int Execute(RegisterCommandOptions options) { if (!options.AcceptTos) { ConsoleErrorOutput("Could not create a registration before you accept the terms of services at https://letsencrypt.org/repository/.\r\nPlease specify --accept-tos option to accept the terms of services."); return(11); } UseDefaultOptionsIfNeed(ref options); Console.Write("Initializing..."); var signer = new RS256Signer(); signer.Init(); var client = ClientHelper.CreateAcmeClient(signer, null); Console.WriteLine("Done."); Console.WriteLine("Requesting new registration for {0}...", options.ContactEmailAddress); var registration = RegistrationHelper.CreateNew(client, options.ContactEmailAddress); RegistrationHelper.SaveToFile(registration, options.OutputPathRegisteration); SignerHelper.SaveToFile(signer, options.OutputPathSigner); Console.WriteLine("Registration created for {0}.", options.ContactEmailAddress); Console.WriteLine("Registration profile saved at {0}.", options.OutputPathRegisteration); Console.WriteLine("Registration signer saved at {0}.", options.OutputPathSigner); return(0); }
public void Test0020_GetDirectory() { var boulderResMap = new Dictionary <string, string> { ["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz", ["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert", ["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg", ["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert", }; using (var signer = new RS256Signer()) { using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0020_GetDirectory))) { client.Init(); // Test absolute URI paths var acmeDirAbs = client.GetDirectory(false); foreach (var ent in boulderResMap) { Assert.IsTrue(acmeDirAbs.Contains(ent.Key)); Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]); } // Test relative URI paths var acmeDirRel = client.GetDirectory(true); foreach (var ent in boulderResMap) { var relUrl = ent.Value.Replace(_dirUrlBase, "/"); Assert.IsTrue(acmeDirRel.Contains(ent.Key)); Assert.AreEqual(relUrl, acmeDirRel[ent.Key]); } } } }
public void Test0020_GetDirectory() { var boulderResMap = new Dictionary<string, string> { ["new-authz"] /**/ = $"{_dirUrlBase}acme/new-authz", ["new-cert"] /**/ = $"{_dirUrlBase}acme/new-cert", ["new-reg"] /**/ = $"{_dirUrlBase}acme/new-reg", ["revoke-cert"] /**/ = $"{_dirUrlBase}acme/revoke-cert", }; using (var signer = new RS256Signer()) { using (var client = new AcmeClient(_rootUrl, signer: signer)) { client.Init(); // Test absolute URI paths var acmeDirAbs = client.GetDirectory(false); foreach (var ent in boulderResMap) { Assert.IsTrue(acmeDirAbs.Contains(ent.Key)); Assert.AreEqual(ent.Value, acmeDirAbs[ent.Key]); } // Test relative URI paths var acmeDirRel = client.GetDirectory(true); foreach (var ent in boulderResMap) { var relUrl = ent.Value.Replace(_dirUrlBase, "/"); Assert.IsTrue(acmeDirRel.Contains(ent.Key)); Assert.AreEqual(relUrl, acmeDirRel[ent.Key]); } } } }
public async Task <CertificateInfo> RequestCertificate() { using (var signer = new RS256Signer()) using (var client = Register(signer)) { IdnMapping idn = new IdnMapping(); var auth = await this.authorizeChallengeProvider.Authorize(client, config.Hostnames.Select(s => idn.GetAscii(s)).ToList()); //GetCertificate if (auth.Status == "valid") { var pfxFilename = GetCertificate(client); X509Certificate2 certificate; certificate = new X509Certificate2(pfxFilename, config.PFXPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); certificate.FriendlyName = $"{config.Host} {DateTime.Now}"; var bytes = File.ReadAllBytes(pfxFilename); return(new CertificateInfo() { Certificate = certificate, PfxCertificate = bytes, Name = pfxFilename, Password = config.PFXPassword }); } throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + auth.Status); } }
public void Test0030_Register() { using (var signer = new RS256Signer()) { signer.Init(); using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); client.Register(new string[] { TEST_EM1, TEST_PH1, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Create)) { client.Registration.Save(fs); } } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Create)) { signer.Save(fs); } } }
private bool disposedValue = false; // To detect redundant calls protected virtual void Dispose(bool disposing) { if (!disposedValue) { if (disposing) { // dispose managed state (managed objects). if (_Client != null) { _Client.Dispose(); _Client = null; } if (_Signer != null) { _Signer.Dispose(); _Signer = null; } } // free unmanaged resources (unmanaged objects) and override a finalizer below. // set large fields to null. disposedValue = true; } }
private async void loadToolStripMenuItem_Click(object sender, EventArgs e) { var account = cmbAccounts.SelectedItem as Account; if (account == null) { log.Error("not account."); await Task.FromResult(0); return; } RS256Signer signer = null; AcmeClient client = null; try { signer = account.Signer; client = new AcmeClient(new Uri(account.uri), new AcmeServerDirectory(), signer); client.Init(); log.Info("\nGetting AcmeServerDirectory"); client.GetDirectory(true); client.Registration = account.Registration; this.client = client; this.account = account; log.Info("load done."); labInfo.Text = account.ToString(); btnRefreshDomains.PerformClick(); } catch (Exception ex) { if (client != null) { client.Dispose(); client = null; } if (signer != null) { signer.Dispose(); signer = null; } var acmeWebException = ex as AcmeClient.AcmeWebException; if (acmeWebException != null) { log.Error(acmeWebException.Message); log.Error("ACME Server Returned:"); log.Error(acmeWebException.Response.ContentAsString); } else { log.Error(ex); } } }
/// <summary> /// Load a certificate signer from a file /// </summary> /// <param name="signer"></param> /// <param name="signerPath"></param> protected void LoadSignerFromFile(RS256Signer signer, string signerPath) { this.Logger.LogInfo(true, $"Loading Signer from {signerPath}"); using (var signerStream = File.OpenRead(signerPath)) { signer.Load(signerStream); } }
private bool TryLoad(bool force = false) { if (force == false && this.client != null) { return(true); } RS256Signer signer = null; AcmeClient client = null; try { signer = account.Signer; client = new AcmeClient(new Uri(account.uri), new AcmeServerDirectory(), signer); client.Init(); log.Info("\nGetting AcmeServerDirectory"); client.GetDirectory(true); client.Registration = account.Registration; this.client = client; log.Info("load done."); labInfo.Text = account.ToString(); // return(true); } catch (Exception ex) { if (client != null) { client.Dispose(); client = null; } if (signer != null) { signer.Dispose(); signer = null; } var acmeWebException = ex as AcmeClient.AcmeWebException; if (acmeWebException != null) { log.Error(acmeWebException.Message); log.Error("ACME Server Returned:"); log.Error(acmeWebException.Response.ContentAsString); } else { log.Error(ex); } } return(false); }
public static RS256Signer LoadFromFile(string signerPath) { var signer = new RS256Signer(); signer.Init(); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); return(signer); }
public void Test0190_RefreshCertificateRequest() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } //var csrRaw = File.ReadAllBytes($"{_baseLocalStore}\\test-csr.der"); //var csrB64u = JwsHelper.Base64UrlEncode(csrRaw); using (var client = BuildClient(testTagHeader: nameof(Test0190_RefreshCertificateRequest))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); CertificateRequest certRequ; using (var fs = new FileStream(_testCertRequ_AcmeCertRequFile, FileMode.Open)) { certRequ = CertificateRequest.Load(fs); } client.RefreshCertificateRequest(certRequ, true); _testCertRequRefreshed_AcmeCertRequFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.acmeCertRequ"; using (var fs = new FileStream(_testCertRequRefreshed_AcmeCertRequFile, FileMode.Create)) { certRequ.Save(fs); } if (!string.IsNullOrEmpty(certRequ.CertificateContent)) { _testCertRequRefreshed_CerFile = $"{_baseLocalStore}\\TestCertRequ-Refreshed.cer"; using (var fs = new FileStream(_testCertRequRefreshed_CerFile, FileMode.Create)) { certRequ.SaveCertificate(fs); } } } } }
[Ignore] // *Normally*, we skip this test because it depends on a local Boulder setup to accessible public void TestNewRegRequest() { var requ = WebRequest.Create(_rootUrl); var resp = requ.GetResponse(); Assert.IsNotNull(resp); var nonceKey = resp.Headers.AllKeys.FirstOrDefault( x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase)); Assert.IsFalse(string.IsNullOrEmpty(nonceKey)); var nonceValue = resp.Headers[nonceKey]; var newReg = new { resource = "new-reg", contact = new string[] { "mailto:[email protected]", // Tel contact method is no longer supported by Boulder //"tel:+12025551212" }, }; var newRegSer = JsonConvert.SerializeObject(newReg); var algSigner = new RS256Signer(); algSigner.Init(); var unprotectedHeader = new { alg = "RS256", jwk = algSigner.ExportJwk() }; var protectedHeader = new { nonce = nonceValue, }; var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer, protectedHeader, unprotectedHeader); var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson); requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg")); requ.Method = "POST"; requ.ContentType = "application/json"; requ.ContentLength = acmeJsonBytes.Length; using (var s = requ.GetRequestStream()) { s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length); } resp = requ.GetResponse(); }
public void Test0141_HandleHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); _testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } var wsFilePath = authzChallenge.ChallengeAnswer.Key; var wsFileBody = authzChallenge.ChallengeAnswer.Value; var wsInfo = WebServerInfo.Load(File.ReadAllText("config\\webServerInfo.json")); using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); wsInfo.Provider.UploadFile(fileUrl, s); } } } Thread.Sleep(90 * 1000); }
public void Test0010_Init() { using (var signer = new RS256Signer()) { using (var client = BuildClient(_rootUrl, signer: signer, testTagHeader: nameof(Test0010_Init))) { client.Init(); Assert.IsNotNull(client.Directory); Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce)); } } }
public void Test0010_Init() { using (var signer = new RS256Signer()) { using (var client = BuildClient(_rootUrl, signer: signer)) { client.Init(); Assert.IsNotNull(client.Directory); Assert.IsFalse(string.IsNullOrWhiteSpace(client.NextNonce)); } } }
public void Test0140_HandleHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp"); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Create)) { authzState.Save(fs); } var wsFilePath = authzChallenge.ChallengeAnswer.Key; var wsFileBody = authzChallenge.ChallengeAnswer.Value; var wsInfo = WebServerInfo.Load(File.ReadAllText("webServerInfo.json")); using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); wsInfo.Provider.UploadFile(fileUrl, s); } } } Thread.Sleep(90 * 1000); }
public void Test0190_RefreshCertificateRequest() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } //var csrRaw = File.ReadAllBytes($"{BASE_LOCAL_STORE}test-csr.der"); //var csrB64u = JwsHelper.Base64UrlEncode(csrRaw); using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); CertificateRequest certRequ; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Open)) { certRequ = CertificateRequest.Load(fs); } client.RefreshCertificateRequest(certRequ, true); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.acmeCertRequ", FileMode.Create)) { certRequ.Save(fs); } if (!string.IsNullOrEmpty(certRequ.CertificateContent)) { using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ-Refreshed.cer", FileMode.Create)) { certRequ.SaveCertificate(fs); } } } } }
public void Test0090_AuthorizeIdentifier() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var authzState = client.AuthorizeIdentifier(TEST_CN1); foreach (var c in authzState.Challenges) { if (c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS) { var dnsResponse = c.GenerateDnsChallengeAnswer( authzState.Identifier, signer); } else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP) { var httpResponse = c.GenerateHttpChallengeAnswer( authzState.Identifier, signer); } } _testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz"; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0130_HandleDnsChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, "dns"); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleDns.acmeAuthz", FileMode.Create)) { authzState.Save(fs); } var dnsName = authzChallenge.ChallengeAnswer.Key; var dnsValue = Regex.Replace(authzChallenge.ChallengeAnswer.Value, "\\s", ""); var dnsValues = Regex.Replace(dnsValue, "(.{100,100})", "$1\n").Split('\n'); var dnsInfo = DnsInfo.Load(File.ReadAllText("dnsInfo.json")); dnsInfo.Provider.EditTxtRecord(dnsName, dnsValues); } } Thread.Sleep(90 * 1000); }
public AcmeClientWrapper( IInputService inputService, IOptionsService optionsService, ILogService log, SettingsService settings, ProxyService proxy) { _log = log; _settings = settings; _optionsService = optionsService; _input = inputService; _directory = new AcmeServerDirectory(); _signer = new RS256Signer(); _signer.Init(); _proxyService = proxy; _client = new AcmeClient(new Uri(optionsService.Options.BaseUri), _directory, _signer); ConfigureAcmeClient(); }
public AcmeClient Configure(TargetApplication targetApplication) { var contacts = NormalizeContacts(); var signer = new RS256Signer(); var basePath = _configuration.GetBaseOutPutPath(targetApplication); ConfigureSigner(signer, basePath); var acmeServerBaseUri = _configuration.GetAcmeServerBaseUri(targetApplication); var acmeClient = new AcmeClient(acmeServerBaseUri, new AcmeServerDirectory(), signer); acmeClient.Init(); acmeClient.GetDirectory(saveRelative: true); ProcessRegistration(acmeClient, contacts.ToArray(), basePath); return(acmeClient); }
public void Test0120_GenerateChallengeAnswers() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0120_GenerateChallengeAnswers))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } //client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS); //client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP); client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); _testAuthzChallengeAnswers_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswers.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeAnswers_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0090_AuthorizeIdentifier() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var authzState = client.AuthorizeIdentifier(TEST_CN1); foreach (var c in authzState.Challenges) { if (c.Type == "dns") { var dnsResponse = c.GenerateDnsChallengeAnswer( authzState.Identifier, signer); } } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0095_RefreshIdentifierAuthorization() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0095_RefreshIdentifierAuthorization))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true); _testAuthzRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-Refresh.acmeAuthz"; using (var fs = new FileStream(_testAuthzRefresh_AcmeAuthzFile, FileMode.Create)) { authzRefreshState.Save(fs); } } } }
public void Test0080_AuthorizeDnsBlacklisted() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0080_AuthorizeDnsBlacklisted))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.AuthorizeIdentifier("acme-win-test.example.com"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.IsNotNull(ex.Response.ProblemDetail); Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode); Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type); StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist"); } } } }
public void Test0145_SubmitHttpChallengeAnswers() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz", FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.GenerateAuthorizeChallengeAnswer(authzState, "simpleHttp"); client.SubmitAuthorizeChallengeAnswer(authzState, "simpleHttp", true); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-HttpChallengeAnswered.acmeAuthz", FileMode.Create)) { authzState.Save(fs); } } } }
static void SetupAcmeClient(AcmeClient client, RS256Signer signer, string registrationFile, string signerFile, string email) { client.Init(); client.GetDirectory(true); if (!File.Exists(registrationFile)) { client.Register(new string[] { $"mailto:{email}" }); using (var registrationStream = File.OpenWrite(registrationFile)) client.Registration.Save(registrationStream); } using (var registrationStream = File.OpenRead(registrationFile)) client.Registration = AcmeRegistration.Load(registrationStream); client.UpdateRegistration(true, true); using (var signerStream = File.OpenWrite(signerFile)) signer.Save(signerStream); }
public void Test0095_RefreshIdentifierAuthorization() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzRefreshState = client.RefreshIdentifierAuthorization(authzState, true); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-Refresh.acmeAuthz", FileMode.Create)) { authzRefreshState.Save(fs); } } } }
public void Test0100_RefreshAuthzDnsChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz.acmeAuthz", FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.RefreshAuthorizeChallenge(authzState, "dns", true); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestAuthz-DnsChallengeRefreshed.acmeAuthz", FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0030_Register() { using (var signer = new RS256Signer()) { signer.Init(); if (!_wpConfig.UseNewSigner) { // Re-use existing Signer config from stable local store using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } } _testRegister_AcmeSignerFile = $"{_baseLocalStore}\\TestRegister.acmeSigner"; using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Create)) { signer.Save(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0030_Register))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); client.Register(new string[] { TEST_EM1, TEST_PH1, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegister_AcmeRegFile = $"{_baseLocalStore}\\TestRegister.acmeReg"; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0160_RequestCertificateInvalidCsr() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0160_RequestCertificateInvalidCsr))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.RequestCertificate("FOOBARNON"); Assert.Fail("WebException expected"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode); } } } }
public void Test0040_RegisterEmptyUpdate() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0040_RegisterEmptyUpdate))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); // Do a simple update with no data changes requested client.UpdateRegistration(true); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterEmptyUpdate.acmeReg"; using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0060_RegisterUpdateContacts() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegisterUpdate.acmeReg", FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0070_RegisterDuplicate() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); try { client.Register(new string[] { "mailto:[email protected]", "tel:+14105551212", }); Assert.Fail("WebException expected"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.AreEqual(HttpStatusCode.Conflict, ex.Response.StatusCode); } } } }
public void Test0170_GenCsrAndRequestCertificate() { var rsaKeys = CsrHelper.GenerateRsaPrivateKey(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-rsaKeys.txt", FileMode.Create)) { rsaKeys.Save(fs); } var csrDetails = new CsrHelper.CsrDetails { CommonName = TEST_CN1 }; var csr = CsrHelper.GenerateCsr(csrDetails, rsaKeys); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csrDetails.txt", FileMode.Create)) { csrDetails.Save(fs); } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestGenCsr-csr.txt", FileMode.Create)) { csr.Save(fs); } using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } byte[] derRaw; using (var bs = new MemoryStream()) { csr.ExportAsDer(bs); derRaw = bs.ToArray(); } var derB64u = JwsHelper.Base64UrlEncode(derRaw); using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var certRequ = client.RequestCertificate(derB64u); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestCertRequ.acmeCertRequ", FileMode.Create)) { certRequ.Save(fs); } } } }
public void Test0090_AuthorizeIdentifier() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0090_AuthorizeIdentifier))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); var authzState = client.AuthorizeIdentifier(TEST_CN1); foreach (var c in authzState.Challenges) { if (c.Type == AcmeProtocol.CHALLENGE_TYPE_LEGACY_DNS || c.Type == AcmeProtocol.CHALLENGE_TYPE_DNS) { var dnsResponse = c.GenerateDnsChallengeAnswer( authzState.Identifier, signer); } else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP) { var httpResponse = c.GenerateLegacyHttpChallengeAnswer( authzState.Identifier, signer, false); } else if (c.Type == AcmeProtocol.CHALLENGE_TYPE_HTTP) { var httpResponse = c.GenerateHttpChallengeAnswer( authzState.Identifier, signer); } } _testAuthz_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz.acmeAuthz"; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0110_RefreshAuthzLegacyHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0110_RefreshAuthzLegacyHttpChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.RefreshAuthorizeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_LEGACY_HTTP, true); _testAuthzChallengeLegacyHttpRefresh_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-LegacyHttpChallengeRefreshed.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeLegacyHttpRefresh_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
public void Test0146_SubmitHttpChallengeAnswers() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0146_SubmitHttpChallengeAnswers))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); client.SubmitAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, true); _testAuthzChallengeHttpAnswered_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-HttpChallengeAnswered.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpAnswered_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } } } }
static void Main(string[] args) { var commandLineParseResult = Parser.Default.ParseArguments<Options>(args); var parsed = commandLineParseResult as Parsed<Options>; if (parsed == null) { #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; // not parsed } Options = parsed.Value; Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)"); BaseURI = Options.BaseURI; if (Options.Test) BaseURI = "https://acme-staging.api.letsencrypt.org/"; //Console.Write("\nUse production Let's Encrypt server? (Y/N) "); //if (PromptYesNo()) // BaseURI = ProductionBaseURI; Console.WriteLine($"\nACME Server: {BaseURI}"); settings = new Settings(clientName, BaseURI); configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI)); Console.WriteLine("Config Folder: " + configPath); Directory.CreateDirectory(configPath); try { using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(configPath, "Signer"); if (File.Exists(signerPath)) { Console.WriteLine($"Loading Signer from {signerPath}"); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); } using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer)) { client.Init(); Console.WriteLine("\nGetting AcmeServerDirectory"); client.GetDirectory(true); var registrationPath = Path.Combine(configPath, "Registration"); if (File.Exists(registrationPath)) { Console.WriteLine($"Loading Registration from {registrationPath}"); using (var registrationStream = File.OpenRead(registrationPath)) client.Registration = AcmeRegistration.Load(registrationStream); } else { Console.WriteLine("Calling Register"); var registration = client.Register(new string[] { }); if (!Options.AcceptTOS && !Options.Renew) { Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) "); if (!PromptYesNo()) return; } Console.WriteLine("Updating Registration"); client.UpdateRegistration(true, true); Console.WriteLine("Saving Registration"); using (var registrationStream = File.OpenWrite(registrationPath)) client.Registration.Save(registrationStream); Console.WriteLine("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); } if (Options.Renew) { CheckRenewals(); #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; } var targets = new List<Target>(); foreach (var plugin in Target.Plugins.Values) { targets.AddRange(plugin.GetTargets()); } if (targets.Count == 0) { Console.WriteLine("No targets found."); } else { var count = 1; foreach (var binding in targets) { Console.WriteLine($" {count}: {binding}"); count++; } } Console.WriteLine(); foreach (var plugin in Target.Plugins.Values) { plugin.PrintMenu(); } Console.WriteLine(" A: Get certificates for all hosts"); Console.WriteLine(" Q: Quit"); Console.Write("Which host do you want to get a certificate for: "); var response = Console.ReadLine().ToLowerInvariant(); switch (response) { case "a": foreach (var target in targets) { Auto(target); } break; case "q": return; default: var targetId = 0; if (Int32.TryParse(response, out targetId)) { targetId--; if (targetId >= 0 && targetId < targets.Count) { var binding = targets[targetId]; Auto(binding); } } else { foreach (var plugin in Target.Plugins.Values) { plugin.HandleMenuResponse(response, targets); } } break; } } } } catch (Exception e) { Console.ForegroundColor = ConsoleColor.Red; var acmeWebException = e as AcmeClient.AcmeWebException; if (acmeWebException != null) { Console.WriteLine(acmeWebException.Message); Console.WriteLine("ACME Server Returned:"); Console.WriteLine(acmeWebException.Response.ContentAsString); } else { Console.WriteLine(e); } Console.ResetColor(); } #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif }
public void Test0060_RegisterUpdateContacts() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0060_RegisterUpdateContacts))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); client.UpdateRegistration(true, contacts: new string[] { TEST_EM2, }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); _testRegisterUpdate_AcmeRegFile = $"{_baseLocalStore}\\TestRegisterUpdate.acmeReg"; using (var fs = new FileStream(_testRegisterUpdate_AcmeRegFile, FileMode.Create)) { client.Registration.Save(fs); } } } }
public void TestNewRegRequest() { var requ = WebRequest.Create(_rootUrl); var resp = requ.GetResponse(); Assert.IsNotNull(resp); var nonceKey = resp.Headers.AllKeys.FirstOrDefault( x => x.Equals("Replay-nonce", StringComparison.OrdinalIgnoreCase)); Assert.IsFalse(string.IsNullOrEmpty(nonceKey)); var nonceValue = resp.Headers[nonceKey]; var newReg = new { resource = "new-reg", contact = new string[] { "mailto:[email protected]", "tel:+12025551212" }, }; var newRegSer = JsonConvert.SerializeObject(newReg); var algSigner = new RS256Signer(); algSigner.Init(); var unprotectedHeader = new { alg = "RS256", jwk = algSigner.ExportJwk() }; var protectedHeader = new { nonce = nonceValue, }; var acmeJson = JwsHelper.SignFlatJson(algSigner.Sign, newRegSer, protectedHeader, unprotectedHeader); var acmeJsonBytes = Encoding.ASCII.GetBytes(acmeJson); requ = WebRequest.Create(new Uri(_rootUrl, "/acme/new-reg")); requ.Method = "POST"; requ.ContentType = "application/json"; requ.ContentLength = acmeJsonBytes.Length; using (var s = requ.GetRequestStream()) { s.Write(acmeJsonBytes, 0, acmeJsonBytes.Length); } resp = requ.GetResponse(); }
public void Test0040_RegisterEmptyUpdate() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); // Do a simple update with no data changes requested client.UpdateRegistration(true); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegisterUpdate.acmeReg", FileMode.Create)) { client.Registration.Save(fs); } } } }
public void Test0030_Register() { using (var signer = new RS256Signer()) { signer.Init(); using (var client = new AcmeClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Init(); client.GetDirectory(true); client.Register(new string[] { "mailto:[email protected]", "tel:+14109361212", }); Assert.IsNotNull(client.Registration); Assert.IsFalse(string.IsNullOrWhiteSpace(client.Registration.RegistrationUri)); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Create)) { client.Registration.Save(fs); } } using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Create)) { signer.Save(fs); } } }
static void Main(string[] args) { var commandLineParseResult = Parser.Default.ParseArguments<Options>(args); var parsed = commandLineParseResult as Parsed<Options>; if (parsed == null) { #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; // not parsed } options = parsed.Value; Console.WriteLine("Let's Encrypt (Simple Windows ACME Client)"); BaseURI = options.BaseURI; if (options.Test) BaseURI = "https://acme-staging.api.letsencrypt.org/"; //Console.Write("\nUse production Let's Encrypt server? (Y/N) "); //if (PromptYesNo()) // BaseURI = ProductionBaseURI; Console.WriteLine($"\nACME Server: {BaseURI}"); settings = new Settings(clientName, BaseURI); configPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), clientName, CleanFileName(BaseURI)); Console.WriteLine("Config Folder: " + configPath); Directory.CreateDirectory(configPath); using (var signer = new RS256Signer()) { signer.Init(); var signerPath = Path.Combine(configPath, "Signer"); if (File.Exists(signerPath)) { Console.WriteLine($"Loading Signer from {signerPath}"); using (var signerStream = File.OpenRead(signerPath)) signer.Load(signerStream); } using (client = new AcmeClient(new Uri(BaseURI), new AcmeServerDirectory(), signer)) { client.Init(); Console.WriteLine("\nGetting AcmeServerDirectory"); client.GetDirectory(true); var registrationPath = Path.Combine(configPath, "Registration"); if (File.Exists(registrationPath)) { Console.WriteLine($"Loading Registration from {registrationPath}"); using (var registrationStream = File.OpenRead(registrationPath)) client.Registration = AcmeRegistration.Load(registrationStream); } else { Console.WriteLine("Calling Register"); var registration = client.Register(new string[] { }); if (!options.AcceptTOS && !options.Renew) { Console.WriteLine($"Do you agree to {registration.TosLinkUri}? (Y/N) "); if (!PromptYesNo()) return; } Console.WriteLine("Updating Registration"); client.UpdateRegistration(true, true); Console.WriteLine("Saving Registration"); using (var registrationStream = File.OpenWrite(registrationPath)) client.Registration.Save(registrationStream); Console.WriteLine("Saving Signer"); using (var signerStream = File.OpenWrite(signerPath)) signer.Save(signerStream); } if (options.Renew) { CheckRenewals(); #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; } Console.WriteLine("\nScanning IIS 7 Site Bindings for Hosts (Elevated Permissions Required)"); if (!IsElevated) { Console.WriteLine("Elevated Permissions Required. Please run under an administrator console."); #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif return; } var bindings = GetHostNames(); if (bindings.Count == 0) { Console.WriteLine("No IIS bindings with host names were found. Please add one using IIS Manager. A host name and site path are required to verify domain ownership."); return; } Console.WriteLine("IIS Bindings"); var count = 1; foreach (var binding in bindings) { Console.WriteLine($" {count}: {binding}"); count++; } Console.WriteLine(); Console.WriteLine(" A: Get Certificates for All Bindings"); Console.WriteLine(" Q: Quit"); Console.Write("Which binding do you want to get a cert for: "); var response = Console.ReadLine(); switch (response.ToLowerInvariant()) { case "a": foreach (var binding in bindings) { Auto(binding); } break; case "q": return; default: var bindingId = 0; if (Int32.TryParse(response, out bindingId)) { bindingId--; if (bindingId >= 0 && bindingId < bindings.Count) { var binding = bindings[bindingId]; Auto(binding); } } break; } } } #if DEBUG Console.WriteLine("Press enter to continue."); Console.ReadLine(); #endif }
public void Test0141_HandleHttpChallenge() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream(_testRegister_AcmeSignerFile, FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream(_testRegister_AcmeRegFile, FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient(testTagHeader: nameof(Test0141_HandleHttpChallenge))) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); AuthorizationState authzState; using (var fs = new FileStream(_testAuthz_AcmeAuthzFile, FileMode.Open)) { authzState = AuthorizationState.Load(fs); } var authzChallenge = client.GenerateAuthorizeChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP); _testAuthzChallengeHttpHandled_AcmeAuthzFile = $"{_baseLocalStore}\\TestAuthz-ChallengeAnswersHandleHttp.acmeAuthz"; using (var fs = new FileStream(_testAuthzChallengeHttpHandled_AcmeAuthzFile, FileMode.Create)) { authzState.Save(fs); } var wsFilePath = authzChallenge.ChallengeAnswer.Key; var wsFileBody = authzChallenge.ChallengeAnswer.Value; var wsInfo = WebServerInfo.Load(File.ReadAllText("webServerInfo.json")); using (var s = new MemoryStream(Encoding.UTF8.GetBytes(wsFileBody))) { var fileUrl = new Uri($"http://{authzState.Identifier}/{wsFilePath}"); wsInfo.Provider.UploadFile(fileUrl, s); } } } Thread.Sleep(90 * 1000); }
public void Test0080_AuthorizeDnsBlacklisted() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.AuthorizeIdentifier("acme-win-test.example.com"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.IsNotNull(ex.Response.ProblemDetail); Assert.AreEqual(HttpStatusCode.Forbidden, ex.Response.StatusCode); Assert.AreEqual("urn:acme:error:unauthorized", ex.Response.ProblemDetail.Type); StringAssert.Contains(ex.Response.ProblemDetail.Detail, "blacklist"); } } } }
public void Test0160_RequestCertificateInvalidCsr() { using (var signer = new RS256Signer()) { signer.Init(); using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeSigner", FileMode.Open)) { signer.Load(fs); } AcmeRegistration reg; using (var fs = new FileStream($"{BASE_LOCAL_STORE}TestRegister.acmeReg", FileMode.Open)) { reg = AcmeRegistration.Load(fs); } using (var client = BuildClient()) { client.RootUrl = _rootUrl; client.Signer = signer; client.Registration = reg; client.Init(); client.GetDirectory(true); try { client.RequestCertificate("FOOBARNON"); Assert.Fail("WebException expected"); } catch (AcmeClient.AcmeWebException ex) { Assert.IsNotNull(ex.WebException); Assert.IsNotNull(ex.Response); Assert.AreEqual(HttpStatusCode.BadRequest, ex.Response.StatusCode); } } } }