Example #1
0
        /// <summary>
        /// Creates or updates the htttps bindings associated with the dns names in the current
        /// request config, using the requested port/ips or autobinding
        /// </summary>
        /// <param name="requestConfig"></param>
        /// <param name="pfxPath"></param>
        /// <param name="cleanupCertStore"></param>
        /// <returns></returns>
        internal bool InstallCertForRequest(ManagedSite managedSite, string pfxPath, bool cleanupCertStore)
        {
            var requestConfig = managedSite.RequestConfig;

            if (new System.IO.FileInfo(pfxPath).Length == 0)
            {
                throw new ArgumentException("InstallCertForRequest: Invalid PFX File");
            }

            //store cert against primary domain
            var storedCert = CertificateManager.StoreCertificate(requestConfig.PrimaryDomain, pfxPath);

            if (storedCert != null)
            {
                var site = FindManagedSite(managedSite);

                //get list of domains we need to create/update https bindings for
                List <string> dnsHosts = new List <string> {
                    requestConfig.PrimaryDomain
                };
                if (requestConfig.SubjectAlternativeNames != null)
                {
                    dnsHosts.AddRange(requestConfig.SubjectAlternativeNames);
                }

                dnsHosts = dnsHosts.Distinct().ToList();

                // add/update required bindings for each dns hostname
                foreach (var hostname in dnsHosts)
                {
                    //match dns host to IIS site
                    if (String.IsNullOrWhiteSpace(hostname))
                    {
                        throw new ArgumentException("InstallCertForRequest: Invalid (empty) DNS hostname supplied");
                    }

                    if (site != null)
                    {
                        //create/update binding and associate new cert
                        //if any binding elements configured, use those, otherwise auto bind using defaults and SNI
                        InstallCertificateforBinding(site, storedCert, hostname,
                                                     sslPort: !String.IsNullOrWhiteSpace(requestConfig.BindingPort) ? int.Parse(requestConfig.BindingPort) : 443,
                                                     useSNI: (requestConfig.BindingUseSNI != null ? (bool)requestConfig.BindingUseSNI : true),
                                                     ipAddress: !String.IsNullOrWhiteSpace(requestConfig.BindingIPAddress) ? requestConfig.BindingIPAddress : null
                                                     );
                    }
                }

                if (cleanupCertStore)
                {
                    //remove old certs for this primary domain
                    CertificateManager.CleanupCertificateDuplicates(storedCert, requestConfig.PrimaryDomain);
                }

                return(true);
            }
            else
            {
                return(false);
            }
        }
Example #2
0
        /// <summary>
        /// Creates or updates the htttps bindings associated with the dns names in the current
        /// request config, using the requested port/ips or autobinding
        /// </summary>
        /// <param name="requestConfig"></param>
        /// <param name="pfxPath"></param>
        /// <param name="cleanupCertStore"></param>
        /// <returns></returns>
        internal async Task <bool> InstallCertForRequest(ManagedSite managedSite, string pfxPath, bool cleanupCertStore)
        {
            var requestConfig = managedSite.RequestConfig;

            if (new System.IO.FileInfo(pfxPath).Length == 0)
            {
                throw new ArgumentException("InstallCertForRequest: Invalid PFX File");
            }

            //store cert against primary domain
            string certStoreName = CertificateManager.GetDefaultStore().Name;
            var    storedCert    = await CertificateManager.StoreCertificate(requestConfig.PrimaryDomain, pfxPath, isRetry : false, enableRetryBehaviour : _enableCertDoubleImportBehaviour);

            if (storedCert != null)
            {
                var certHash = storedCert.GetCertHash();
                var site     = FindManagedSite(managedSite);

                //get list of domains we need to create/update https bindings for
                List <string> dnsHosts = new List <string> {
                    ToUnicodeString(requestConfig.PrimaryDomain)
                };

                if (requestConfig.SubjectAlternativeNames != null)
                {
                    foreach (var san in requestConfig.SubjectAlternativeNames)
                    {
                        dnsHosts.Add(ToUnicodeString(san));
                    }
                    //dnsHosts.AddRange(requestConfig.SubjectAlternativeNames);
                }

                dnsHosts = dnsHosts.Distinct().ToList();

                // add/update required bindings for each dns hostname
                foreach (var hostname in dnsHosts)
                {
                    //match dns host to IIS site
                    if (String.IsNullOrWhiteSpace(hostname))
                    {
                        throw new ArgumentException("InstallCertForRequest: Invalid (empty) DNS hostname supplied");
                    }

                    if (site != null)
                    {
                        //TODO: if the binding fails we should report it, requires reporting a list of binding results

                        //create/update binding and associate new cert
                        //if any binding elements configured, use those, otherwise auto bind using defaults and SNI
                        InstallCertificateforBinding(certStoreName, certHash, site, hostname,
                                                     sslPort: !String.IsNullOrWhiteSpace(requestConfig.BindingPort) ? int.Parse(requestConfig.BindingPort) : 443,
                                                     useSNI: (requestConfig.BindingUseSNI != null ? (bool)requestConfig.BindingUseSNI : true),
                                                     ipAddress: !String.IsNullOrWhiteSpace(requestConfig.BindingIPAddress) ? requestConfig.BindingIPAddress : null,
                                                     alwaysRecreateBindings: requestConfig.AlwaysRecreateBindings
                                                     );
                    }
                }

                if (cleanupCertStore)
                {
                    //remove old certs for this primary domain
                    CertificateManager.CleanupCertificateDuplicates(storedCert, requestConfig.PrimaryDomain);
                }

                return(true);
            }
            else
            {
                return(false);
            }
        }