, $"ca-{sernum}-crt.pem"); if (!File.Exists(cacertDerFile)) File.Copy(tmp, cacertDerFile, true); Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}"); Log.Information("Saving Issuer Certificate to {cacertPemFile}", cacertPemFile); if (!File.Exists(cacertPemFile)) using (FileStream source = new FileStream(cacertDerFile, FileMode.Open), target = new FileStream(cacertPemFile, FileMode.Create)) { var caCrt = cp.ImportCertificate(EncodingFormat.DER, source); cp.ExportCertificate(caCrt, EncodingFormat.PEM, target); } return cacertPemFile; } finally { if (File.Exists(tmp)) File.Delete(tmp); } } } return null; }
public CertificateRequest RequestCertificate(string csrContent) { AssertInit(); AssertRegistration(); var requMsg = new NewCertRequest { Csr = csrContent }; var resp = RequestHttpPost(new Uri(RootUrl, Directory[AcmeServerDirectory.RES_NEW_CERT]), requMsg); if (resp.IsError) throw new AcmeWebException(resp.Error as WebException, "Unexpected error", resp); if (resp.StatusCode != HttpStatusCode.Created) throw new AcmeProtocolException("Unexpected response status code", resp); var uri = resp.Headers[AcmeProtocol.HEADER_LOCATION]; if (string.IsNullOrEmpty(uri)) throw new AcmeProtocolException("Response is missing a certificate resource URI", resp); // This may be available immediately or it may need to be requeried for var certRequ = new CertificateRequest { StatusCode = resp.StatusCode, CsrContent = csrContent, Uri = uri, Links = resp.Links, }; certRequ.SetCertificateContent(resp.RawContent); return certRequ; }