public async Task UpdateAccount_ShoudUpdateSuccessfully() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directory; AcmeApiResponse nonceResponse = null; AcmeApiResponse <AcmeAccount> accountResponse = null; AcmeApiResponse updateAccountResponse = null; //EXECUTE directory = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directory.Data); accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount() { Contact = new List <string>() { "mailto:[email protected]" }, TermsOfServiceAgreed = true }); updateAccountResponse = await api.UpdateAccountAsync(directory.Data, accountResponse.Nonce, accountResponse.Data); //ASSERT updateAccountResponse.ShouldNotBeNull(); updateAccountResponse.Status.ShouldBe(AcmeApiResponseStatus.Success); updateAccountResponse.Nonce.Length.ShouldBeGreaterThan(0); }
public async Task StandardCertificateRequest() { var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); var client = new ProtoacmeClient(restApi); //1. Create a new account. var newAccountInfo = new AcmeCreateAccount(); newAccountInfo.Contact.Add("mailto:[email protected]"); newAccountInfo.TermsOfServiceAgreed = true; var account = await client.Account.CreateAsync(newAccountInfo); //2. Request a certificate. AcmeCertificateRequest certRequest = new AcmeCertificateRequest(); foreach (var dns in dnsNames) { certRequest.Identifiers.Add(new DnsCertificateIdentifier() { Value = dns }); } var certPromise = await client.Certificate.RequestCertificateAsync(account, certRequest); //3. Get challenge var challenges = await client.Challenge.GetChallengesAsync(account, certPromise, ChallengeType.Http); //4. Save Challenge and Account for next step. SaveAccountAndChallengeData(account, challenges, certPromise); }
public async Task WildCardCertificateRequest() { var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); var client = new ProtoacmeClient(restApi); //1. Create a new account. var newAccountInfo = new AcmeCreateAccount(); newAccountInfo.Contact.Add("mailto:[email protected]"); newAccountInfo.Contact.Add("mailto:[email protected]"); newAccountInfo.TermsOfServiceAgreed = true; var account = await client.Account.CreateAsync(newAccountInfo); //2. Request the wildcard cert. AcmeCertificateRequest certRequest = new AcmeCertificateRequest(); certRequest.Identifiers.Add(new DnsCertificateIdentifier() { Value = wildCardDns }); var promise = await client.Certificate.RequestCertificateAsync(account, certRequest); //3. Get Challenges var challenge = await client.Challenge.GetChallengesAsync(account, promise, ChallengeType.Dns); //4. Save Challenge Information challenge[0].SaveToFile(@"c:\temp\dns_challenge.txt"); //5. Save account and additional info for future request. account.SaveToFile(@"c:\temp\account.dat"); promise.SaveToFile(@"c:\temp\promise.dat"); challenge.SaveToFile(@"c:\temp\challenge.dat"); }
public async Task VerifyChallenge_ShouldVerifyTheChallenge() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directory; AcmeApiResponse nonceResponse = null; AcmeApiResponse <AcmeAccount> accountResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null; List <AcmeApiResponse <AcmeAuthorization> > authorizations = null; AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse; AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest() { Identifiers = new List <DnsCertificateIdentifier>() { new DnsCertificateIdentifier() { Value = "taco.com" }, new DnsCertificateIdentifier() { Value = "www.taco.com" } } }; //EXECUTE directory = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directory.Data); accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount() { Contact = new List <string>() { "mailto:[email protected]" }, TermsOfServiceAgreed = true }); certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest); authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data); AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01")); string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token); challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey); //ASSERT challengeStatusResponse.ShouldNotBeNull(); challengeStatusResponse.Status.ShouldBe(AcmeApiResponseStatus.Success); challengeStatusResponse.Data.ShouldNotBeNull(); challengeStatusResponse.Data.Status.ShouldBe("pending"); }
public async Task RequestCertificate_ShouldGetPromiseBack() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directory; AcmeApiResponse nonceResponse = null; AcmeApiResponse <AcmeAccount> accountResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null; AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest() { Identifiers = new List <DnsCertificateIdentifier>() { new DnsCertificateIdentifier() { Value = "taco.com" }, new DnsCertificateIdentifier() { Value = "www.taco.com" } } }; //EXECUTE directory = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directory.Data); accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount() { Contact = new List <string>() { "mailto:[email protected]" }, TermsOfServiceAgreed = true }); certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest); //ASSERT certificateFulfillmentPromise.ShouldNotBeNull(); certificateFulfillmentPromise.Status.ShouldBe(AcmeApiResponseStatus.Success); certificateFulfillmentPromise.Data.ShouldNotBeNull(); certificateFulfillmentPromise.Data.Status.ShouldBe("pending"); certificateFulfillmentPromise.Data.Identifiers.ShouldNotBeNull(); certificateFulfillmentPromise.Data.Identifiers.Count.ShouldBe(2); certificateFulfillmentPromise.Data.Authorizations.ShouldNotBeNull(); certificateFulfillmentPromise.Data.Authorizations.Count.ShouldBe(2); certificateFulfillmentPromise.Data.Finalize.ShouldNotBeNull(); certificateFulfillmentPromise.Data.Finalize.Length.ShouldBeGreaterThan(0); }
public async Task GetNewNonce_ShouldReturnNewReplayNonce() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directoryResponse; AcmeApiResponse nonceResponse = null; //EXECUTE directoryResponse = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directoryResponse.Data); //ASSERT nonceResponse.ShouldNotBeNull(); nonceResponse.Status.ShouldBe(AcmeApiResponseStatus.Success); nonceResponse.Nonce.Length.ShouldBeGreaterThan(0); }
public async Task GetDirectory_ShouldReturnValidDirectoryInfo() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directoryResponse; //EXECUTE directoryResponse = await api.GetDirectoryAsync(); //ASSERT directoryResponse.Status.ShouldBe(AcmeApiResponseStatus.Success); directoryResponse.Data.ShouldNotBeNull(); directoryResponse.Data.NewNoonce.ShouldNotBeNull(); directoryResponse.Data.NewNoonce.Length.ShouldBeGreaterThan(0); directoryResponse.Data.NewAccount.ShouldNotBeNull(); directoryResponse.Data.NewAccount.Length.ShouldBeGreaterThan(0); }
public async Task IssueStandardCertificates() { var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); var client = new ProtoacmeClient(restApi); LoadAccountAndChallengeData <HttpChallenge>(out AcmeAccount account, out List <HttpChallenge> challenges, out AcmeCertificateFulfillmentPromise promise); //1. Verify all of the challenges foreach (var dnsChallenge in challenges) { var startVerifyResult = await client.Challenge.ExecuteChallengeVerification(dnsChallenge); AcmeChallengeStatus challengeStatus = null; while (challengeStatus == null || challengeStatus.Status == "pending") { challengeStatus = await client.Challenge.GetChallengeVerificationStatus(dnsChallenge); await Task.Delay(3000); } if (challengeStatus.Status != "valid") { throw new Exception($"Failed to validate challenge token {dnsChallenge.Token}"); } } //2. If everything is good we download the certificate CSR csr = CertificateUtility.GenerateCsr(dnsNames.ToArray()); SaveCRTPrivateKey(csr); //Normally you would save the csr to be used next time. var cert = await client.Certificate.DownloadCertificateAsync(account, promise, csr, CertificateType.Cert); //Save Cert using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create)) { byte[] buffer = cert.Array; fs.Write(buffer, 0, buffer.Length); } }
public async Task IssueWildCardCertificate() { var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); var client = new ProtoacmeClient(restApi); //1. Load up the account and challenge data. AcmeAccount account = AcmeAccount.FromFile(@"c:\temp\account.dat"); AcmeCertificateFulfillmentPromise promise = AcmeCertificateFulfillmentPromise.FromFile(@"c:\temp\promise.dat"); ChallengeCollection challenges = ChallengeCollection.FromFile <DnsChallenge>(@"c:\temp\challenge.dat"); //2. Tell Lets Encrypt to verify our challenge. var startVerifyResult = await client.Challenge.ExecuteChallengeVerification(challenges[0]); AcmeChallengeStatus challengeStatus = null; while (challengeStatus == null || challengeStatus.Status == "pending") { challengeStatus = await client.Challenge.GetChallengeVerificationStatus(challenges[0]); await Task.Delay(3000); } if (challengeStatus.Status != "valid") { throw new Exception($"Failed to validate challenge token"); } //3. Create the CSR CSR csr = CertificateUtility.GenerateCsr(wildCardDns); SaveCRTPrivateKey(csr); //4. Download the certificate var cert = await client.Certificate.DownloadCertificateAsync(account, promise, csr, CertificateType.Cert); //5. Save the certificate using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create)) { byte[] buffer = cert.Array; fs.Write(buffer, 0, buffer.Length); } }
public static IServiceCollection AddProtoacme(this IServiceCollection services, Action <ProtoacmeOptions> options = null) { ProtoacmeOptions opt = new ProtoacmeOptions(); if (options != null) { options(opt); } if (opt.UseStaging) { IAcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); services.AddTransient <ProtoacmeClient>(srv => new ProtoacmeClient(api)); } else { services.AddTransient <ProtoacmeClient>(srv => new ProtoacmeClient()); } return(services); }
public async Task DownloadCertificate_ShouldComplete() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directory; AcmeApiResponse nonceResponse = null; AcmeApiResponse <AcmeAccount> accountResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null; List <AcmeApiResponse <AcmeAuthorization> > authorizations = null; AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null; AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null; AcmeApiResponse <ArraySegment <byte> > certificateResult = null; AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest() { Identifiers = new List <DnsCertificateIdentifier>() { new DnsCertificateIdentifier() { Value = "test.com" } } }; //EXECUTE directory = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directory.Data); accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount() { Contact = new List <string>() { "mailto:[email protected]" }, TermsOfServiceAgreed = true }); certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest); authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data); AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01")); string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token); challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey); while ( challengeVerificationResponse == null || challengeVerificationResponse.Data.Status == "pending") { challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge); await Task.Delay(3000); } string csr = GenerateCSR(accountResponse.Data, "test.com"); certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr); certificateResult = await api.GetCertificateAsync(certificatePromiseResult.Data, CertificateType.Cert); //We will write the cert out to a temp directory if it exists. Otherwise, forget it. if (Directory.Exists(@"c:\temp")) { using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create)) { byte[] bytes = certificateResult.Data.Array; fs.Write(bytes, 0, bytes.Length); } } //ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here) }
public async Task FinalizeChallenge_ShouldComplete() { //SETUP AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT); AcmeApiResponse <AcmeDirectory> directory; AcmeApiResponse nonceResponse = null; AcmeApiResponse <AcmeAccount> accountResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null; List <AcmeApiResponse <AcmeAuthorization> > authorizations = null; AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null; AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null; AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null; AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest() { Identifiers = new List <DnsCertificateIdentifier>() { new DnsCertificateIdentifier() { Value = "test.com" } } }; //EXECUTE directory = await api.GetDirectoryAsync(); nonceResponse = await api.GetNonceAsync(directory.Data); accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount() { Contact = new List <string>() { "mailto:[email protected]" }, TermsOfServiceAgreed = true }); certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest); authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data); AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01")); string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token); challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey); while ( challengeVerificationResponse == null || challengeVerificationResponse.Data.Status == "pending") { challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge); await Task.Delay(3000); } string csr = GenerateCSR(accountResponse.Data, "test.com"); certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr); //ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here) certificatePromiseResult.ShouldNotBeNull(); }