Comments (8)
Possibly, that was the approach I took in the original ACMESharp project, but I decided to simplify it, this time around by using plain interface and implementations approach (i.e. just new up one of the included implementations (RSA or ECDSA) that come in the box).
However, if it makes it easier with your approach, let's explore it.
from acmesharpcore.
So i dug a Little bit around and explored some ideas about the JwsTool and thus the keys.
My initial problem was, that i was not able to understand how the ACMEClient obtains the first key for creating an account and storing that.
Your examples made that clear and I think what you are doing with the AccountKey in the CLI-Sample should be a first-class Citizen of the Implementation.
Also I think the jwsTool itself should be more internal and a wrapper, which takes just the jwsAlgorithmName OR the AccountKey as Parameters should be created and enabled to Export the AlgorithmName and Parameters as somhow serializable object.
Also I did not see a good reason for using init() (without making sure, it has been called - all sorts of malice can happen, if you do not call it) over a .ctor with proper Parameters.
Last but not least, I think creating a default IJwsTool (and thus a key) in the ACMEProtocolClient is not a good thing to do. It "hides" away the JwsTool, which and it's key, despite beeing rather important.
The Client should enforce getting a proper initialized JwsTool from the caller, just to make the caller perfectly aware of this tool and the key it uses.
from acmesharpcore.
I forked and added a proposal, but it's an early state. Also I did not fixup the Tests, yet
from acmesharpcore.
Good points, once you make the PR available, let's discuss.
I agree with your thinking about hiding away the IJwsTool, should force the user to set that explicitly, no defaults.
from acmesharpcore.
I am nearly happy with the implementation now.
Unfortunately it imposes an Dependency on Newtonsoft.Json on the PS-Module. The dependency could be removed, if the PublicJWK would be an object and not a string.
I'd probably be able to port over the JwsSigner to PS. This does not look too hard …
Independent of the PSModule, I think this PR would be worth joining, since it removes Default signers and makes the Keys a little bit more visible. I also made sure, that a constructed object is well initialized.
And Renamed some functions to be more clear About the Purpose.
from acmesharpcore.
I think the dependency on NS.Json is OK, so much of other Microsoft sanctioned base code (i.e. ASP.NET Core) is already taking a dependency on it. But if we want to isolate it that's possible too, we would just need to create the abstractions of JSON use (serialization/deserialization and controlling the behavior through alternate attributes, etc.).
That could be a worthwhile effort in the future, perhaps as an improvement but I wouldn't worry about it for now.
Oh and the reason I export a string is to remove any ambiguity about how to serialize the object, for example if it's just an object, what if the fields of the object need to be serialized in a special way, such as order-dependent (which is true for the canonical format used to generate signatures) or if you need to serialize members under a different name in JSON format than what they are called in the class representation?
from acmesharpcore.
Well since I was able to create a new account with the current Version of the module, I'll leave it that way for now :)
from acmesharpcore.
I think PR #7 is worth a shot..
The factory is extensible, if it needs to be, and can create the algorithms, which are provided via the implementation.
from acmesharpcore.
Related Issues (20)
- ACMECLI example code does not export private key with PKCS12 HOT 2
- order state before submitting to finalize HOT 4
- Example code used by ACMECLI resets KeySize for RSA algorithm
- on install Deadlock detected AcmeSharpCore:String HOT 2
- exception with unknown problem type HOT 2
- Unable to refresh / renew certificate earlier?
- System.Private.Uri: Value cannot be null when creating a new account HOT 1
- PKISharp.SimplePKI NuGet is not up to date HOT 2
- GetAuthorizationDetailsAsync() throws AcmeProtocolException HOT 2
- Intermediate cert HOT 1
- Cannot specify certificate validity period HOT 3
- IP identifiers HOT 8
- Can it be provided as nuget asp.net The integration of core kestel
- Support "alternate" certificate links for different Root CA HOT 1
- Missing certificate chain HOT 1
- GetAuthorizationDetailsAsync started giving 405 for letsencrypt HOT 4
- Maintenance State HOT 3
- How do I export domain TLS private key from ACMECLI? HOT 3
- ZeroSSL bad request problem on Windows
- Implementation Question
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acmesharpcore.