public void OverridesDefaultAcmeServer(string environmentName)
{
var env = new HostingEnvironment
{
EnvironmentName = environmentName
};
var useStaging = new LetsEncryptOptions
{
UseStagingServer = true,
};
Assert.Equal(
WellKnownServers.LetsEncryptStagingV2,
useStaging.GetAcmeServer(env));
var useProduction = new LetsEncryptOptions
{
UseStagingServer = false,
};
Assert.Equal(
WellKnownServers.LetsEncryptV2,
useProduction.GetAcmeServer(env));
}
private void EnsureAgreementToTermsOfServices(LetsEncryptOptions options, Uri tosUri)
{
if (options.AcceptTermsOfService)
{
return;
}
if (!Console.IsInputRedirected)
{
Console.BackgroundColor = ConsoleColor.DarkBlue;
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("By proceeding, you must agree with Let's Encrypt terms of services.");
Console.WriteLine(tosUri);
Console.Write("Do you accept? [Y/n] ");
Console.ResetColor();
try
{
Console.CursorVisible = true;
}
catch { }
var result = Console.ReadLine().Trim();
if (string.IsNullOrEmpty(result) ||
string.Equals("y", result, StringComparison.OrdinalIgnoreCase))
{
return;
}
}
_logger.LogError($"You must accept the terms of service to continue.");
throw new InvalidOperationException("Could not automatically accept the terms of service");
}
public CertificateValidator(
LetsEncryptOptions options,
ILogger <CertificateValidator> logger)
{
_options = options;
_logger = logger;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
var cacheFolder = "certcache";
if (!Directory.Exists(cacheFolder))
{
Directory.CreateDirectory(cacheFolder);
}
var leOptions = new LetsEncryptOptions
{
EmailAddress = "*****@*****.**",
AcceptTermsOfService = true,
CacheFolder = cacheFolder,
Hosts = new string[] { "example.com" },
EncryptionPassword = "******",
};
services.AddHttpsRedirection(options =>
{
options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
options.HttpsPort = 443;
});
services.AddLetsEncrypt(leOptions);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public X509CertStoreTests(ITestOutputHelper output)
{
_output = output;
_options = new LetsEncryptOptions();
_certStore = new X509CertStore(Options.Create(_options), NullLogger <X509CertStore> .Instance)
{
AllowInvalidCerts = true
};
}
/// <summary>
/// The uri to the server that implements the ACME protocol for certificate generation.
/// </summary>
internal static Uri GetAcmeServer(LetsEncryptOptions options, IHostEnvironment env)
{
var useStaging = options.UseStagingServerExplicitlySet
? options.UseStagingServer
: env.IsDevelopment();
return(useStaging
? WellKnownServers.LetsEncryptStagingV2
: WellKnownServers.LetsEncryptV2);
}
public CertificateStore(
IOptionsMonitor <LetsEncryptOptions> options,
IEnumerable <ICertificateStoreProvider> providers,
ILogger <CertificateStore> logger)
{
_options = options.CurrentValue;
options.OnChange((newOptions) => _options = newOptions);
_providers = providers ?? throw new ArgumentNullException(nameof(providers));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public AzureAppServiceSslBindingCertificatePersistenceStrategy(
AzureOptions azureOptions,
LetsEncryptOptions letsEncryptOptions,
ILogger <IAzureAppServiceSslBindingCertificatePersistenceStrategy> logger)
{
_azureOptions = azureOptions;
_letsEncryptOptions = letsEncryptOptions;
_logger = logger;
_client = Authenticate();
}
private static void ValidateOptions(LetsEncryptOptions options)
{
options.ArgNotNull(nameof(options));
// Validate options
options.Email.OptionNotBlank(nameof(LetsEncryptOptions.Email));
options.Hostname.OptionNotBlank(nameof(LetsEncryptOptions.Hostname));
options.FriendlyName.OptionNotBlank(nameof(LetsEncryptOptions.FriendlyName));
// Validate authority options
options.Authority?.Name.OptionNotBlank($"{nameof(LetsEncryptOptions.Authority)}.{nameof(Authority.Name)}");
options.Authority?.DirectoryUri.OptionNotBlank($"{nameof(LetsEncryptOptions.Authority)}.{nameof(Authority.DirectoryUri)}");
}
public AcmeChallengeRequester(
LetsEncryptOptions options,
IEnumerable <ILogger> loggers,
IApplicationLifetime application,
IHttpChallengeResponseStore responseStore,
ICertificateSaver certificateSaver,
ErrorReporter errorReporter)
{
_options = options;
_logger = loggers.FirstOrDefault();
_application = application;
_responseStore = responseStore;
_certificateSaver = certificateSaver;
_errorReporter = errorReporter;
}
public static void AddFluffySpoonLetsEncrypt(
this IServiceCollection services,
LetsEncryptOptions options)
{
services.AddTransient <IConfigureOptions <KestrelServerOptions>, KestrelOptionsSetup>();
services.AddFluffySpoonLetsEncryptPersistenceService();
services.AddSingleton(options);
services.AddSingleton <ILetsEncryptClientFactory, LetsEncryptClientFactory>();
services.AddSingleton <ICertificateValidator, CertificateValidator>();
services.AddSingleton <ICertificateProvider, CertificateProvider>();
services.AddTransient <ILetsEncryptRenewalService, LetsEncryptRenewalService>();
services.AddTransient <IHostedService, LetsEncryptRenewalService>();
}
public CertificateProvider(
LetsEncryptOptions options,
ICertificateValidator certificateValidator,
IPersistenceService persistenceService,
ILetsEncryptClientFactory clientFactory,
ILogger <CertificateProvider> logger)
{
var domains = options.Domains?.Distinct().ToArray();
if (domains == null || domains.Length == 0)
{
throw new ArgumentException("Domains configuration invalid");
}
_domains = domains;
_persistenceService = persistenceService;
_clientFactory = clientFactory;
_certificateValidator = certificateValidator;
_logger = logger;
}
public CertificateRenewalService(
CertificateSelector certificateSelector,
IOptionsMonitor <LetsEncryptOptions> letsEncryptOptions,
ICertificateStore certificateStore,
ILetsEncryptService letsEncryptService,
IOptionsMonitor <TimedHostedServiceOptions> options,
IEnumerable <ITimedHostedLifeCycleHook> lifeCycleHooks,
ILogger <ITimedHostedService> logger) : base(options, lifeCycleHooks, logger)
{
_certificateSelector = certificateSelector ?? throw new System.ArgumentNullException(nameof(certificateSelector));
_options = letsEncryptOptions.CurrentValue;
letsEncryptOptions.OnChange(newOptions => _options = newOptions);
_letsEncryptService = letsEncryptService ?? throw new System.ArgumentNullException(nameof(letsEncryptService));
_logger = logger ?? throw new System.ArgumentNullException(nameof(logger));
_certificateStore = certificateStore ?? throw new System.ArgumentNullException(nameof(certificateStore));
TaskToExecuteAsync = (token) => RequestCertificate(token);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
var cacheFolder = "certcache";
if (!Directory.Exists(cacheFolder))
{
Directory.CreateDirectory(cacheFolder);
}
var leOptions = new LetsEncryptOptions
{
EmailAddress = "*****@*****.**",
AcceptTermsOfService = true,
CacheFolder = cacheFolder,
Hosts = new string[] { "example.com" },
EncryptionPassword = "******",
};
services.AddLetsEncrypt(leOptions);
services.AddProxy();
}
public void Initialize()
{
var persistenceService = Substitute.For <IPersistenceService>();
var options = new LetsEncryptOptions
{
Domains = new[] { "test.com" },
Email = "*****@*****.**",
KeyAlgorithm = KeyAlgorithm.ES512,
UseStaging = true,
};
var certificateValidator = Substitute.For <ICertificateValidator>();
certificateValidator.IsCertificateValid(null).Returns(false);
certificateValidator.IsCertificateValid(RefEq(InvalidCert)).Returns(false);
certificateValidator.IsCertificateValid(RefEq(ValidCert)).Returns(true);
var client = Substitute.For <ILetsEncryptClient>();
var factory = Substitute.For <ILetsEncryptClientFactory>();
factory.GetClient().Returns(Task.FromResult(client));
var sut = new CertificateProvider(
options,
certificateValidator,
persistenceService,
factory,
NullLogger <CertificateProvider> .Instance);
PersistenceService = persistenceService;
CertificateValidator = certificateValidator;
LetsEncryptClientFactory = factory;
LetsEncryptClient = client;
Sut = sut;
}
public CertificateSelector(IOptionsMonitor <LetsEncryptOptions> options)
{
_options = options.CurrentValue;
options.OnChange(newOptions => _options = newOptions);
}
public LetsEncrypt(LetsEncryptOptions options)
{
Options = options.ArgNotNull(nameof(options));
}
