public X509Certificate2 CreateAndStoreTestCertificate(string domain, DateTime dateFrom, DateTime dateTo) { var cert = CertificateManager.GenerateSelfSignedCertificate(domain, dateFrom, dateTo); CertificateManager.StoreCertificate(cert); return(cert); }
private Func <bool> PrepareChallengeResponse_TlsSni01(ILog log, ICertifiedServer iisManager, string domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth) { var requestConfig = managedCertificate.RequestConfig; var tlsSniChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI); if (tlsSniChallenge == null) { log.Warning($"No tls-sni-01 challenge to complete for {managedCertificate.Name}. Request cannot continue."); return(() => false); } var sha256 = System.Security.Cryptography.SHA256.Create(); var z = new byte[tlsSniChallenge.HashIterationCount][]; // compute n sha256 hashes, where n=challengedata.iterationcount z[0] = sha256.ComputeHash(Encoding.UTF8.GetBytes(tlsSniChallenge.Value)); for (var i = 1; i < z.Length; i++) { z[i] = sha256.ComputeHash(z[i - 1]); } // generate certs and install iis bindings var cleanupQueue = new List <Action>(); var checkQueue = new List <Func <bool> >(); foreach (var hex in z.Select(b => BitConverter.ToString(b).Replace("-", "").ToLower())) { var sni = $"{hex.Substring(0, 32)}.{hex.Substring(32)}.acme.invalid"; log.Information($"Preparing binding at: https://{domain}, sni: {sni}"); var x509 = CertificateManager.GenerateSelfSignedCertificate(sni); CertificateManager.StoreCertificate(x509); var certStoreName = CertificateManager.GetStore().Name; // iisManager.InstallCertificateforBinding(certStoreName, x509.GetCertHash(), // managedCertificate.ServerSiteId, sni); // add check to the queue checkQueue.Add(() => _netUtil.CheckSNI(domain, sni).Result); // add cleanup actions to queue cleanupQueue.Add(() => iisManager.RemoveHttpsBinding(managedCertificate.ServerSiteId, sni)); cleanupQueue.Add(() => CertificateManager.RemoveCertificate(x509)); } // configure cleanup to execute the cleanup queue pendingAuth.Cleanup = () => cleanupQueue.ForEach(a => a()); // perform our own config checks return(() => checkQueue.All(check => check())); }
public bool InstallSelfSignedCert(string host, int port) { var certSubject = "Certify Admin Service"; var certStore = CertificateManager.DEFAULT_STORE_NAME; var currentCert = CertificateManager.GetCertificateFromStore(certSubject, certStore); var certUpdated = false; // if cert expired will need a new one if (currentCert != null && currentCert.NotAfter <= DateTime.Now) { CertificateManager.RemoveCertificate(currentCert, certStore); currentCert = null; } if (currentCert == null) { // create and install new cert var newCert = CertificateManager.GenerateSelfSignedCertificate(certSubject, DateTime.Now, DateTime.Now.AddYears(3), "[Certify Background API]"); currentCert = CertificateManager.StoreCertificate(newCert, storeName: certStore); certUpdated = true; } // bind cert to our port if (currentCert != null && certUpdated) { var deleteCertBinding = "http delete sslcert ipport=0.0.0.0:" + port; var addCertBinding = "http add sslcert ipport=0.0.0.0:" + port + " certhash=" + currentCert.GetCertHashString() + " appid={af3a0c50-73eb-4159-a36f-82c7c77a2766}"; var procStartInfo = new ProcessStartInfo("netsh", deleteCertBinding) { RedirectStandardOutput = true, UseShellExecute = false, CreateNoWindow = true }; var proc = Process.Start(procStartInfo); proc.WaitForExit(10000); procStartInfo.Arguments = addCertBinding; proc = Process.Start(procStartInfo); proc.WaitForExit(10000); } return(true); }
public static ActionResult CreateCertificate(Session session) { ActionResult result; var methodName = MethodBase.GetCurrentMethod().Name; session.Log("{0}: BEGIN", methodName); try { var filePath = session.CustomActionData["SessionData"]; var sessionData = SessionManager.Load(filePath); session.Log("{0}: Product Version = {1}", methodName, sessionData.InstallerVersion); var certificate = CertificateManager.GenerateSelfSignedCertificate(); sessionData.Certificate = certificate.Thumbprint; session.Log("{0}: THUMBPRINT = {1}", methodName, sessionData.Certificate); SessionManager.Save(filePath, sessionData); result = ActionResult.Success; } catch (Exception e) { session.Log("{0}", e); result = ActionResult.Failure; } session.Log("{0}: RESULT = {1}", methodName, result); session.Log("{0}: END", methodName); return(result); }