public void SaveCertificate(DbCertificate cert)
{
using (var db = new LiteDatabase(DbName))
{
db.GetCollection <DbCertificate>().Upsert(cert);
}
}
public ActionResult <Order> FinalizeOrder(string acctId, string orderId,
[FromBody] JwsSignedPayload signedPayload)
{
if (!int.TryParse(acctId, out var acctIdNum))
{
return(NotFound());
}
if (!int.TryParse(orderId, out var orderIdNum))
{
return(NotFound());
}
var ph = ExtractProtectedHeader(signedPayload);
ValidateNonce(ph);
var acct = _repo.GetAccountByKid(ph.Kid);
if (acct == null)
{
throw new Exception("could not resolve account");
}
ValidateAccount(acct, signedPayload);
var dbOrder = _repo.GetOrder(orderIdNum);
if (dbOrder == null || dbOrder.AccountId != acctIdNum)
{
return(NotFound());
}
if (acct.Id != dbOrder.AccountId)
{
throw new Exception("inconsistent state -- "
+ "Challenge Order does not belong to resolved Account");
}
if (dbOrder.Details.Payload.Status != "pending")
{
throw new Exception("Order no longer pending");
}
var requ = ExtractPayload <FinalizeOrderRequest>(signedPayload);
var encodedCsr = CryptoHelper.Base64.UrlDecode(requ.Csr);
var crt = _ca.Sign(PkiEncodingFormat.Der, encodedCsr, PkiHashAlgorithm.Sha256);
byte[] crtBytes;
using (var ms = new MemoryStream())
{
crt.Save(ms);
ms.Flush();
ms.Position = 0;
crtBytes = ms.ToArray();
}
var certKey = Guid.NewGuid().ToString();
var certPem = Encoding.UTF8.GetString(crt.Export(PkiEncodingFormat.Pem))
+ ResolveCaCertPem();
var dbCert = new DbCertificate
{
OrderId = dbOrder.Id,
CertKey = certKey,
Native = crtBytes,
Pem = certPem,
};
_repo.SaveCertificate(dbCert);
dbOrder.Details.Payload.Status = "valid";
dbOrder.Details.Payload.Certificate = Url.Action(nameof(GetCertificate),
controller: null, values: new { certKey }, protocol: Request.Scheme);
_repo.SaveOrder(dbOrder);
GenerateNonce();
return(dbOrder.Details.Payload);
}
