private static void LoadCertificates(CertificateManager certificates)
{
var rsaCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.cert"));
SecurityAssert.Assert(rsaCert.Count == 1);
certificates.AddCertificate(rsaCert[0].RawData);
var rsaKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_rsa.key"));
SecurityAssert.Assert(rsaKey.Count == 1);
certificates.AddPrivateKey(rsaKey[0].RawData);
var ecCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.cert"));
SecurityAssert.Assert(ecCert.Count == 1);
certificates.AddCertificate(ecCert[0].RawData);
var ecKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_ec.key"));
SecurityAssert.Assert(ecKey.Count == 1);
certificates.AddPrivateKey(ecKey[0].RawData);
var dhCert = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.cert"));
SecurityAssert.Assert(dhCert.Count == 1);
certificates.AddCertificate(dhCert[0].RawData);
var dhKey = PEMReader.TryConvertFromBase64(File.ReadAllBytes("localhost_dh.key"));
SecurityAssert.Assert(dhKey.Count == 1);
certificates.AddPrivateKey(dhKey[0].RawData);
}
public void CertificateManager_AddCertificiate_AlreadyExists()
{
// Assemble
byte[] cert = File.ReadAllBytes("test.cer");
CertificateManager manager = new CertificateManager();
manager.AddCertificate(cert);//Make sure its there already
// Action
ResponseType result = manager.AddCertificate(cert);
// Assert
result.Should().Be(ResponseType.AlreadyExists);
}
public async Task <IHttpActionResult> GenerateAndInstall(GenerateAndInstallModel model, [FromUri(Name = "api-version")] string apiversion = null)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var mgr = new CertificateManager(model.AzureEnvironment, model.AcmeConfig, model.CertificateSettings, model.AuthorizationChallengeProviderConfig);
return(Ok(await mgr.AddCertificate()));
}
public void CertificateManager_AddCertificiate_Invalid()
{
// Assemble
byte[] cert = File.ReadAllBytes("invalid.txt");
CertificateManager manager = new CertificateManager();
// Action
ResponseType result = manager.AddCertificate(cert);
// Assert
result.Should().Be(ResponseType.InvalidCertificate);
}
public void CertificateManager_AddCertificiate_Success()
{
// Assemble
byte[] cert = File.ReadAllBytes("test.cer");
CertificateManager manager = new CertificateManager();
manager.RemoveCertificate(cert);//If its already there
// Action
ResponseType result = manager.AddCertificate(cert);
// Assert
result.Should().Be(ResponseType.Success);
}
private static readonly RNGCryptoServiceProvider s_randomGenerator = new RNGCryptoServiceProvider(); // thread-safe
public void Renew(RenewalParameters renewParams)
{
if (renewParams == null)
{
throw new ArgumentNullException(nameof(renewParams));
}
Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewParams);
Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewParams.WebApp);
byte[] pfxPassData = new byte[32];
s_randomGenerator.GetBytes(pfxPassData);
Trace.TraceInformation("Adding SSL cert for '{0}'...", renewParams.WebApp);
var manager = new CertificateManager(
new AzureEnvironment(
renewParams.TenantId,
renewParams.SubscriptionId,
renewParams.ClientId,
renewParams.ClientSecret,
renewParams.ResourceGroup,
renewParams.WebApp,
renewParams.ServicePlanResourceGroup,
renewParams.SiteSlotName),
new AcmeConfig
{
Host = renewParams.Hosts[0],
AlternateNames = renewParams.Hosts.Skip(1).ToList(),
RegistrationEmail = renewParams.Email,
RSAKeyLength = renewParams.RsaKeyLength,
PFXPassword = Convert.ToBase64String(pfxPassData),
#pragma warning disable S1075
BaseUri = (renewParams.AcmeBaseUri ?? new Uri("https://acme-v01.api.letsencrypt.org/")).ToString()
#pragma warning restore S1075
},
new CertificateServiceSettings {
UseIPBasedSSL = renewParams.UseIpBasedSsl
},
new AuthProviderConfig());
manager.AddCertificate();
Trace.TraceInformation("SSL cert added successfully to '{0}'", renewParams.WebApp);
}
private void SaveBtn_Click(object sender, EventArgs e)
{
try
{
if (string.IsNullOrEmpty(CertificateNameTextBox.Text))
{
MessageBox.Show("Поле \"Название\" должно быть заполнено", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else if (string.IsNullOrEmpty(CertificateNumberTextBox.Text))
{
MessageBox.Show("Поле \"Номер сертификата\" должно быть заполнено", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else if (string.IsNullOrEmpty(OrganizationComboBox.Text))
{
MessageBox.Show("Нужно выбрать организацию", "Внимание", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
if (isEdit)
{
CertificateManager.EditCertificate(certificateId,
CertificateNameTextBox.Text,
CertificateNumberTextBox.Text,
BeginDatePicker.Value,
EndDatePicker.Value,
currentOrganization.OrganizationId);
}
else
{
CertificateManager.AddCertificate(CertificateNameTextBox.Text,
CertificateNumberTextBox.Text,
BeginDatePicker.Value,
EndDatePicker.Value,
currentOrganization.OrganizationId);
}
DialogResult = DialogResult.OK;
Close();
}
}
catch (DomainException CheckError)
{
MessageBox.Show(CheckError.Message, "Ошибка", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
public async Task AddCertificateDnsChallengeTest()
{
var config = new AppSettingsAuthConfig();
var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "letsencrypt");
var mgr = new CertificateManager(config, new AcmeConfig()
{
Host = "letsencrypt.ai4bots.com",
PFXPassword = "******",
RegistrationEmail = "*****@*****.**",
RSAKeyLength = 2048
}, new WebAppCertificateService(config, new CertificateServiceSettings()
{
UseIPBasedSSL = config.UseIPBasedSSL
}), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment));
var result = await mgr.AddCertificate();
Assert.IsNotNull(result);
}
public static void Add(string path)
{
try
{
byte[] data = File.ReadAllBytes(path);
CertificateManager manager = new CertificateManager();
ResponseType response = manager.AddCertificate(data);
if (response == ResponseType.Success)
{
Console.WriteLine("Added Certificate: " + Path.GetFullPath(path));
}
else
{
Console.WriteLine("Error: " + response.ToString());
}
}
catch
{
Console.WriteLine("Error: File doesn't exist at: " + Path.GetFullPath(path));
}
}
public async Task AddCertificateHttpChallengeTest()
{
var config = new AppSettingsAuthConfig();
var mgr = new CertificateManager(config, new AcmeConfig()
{
Host = "letsencrypt.sjkp.dk",
AlternateNames = new List <string>()
{
"letsencrypt2.sjkp.dk"
},
PFXPassword = "******",
RegistrationEmail = "*****@*****.**",
RSAKeyLength = 2048
}, new WebAppCertificateService(config, new CertificateServiceSettings()
{
UseIPBasedSSL = config.UseIPBasedSSL
}), new KuduFileSystemAuthorizationChallengeProvider(config, new AuthorizationChallengeProviderConfig()));
var result = await mgr.AddCertificate();
Assert.IsNotNull(result);
ValidateCertificate(new[] { result }, "https://letsencrypt.sjkp.dk");
}
private static async Task RenewCore(RenewalParameters renewalParams)
{
Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams);
Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp);
var pfxPassData = new byte[32];
s_randomGenerator.GetBytes(pfxPassData);
Trace.TraceInformation(
"Adding SSL cert for '{0}{1}'...",
renewalParams.WebApp,
renewalParams.GroupName == null ? string.Empty : $"[{renewalParams.GroupName}]");
var certServiceSettings = new CertificateServiceSettings {
UseIPBasedSSL = renewalParams.UseIpBasedSsl
};
var azureWebAppEnvironment = new AzureWebAppEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.ResourceGroup,
renewalParams.WebApp,
renewalParams.ServicePlanResourceGroup,
renewalParams.SiteSlotName)
{
AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName,
AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri),
ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint),
TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService)
};
AzureWebAppEnvironment otherAzureWebAppEnvironment = null;
WebAppCertificateService otherWebAppCertificateService = null;
if (!string.IsNullOrEmpty(renewalParams.OtherWebAppResourceGroup) && !string.IsNullOrEmpty(renewalParams.OtherWebApp))
{
otherAzureWebAppEnvironment = new AzureWebAppEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.OtherWebAppResourceGroup,
renewalParams.OtherWebApp,
renewalParams.ServicePlanResourceGroup,
renewalParams.OtherSlotName)
{
AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName,
AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri),
ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint),
TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService)
};
otherWebAppCertificateService = new WebAppCertificateService(otherAzureWebAppEnvironment, certServiceSettings);
}
var azureStorageEnvironment = new AzureStorageEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.ResourceGroup,
renewalParams.StorageConnectionString,
renewalParams.StorageContainer);
var webAppCertificateService = new WebAppCertificateService(azureWebAppEnvironment, certServiceSettings);
var manager = new CertificateManager(
azureWebAppEnvironment,
new AcmeConfig
{
Host = renewalParams.Hosts[0],
AlternateNames = renewalParams.Hosts.Skip(1).ToList(),
RegistrationEmail = renewalParams.Email,
RSAKeyLength = renewalParams.RsaKeyLength,
PFXPassword = Convert.ToBase64String(pfxPassData),
BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString()
},
webAppCertificateService,
new AzureStorageFileSystemAuthorizationChallengeProvider(azureStorageEnvironment));
if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0)
{
await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration);
}
else
{
var res = await manager.AddCertificate();
webAppCertificateService.RemoveExpired();
otherWebAppCertificateService?.Install(res);
otherWebAppCertificateService?.RemoveExpired();
}
Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp);
}