├── .gitattributes
├── .gitignore
├── LICENSE
├── Other
├── Logo-LockOnly.png
└── Logo-LockOnly.svg
├── README.md
├── Source
├── LetsEncrypt.Client
│ ├── BusinessLogic
│ │ ├── AcmeClient.Account.cs
│ │ ├── AcmeClient.Certificate.cs
│ │ ├── AcmeClient.Challenge.cs
│ │ ├── AcmeClient.Order.cs
│ │ ├── AcmeClient.cs
│ │ └── _BaseAcmeClient.cs
│ ├── Constants.cs
│ ├── Cryptography
│ │ ├── CertificateBuilder.cs
│ │ ├── RsaKeyPair.cs
│ │ └── Sha256HashProvider.cs
│ ├── Entities
│ │ ├── Account.Custom.cs
│ │ ├── Account.cs
│ │ ├── AccountPersisted.cs
│ │ ├── Authorization.cs
│ │ ├── Certificate.cs
│ │ ├── CertificateChain.cs
│ │ ├── CertificateRevocation.cs
│ │ ├── Challenge.cs
│ │ ├── Directory.cs
│ │ ├── Empty.cs
│ │ ├── Enviroment.cs
│ │ ├── Identifier.cs
│ │ ├── Order.cs
│ │ └── _BaseEntity.cs
│ ├── Extensions
│ │ ├── Extensions.RSAParameters.cs
│ │ ├── Extensions.SecureString.cs
│ │ └── Extensions.String.cs
│ ├── IO
│ │ └── LocalStorage.cs
│ ├── Interfaces
│ │ └── ILogger.cs
│ ├── Json
│ │ └── JsonSettings.cs
│ ├── Jws
│ │ ├── JwsConvert.cs
│ │ ├── JwsSigner.cs
│ │ └── Objects
│ │ │ ├── JwsData.cs
│ │ │ └── RsaJsonWebKey.cs
│ ├── LetsEncrypt.Client.csproj
│ ├── LetsEncrypt.Client.snk
│ └── Loggers
│ │ ├── ConsoleLogger.cs
│ │ └── LocalFileLogger.cs
├── LetsEncrypt.ConsoleApp
│ ├── App.config
│ ├── Extensions
│ │ └── Extensions.IServiceCollection.cs
│ ├── LetsEncrypt.ConsoleApp.csproj
│ ├── Program.cs
│ └── Settings.cs
├── LetsEncrypt.Test
│ ├── FullProcessMT.cs
│ ├── LetsEncrypt.Test.csproj
│ ├── Startup.cs
│ └── _BaseUT.cs
├── LetsEncrypt.sln
└── RemoveBinAndObj.bat
└── azure-pipelines.yml
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Aa][Rr][Mm]/
27 | [Aa][Rr][Mm]64/
28 | bld/
29 | [Bb]in/
30 | [Oo]bj/
31 | [Ll]og/
32 | [Ll]ogs/
33 |
34 | # Visual Studio 2015/2017 cache/options directory
35 | .vs/
36 | # Uncomment if you have tasks that create the project's static files in wwwroot
37 | #wwwroot/
38 |
39 | # Visual Studio 2017 auto generated files
40 | Generated\ Files/
41 |
42 | # MSTest test Results
43 | [Tt]est[Rr]esult*/
44 | [Bb]uild[Ll]og.*
45 |
46 | # NUnit
47 | *.VisualState.xml
48 | TestResult.xml
49 | nunit-*.xml
50 |
51 | # Build Results of an ATL Project
52 | [Dd]ebugPS/
53 | [Rr]eleasePS/
54 | dlldata.c
55 |
56 | # Benchmark Results
57 | BenchmarkDotNet.Artifacts/
58 |
59 | # .NET Core
60 | project.lock.json
61 | project.fragment.lock.json
62 | artifacts/
63 |
64 | # StyleCop
65 | StyleCopReport.xml
66 |
67 | # Files built by Visual Studio
68 | *_i.c
69 | *_p.c
70 | *_h.h
71 | *.ilk
72 | *.meta
73 | *.obj
74 | *.iobj
75 | *.pch
76 | *.pdb
77 | *.ipdb
78 | *.pgc
79 | *.pgd
80 | *.rsp
81 | *.sbr
82 | *.tlb
83 | *.tli
84 | *.tlh
85 | *.tmp
86 | *.tmp_proj
87 | *_wpftmp.csproj
88 | *.log
89 | *.vspscc
90 | *.vssscc
91 | .builds
92 | *.pidb
93 | *.svclog
94 | *.scc
95 |
96 | # Chutzpah Test files
97 | _Chutzpah*
98 |
99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 |
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 |
116 | # Visual Studio Trace Files
117 | *.e2e
118 |
119 | # TFS 2012 Local Workspace
120 | $tf/
121 |
122 | # Guidance Automation Toolkit
123 | *.gpState
124 |
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 |
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 |
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 |
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 |
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 |
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 |
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 |
153 | # Web workbench (sass)
154 | .sass-cache/
155 |
156 | # Installshield output folder
157 | [Ee]xpress/
158 |
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 |
169 | # Click-Once directory
170 | publish/
171 |
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 |
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 |
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 |
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 |
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 |
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 |
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 |
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 |
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 |
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 |
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 |
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 |
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 |
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 |
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 |
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 |
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 |
278 | # Visual Studio 6 build log
279 | *.plg
280 |
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 |
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 |
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 |
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 |
299 | # FAKE - F# Make
300 | .fake/
301 |
302 | # CodeRush personal settings
303 | .cr/personal
304 |
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 |
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 |
313 | # Tabs Studio
314 | *.tss
315 |
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 |
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 |
325 | # OpenCover UI analysis results
326 | OpenCover/
327 |
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 |
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 |
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 |
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 |
340 | # Local History for Visual Studio
341 | .localhistory/
342 |
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 |
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 |
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/Other/Logo-LockOnly.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tondas/LetsEncrypt/79664a628c59f1497ada423c33b9a7f6f9a2811a/Other/Logo-LockOnly.png
--------------------------------------------------------------------------------
/Other/Logo-LockOnly.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
33 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Let's Encrypt C# library
2 |
3 | [](https://www.nuget.org/packages/LetsEncrypt.Client)
4 | [](https://www.nuget.org/packages/LetsEncrypt.Client)
5 |
6 | Solution consist of 2 projects:
7 | * **LetsEncrypt.Client** (.Net Standard Library - available as [nuget package](https://www.nuget.org/packages/LetsEncrypt.Client/1.0.0))
8 | * **LetsEncrypt.ConsoleApp** (.Net Core Console application)
9 |
10 | #### LetsEncrypt.Client
11 |
12 | LetsEncrypt.Client is simple and straightforward C# implementation of [ACME](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment) client for [Let's Encrypt](https://letsencrypt.org/) certificates. Library is based on **.NET Standard 2.1+**.
13 | It uses Let's Encrypt **v2 API** and this library is primary oriented for generation of **wildcard** certificates as .pfx.
14 |
15 | #### LetsEncrypt.ConsoleApp
16 |
17 | LetsEncrypt.ConsoleApp is C# implementation|usage of previous LetsEncrypt.Client library based on **.NET Core 3.1**. It is simple **console application** which generates Let's Encrypt certificates.
18 |
19 |
20 | ## LetsEncrypt.Client
21 |
22 | ### Usage
23 |
24 | Add [LetsEncrypt.Client](https://www.nuget.org/packages/LetsEncrypt.Client/1.0.0) as nuget package (or manual **.dll reference**) to your project.
25 |
26 | First step is to create client object to specific environment ([staging](https://letsencrypt.org/docs/staging-environment/) or production ... use staging environment first to avoid [rate limits](https://letsencrypt.org/docs/rate-limits/)):
27 |
28 | ```cs
29 | var acmeClient = new AcmeClient(ApiEnvironment.LetsEncryptV2Staging);
30 | ```
31 |
32 | ... and let's start:
33 |
34 | ### Account
35 |
36 | Create new account:
37 | ```cs
38 | var account = await acmeClient.CreateNewAccountAsync("your@email.com");
39 | ```
40 |
41 | ### Order
42 |
43 | When you want to generate wildcard certificate, I recommend to specify these 2 identifiers: `domain.com` and `*.domain.com` as follows:
44 | ```cs
45 | var order = await acmeClient.NewOrderAsync(account, new List { "domain.com", "*.domain.com" });
46 | ```
47 |
48 | ### Authorization
49 |
50 | Wildcard certificates must by authorized by **DNS challenge** only. So go one by one and create DNS TXT record.
51 | ```cs
52 | var challenges = await acmeClient.GetDnsChallenges(account, order);
53 |
54 | foreach (var challenge in challenges)
55 | {
56 | var dnsText = challenge.VerificationValue;
57 | // value can be e.g.: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM
58 |
59 | // Create DNS TXT record e.g.:
60 | // key: _acme-challenge.your.domain.com
61 | // value: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM
62 | }
63 | ```
64 |
65 | ##### Example no.1:
66 |
67 | You want to generate simple certificate for:
68 | * `domain.com`
69 |
70 | DNS TXT must contains 1 record:
71 | * key: **_acme-challenge.domain.com**, value : dnsText of challenge for `domain.com`
72 |
73 | ##### Example no.2:
74 |
75 | You want to generate simple certificate with these subject names:
76 | * `domain.com`
77 | * `blog.domain.com`
78 |
79 | DNS TXT must contains 2 records :
80 | * key: **_acme-challenge.domain.com**, value : dnsText of challenge for `domain.com`
81 | * key: **_acme-challenge.blog.domain.com**, value : dnsText of challenge for `blog.domain.com`
82 |
83 | ##### Example no.3:
84 |
85 | You want to generate wildcard certificate with these subject names:
86 | * `domain.com`
87 | * `*.domain.com`
88 |
89 | DNS TXT must contains 2 records:
90 | * key: **_acme-challenge.domain.com**, value : dnsText of challenge for `domain.com`
91 | * key: **_acme-challenge.domain.com**, value : dnsText of challenge for `*.domain.com`
92 |
93 | **Yes, `*.domain.com` has the same key as `domain.com` !!!**
94 |
95 | ### Validation
96 |
97 | All challenges must be validated:
98 |
99 | ```cs
100 | foreach (var challenge in challenges)
101 | {
102 | // Do a validation
103 | await acmeClient.ValidateChallengeAsync(account, challenge);
104 |
105 | // Verify status
106 | var freshChallenge = await acmeClient.GetChallengeAsync(account, challenge);
107 | if (freshChallenge.Status == ChallengeStatus.Invalid)
108 | {
109 | throw new Exception("Something is wrong with your DNS TXT record(s)!");
110 | }
111 | }
112 | ```
113 |
114 | ### Certificate
115 |
116 | Finally, generate certificate:
117 |
118 | ```cs
119 | var certificate = await acmeClient.GenerateCertificateAsync(account, order, "domain.com");
120 | var password = "YourSuperSecretPassword";
121 |
122 | // Generate certificate in pfx format
123 | var pfx = certificate.GeneratePfx(password);
124 |
125 | // Generate certificate in crt format
126 | var crt = certificate.GenerateCrt(password);
127 |
128 | // Generate certificate in PEM format
129 | var crtPem = certificate.GenerateCrtPem(password);
130 |
131 | // Generate certificate private key in PEM format
132 | var keyPem = certificate.GenerateKeyPem();
133 | ```
134 |
135 | **Enjoy! Any feedback is highly appreciated!**
136 |
137 | ---
138 |
139 | ## LetsEncrypt.ConsoleApp
140 |
141 | Add your correct values to **.config** file :
142 |
143 | ```xml
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 | ```
154 | and run console application **LetsEncrypt.ConsoleApp.exe**
155 |
156 | **Enjoy!**
157 |
158 |
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/AcmeClient.Account.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Entities;
2 | using System.Collections.Generic;
3 | using System.Threading.Tasks;
4 |
5 | namespace LetsEncrypt.Client
6 | {
7 | public partial class AcmeClient
8 | {
9 | // Public Methods
10 |
11 | public async Task CreateNewAccountAsync(string contactEmail)
12 | {
13 | var account = Account.Create(new List { $"{Constants.PREFIX_MAILTO}{contactEmail}" });
14 |
15 | var returnAccount = await NewAccountAsync(account);
16 | account.FillBy(returnAccount);
17 |
18 | return account;
19 | }
20 |
21 | // Private Methods
22 |
23 | //private async Task GetAccountAsync(Uri accountLocation)
24 | //{
25 | // var nonce = await GetNonceAsync();
26 |
27 | // var signedData = _jws.Sign(null, accountLocation, accountLocation, nonce);
28 | // var account = await PostAsync(accountLocation, signedData);
29 | // account.Location = accountLocation;
30 | // return account;
31 | //}
32 |
33 | private async Task DeactivateAccountAsync(Account account)
34 | {
35 | var nonce = await GetNonceAsync();
36 |
37 | var data = new Account { Status = AccountStatus.Deactivated };
38 | var signedData = account.Signer.Sign(data, account.Location, account.Location, nonce);
39 | return await PostAsync(account.Location, signedData);
40 | }
41 |
42 | private async Task UpdateAccountAsync(Account account)
43 | {
44 | var nonce = await GetNonceAsync();
45 |
46 | var signedData = account.Signer.Sign(account, account.Location, account.Location, nonce);
47 | return await PostAsync(account.Location, signedData);
48 | }
49 |
50 | private async Task NewAccountAsync(Account account)
51 | {
52 | var directory = await GetDirectoryAsync();
53 | var nonce = await GetNonceAsync();
54 |
55 | var signedData = account.Signer.Sign(account, url: directory.NewAccount, nonce: nonce);
56 | return await PostAsync(directory.NewAccount, signedData);
57 | }
58 | }
59 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/AcmeClient.Certificate.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Entities;
2 | using LetsEncrypt.Client.Jws;
3 | using System;
4 | using System.Linq;
5 | using System.Threading.Tasks;
6 |
7 | namespace LetsEncrypt.Client
8 | {
9 | public partial class AcmeClient
10 | {
11 | // Public Methods
12 |
13 | public async Task GenerateCertificateAsync(Account account, Order order, string certificateCommonName)
14 | {
15 | // Load fresh order
16 | order = await GetOrderAsync(account, order.Location);
17 |
18 | // Verify Status
19 | if (order.Status != OrderStatus.Ready &&
20 | order.Status != OrderStatus.Pending)
21 | {
22 | throw new Exception("Order status must be 'Ready' or 'Pending'!");
23 | }
24 |
25 | // Initialize builder
26 | var cert = new Certificate();
27 |
28 | // Generate certificate request
29 | byte[] request = cert.CreateSigningRequest(certificateCommonName, order.Identifiers.Select(i => i.Value).ToList());
30 |
31 | // Send certificate to CA
32 | order = await Finalize(account, order, request);
33 |
34 | if (order.Status != OrderStatus.Valid)
35 | {
36 | throw new Exception("Fail during finalization of your order!");
37 | }
38 |
39 | // Download signed certificate
40 | var certificateChainPem = await Download(account, order);
41 |
42 | cert.AddChain(certificateChainPem);
43 |
44 | return cert;
45 | }
46 |
47 | public async Task RevokeCertificateAsync(Certificate certificate, RevocationReason reason = RevocationReason.Unspecified)
48 | {
49 | var certificateRevocation = new CertificateRevocation
50 | {
51 | Certificate = JwsConvert.ToBase64String(certificate.GetOriginalCertificate()),
52 | Reason = reason
53 | };
54 |
55 | var directory = await GetDirectoryAsync();
56 | var nonce = await GetNonceAsync();
57 |
58 | var signedData = new JwsSigner(certificate.Key).Sign(certificateRevocation, url: directory.RevokeCert, nonce: nonce);
59 | var result = await PostAsync(directory.RevokeCert, signedData);
60 | }
61 |
62 | // Private Methods
63 |
64 | private async Task Finalize(Account account, Order order, byte[] cert)
65 | {
66 | var nonce = await GetNonceAsync();
67 |
68 | var orderCert = new OrderCertificate() { Csr = JwsConvert.ToBase64String(cert) };
69 | var signedData = account.Signer.Sign(orderCert, account.Location, order.Finalize, nonce);
70 | return await PostAsync(order.Finalize, signedData);
71 | }
72 |
73 | private async Task Download(Account account, Order order)
74 | {
75 | var nonce = await GetNonceAsync();
76 |
77 | var signedData = account.Signer.Sign(null, account.Location, order.Certificate, nonce);
78 | return await PostAsync(order.Certificate, signedData);
79 | }
80 | }
81 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/AcmeClient.Challenge.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Cryptography;
2 | using LetsEncrypt.Client.Entities;
3 | using LetsEncrypt.Client.Jws;
4 | using Newtonsoft.Json;
5 | using System;
6 | using System.Collections.Generic;
7 | using System.Linq;
8 | using System.Text;
9 | using System.Threading.Tasks;
10 |
11 | namespace LetsEncrypt.Client
12 | {
13 | public partial class AcmeClient
14 | {
15 | public async Task> GetDnsChallenges(Account account, Order order)
16 | {
17 | var result = new List();
18 | foreach (var authorizationLocation in order.Authorizations)
19 | {
20 | var authorization = await GetAuthorizationAsync(account, authorizationLocation);
21 | var chalanges = authorization.Challenges.Where(i => i.Type == ChallengeType.Dns01);
22 |
23 | foreach (var chalange in chalanges)
24 | {
25 | chalange.DnsKey = "_acme-challenge." + authorization.Identifier.Value.Replace("*.", string.Empty);
26 | chalange.VerificationKey = GetChalangeKey(account, chalange.Token);
27 | chalange.VerificationValue = GetChalangeDnsText(account, chalange.Token);
28 | }
29 |
30 | result.AddRange(chalanges);
31 | }
32 |
33 | return result;
34 | }
35 |
36 | public async Task GetChallengeAsync(Account account, Challenge challenge)
37 | {
38 | var nonce = await GetNonceAsync();
39 |
40 | var signedData = account.Signer.Sign(null, account.Location, challenge.Url, nonce);
41 | return await PostAsync(challenge.Url, signedData);
42 | }
43 |
44 | public async Task ValidateChallengeAsync(Account account, Challenge challenge)
45 | {
46 | var nonce = await GetNonceAsync();
47 |
48 | var signedData = account.Signer.Sign(new { }, account.Location, challenge.Url, nonce);
49 | challenge = await PostAsync(challenge.Url, signedData);
50 | }
51 |
52 | // Private Methods
53 |
54 | private async Task GetAuthorizationAsync(Account account, Uri authorizationId)
55 | {
56 | var nonce = await GetNonceAsync();
57 |
58 | var signedData = account.Signer.Sign(null, account.Location, authorizationId, nonce);
59 | return await PostAsync(authorizationId, signedData);
60 | }
61 |
62 | //
63 |
64 | //private async Task DeactivateChallengeAsync(Uri location)
65 | //{
66 | // var auth = new Authorization { Status = AuthorizationStatus.Deactivated };
67 | // var signedData = _jws.Sign(auth, location, location, Nonce);
68 | // return await PostAsync(location, signedData);
69 | //}
70 |
71 | private string GetChalangeKey(Account account, string token)
72 | {
73 | var jwkJson = JsonConvert.SerializeObject(account.Key.Jwk, Formatting.None, _jsonSettings);
74 | var jwkBytes = Encoding.UTF8.GetBytes(jwkJson);
75 | var jwkThumbprint = Sha256HashProvider.ComputeHash(jwkBytes);
76 | var jwkThumbprintEncoded = JwsConvert.ToBase64String(jwkThumbprint);
77 | return $"{token}.{jwkThumbprintEncoded}";
78 | }
79 |
80 | private string GetChalangeDnsText(Account account, string token)
81 | {
82 | var key = GetChalangeKey(account, token);
83 | var hashed = Sha256HashProvider.ComputeHash(Encoding.UTF8.GetBytes(key));
84 | return JwsConvert.ToBase64String(hashed);
85 | }
86 | }
87 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/AcmeClient.Order.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Entities;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Threading.Tasks;
6 |
7 | namespace LetsEncrypt.Client
8 | {
9 | public partial class AcmeClient
10 | {
11 | // Public Methods
12 |
13 | public async Task GetOrderAsync(Account account, Uri orderLocation)
14 | {
15 | var nonce = await GetNonceAsync();
16 |
17 | var signedData = account.Signer.Sign(null, account.Location, orderLocation, nonce);
18 | return await PostAsync(orderLocation, signedData);
19 | }
20 |
21 | public async Task NewOrderAsync(Account account, List identifiers)
22 | {
23 | var data = new Order
24 | {
25 | Identifiers = identifiers
26 | .Select(id => new Identifier { Type = IdentifierType.Dns, Value = id })
27 | .ToArray()
28 | };
29 |
30 | var directory = await GetDirectoryAsync();
31 | var nonce = await GetNonceAsync();
32 |
33 | var signedData = account.Signer.Sign(data, account.Location, directory.NewOrder, nonce);
34 | return await PostAsync(directory.NewOrder, signedData);
35 | }
36 |
37 | //public async Task DeactivateOrderAsync()
38 | //{
39 | // var signedData = _jws.Sign(new Authorization { Status = AuthorizationStatus.Deactivated }, location);
40 | // return await PostAsync(location, signedData);
41 | //}
42 | }
43 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/AcmeClient.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Json;
2 | using Newtonsoft.Json;
3 | using System;
4 |
5 | namespace LetsEncrypt.Client
6 | {
7 | public partial class AcmeClient : BaseAcmeClient
8 | {
9 | private readonly JsonSerializerSettings _jsonSettings = JsonSettings.CreateSettings();
10 |
11 | // Ctor
12 |
13 | public AcmeClient(Uri directoryUri)
14 | : base(directoryUri)
15 | {
16 | }
17 | }
18 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/BusinessLogic/_BaseAcmeClient.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Entities;
2 | using LetsEncrypt.Client.Json;
3 | using Newtonsoft.Json;
4 | using System;
5 | using System.Linq;
6 | using System.Net.Http;
7 | using System.Text;
8 | using System.Threading.Tasks;
9 |
10 | namespace LetsEncrypt.Client
11 | {
12 | public class BaseAcmeClient
13 | {
14 | #region Consts + Fields + Properties
15 |
16 | private const string RESPONCE_HEADER_KEY_NONCE = "Replay-Nonce";
17 | private const string MIME_TYPE_JOSE_JSON = "application/jose+json";
18 |
19 | private readonly static JsonSerializerSettings jsonSettings = JsonSettings.CreateSettings();
20 | private readonly static Lazy _httpClient = new Lazy(() => new HttpClient());
21 |
22 | private readonly Uri _directoryUri;
23 |
24 | private HttpClient Http { get => _httpClient.Value; }
25 |
26 | private Directory Directory { get; set; }
27 | private string Nonce { get; set; }
28 |
29 | #endregion Consts + Fields + Properties
30 |
31 | // Ctor
32 |
33 | public BaseAcmeClient(Uri directoryUri)
34 | {
35 | _directoryUri = directoryUri;
36 | }
37 |
38 | // Protected Methods
39 |
40 | protected async Task GetAsync(Uri uri) where T : BaseEntity, new()
41 | {
42 | using (var response = await Http.GetAsync(uri))
43 | {
44 | return await ProcessResponseAsync(response);
45 | }
46 | }
47 |
48 | protected async Task PostAsync(Uri uri, object data) where T : BaseEntity, new()
49 | {
50 | var dataJson = JsonConvert.SerializeObject(data, Formatting.None, jsonSettings);
51 | var content = new StringContent(dataJson, Encoding.UTF8, MIME_TYPE_JOSE_JSON);
52 |
53 | content.Headers.ContentType.CharSet = null;
54 | using (var response = await Http.PostAsync(uri, content))
55 | {
56 | return await ProcessResponseAsync(response);
57 | }
58 | }
59 |
60 | protected async Task GetDirectoryAsync()
61 | {
62 | if (Directory == null)
63 | {
64 | await InitAsync();
65 | }
66 | return Directory;
67 | }
68 |
69 | protected async Task GetNonceAsync()
70 | {
71 | if (string.IsNullOrEmpty(Nonce))
72 | {
73 | await InitAsync();
74 | }
75 | return Nonce;
76 | }
77 |
78 | // Private Methods
79 |
80 | private async Task InitAsync()
81 | {
82 | if (Directory == null)
83 | {
84 | Directory = await GetDirectoryInternalAsync();
85 | }
86 |
87 | if (Nonce == null)
88 | {
89 | Nonce = await GetNonceInternalAsync();
90 | }
91 | }
92 |
93 | private async Task GetDirectoryInternalAsync()
94 | {
95 | using (var response = await Http.GetAsync(_directoryUri))
96 | {
97 | return await ProcessResponseAsync(response);
98 | }
99 | }
100 |
101 | private async Task GetNonceInternalAsync()
102 | {
103 | var response = await Http.SendAsync(new HttpRequestMessage
104 | {
105 | RequestUri = Directory.NewNonce,
106 | Method = HttpMethod.Head,
107 | });
108 |
109 | if (!response.Headers.TryGetValues(RESPONCE_HEADER_KEY_NONCE, out var values))
110 | {
111 | throw new Exception("Retrieval of new nonce failed! Url: " + Directory.NewNonce);
112 | }
113 |
114 | return values.FirstOrDefault();
115 | }
116 |
117 | private async Task ProcessResponseAsync(HttpResponseMessage response) where T : BaseEntity, new()
118 | {
119 | var entity = new T();
120 | var error = default(AcmeError);
121 |
122 | if (response.Headers.Contains(RESPONCE_HEADER_KEY_NONCE))
123 | {
124 | Nonce = response.Headers.GetValues(RESPONCE_HEADER_KEY_NONCE).FirstOrDefault();
125 | }
126 |
127 | var content = await response.Content.ReadAsStringAsync();
128 |
129 | if (IsJsonMediaType(response.Content?.Headers.ContentType?.MediaType))
130 | {
131 | if (response.IsSuccessStatusCode)
132 | {
133 | entity = JsonConvert.DeserializeObject(content);
134 | }
135 | else
136 | {
137 | error = JsonConvert.DeserializeObject(content);
138 | }
139 | }
140 | else
141 | {
142 | entity.UnknownContent = content;
143 | }
144 |
145 | if (entity == null)
146 | {
147 | entity = new T();
148 | }
149 |
150 | entity.Location = response.Headers.Location;
151 | entity.Error = error;
152 |
153 | if (entity.Error != null)
154 | {
155 | throw new Exception("Error: " + entity.Error.Detail);
156 | }
157 |
158 | return entity;
159 | }
160 |
161 | private static bool IsJsonMediaType(string mediaType)
162 | {
163 | if (mediaType != null && mediaType.StartsWith("application/"))
164 | {
165 | return mediaType
166 | .Substring("application/".Length)
167 | .Split('+')
168 | .Any(t => t == "json");
169 | }
170 |
171 | return false;
172 | }
173 | }
174 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Constants.cs:
--------------------------------------------------------------------------------
1 | namespace LetsEncrypt.Client
2 | {
3 | public static class Constants
4 | {
5 | public const string DATE_FORMAT_SHORT = "yyyy-MM-dd";
6 | public const string DATE_FORMAT_LONG = "yyyy-MM-dd HH:mm:ss";
7 |
8 | public const string PREFIX_MAILTO = "mailto:";
9 | }
10 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Cryptography/CertificateBuilder.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Entities;
2 | using System.Collections.Generic;
3 | using System.Security.Cryptography;
4 | using System.Security.Cryptography.X509Certificates;
5 |
6 | namespace LetsEncrypt.Client.Cryptography
7 | {
8 | public static class CertificateBuilder
9 | {
10 | // Public Methods
11 |
12 | public static byte[] CreateSigningRequest(RSA rsa, string cn, List subjectAlternativeNames)
13 | {
14 | CertificateRequest req = new CertificateRequest($"CN={cn}",
15 | rsa,
16 | HashAlgorithmName.SHA256,
17 | RSASignaturePadding.Pkcs1);
18 |
19 | req.CertificateExtensions.Add(
20 | new X509BasicConstraintsExtension(true, false, 0, true));
21 | req.CertificateExtensions.Add(
22 | new X509SubjectKeyIdentifierExtension(req.PublicKey, false));
23 |
24 | var sanb = new SubjectAlternativeNameBuilder();
25 | foreach (var subjectAlternativeName in subjectAlternativeNames)
26 | {
27 | sanb.AddDnsName(subjectAlternativeName);
28 | }
29 | req.CertificateExtensions.Add(sanb.Build());
30 |
31 | return req.CreateSigningRequest();
32 | }
33 |
34 | public static byte[] Generate(RSA rsa, CertificateChain certificateChain, string password, X509ContentType certificateType)
35 | {
36 | /*
37 | var certificate = new X509Certificate2(certificateChain.CertificateBytes);
38 | var issuer = new X509Certificate2(certificateChain.IssuerBytes);
39 |
40 | certificate = certificate.CopyWithPrivateKey(rsa);
41 |
42 | var collection = new X509Certificate2Collection();
43 | collection.Add(issuer);
44 | collection.Add(certificate);
45 | */
46 |
47 | //
48 | var collection = new X509Certificate2Collection();
49 |
50 | // Reverse
51 | for (int i = certificateChain.Certificates.Count - 1; i >= 0; i--)
52 | {
53 | var tempCert = certificateChain.Certificates[i];
54 | var cert = new X509Certificate2(tempCert.Bytes);
55 | if (i == 0)
56 | {
57 | cert = cert.CopyWithPrivateKey(rsa);
58 | }
59 |
60 | collection.Add(cert);
61 | }
62 |
63 | return collection.Export(certificateType, password);
64 | }
65 | }
66 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Cryptography/RsaKeyPair.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Extensions;
2 | using LetsEncrypt.Client.Jws;
3 | using System;
4 | using System.Security.Cryptography;
5 | using System.Text;
6 |
7 | namespace LetsEncrypt.Client.Cryptography
8 | {
9 | public class RsaKeyPair
10 | {
11 | #region Consts + Fields + Properties
12 |
13 | private const string RSA_PEM_STRING_PRIVATE = "RSA PRIVATE KEY";
14 | private const string RSA_PEM_STRING_PUBLIC = "RSA PUBLIC KEY";
15 | public const int KEY_SIZE = 2048;
16 | public const string KEY_TYPE = "RSA";
17 | public const string THUMBPRINT_ALGORITHM_NAME = "SHA256";
18 | public readonly string ALGORITHM_NAME = "RS256";
19 |
20 | public RSAParameters Private { get; set; }
21 | public RSAParameters Public { get; set; }
22 | public RsaJsonWebKey Jwk => ComposeJwk();
23 |
24 | #endregion Consts + Fields + Properties
25 |
26 | // Ctor
27 |
28 | public RsaKeyPair(RSAParameters privateKey, RSAParameters publicKey)
29 | {
30 | Private = privateKey;
31 | Public = publicKey;
32 | }
33 |
34 | public RsaKeyPair(string privateKeyPem)
35 | {
36 | var privateKeyBytes = GetBytesFromPem(privateKeyPem, RSA_PEM_STRING_PRIVATE);
37 |
38 | Private = privateKeyBytes.CreateRsaParametersFromKeyBytes();
39 | Public = new RSAParameters()
40 | {
41 | Exponent = Private.Exponent,
42 | Modulus = Private.Modulus
43 | };
44 | }
45 |
46 | // Public Methods
47 |
48 | public byte[] SignData(byte[] data)
49 | {
50 | using (var rsa = new RSACryptoServiceProvider(KEY_SIZE))
51 | {
52 | rsa.ImportParameters(this.Private);
53 |
54 | return rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
55 | }
56 | }
57 |
58 | public byte[] SignHash(byte[] hash)
59 | {
60 | using (var rsa = new RSACryptoServiceProvider(KEY_SIZE))
61 | {
62 | rsa.ImportParameters(this.Private);
63 |
64 | return rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
65 | }
66 | }
67 |
68 | public string Encrypt(string dataToEncrypt)
69 | {
70 | using (var rsa = new RSACryptoServiceProvider(KEY_SIZE))
71 | {
72 | // Use public key to encrypt
73 | rsa.ImportParameters(this.Public);
74 |
75 | // Encrypt data
76 | var encyptedData = rsa.Encrypt(Encoding.UTF8.GetBytes(dataToEncrypt), true);
77 |
78 | // Return encrypted Base64 string
79 | return Convert.ToBase64String(encyptedData);
80 | }
81 | }
82 |
83 | public string Decrypt(string encryptedData)
84 | {
85 | using (var rsa = new RSACryptoServiceProvider(KEY_SIZE))
86 | {
87 | // Use private key to decrypt
88 | rsa.ImportParameters(this.Private);
89 |
90 | // Get data from Base64 string
91 | var encryptedDataBytes = Convert.FromBase64String(encryptedData);
92 |
93 | // Decrypt data
94 | var decryptedData = rsa.Decrypt(encryptedDataBytes, true);
95 |
96 | // Return decrypted plain text
97 | return Encoding.UTF8.GetString(decryptedData);
98 | }
99 | }
100 |
101 | public RSA ToRSA()
102 | {
103 | return RSA.Create(Private);
104 | }
105 |
106 | public string ToPrivateKeyPem()
107 | {
108 | return string.Format(
109 | "-----BEGIN {1}-----\n{0}\n-----END {1}-----",
110 | Convert.ToBase64String(this.ToRSA().ExportRSAPrivateKey()),
111 | RSA_PEM_STRING_PRIVATE);
112 | }
113 |
114 | public string ToPublicKeyPem()
115 | {
116 | return string.Format(
117 | "-----BEGIN {1}-----\n{0}\n-----END {1}-----",
118 | Convert.ToBase64String(this.ToRSA().ExportRSAPublicKey()),
119 | RSA_PEM_STRING_PUBLIC);
120 | }
121 |
122 | // Private Methods
123 |
124 | private RsaJsonWebKey ComposeJwk()
125 | {
126 | return new RsaJsonWebKey
127 | {
128 | KeyType = KEY_TYPE,
129 | Exponent = JwsConvert.ToBase64String(Public.Exponent),
130 | Modulus = JwsConvert.ToBase64String(Public.Modulus)
131 | };
132 | }
133 |
134 | private byte[] GetBytesFromPem(string pem, string headerFooterKey)
135 | {
136 | var header = $"-----BEGIN {headerFooterKey}-----";
137 | var footer = $"-----END {headerFooterKey}-----";
138 |
139 | var start = pem.IndexOf(header, StringComparison.Ordinal);
140 | if (start < 0)
141 | return null;
142 |
143 | start += header.Length;
144 | var end = pem.IndexOf(footer, start, StringComparison.Ordinal) - start;
145 |
146 | if (end < 0)
147 | return null;
148 |
149 | return Convert.FromBase64String(pem.Substring(start, end));
150 | }
151 |
152 | // Static Methods
153 |
154 | public static RsaKeyPair New()
155 | {
156 | using (var rsa = new RSACryptoServiceProvider(KEY_SIZE))
157 | {
158 | return new RsaKeyPair(rsa.ExportParameters(true), rsa.ExportParameters(false));
159 | }
160 | }
161 | }
162 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Cryptography/Sha256HashProvider.cs:
--------------------------------------------------------------------------------
1 | using System.Security.Cryptography;
2 |
3 | namespace LetsEncrypt.Client.Cryptography
4 | {
5 | public class Sha256HashProvider
6 | {
7 | public static byte[] ComputeHash(byte[] data)
8 | {
9 | using (var hasher = new SHA256Managed())
10 | {
11 | return hasher.ComputeHash(data);
12 | //var hashBytes = hasher.ComputeHash(data);
13 | //return BitConverter.ToString(hashBytes).Replace("-", string.Empty).ToLower();
14 | }
15 | }
16 | }
17 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Account.Custom.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Cryptography;
2 | using LetsEncrypt.Client.IO;
3 | using LetsEncrypt.Client.Jws;
4 | using Newtonsoft.Json;
5 | using System;
6 | using System.Collections.Generic;
7 | using System.Linq;
8 | using System.Threading.Tasks;
9 |
10 | namespace LetsEncrypt.Client.Entities
11 | {
12 | public partial class Account
13 | {
14 | private static readonly LocalStorage _localStorage = new LocalStorage();
15 |
16 | [JsonIgnore]
17 | public RsaKeyPair Key { get; private set; }
18 |
19 | [JsonIgnore]
20 | public JwsSigner Signer { get; private set; }
21 |
22 | // Ctors
23 |
24 | public Account()
25 | {
26 | TermsOfServiceAgreed = true;
27 | }
28 |
29 | public Account(RsaKeyPair key)
30 | : this()
31 | {
32 | Key = key;
33 | Signer = new JwsSigner(Key);
34 | }
35 |
36 | public Account(RsaKeyPair key, string location)
37 | : this(key)
38 | {
39 | Location = new Uri(location);
40 | }
41 |
42 | // Public Methods
43 |
44 | public async Task SaveAsync()
45 | {
46 | var contactEmail = Contact.FirstOrDefault().Replace(Constants.PREFIX_MAILTO, string.Empty);
47 |
48 | await _localStorage.PersistAccount(contactEmail, this.Location.AbsoluteUri);
49 | await _localStorage.PersistPrivateKey(contactEmail, Key.ToPrivateKeyPem());
50 | //await _localStorage.PersistPublicKey(contactEmail, Key.ToPublicKeyPem());
51 | }
52 |
53 | public void FillBy(Account account)
54 | {
55 | this.UnknownContent = account.UnknownContent;
56 | this.Location = account.Location;
57 | this.Error = account.Error;
58 | this.Status = account.Status;
59 | this.Contact = account.Contact;
60 | this.TermsOfServiceAgreed = account.TermsOfServiceAgreed;
61 | this.InitialIp = account.InitialIp;
62 | this.CreatedAt = account.CreatedAt;
63 | }
64 |
65 | // Static Methods
66 |
67 | public static Account Create(List contactEmails)
68 | {
69 | var key = RsaKeyPair.New();
70 |
71 | return new Account(key)
72 | {
73 | Contact = contactEmails
74 | };
75 | }
76 |
77 | public static async Task LoadAsync(string contactEmail)
78 | {
79 | var location = await _localStorage.LoadAccount(contactEmail);
80 | var privateKeyPem = await _localStorage.LoadPrivateKey(contactEmail);
81 | //var publicKeyPem = await _localStorage.LoadPublicKey(contactEmail);
82 |
83 | var key = new RsaKeyPair(privateKeyPem);
84 |
85 | return new Account(key, location);
86 | }
87 | }
88 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Account.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Converters;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Runtime.Serialization;
6 |
7 | namespace LetsEncrypt.Client.Entities
8 | {
9 | public partial class Account : BaseEntity
10 | {
11 | [JsonProperty("status")]
12 | public AccountStatus? Status { get; set; }
13 |
14 | [JsonProperty("contact")]
15 | public List Contact { get; set; }
16 |
17 | [JsonProperty("termsOfServiceAgreed")]
18 | public bool? TermsOfServiceAgreed { get; set; }
19 |
20 | [JsonProperty("initialIp")]
21 | public string InitialIp { get; set; }
22 |
23 | [JsonProperty("createdAt")]
24 | public DateTime CreatedAt { get; set; }
25 | }
26 |
27 | [JsonConverter(typeof(StringEnumConverter))]
28 | public enum AccountStatus
29 | {
30 | [EnumMember(Value = "valid")]
31 | Valid,
32 |
33 | [EnumMember(Value = "deactivated")]
34 | Deactivated,
35 |
36 | [EnumMember(Value = "revoked")]
37 | Revoked,
38 | }
39 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/AccountPersisted.cs:
--------------------------------------------------------------------------------
1 | namespace LetsEncrypt.Client.Entities
2 | {
3 | public class AccountPersisted
4 | {
5 | public string AccountContactEmail { get; set; }
6 |
7 | public string AccountLocation { get; set; }
8 |
9 | public string PrivateKeyPem { get; set; }
10 |
11 | public string PublicKeyPem { get; set; }
12 | }
13 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Authorization.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Converters;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Runtime.Serialization;
6 |
7 | namespace LetsEncrypt.Client.Entities
8 | {
9 | public class Authorization : BaseEntity
10 | {
11 | [JsonProperty("identifier")]
12 | public Identifier Identifier { get; set; }
13 |
14 | [JsonProperty("status")]
15 | public AuthorizationStatus? Status { get; set; }
16 |
17 | [JsonProperty("expires")]
18 | public DateTime? Expires { get; set; }
19 |
20 | [JsonProperty("scope")]
21 | public Uri Scope { get; set; }
22 |
23 | [JsonProperty("challenges")]
24 | public IList Challenges { get; set; }
25 |
26 | [JsonProperty("wildcard")]
27 | public bool? Wildcard { get; set; }
28 | }
29 |
30 | [JsonConverter(typeof(StringEnumConverter))]
31 | public enum AuthorizationStatus
32 | {
33 | [EnumMember(Value = "pending")]
34 | Pending,
35 |
36 | [EnumMember(Value = "processing")]
37 | Processing,
38 |
39 | [EnumMember(Value = "valid")]
40 | Valid,
41 |
42 | [EnumMember(Value = "invalid")]
43 | Invalid,
44 |
45 | [EnumMember(Value = "revoked")]
46 | Revoked,
47 |
48 | [EnumMember(Value = "deactivated")]
49 | Deactivated,
50 |
51 | [EnumMember(Value = "expired")]
52 | Expired,
53 | }
54 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Certificate.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Cryptography;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Security.Cryptography.X509Certificates;
5 |
6 | namespace LetsEncrypt.Client.Entities
7 | {
8 | public class Certificate
9 | {
10 | #region Consts + Fields + Properties
11 |
12 | private CertificateChain _certificateChain;
13 |
14 | public RsaKeyPair Key { get; private set; }
15 |
16 | #endregion Consts + Fields + Properties
17 |
18 | // Ctor
19 |
20 | public Certificate(RsaKeyPair key = null)
21 | {
22 | // Generate new RSA key for certificate
23 | if (key == null)
24 | {
25 | Key = RsaKeyPair.New();
26 | }
27 | else
28 | {
29 | Key = key;
30 | }
31 | }
32 |
33 | // Public Methods
34 |
35 | public byte[] CreateSigningRequest(string cn, List subjectAlternativeNames)
36 | {
37 | return CertificateBuilder.CreateSigningRequest(Key.ToRSA(), cn, subjectAlternativeNames);
38 | }
39 |
40 | public void AddChain(CertificateChain certificateChain)
41 | {
42 | _certificateChain = certificateChain;
43 | }
44 |
45 | public byte[] GetOriginalCertificate()
46 | {
47 | return _certificateChain.CertificateBytes;
48 | }
49 |
50 | public byte[] GeneratePfx(string password)
51 | {
52 | return CertificateBuilder.Generate(Key.ToRSA(), _certificateChain, password, X509ContentType.Pfx);
53 | }
54 |
55 | public byte[] GenerateCrt(string password)
56 | {
57 | return CertificateBuilder.Generate(Key.ToRSA(), _certificateChain, password, X509ContentType.Cert);
58 | }
59 |
60 | public string GenerateCrtPem(string password)
61 | {
62 | return string.Format(
63 | "-----BEGIN CERTIFICATE-----\n{0}\n-----END CERTIFICATE-----",
64 | Convert.ToBase64String(GenerateCrt(password)));
65 | }
66 |
67 | public string GenerateKeyPem()
68 | {
69 | return Key.ToPrivateKeyPem();
70 | }
71 |
72 | public string Serialize()
73 | {
74 | return _certificateChain.Content;
75 | }
76 |
77 | public static Certificate Deserialize(string data, RsaKeyPair key)
78 | {
79 | var result = new Certificate(key);
80 | result.AddChain(new CertificateChain(data));
81 | return result;
82 | }
83 | }
84 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/CertificateChain.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 |
5 | namespace LetsEncrypt.Client.Entities
6 | {
7 | public class CertificateChain : BaseEntity
8 | {
9 | public string Content => UnknownContent;
10 |
11 | public string Certificate => Process().Item1;
12 | public byte[] CertificateBytes => GetBytesFromPem(Certificate);
13 |
14 | public string Issuer => Process().Item2;
15 | public byte[] IssuerBytes => GetBytesFromPem(Issuer);
16 |
17 | public List Certificates => Process2();
18 |
19 | // Ctors
20 |
21 | public CertificateChain()
22 | {
23 | }
24 |
25 | public CertificateChain(string content)
26 | {
27 | UnknownContent = content;
28 | }
29 |
30 | // Private Methods
31 |
32 | private List Process2()
33 | {
34 | var result = new List();
35 |
36 | var certificates = Content
37 | .Split(new[] { "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries)
38 | .Where(c => !string.IsNullOrWhiteSpace(c))
39 | .Select(c => c + "-----END CERTIFICATE-----");
40 |
41 | foreach (var certificate in certificates)
42 | {
43 | result.Add(new TempCertificate()
44 | {
45 | Content = certificate,
46 | Bytes = GetBytesFromPem(certificate)
47 | });
48 | }
49 |
50 | return result;
51 | }
52 |
53 | private (string, string) Process()
54 | {
55 | var certificates = Content
56 | .Split(new[] { "-----END CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries)
57 | .Where(c => !string.IsNullOrWhiteSpace(c))
58 | .Select(c => c + "-----END CERTIFICATE-----");
59 |
60 | return (
61 | certificates.First(),
62 | certificates.Last());//.Skip(1).ToList());
63 | }
64 |
65 | private byte[] GetBytesFromPem(string pem)
66 | {
67 | var header = "-----BEGIN CERTIFICATE-----";
68 | var footer = "-----END CERTIFICATE-----";
69 |
70 | var start = pem.IndexOf(header, StringComparison.Ordinal);
71 | if (start < 0)
72 | return null;
73 |
74 | start += header.Length;
75 | var end = pem.IndexOf(footer, start, StringComparison.Ordinal) - start;
76 |
77 | if (end < 0)
78 | return null;
79 |
80 | return Convert.FromBase64String(pem.Substring(start, end));
81 | }
82 | }
83 |
84 | public class TempCertificate
85 | {
86 | public string Content { get; set; }
87 |
88 | public byte[] Bytes { get; set; }
89 | }
90 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/CertificateRevocation.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 |
3 | namespace LetsEncrypt.Client.Entities
4 | {
5 | public class CertificateRevocation
6 | {
7 | [JsonProperty("certificate")]
8 | public string Certificate { get; set; }
9 |
10 | [JsonProperty("reason")]
11 | public RevocationReason? Reason { get; set; }
12 | }
13 |
14 | public enum RevocationReason
15 | {
16 | Unspecified = 0,
17 | KeyCompromise = 1,
18 | CACompromise = 2,
19 | AffiliationChanged = 3,
20 | Superseded = 4,
21 | CessationOfOperation = 5,
22 | CertificateHold = 6,
23 | RemoveFromCRL = 8,
24 | PrivilegeWithdrawn = 9,
25 | AACompromise = 10,
26 | }
27 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Challenge.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Converters;
3 | using System;
4 |
5 | namespace LetsEncrypt.Client.Entities
6 | {
7 | public class Challenge : BaseEntity
8 | {
9 | [JsonProperty("type")]
10 | public string Type { get; set; }
11 |
12 | [JsonProperty("status")]
13 | public ChallengeStatus? Status { get; set; }
14 |
15 | [JsonProperty("validated")]
16 | public DateTime? Validated { get; set; }
17 |
18 | [JsonProperty("url")]
19 | public Uri Url { get; set; }
20 |
21 | [JsonProperty("token")]
22 | public string Token { get; set; }
23 |
24 | //
25 |
26 | [JsonIgnore]
27 | public string DnsKey { get; set; }
28 |
29 | [JsonIgnore]
30 | public string VerificationKey { get; set; }
31 |
32 | [JsonIgnore]
33 | public string VerificationValue { get; set; }
34 | }
35 |
36 | [JsonConverter(typeof(StringEnumConverter))]
37 | public enum ChallengeStatus
38 | {
39 | [JsonProperty("pending")]
40 | Pending,
41 |
42 | [JsonProperty("processing")]
43 | Processing,
44 |
45 | [JsonProperty("valid")]
46 | Valid,
47 |
48 | [JsonProperty("invalid")]
49 | Invalid,
50 | }
51 |
52 | public static class ChallengeType
53 | {
54 | public const string Http01 = "http-01";
55 |
56 | public const string Dns01 = "dns-01";
57 |
58 | public const string TlsAlpn01 = "tls-alpn-01";
59 | }
60 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Directory.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using System;
3 | using System.Collections.Generic;
4 |
5 | namespace LetsEncrypt.Client.Entities
6 | {
7 | public class Directory : BaseEntity
8 | {
9 | [JsonProperty("newNonce")]
10 | public Uri NewNonce { get; set; }
11 |
12 | [JsonProperty("newAccount")]
13 | public Uri NewAccount { get; set; }
14 |
15 | [JsonProperty("newOrder")]
16 | public Uri NewOrder { get; set; }
17 |
18 | [JsonProperty("revokeCert")]
19 | public Uri RevokeCert { get; set; }
20 |
21 | [JsonProperty("keyChange")]
22 | public Uri KeyChange { get; set; }
23 |
24 | [JsonProperty("meta")]
25 | public DirectoryMeta Meta { get; set; }
26 | }
27 |
28 | public class DirectoryMeta
29 | {
30 | [JsonProperty("termsOfService")]
31 | public Uri TermsOfService { get; set; }
32 |
33 | [JsonProperty("website")]
34 | public Uri Website { get; set; }
35 |
36 | [JsonProperty("caaIdentities")]
37 | public List CaaIdentities { get; set; }
38 |
39 | [JsonProperty("externalAccountRequired")]
40 | public bool? ExternalAccountRequired { get; set; }
41 | }
42 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Empty.cs:
--------------------------------------------------------------------------------
1 | namespace LetsEncrypt.Client.Entities
2 | {
3 | public class Empty : BaseEntity
4 | {
5 | }
6 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Enviroment.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace LetsEncrypt.Client.Entities
4 | {
5 | public class ApiEnvironment
6 | {
7 | //// V1
8 |
9 | //public static Uri LetsEncryptV1 { get; } = new Uri("https://acme-v01.api.letsencrypt.org/directory");
10 |
11 | //public static Uri LetsEncryptV1Staging { get; } = new Uri("https://acme-staging.api.letsencrypt.org/directory");
12 |
13 | // V2
14 |
15 | public static Uri LetsEncryptV2 { get; } = new Uri("https://acme-v02.api.letsencrypt.org/directory");
16 | public static Uri LetsEncryptV2Staging { get; } = new Uri("https://acme-staging-v02.api.letsencrypt.org/directory");
17 | }
18 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Identifier.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Converters;
3 | using System.Runtime.Serialization;
4 |
5 | namespace LetsEncrypt.Client.Entities
6 | {
7 | public class Identifier
8 | {
9 | [JsonProperty("type")]
10 | public IdentifierType Type { get; set; }
11 |
12 | [JsonProperty("value")]
13 | public string Value { get; set; }
14 | }
15 |
16 | [JsonConverter(typeof(StringEnumConverter))]
17 | public enum IdentifierType
18 | {
19 | [EnumMember(Value = "dns")]
20 | Dns
21 | }
22 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/Order.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Converters;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Runtime.Serialization;
6 |
7 | namespace LetsEncrypt.Client.Entities
8 | {
9 | public class Order : BaseEntity
10 | {
11 | [JsonProperty("status")]
12 | public OrderStatus? Status { get; set; }
13 |
14 | [JsonProperty("expires")]
15 | public DateTime? Expires { get; set; }
16 |
17 | public IList Identifiers { get; set; }
18 |
19 | [JsonProperty("notBefore")]
20 | public DateTime? NotBefore { get; set; }
21 |
22 | [JsonProperty("notAfter")]
23 | public DateTime? NotAfter { get; set; }
24 |
25 | [JsonProperty("authorizations")]
26 | public List Authorizations { get; set; }
27 |
28 | [JsonProperty("finalize")]
29 | public Uri Finalize { get; set; }
30 |
31 | [JsonProperty("certificate")]
32 | public Uri Certificate { get; set; }
33 | }
34 |
35 | [JsonConverter(typeof(StringEnumConverter))]
36 | public enum OrderStatus
37 | {
38 | [EnumMember(Value = "pending")]
39 | Pending,
40 |
41 | [EnumMember(Value = "ready")]
42 | Ready,
43 |
44 | [EnumMember(Value = "processing")]
45 | Processing,
46 |
47 | [EnumMember(Value = "valid")]
48 | Valid,
49 |
50 | [EnumMember(Value = "invalid")]
51 | Invalid,
52 | }
53 |
54 | public class OrderCertificate : Order
55 | {
56 | [JsonProperty("csr")]
57 | public string Csr { get; set; }
58 | }
59 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Entities/_BaseEntity.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using System;
3 | using System.Net;
4 |
5 | namespace LetsEncrypt.Client.Entities
6 | {
7 | public class BaseEntity
8 | {
9 | [JsonIgnore]
10 | public virtual string UnknownContent { get; set; }
11 |
12 | [JsonIgnore]
13 | public virtual Uri Location { get; set; }
14 |
15 | [JsonIgnore]
16 | public virtual AcmeError Error { get; set; }
17 | }
18 |
19 | public class AcmeError
20 | {
21 | public string Type { get; set; }
22 | public string Detail { get; set; }
23 | public HttpStatusCode Status { get; set; }
24 | }
25 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Extensions/Extensions.RSAParameters.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Security.Cryptography;
4 |
5 | namespace LetsEncrypt.Client.Extensions
6 | {
7 | public static partial class Extensions
8 | {
9 | public static RSAParameters CreateRsaParametersFromKeyBytes(this byte[] rsaKeyPemBytes)
10 | {
11 | using (BinaryReader binReader = new BinaryReader(new MemoryStream(rsaKeyPemBytes)))
12 | {
13 | byte bt = 0;
14 | ushort twobytes = 0;
15 | twobytes = binReader.ReadUInt16();
16 | if (twobytes == 0x8130)
17 | binReader.ReadByte();
18 | else if (twobytes == 0x8230)
19 | binReader.ReadInt16();
20 | else
21 | throw new Exception("Unexpected value read binr.ReadUInt16()");
22 |
23 | twobytes = binReader.ReadUInt16();
24 | if (twobytes != 0x0102)
25 | throw new Exception("Unexpected version");
26 |
27 | bt = binReader.ReadByte();
28 | if (bt != 0x00)
29 | throw new Exception("Unexpected value read binr.ReadByte()");
30 |
31 | var result = new RSAParameters();
32 | result.Modulus = binReader.ReadBytes(GetIntegerSize(binReader));
33 | result.Exponent = binReader.ReadBytes(GetIntegerSize(binReader));
34 | result.D = binReader.ReadBytes(GetIntegerSize(binReader));
35 | result.P = binReader.ReadBytes(GetIntegerSize(binReader));
36 | result.Q = binReader.ReadBytes(GetIntegerSize(binReader));
37 | result.DP = binReader.ReadBytes(GetIntegerSize(binReader));
38 | result.DQ = binReader.ReadBytes(GetIntegerSize(binReader));
39 | result.InverseQ = binReader.ReadBytes(GetIntegerSize(binReader));
40 | return result;
41 | }
42 | }
43 |
44 | private static int GetIntegerSize(BinaryReader binr)
45 | {
46 | byte bt = 0;
47 | byte lowByte = 0x00;
48 | byte highByte = 0x00;
49 | int count = 0;
50 |
51 | bt = binr.ReadByte();
52 | if (bt != 0x02)
53 | {
54 | return 0;
55 | }
56 | bt = binr.ReadByte();
57 |
58 | if (bt == 0x81)
59 | {
60 | count = binr.ReadByte();
61 | }
62 | else if (bt == 0x82)
63 | {
64 | highByte = binr.ReadByte();
65 | lowByte = binr.ReadByte();
66 | byte[] modint = { lowByte, highByte, 0x00, 0x00 };
67 | count = BitConverter.ToInt32(modint, 0);
68 | }
69 | else
70 | {
71 | count = bt;
72 | }
73 |
74 | while (binr.ReadByte() == 0x00)
75 | {
76 | count -= 1;
77 | }
78 | binr.BaseStream.Seek(-1, SeekOrigin.Current);
79 | return count;
80 | }
81 | }
82 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Extensions/Extensions.SecureString.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using System.Security;
4 |
5 | namespace LetsEncrypt.Client.Extensions
6 | {
7 | public static partial class Extensions
8 | {
9 | public static string ToStandardString(this SecureString value)
10 | {
11 | IntPtr valuePtr = IntPtr.Zero;
12 | try
13 | {
14 | valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
15 | return Marshal.PtrToStringUni(valuePtr);
16 | }
17 | finally
18 | {
19 | Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
20 | }
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Extensions/Extensions.String.cs:
--------------------------------------------------------------------------------
1 | using System.Security;
2 |
3 | namespace LetsEncrypt.Client.Extensions
4 | {
5 | public static partial class Extensions
6 | {
7 | public static SecureString ToSecureString(this string source)
8 | {
9 | if (string.IsNullOrWhiteSpace(source))
10 | return null;
11 | else
12 | {
13 | SecureString result = new SecureString();
14 | foreach (char c in source.ToCharArray())
15 | {
16 | result.AppendChar(c);
17 | }
18 | return result;
19 | }
20 | }
21 | }
22 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/IO/LocalStorage.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Text;
4 | using System.Threading.Tasks;
5 |
6 | namespace LetsEncrypt.Client.IO
7 | {
8 | public class LocalStorage
9 | {
10 | private const string FOLDER = "Output//";
11 | private const string ACCOUNT_FILE = "Account.{0}.txt";
12 | private const string ACCOUNT_PRIVATE_KEY_FILE = "Account.{0}.Private.pem";
13 | private const string ACCOUNT_PUBLIC_KEY_FILE = "Account.{0}.Public.pem";
14 |
15 | public LocalStorage()
16 | {
17 | }
18 |
19 | // Public Specific Methods
20 |
21 | public async Task PersistAccount(string accountContactEmail, string accountId)
22 | {
23 | var file = string.Format(ACCOUNT_FILE, accountContactEmail.Trim().ToLower());
24 | var path = GetOutputPath(file);
25 |
26 | await WriteAsync(path, accountId);
27 | }
28 |
29 | public async Task LoadAccount(string accountContactEmail)
30 | {
31 | var file = string.Format(ACCOUNT_FILE, accountContactEmail.Trim().ToLower());
32 | var path = GetOutputPath(file);
33 |
34 | return await ReadAsync(path);
35 | }
36 |
37 | public async Task PersistPrivateKey(string accountContactEmail, string privateKeyPem)
38 | {
39 | var file = string.Format(ACCOUNT_PRIVATE_KEY_FILE, accountContactEmail.Trim().ToLower());
40 | var path = GetOutputPath(file);
41 |
42 | await WriteAsync(path, privateKeyPem);
43 | }
44 |
45 | public async Task LoadPrivateKey(string accountContactEmail)
46 | {
47 | var file = string.Format(ACCOUNT_PRIVATE_KEY_FILE, accountContactEmail.Trim().ToLower());
48 | var path = GetOutputPath(file);
49 |
50 | return await ReadAsync(path);
51 | }
52 |
53 | public async Task PersistPublicKey(string accountContactEmail, string publicKeyPem)
54 | {
55 | var file = string.Format(ACCOUNT_PUBLIC_KEY_FILE, accountContactEmail.Trim().ToLower());
56 | var path = GetOutputPath(file);
57 |
58 | await WriteAsync(path, publicKeyPem);
59 | }
60 |
61 | public async Task LoadPublicKey(string accountContactEmail)
62 | {
63 | var file = string.Format(ACCOUNT_PUBLIC_KEY_FILE, accountContactEmail.Trim().ToLower());
64 | var path = GetOutputPath(file);
65 |
66 | return await ReadAsync(path);
67 | }
68 |
69 | // Public General Methods
70 |
71 | public async Task ReadAsync(string path)
72 | {
73 | if (!File.Exists(path))
74 | {
75 | throw new Exception($"File on path '{path}' does not exists!");
76 | }
77 |
78 | using (var stream = File.OpenRead(path))
79 | {
80 | using (var reader = new StreamReader(stream))
81 | {
82 | return await reader.ReadToEndAsync();
83 | }
84 | }
85 | }
86 |
87 | public async Task WriteAsync(string path, string text)
88 | {
89 | await WriteAsync(path, Encoding.UTF8.GetBytes(text));
90 | }
91 |
92 | public async Task WriteAsync(string path, byte[] data)
93 | {
94 | var fullPath = Path.GetFullPath(path);
95 | var dir = Path.GetDirectoryName(fullPath);
96 | if (!Directory.Exists(dir))
97 | {
98 | Directory.CreateDirectory(dir);
99 | }
100 |
101 | using (var stream = File.Create(fullPath))
102 | {
103 | await stream.WriteAsync(data, 0, data.Length);
104 | }
105 | }
106 |
107 | // Private Helper Methods
108 |
109 | private string GetOutputPath(string fileName)
110 | {
111 | var directoryPath = GetOutputDirectoryPath();
112 | return directoryPath + fileName;
113 | }
114 |
115 | private string GetOutputDirectoryPath()
116 | {
117 | var directoryPath = AppDomain.CurrentDomain.BaseDirectory + FOLDER;
118 |
119 | if (!Directory.Exists(directoryPath))
120 | {
121 | Directory.CreateDirectory(Path.GetDirectoryName(directoryPath));
122 | }
123 |
124 | return directoryPath;
125 | }
126 | }
127 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Interfaces/ILogger.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Threading.Tasks;
3 |
4 | namespace LetsEncrypt.Client.Interfaces
5 | {
6 | public interface ILogger
7 | {
8 | // Error
9 |
10 | void LogError(Exception ex);
11 |
12 | Task LogErrorAsync(Exception ex);
13 |
14 | void LogError(string subject, string message = null);
15 |
16 | Task LogErrorAsync(string subject, string message = null);
17 |
18 | // Message
19 |
20 | void LogMessage(string subject, string message = null);
21 |
22 | Task LogMessageAsync(string subject, string message = null);
23 | }
24 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Json/JsonSettings.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 | using Newtonsoft.Json.Serialization;
3 |
4 | namespace LetsEncrypt.Client.Json
5 | {
6 | public static class JsonSettings
7 | {
8 | public static JsonSerializerSettings CreateSettings()
9 | {
10 | return new JsonSerializerSettings
11 | {
12 | ContractResolver = new DefaultContractResolver
13 | {
14 | NamingStrategy = new CamelCaseNamingStrategy()
15 | },
16 | NullValueHandling = NullValueHandling.Ignore,
17 | MissingMemberHandling = MissingMemberHandling.Ignore
18 | };
19 | }
20 | }
21 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Jws/JwsConvert.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace LetsEncrypt.Client.Jws
4 | {
5 | public static class JwsConvert
6 | {
7 | public static string ToBase64String(byte[] data)
8 | {
9 | var s = Convert.ToBase64String(data);
10 | s = s.Split('=')[0];
11 | s = s.Replace('+', '-');
12 | s = s.Replace('/', '_');
13 | return s;
14 | }
15 |
16 | public static byte[] FromBase64String(string data)
17 | {
18 | var s = data;
19 | s = s.Replace('-', '+');
20 | s = s.Replace('_', '/');
21 | switch (s.Length % 4)
22 | {
23 | case 0: break;
24 | case 2: s += "=="; break;
25 | case 3: s += "="; break;
26 | default:
27 | throw new Exception("Base64 string is not valid!");
28 | }
29 | return Convert.FromBase64String(s);
30 | }
31 | }
32 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Jws/JwsSigner.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Cryptography;
2 | using LetsEncrypt.Client.Json;
3 | using Newtonsoft.Json;
4 | using System;
5 | using System.Text;
6 |
7 | namespace LetsEncrypt.Client.Jws
8 | {
9 | public class JwsSigner
10 | {
11 | private readonly RsaKeyPair _key;
12 |
13 | // Ctor
14 |
15 | public JwsSigner(RsaKeyPair key)
16 | {
17 | _key = key;
18 | }
19 |
20 | // Public Methods
21 |
22 | public JwsData Sign(object data, Uri url, string nonce)
23 | {
24 | var header =
25 | new
26 | {
27 | alg = _key.ALGORITHM_NAME,
28 | jwk = _key.Jwk,
29 | nonce,
30 | url,
31 | };
32 |
33 | return Sign(header, data);
34 | }
35 |
36 | public JwsData Sign(object data, Uri kId, Uri url, string nonce)
37 | {
38 | var header =
39 | new
40 | {
41 | alg = _key.ALGORITHM_NAME,
42 | kid = kId,
43 | nonce,
44 | url,
45 | };
46 |
47 | return Sign(header, data);
48 | }
49 |
50 | // Private Methods
51 |
52 | private JwsData Sign(object header, object body)
53 | {
54 | var jsonSettings = JsonSettings.CreateSettings();
55 | var entityJson = body == null ?
56 | "" :
57 | JsonConvert.SerializeObject(body, Formatting.None, jsonSettings);
58 | var protectedHeaderJson = JsonConvert.SerializeObject(header, Formatting.None, jsonSettings);
59 |
60 | var entityEncoded = JwsConvert.ToBase64String(Encoding.UTF8.GetBytes(entityJson));
61 | var protectedHeaderEncoded = JwsConvert.ToBase64String(Encoding.UTF8.GetBytes(protectedHeaderJson));
62 |
63 | var signature = $"{protectedHeaderEncoded}.{entityEncoded}";
64 | var signatureBytes = Encoding.UTF8.GetBytes(signature);
65 | var signedSignatureBytes = _key.SignData(signatureBytes);
66 | var signedSignatureEncoded = JwsConvert.ToBase64String(signedSignatureBytes);
67 |
68 | return new JwsData
69 | {
70 | Protected = protectedHeaderEncoded,
71 | Payload = entityEncoded,
72 | Signature = signedSignatureEncoded
73 | };
74 | }
75 | }
76 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Jws/Objects/JwsData.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 |
3 | namespace LetsEncrypt.Client.Jws
4 | {
5 | public class JwsData
6 | {
7 | [JsonProperty("protected")]
8 | public string Protected { get; set; }
9 |
10 | [JsonProperty("payload")]
11 | public string Payload { get; set; }
12 |
13 | [JsonProperty("signature")]
14 | public string Signature { get; set; }
15 | }
16 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Jws/Objects/RsaJsonWebKey.cs:
--------------------------------------------------------------------------------
1 | using Newtonsoft.Json;
2 |
3 | namespace LetsEncrypt.Client.Jws
4 | {
5 | public class RsaJsonWebKey
6 | {
7 | [JsonProperty("e", Order = 1)]
8 | public string Exponent { get; set; }
9 |
10 | [JsonProperty("kty", Order = 2)]
11 | public string KeyType { get; set; }
12 |
13 | [JsonProperty("n", Order = 3)]
14 | public string Modulus { get; set; }
15 | }
16 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/LetsEncrypt.Client.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netstandard2.1
5 | LetsEncrypt.Client
6 | Anton Urbanik
7 |
8 | LetsEncrypt.Client
9 | true
10 | LetsEncrypt.Client.snk
11 | LetsEncrypt.Client is simple and straightforward C# implementation of ACME client for Let's Encrypt certificates. Library is primary oriented for generation of wildcard certificates as .pfx.
12 |
13 | https://github.com/Tondas/LetsEncrypt
14 | https://github.com/Tondas/LetsEncrypt
15 | letsencrypt, acme, certificate, wildcard
16 | 1.0.0
17 | 1.0.0
18 | true
19 | LICENSE
20 | Logo-LockOnly.png
21 |
22 | git
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 | True
32 |
33 |
34 |
35 | True
36 |
37 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/LetsEncrypt.Client.snk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tondas/LetsEncrypt/79664a628c59f1497ada423c33b9a7f6f9a2811a/Source/LetsEncrypt.Client/LetsEncrypt.Client.snk
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Loggers/ConsoleLogger.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Interfaces;
2 | using System;
3 | using System.Threading.Tasks;
4 |
5 | namespace LetsEncrypt.Client.Loggers
6 | {
7 | public class ConsoleLogger : ILogger
8 | {
9 | // Error
10 |
11 | public void LogError(Exception ex)
12 | {
13 | LogToConsole(ex.Message, ConsoleColor.Red);
14 | LogToConsole(ex.StackTrace, ConsoleColor.Red);
15 | }
16 |
17 | public Task LogErrorAsync(Exception ex)
18 | {
19 | LogToConsole(ex.Message, ConsoleColor.Red);
20 | LogToConsole(ex.StackTrace, ConsoleColor.Red);
21 |
22 | return Task.CompletedTask;
23 | }
24 |
25 | public void LogError(string subject, string message = null)
26 | {
27 | LogToConsole(subject, ConsoleColor.Red);
28 | if (!string.IsNullOrEmpty(message))
29 | {
30 | LogToConsole(message, ConsoleColor.Red);
31 | }
32 | }
33 |
34 | public Task LogErrorAsync(string subject, string message = null)
35 | {
36 | LogToConsole(subject, ConsoleColor.Red);
37 | if (!string.IsNullOrEmpty(message))
38 | {
39 | LogToConsole(message, ConsoleColor.Red);
40 | }
41 |
42 | return Task.CompletedTask;
43 | }
44 |
45 | // Info
46 |
47 | public void LogMessage(string subject, string message = null)
48 | {
49 | LogToConsole(subject, ConsoleColor.Yellow);
50 | if (!string.IsNullOrEmpty(message))
51 | {
52 | LogToConsole(message, ConsoleColor.Yellow);
53 | }
54 | }
55 |
56 | public Task LogMessageAsync(string subject, string message = null)
57 | {
58 | LogToConsole(subject, ConsoleColor.Yellow);
59 | if (!string.IsNullOrEmpty(message))
60 | {
61 | LogToConsole(message, ConsoleColor.Yellow);
62 | }
63 |
64 | return Task.CompletedTask;
65 | }
66 |
67 | // Private Methods
68 |
69 | private void LogToConsole(string message, ConsoleColor color = default(ConsoleColor))
70 | {
71 | var originalColor = Console.ForegroundColor;
72 | if (color != default(ConsoleColor))
73 | {
74 | Console.ForegroundColor = color;
75 | }
76 | Console.WriteLine(message);
77 | Console.ForegroundColor = originalColor;
78 | }
79 | }
80 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Client/Loggers/LocalFileLogger.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Interfaces;
2 | using System;
3 | using System.IO;
4 | using System.Threading.Tasks;
5 |
6 | namespace LetsEncrypt.Client.Loggers
7 | {
8 | public class LocalFileLogger : ILogger
9 | {
10 | private const string FOLDER = "Logs//";
11 | private const string FILE = "Log_{0}.log";
12 |
13 | // Public Methods
14 |
15 | public void LogError(Exception ex)
16 | {
17 | Log(ex.Message + Environment.NewLine + ex.StackTrace);
18 | }
19 |
20 | public Task LogErrorAsync(Exception ex)
21 | {
22 | LogError(ex);
23 | return Task.CompletedTask;
24 | }
25 |
26 | public void LogError(string subject, string message = null)
27 | {
28 | Log(subject + Environment.NewLine + message);
29 | }
30 |
31 | public Task LogErrorAsync(string subject, string message = null)
32 | {
33 | LogError(subject, message);
34 | return Task.CompletedTask;
35 | }
36 |
37 | public void LogMessage(string subject, string message = null)
38 | {
39 | LogError(subject, message);
40 | }
41 |
42 | public Task LogMessageAsync(string subject, string message = null)
43 | {
44 | return LogErrorAsync(subject, message);
45 | }
46 |
47 | // Private Methods
48 |
49 | private void Log(string message)
50 | {
51 | try
52 | {
53 | var fileName = GetFilePath();
54 |
55 | using (StreamWriter sw = new StreamWriter(fileName, true))
56 | {
57 | sw.Write(String.Format("{0}[UTC]>>> ", DateTime.UtcNow.ToString(Constants.DATE_FORMAT_LONG)));
58 | sw.Write(message);
59 | sw.WriteLine();
60 |
61 | sw.Flush();
62 | }
63 | }
64 | catch { }
65 | }
66 |
67 | private string GetFilePath()
68 | {
69 | var fileName = string.Format(FILE, DateTime.UtcNow.ToString(Constants.DATE_FORMAT_SHORT));
70 | var directoryPath = AppDomain.CurrentDomain.BaseDirectory + FOLDER;
71 |
72 | if (!Directory.Exists(directoryPath))
73 | {
74 | Directory.CreateDirectory(Path.GetDirectoryName(directoryPath));
75 | }
76 |
77 | return directoryPath + fileName;
78 | }
79 | }
80 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.ConsoleApp/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/Source/LetsEncrypt.ConsoleApp/Extensions/Extensions.IServiceCollection.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Interfaces;
2 | using LetsEncrypt.Client.IO;
3 | using LetsEncrypt.Client.Loggers;
4 | using Microsoft.Extensions.DependencyInjection;
5 |
6 | namespace LetsEncrypt.Client.Extensions
7 | {
8 | public static partial class Extensions
9 | {
10 | public static IServiceCollection AddAllApplicationServices(this IServiceCollection services)
11 | {
12 | services.AddSingleton(); // ConsoleLogger
13 | services.AddSingleton(typeof(LocalStorage));
14 |
15 | return services;
16 | }
17 | }
18 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.ConsoleApp/LetsEncrypt.ConsoleApp.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/Source/LetsEncrypt.ConsoleApp/Program.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client;
2 | using LetsEncrypt.Client.Entities;
3 | using LetsEncrypt.Client.Interfaces;
4 | using LetsEncrypt.Client.IO;
5 | using LetsEncrypt.Client.Loggers;
6 | using Microsoft.Extensions.DependencyInjection;
7 | using System;
8 | using System.Text;
9 | using System.Threading;
10 | using System.Threading.Tasks;
11 |
12 | namespace LetsEncrypt.ConsoleApp
13 | {
14 | internal class Program
15 | {
16 | #region Fields + Properties
17 |
18 | private static Lazy _serviceProvider = new Lazy(InitDependencyInjection);
19 | private static IServiceProvider ServiceProvider => _serviceProvider.Value;
20 |
21 | private static ILogger Logger => ServiceProvider.GetRequiredService();
22 | private static LocalStorage LocalFileHandler => ServiceProvider.GetRequiredService();
23 | private static Settings Settings => ServiceProvider.GetRequiredService();
24 |
25 | #endregion Fields + Properties
26 |
27 | //
28 |
29 | public static async Task Main(string[] args)
30 | {
31 | Console.WriteLine("--- LetsEncrypt.ConsoleApp ---");
32 |
33 | InitDependencyInjection();
34 | await Run();
35 |
36 | Console.WriteLine("Done.");
37 | }
38 |
39 | // Private Methods
40 |
41 | private static IServiceProvider InitDependencyInjection()
42 | {
43 | var services = new ServiceCollection();
44 | services.AddSingleton();
45 | services.AddSingleton(typeof(LocalStorage));
46 | services.AddSingleton(typeof(Settings));
47 |
48 | return services.BuildServiceProvider();
49 | }
50 |
51 | private static async Task Run()
52 | {
53 | //
54 | Console.WriteLine("Step 1 - Order Creation");
55 |
56 | // Create client alias core object + specify which environment you want to use
57 | var acmeClient = new AcmeClient(ApiEnvironment.LetsEncryptV2);
58 |
59 | // Create new Account
60 | var account = await acmeClient.CreateNewAccountAsync(Settings.ContactEmail);
61 |
62 | // Create new Order
63 | var order = await acmeClient.NewOrderAsync(account, Settings.Domains);
64 |
65 | // Create DNS challenge (DNS is required for wildcard certificate)
66 | var challenges = await acmeClient.GetDnsChallenges(account, order);
67 |
68 | //
69 | Console.WriteLine("Step 1 - Done");
70 | Console.WriteLine("Step 2 - Verification by DNS challenge");
71 |
72 | // Creation of all DNS entries
73 | var sb = new StringBuilder(256);
74 | foreach (var challenge in challenges)
75 | {
76 | sb.AppendLine(string.Format("DNS TXT record Key: {0}", challenge.DnsKey));
77 | sb.AppendLine(string.Format("DNS TXT record Value: {0}", challenge.VerificationValue));
78 | sb.AppendLine();
79 | }
80 | await LocalFileHandler.WriteAsync("_Output.txt", sb.ToString());
81 |
82 | //
83 | Console.WriteLine("Step 2 - Open '_Output.txt' file and configure DNS TXT record(s)");
84 | Console.WriteLine("Step 2 - Press any key to continue ...");
85 | Console.Read();
86 |
87 | //
88 | Console.WriteLine("Step 2 - Done");
89 | Console.WriteLine("Step 3 - Verification of DNS TXT record(s)");
90 |
91 | // Validation of all DNS entries
92 | var failedCount = 3;
93 | var valid = false;
94 | while (!valid)
95 | {
96 | try
97 | {
98 | foreach (var challenge in challenges)
99 | {
100 | await acmeClient.ValidateChallengeAsync(account, challenge);
101 |
102 | // Verify status of challenge
103 | var freshChallenge = await acmeClient.GetChallengeAsync(account, challenge);
104 | if (freshChallenge.Status == ChallengeStatus.Invalid)
105 | {
106 | throw new Exception("Something is wrong with your DNS TXT record(s)!");
107 | }
108 | }
109 |
110 | valid = true;
111 | }
112 | catch (Exception ex)
113 | {
114 | failedCount--;
115 |
116 | if (failedCount == 0)
117 | {
118 | throw new Exception("Validation of DNS TXT record(s) is failed!", ex);
119 | }
120 |
121 | Thread.Sleep(5000);
122 | }
123 | }
124 |
125 | //
126 | Console.WriteLine("Step 3 - Done");
127 | Console.WriteLine("Step 4 - Certificate generation");
128 |
129 | Thread.Sleep(5000);
130 |
131 | // Generate certificate
132 | var certificate = await acmeClient.GenerateCertificateAsync(account, order, Settings.CertificateFileName);
133 |
134 | // Save files locally
135 | await LocalFileHandler.WriteAsync(Settings.CertificateFileName + ".pfx", certificate.GeneratePfx(Settings.CertificatePassword));
136 | await LocalFileHandler.WriteAsync(Settings.CertificateFileName + ".crt", certificate.GenerateCrt(Settings.CertificatePassword));
137 | await LocalFileHandler.WriteAsync(Settings.CertificateFileName + ".crt.pem", certificate.GenerateCrtPem(Settings.CertificatePassword));
138 | await LocalFileHandler.WriteAsync(Settings.CertificateFileName + ".key.pem", certificate.GenerateKeyPem());
139 |
140 | Console.WriteLine("Step 4 - Done");
141 | }
142 | }
143 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.ConsoleApp/Settings.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 | using System.Configuration;
3 |
4 | namespace LetsEncrypt.ConsoleApp
5 | {
6 | public class Settings
7 | {
8 | public string ContactEmail => GetValue(nameof(ContactEmail));
9 |
10 | public List Domains
11 | {
12 | get
13 | {
14 | var domains = GetValue(nameof(Domains));
15 | var result = new List();
16 | foreach (var item in domains.Split(','))
17 | {
18 | result.Add(item.Trim());
19 | }
20 |
21 | return result;
22 | }
23 | }
24 |
25 | public string CertificateFileName => GetValue(nameof(CertificateFileName));
26 | public string CertificatePassword => GetValue(nameof(CertificatePassword));
27 |
28 | // Private Methods
29 |
30 | private string GetValue(string key)
31 | {
32 | return ConfigurationManager.AppSettings[key];
33 | }
34 | }
35 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Test/FullProcessMT.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client;
2 | using LetsEncrypt.Client.Entities;
3 | using NUnit.Framework;
4 | using System;
5 | using System.Collections.Generic;
6 | using System.Threading.Tasks;
7 |
8 | namespace LetsEncrypt.Test
9 | {
10 | public class FullProcessMT : BaseUT
11 | {
12 | protected string ContactEmail = "au@turingion.com";
13 | protected Uri EnviromentUri = ApiEnvironment.LetsEncryptV2Staging;
14 | protected List Identifiers = new List { "turingion.com", "*.turingion.com" };
15 |
16 | [Test]
17 | public async Task Run()
18 | {
19 | // Create client alias core object + specify which environment you want to use
20 | var acmeClient = new AcmeClient(EnviromentUri);
21 |
22 | // Create new Account
23 | var account = await acmeClient.CreateNewAccountAsync(ContactEmail);
24 |
25 | // Create new Order
26 | var order = await acmeClient.NewOrderAsync(account, Identifiers);
27 |
28 | // Create DNS challenge (DNS is required for wildcard certificate)
29 | var challenges = await acmeClient.GetDnsChallenges(account, order);
30 |
31 | // Creation of all DNS entries
32 | foreach (var challenge in challenges)
33 | {
34 | var dnsKey = challenge.VerificationKey;
35 | var dnsText = challenge.VerificationValue;
36 | // value can be e.g.: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM
37 |
38 | // Create DNS TXT record e.g.:
39 | // key: _acme-challenge.your.domain.com
40 | // value: eBAdFvukOz4Qq8nIVFPmNrMKPNlO8D1cr9bl8VFFsJM
41 | }
42 |
43 | // Validation of all DNS entries
44 | foreach (var challenge in challenges)
45 | {
46 | await acmeClient.ValidateChallengeAsync(account, challenge);
47 |
48 | // Verify status of challenge
49 | var freshChallenge = await acmeClient.GetChallengeAsync(account, challenge);
50 | if (freshChallenge.Status == ChallengeStatus.Invalid)
51 | {
52 | throw new Exception("Something is wrong with your DNS TXT record(s)!");
53 | }
54 | }
55 |
56 | // Generate certificate
57 | var certificate = await acmeClient.GenerateCertificateAsync(account, order, "Turingion.com");
58 |
59 | // Save files locally
60 | var password = "YourSuperSecretPassword";
61 | await LocalFileHandler.WriteAsync("Turingion.com.pfx", certificate.GeneratePfx(password));
62 | await LocalFileHandler.WriteAsync("Turingion.com.crt", certificate.GenerateCrt(password));
63 | await LocalFileHandler.WriteAsync("Turingion.com.crt.pem", certificate.GenerateCrtPem(password));
64 | await LocalFileHandler.WriteAsync("Turingion.com.key.pem", certificate.GenerateKeyPem());
65 |
66 | Assert.Pass();
67 | }
68 | }
69 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Test/LetsEncrypt.Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netcoreapp3.1
5 |
6 | false
7 |
8 |
9 |
10 |
11 |
12 |
13 | all
14 | runtime; build; native; contentfiles; analyzers; buildtransitive
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Test/Startup.cs:
--------------------------------------------------------------------------------
1 | using LetsEncrypt.Client.Interfaces;
2 | using LetsEncrypt.Client.IO;
3 | using LetsEncrypt.Client.Loggers;
4 | using Microsoft.Extensions.DependencyInjection;
5 | using System;
6 |
7 | namespace LetsEncrypt.Test
8 | {
9 | public class Startup
10 | {
11 | #region Fields + Properties
12 |
13 | private static Lazy _serviceProvider = new Lazy(InitDependencyInjection);
14 | protected static IServiceProvider ServiceProvider => _serviceProvider.Value;
15 |
16 | protected static ILogger Logger => ServiceProvider.GetRequiredService();
17 | protected static LocalStorage LocalFileHandler => ServiceProvider.GetRequiredService();
18 |
19 | #endregion Fields + Properties
20 |
21 | // Private Methods
22 |
23 | private static IServiceProvider InitDependencyInjection()
24 | {
25 | var services = new ServiceCollection();
26 | services.AddSingleton(); // ConsoleLogger
27 | services.AddSingleton(typeof(LocalStorage));
28 |
29 | return services.BuildServiceProvider();
30 | }
31 | }
32 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.Test/_BaseUT.cs:
--------------------------------------------------------------------------------
1 | namespace LetsEncrypt.Test
2 | {
3 | public class BaseUT : Startup
4 | {
5 | }
6 | }
--------------------------------------------------------------------------------
/Source/LetsEncrypt.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29609.76
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Core", "Core", "{9AA4004D-2418-4292-8C36-8E359011FE1A}"
7 | EndProject
8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Test", "Test", "{7667E905-1FDB-41B8-8F5C-8D7625D11AD9}"
9 | EndProject
10 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Presentation", "Presentation", "{CC891FCA-E195-44DC-8076-54C4BABCE119}"
11 | EndProject
12 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "_SolutionItems", "_SolutionItems", "{2C470E82-13FC-4932-ABB0-EF97DC2A639C}"
13 | ProjectSection(SolutionItems) = preProject
14 | ..\README.md = ..\README.md
15 | EndProjectSection
16 | EndProject
17 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LetsEncrypt.Client", "LetsEncrypt.Client\LetsEncrypt.Client.csproj", "{8356492B-89F1-4C3B-ABE9-41F0FE3C7F86}"
18 | EndProject
19 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LetsEncrypt.ConsoleApp", "LetsEncrypt.ConsoleApp\LetsEncrypt.ConsoleApp.csproj", "{E4A94890-7AF0-4C1A-8040-E4925CC66CAE}"
20 | EndProject
21 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LetsEncrypt.Test", "LetsEncrypt.Test\LetsEncrypt.Test.csproj", "{63E252A0-5C4C-4F71-AA92-FEFA2825294A}"
22 | EndProject
23 | Global
24 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
25 | Debug|Any CPU = Debug|Any CPU
26 | Release|Any CPU = Release|Any CPU
27 | EndGlobalSection
28 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
29 | {8356492B-89F1-4C3B-ABE9-41F0FE3C7F86}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
30 | {8356492B-89F1-4C3B-ABE9-41F0FE3C7F86}.Debug|Any CPU.Build.0 = Debug|Any CPU
31 | {8356492B-89F1-4C3B-ABE9-41F0FE3C7F86}.Release|Any CPU.ActiveCfg = Release|Any CPU
32 | {8356492B-89F1-4C3B-ABE9-41F0FE3C7F86}.Release|Any CPU.Build.0 = Release|Any CPU
33 | {E4A94890-7AF0-4C1A-8040-E4925CC66CAE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
34 | {E4A94890-7AF0-4C1A-8040-E4925CC66CAE}.Debug|Any CPU.Build.0 = Debug|Any CPU
35 | {E4A94890-7AF0-4C1A-8040-E4925CC66CAE}.Release|Any CPU.ActiveCfg = Release|Any CPU
36 | {E4A94890-7AF0-4C1A-8040-E4925CC66CAE}.Release|Any CPU.Build.0 = Release|Any CPU
37 | {63E252A0-5C4C-4F71-AA92-FEFA2825294A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
38 | {63E252A0-5C4C-4F71-AA92-FEFA2825294A}.Debug|Any CPU.Build.0 = Debug|Any CPU
39 | {63E252A0-5C4C-4F71-AA92-FEFA2825294A}.Release|Any CPU.ActiveCfg = Release|Any CPU
40 | {63E252A0-5C4C-4F71-AA92-FEFA2825294A}.Release|Any CPU.Build.0 = Release|Any CPU
41 | EndGlobalSection
42 | GlobalSection(SolutionProperties) = preSolution
43 | HideSolutionNode = FALSE
44 | EndGlobalSection
45 | GlobalSection(NestedProjects) = preSolution
46 | {8356492B-89F1-4C3B-ABE9-41F0FE3C7F86} = {9AA4004D-2418-4292-8C36-8E359011FE1A}
47 | {E4A94890-7AF0-4C1A-8040-E4925CC66CAE} = {CC891FCA-E195-44DC-8076-54C4BABCE119}
48 | {63E252A0-5C4C-4F71-AA92-FEFA2825294A} = {7667E905-1FDB-41B8-8F5C-8D7625D11AD9}
49 | EndGlobalSection
50 | GlobalSection(ExtensibilityGlobals) = postSolution
51 | SolutionGuid = {25ED67A4-330F-49AC-9DFB-F1B57E856DEB}
52 | EndGlobalSection
53 | EndGlobal
54 |
--------------------------------------------------------------------------------
/Source/RemoveBinAndObj.bat:
--------------------------------------------------------------------------------
1 | FOR /F "tokens=*" %%G IN ('DIR /B /AD /S bin') DO RMDIR /S /Q "%%G"
2 | FOR /F "tokens=*" %%G IN ('DIR /B /AD /S obj') DO RMDIR /S /Q "%%G"
3 | pause
--------------------------------------------------------------------------------
/azure-pipelines.yml:
--------------------------------------------------------------------------------
1 | # ASP.NET Core
2 | # Build and test ASP.NET Core projects targeting .NET Core.
3 | # Add steps that run tests, create a NuGet package, deploy, and more:
4 | # https://docs.microsoft.com/azure/devops/pipelines/languages/dotnet-core
5 |
6 | trigger:
7 | - master
8 |
9 | pool:
10 | vmImage: 'ubuntu-latest'
11 |
12 | variables:
13 | buildConfiguration: 'Release'
14 |
15 | steps:
16 | - script: dotnet build --configuration $(buildConfiguration)
17 | displayName: 'dotnet build $(buildConfiguration)'
18 |
--------------------------------------------------------------------------------