Exemplo n.º 1
0
        public static void AddLetsEncrypt(this IServiceCollection services, LetsEncryptOptions options)
        {
            if (!options.AcceptTermsOfService)
            {
                throw new Exception("You must accept Let’s Encrypt terms of service");
            }

            services.Configure <LetsEncryptOptions>(x =>
            {
                x.EmailAddress       = options.EmailAddress;
                x.CacheFolder        = options.CacheFolder;
                x.AccountKey         = options.AccountKey;
                x.EncryptionPassword = options.EncryptionPassword;
                x.DaysBefore         = options.DaysBefore;
                x.UseStagingServer   = options.UseStagingServer;
            });

            var selector = new CertificateSelector(options);

            foreach (var host in options.ConfiguredHosts)
            {
                var cert = host.FallBackCertificate;
                if (host.FallBackCertificate == null && !string.IsNullOrEmpty(options.CacheFolder))
                {
                    var fileName = Path.Combine(options.CacheFolder, host.HostName + ".pfx");
                    if (File.Exists(fileName))
                    {
                        cert = new X509Certificate2(fileName, options.EncryptionPassword);
                    }
                }

                selector.Use(host.HostName, cert);
            }

            ServiceLocator.SetCertificateSelector(selector);

            services.AddSingleton <CertificateSelector>(x => selector);
            services.AddSingleton <AccountManager>();
            services.AddSingleton <HttpChallengeResponseMiddleware>();
            services.AddSingleton <IHttpChallengeResponseStore, InMemoryHttpChallengeResponseStore>();

            services.AddTransient <IConfigureOptions <KestrelServerOptions>, KestrelOptionsSetup>();
            services.AddTransient <CertificateBuilderService>();

            services.AddHostedService <CertificateRequestService>();
        }
Exemplo n.º 2
0
        public async Task BuildCertificate(IOrderContext order, string hostName)
        {
            try
            {
                var privateKey = KeyFactory.NewKey(KeyAlgorithm.ES256);

                var cert = await order.Generate(new CsrInfo
                {
                    CommonName = hostName
                }, privateKey);

                var pfxBuilder = cert.ToPfx(privateKey);
                var pfx        = pfxBuilder.Build(hostName, _options.EncryptionPassword);

                var x509Cert = new X509Certificate2(pfx, _options.EncryptionPassword);

                _certificateSelector.Use(hostName, x509Cert);

                if (!string.IsNullOrEmpty(_options.CacheFolder))
                {
                    var fileName = Path.Combine(_options.CacheFolder, hostName + ".pfx");

                    if (File.Exists(fileName))
                    {
                        File.Delete(fileName);
                    }

                    File.WriteAllBytes(fileName, pfx);
                }

                _logger.LogInformation($"New certificate generated for {hostName}");
            }
            catch (Exception e)
            {
                _logger.LogError(e.ToString());
                throw;
            }
        }