Skip to content

Commit

Permalink
Implement ACME Profiles (draft)
Browse files Browse the repository at this point in the history
  • Loading branch information
@webprofusion-chrisc
webprofusion-chrisc committed Jan 17, 2025
1 parent 8ca8d17 commit b4f157e
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 2 deletions.
7 changes: 6 additions & 1 deletion src/Certify.Models/Config/CertRequestConfig.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
Expand Down Expand Up @@ -301,6 +301,11 @@ public CertRequestConfig()
/// </summary>
public float? PreferredExpiryDays { get; set; }

/// <summary>
/// If set, specifies the preferred ACME profile to request (if the selected CA offers a profile with this name)
/// </summary>
public string? AcmeProfile { get; set; }

public void ApplyDeploymentOptionDefaults()
{
// if the selected mode is auto, discard settings which do not apply
Expand Down
16 changes: 15 additions & 1 deletion src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -754,8 +754,12 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
var orderCreated = false;
var orderAttemptAbandoned = false;
object lastException = null;

var caSupportsARI = false;

var caSupportsRequestedProfile = false;
var profile = managedCertificate.RequestConfig.AcmeProfile?.Trim();

try
{
// first check we can access the ACME API
Expand All @@ -766,6 +770,16 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
{
caSupportsARI = true;
}

if (!string.IsNullOrWhiteSpace(profile) && dir.Meta?.Profiles.ContainsKey(profile) == true)
{
caSupportsRequestedProfile = true;
log?.Information($"The CA supports the specified ACME Profile [{profile}].");
}
else
{
log?.Error($"CA does not support the specified ACME Profile [{profile}]. The order will continue without a specific profile.");
}
}
catch (Exception exp)
{
Expand Down Expand Up @@ -828,7 +842,7 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
ariReplacesCertId = managedCertificate.ARICertificateId;
}

order = await _acme.NewOrder(identifiers: certificateIdentifiers, notAfter: notAfter, ariReplacesCertId: ariReplacesCertId);
order = await _acme.NewOrder(identifiers: certificateIdentifiers, notAfter: notAfter, ariReplacesCertId: ariReplacesCertId, profile: caSupportsRequestedProfile ? profile : null);
}

if (order != null)
Expand Down
16 changes: 16 additions & 0 deletions src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,23 @@
Width="200"
HorizontalAlignment="left"
Controls:TextBoxHelper.Watermark="e.g. DST Root CA X3"
DockPanel.Dock="Top"
Text="{Binding SelectedItem.RequestConfig.PreferredChain}" />
<TextBlock
Margin="0,8"
DockPanel.Dock="Top"
Style="{StaticResource Subheading}">
ACME Profile (Draft)
</TextBlock>
<TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">
The certificate authority may allow you to specify a preset "profile" name for your certificate order.
</TextBlock>
<TextBox
Width="200"
HorizontalAlignment="left"
Controls:TextBoxHelper.Watermark="e.g. classic"
DockPanel.Dock="Top"
Text="{Binding SelectedItem.RequestConfig.AcmeProfile}" />
</DockPanel>
</TabItem>

Expand Down

0 comments on commit b4f157e

Please sign in to comment.