/// <summary> /// Save certificates to the specified certificate storage mechanism. /// </summary> /// <param name="builder"></param> /// <param name="storeName"> /// The name of the store. /// By convention, HTTPS certs should be in <see cref="StoreName.My"/> /// </param> /// <param name="storeLocation"> /// The location of the store. Normally you should use <see cref="StoreLocation.CurrentUser"/> /// because <see cref="StoreLocation.LocalMachine"/> typically requires admin access. /// </param> /// <returns></returns> public static ILetsEncryptServiceBuilder PersistCertificatesToLocalX509Store(this ILetsEncryptServiceBuilder builder, StoreName storeName, StoreLocation storeLocation) { builder.Services.AddSingleton <ICertificateRepository>(new X509StoreRepository(storeName, storeLocation)); return(builder); }
/// <summary> /// Save Let's Encrypt data to a directory. /// Certificates are stored in the .pfx (PKCS #12) format in a subdirectory of <paramref name="directory"/>. /// Account key information is stored in a JSON format in a different subdirectory of <paramref name="directory"/>. /// </summary> /// <param name="builder"></param> /// <param name="directory">The root directory for storing information. Information may be stored in subdirectories.</param> /// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param> /// <returns></returns> public static ILetsEncryptServiceBuilder PersistDataToDirectory( this ILetsEncryptServiceBuilder builder, DirectoryInfo directory, string?pfxPassword) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } if (directory is null) { throw new ArgumentNullException(nameof(directory)); } var otherFileSystemRepoServices = builder .Services .Where(d => d.ServiceType == typeof(ICertificateRepository) && d.ImplementationInstance != null && d.ImplementationInstance.GetType() == typeof(FileSystemCertificateRepository)); foreach (var serviceDescriptor in otherFileSystemRepoServices) { var otherRepo = (FileSystemCertificateRepository)serviceDescriptor.ImplementationInstance; if (otherRepo.RootDir.Equals(directory)) { if (otherRepo.PfxPassword != pfxPassword) { throw new ArgumentException($"Another file system repo has been configured for {directory}, but with a different password."); } return(builder); } } var implementationInstance = new FileSystemCertificateRepository(directory, pfxPassword); builder.Services .AddSingleton <ICertificateRepository>(implementationInstance) .AddSingleton <ICertificateSource>(implementationInstance); builder.Services.TryAddSingleton <IAccountStore>(services => new FileSystemAccountStore(directory, services.GetRequiredService <ILogger <FileSystemAccountStore> >(), services.GetRequiredService <IOptions <LetsEncryptOptions> >(), services.GetRequiredService <IHostEnvironment>())); return(builder); }
/// <summary> /// Persists certificates to configured key vault. /// </summary> /// <param name="builder">A LetsEncrypt service builder.</param> /// <param name="configure">Configuration for KeyVault connections.</param> /// <returns>The original LetsEncrypt service builder.</returns> public static ILetsEncryptServiceBuilder PersistCertificatesToAzureKeyVault(this ILetsEncryptServiceBuilder builder, Action <AzureKeyVaultCertificateRepositoryOptions> configure) { builder.Services.TryAddSingleton <AzureKeyVaultCertificateRepository>(); builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton <ICertificateRepository, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>())); builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton <ICertificateSource, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>())); var options = builder.Services .AddOptions <AzureKeyVaultCertificateRepositoryOptions>() .Configure(configure); #if FEATURE_VALIDATE_DATA_ANNOTATIONS options.ValidateDataAnnotations(); #endif return(builder); }
/// <summary> /// Save generated certificates to a directory in the .pfx format. /// </summary> /// <param name="builder"></param> /// <param name="directory">The directory where .pfx files will be saved.</param> /// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param> /// <returns></returns> public static ILetsEncryptServiceBuilder PersistCertificatesToDirectory( this ILetsEncryptServiceBuilder builder, DirectoryInfo directory, string?pfxPassword) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } if (directory is null) { throw new ArgumentNullException(nameof(directory)); } builder.Services.AddSingleton <ICertificateRepository>(new FileSystemCertificateRepository(directory, pfxPassword)); return(builder); }
/// <summary> /// Persists certificates to configured key vault. /// </summary> /// <param name="builder">A LetsEncrypt service builder.</param> /// <returns>The original LetsEncrypt service builder.</returns> public static ILetsEncryptServiceBuilder PersistCertificatesToAzureKeyVault(this ILetsEncryptServiceBuilder builder) => builder.PersistCertificatesToAzureKeyVault(_ => { });
/// <summary> /// Save certificates to the current user's certificate storage mechanism. /// </summary> /// <param name="builder"></param> /// <returns></returns> public static ILetsEncryptServiceBuilder PersistCertificatesToLocalX509Store(this ILetsEncryptServiceBuilder builder) => builder.PersistCertificatesToLocalX509Store(StoreName.My, StoreLocation.CurrentUser);