1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
using PKISharp.WACS.Clients.IIS;
using PKISharp.WACS.DomainObjects;
using PKISharp.WACS.Plugins.Interfaces;
using PKISharp.WACS.Plugins.StorePlugins;
using PKISharp.WACS.Services;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace PKISharp.WACS.Plugins.InstallationPlugins
{
internal class IISWeb : IInstallationPlugin
{
private readonly ILogService _log;
private readonly IIISClient _iisClient;
private readonly IISWebOptions _options;
private readonly IUserRoleService _userRoleService;
public IISWeb(IISWebOptions options, IIISClient iisClient, ILogService log, IUserRoleService userRoleService)
{
_iisClient = iisClient;
_log = log;
_options = options;
_userRoleService = userRoleService;
}
Task IInstallationPlugin.Install(Target target, IEnumerable<IStorePlugin> stores, CertificateInfo newCertificate, CertificateInfo? oldCertificate)
{
var bindingOptions = new BindingOptions().
WithThumbprint(newCertificate.Certificate.GetCertHash());
var centralSsl = stores.FirstOrDefault(x => x is CentralSsl);
var certificateStore = stores.FirstOrDefault(x => x is CertificateStore);
if (centralSsl != null)
{
if (_iisClient.Version.Major < 8)
{
var errorMessage = "Centralized SSL is only supported on IIS8+";
_log.Error(errorMessage);
throw new InvalidOperationException(errorMessage);
}
else
{
bindingOptions = bindingOptions.WithFlags(SSLFlags.CentralSsl);
}
}
else if (certificateStore != null)
{
bindingOptions = bindingOptions.WithStore(newCertificate.StoreInfo[typeof(CertificateStore)].Path);
}
else
{
// Unknown/unsupported store
var errorMessage = "This installation plugin cannot be used in combination with the store plugin";
_log.Error(errorMessage);
throw new InvalidOperationException(errorMessage);
}
// Optionaly overrule the standard IP for new bindings
if (!string.IsNullOrEmpty(_options.NewBindingIp))
{
bindingOptions = bindingOptions.WithIP(_options.NewBindingIp);
}
// Optionaly overrule the standard port for new bindings
if (_options.NewBindingPort > 0)
{
bindingOptions = bindingOptions.WithPort(_options.NewBindingPort.Value);
}
var oldThumb = oldCertificate?.Certificate?.GetCertHash();
foreach (var part in target.Parts)
{
_iisClient.AddOrUpdateBindings(
part.Identifiers,
bindingOptions.WithSiteId(_options.SiteId ?? part.SiteId),
oldThumb);
}
return Task.CompletedTask;
}
(bool, string?) IPlugin.Disabled => Disabled(_userRoleService, _iisClient);
internal static (bool, string?) Disabled(IUserRoleService userRoleService, IIISClient iisClient)
{
var (allow, reason) = userRoleService.AllowIIS;
if (!allow)
{
return (true, reason);
}
if (!iisClient.HasWebSites)
{
return (true, "No IIS websites available.");
}
return (false, null);
}
}
}
|
