public Challenge Decode(IdentifierPart ip, ChallengePart cp, ISigner signer)
{
if (cp.Type != AcmeProtocol.CHALLENGE_TYPE_SNI)
{
throw new InvalidDataException("unsupported Challenge type")
.With("challengeType", cp.Type)
.With("supportedChallengeTypes", AcmeProtocol.CHALLENGE_TYPE_SNI);
}
var token = cp.Token;
// This response calculation is described in:
// https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3
var keyAuthz = JwsHelper.ComputeKeyAuthorization(signer, token);
var keyAuthzDig = JwsHelper.ComputeKeyAuthorizationDigest(signer, token);
LOG.Debug("Computed key authorization {0} and digest {1}", keyAuthz, keyAuthzDig);
var ca = new TlsSniChallengeAnswer
{
KeyAuthorization = keyAuthz,
};
var c = new TlsSniChallenge(cp.Type, ca)
{
Token = token,
IterationCount = 1 // see: https://github.com/ietf-wg-acme/acme/pull/22 for reason n=1
};
return(c);
}
public Action <AuthorizationState> PrepareChallenge(Target target, AuthorizeChallenge challenge, string identifier, Options options, InputService input)
{
TlsSniChallenge tlsChallenge = challenge.Challenge as TlsSniChallenge;
TlsSniChallengeAnswer answer = tlsChallenge.Answer as TlsSniChallengeAnswer;
IEnumerable <ValidationCertificate> validationCertificates = GenerateCertificates(answer.KeyAuthorization, tlsChallenge.IterationCount);
foreach (var validationCertificate in validationCertificates)
{
InstallCertificate(target, validationCertificate.Certificate, validationCertificate.HostName);
}
return((AuthorizationState authzState) => {
foreach (var cert in validationCertificates)
{
RemoveCertificate(target, cert.Certificate, cert.HostName);
}
});
}
