public async Task TestCertCleanupAtExpiry()
{
// create and store a number of test certificates
var cert1 = CreateAndStoreTestCertificate("cert-test1.example.com", new DateTime(1935, 01, 01), new DateTime(1935, 03, 01));
var cert2 = CreateAndStoreTestCertificate("cert-test2.example.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01));
var cert3 = CreateAndStoreTestCertificate("cert-test3.example.com", new DateTime(1936, 01, 01), new DateTime(1936, 07, 01));
var cert4 = CreateAndStoreTestCertificate("cert-test4.example.com", new DateTime(1936, 01, 01), new DateTime(1936, 05, 15));
// create test site for bindings, add bindings
var iisManager = new ServerProviderIIS();
var testSiteDomain = "cert-test.example.com";
if (await iisManager.SiteExists(testSiteDomain))
{
await iisManager.DeleteSite(testSiteDomain);
}
var site = await iisManager.CreateSite(testSiteDomain, testSiteDomain, PrimaryIISRoot, "DefaultAppPool");
await iisManager.AddOrUpdateSiteBinding(
new Models.BindingInfo
{
SiteId = site.Id.ToString(),
Host = testSiteDomain,
CertificateHash = cert2.Thumbprint,
CertificateStore = "MY",
IsSNIEnabled = false,
Port = 443,
Protocol = "https"
}, addNew : true
);
// run cleanup process, removes certs which have expired for over a month and have
// [Certify] in the friendly name
CertificateManager.PerformCertificateStoreCleanup(Models.CertificateCleanupMode.AfterExpiry, new DateTime(1936, 06, 01), null, null);
// check the correct certificates have been removed
try
{
// check cert test 1 removed (expired)
Assert.IsFalse(CertificateManager.IsCertificateInStore(cert1), "Cert 1 Should Be Removed");
// check cert test 2 removed (expired)
Assert.IsFalse(CertificateManager.IsCertificateInStore(cert2), "Cert 2 Should Be Removed");
// check cert test 3 exists (not expired)
Assert.IsTrue(CertificateManager.IsCertificateInStore(cert3), "Cert 3 Should Not Be Removed");
// check cert test 4 removed (expired, but for less than 1 month)
Assert.IsFalse(CertificateManager.IsCertificateInStore(cert4), "Cert 4 Should Be Removed");
}
finally
{
// clean up after test
await iisManager.DeleteSite(site.Name);
CertificateManager.RemoveCertificate(cert1);
CertificateManager.RemoveCertificate(cert2);
CertificateManager.RemoveCertificate(cert3);
CertificateManager.RemoveCertificate(cert4);
}
}
public async Task TestCertCleanupByThumbprint()
{
// create and store a number of test certificates
var cert1 = CreateAndStoreTestCertificate("cert-test1.example.com", new DateTime(1935, 01, 01), new DateTime(1935, 03, 01));
var cert2 = CreateAndStoreTestCertificate("cert-test2.example.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01));
var cert3 = CreateAndStoreTestCertificate("cert-test2.example.com", new DateTime(1936, 01, 01), new DateTime(1938, 03, 01));
// create test site for bindings, add bindings
var iisManager = new ServerProviderIIS();
var testSiteDomain = "cert-test.example.com";
if (await iisManager.SiteExists(testSiteDomain))
{
await iisManager.DeleteSite(testSiteDomain);
}
var site = await iisManager.CreateSite(testSiteDomain, testSiteDomain, PrimaryIISRoot, "DefaultAppPool");
await iisManager.AddOrUpdateSiteBinding(
new Models.BindingInfo
{
SiteId = site.Id.ToString(),
Host = testSiteDomain,
CertificateHash = cert2.Thumbprint,
CertificateStore = "MY",
IsSNIEnabled = false,
Port = 443,
Protocol = "https"
}, addNew : true
);
// run cleanup process, removes certs by name, excluding the given thumbprints
CertificateManager.PerformCertificateStoreCleanup(
Models.CertificateCleanupMode.AfterRenewal,
new DateTime(1936, 06, 01),
matchingName: "cert-test2.example.com",
excludedThumbprints: new List <string> {
cert3.Thumbprint
});
// check the correct certificates have been removed
try
{
// check cert test 1 not removed (does not match)
Assert.IsTrue(CertificateManager.IsCertificateInStore(cert1), "Cert 1 Should Not Be Removed");
// check cert test 2 removed (does match)
Assert.IsFalse(CertificateManager.IsCertificateInStore(cert2), "Cert 2 Should Be Removed");
// check cert test 3 exists (matches but is excluded by thumbprint)
Assert.IsTrue(CertificateManager.IsCertificateInStore(cert3), "Cert 3 Should Not Be Removed");
}
finally
{
// clean up after test
await iisManager.DeleteSite(site.Name);
CertificateManager.RemoveCertificate(cert1);
CertificateManager.RemoveCertificate(cert2);
CertificateManager.RemoveCertificate(cert3);
}
}
public async Task TestManySiteBindingUpdates()
{
var numSites = 100;
// create a large number of site bindings, to see if we encounter isses saving IIS changes
try
{
var allResults = new List <ActionStep>();
for (var i = 0; i < numSites; i++)
{
var domain = "site_" + i + "_toomany.com";
var testSiteName = "ManySites_" + i;
if (await iisManager.SiteExists(testSiteName))
{
await iisManager.DeleteSite(testSiteName);
}
await iisManager.CreateSite(testSiteName, "site_" + i + "_toomany.com", PrimaryIISRoot, null, protocol : "http");
var site = await iisManager.GetSiteBindingByDomain(domain);
for (var d = 0; d < 2; d++)
{
var testDomain = Guid.NewGuid().ToString() + domain;
allResults.Add(await iisManager.AddOrUpdateSiteBinding(new BindingInfo
{
SiteId = site.SiteId,
Host = testDomain,
PhysicalPath = PrimaryIISRoot
}, addNew: true));
}
}
// now attempt async creation of bindings
var allBindingTasksSet1 = new List <Task <ActionStep> >();
var allBindingTasksSet2 = new List <Task <ActionStep> >();
for (var i = 0; i < numSites; i++)
{
var domain = "site_" + i + "_toomany.com";
var testSiteName = "ManySites_" + i;
var site = await iisManager.GetSiteBindingByDomain(domain);
for (var d = 0; d < 2; d++)
{
var testDomain = Guid.NewGuid().ToString() + domain;
if (i < numSites / 2)
{
allBindingTasksSet1.Add(iisManager.AddOrUpdateSiteBinding(new BindingInfo
{
SiteId = site.SiteId,
Host = testDomain,
PhysicalPath = PrimaryIISRoot
}, addNew: true));
}
else
{
allBindingTasksSet2.Add(iisManager.AddOrUpdateSiteBinding(new BindingInfo
{
SiteId = site.SiteId,
Host = testDomain,
PhysicalPath = PrimaryIISRoot
}, addNew: true));
}
}
}
ThreadPool.QueueUserWorkItem(async x =>
{
Thread.Sleep(500);
var results = await Task.WhenAll <ActionStep>(allBindingTasksSet1);
// verify all actions ok
Assert.IsFalse(results.Any(r => r.HasError), "Thread1: One or more actions failed");
});
ThreadPool.QueueUserWorkItem(async x =>
{
var results = await Task.WhenAll <ActionStep>(allBindingTasksSet2);
// verify all actions ok
Assert.IsFalse(results.Any(r => r.HasError), "Thread2: One or more actions failed");
});
}
finally
{
// now clean up
for (var i = 0; i < numSites; i++)
{
var testSiteName = "ManySites_" + i;
var domain = "site_" + i + "_toomany.com";
try
{
await iisManager.DeleteSite(testSiteName);
}
catch { }
}
}
}