public async Task CanGenerateCertificateHttp()
            {
                var dirUri = await GetAcmeUriV2();

                var hosts    = new[] { $"www-http-{DomainSuffix}.es256.certes-ci.dymetis.com", $"mail-http-{DomainSuffix}.es256.certes-ci.dymetis.com" };
                var ctx      = new AcmeContext(dirUri, GetKeyV2(), http: GetAcmeHttpClient(dirUri));
                var orderCtx = await AuthorizeHttp(ctx, hosts);

                var certKey        = KeyFactory.NewKey(KeyAlgorithm.RS256);
                var finalizedOrder = await orderCtx.Finalize(new CsrInfo
                {
                    CountryName      = "CA",
                    State            = "Ontario",
                    Locality         = "Toronto",
                    Organization     = "Certes",
                    OrganizationUnit = "Dev",
                    CommonName       = hosts[0],
                }, certKey);

                var certChain = await orderCtx.Download(null);

                var pfxBuilder = certChain.ToPfx(certKey);

                pfxBuilder.AddIssuers(IntegrationHelper.TestCertificates);

                var pfx = pfxBuilder.Build("my-pfx", "abcd1234");

                // revoke certificate
                var certParser  = new X509CertificateParser();
                var certificate = certParser.ReadCertificate(certChain.Certificate.ToDer());
                var der         = certificate.GetEncoded();

                await ctx.RevokeCertificate(der, RevocationReason.Unspecified, null);

                // deactivate authz so the subsequence can trigger challenge validation
                await ClearAuthorizations(orderCtx);
            }
예제 #2
0
            public async Task CanGenerateCertificateTlsAlpn()
            {
                var dirUri = await GetAcmeUriV2();

                var hosts    = new[] { $"{DomainSuffix}.tls-alpn.certes-ci.dymetis.com" };
                var ctx      = new AcmeContext(dirUri, GetKeyV2(), http: GetAcmeHttpClient(dirUri));
                var orderCtx = await ctx.NewOrder(hosts);

                var order = await orderCtx.Resource();

                Assert.NotNull(order);
                Assert.Equal(hosts.Length, order.Authorizations?.Count);
                Assert.True(
                    OrderStatus.Ready == order.Status || OrderStatus.Pending == order.Status || OrderStatus.Processing == order.Status,
                    $"Invalid order status: {order.Status}");

                var authrizations = await orderCtx.Authorizations();

                foreach (var authzCtx in authrizations)
                {
                    var authz = await authzCtx.Resource();

                    var tlsAlpnChallenge = await authzCtx.TlsAlpn();

                    var alpnCertKey = KeyFactory.NewKey(KeyAlgorithm.ES256);
                    var alpnCert    = ctx.AccountKey.TlsAlpnCertificate(tlsAlpnChallenge.Token, authz.Identifier.Value, alpnCertKey);

                    await SetupValidationResponder(authz, alpnCert, alpnCertKey);

                    await tlsAlpnChallenge.Validate();
                }

                while (true)
                {
                    await Task.Delay(100);

                    var statuses = new List <AuthorizationStatus>();
                    foreach (var authz in authrizations)
                    {
                        var a = await authz.Resource();

                        statuses.Add(a.Status ?? AuthorizationStatus.Pending);
                    }

                    if (statuses.All(s => s == AuthorizationStatus.Valid || s == AuthorizationStatus.Invalid))
                    {
                        break;
                    }
                }

                var certKey        = KeyFactory.NewKey(KeyAlgorithm.RS256);
                var finalizedOrder = await orderCtx.Finalize(new CsrInfo
                {
                    CountryName      = "CA",
                    State            = "Ontario",
                    Locality         = "Toronto",
                    Organization     = "Certes",
                    OrganizationUnit = "Dev",
                    CommonName       = hosts[0],
                }, certKey);

                var certChain = await orderCtx.Download(null);

                var pfxBuilder = certChain.ToPfx(certKey);

                pfxBuilder.AddTestCerts();

                var pfx = pfxBuilder.Build("my-pfx", "abcd1234");

                // revoke certificate
                var certParser  = new X509CertificateParser();
                var certificate = certParser.ReadCertificate(certChain.Certificate.ToDer());
                var der         = certificate.GetEncoded();

                await ctx.RevokeCertificate(der, RevocationReason.Unspecified, null);

                // deactivate authz so the subsequence can trigger challenge validation
                foreach (var authz in authrizations)
                {
                    var authzRes = await authz.Deactivate();

                    Assert.Equal(AuthorizationStatus.Deactivated, authzRes.Status);
                }
            }