diff options
| author | Wouter Tinus <win.acme.simple@gmail.com> | 2020-03-04 21:42:12 +0100 |
|---|---|---|
| committer | Wouter Tinus <win.acme.simple@gmail.com> | 2020-03-04 21:42:12 +0100 |
| commit | e9434395c6f54d3af91d3c0ddb090460fd48902e (patch) | |
| tree | 1ec53d3eab83d23f6cf5d9ba28d630dfc8492b38 /src | |
| parent | 70362142c245e3b2a8bec0e920f98292ddbc0b9f (diff) | |
| download | letsencrypt-win-simple-e9434395c6f54d3af91d3c0ddb090460fd48902e.zip letsencrypt-win-simple-e9434395c6f54d3af91d3c0ddb090460fd48902e.tar.gz letsencrypt-win-simple-e9434395c6f54d3af91d3c0ddb090460fd48902e.tar.bz2 | |
Support full directory url as baseuri
Diffstat (limited to 'src')
| -rw-r--r-- | src/main.lib/Clients/Acme/AcmeClient.cs | 84 |
1 files changed, 59 insertions, 25 deletions
diff --git a/src/main.lib/Clients/Acme/AcmeClient.cs b/src/main.lib/Clients/Acme/AcmeClient.cs index c13dda8..4d3af8e 100644 --- a/src/main.lib/Clients/Acme/AcmeClient.cs +++ b/src/main.lib/Clients/Acme/AcmeClient.cs @@ -12,7 +12,9 @@ using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; +using System.Net.Http; using System.Net.Mail; +using System.Security.Authentication; using System.Security.Cryptography; using System.Threading.Tasks; @@ -64,9 +66,6 @@ namespace PKISharp.WACS.Clients.Acme internal async Task ConfigureAcmeClient() { - var httpClient = _proxyService.GetHttpClient(); - httpClient.BaseAddress = _settings.BaseUri; - _log.Verbose("Loading ACME account signer..."); IJwsTool? signer = null; var accountSigner = AccountSigner; @@ -75,10 +74,39 @@ namespace PKISharp.WACS.Clients.Acme signer = accountSigner.JwsTool(); } + var httpClient = _proxyService.GetHttpClient(); + httpClient.BaseAddress = _settings.BaseUri; + var client = PrepareClient(httpClient, signer); + try + { + client.Directory = await client.GetDirectoryAsync(); + } + catch (Exception) + { + // Perhaps the BaseUri *is* the directory, such + // as implemented by Digicert (#1434) + client.Directory.Directory = ""; + client.Directory = await client.GetDirectoryAsync(); + } + await client.GetNonceAsync(); + client.Account = await LoadAccount(client, signer); + if (client.Account == null) + { + throw new Exception("AcmeClient was unable to find or create an account"); + } + _client = client; + } + + internal AcmeProtocolClient PrepareClient( + HttpClient httpClient, + IJwsTool? signer, + ServiceDirectory? dir = null) + { + AcmeProtocolClient? client = null; _log.Verbose("Constructing ACME protocol client..."); try { - _client = new AcmeProtocolClient( + client = new AcmeProtocolClient( httpClient, signer: signer, usePostAsGet: _settings.Acme.PostAsGet); @@ -97,7 +125,7 @@ namespace PKISharp.WACS.Clients.Acme KeySize = _settings.Security.RSAKeyBits }; signer.Init(); - _client = new AcmeProtocolClient( + client = new AcmeProtocolClient( httpClient, signer: signer, usePostAsGet: _settings.Acme.PostAsGet); @@ -107,15 +135,9 @@ namespace PKISharp.WACS.Clients.Acme throw; } } - _client.BeforeHttpSend = (x, r) => _log.Debug("Send {method} request to {uri}", r.Method, r.RequestUri); - _client.AfterHttpSend = (x, r) => _log.Verbose("Request completed with status {s}", r.StatusCode); - _client.Directory = await _client.GetDirectoryAsync(); - await _client.GetNonceAsync(); - _client.Account = await LoadAccount(_client, signer); - if (_client.Account == null) - { - throw new Exception("AcmeClient was unable to find or create an account"); - } + client.BeforeHttpSend = (x, r) => _log.Debug("Send {method} request to {uri}", r.Method, r.RequestUri); + client.AfterHttpSend = (x, r) => _log.Verbose("Request completed with status {s}", r.StatusCode); + return client; } internal async Task<AccountDetails?> GetAccount() => (await GetClient()).Account; @@ -127,7 +149,7 @@ namespace PKISharp.WACS.Clients.Acme await ConfigureAcmeClient(); _initialized = true; } - if (_client == null) + if (_client == null) { throw new InvalidOperationException(); } @@ -217,18 +239,30 @@ namespace PKISharp.WACS.Clients.Acme /// </summary> internal async Task CheckNetwork() { - var httpClient = _proxyService.GetHttpClient(); + using var httpClient = _proxyService.GetHttpClient(); httpClient.BaseAddress = _settings.BaseUri; try { - _ = await httpClient.GetStringAsync("directory"); - _log.Debug("Connection OK!"); - } - catch (Exception ex) + _log.Verbose("SecurityProtocol setting: {setting}", System.Net.ServicePointManager.SecurityProtocol); + _ = await httpClient.GetAsync("directory"); + } + catch (Exception) { - _log.Error(ex, "Error connecting to ACME server"); + _log.Warning("No luck yet, attempting to force TLS 1.2..."); + _proxyService.SslProtocols = SslProtocols.Tls12; + using var altClient = _proxyService.GetHttpClient(); + altClient.BaseAddress = _settings.BaseUri; + try + { + _ = await altClient.GetAsync("directory"); + } + catch (Exception ex) + { + _log.Error(ex, "Unable to connect to ACME server"); + return; + } } - + _log.Debug("Connection OK!"); } /// <summary> @@ -332,7 +366,7 @@ namespace PKISharp.WACS.Clients.Acme return AuthorizationDecoder.DecodeChallengeValidation(auth, challenge.Type, client.Signer); } - internal async Task<Challenge> AnswerChallenge(Challenge challenge) + internal async Task<Challenge> AnswerChallenge(Challenge challenge) { // Have to loop to wait for server to stop being pending var client = await GetClient(); @@ -378,7 +412,7 @@ namespace PKISharp.WACS.Clients.Acme /// <param name="details"></param> /// <param name="csr"></param> /// <returns></returns> - internal async Task<OrderDetails> SubmitCsr(OrderDetails details, byte[] csr) + internal async Task<OrderDetails> SubmitCsr(OrderDetails details, byte[] csr) { // First wait for the order to get "ready", meaning that all validations @@ -449,7 +483,7 @@ namespace PKISharp.WACS.Clients.Acme return await Retry(() => client.GetOrderCertificateAsync(order)); } - internal async Task RevokeCertificate(byte[] crt) + internal async Task RevokeCertificate(byte[] crt) { var client = await GetClient(); _ = await Retry(async () => client.RevokeCertificateAsync(crt, RevokeReason.Unspecified)); |