public AcmeService(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
{
this.baseURI = config.BaseUri ?? (config.UseProduction ? "https://acme-v01.api.letsencrypt.org/" : "https://acme-staging.api.letsencrypt.org/");
this.configPath = ConfigPath(this.baseURI);
this.config = config;
this.authorizeChallengeProvider = authorizeChallengeProvider;
}
public CertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, ICertificateService certificateService, IAuthorizationChallengeProvider challengeProvider)
{
this.settings = settings;
this.certificateService = certificateService;
this.acmeConfig = acmeConfig;
this.challengeProvider = challengeProvider;
}
internal async Task <CertificateInstallModel> RequestAndInstallInternalAsync(IAcmeConfig config)
{
Trace.TraceInformation("RequestAndInstallInternal");
var model = await RequestInternalAsync(config);
this.certificateService.Install(model);
return(model);
}
private static async Task ValidateResponse(IAcmeConfig acmeConfig, HttpResponseMessage res)
{
var bodyResp = await res.Content.ReadAsStringAsync();
Console.WriteLine(bodyResp);
Assert.AreEqual(System.Net.HttpStatusCode.OK, res.StatusCode);
var certificateModel = JsonConvert.DeserializeObject <CertificateInstallModel>(bodyResp);
var cert = new X509Certificate(certificateModel.CertificateInfo.PfxCertificate, acmeConfig.PFXPassword);
Assert.IsTrue(cert.Subject.Contains(acmeConfig.Host));
File.WriteAllBytes(acmeConfig.Host + ".pfx", certificateModel.CertificateInfo.PfxCertificate);
}
/// <summary>
/// For backwards compatability
/// </summary>
/// <param name="config"></param>
public CertificateManager(AppSettingsAuthConfig config)
{
this.settings = config;
this.acmeConfig = config;
this.challengeProvider = new KuduFileSystemAuthorizationChallengeProvider(this.settings, new AuthorizationChallengeProviderConfig()
{
DisableWebConfigUpdate = config.DisableWebConfigUpdate
});
this.certificateService = new CertificateService(this.settings, new CertificateServiceSettings()
{
UseIPBasedSSL = config.UseIPBasedSSL
});
}
internal async Task <CertificateInstallModel> RequestInternalAsync(IAcmeConfig config)
{
var service = new AcmeService(config, this.challengeProvider);
var cert = await service.RequestCertificate();
var model = new CertificateInstallModel()
{
CertificateInfo = cert,
AllDnsIdentifiers = config.Hostnames.ToList(),
Host = config.Host,
};
return(model);
}
internal async Task <CertificateInstallModel> RequestAndInstallInternalAsync(IAcmeConfig config)
{
Trace.TraceInformation("RequestAndInstallInternal");
try
{
var model = await RequestInternalAsync(config);
await this.certificateService.Install(model);
return(model);
}
catch (Exception e)
{
Console.WriteLine($"Error during Request or install certificate {e.ToString()}");
Trace.TraceError($"Error during Request or install certificate {e.ToString()}");
throw;
}
}
/// <summary>
/// For backwards compatability
/// </summary>
/// <param name="config"></param>
public CertificateManager(AppSettingsAuthConfig config)
{
this.settings = config;
this.acmeConfig = config;
string storageAccount = AuthorizationChallengeBlobStorageAccount();
if (string.IsNullOrEmpty(storageAccount))
{
this.challengeProvider = new KuduFileSystemAuthorizationChallengeProvider(this.settings, new AuthorizationChallengeProviderConfig()
{
DisableWebConfigUpdate = config.DisableWebConfigUpdate
});
}
else
{
this.challengeProvider = NewBlobStorageAuthorizationChallengeProvider();
}
this.certificateService = new WebAppCertificateService(this.settings, new CertificateServiceSettings()
{
UseIPBasedSSL = config.UseIPBasedSSL
});
}
public AcmeService(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
{
if (string.IsNullOrEmpty(config.BaseUri))
{
this.acmeenvironment = (config.UseProduction ? WellKnownServers.LetsEncryptV2 : WellKnownServers.LetsEncryptStagingV2);
}
else
{
this.acmeenvironment = new Uri(config.BaseUri);
}
if (string.Equals(this.acmeenvironment.Host, "acme-v01.api.letsencrypt.org", StringComparison.InvariantCultureIgnoreCase) ||
string.Equals(this.acmeenvironment.Host, "acme-staging.api.letsencrypt.org", StringComparison.InvariantCultureIgnoreCase))
{
throw new ArgumentException($"Please use let's encrypt version 2 API, baseUri was set to {this.acmeenvironment}");
}
this.configPath = ConfigPath(this.acmeenvironment.AbsoluteUri);
this.config = config;
this.authorizeChallengeProvider = authorizeChallengeProvider;
}
internal async Task <string> RequestAndInstallInternalAsync(IAcmeConfig config)
{
try
{
Trace.TraceInformation("RequestAndInstallInternal");
var service = new AcmeService(config, this.challengeProvider);
var cert = await service.RequestCertificate();
this.certificateService.Install(new CertificateInstallModel()
{
CertificateInfo = cert,
AllDnsIdentifiers = config.Hostnames.ToList(),
Host = config.Host,
});
return(cert.Certificate.Thumbprint);
}
catch (Exception ex)
{
Trace.TraceError("Unabled to create Azure Web Site Management client " + ex.ToString());
throw;
}
}
/// <summary>
/// Returns a <see cref="CertificateManager"/> configured to use HTTP Challenge, placing the challenge file on Azure Web App
/// using Kudu, and assigning the obtained certificate directly to the web app service.
/// </summary>
/// <param name="settings"></param>
/// <param name="acmeConfig"></param>
/// <param name="certSettings"></param>
/// <param name="authProviderConfig"></param>
/// <returns></returns>
public static CertificateManager CreateKuduWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAuthorizationChallengeProviderConfig authProviderConfig)
{
return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new KuduFileSystemAuthorizationChallengeProvider(settings, authProviderConfig)));
}
/// <summary>
/// Returns a <see cref="CertificateManager"/> configured to use HTTP Challenge, placing the challenge file on Azure Blob Storage,
/// and assigning the obtained certificate directly to the web app service.
/// </summary>
/// <param name="settings"></param>
/// <param name="acmeConfig"></param>
/// <param name="certSettings"></param>
/// <returns></returns>
public static CertificateManager CreateBlobWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings)
{
return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), NewBlobStorageAuthorizationChallengeProvider()));
}
public CertificateManager(IAzureEnvironment settings, IAcmeConfig acmeConfig, ICertificateServiceSettings certSettings, IAuthorizationChallengeProviderConfig authProviderConfig)
: this(settings, acmeConfig, new CertificateService(settings, certSettings), new KuduFileSystemAuthorizationChallengeProvider(settings, authProviderConfig))
{
}
/// <summary>
/// Request a certificate from lets encrypt using the DNS challenge, placing the challenge record in Azure DNS.
/// The certifiacte is not assigned, but just returned.
/// </summary>
/// <param name="azureDnsEnvironment"></param>
/// <param name="acmeConfig"></param>
/// <returns></returns>
public static async Task <CertificateInstallModel> RequestDnsChallengeCertificate(IAzureDnsEnvironment azureDnsEnvironment, IAcmeConfig acmeConfig)
{
return(await new CertificateManager(null, acmeConfig, null, new AzureDnsAuthorizationChallengeProvider(azureDnsEnvironment)).RequestInternalAsync(acmeConfig));
}
/// <summary>
/// Returns a <see cref="CertificateManager"/> configured to use DNS Challenge, placing the challenge record in Azure DNS,
/// and assigning the obtained certificate directly to the web app service.
/// </summary>
/// <param name="settings"></param>
/// <param name="acmeConfig"></param>
/// <param name="certSettings"></param>
/// <param name="dnsEnvironment"></param>
/// <returns></returns>
public static CertificateManager CreateAzureDnsWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAzureDnsEnvironment dnsEnvironment)
{
return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment)));
}
internal CertificateInstallModel RequestAndInstallInternal(IAcmeConfig config)
{
return(RequestAndInstallInternalAsync(config).GetAwaiter().GetResult());
}
internal string RequestAndInstallInternal(IAcmeConfig config)
{
return(RequestAndInstallInternalAsync(config).GetAwaiter().GetResult());
}