public async Task TestBindingMatch() { // create test site with mix of hostname and IP only bindings var testStr = "abc123"; PrimaryTestDomain = $"test-{testStr}." + PrimaryTestDomain; var testBindingSiteName = "TestAllBinding_" + testStr; var testSiteDomain = "test" + testStr + "." + PrimaryTestDomain; if (await iisManager.SiteExists(testBindingSiteName)) { await iisManager.DeleteSite(testBindingSiteName); } // create site with IP all unassigned, no hostname var site = await iisManager.CreateSite(testBindingSiteName, "", PrimaryIISRoot, "DefaultAppPool", port : testSiteHttpPort); // add another hostname binding (matching cert and not matching cert) var testDomains = new List <string> { testSiteDomain, "label1." + testSiteDomain, "nested.label." + testSiteDomain }; await iisManager.AddSiteBindings(site.Id.ToString(), testDomains, testSiteHttpPort); // get fresh instance of site since updates site = await iisManager.GetIISSiteById(site.Id.ToString()); var bindingsBeforeApply = site.Bindings.ToList(); Assert.AreEqual(site.Name, testBindingSiteName); var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx"; var managedCertificate = new ManagedCertificate { Id = Guid.NewGuid().ToString(), Name = testSiteName, ServerSiteId = site.Id.ToString(), UseStagingMode = true, RequestConfig = new CertRequestConfig { PrimaryDomain = testSiteDomain, Challenges = new ObservableCollection <CertRequestChallengeConfig>( new List <CertRequestChallengeConfig> { new CertRequestChallengeConfig { ChallengeType = "http-01" } }), PerformAutoConfig = true, PerformAutomatedCertBinding = true, PerformChallengeFileCopy = true, PerformExtensionlessConfigChecks = true, WebsiteRootPath = testSitePath, DeploymentSiteOption = DeploymentOption.SingleSite, DeploymentBindingMatchHostname = true, DeploymentBindingBlankHostname = true, DeploymentBindingReplacePrevious = true, SubjectAlternativeNames = new string[] { testSiteDomain, "label1." + testSiteDomain } }, ItemType = ManagedCertificateType.SSL_ACME, CertificatePath = dummyCertPath }; var actions = await new BindingDeploymentManager().StoreAndDeployManagedCertificate( iisManager.GetDeploymentTarget(), managedCertificate, dummyCertPath, "", false); foreach (var a in actions) { System.Console.WriteLine(a.Description); } // get cert info to compare hash var certInfo = CertificateManager.LoadCertificate(managedCertificate.CertificatePath); // check IIS site bindings site = await iisManager.GetIISSiteById(site.Id.ToString()); var finalBindings = site.Bindings.ToList(); Assert.IsTrue(bindingsBeforeApply.Count < finalBindings.Count, "Should have new bindings"); try { // check we have the new bindings we expected // blank hostname binding var testBinding = finalBindings.FirstOrDefault(b => b.Host == "" && b.Protocol == "https"); Assert.IsTrue(IsCertHashEqual(testBinding.CertificateHash, certInfo.GetCertHash()), "Blank hostname binding should be added and have certificate set"); // TODO: testDomains includes matches and not matches to test foreach (var d in testDomains) { // check san domain now has an https binding testBinding = finalBindings.FirstOrDefault(b => b.Host == d && b.Protocol == "https"); if (!d.StartsWith("nested.")) { Assert.IsNotNull(testBinding); Assert.IsTrue(IsCertHashEqual(testBinding.CertificateHash, certInfo.GetCertHash()), "hostname binding should be added and have certificate set"); } else { Assert.IsNull(testBinding, "nested binding should be null"); } } // check existing bindings have been updated as expected /*foreach (var b in finalBindings) * { * if (b.Protocol == "https") * { * // check this item is one we should have included (is matching domain or has * // no hostname) * bool shouldBeIncluded = false; * * if (!String.IsNullOrEmpty(b.Host)) * { * if (testDomains.Contains(b.Host)) * { * shouldBeIncluded = true; * } * } * else * { * shouldBeIncluded = true; * } * * bool isCertMatch = StructuralComparisons.StructuralEqualityComparer.Equals(b.CertificateHash, certInfo.GetCertHash()); * * if (shouldBeIncluded) * { * Assert.IsTrue(isCertMatch, "Binding should have been updated with cert hash but was not."); * } * else * { * Assert.IsFalse(isCertMatch, "Binding should not have been updated with cert hash but was."); * } * } * }*/ } finally { // clean up IIS either way await iisManager.DeleteSite(testBindingSiteName); if (certInfo != null) { CertificateManager.RemoveCertificate(certInfo); } } }