1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
using ACMESharp.Authorizations;
using PKISharp.WACS.Context;
using PKISharp.WACS.Plugins.Interfaces;
using PKISharp.WACS.Services;
using System;
using System.Collections.Concurrent;
using System.IO;
using System.Net;
using System.Threading.Tasks;
namespace PKISharp.WACS.Plugins.ValidationPlugins.Http
{
internal class SelfHosting : Validation<Http01ChallengeValidationDetails>
{
internal const int DefaultHttpValidationPort = 80;
internal const int DefaultHttpsValidationPort = 443;
private readonly object _listenerLock = new object();
private HttpListener? _listener;
private readonly ConcurrentDictionary<string, string> _files;
private readonly SelfHostingOptions _options;
private readonly ILogService _log;
private readonly IUserRoleService _userRoleService;
/// <summary>
/// We can answer requests for multiple domains
/// </summary>
public override ParallelOperations Parallelism => ParallelOperations.Answer | ParallelOperations.Prepare;
private bool HasListener => _listener != null;
private HttpListener Listener
{
get
{
if (_listener == null)
{
throw new InvalidOperationException("Listener not present");
}
return _listener;
}
set => _listener = value;
}
public SelfHosting(ILogService log, SelfHostingOptions options, IUserRoleService userRoleService)
{
_log = log;
_options = options;
_files = new ConcurrentDictionary<string, string>();
_userRoleService = userRoleService;
}
private async Task ReceiveRequests()
{
while (HasListener && Listener.IsListening)
{
var ctx = await Listener.GetContextAsync();
var path = ctx.Request.Url.LocalPath;
if (_files.TryGetValue(path, out var response))
{
_log.Verbose("SelfHosting plugin serving file {name}", path);
using var writer = new StreamWriter(ctx.Response.OutputStream);
writer.Write(response);
}
else
{
_log.Warning("SelfHosting plugin couldn't serve file {name}", path);
ctx.Response.StatusCode = 404;
}
}
}
public override Task PrepareChallenge(ValidationContext context, Http01ChallengeValidationDetails challenge)
{
// Add validation file
_files.GetOrAdd("/" + challenge.HttpResourcePath, challenge.HttpResourceValue);
return Task.CompletedTask;
}
public override Task Commit()
{
// Create listener if it doesn't exist yet
lock (_listenerLock)
{
if (_listener == null)
{
var protocol = _options.Https == true ? "https" : "http";
var port = _options.Port ?? (_options.Https == true ?
DefaultHttpsValidationPort :
DefaultHttpValidationPort);
var prefix = $"{protocol}://+:{port}/.well-known/acme-challenge/";
try
{
Listener = new HttpListener();
Listener.Prefixes.Add(prefix);
Listener.Start();
Task.Run(ReceiveRequests);
}
catch
{
_log.Error("Unable to activate listener, this may be because of insufficient rights or a non-Microsoft webserver using port {port}", port);
throw;
}
}
}
return Task.CompletedTask;
}
public override Task CleanUp()
{
// Cleanup listener if nobody else has done it yet
lock (_listenerLock)
{
if (HasListener)
{
try
{
Listener.Stop();
Listener.Close();
}
finally
{
_listener = null;
}
}
}
return Task.CompletedTask;
}
public override (bool, string?) Disabled => IsDisabled(_userRoleService);
internal static (bool, string?) IsDisabled(IUserRoleService userRoleService)
{
if (!userRoleService.IsAdmin)
{
return (true, "Run as administrator to allow use of the built-in web listener.");
}
else
{
return (false, null);
}
}
}
}
|
