Merge pull request #332 from sjkp/feature/v2api

Upgrade to Lets Encrypt v2 API
sjkp · Oct 7, 2019 · 67150f3 · 67150f3
2 parents c753c31 + 3940868
commit 67150f3
Show file tree

Hide file tree

Showing 25 changed files with 224 additions and 858 deletions.
diff --git a/LetsEncrypt-SiteExtension.sln b/LetsEncrypt-SiteExtension.sln
@@ -30,10 +30,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "ACMESharp", "ACMESharp", "{E4B09348-2E98-4A58-8D5A-B55231D6A2E3}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ACMESharp", "ACMESharp\ACMESharp\ACMESharp\ACMESharp.csproj", "{D551234B-0A8D-4DEE-8178-A81998DF0EDB}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ACMESharp.PKI.Providers.BouncyCastle", "ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\ACMESharp.PKI.Providers.BouncyCastle.csproj", "{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -104,38 +100,10 @@ Global
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x64.Build.0 = Release|x64
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x86.ActiveCfg = Release|x86
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x86.Build.0 = Release|x86
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x64.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x86.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x64.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x64.Build.0 = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x86.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x86.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x64.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x86.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|Any CPU.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x64.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x64.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x86.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB} = {E4B09348-2E98-4A58-8D5A-B55231D6A2E3}
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9} = {E4B09348-2E98-4A58-8D5A-B55231D6A2E3}
-	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {CE278D6B-F8FA-4F40-A67B-A8367F40FCA4}
 	EndGlobalSection

diff --git a/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs b/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs
@@ -83,69 +83,5 @@ public async Task<IHttpActionResult> GenerateAndInstallBlob(HttpKuduInstallModel
 
             return Ok(await mgr.AddCertificate());
         }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns/azure")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> Generate(DnsAzureModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var res = await CertificateManager.RequestDnsChallengeCertificate(model.AzureDnsEnvironment, model.AcmeConfig);
-
-            return Ok(res);
-        }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns-v2/azure")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> Generate_v2(DnsAzureModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var res = await CertificateManager.RequestDnsChallengeCertificate(model.AzureDnsEnvironment, model.AcmeConfig);
-
-            return Ok(res);
-        }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. The 
-        /// certificate is installed to the web app. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns/azure/certificateinstall/azurewebapp")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> GenerateAndInstall(DnsAzureInstallModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var mgr = CertificateManager.CreateAzureDnsWebAppCertificateManager(model.AzureWebAppEnvironment, model.AcmeConfig, model.CertificateSettings, model);
-
-            return Ok(await mgr.AddCertificate());
-        }
     }
 }
diff --git a/LetsEncrypt-SiteExtension/Controllers/HomeController.cs b/LetsEncrypt-SiteExtension/Controllers/HomeController.cs
@@ -230,19 +230,18 @@ public async Task<ActionResult> Install(RequestAndInstallModel model)
                     Name = "email",
                     Value = model.Email
                 });
-                var baseUri = model.UseStaging == false ? "https://acme-v01.api.letsencrypt.org/" : "https://acme-staging.api.letsencrypt.org/";
                 s.Add(new SettingEntry()
                 {
-                    Name = "baseUri",
-                    Value = baseUri
+                    Name = "useStaging",
+                    Value = model.UseStaging.ToString()
                 });
                 SettingsStore.Instance.Save(s);
                 var settings = new AppSettingsAuthConfig();
                 var target = new AcmeConfig()
                 {                    
                     RegistrationEmail = model.Email,
                     Host = model.Hostnames.First(),                    
-                    BaseUri = baseUri,                    
+                    UseProduction = !model.UseStaging,                    
                     AlternateNames = model.Hostnames.Skip(1).ToList(),
                     PFXPassword = settings.PFXPassword,
                     RSAKeyLength = settings.RSAKeyLength,    

diff --git a/LetsEncrypt-SiteExtension/Web.config b/LetsEncrypt-SiteExtension/Web.config
@@ -133,6 +133,14 @@
         <assemblyIdentity name="System.Xml.ReaderWriter" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="BouncyCastle.Crypto" publicKeyToken="0e99375e54769942" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.8.5.0" newVersion="1.8.5.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>

diff --git a/LetsEncrypt.SiteExtension.Core/CertificateManager.cs b/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
@@ -93,32 +93,6 @@ public static CertificateManager CreateKuduWebAppCertificateManager(IAzureWebApp
             return new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new KuduFileSystemAuthorizationChallengeProvider(settings, authProviderConfig));
         }
 
-        /// <summary>
-        /// Returns a <see cref="CertificateManager"/> configured to use DNS Challenge, placing the challenge record in Azure DNS,
-        /// and assigning the obtained certificate directly to the web app service. 
-        /// </summary>
-        /// <param name="settings"></param>
-        /// <param name="acmeConfig"></param>
-        /// <param name="certSettings"></param>
-        /// <param name="dnsEnvironment"></param>
-        /// <returns></returns>
-        public static CertificateManager CreateAzureDnsWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAzureDnsEnvironment dnsEnvironment)
-        {
-            return new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment));
-        }
-
-        /// <summary>
-        /// Request a certificate from lets encrypt using the DNS challenge, placing the challenge record in Azure DNS. 
-        /// The certifiacte is not assigned, but just returned. 
-        /// </summary>
-        /// <param name="azureDnsEnvironment"></param>
-        /// <param name="acmeConfig"></param>
-        /// <returns></returns>
-        public static async Task<CertificateInstallModel> RequestDnsChallengeCertificate(IAzureDnsEnvironment azureDnsEnvironment, IAcmeConfig acmeConfig)
-        {
-            return await new CertificateManager(null, acmeConfig, null, new AzureDnsAuthorizationChallengeProvider(azureDnsEnvironment)).RequestInternalAsync(acmeConfig);
-        }
-
 
         /// <summary>
         /// Used for automatic installation of letsencrypt certificate 
@@ -186,7 +160,8 @@ public async Task<List<CertificateInstallModel>> RenewCertificate(bool skipInsta
 
                         RegistrationEmail = this.acmeConfig.RegistrationEmail ?? ss.FirstOrDefault(s => s.Name == "email").Value,
                         Host = sslStates.First().Name,
-                        BaseUri = this.acmeConfig.BaseUri ?? ss.FirstOrDefault(s => s.Name == "baseUri").Value,
+                        BaseUri = this.acmeConfig.BaseUri,
+                        UseProduction = !bool.Parse(ss.FirstOrDefault(s => s.Name == "useStaging")?.Value ?? false.ToString()),
                         AlternateNames = sslStates.Skip(1).Select(s => s.Name).ToList(),
                         PFXPassword = this.acmeConfig.PFXPassword,
                         RSAKeyLength = this.acmeConfig.RSAKeyLength

diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
@@ -69,6 +69,12 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="BouncyCastle.Crypto, Version=1.8.5.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
+      <HintPath>..\packages\Portable.BouncyCastle.1.8.5\lib\net40\BouncyCastle.Crypto.dll</HintPath>
+    </Reference>
+    <Reference Include="Certes, Version=2.3.3.0, Culture=neutral, PublicKeyToken=308b9c08e7effcb1, processorArchitecture=MSIL">
+      <HintPath>..\packages\Certes.2.3.3\lib\net45\Certes.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Azure.KeyVault.Core, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Azure.KeyVault.Core.3.0.1\lib\net452\Microsoft.Azure.KeyVault.Core.dll</HintPath>
     </Reference>
@@ -164,6 +170,9 @@
     <Reference Include="System.Security.Cryptography.X509Certificates, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Security.Cryptography.X509Certificates.4.3.2\lib\net46\System.Security.Cryptography.X509Certificates.dll</HintPath>
     </Reference>
+    <Reference Include="System.ValueTuple, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.4.0\lib\netstandard1.0\System.ValueTuple.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web" />
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Data.DataSetExtensions" />
@@ -192,11 +201,9 @@
     <Compile Include="Models\KuduModels.cs" />
     <Compile Include="Models\SettingEntry.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Services\PathProvider.cs" />
     <Compile Include="Services\AcmeService.cs" />
+    <Compile Include="Services\PathProvider.cs" />
     <Compile Include="Services\AppServiceCerticiateCertificateService.cs" />
-    <Compile Include="Services\AzureDnsAuthorizationChallengeProvider.cs" />
-    <Compile Include="Services\BaseDnsAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\BaseHttpAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\BlobStorageAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\WebAppCertificateService.cs" />
@@ -222,16 +229,6 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\ACMESharp.PKI.Providers.BouncyCastle.csproj">
-      <Project>{473bff7d-c7f0-471d-b7a3-19ad9adfdba9}</Project>
-      <Name>ACMESharp.PKI.Providers.BouncyCastle</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp\ACMESharp.csproj">
-      <Project>{d551234b-0a8d-4dee-8178-a81998df0edb}</Project>
-      <Name>ACMESharp</Name>
-    </ProjectReference>
-  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt.azure.core</id>
     <title>Azure Let's Encrypt</title>
-    <version>0.9.6</version>
+    <version>1.0.1</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>
@@ -16,11 +16,7 @@
       <dependency id="Microsoft.Azure.Management.Websites" version="2.0.1" />
       <dependency id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.14.0"></dependency>
       <dependency id="Newtonsoft.Json" version="12.0.1" />
-      <dependency id="BouncyCastle" version="1.8.1" />
+      <dependency id="BouncyCastle" version="1.8.5" />
     </dependencies>
   </metadata>
-  <files>
-    <file src="..\ACMESharp\ACMESharp\ACMESharp\bin\Release\ACMESharp.dll" target="lib\net46"></file>
-    <file src="..\ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\bin\Release\ACMESharp.PKI.Providers.BouncyCastle.dll" target="lib\net46"></file>
-  </files>
 </package>