/// <summary> /// Save certificates and account data to a directory. /// Certificates are stored in the .pfx (PKCS #12) format in a subdirectory of <paramref name="directory"/>. /// Account key information is stored in a JSON format in a different subdirectory of <paramref name="directory"/>. /// </summary> /// <param name="builder"></param> /// <param name="directory">The root directory for storing information. Information may be stored in subdirectories.</param> /// <param name="pfxPassword">Set to null or empty for passwordless .pfx files.</param> /// <returns></returns> public static ILettuceEncryptServiceBuilder PersistDataToDirectory( this ILettuceEncryptServiceBuilder builder, DirectoryInfo directory, string?pfxPassword) { if (builder is null) { throw new ArgumentNullException(nameof(builder)); } if (directory is null) { throw new ArgumentNullException(nameof(directory)); } var otherFileSystemRepoServices = builder .Services .Where(d => d.ServiceType == typeof(ICertificateRepository) && d.ImplementationInstance != null && d.ImplementationInstance.GetType() == typeof(FileSystemCertificateRepository)); foreach (var serviceDescriptor in otherFileSystemRepoServices) { var otherRepo = (FileSystemCertificateRepository)serviceDescriptor.ImplementationInstance !; if (otherRepo.RootDir.Equals(directory)) { if (otherRepo.PfxPassword != pfxPassword) { throw new ArgumentException($"Another file system repo has been configured for {directory}, but with a different password."); } return(builder); } } var implementationInstance = new FileSystemCertificateRepository(directory, pfxPassword); builder.Services .AddSingleton <ICertificateRepository>(implementationInstance) .AddSingleton <ICertificateSource>(implementationInstance); builder.Services.TryAddSingleton <IAccountStore>(services => new FileSystemAccountStore(directory, services.GetRequiredService <ILogger <FileSystemAccountStore> >(), services.GetRequiredService <ICertificateAuthorityConfiguration>())); return(builder); }
/// <summary> /// Persists certificates to configured key vault. /// </summary> /// <param name="builder">A LettuceEncrypt service builder.</param> /// <param name="configure">Configuration for KeyVault connections.</param> /// <returns>The original LettuceEncrypt service builder.</returns> public static ILettuceEncryptServiceBuilder PersistCertificatesToAzureKeyVault( this ILettuceEncryptServiceBuilder builder, Action <AzureKeyVaultLettuceEncryptOptions> configure) { var services = builder.Services; services .AddSingleton <ICertificateClientFactory, CertificateClientFactory>() .AddSingleton <ISecretClientFactory, SecretClientFactory>(); services.TryAddSingleton <AzureKeyVaultCertificateRepository>(); services.TryAddSingleton <IAccountStore, AzureKeyVaultAccountStore>(); services.TryAddEnumerable( ServiceDescriptor.Singleton <ICertificateRepository, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>())); services.TryAddEnumerable( ServiceDescriptor.Singleton <ICertificateSource, AzureKeyVaultCertificateRepository>(x => x.GetRequiredService <AzureKeyVaultCertificateRepository>())); services.AddSingleton <IConfigureOptions <AzureKeyVaultLettuceEncryptOptions> >(s => { var config = s.GetService <IConfiguration?>(); return(new ConfigureOptions <AzureKeyVaultLettuceEncryptOptions>(o => config?.Bind("LettuceEncrypt:AzureKeyVault", o))); }); var options = services .AddOptions <AzureKeyVaultLettuceEncryptOptions>() .Configure(configure); #if FEATURE_VALIDATE_DATA_ANNOTATIONS options.ValidateDataAnnotations(); #endif return(builder); }
/// <summary> /// Persists certificates to configured key vault. /// </summary> /// <param name="builder">A LettuceEncrypt service builder.</param> /// <returns>The original LettuceEncrypt service builder.</returns> public static ILettuceEncryptServiceBuilder PersistCertificatesToAzureKeyVault( this ILettuceEncryptServiceBuilder builder) => builder.PersistCertificatesToAzureKeyVault(_ => { });