示例#1
0
        public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer)
        {
            if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_DNS)
            {
                throw new InvalidDataException("unsupported Challenge type")
                      .With("challengeType", cp.Type)
                      .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_DNS);
            }

            //var token = (string)cp["token"];
            var token = cp.Token;

            // This response calculation is described in:
            //    https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.5

            var keyAuthz    = JwsHelper.ComputeKeyAuthorization(signer, token);
            var keyAuthzDig = JwsHelper.ComputeKeyAuthorizationDigest(signer, token);

            var ca = new DnsChallengeAnswer
            {
                KeyAuthorization = keyAuthz,
            };

            var c = new DnsChallenge(cp.Type, ca)
            {
                Token       = token,
                RecordName  = $"{AcmeProtocol.DNS_CHALLENGE_NAMEPREFIX}{ip.Value}",
                RecordValue = keyAuthzDig,
            };

            return(c);
        }
示例#2
0
        /// <summary>
        /// Returns a key-value pair that represents the HTTP resource path that
        /// needs to be configured (the key) and the resource content that should be returned
        /// for an HTTP request for this path on a server that the target DNS resolve to.
        /// </summary>
        /// <param name="dnsId"></param>
        /// <param name="signer"></param>
        /// <returns></returns>
        public KeyValuePair <string, string> GenerateHttpChallengeAnswer(string dnsId, ISigner signer)
        {
            var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, Token);

            return(new KeyValuePair <string, string>(
                       $"{AcmeProtocol.HTTP_CHALLENGE_PATHPREFIX}{Token}", keyAuthz));
        }
示例#3
0
        public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer)
        {
            if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_HTTP)
            {
                throw new InvalidDataException("unsupported Challenge type")
                      .With("challengeType", cp.Type)
                      .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_HTTP);
            }

            //var token = (string)cp["token"];
            var token = cp.Token;

            // This response calculation is described in:
            //    https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.2

            var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, token);
            var path     = $"{AcmeProtocol.HTTP_CHALLENGE_PATHPREFIX}{token}";
            var url      = $"http://{ip.Value}/{path}";


            var ca = new HttpChallengeAnswer
            {
                KeyAuthorization = keyAuthz,
            };

            var c = new HttpChallenge(cp.Type, ca)
            {
                Token       = token,
                FileUrl     = url,
                FilePath    = path,
                FileContent = keyAuthz,
            };

            return(c);
        }
示例#4
0
        public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer)
        {
            if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_SNI)
            {
                throw new InvalidDataException("unsupported Challenge type")
                      .With("challengeType", cp.Type)
                      .With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_SNI);
            }

            var token = cp.Token;

            // This response calculation is described in:
            //    https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3

            var keyAuthz    = JwsHelper.ComputeKeyAuthorization(signer, token);
            var keyAuthzDig = JwsHelper.ComputeKeyAuthorizationDigest(signer, token);

            LOG.Debug("Computed key authorization {0} and digest {1}", keyAuthz, keyAuthzDig);

            var ca = new TlsSniChallengeAnswer
            {
                KeyAuthorization = keyAuthz,
            };

            var c = new TlsSniChallenge(cp.Type, ca)
            {
                Token          = token,
                IterationCount = 1 // see: https://github.com/ietf-wg-acme/acme/pull/22 for reason n=1
            };

            return(c);
        }
示例#5
0
        /// <summary>
        /// </summary>
        /// <remarks>
        /// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05
        /// </remarks>
        public static TlsAlpn01ChallengeValidationDetails ResolveChallengeForTlsAlpn01(
            Authorization authz, Challenge challenge, IJwsTool signer)
        {
            var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, challenge.Token);

            return(new TlsAlpn01ChallengeValidationDetails
            {
                TokenValue = keyAuthz,
            });
        }
示例#6
0
        /// <summary>
        /// </summary>
        /// <remarks>
        /// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-8.3
        /// </remarks>
        public static Http01ChallengeValidationDetails ResolveChallengeForHttp01(
            Authorization authz, Challenge challenge, IJwsTool signer)
        {
            var keyAuthz = JwsHelper.ComputeKeyAuthorization(
                signer, challenge.Token);

            return(new Http01ChallengeValidationDetails
            {
                HttpResourceUrl = $@"http://{authz.Identifier.Value}/{
                        Http01ChallengeValidationDetails.HttpPathPrefix}/{
                        challenge.Token}",
                HttpResourcePath = $@"{Http01ChallengeValidationDetails.HttpPathPrefix}/{
                        challenge.Token}",
                HttpResourceContentType = Http01ChallengeValidationDetails.HttpResourceContentTypeDefault,
                HttpResourceValue = keyAuthz,
            });
        }