public async Task <StatusMessage> RevokeCertificate(ILog log, ManagedCertificate managedCertificate) { try { var pkcs = new Org.BouncyCastle.Pkcs.Pkcs12Store(File.Open(managedCertificate.CertificatePath, FileMode.Open), "".ToCharArray()); var certAliases = pkcs.Aliases.GetEnumerator(); certAliases.MoveNext(); var certEntry = pkcs.GetCertificate(certAliases.Current.ToString()); var certificate = certEntry.Certificate; // revoke certificate var der = certificate.GetEncoded(); await _client.RevokeCertificateAsync(der, RevokeReason.Unspecified); return(new StatusMessage { IsOK = true, Message = $"Certificate revoke completed." }); } catch (Exception exp) { return(new StatusMessage { IsOK = false, Message = $"Failed to revoke certificate: {exp.Message}" }); } }
internal void RevokeCertificate(byte[] crt) { Retry(() => _client.RevokeCertificateAsync(crt, RevokeReason.Unspecified)); }
public async Task RevokeCertificate() { using (var http = _server.CreateClient()) { var dir = await GetDir(); var signer = new Crypto.JOSE.Impl.RSJwsTool(); signer.Init(); using (var acme = new AcmeProtocolClient(http, dir, signer: signer)) { await acme.GetNonceAsync(); var acct = await acme.CreateAccountAsync(new[] { "mailto:[email protected]" }); acme.Account = acct; var dnsIds = new[] { "foo.mock.acme2.zyborg.io", "foo-alt-1.mock.acme2.zyborg.io", "foo-alt-2.mock.acme2.zyborg.io", "foo-alt-3.mock.acme2.zyborg.io", }; var order = await acme.CreateOrderAsync(dnsIds); Assert.IsNotNull(order?.OrderUrl); Assert.AreEqual(dnsIds.Length, order.Payload.Authorizations?.Length); Assert.AreEqual(dnsIds.Length, order.Payload.Identifiers?.Length); var authzUrl = order.Payload.Authorizations[0]; var authz = await acme.GetAuthorizationDetailsAsync(authzUrl); Assert.IsNotNull(authz); Assert.IsFalse(authz.Wildcard ?? false); Assert.AreEqual(dnsIds[0], authz.Identifier.Value); foreach (var chlng in authz.Challenges) { var chlng2 = await acme.AnswerChallengeAsync(chlng.Url); Assert.IsNotNull(chlng2); Assert.AreEqual("valid", chlng2.Status); } var kpr = PkiKeyPair.GenerateRsaKeyPair(2048); var csr = new PkiCertificateSigningRequest($"cn={dnsIds[0]}", kpr, PkiHashAlgorithm.Sha256); csr.CertificateExtensions.Add( PkiCertificateExtension.CreateDnsSubjectAlternativeNames(dnsIds.Skip(1))); var csrDer = csr.ExportSigningRequest(PkiEncodingFormat.Der); var finalizedOrder = await acme.FinalizeOrderAsync(order.Payload.Finalize, csrDer); Assert.AreEqual("valid", finalizedOrder.Payload.Status); Assert.IsNotNull(finalizedOrder.Payload.Certificate); var getResp = await acme.GetAsync(finalizedOrder.Payload.Certificate); getResp.EnsureSuccessStatusCode(); var certPemBytes = await getResp.Content.ReadAsByteArrayAsync(); using (var fs = new FileStream(Path.Combine(DataFolder, "finalize-cert-beforeRevoke.pem"), FileMode.Create)) { await fs.WriteAsync(certPemBytes); } var cert = new X509Certificate2(certPemBytes); var certDerBytes = cert.Export(X509ContentType.Cert); await acme.RevokeCertificateAsync(certDerBytes); } } }
internal async Task RevokeCertificate(byte[] crt) => await Retry(async() => { await _client.RevokeCertificateAsync(crt, RevokeReason.Unspecified); return(Task.CompletedTask); });