public async Task TestChallengeRequestHttp01()
{
var site = await iisManager.GetIISSiteById(_siteId);
Assert.AreEqual(site.Name, testSiteName);
var dummyManagedCertificate = new ManagedCertificate
{
Id = Guid.NewGuid().ToString(),
Name = testSiteName,
GroupId = site.Id.ToString(),
RequestConfig = new CertRequestConfig
{
PrimaryDomain = testSiteDomain,
Challenges = new ObservableCollection <CertRequestChallengeConfig>(
new List <CertRequestChallengeConfig>
{
new CertRequestChallengeConfig {
ChallengeType = "http-01"
}
}),
PerformAutoConfig = true,
PerformAutomatedCertBinding = true,
PerformChallengeFileCopy = true,
PerformExtensionlessConfigChecks = true,
WebsiteRootPath = testSitePath
},
ItemType = ManagedCertificateType.SSL_LetsEncrypt_LocalIIS
};
var result = await certifyManager.PerformCertificateRequest(null, dummyManagedCertificate);
//ensure cert request was successful
Assert.IsTrue(result.IsSuccess, "Certificate Request Not Completed");
//check details of cert, subject alternative name should include domain and expiry must be great than 89 days in the future
var managedCertificates = await certifyManager.GetManagedCertificates();
var managedCertificate = managedCertificates.FirstOrDefault(m => m.Id == dummyManagedCertificate.Id);
//emsure we have a new managed site
Assert.IsNotNull(managedCertificate);
//have cert file details
Assert.IsNotNull(managedCertificate.CertificatePath);
var fileExists = System.IO.File.Exists(managedCertificate.CertificatePath);
Assert.IsTrue(fileExists);
//check cert is correct
var certInfo = CertificateManager.LoadCertificate(managedCertificate.CertificatePath);
Assert.IsNotNull(certInfo);
var isRecentlyCreated = Math.Abs((DateTime.UtcNow - certInfo.NotBefore).TotalDays) < 2;
Assert.IsTrue(isRecentlyCreated);
var expiresInFuture = (certInfo.NotAfter - DateTime.UtcNow).TotalDays >= 89;
Assert.IsTrue(expiresInFuture);
// remove managed site
await certifyManager.DeleteManagedCertificate(managedCertificate.Id);
}
public async Task TestBindingMatch()
{
// create test site with mix of hostname and IP only bindings
var testStr = "abc123";
PrimaryTestDomain = $"test-{testStr}." + PrimaryTestDomain;
var testBindingSiteName = "TestAllBinding_" + testStr;
var testSiteDomain = "test" + testStr + "." + PrimaryTestDomain;
if (await iisManager.SiteExists(testBindingSiteName))
{
await iisManager.DeleteSite(testBindingSiteName);
}
// create site with IP all unassigned, no hostname
var site = await iisManager.CreateSite(testBindingSiteName, "", PrimaryIISRoot, "DefaultAppPool", port : testSiteHttpPort);
// add another hostname binding (matching cert and not matching cert)
var testDomains = new List <string> {
testSiteDomain, "label1." + testSiteDomain, "nested.label." + testSiteDomain
};
await iisManager.AddSiteBindings(site.Id.ToString(), testDomains, testSiteHttpPort);
// get fresh instance of site since updates
site = await iisManager.GetIISSiteById(site.Id.ToString());
var bindingsBeforeApply = site.Bindings.ToList();
Assert.AreEqual(site.Name, testBindingSiteName);
var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
var managedCertificate = new ManagedCertificate
{
Id = Guid.NewGuid().ToString(),
Name = testSiteName,
ServerSiteId = site.Id.ToString(),
UseStagingMode = true,
RequestConfig = new CertRequestConfig
{
PrimaryDomain = testSiteDomain,
Challenges = new ObservableCollection <CertRequestChallengeConfig>(
new List <CertRequestChallengeConfig>
{
new CertRequestChallengeConfig {
ChallengeType = "http-01"
}
}),
PerformAutoConfig = true,
PerformAutomatedCertBinding = true,
PerformChallengeFileCopy = true,
PerformExtensionlessConfigChecks = true,
WebsiteRootPath = testSitePath,
DeploymentSiteOption = DeploymentOption.SingleSite,
DeploymentBindingMatchHostname = true,
DeploymentBindingBlankHostname = true,
DeploymentBindingReplacePrevious = true,
SubjectAlternativeNames = new string[] { testSiteDomain, "label1." + testSiteDomain }
},
ItemType = ManagedCertificateType.SSL_ACME,
CertificatePath = dummyCertPath
};
var actions = await new BindingDeploymentManager().StoreAndDeployManagedCertificate(
iisManager.GetDeploymentTarget(),
managedCertificate, dummyCertPath, "",
false);
foreach (var a in actions)
{
System.Console.WriteLine(a.Description);
}
// get cert info to compare hash
var certInfo = CertificateManager.LoadCertificate(managedCertificate.CertificatePath);
// check IIS site bindings
site = await iisManager.GetIISSiteById(site.Id.ToString());
var finalBindings = site.Bindings.ToList();
Assert.IsTrue(bindingsBeforeApply.Count < finalBindings.Count, "Should have new bindings");
try
{
// check we have the new bindings we expected
// blank hostname binding
var testBinding = finalBindings.FirstOrDefault(b => b.Host == "" && b.Protocol == "https");
Assert.IsTrue(IsCertHashEqual(testBinding.CertificateHash, certInfo.GetCertHash()), "Blank hostname binding should be added and have certificate set");
// TODO: testDomains includes matches and not matches to test
foreach (var d in testDomains)
{
// check san domain now has an https binding
testBinding = finalBindings.FirstOrDefault(b => b.Host == d && b.Protocol == "https");
if (!d.StartsWith("nested."))
{
Assert.IsNotNull(testBinding);
Assert.IsTrue(IsCertHashEqual(testBinding.CertificateHash, certInfo.GetCertHash()), "hostname binding should be added and have certificate set");
}
else
{
Assert.IsNull(testBinding, "nested binding should be null");
}
}
// check existing bindings have been updated as expected
/*foreach (var b in finalBindings)
* {
* if (b.Protocol == "https")
* {
* // check this item is one we should have included (is matching domain or has
* // no hostname)
* bool shouldBeIncluded = false;
*
* if (!String.IsNullOrEmpty(b.Host))
* {
* if (testDomains.Contains(b.Host))
* {
* shouldBeIncluded = true;
* }
* }
* else
* {
* shouldBeIncluded = true;
* }
*
* bool isCertMatch = StructuralComparisons.StructuralEqualityComparer.Equals(b.CertificateHash, certInfo.GetCertHash());
*
* if (shouldBeIncluded)
* {
* Assert.IsTrue(isCertMatch, "Binding should have been updated with cert hash but was not.");
* }
* else
* {
* Assert.IsFalse(isCertMatch, "Binding should not have been updated with cert hash but was.");
* }
* }
* }*/
}
finally
{
// clean up IIS either way
await iisManager.DeleteSite(testBindingSiteName);
if (certInfo != null)
{
CertificateManager.RemoveCertificate(certInfo);
}
}
}