public async Task UpdateAccount_ShoudUpdateSuccessfully()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse updateAccountResponse = null;
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
updateAccountResponse = await api.UpdateAccountAsync(directory.Data, accountResponse.Nonce, accountResponse.Data);
//ASSERT
updateAccountResponse.ShouldNotBeNull();
updateAccountResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
updateAccountResponse.Nonce.Length.ShouldBeGreaterThan(0);
}
public async Task StandardCertificateRequest()
{
var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
var client = new ProtoacmeClient(restApi);
//1. Create a new account.
var newAccountInfo = new AcmeCreateAccount();
newAccountInfo.Contact.Add("mailto:[email protected]");
newAccountInfo.TermsOfServiceAgreed = true;
var account = await client.Account.CreateAsync(newAccountInfo);
//2. Request a certificate.
AcmeCertificateRequest certRequest = new AcmeCertificateRequest();
foreach (var dns in dnsNames)
{
certRequest.Identifiers.Add(new DnsCertificateIdentifier()
{
Value = dns
});
}
var certPromise = await client.Certificate.RequestCertificateAsync(account, certRequest);
//3. Get challenge
var challenges = await client.Challenge.GetChallengesAsync(account, certPromise, ChallengeType.Http);
//4. Save Challenge and Account for next step.
SaveAccountAndChallengeData(account, challenges, certPromise);
}
public async Task WildCardCertificateRequest()
{
var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
var client = new ProtoacmeClient(restApi);
//1. Create a new account.
var newAccountInfo = new AcmeCreateAccount();
newAccountInfo.Contact.Add("mailto:[email protected]");
newAccountInfo.Contact.Add("mailto:[email protected]");
newAccountInfo.TermsOfServiceAgreed = true;
var account = await client.Account.CreateAsync(newAccountInfo);
//2. Request the wildcard cert.
AcmeCertificateRequest certRequest = new AcmeCertificateRequest();
certRequest.Identifiers.Add(new DnsCertificateIdentifier()
{
Value = wildCardDns
});
var promise = await client.Certificate.RequestCertificateAsync(account, certRequest);
//3. Get Challenges
var challenge = await client.Challenge.GetChallengesAsync(account, promise, ChallengeType.Dns);
//4. Save Challenge Information
challenge[0].SaveToFile(@"c:\temp\dns_challenge.txt");
//5. Save account and additional info for future request.
account.SaveToFile(@"c:\temp\account.dat");
promise.SaveToFile(@"c:\temp\promise.dat");
challenge.SaveToFile(@"c:\temp\challenge.dat");
}
public async Task VerifyChallenge_ShouldVerifyTheChallenge()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "taco.com"
},
new DnsCertificateIdentifier()
{
Value = "www.taco.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
//ASSERT
challengeStatusResponse.ShouldNotBeNull();
challengeStatusResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
challengeStatusResponse.Data.ShouldNotBeNull();
challengeStatusResponse.Data.Status.ShouldBe("pending");
}
public async Task RequestCertificate_ShouldGetPromiseBack()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "taco.com"
},
new DnsCertificateIdentifier()
{
Value = "www.taco.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
//ASSERT
certificateFulfillmentPromise.ShouldNotBeNull();
certificateFulfillmentPromise.Status.ShouldBe(AcmeApiResponseStatus.Success);
certificateFulfillmentPromise.Data.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Status.ShouldBe("pending");
certificateFulfillmentPromise.Data.Identifiers.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Identifiers.Count.ShouldBe(2);
certificateFulfillmentPromise.Data.Authorizations.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Authorizations.Count.ShouldBe(2);
certificateFulfillmentPromise.Data.Finalize.ShouldNotBeNull();
certificateFulfillmentPromise.Data.Finalize.Length.ShouldBeGreaterThan(0);
}
public async Task GetNewNonce_ShouldReturnNewReplayNonce()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directoryResponse;
AcmeApiResponse nonceResponse = null;
//EXECUTE
directoryResponse = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directoryResponse.Data);
//ASSERT
nonceResponse.ShouldNotBeNull();
nonceResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
nonceResponse.Nonce.Length.ShouldBeGreaterThan(0);
}
public async Task GetDirectory_ShouldReturnValidDirectoryInfo()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directoryResponse;
//EXECUTE
directoryResponse = await api.GetDirectoryAsync();
//ASSERT
directoryResponse.Status.ShouldBe(AcmeApiResponseStatus.Success);
directoryResponse.Data.ShouldNotBeNull();
directoryResponse.Data.NewNoonce.ShouldNotBeNull();
directoryResponse.Data.NewNoonce.Length.ShouldBeGreaterThan(0);
directoryResponse.Data.NewAccount.ShouldNotBeNull();
directoryResponse.Data.NewAccount.Length.ShouldBeGreaterThan(0);
}
public async Task IssueStandardCertificates()
{
var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
var client = new ProtoacmeClient(restApi);
LoadAccountAndChallengeData <HttpChallenge>(out AcmeAccount account, out List <HttpChallenge> challenges, out AcmeCertificateFulfillmentPromise promise);
//1. Verify all of the challenges
foreach (var dnsChallenge in challenges)
{
var startVerifyResult = await client.Challenge.ExecuteChallengeVerification(dnsChallenge);
AcmeChallengeStatus challengeStatus = null;
while (challengeStatus == null || challengeStatus.Status == "pending")
{
challengeStatus = await client.Challenge.GetChallengeVerificationStatus(dnsChallenge);
await Task.Delay(3000);
}
if (challengeStatus.Status != "valid")
{
throw new Exception($"Failed to validate challenge token {dnsChallenge.Token}");
}
}
//2. If everything is good we download the certificate
CSR csr = CertificateUtility.GenerateCsr(dnsNames.ToArray());
SaveCRTPrivateKey(csr);
//Normally you would save the csr to be used next time.
var cert = await client.Certificate.DownloadCertificateAsync(account, promise, csr, CertificateType.Cert);
//Save Cert
using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create))
{
byte[] buffer = cert.Array;
fs.Write(buffer, 0, buffer.Length);
}
}
public async Task IssueWildCardCertificate()
{
var restApi = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
var client = new ProtoacmeClient(restApi);
//1. Load up the account and challenge data.
AcmeAccount account = AcmeAccount.FromFile(@"c:\temp\account.dat");
AcmeCertificateFulfillmentPromise promise = AcmeCertificateFulfillmentPromise.FromFile(@"c:\temp\promise.dat");
ChallengeCollection challenges = ChallengeCollection.FromFile <DnsChallenge>(@"c:\temp\challenge.dat");
//2. Tell Lets Encrypt to verify our challenge.
var startVerifyResult = await client.Challenge.ExecuteChallengeVerification(challenges[0]);
AcmeChallengeStatus challengeStatus = null;
while (challengeStatus == null || challengeStatus.Status == "pending")
{
challengeStatus = await client.Challenge.GetChallengeVerificationStatus(challenges[0]);
await Task.Delay(3000);
}
if (challengeStatus.Status != "valid")
{
throw new Exception($"Failed to validate challenge token");
}
//3. Create the CSR
CSR csr = CertificateUtility.GenerateCsr(wildCardDns);
SaveCRTPrivateKey(csr);
//4. Download the certificate
var cert = await client.Certificate.DownloadCertificateAsync(account, promise, csr, CertificateType.Cert);
//5. Save the certificate
using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create))
{
byte[] buffer = cert.Array;
fs.Write(buffer, 0, buffer.Length);
}
}
public static IServiceCollection AddProtoacme(this IServiceCollection services, Action <ProtoacmeOptions> options = null)
{
ProtoacmeOptions opt = new ProtoacmeOptions();
if (options != null)
{
options(opt);
}
if (opt.UseStaging)
{
IAcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
services.AddTransient <ProtoacmeClient>(srv => new ProtoacmeClient(api));
}
else
{
services.AddTransient <ProtoacmeClient>(srv => new ProtoacmeClient());
}
return(services);
}
public async Task DownloadCertificate_ShouldComplete()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null;
AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null;
AcmeApiResponse <ArraySegment <byte> > certificateResult = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "test.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
while (
challengeVerificationResponse == null ||
challengeVerificationResponse.Data.Status == "pending")
{
challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge);
await Task.Delay(3000);
}
string csr = GenerateCSR(accountResponse.Data, "test.com");
certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr);
certificateResult = await api.GetCertificateAsync(certificatePromiseResult.Data, CertificateType.Cert);
//We will write the cert out to a temp directory if it exists. Otherwise, forget it.
if (Directory.Exists(@"c:\temp"))
{
using (FileStream fs = new FileStream(@"c:\temp\mycert.cer", FileMode.Create))
{
byte[] bytes = certificateResult.Data.Array;
fs.Write(bytes, 0, bytes.Length);
}
}
//ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here)
}
public async Task FinalizeChallenge_ShouldComplete()
{
//SETUP
AcmeRestApi api = new AcmeRestApi(ProtoacmeContants.LETSENCRYPT_STAGING_ENDPOINT);
AcmeApiResponse <AcmeDirectory> directory;
AcmeApiResponse nonceResponse = null;
AcmeApiResponse <AcmeAccount> accountResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificateFulfillmentPromise = null;
List <AcmeApiResponse <AcmeAuthorization> > authorizations = null;
AcmeApiResponse <AcmeChallengeStatus> challengeStatusResponse = null;
AcmeApiResponse <AcmeChallengeVerificationStatus> challengeVerificationResponse = null;
AcmeApiResponse <AcmeCertificateFulfillmentPromise> certificatePromiseResult = null;
AcmeCertificateRequest certifcateRequest = new AcmeCertificateRequest()
{
Identifiers = new List <DnsCertificateIdentifier>()
{
new DnsCertificateIdentifier()
{
Value = "test.com"
}
}
};
//EXECUTE
directory = await api.GetDirectoryAsync();
nonceResponse = await api.GetNonceAsync(directory.Data);
accountResponse = await api.CreateAccountAsync(directory.Data, nonceResponse.Nonce, new AcmeCreateAccount()
{
Contact = new List <string>()
{
"mailto:[email protected]"
}, TermsOfServiceAgreed = true
});
certificateFulfillmentPromise = await api.RequestCertificateAsync(directory.Data, accountResponse.Nonce, accountResponse.Data, certifcateRequest);
authorizations = await api.GetChallengesAsync(certificateFulfillmentPromise.Data);
AcmeChallenge httpChallenge = authorizations.First().Data.Challenges.First(t => t.Type.Equals("http-01"));
string authKey = CreateAuthorizationKey(accountResponse.Data, httpChallenge.Token);
challengeStatusResponse = await api.VerifyChallengeAsync(accountResponse.Data, httpChallenge, certificateFulfillmentPromise.Nonce, authKey);
while (
challengeVerificationResponse == null ||
challengeVerificationResponse.Data.Status == "pending")
{
challengeVerificationResponse = await api.GetChallengeVerificationStatusAsync(httpChallenge);
await Task.Delay(3000);
}
string csr = GenerateCSR(accountResponse.Data, "test.com");
certificatePromiseResult = await api.FinalizeCertificatePromiseAsync(accountResponse.Data, challengeStatusResponse.Nonce, certificateFulfillmentPromise.Data, csr);
//ASSERT (Cant really assert anything here. This call will mostlikey fail. There is no way to validate the domain here)
certificatePromiseResult.ShouldNotBeNull();
}
