[Ignore] // *Normally*, we skip this test because it depends on a local Boulder setup to accessible
public void TestNewRegRequest()
{
var requ = WebRequest.Create(_rootUrl);
var resp = requ.GetResponse();
Assert.IsNotNull(resp);
var nonceKey = resp.Headers.AllKeys.FirstOrDefault(
x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase));
Assert.IsFalse(string.IsNullOrEmpty(nonceKey));
var nonceValue = resp.Headers[nonceKey];
var newReg = new
{
resource = "new-reg",
contact = new string[]
{
"mailto:[email protected]",
"tel:+12025551212"
},
};
var newRegSer = JsonConvert.SerializeObject(newReg);
var algSigner = new RS256Signer();
algSigner.Init();
var unprotectedHeader = new
{
alg = "RS256",
jwk = algSigner.ExportJwk()
};
var protectedHeader = new
{
nonce = nonceValue,
};
var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer,
protectedHeader, unprotectedHeader);
var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson);
requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg"));
requ.Method = "POST";
requ.ContentType = "application/json";
requ.ContentLength = acmeJsonBytes.Length;
using (var s = requ.GetRequestStream())
{
s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length);
}
resp = requ.GetResponse();
}
public void Test0141_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
_testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
var wsFilePath = authzChallenge.ChallengeAnswer.Key;
var wsFileBody = authzChallenge.ChallengeAnswer.Value;
var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json"));
using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody)))
{
var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}");
wsInfo.Provider.UploadFile(fileUrl, s);
}
}
}
Thread.Sleep(90 * 1000);
}
public void Test0095_RefreshIdentifierAuthorization()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0095_RefreshIdentifierAuthorization)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true);
_testAuthzRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-Refresh.acmeAuthz";
using (var fs = new FileStream(_testAuthzRefresh_AcmeAuthzFile, FileMode.Create))
{
authzRefreshState.Save(fs);
}
}
}
}
public void Test0090_AuthorizeIdentifier()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var authzState = client.AuthorizeIdentifier(TEST_CN1);
foreach (var c in authzState.Challenges)
{
if (c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS)
{
var dnsResponse = c.GenerateDnsChallengeAnswer(
authzState.Identifier, signer);
}
else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP)
{
var httpResponse = c.GenerateHttpChallengeAnswer(
authzState.Identifier, signer);
}
}
_testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz";
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
static void Main(string[] args)
{
var commandLineParseResult = Parser.Default.ParseArguments<Options>(args);
var parsed = commandLineParseResult as Parsed<Options>;
if (parsed == null)
{
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return; // not parsed
}
Options = parsed.Value;
Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)");
BaseURI = Options.BaseURI;
if (Options.Test)
BaseURI = "https://acme-staging.api.letsencrypt.org/";
//Console.Write("\nUse production Let's Encrypt server? (Y/N) ");
//if (PromptYesNo())
// BaseURI = ProductionBaseURI;
Console.WriteLine($"\nACME Server: {BaseURI}");
if (!string.IsNullOrWhiteSpace(Options.CentralSSLStore))
{
Console.WriteLine("Using Centralized SSL Path: " + Options.CentralSSLStore);
CentralSSL = true;
}
settings = new Settings(clientName, BaseURI);
configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI));
Console.WriteLine("Config Folder: " + configPath);
Directory.CreateDirectory(configPath);
try
{
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(configPath, "Signer");
if (File.Exists(signerPath))
{
Console.WriteLine($"Loading Signer from {signerPath}");
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer))
{
client.Init();
Console.WriteLine("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
var registrationPath = Path.Combine(configPath, "Registration");
if (File.Exists(registrationPath))
{
Console.WriteLine($"Loading Registration from {registrationPath}");
using (var registrationStream = File.OpenRead(registrationPath))
client.Registration = AcmeRegistration.Load(registrationStream);
}
else
{
Console.Write("Enter an email address (not public, used for renewal fail notices): ");
var email = Console.ReadLine().Trim();
var contacts = new string[] { };
if (!String.IsNullOrEmpty(email))
{
email = "mailto:" + email;
contacts = new string[] { email };
}
Console.WriteLine("Calling Register");
var registration = client.Register(contacts);
if (!Options.AcceptTOS && !Options.Renew)
{
Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
if (!PromptYesNo())
return;
}
Console.WriteLine("Updating Registration");
client.UpdateRegistration(true, true);
Console.WriteLine("Saving Registration");
using (var registrationStream = File.OpenWrite(registrationPath))
client.Registration.Save(registrationStream);
Console.WriteLine("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
if (Options.Renew)
{
CheckRenewals();
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return;
}
var targets = new List<Target>();
foreach (var plugin in Target.Plugins.Values)
{
targets.AddRange(plugin.GetTargets());
}
if (targets.Count == 0)
{
Console.WriteLine("No targets found.");
}
else
{
var count = 1;
foreach (var binding in targets)
{
Console.WriteLine($" {count}: {binding}");
count++;
}
}
Console.WriteLine();
foreach (var plugin in Target.Plugins.Values)
{
plugin.PrintMenu();
}
Console.WriteLine(" A: Get certificates for all hosts");
Console.WriteLine(" Q: Quit");
Console.Write("Which host do you want to get a certificate for: ");
var response = Console.ReadLine().ToLowerInvariant();
switch (response)
{
case "a":
foreach (var target in targets)
{
Auto(target);
}
break;
case "q":
return;
default:
var targetId = 0;
if (Int32.TryParse(response, out targetId))
{
targetId--;
if (targetId >= 0 && targetId < targets.Count)
{
var binding = targets[targetId];
Auto(binding);
}
}
else
{
foreach (var plugin in Target.Plugins.Values)
{
plugin.HandleMenuResponse(response, targets);
}
}
break;
}
}
}
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
var acmeWebException = e as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
Console.WriteLine(acmeWebException.Message);
Console.WriteLine("ACME Server Returned:");
Console.WriteLine(acmeWebException.Response.ContentAsString);
}
else
{
Console.WriteLine(e);
}
Console.ResetColor();
}
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
}
public void Test0170_GenCsrAndRequestCertificate()
{
using (var cp = CertificateProvider.GetProvider())
{
var rsaKeyParams = new RsaPrivateKeyParams();
var rsaKey = cp.GeneratePrivateKey(rsaKeyParams);
_testGenCsr_RsaKeysFile = $"{_baseLocalStore}\\TestGenCsr-rsaKeys.txt";
using (var fs = new FileStream(_testGenCsr_RsaKeysFile, FileMode.Create))
{
cp.SavePrivateKey(rsaKey, fs);
}
var csrParams = new CsrParams
{
Details = new CsrDetails
{
CommonName = TEST_CN1
}
};
var csr = cp.GenerateCsr(csrParams, rsaKey, Crt.MessageDigest.SHA256);
_testGenCsr_CsrDetailsFile = $"{_baseLocalStore}\\TestGenCsr-csrDetails.txt";
using (var fs = new FileStream(_testGenCsr_CsrDetailsFile, FileMode.Create))
{
cp.SaveCsrParams(csrParams, fs);
}
_testGenCsr_CsrFile = $"{_baseLocalStore}\\TestGenCsr-csr.txt";
using (var fs = new FileStream(_testGenCsr_CsrFile, FileMode.Create))
{
cp.SaveCsr(csr, fs);
}
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
byte[] derRaw;
using (var bs = new MemoryStream())
{
cp.ExportCsr(csr, EncodingFormat.DER, bs);
derRaw = bs.ToArray();
}
var derB64u = JwsHelper.Base64UrlEncode(derRaw);
using (var client = BuildClient(testTagHeader: nameof(Test0170_GenCsrAndRequestCertificate)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
var certRequ = client.RequestCertificate(derB64u);
_testCertRequ_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ.acmeCertRequ";
using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Create))
{
certRequ.Save(fs);
}
}
}
}
}
private static void LoadSignerFromFile(RS256Signer signer, string signerPath)
{
Console.WriteLine($"Loading Signer from {signerPath}");
Log.Information("Loading Signer from {signerPath}", signerPath);
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
public void Test0020_GetDirectory()
{
var boulderResMap = new Dictionary<string, string>
{
["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz",
["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert",
["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg",
["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert",
};
using (var signer = new RS256Signer())
{
using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0020_GetDirectory)))
{
client.Init();
// Test absolute URI paths
var acmeDirAbs = client.GetDirectory(false);
foreach (var ent in boulderResMap)
{
Assert.IsTrue(acmeDirAbs.Contains(ent.Key));
Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]);
}
// Test relative URI paths
var acmeDirRel = client.GetDirectory(true);
foreach (var ent in boulderResMap)
{
var relUrl = ent.Value.Replace(_dirUrlBase, "/");
Assert.IsTrue(acmeDirRel.Contains(ent.Key));
Assert.AreEqual(relUrl, acmeDirRel[ent.Key]);
}
}
}
}
public void Test0030_Register()
{
using (var signer = new RS256Signer())
{
signer.Init();
if (!_wpConfig.UseNewSigner)
{
// Re-use existing Signer config from stable local store
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
}
_testRegister_AcmeSignerFile = $"{_baseLocalStore}\\TestRegister.acmeSigner";
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Create))
{
signer.Save(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0030_Register)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
client.Register(new string[] { TEST_EM1, TEST_PH1, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegister_AcmeRegFile = $"{_baseLocalStore}\\TestRegister.acmeReg";
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0190_RefreshCertificateRequest()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
//var csrRaw = File.ReadAllBytes($"{_baseLocalStore}\\test-csr.der");
//var csrB64u = JwsHelper.Base64UrlEncode(csrRaw);
using (var client = BuildClient(testTagHeader: nameof(Test0190_RefreshCertificateRequest)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
CertificateRequest certRequ;
using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Open))
{
certRequ = CertificateRequest.Load(fs);
}
client.RefreshCertificateRequest(certRequ, true);
_testCertRequRefreshed_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.acmeCertRequ";
using (var fs = new FileStream(_testCertRequRefreshed_AcmeCertRequFile, FileMode.Create))
{
certRequ.Save(fs);
}
if (!string.IsNullOrEmpty(certRequ.CertificateContent))
{
_testCertRequRefreshed_CerFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.cer";
using (var fs = new FileStream(_testCertRequRefreshed_CerFile, FileMode.Create))
{
certRequ.SaveCertificate(fs);
}
}
}
}
}
public void Test0010_Init()
{
using (var signer = new RS256Signer())
{
using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0010_Init)))
{
client.Init();
Assert.IsNotNull(client.Directory);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce));
}
}
}
public void Test0142_HandleHttpChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0120_GenerateChallengeAnswers)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthzChallengeHttpAnswers_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json"));
Assert.IsNotNull(wsInfo);
var handlerConfig = wsInfo.Provider as AwsS3WebServerProvider;
Assert.IsNotNull(handlerConfig);
var handlerParams = new Dictionary<string, object>
{
[AwsCommonParams.ACCESS_KEY_ID.Name] /**/ = handlerConfig.AccessKeyId,
[AwsCommonParams.SECRET_ACCESS_KEY.Name] /**/ = handlerConfig.SecretAccessKey,
[AwsCommonParams.REGION.Name] /**/ = handlerConfig.Region,
[AwsS3ChallengeHandlerProvider.BUCKET_NAME.Name] /**/ = handlerConfig.BucketName,
};
var authzChallenge = client.HandleChallenge(authzState,
AcmeProtocol.CHALLENGE_TYPE_HTTP,
"awsS3", handlerParams);
_testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\140-TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0152_HandleDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0152_HandleDnsChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthzChallengeDnsAnswers_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
var dnsInfo = DnsInfo.Load(File.ReadAllText("config\\dnsInfo.json"));
Assert.IsNotNull(dnsInfo);
var handlerConfig = dnsInfo.Provider as AwsRoute53DnsProvider;
Assert.IsNotNull(handlerConfig);
var handlerParams = new Dictionary<string, object>
{
public void Test0151_DecodeDnsChallenge()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0151_DecodeDnsChallenge)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.DecodeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS);
_testAuthzChallengeDnsAnswers_AcmeAuthzFile = $"{_baseLocalStore}\\151-TestAuthz-DnsChallengeAnswers.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeDnsAnswers_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0146_SubmitHttpChallengeAnswers()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0146_SubmitHttpChallengeAnswers)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
AuthorizationState authzState;
using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Open))
{
authzState = AuthorizationState.Load(fs);
}
client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
client.SubmitAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, true);
_testAuthzChallengeHttpAnswered_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-HttpChallengeAnswered.acmeAuthz";
using (var fs = new FileStream(_testAuthzChallengeHttpAnswered_AcmeAuthzFile, FileMode.Create))
{
authzState.Save(fs);
}
}
}
}
public void Test0040_RegisterEmptyUpdate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0040_RegisterEmptyUpdate)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
// Do a simple update with no data changes requested
client.UpdateRegistration(true);
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterEmptyUpdate.acmeReg";
using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
public void Test0160_RequestCertificateInvalidCsr()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0160_RequestCertificateInvalidCsr)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.RequestCertificate("FOOBARNON");
Assert.Fail("WebException expected");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode);
}
}
}
}
public void Test0060_RegisterUpdateContacts()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0060_RegisterUpdateContacts)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, });
Assert.IsNotNull(client.Registration);
Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri));
_testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterUpdate.acmeReg";
using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create))
{
client.Registration.Save(fs);
}
}
}
}
private static void SaveSignerToFile(RS256Signer signer, string signerPath)
{
Console.WriteLine("Saving Signer");
Log.Information("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
public void Test0070_RegisterDuplicate()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0070_RegisterDuplicate)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Init();
client.GetDirectory(true);
try
{
client.Register(new string[]
{
"mailto:[email protected]",
"tel:+14105551212",
});
Assert.Fail("WebException expected");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.AreEqual(HttpStatusCode.Conflict, ex.Response.StatusCode);
}
}
}
}
private static void Main(string[] args)
{
CreateLogger();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
if (!TryParseOptions(args))
return;
Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)");
BaseUri = Options.BaseUri;
if (Options.Test)
SetTestParameters();
if (Options.San)
Log.Debug("San Option Enabled: Running per site and not per host");
ParseRenewalPeriod();
ParseCertificateStore();
Console.WriteLine($"\nACME Server: {BaseUri}");
Log.Information("ACME Server: {BaseUri}", BaseUri);
ParseCentralSslStore();
CreateSettings();
CreateConfigPath();
SetAndCreateCertificatePath();
try
{
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(_configPath, "Signer");
if (File.Exists(signerPath))
LoadSignerFromFile(signer, signerPath);
using (_client = new AcmeClient(new Uri(BaseUri), new AcmeServerDirectory(), signer))
{
_client.Init();
Console.WriteLine("\nGetting AcmeServerDirectory");
Log.Information("Getting AcmeServerDirectory");
_client.GetDirectory(true);
var registrationPath = Path.Combine(_configPath, "Registration");
if (File.Exists(registrationPath))
LoadRegistrationFromFile(registrationPath);
else
{
Console.Write("Enter an email address (not public, used for renewal fail notices): ");
var email = Console.ReadLine().Trim();
string[] contacts = GetContacts(email);
AcmeRegistration registration = CreateRegistration(contacts);
if (!Options.AcceptTos && !Options.Renew)
{
Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
if (!PromptYesNo())
return;
}
UpdateRegistration();
SaveRegistrationToFile(registrationPath);
SaveSignerToFile(signer, signerPath);
}
if (Options.Renew)
{
CheckRenewalsAndWaitForEnterKey();
return;
}
List<Target> targets = GetTargetsSorted();
WriteBindings(targets);
Console.WriteLine();
PrintMenuForPlugins();
if (string.IsNullOrEmpty(Options.ManualHost))
{
Console.WriteLine(" A: Get certificates for all hosts");
Console.WriteLine(" Q: Quit");
Console.Write("Which host do you want to get a certificate for: ");
var command = ReadCommandFromConsole();
switch (command)
{
case "a":
GetCertificatesForAllHosts(targets);
break;
case "q":
return;
default:
ProcessDefaultCommand(targets, command);
break;
}
}
}
}
}
catch (Exception e)
{
Log.Error("Error {@e}", e);
Console.ForegroundColor = ConsoleColor.Red;
var acmeWebException = e as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
Console.WriteLine(acmeWebException.Message);
Console.WriteLine("ACME Server Returned:");
Console.WriteLine(acmeWebException.Response.ContentAsString);
}
else
{
Console.WriteLine(e);
}
Console.ResetColor();
}
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
}
public void Test0080_AuthorizeDnsBlacklisted()
{
using (var signer = new RS256Signer())
{
signer.Init();
using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open))
{
signer.Load(fs);
}
AcmeRegistration reg;
using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open))
{
reg = AcmeRegistration.Load(fs);
}
using (var client = BuildClient(testTagHeader: nameof(Test0080_AuthorizeDnsBlacklisted)))
{
client.RootUrl = _rootUrl;
client.Signer = signer;
client.Registration = reg;
client.Init();
client.GetDirectory(true);
try
{
client.AuthorizeIdentifier("acme-win-test.example.com");
}
catch (AcmeClient.AcmeWebException ex)
{
Assert.IsNotNull(ex.WebException);
Assert.IsNotNull(ex.Response);
Assert.IsNotNull(ex.Response.ProblemDetail);
Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode);
Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type);
StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist");
}
}
}
}
static void Main(string[] args)
{
Log.Logger = new LoggerConfiguration()
.ReadFrom.AppSettings()
.CreateLogger();
Log.Information("The global logger has been configured");
var commandLineParseResult = Parser.Default.ParseArguments<Options>(args);
var parsed = commandLineParseResult as Parsed<Options>;
if (parsed == null)
{
#if DEBUG
Log.Debug("Program Debug Enabled");
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return; // not parsed
}
Options = parsed.Value;
Log.Debug("{@Options}", Options);
Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)");
BaseURI = Options.BaseURI;
if (Options.Test)
{
BaseURI = "https://acme-staging.api.letsencrypt.org/";
Log.Debug("Test paramater set: {BaseURI}", BaseURI);
}
if (Options.SAN)
{
Log.Debug("SAN Option Enabled: Running per site and not per host");
}
Console.WriteLine($"\nACME Server: {BaseURI}");
Log.Information("ACME Server: {BaseURI}", BaseURI);
if (!string.IsNullOrWhiteSpace(Options.CentralSSLStore))
{
Console.WriteLine("Using Centralized SSL Path: " + Options.CentralSSLStore);
Log.Information("Using Centralized SSL Path: {CentralSSLStore}", Options.CentralSSLStore);
CentralSSL = true;
}
settings = new Settings(clientName, BaseURI);
Log.Debug("{@settings}", settings);
configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI));
Console.WriteLine("Config Folder: " + configPath);
Log.Information("Config Folder: {configPath}", configPath);
Directory.CreateDirectory(configPath);
certificatePath = Properties.Settings.Default.CertificatePath;
if (string.IsNullOrWhiteSpace(certificatePath))
{
certificatePath = configPath;
}
else
{
try
{
Directory.CreateDirectory(certificatePath);
}
catch (Exception ex)
{
Console.WriteLine($"Error creating the certificate directory, {certificatePath}. Defaulting to config path");
Log.Warning("Error creating the certificate directory, {certificatePath}. Defaulting to config path. Error: {@ex}", certificatePath, ex);
certificatePath = configPath;
}
}
Console.WriteLine("Certificate Folder: " + certificatePath);
Log.Information("Certificate Folder: {certificatePath}", certificatePath);
try
{
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(configPath, "Signer");
if (File.Exists(signerPath))
{
Console.WriteLine($"Loading Signer from {signerPath}");
Log.Information("Loading Signer from {signerPath}", signerPath);
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer))
{
client.Init();
Console.WriteLine("\nGetting AcmeServerDirectory");
Log.Information("Getting AcmeServerDirectory");
client.GetDirectory(true);
var registrationPath = Path.Combine(configPath, "Registration");
if (File.Exists(registrationPath))
{
Console.WriteLine($"Loading Registration from {registrationPath}");
Log.Information("Loading Registration from {registrationPath}", registrationPath);
using (var registrationStream = File.OpenRead(registrationPath))
client.Registration = AcmeRegistration.Load(registrationStream);
}
else
{
Console.Write("Enter an email address (not public, used for renewal fail notices): ");
var email = Console.ReadLine().Trim();
var contacts = new string[] { };
if (!String.IsNullOrEmpty(email))
{
Log.Debug("Registration email: {email}", email);
email = "mailto:" + email;
contacts = new string[] { email };
}
Console.WriteLine("Calling Register");
Log.Information("Calling Register");
var registration = client.Register(contacts);
if (!Options.AcceptTOS && !Options.Renew)
{
Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
if (!PromptYesNo())
return;
}
Console.WriteLine("Updating Registration");
Log.Information("Updating Registration");
client.UpdateRegistration(true, true);
Console.WriteLine("Saving Registration");
Log.Information("Saving Registration");
using (var registrationStream = File.OpenWrite(registrationPath))
client.Registration.Save(registrationStream);
Console.WriteLine("Saving Signer");
Log.Information("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
if (Options.Renew)
{
CheckRenewals();
#if DEBUG
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
#endif
return;
}
var targets = new List<Target>();
if (!Options.SAN)
{
foreach (var plugin in Target.Plugins.Values)
{
targets.AddRange(plugin.GetTargets());
}
}
else
{
foreach (var plugin in Target.Plugins.Values)
{
targets.AddRange(plugin.GetSites());
}
}
if (targets.Count == 0)
{
Console.WriteLine("No targets found.");
Log.Error("No targets found.");
}
else
{
int HostsPerPage = 50;
try
{
HostsPerPage = Properties.Settings.Default.HostsPerPage;
}
catch (Exception ex)
{
Log.Error("Error getting HostsPerPage setting, setting to default value. Error: {@ex}", ex);
}
var count = 1;
if (targets.Count > HostsPerPage)
{
do
{
if ((count + HostsPerPage) <= targets.Count)
{
int stop = count + HostsPerPage;
for (int i = count; i < stop; i++)
{
if (!Options.SAN)
{
Console.WriteLine($" {count}: {targets[count - 1]}");
}
else
{
Console.WriteLine($" {count}: SAN - {targets[count - 1]}");
}
count++;
}
}
else
{
for (int i = count; i <= targets.Count; i++)
{
if (!Options.SAN)
{
Console.WriteLine($" {count}: {targets[count - 1]}");
}
else
{
Console.WriteLine($" {count}: SAN - {targets[count - 1]}");
}
count++;
}
}
if (count < targets.Count)
{
Console.WriteLine(" Q: Quit");
Console.Write("Press enter to continue to next page ");
var continueResponse = Console.ReadLine().ToLowerInvariant();
switch (continueResponse)
{
case "q":
throw new Exception($"Requested to quit application");
default:
break;
}
}
}
while (count < targets.Count);
}
else
{
foreach (var binding in targets)
{
Console.WriteLine($" {count}: {binding}");
count++;
}
}
}
Console.WriteLine();
foreach (var plugin in Target.Plugins.Values)
{
plugin.PrintMenu();
}
Console.WriteLine(" A: Get certificates for all hosts");
Console.WriteLine(" Q: Quit");
Console.Write("Which host do you want to get a certificate for: ");
var response = Console.ReadLine().ToLowerInvariant();
switch (response)
{
case "a":
foreach (var target in targets)
{
Auto(target);
}
break;
case "q":
return;
default:
var targetId = 0;
if (Int32.TryParse(response, out targetId))
{
targetId--;
if (targetId >= 0 && targetId < targets.Count)
{
var binding = targets[targetId];
Auto(binding);
}
}
else
{
foreach (var plugin in Target.Plugins.Values)
{
plugin.HandleMenuResponse(response, targets);
}
}
break;
}
}
}
}
catch (Exception e)
{
Log.Error("Error {@e}", e);
Console.ForegroundColor = ConsoleColor.Red;
var acmeWebException = e as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
Console.WriteLine(acmeWebException.Message);
Console.WriteLine("ACME Server Returned:");
Console.WriteLine(acmeWebException.Response.ContentAsString);
}
else
{
Console.WriteLine(e);
}
Console.ResetColor();
}
Console.WriteLine("Press enter to continue.");
Console.ReadLine();
}
public static string RequestAndInstallInternal(Target target)
{
BaseURI = target.BaseUri ?? "https://acme-staging.api.letsencrypt.org/";
configPath = ConfigPath(BaseURI);
try
{
webSiteClient = ArmHelper.GetWebSiteManagementClient(target);
}
catch (Exception ex)
{
Trace.TraceError("Unabled to create Azure Web Site Management client " + ex.ToString());
throw;
}
if (!Directory.Exists(configPath))
{
Directory.CreateDirectory(configPath);
}
var email = target.Email;
try
{
using (var signer = new RS256Signer())
{
signer.Init();
var signerPath = Path.Combine(configPath, "Signer");
if (File.Exists(signerPath))
{
Trace.TraceInformation($"Loading Signer from {signerPath}");
using (var signerStream = File.OpenRead(signerPath))
signer.Load(signerStream);
}
using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer))
{
client.Init();
Trace.TraceInformation("\nGetting AcmeServerDirectory");
client.GetDirectory(true);
var registrationPath = Path.Combine(configPath, "Registration");
if (File.Exists(registrationPath))
{
Trace.TraceInformation($"Loading Registration from {registrationPath}");
using (var registrationStream = File.OpenRead(registrationPath))
client.Registration = AcmeRegistration.Load(registrationStream);
}
else
{
var contacts = new string[] { };
if (!String.IsNullOrEmpty(email))
{
email = "mailto:" + email;
contacts = new string[] { email };
}
Trace.TraceInformation("Calling Register");
var registration = client.Register(contacts);
Trace.TraceInformation($"Do you agree to {registration.TosLinkUri}? (Y/N) ");
Trace.TraceInformation("Updating Registration");
client.UpdateRegistration(true, true);
Trace.TraceInformation("Saving Registration");
using (var registrationStream = File.OpenWrite(registrationPath))
client.Registration.Save(registrationStream);
Trace.TraceInformation("Saving Signer");
using (var signerStream = File.OpenWrite(signerPath))
signer.Save(signerStream);
}
// if (Options.Renew)
// {
// CheckRenewals();
//#if DEBUG
// Trace.TraceInformation("Press enter to continue.");
// Trace.ReadLine();
//#endif
// return;
// }
return Auto(target);
}
}
}
catch (Exception e)
{
var acmeWebException = e as AcmeClient.AcmeWebException;
if (acmeWebException != null)
{
Trace.TraceError(acmeWebException.Message);
Trace.TraceError("ACME Server Returned:");
Trace.TraceError(acmeWebException.Response.ContentAsString);
}
else
{
Trace.TraceError(e.ToString());
}
throw;
}
return null;
}
