/// <summary> /// Small method that validates one challenge using the specified validator /// </summary> /// <param name="httpChallenge"></param> /// <param name="challengeValidator"></param> /// <returns>true if validated, false otherwise</returns> private async Task <bool> ValidateHTTPChallenge(IChallengeContext httpChallenge, IHTTPChallengeValidator challengeValidator) { // We get the resource fresh var httpChallengeStatus = await httpChallenge.Resource(); // If it's invalid, we stop right away. Should not happen, but anyway... if (httpChallengeStatus.Status == ChallengeStatus.Invalid) { throw new Exception("HTTP challenge has an invalid status"); } // Else we start the challenge validation if (!challengeValidator.PrepareChallengeForValidation(httpChallenge.Token, httpChallenge.KeyAuthz)) { return(false); } // Now let's ping the ACME service to validate the challenge token Challenge challengeRes = await httpChallenge.Validate(); // We need to loop, because ACME service might need some time to validate the challenge token int retry = 0; while (((challengeRes.Status == ChallengeStatus.Pending) || (challengeRes.Status == ChallengeStatus.Processing)) && (retry < 10)) { // We sleep 2 seconds between each request, to leave time to ACME service to refresh System.Threading.Thread.Sleep(2000); // We refresh the challenge object from ACME service challengeRes = await httpChallenge.Resource(); retry++; } // Finally we cleanup everything that was needed for validation challengeValidator.CleanupChallengeAfterValidation(httpChallenge.Token); // If challenge is Invalid, Pending or Processing, something went wrong... if (challengeRes.Status != ChallengeStatus.Valid) { return(false); } return(true); }
static int Main(string[] args) { // Main parameters with their default values string taskName = null; _winCertesOptions = new WinCertesOptions(); if (!Utils.IsAdministrator()) { Console.WriteLine("WinCertes.exe must be launched as Administrator"); return(ERROR); } // Command line options handling and initialization stuff if (!HandleOptions(args)) { return(ERROR_INCORRECT_PARAMETER); } if (_periodic) { taskName = Utils.DomainsToFriendlyName(_domains); } InitWinCertesDirectoryPath(); Utils.ConfigureLogger(_winCertesPath); _config = new RegistryConfig(_extra); _winCertesOptions.WriteOptionsIntoConfiguration(_config); if (_show) { _winCertesOptions.displayOptions(_config); return(0); } // Reset is a full reset ! if (_reset) { IConfig baseConfig = new RegistryConfig(-1); baseConfig.DeleteAllParameters(); Utils.DeleteScheduledTasks(); return(0); } // Initialization and renewal/revocation handling try { InitCertesWrapper(_winCertesOptions.ServiceUri, _winCertesOptions.Email); } catch (Exception e) { _logger.Error(e.Message); return(ERROR); } if (_winCertesOptions.Revoke > -1) { RevokeCert(_domains, _winCertesOptions.Revoke); return(0); } // default mode: enrollment/renewal. check if there's something to be done // note that in any case, we want to be able to set the scheduled task (won't do anything if taskName is null) if (!IsThereCertificateAndIsItToBeRenewed(_domains)) { Utils.CreateScheduledTask(taskName, _domains, _extra); return(0); } // Now the real stuff: we register the order for the domains, and have them validated by the ACME service IHTTPChallengeValidator httpChallengeValidator = HTTPChallengeValidatorFactory.GetHTTPChallengeValidator(_winCertesOptions.Standalone, _winCertesOptions.HttpPort, _winCertesOptions.WebRoot); IDNSChallengeValidator dnsChallengeValidator = DNSChallengeValidatorFactory.GetDNSChallengeValidator(_config); if ((httpChallengeValidator == null) && (dnsChallengeValidator == null)) { WriteErrorMessageWithUsage(_options, "Specify either an HTTP or a DNS validation method."); return(ERROR_INCORRECT_PARAMETER); } if (!(Task.Run(() => _certesWrapper.RegisterNewOrderAndVerify(_domains, httpChallengeValidator, dnsChallengeValidator)).GetAwaiter().GetResult())) { if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } return(ERROR); } if (httpChallengeValidator != null) { httpChallengeValidator.EndAllChallengeValidations(); } // We get the certificate from the ACME service var pfx = Task.Run(() => _certesWrapper.RetrieveCertificate(_domains, _winCertesPath, Utils.DomainsToFriendlyName(_domains))).GetAwaiter().GetResult(); if (pfx == null) { return(ERROR); } CertificateStorageManager certificateStorageManager = new CertificateStorageManager(pfx, ((_winCertesOptions.Csp == null) && (!_winCertesOptions.noCsp))); // Let's process the PFX into Windows Certificate objet. certificateStorageManager.ProcessPFX(); // and we write its information to the WinCertes configuration RegisterCertificateIntoConfiguration(certificateStorageManager.Certificate, _domains); // Import the certificate into the Windows store if (!_winCertesOptions.noCsp) { certificateStorageManager.ImportCertificateIntoCSP(_winCertesOptions.Csp); } // Bind certificate to IIS Site (won't do anything if option is null) Utils.BindCertificateForIISSite(certificateStorageManager.Certificate, _winCertesOptions.BindName); // Execute PowerShell Script (won't do anything if option is null) Utils.ExecutePowerShell(_winCertesOptions.ScriptFile, pfx); // Create the AT task that will execute WinCertes periodically (won't do anything if taskName is null) Utils.CreateScheduledTask(taskName, _domains, _extra); // Let's delete the PFX file RemoveFileAndLog(pfx); return(0); }