public void ConvertStore(LegacyScheduledRenewal legacy, Renewal ret)
{
// Configure store
if (!string.IsNullOrEmpty(legacy.CentralSslStore))
{
ret.StorePluginOptions.Add(new store.CentralSslOptions()
{
Path = legacy.CentralSslStore,
KeepExisting = legacy.KeepExisting == true
});
}
else
{
ret.StorePluginOptions.Add(new store.CertificateStoreOptions()
{
StoreName = legacy.CertificateStore,
KeepExisting = legacy.KeepExisting == true
});
}
ret.StorePluginOptions.Add(new store.PemFilesOptions()
{
Path = _settings.Cache.Path
});
ret.StorePluginOptions.Add(new store.PfxFileOptions()
{
Path = _settings.Cache.Path
});
}
public void ConvertInstallation(LegacyScheduledRenewal legacy, Renewal ret)
{
if (legacy.InstallationPluginNames == null)
{
legacy.InstallationPluginNames = new List <string>();
// Based on chosen target
if (legacy.Binding.TargetPluginName == "IISSite" ||
legacy.Binding.TargetPluginName == "IISSites" ||
legacy.Binding.TargetPluginName == "IISBinding")
{
legacy.InstallationPluginNames.Add("IIS");
}
// Based on command line
if (!string.IsNullOrEmpty(legacy.Script) || !string.IsNullOrEmpty(legacy.ScriptParameters))
{
legacy.InstallationPluginNames.Add("Manual");
}
// Cannot find anything, then it's no installation steps
if (legacy.InstallationPluginNames.Count == 0)
{
legacy.InstallationPluginNames.Add("None");
}
}
foreach (var legacyName in legacy.InstallationPluginNames)
{
switch (legacyName.ToLower())
{
case "iis":
ret.InstallationPluginOptions.Add(new install.IISWebOptions()
{
SiteId = legacy.Binding.InstallationSiteId,
NewBindingIp = legacy.Binding.SSLIPAddress,
NewBindingPort = legacy.Binding.SSLPort
});
break;
case "iisftp":
ret.InstallationPluginOptions.Add(new install.IISFtpOptions()
{
SiteId = legacy.Binding.FtpSiteId.Value
});
break;
case "manual":
ret.InstallationPluginOptions.Add(new install.ScriptOptions()
{
Script = legacy.Script,
ScriptParameters = legacy.ScriptParameters
});
break;
case "none":
ret.InstallationPluginOptions.Add(new NullInstallationOptions());
break;
}
}
}
public void ConvertTarget(LegacyScheduledRenewal legacy, Renewal ret)
{
if (string.IsNullOrEmpty(legacy.Binding.TargetPluginName))
{
switch (legacy.Binding.PluginName)
{
case "IIS":
legacy.Binding.TargetPluginName = legacy.Binding.HostIsDns == false ? "IISSite" : "IISBinding";
break;
case "IISSiteServer":
legacy.Binding.TargetPluginName = "IISSites";
break;
case "Manual":
legacy.Binding.TargetPluginName = "Manual";
break;
}
}
switch (legacy.Binding.TargetPluginName.ToLower())
{
case "iissite":
ret.TargetPluginOptions = new target.IISSiteOptions()
{
CommonName = string.IsNullOrEmpty(legacy.Binding.CommonName) ? null : legacy.Binding.CommonName,
ExcludeBindings = legacy.Binding.ExcludeBindings.ParseCsv(),
SiteId = legacy.Binding.TargetSiteId ?? legacy.Binding.SiteId ?? 0
};
break;
case "iissites":
ret.TargetPluginOptions = new target.IISSitesOptions()
{
CommonName = string.IsNullOrEmpty(legacy.Binding.CommonName) ? null : legacy.Binding.CommonName,
ExcludeBindings = legacy.Binding.ExcludeBindings.ParseCsv(),
SiteIds = legacy.Binding.Host.ParseCsv().Select(x => long.Parse(x)).ToList()
};
break;
case "manual":
ret.TargetPluginOptions = new target.ManualOptions()
{
CommonName = string.IsNullOrEmpty(legacy.Binding.CommonName) ? legacy.Binding.Host : legacy.Binding.CommonName,
AlternativeNames = legacy.Binding.AlternativeNames
};
break;
case "iisbinding":
ret.TargetPluginOptions = new target.IISBindingOptions()
{
Host = legacy.Binding.Host,
SiteId = (long)(legacy.Binding.TargetSiteId ?? legacy.Binding.SiteId)
};
break;
}
}
public Renewal Convert(LegacyScheduledRenewal legacy)
{
// Note that history is not moved, so all imported renewals
// will be due immediately. That's the ulimate test to see
// if they will actually work in the new ACMEv2 environment
var ret = Renewal.Create(null, _passwordGenerator);
ConvertTarget(legacy, ret);
ConvertValidation(legacy, ret);
ConvertStore(legacy, ret);
ConvertInstallation(legacy, ret);
ret.CsrPluginOptions = new RsaOptions();
ret.LastFriendlyName = legacy.Binding.Host;
ret.History = new List<RenewResult> {
new RenewResult("Imported") { }
};
return ret;
}
public void ConvertStore(LegacyScheduledRenewal legacy, Renewal ret)
{
// Configure store
if (!string.IsNullOrEmpty(legacy.CentralSslStore))
{
ret.StorePluginOptions = new store.CentralSslOptions()
{
Path = legacy.CentralSslStore,
KeepExisting = legacy.KeepExisting == true
};
}
else
{
ret.StorePluginOptions = new store.CertificateStoreOptions()
{
StoreName = legacy.CertificateStore,
KeepExisting = legacy.KeepExisting == true
};
}
}
public Renewal Convert(LegacyScheduledRenewal legacy)
{
// Note that history is not moved, so all imported renewals
// will be due immediately. That's the ulimate test to see
// if they will actually work in the new ACMEv2 environment
var ret = new Renewal();
ConvertTarget(legacy, ret);
ConvertValidation(legacy, ret);
ConvertStore(legacy, ret);
ConvertInstallation(legacy, ret);
ret.CsrPluginOptions = new RsaOptions();
ret.Id = ShortGuid.NewGuid().ToString();
ret.FriendlyName = legacy.Binding.Host;
ret.History = new List <RenewResult> {
new RenewResult("Imported")
{
}
};
return(ret);
}
public void ConvertValidation(LegacyScheduledRenewal legacy, Renewal ret)
{
if (legacy.Binding == null)
{
throw new Exception("Cannot convert renewal with empty binding");
}
// Configure validation
if (legacy.Binding.ValidationPluginName == null)
{
legacy.Binding.ValidationPluginName = "http-01.filesystem";
}
switch (legacy.Binding.ValidationPluginName.ToLower())
{
case "dns-01.script":
case "dns-01.dnsscript":
ret.ValidationPluginOptions = new dns.ScriptOptions()
{
CreateScript = legacy.Binding.DnsScriptOptions?.CreateScript,
CreateScriptArguments = "{Identifier} {RecordName} {Token}",
DeleteScript = legacy.Binding.DnsScriptOptions?.DeleteScript,
DeleteScriptArguments = "{Identifier} {RecordName}"
};
break;
case "dns-01.azure":
ret.ValidationPluginOptions = new CompatibleAzureOptions()
{
ClientId = legacy.Binding.DnsAzureOptions?.ClientId,
ResourceGroupName = legacy.Binding.DnsAzureOptions?.ResourceGroupName,
Secret = new ProtectedString(legacy.Binding.DnsAzureOptions?.Secret),
SubscriptionId = legacy.Binding.DnsAzureOptions?.SubscriptionId,
TenantId = legacy.Binding.DnsAzureOptions?.TenantId
};
break;
case "http-01.ftp":
ret.ValidationPluginOptions = new http.FtpOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
Credential = new NetworkCredentialOptions(legacy.Binding.HttpFtpOptions?.UserName, legacy.Binding.HttpFtpOptions?.Password)
};
break;
case "http-01.sftp":
ret.ValidationPluginOptions = new http.SftpOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
Credential = new NetworkCredentialOptions(legacy.Binding.HttpFtpOptions?.UserName, legacy.Binding.HttpFtpOptions?.Password)
};
break;
case "http-01.webdav":
var options = new http.WebDavOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath
};
if (legacy.Binding.HttpWebDavOptions != null)
{
options.Credential = new NetworkCredentialOptions(
legacy.Binding.HttpWebDavOptions.UserName,
legacy.Binding.HttpWebDavOptions.Password);
}
ret.ValidationPluginOptions = options;
break;
case "tls-sni-01.iis":
_log.Warning("TLS-SNI-01 validation was removed from ACMEv2, changing to SelfHosting. Note that this requires port 80 to be public rather than port 443.");
ret.ValidationPluginOptions = new http.SelfHostingOptions();
break;
case "http-01.iis":
case "http-01.selfhosting":
ret.ValidationPluginOptions = new http.SelfHostingOptions()
{
Port = legacy.Binding.ValidationPort
};
break;
case "http-01.filesystem":
default:
ret.ValidationPluginOptions = new http.FileSystemOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
SiteId = legacy.Binding.ValidationSiteId
};
break;
}
}
public void ConvertTarget(LegacyScheduledRenewal legacy, Renewal ret)
{
if (legacy.Binding == null)
{
throw new Exception("Cannot convert renewal with empty binding");
}
if (string.IsNullOrEmpty(legacy.Binding.TargetPluginName))
{
legacy.Binding.TargetPluginName = legacy.Binding.PluginName switch
{
"IIS" => legacy.Binding.HostIsDns == false ? "IISSite" : "IISBinding",
"IISSiteServer" => "IISSites",
_ => "Manual",
};
}
switch (legacy.Binding.TargetPluginName.ToLower())
{
case "iisbinding":
var options = new target.IISOptions();
if (!string.IsNullOrEmpty(legacy.Binding.Host))
{
options.IncludeHosts = new List <string>()
{
legacy.Binding.Host
};
}
var siteId = legacy.Binding.TargetSiteId ?? legacy.Binding.SiteId ?? 0;
if (siteId > 0)
{
options.IncludeSiteIds = new List <long>()
{
siteId
};
}
ret.TargetPluginOptions = options;
break;
case "iissite":
options = new target.IISOptions();
if (!string.IsNullOrEmpty(legacy.Binding.CommonName))
{
options.CommonName = legacy.Binding.CommonName.ConvertPunycode();
}
siteId = legacy.Binding.TargetSiteId ?? legacy.Binding.SiteId ?? 0;
if (siteId > 0)
{
options.IncludeSiteIds = new List <long>()
{
siteId
};
}
options.ExcludeHosts = legacy.Binding.ExcludeBindings.ParseCsv();
ret.TargetPluginOptions = options;
break;
case "iissites":
options = new target.IISOptions();
if (!string.IsNullOrEmpty(legacy.Binding.CommonName))
{
options.CommonName = legacy.Binding.CommonName.ConvertPunycode();
}
options.IncludeSiteIds = legacy.Binding.Host.ParseCsv().Select(x => long.Parse(x)).ToList();
options.ExcludeHosts = legacy.Binding.ExcludeBindings.ParseCsv();
ret.TargetPluginOptions = options;
break;
case "manual":
ret.TargetPluginOptions = new target.ManualOptions()
{
CommonName = string.IsNullOrEmpty(legacy.Binding.CommonName) ? legacy.Binding.Host : legacy.Binding.CommonName.ConvertPunycode(),
AlternativeNames = legacy.Binding.AlternativeNames.Select(x => x.ConvertPunycode()).ToList()
};
break;
}
}
public void ConvertValidation(LegacyScheduledRenewal legacy, Renewal ret)
{
// Configure validation
if (legacy.Binding.ValidationPluginName == null)
{
legacy.Binding.ValidationPluginName = "http-01.filesystem";
}
var plugin = legacy.Binding.ValidationPluginName.Split('.')[0];
switch (legacy.Binding.ValidationPluginName.ToLower())
{
case "dns-01.script":
case "dns-01.dnsscript":
ret.ValidationPluginOptions = new dns.ScriptOptions()
{
CreateScript = legacy.Binding.DnsScriptOptions.CreateScript,
DeleteScript = legacy.Binding.DnsScriptOptions.DeleteScript
};
break;
case "dns-01.azure":
ret.ValidationPluginOptions = new CompatibleAzureOptions()
{
ClientId = legacy.Binding.DnsAzureOptions.ClientId,
ResourceGroupName = legacy.Binding.DnsAzureOptions.ResourceGroupName,
Secret = legacy.Binding.DnsAzureOptions.Secret,
SubscriptionId = legacy.Binding.DnsAzureOptions.SubscriptionId,
TenantId = legacy.Binding.DnsAzureOptions.TenantId
};
break;
case "http-01.ftp":
ret.ValidationPluginOptions = new http.FtpOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
Credential = new NetworkCredentialOptions(legacy.Binding.HttpFtpOptions.UserName, legacy.Binding.HttpFtpOptions.Password)
};
break;
case "http-01.sftp":
ret.ValidationPluginOptions = new http.SftpOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
Credential = new NetworkCredentialOptions(legacy.Binding.HttpFtpOptions.UserName, legacy.Binding.HttpFtpOptions.Password)
};
break;
case "http-01.webdav":
ret.ValidationPluginOptions = new http.WebDavOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
Credential = new NetworkCredentialOptions(legacy.Binding.HttpWebDavOptions.UserName, legacy.Binding.HttpWebDavOptions.Password)
};
break;
case "http-01.iis":
case "http-01.selfhosting":
ret.ValidationPluginOptions = new http.SelfHostingOptions()
{
Port = legacy.Binding.ValidationPort
};
break;
case "http-01.filesystem":
default:
ret.ValidationPluginOptions = new http.FileSystemOptions()
{
CopyWebConfig = legacy.Binding.IIS == true,
Path = legacy.Binding.WebRootPath,
SiteId = legacy.Binding.ValidationSiteId
};
break;
}
}
