MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-31 04:00:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

intermediate corrections for backup purposes.

Browse Source
This commit is contained in:
Maksym Sadovnychyy 2019-06-30 15:21:10 +02:00
parent 3e08f9093c
commit 9047a482ba
4 changed files with 220 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LetsEncrypt/ACMEv2/CachedCertificateResult.cs
View File

@ -4,7 +4,7 @@ namespace ACMEv2
{
public class CachedCertificateResult
{
public RSA PrivateKey;
public RSACryptoServiceProvider PrivateKey;
public string Certificate;
}

4
LetsEncrypt/ACMEv2/LetsEncryptClient.cs
View File

@ -510,7 +510,7 @@ namespace ACMEv2
return false;
}
var cert = new X509Certificate2(cache.Cert);
var cert = new X509Certificate2(Encoding.ASCII.GetBytes(cache.Cert));
// if it is about to expire, we need to refresh
if ((cert.NotAfter - DateTime.UtcNow).TotalDays < 14)
@ -519,6 +519,7 @@ namespace ACMEv2
var rsa = new RSACryptoServiceProvider(4096);
rsa.ImportCspBlob(cache.Private);
value = new CachedCertificateResult
{
Certificate = cache.Cert,
@ -527,6 +528,7 @@ namespace ACMEv2
return true;
}
/// <summary>
///
/// </summary>

170
LetsEncrypt/Library.cs
View File

@ -1,4 +1,6 @@
using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
@ -12,15 +14,171 @@ namespace LetsEncrypt
/// </summary>
/// <param name="cert">The certificate to export</param>
/// <returns>A PEM encoded string</returns>
public static string ExportToPEM(X509Certificate cert)
//public static string ExportToPEM(X509Certificate2 cert)
//{
// StringBuilder builder = new StringBuilder();
// builder.AppendLine("-----BEGIN CERTIFICATE-----");
// builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
// builder.AppendLine("-----END CERTIFICATE-----");
// return builder.ToString();
//}
public static void ExportPublicKey(RSACryptoServiceProvider csp, TextWriter outputStream)
{
StringBuilder builder = new StringBuilder();
var parameters = csp.ExportParameters(false);
using (var stream = new MemoryStream())
{
var writer = new BinaryWriter(stream);
writer.Write((byte)0x30); // SEQUENCE
using (var innerStream = new MemoryStream())
{
var innerWriter = new BinaryWriter(innerStream);
innerWriter.Write((byte)0x30); // SEQUENCE
EncodeLength(innerWriter, 13);
innerWriter.Write((byte)0x06); // OBJECT IDENTIFIER
var rsaEncryptionOid = new byte[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
EncodeLength(innerWriter, rsaEncryptionOid.Length);
innerWriter.Write(rsaEncryptionOid);
innerWriter.Write((byte)0x05); // NULL
EncodeLength(innerWriter, 0);
innerWriter.Write((byte)0x03); // BIT STRING
using (var bitStringStream = new MemoryStream())
{
var bitStringWriter = new BinaryWriter(bitStringStream);
bitStringWriter.Write((byte)0x00); // # of unused bits
bitStringWriter.Write((byte)0x30); // SEQUENCE
using (var paramsStream = new MemoryStream())
{
var paramsWriter = new BinaryWriter(paramsStream);
EncodeIntegerBigEndian(paramsWriter, parameters.Modulus); // Modulus
EncodeIntegerBigEndian(paramsWriter, parameters.Exponent); // Exponent
var paramsLength = (int)paramsStream.Length;
EncodeLength(bitStringWriter, paramsLength);
bitStringWriter.Write(paramsStream.GetBuffer(), 0, paramsLength);
}
var bitStringLength = (int)bitStringStream.Length;
EncodeLength(innerWriter, bitStringLength);
innerWriter.Write(bitStringStream.GetBuffer(), 0, bitStringLength);
}
var length = (int)innerStream.Length;
EncodeLength(writer, length);
writer.Write(innerStream.GetBuffer(), 0, length);
}
builder.AppendLine("-----BEGIN CERTIFICATE-----");
builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
builder.AppendLine("-----END CERTIFICATE-----");
var base64 = Convert.ToBase64String(stream.GetBuffer(), 0, (int)stream.Length).ToCharArray();
outputStream.WriteLine("-----BEGIN PUBLIC KEY-----");
for (var i = 0; i < base64.Length; i += 64)
{
outputStream.WriteLine(base64, i, Math.Min(64, base64.Length - i));
}
outputStream.WriteLine("-----END PUBLIC KEY-----");
}
}
return builder.ToString();
public static void ExportPrivateKey(RSACryptoServiceProvider csp, TextWriter outputStream)
{
if (csp.PublicOnly) throw new ArgumentException("CSP does not contain a private key", "csp");
var parameters = csp.ExportParameters(true);
using (var stream = new MemoryStream())
{
var writer = new BinaryWriter(stream);
writer.Write((byte)0x30); // SEQUENCE
using (var innerStream = new MemoryStream())
{
var innerWriter = new BinaryWriter(innerStream);
EncodeIntegerBigEndian(innerWriter, new byte[] { 0x00 }); // Version
EncodeIntegerBigEndian(innerWriter, parameters.Modulus);
EncodeIntegerBigEndian(innerWriter, parameters.Exponent);
EncodeIntegerBigEndian(innerWriter, parameters.D);
EncodeIntegerBigEndian(innerWriter, parameters.P);
EncodeIntegerBigEndian(innerWriter, parameters.Q);
EncodeIntegerBigEndian(innerWriter, parameters.DP);
EncodeIntegerBigEndian(innerWriter, parameters.DQ);
EncodeIntegerBigEndian(innerWriter, parameters.InverseQ);
var length = (int)innerStream.Length;
EncodeLength(writer, length);
writer.Write(innerStream.GetBuffer(), 0, length);
}
var base64 = Convert.ToBase64String(stream.GetBuffer(), 0, (int)stream.Length).ToCharArray();
outputStream.WriteLine("-----BEGIN RSA PRIVATE KEY-----");
// Output as Base64 with lines chopped at 64 characters
for (var i = 0; i < base64.Length; i += 64)
{
outputStream.WriteLine(base64, i, Math.Min(64, base64.Length - i));
}
outputStream.WriteLine("-----END RSA PRIVATE KEY-----");
}
}
private static void EncodeLength(BinaryWriter stream, int length)
{
if (length < 0) throw new ArgumentOutOfRangeException("length", "Length must be non-negative");
if (length < 0x80)
{
// Short form
stream.Write((byte)length);
}
else
{
// Long form
var temp = length;
var bytesRequired = 0;
while (temp > 0)
{
temp >>= 8;
bytesRequired++;
}
stream.Write((byte)(bytesRequired | 0x80));
for (var i = bytesRequired - 1; i >= 0; i--)
{
stream.Write((byte)(length >> (8 * i) & 0xff));
}
}
}
private static void EncodeIntegerBigEndian(BinaryWriter stream, byte[] value, bool forceUnsigned = true)
{
stream.Write((byte)0x02); // INTEGER
var prefixZeros = 0;
for (var i = 0; i < value.Length; i++)
{
if (value[i] != 0) break;
prefixZeros++;
}
if (value.Length - prefixZeros == 0)
{
EncodeLength(stream, 1);
stream.Write((byte)0);
}
else
{
if (forceUnsigned && value[prefixZeros] > 0x7f)
{
// Add a prefix zero to force unsigned if the MSB is 1
EncodeLength(stream, value.Length - prefixZeros + 1);
stream.Write((byte)0);
}
else
{
EncodeLength(stream, value.Length - prefixZeros);
}
for (var i = prefixZeros; i < value.Length; i++)
{
stream.Write(value[i]);
}
}
}
}
}

79
LetsEncrypt/Program.cs
View File

@ -47,47 +47,72 @@ namespace LetsEncrypt
try
{
LetsEncryptClient client = new LetsEncryptClient(LetsEncryptClient.StagingV2, AppDomain.CurrentDomain.BaseDirectory);
LetsEncryptClient client = new LetsEncryptClient(LetsEncryptClient.ProductionV2, AppDomain.CurrentDomain.BaseDirectory);
Console.WriteLine("1. Client Initialization...");
// 1
client.Init(contacts.ToArray()).Wait();
Console.WriteLine(string.Format("Terms of service: {0}",client.GetTermsOfServiceUri()));
client.NewNonce().Wait();
// 2
try
// get cached certificate and chech if it's valid
CachedCertificateResult certRes = new CachedCertificateResult();
if (client.TryGetCachedCertificate(hosts, out certRes))
{
Console.WriteLine("2. Client New Order...");
Task<Dictionary<string, string>> orders = client.NewOrder(hosts.ToArray(), "http-01");
orders.Wait();
File.WriteAllText(Path.Combine(certsPath, "maks-it.com.crt"), certRes.Certificate);
foreach (var result in orders.Result)
using (StreamWriter writer = File.CreateText(Path.Combine(certsPath, "maks-it.com.key")))
Library.ExportPrivateKey(certRes.PrivateKey, writer);
}
else {
client.NewNonce().Wait();
// 2
try
{
Console.WriteLine("Key: " + result.Key + Environment.NewLine + "Value: " + result.Value);
string[] splitToken = result.Value.Split('~');
File.WriteAllText(FS.Path.Combine(tokensPath, splitToken[0]), splitToken[1]);
Console.WriteLine("2. Client New Order...");
Task<Dictionary<string, string>> orders = client.NewOrder(hosts.ToArray(), "http-01");
orders.Wait();
foreach (var result in orders.Result)
{
Console.WriteLine("Key: " + result.Key + Environment.NewLine + "Value: " + result.Value);
string[] splitToken = result.Value.Split('~');
File.WriteAllText(FS.Path.Combine(tokensPath, splitToken[0]), splitToken[1]);
}
// 3
Console.WriteLine("3. Client Complete Challange...");
client.CompleteChallenges().Wait();
Console.WriteLine("Challanges comleted.");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message.ToString());
client.GetOrder(hosts.ToArray()).Wait();
}
// 3
Console.WriteLine("3. Client Complete Challange...");
client.CompleteChallenges().Wait();
Console.WriteLine("Challanges comleted.");
}
catch (Exception ex) {
Console.WriteLine(ex.Message.ToString());
client.GetOrder(hosts.ToArray()).Wait();
}
// 4 Download certificate
Console.WriteLine("4. Download certificate...");
Task<(X509Certificate2 Cert, RSA PrivateKey)> certificate = client.GetCertificate();
certificate.Wait();
// 4 Download certificate
Console.WriteLine("4. Download certificate...");
client.GetCertificate().Wait();
File.WriteAllText(Path.Combine(certsPath, "maks-it.com.crt"), Library.ExportToPEM(certificate.Result.Cert));
Console.WriteLine("Certificate saved.");
// 5 Write to filesystem
//CachedCertificateResult certRes = new CachedCertificateResult();
//if (client.TryGetCachedCertificate(hosts, out certRes)) {
// File.WriteAllText(Path.Combine(certsPath, "maks-it.com.crt"), certRes.Certificate);
// using (StreamWriter writer = File.CreateText(Path.Combine(certsPath, "maks-it.com.key")))
// Library.ExportPrivateKey(certRes.PrivateKey, writer);
//}
Console.WriteLine("Certificate saved.");
}
}
catch (Exception ex) {
Console.WriteLine(ex.Message.ToString());