diff options
Diffstat (limited to 'src/main.lib/Clients')
| -rw-r--r-- | src/main.lib/Clients/Acme/AcmeClient.cs | 2 | ||||
| -rw-r--r-- | src/main.lib/Clients/Acme/OrderManager.cs | 8 | ||||
| -rw-r--r-- | src/main.lib/Clients/IIS/IISHttpBindingUpdater.cs | 48 |
3 files changed, 37 insertions, 21 deletions
diff --git a/src/main.lib/Clients/Acme/AcmeClient.cs b/src/main.lib/Clients/Acme/AcmeClient.cs index 5e0385a..2eae016 100644 --- a/src/main.lib/Clients/Acme/AcmeClient.cs +++ b/src/main.lib/Clients/Acme/AcmeClient.cs @@ -38,6 +38,8 @@ namespace PKISharp.WACS.Clients.Acme public const string AuthorizationPending = "pending"; public const string AuthorizationProcessing = "processing"; + public const string ChallengeValid = "valid"; + private readonly ILogService _log; private readonly IInputService _input; private readonly ISettingsService _settings; diff --git a/src/main.lib/Clients/Acme/OrderManager.cs b/src/main.lib/Clients/Acme/OrderManager.cs index a0f9c2b..b57ac8f 100644 --- a/src/main.lib/Clients/Acme/OrderManager.cs +++ b/src/main.lib/Clients/Acme/OrderManager.cs @@ -39,9 +39,9 @@ namespace PKISharp.WACS.Clients.Acme /// <param name="renewal"></param> /// <param name="target"></param> /// <returns></returns> - public async Task<OrderDetails?> GetOrCreate(Renewal renewal, Target target, RunLevel runLevel) + public async Task<OrderDetails?> GetOrCreate(Order order, RunLevel runLevel) { - var cacheKey = _certificateService.CacheKey(renewal, target); + var cacheKey = _certificateService.CacheKey(order); var existingOrder = FindRecentOrder(cacheKey); if (existingOrder != null) { @@ -65,7 +65,7 @@ namespace PKISharp.WACS.Clients.Acme } else { - _log.Debug($"Cached order has status {existingOrder.Payload.Status}, discarding"); + _log.Debug("Cached order has status {status}, discarding", existingOrder.Payload.Status); } } } @@ -74,7 +74,7 @@ namespace PKISharp.WACS.Clients.Acme _log.Warning("Unable to refresh cached order: {ex}", ex.Message); } } - var identifiers = target.GetHosts(false); + var identifiers = order.Target.GetHosts(false); return await CreateOrder(identifiers, cacheKey); } diff --git a/src/main.lib/Clients/IIS/IISHttpBindingUpdater.cs b/src/main.lib/Clients/IIS/IISHttpBindingUpdater.cs index 43945c3..b2b5ca3 100644 --- a/src/main.lib/Clients/IIS/IISHttpBindingUpdater.cs +++ b/src/main.lib/Clients/IIS/IISHttpBindingUpdater.cs @@ -61,10 +61,23 @@ namespace PKISharp.WACS.Clients.IIS { try { - found.Add(binding.Host); - if (UpdateBinding(site, binding, bindingOptions)) + // Only update if the old binding actually matches + // with the new certificate + if (identifiers.Any(i => Fits(binding.Host, i, SSLFlags.None) > 0)) { - bindingsUpdated += 1; + found.Add(binding.Host); + if (UpdateBinding(site, binding, bindingOptions)) + { + bindingsUpdated += 1; + } + } + else + { + _log.Warning( + "Existing https binding {host}:{port}{ip} not updated because it doesn't seem to match the new certificate!", + binding.Host, + binding.Port, + string.IsNullOrEmpty(binding.IP) ? "" : $":{binding.IP}"); } } catch (Exception ex) @@ -93,7 +106,7 @@ namespace PKISharp.WACS.Clients.IIS var current = todo.First(); try { - var (hostFound, commitRequired) = AddOrUpdateBindings( + var (hostFound, bindings) = AddOrUpdateBindings( allBindings.Select(x => x.binding).ToArray(), targetSite, bindingOptions.WithHost(current)); @@ -111,10 +124,7 @@ namespace PKISharp.WACS.Clients.IIS else { found.Add(hostFound); - if (commitRequired) - { - bindingsUpdated += 1; - } + bindingsUpdated += bindings; } } catch (Exception ex) @@ -148,7 +158,7 @@ namespace PKISharp.WACS.Clients.IIS /// <param name="port"></param> /// <param name="ipAddress"></param> /// <param name="fuzzy"></param> - private (string?, bool) AddOrUpdateBindings(TBinding[] allBindings, TSite site, BindingOptions bindingOptions) + private (string?, int) AddOrUpdateBindings(TBinding[] allBindings, TSite site, BindingOptions bindingOptions) { if (bindingOptions.Host == null) { @@ -156,7 +166,7 @@ namespace PKISharp.WACS.Clients.IIS } // Require IIS manager to commit - var commitRequired = false; + var commit = 0; // Get all bindings which could map to the host var matchingBindings = site.Bindings. @@ -186,7 +196,10 @@ namespace PKISharp.WACS.Clients.IIS if (UpdateExistingBindingFlags(bindingOptions.Flags, match.binding, allBindings, out var updateFlags)) { var updateOptions = bindingOptions.WithFlags(updateFlags); - commitRequired = UpdateBinding(site, match.binding, updateOptions); + if (UpdateBinding(site, match.binding, updateOptions)) + { + commit++; + } } } else @@ -206,11 +219,11 @@ namespace PKISharp.WACS.Clients.IIS { AddBinding(site, addOptions); existing.Add(binding); - commitRequired = true; + commit++; } } } - return (bestMatch.binding.Host, commitRequired); + return (bestMatch.binding.Host, commit); } } @@ -219,12 +232,12 @@ namespace PKISharp.WACS.Clients.IIS if (AllowAdd(bindingOptions, allBindings)) { AddBinding(site, bindingOptions); - commitRequired = true; - return (bindingOptions.Host, commitRequired); + commit++; + return (bindingOptions.Host, commit); } // We haven't been able to do anything - return (null, commitRequired); + return (null, commit); } /// <summary> @@ -407,9 +420,10 @@ namespace PKISharp.WACS.Clients.IIS preserveFlags &= ~SSLFlags.NotWithCentralSsl; } options = options.WithFlags(options.Flags | preserveFlags); - _log.Information(LogType.All, "Updating existing https binding {host}:{port} (flags: {flags})", + _log.Information(LogType.All, "Updating existing https binding {host}:{port}{ip} (flags: {flags})", existingBinding.Host, existingBinding.Port, + string.IsNullOrEmpty(existingBinding.IP) ? "" : $":{existingBinding.IP}", (int)options.Flags); _client.UpdateBinding(site, existingBinding, options); return true; |