private void GetCertificate()
        {
            Log.Information("Requesting Certificate");

            using (CertificateProvider cp = CertificateProvider.GetProvider())
            {
                RsaPrivateKeyParams rsaPkp = new RsaPrivateKeyParams();

                PrivateKey rsaKeys   = cp.GeneratePrivateKey(rsaPkp);
                CsrParams  csrParams = new CsrParams
                {
                    Details = new CsrDetails
                    {
                        CommonName = _options.HostName,
                    },
                };

                Csr csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);

                byte[] derRaw;
                using (MemoryStream bs = new MemoryStream())
                {
                    cp.ExportCsr(csr, EncodingFormat.DER, bs);
                    derRaw = bs.ToArray();
                }
                string derB64U = JwsHelper.Base64UrlEncode(derRaw);

                CertificateRequest certReq = _acmeClient.RequestCertificate(derB64U);

                if (certReq.StatusCode != HttpStatusCode.Created)
                {
                    throw new Exception($"Request status = {certReq.StatusCode}");
                }

                using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyGen], FileMode.Create))
                    cp.SavePrivateKey(rsaKeys, fs);
                using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.KeyPem], FileMode.Create))
                    cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
                using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrGen], FileMode.Create))
                    cp.SaveCsr(csr, fs);
                using (FileStream fs = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CsrPem], FileMode.Create))
                    cp.ExportCsr(csr, EncodingFormat.PEM, fs);

                Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtDer]}");
                using (FileStream file = File.Create(_options.WellKnownFilePaths[WellKnownFile.CrtDer]))
                    certReq.SaveCertificate(file);

                Crt crt;
                using (FileStream source = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtDer], FileMode.Open),
                       target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Create))
                {
                    crt = cp.ImportCertificate(EncodingFormat.DER, source);
                    cp.ExportCertificate(crt, EncodingFormat.PEM, target);
                }

                // To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
                string isuPemFile = GetIssuerCertificate(certReq, cp);

                using (FileStream intermediate = new FileStream(isuPemFile, FileMode.Open),
                       certificate = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPem], FileMode.Open),
                       chain = new FileStream(_options.WellKnownFilePaths[WellKnownFile.ChainPem], FileMode.Create))
                {
                    certificate.CopyTo(chain);
                    intermediate.CopyTo(chain);
                }

                Log.Information($"Saving Certificate to {_options.WellKnownFilePaths[WellKnownFile.CrtPfx]}");
                using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
                       target = new FileStream(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], FileMode.Create))
                {
                    Crt isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
                    cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, _options.PfxPassword);
                }
            }
        }
Exemplo n.º 2
0
        static void GenerateCertFiles(CertificateProvider provider, PrivateKey rsaKeys,
                                      Csr csr, CertificateRequest request, string certificatesFolder, string domain)
        {
            var crt = default(Crt);


            var keyGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-key.json");

            Log.Debug($"Gerando arquivo: {keyGenFile}");
            using (var fs = new FileStream(keyGenFile, FileMode.Create))
                provider.SavePrivateKey(rsaKeys, fs);

            var keyPemFile = Path.Combine(certificatesFolder, $"{domain}-key.pem");

            Log.Debug($"Gerando arquivo: {keyPemFile}");
            using (var fs = new FileStream(keyPemFile, FileMode.Create))
                provider.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);

            var csrGenFile = Path.Combine(certificatesFolder, $"{domain}-gen-csr.json");

            Log.Debug($"Gerando arquivo: {csrGenFile}");
            using (var fs = new FileStream(csrGenFile, FileMode.Create))
                provider.SaveCsr(csr, fs);

            var csrPemFile = Path.Combine(certificatesFolder, $"{domain}-csr.pem");

            Log.Debug($"Gerando arquivo: {csrPemFile}");
            using (var fs = new FileStream(csrPemFile, FileMode.Create))
                provider.ExportCsr(csr, EncodingFormat.PEM, fs);

            var crtDerFile = Path.Combine(certificatesFolder, $"{domain}-crt.der");

            Log.Debug($"Gerando arquivo: {crtDerFile}");
            using (var file = File.Create(crtDerFile))
                request.SaveCertificate(file);

            var crtPemFile   = Path.Combine(certificatesFolder, $"{domain}-crt.pem");
            var chainPemFile = Path.Combine(certificatesFolder, $"{domain}-chain.pem");

            Log.Debug($"Gerando arquivo: {crtPemFile}");
            Log.Debug($"Gerando arquivo: {chainPemFile}");
            using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
                   target = new FileStream(crtPemFile, FileMode.Create))
            {
                crt = provider.ImportCertificate(EncodingFormat.DER, source);
                provider.ExportCertificate(crt, EncodingFormat.PEM, target);
            }

            var pemFile = DownloadIssuerCertificate(provider, request, ACME_API, certificatesFolder);

            using (FileStream intermediate = new FileStream(pemFile, FileMode.Open),
                   certificate = new FileStream(crtPemFile, FileMode.Open),
                   chain = new FileStream(chainPemFile, FileMode.Create))
            {
                certificate.CopyTo(chain);
                intermediate.CopyTo(chain);
            }

            var crtPfxFile = Path.Combine(certificatesFolder, $"{domain}-all.pfx");

            Log.Debug($"Gerando arquivo: {crtPfxFile}");
            using (FileStream source = new FileStream(pemFile, FileMode.Open),
                   target = new FileStream(crtPfxFile, FileMode.Create))
            {
                try
                {
                    var isuCrt = provider.ImportCertificate(EncodingFormat.PEM, source);
                    provider.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, string.Empty);
                }
                catch (Exception ex)
                {
                    Log.Error($"Erro ao exportar o arquivo {crtPfxFile}", ex);
                }
            }
        }