// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers()
.AddNewtonsoftJson(o =>
{
o.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
o.SerializerSettings.Formatting = Formatting.Indented;
});
var dn = "CN=Test Memory Root CA";
var key = RSA.Create(2048);
var rootCert = CertificateEnrollmentService.GenerateCertificate(dn, dn, key, key);
rootCert = rootCert.CopyWithPrivateKey(key);
var dn2 = "CN=Test CA";
var key2 = RSA.Create(2048);
var caCert = CertificateEnrollmentService.GenerateCertificate(dn, dn2, key, key2);
caCert = caCert.CopyWithPrivateKey(key2);
services.AddAcmeMemoryRepositories();
services.AddAcmeServerServices(o =>
{
o.OrdersPageSize = 1;
o.BaseAddress = "https://localhost:5003/";
o.DownloadCertificateFormat = DownloadCertificateFormat.PemCertificateChain;
o.ExtraCertificateStorage = new X509Certificate2Collection(new X509Certificate2[] { rootCert, caCert });
o.ExternalAccountOptions = new ExternalAccountOptions
{
Type = ExternalAccountType.None,
};
});
services.Replace(ServiceDescriptor.Transient <ICertificateEnrollmentService, CertificateEnrollmentService>());
}
/// <summary>
/// Revokes <see cref="ICertificate"/>
/// </summary>
/// <param name="order"><see cref="IOrder"/></param>
/// <param name="reason">Revoke reason</param>
public void RevokeCertificate(IOrder order, RevokeReason reason)
{
// revoke
Task.Run(async() => await CertificateEnrollmentService.Revoke(order, reason))
.Wait();
// update status
order.Certificate.Revoked = true;
OrderRepository.Update(order);
Logger.Info("Certificate {thumbprint} revoked", order.Certificate.Thumbprint);
}
/// <inheritdoc/>
public IOrder EnrollCertificate(int accountId, int orderId, FinalizeOrder @params)
{
#region Check arguments
if (@params is null)
{
throw new ArgumentNullException(nameof(@params));
}
#endregion
var order = GetById(accountId, orderId);
// Check status ready
if (order.Status != OrderStatus.Ready)
{
throw new AcmeException(ErrorType.OrderNotReady);
}
var certificateEnrollParams = new CertificateEnrollParams()
{
Order = order,
Params = @params,
};
try
{
OnEnrollCertificateBefore(certificateEnrollParams);
}
catch (Exception ex)
{
// return invalid order
CreateOrderError(ex, certificateEnrollParams.Order);
return(certificateEnrollParams.Order);
}
order.Status = OrderStatus.Processing;
OrderRepository.Update(order);
Logger.Info("Order {id} status updated to {status}", order.Id, order.Status);
// check cancel
if (!certificateEnrollParams.Cancel)
{
Task
.Run(async() =>
{
var requestRaw = Base64Url.Decode(@params.Csr);
var request = new Pkcs10CertificateRequest(requestRaw);
var certificate = await CertificateEnrollmentService.Enroll(order, request); // todo ? using certEnrollParams
order.Certificate = OrderRepository.CreateCertificate(certificate);
OrderRepository.Update(order);
OnEnrollCertificateTask(certificateEnrollParams);
})
.ContinueWith(t =>
{
if (t.IsFaulted)
{
// TODO Optimize Error assignment
CreateOrderError(t.Exception.InnerException, order);
}
if (t.IsCompleted)
{
if (order.Status == OrderStatus.Processing)
{
order.Status = OrderStatus.Valid;
OrderRepository.Update(order);
Logger.Info("Certificate {thumbprint} for Order {id} issued successfully", order.Certificate.Thumbprint, order.Id);
}
}
Logger.Info("Order {id} status updated to {status}", order.Id, order.Status);
});
}
return(order);
}