/// <summary>
/// Save certificates to the specified certificate storage mechanism.
/// </summary>
/// <param name="builder"></param>
/// <param name="storeName">
/// The name of the store.
/// By convention, HTTPS certs should be in <see cref="StoreName.My"/>
/// </param>
/// <param name="storeLocation">
/// The location of the store. Normally you should use <see cref="StoreLocation.CurrentUser"/>
/// because <see cref="StoreLocation.LocalMachine"/> typically requires admin access.
/// </param>
/// <returns></returns>
public static ILetsEncryptServiceBuilder PersistCertificatesToLocalX509Store(this ILetsEncryptServiceBuilder builder,
StoreName storeName,
StoreLocation storeLocation)
{
builder.Services.AddSingleton <ICertificateRepository>(new X509StoreRepository(storeName, storeLocation));
return(builder);
}
/// <summary>
/// Save Let's Encrypt data to a directory.
/// Certificates are stored in the .pfx (PKCS #12) format in a subdirectory of <paramref name="directory"/>.
/// Account key information is stored in a JSON format in a different subdirectory of <paramref name="directory"/>.
/// </summary>
/// <param name="builder"></param>
/// <param name="directory">The root directory for storing information. Information may be stored in subdirectories.</param>
/// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param>
/// <returns></returns>
public static ILetsEncryptServiceBuilder PersistDataToDirectory(
this ILetsEncryptServiceBuilder builder,
DirectoryInfo directory,
string?pfxPassword)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
if (directory is null)
{
throw new ArgumentNullException(nameof(directory));
}
var otherFileSystemRepoServices = builder
.Services
.Where(d => d.ServiceType == typeof(ICertificateRepository) &&
d.ImplementationInstance != null &&
d.ImplementationInstance.GetType() == typeof(FileSystemCertificateRepository));
foreach (var serviceDescriptor in otherFileSystemRepoServices)
{
var otherRepo = (FileSystemCertificateRepository)serviceDescriptor.ImplementationInstance;
if (otherRepo.RootDir.Equals(directory))
{
if (otherRepo.PfxPassword != pfxPassword)
{
throw new ArgumentException($"Another file system repo has been configured for {directory}, but with a different password.");
}
return(builder);
}
}
var implementationInstance = new FileSystemCertificateRepository(directory, pfxPassword);
builder.Services
.AddSingleton <ICertificateRepository>(implementationInstance)
.AddSingleton <ICertificateSource>(implementationInstance);
builder.Services.TryAddSingleton <IAccountStore>(services => new FileSystemAccountStore(directory,
services.GetRequiredService <ILogger <FileSystemAccountStore> >(),
services.GetRequiredService <IOptions <LetsEncryptOptions> >(),
services.GetRequiredService <IHostEnvironment>()));
return(builder);
}
/// <summary>
/// Persists certificates to configured key vault.
/// </summary>
/// <param name="builder">A LetsEncrypt service builder.</param>
/// <param name="configure">Configuration for KeyVault connections.</param>
/// <returns>The original LetsEncrypt service builder.</returns>
public static ILetsEncryptServiceBuilder PersistCertificatesToAzureKeyVault(this ILetsEncryptServiceBuilder builder,
Action <AzureKeyVaultCertificateRepositoryOptions> configure)
{
builder.Services.TryAddSingleton <AzureKeyVaultCertificateRepository>();
builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton <ICertificateRepository, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>()));
builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton <ICertificateSource, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>()));
var options = builder.Services
.AddOptions <AzureKeyVaultCertificateRepositoryOptions>()
.Configure(configure);
#if FEATURE_VALIDATE_DATA_ANNOTATIONS
options.ValidateDataAnnotations();
#endif
return(builder);
}
/// <summary>
/// Save generated certificates to a directory in the .pfx format.
/// </summary>
/// <param name="builder"></param>
/// <param name="directory">The directory where .pfx files will be saved.</param>
/// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param>
/// <returns></returns>
public static ILetsEncryptServiceBuilder PersistCertificatesToDirectory(
this ILetsEncryptServiceBuilder builder,
DirectoryInfo directory,
string?pfxPassword)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
if (directory is null)
{
throw new ArgumentNullException(nameof(directory));
}
builder.Services.AddSingleton <ICertificateRepository>(new FileSystemCertificateRepository(directory, pfxPassword));
return(builder);
}
/// <summary>
/// Persists certificates to configured key vault.
/// </summary>
/// <param name="builder">A LetsEncrypt service builder.</param>
/// <returns>The original LetsEncrypt service builder.</returns>
public static ILetsEncryptServiceBuilder PersistCertificatesToAzureKeyVault(this ILetsEncryptServiceBuilder builder)
=> builder.PersistCertificatesToAzureKeyVault(_ => { });
/// <summary> /// Save certificates to the current user's certificate storage mechanism. /// </summary> /// <param name="builder"></param> /// <returns></returns> public static ILetsEncryptServiceBuilder PersistCertificatesToLocalX509Store(this ILetsEncryptServiceBuilder builder) => builder.PersistCertificatesToLocalX509Store(StoreName.My, StoreLocation.CurrentUser);
