Exemplo n.º 1
0
        private async Task <T> ParsePayload <T>(HttpRequestMessage message)
        {
            var content = message.Content;

            Assert.Equal(JsonContentType, content.Headers.ContentType.MediaType);

            var json = await content.ReadAsStringAsync();

            dynamic body = JObject.Parse(json);

            Assert.Equal("RS256", body.header?.alg?.Value);
            Assert.Equal("AQAB", body.header?.jwk?.e?.Value);
            Assert.Equal("RSA", body.header?.jwk?.kty?.Value);
            Assert.Equal("maeT6EsXTVHAdwuq3IlAl9uljXE5CnkRpr6uSw_Fk9nQshfZqKFdeZHkSBvIaLirE2ZidMEYy-rpS1O2j-viTG5U6bUSWo8aoeKoXwYfwbXNboEA-P4HgGCjD22XaXAkBHdhgyZ0UBX2z-jCx1smd7nucsi4h4RhC_2cEB1x_mE6XS5VlpvG91Hbcgml4cl0NZrWPtJ4DhFdPNUtQ8q3AYXkOr_OSFZgRKjesRaqfnSdJNABqlO_jEzAx0fgJfPZe1WlRWOfGRVBVopZ4_N5HpR_9lsNDzCZyidFsHwzvpkP6R6HbS8CMrNWgtkTbnz27EVqIhkYdiPVIN2Xkwj0BQ", body.header?.jwk?.n?.Value);

            var     protectedBase64 = body.GetValue("protected").Value;
            var     protectedJson   = Encoding.UTF8.GetString(JwsConvert.FromBase64String(protectedBase64));
            dynamic @protected      = JObject.Parse(protectedJson);

            Assert.Equal(string.Format(NonceFormat, this.nonce), @protected.nonce?.Value);

            var payloadBase64 = body.GetValue("payload").Value;
            var payloadJson   = Encoding.UTF8.GetString(JwsConvert.FromBase64String(payloadBase64));

            var signature              = $"{protectedBase64}.{payloadBase64}";
            var signatureBytes         = Encoding.ASCII.GetBytes(signature);
            var signedSignatureBytes   = accountKey.SignData(signatureBytes);
            var signedSignatureEncoded = JwsConvert.ToBase64String(signedSignatureBytes);

            Assert.Equal(signedSignatureEncoded, body.GetValue("signature").Value);

            return(JsonConvert.DeserializeObject <T>(payloadJson, JsonUtil.CreateSettings()));
        }
Exemplo n.º 2
0
        private async Task <T> ParsePayload <T>(HttpRequestMessage message)
        {
            var accountKey = await Helper.LoadkeyV1();

            var content = message.Content;

            Assert.Equal(JsonContentType, content.Headers.ContentType.MediaType);

            var json = await content.ReadAsStringAsync();

            dynamic body = JObject.Parse(json);

            var     protectedBase64 = body.GetValue("protected").Value;
            var     protectedJson   = Encoding.UTF8.GetString(JwsConvert.FromBase64String(protectedBase64));
            dynamic @protected      = JObject.Parse(protectedJson);

            Assert.Equal(string.Format(NonceFormat, this.nonce), @protected.nonce?.Value);

            var payloadBase64 = body.GetValue("payload").Value;
            var payloadJson   = Encoding.UTF8.GetString(JwsConvert.FromBase64String(payloadBase64));

            var signature              = $"{protectedBase64}.{payloadBase64}";
            var signatureBytes         = Encoding.UTF8.GetBytes(signature);
            var signedSignatureBytes   = accountKey.SignData(signatureBytes);
            var signedSignatureEncoded = JwsConvert.ToBase64String(signedSignatureBytes);

            Assert.Equal(signedSignatureEncoded, body.GetValue("signature").Value);

            return(JsonConvert.DeserializeObject <T>(payloadJson, JsonUtil.CreateSettings()));
        }
Exemplo n.º 3
0
        /// <summary>
        /// Post to the new account endpoint.
        /// </summary>
        /// <param name="context">The ACME context.</param>
        /// <param name="body">The payload.</param>
        /// <param name="ensureSuccessStatusCode">if set to <c>true</c>, throw exception if the request failed.</param>
        /// <param name="eabKeyId">Optional key identifier, if using external account binding.</param>
        /// <param name="eabKey">Optional EAB key, if using external account binding.</param>
        /// <param name="eabKeyAlg">Optional EAB key algorithm, if using external account binding, defaults to HS256 if not specified</param>
        /// <returns>The ACME response.</returns>
        internal static async Task <AcmeHttpResponse <Account> > NewAccount(
            IAcmeContext context, Account body, bool ensureSuccessStatusCode,
            string eabKeyId = null, string eabKey = null, string eabKeyAlg = null)
        {
            var endpoint = await context.GetResourceUri(d => d.NewAccount);

            var jws = new JwsSigner(context.AccountKey);

            if (eabKeyId != null && eabKey != null)
            {
                var header = new
                {
                    alg = eabKeyAlg?.ToUpper() ?? "HS256",
                    kid = eabKeyId,
                    url = endpoint
                };

                var headerJson            = Newtonsoft.Json.JsonConvert.SerializeObject(header, Newtonsoft.Json.Formatting.None, JsonUtil.CreateSettings());
                var protectedHeaderBase64 = JwsConvert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(headerJson));

                var accountKeyBase64 = JwsConvert.ToBase64String(
                    System.Text.Encoding.UTF8.GetBytes(
                        Newtonsoft.Json.JsonConvert.SerializeObject(context.AccountKey.JsonWebKey, Newtonsoft.Json.Formatting.None)
                        )
                    );

                var signingBytes = System.Text.Encoding.ASCII.GetBytes($"{protectedHeaderBase64}.{accountKeyBase64}");

                // eab signature is the hash of the header and account key, using the eab key
                byte[] signatureHash;

                switch (header.alg)
                {
                case "HS512":
                    using (var hs512 = new HMACSHA512(JwsConvert.FromBase64String(eabKey))) signatureHash = hs512.ComputeHash(signingBytes);
                    break;

                case "HS384":
                    using (var hs384 = new HMACSHA384(JwsConvert.FromBase64String(eabKey))) signatureHash = hs384.ComputeHash(signingBytes);
                    break;

                default:
                    using (var hs256 = new HMACSHA256(JwsConvert.FromBase64String(eabKey))) signatureHash = hs256.ComputeHash(signingBytes);
                    break;
                }

                var signatureBase64 = JwsConvert.ToBase64String(signatureHash);

                body.ExternalAccountBinding = new
                {
                    Protected = protectedHeaderBase64,
                    Payload   = accountKeyBase64,
                    Signature = signatureBase64
                };
            }

            return(await context.HttpClient.Post <Account>(jws, endpoint, body, ensureSuccessStatusCode));
        }