Check Order State before checking DNS challenges (#50)

* Check overall Order state before attempting challenge check * Fix MSBuild version property * Set all challenges to validation
az-acme · Jan 9, 2025 · d628c63 · d628c63
1 parent dc26108
commit d628c63
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 11 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -42,7 +42,7 @@ jobs:
           release_name="cli-$tag-${{ matrix.target }}"
 
           # Build everything
-          dotnet publish src/AzAcme.Cli/AzAcme.Cli.csproj -p:PublishSingleFile=true --runtime "${{ matrix.target }}" -c Release -o "$release_name" --self-contained true -p:EnableCompressionInSingleFile=true -p:PublishTrimmed=true /p:Version="$tag_no_v"
+          dotnet publish src/AzAcme.Cli/AzAcme.Cli.csproj -p:PublishSingleFile=true --runtime "${{ matrix.target }}" -c Release -o "$release_name" --self-contained true -p:EnableCompressionInSingleFile=true -p:PublishTrimmed=true -p:Version="$tag_no_v"
 
           # Pack files
           if [ "${{ matrix.target }}" == "win-x64" ]; then

diff --git a/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs b/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs
@@ -10,7 +10,7 @@ namespace AzAcme.Core.Providers.CertesAcme
 {
     public class CertesAcmeProvider : IAcmeDirectory
     {
-     
+
         private readonly CertesAcmeConfiguration configuration;
         private readonly ILogger logger;
         private readonly IScopedSecret registrationSecret;
@@ -26,7 +26,7 @@ public async Task<IAcmeCredential> Register(AcmeRegistration registration)
         {
             try
             {
-                if(registration.Force || false == await this.registrationSecret.Exists())
+                if (registration.Force || false == await this.registrationSecret.Exists())
                 {
                     this.logger.LogInformation("Registering with provider...");
 
@@ -43,7 +43,7 @@ public async Task<IAcmeCredential> Register(AcmeRegistration registration)
                     var context = new AcmeContext(configuration.Directory);
 
                     // use EAB if we need to.
-                    if(registration.EabKeyId != null
+                    if (registration.EabKeyId != null
                         && registration.EabKey != null)
                     {
                         _ = await context.NewAccount(registration.Email, termsOfServiceAgreed: true, registration.EabKeyId, registration.EabKey, registration.EabAlgorithm.ToString());
@@ -52,7 +52,7 @@ public async Task<IAcmeCredential> Register(AcmeRegistration registration)
                     {
                         _ = await context.NewAccount(registration.Email, termsOfServiceAgreed: true);
                     }
-                    
+
                     var credential = context.AccountKey.ToPem();
 
                     await this.registrationSecret.CreateOrUpdate(credential);
@@ -127,11 +127,23 @@ public async Task<Order> ValidateChallenges(Order order)
         {
             var certesOrder = order as CertesAcmeOrder;
 
-            if(certesOrder == null)
+            if (certesOrder == null)
             {
                 throw new ArgumentException($"Expecing Order to be of type '{typeof(CertesAcmeOrder).Name}' but was '{order.GetType().Name}'");
             }
 
+            var acmeOrder = (await certesOrder.Context.Resource()).Status;
+
+            if (acmeOrder == Certes.Acme.Resource.OrderStatus.Ready)
+            {
+                foreach (var challenge in certesOrder.Challenges)
+                {
+                    challenge.SetStatus(DnsChallenge.DnsChallengeStatus.Validated);
+                }
+
+                return order;
+            }
+
             foreach (var challenge in certesOrder.Challenges)
             {
                 // only need to do anything if challenge is pending.
@@ -159,11 +171,11 @@ public async Task<Order> ValidateChallenges(Order order)
                         // we'll ignore the exception, we may get some transient
                         // exceptions based on the state of the order within the
                         // provider in some cases.
-                        
+
                         // The looping will naturally end should the errors exceed the
                         // time allowed.
                     }
-                }                
+                }
             }
 
             return order;
@@ -182,7 +194,7 @@ public async Task<CerticateChain> Finalise(Order order, CertificateCsr csr)
 
 
             var timeOut = DateTime.UtcNow.AddMinutes(5);
-            while(finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid)
+            while (finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid)
             {
                 this.logger.LogDebug("Waiting for order to be status '{0}'. Current status is '{1}'.", Certes.Acme.Resource.OrderStatus.Valid, finalisedOrder.Status);
                 if (DateTime.UtcNow > timeOut)
@@ -193,7 +205,7 @@ public async Task<CerticateChain> Finalise(Order order, CertificateCsr csr)
                 finalisedOrder = await certesOrder.Context.Resource();
             }
 
-            if(finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid)
+            if (finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid)
             {
                 throw new NotSupportedException($"Expecting ACME Order to be Finalised, but is still in status '{finalisedOrder.Status}'");
             }
@@ -222,7 +234,7 @@ public async Task<CerticateChain> Finalise(Order order, CertificateCsr csr)
         private static string ConvertToPem(CertificateChain certificateChain)
         {
             var certStore = new RelaxedCertificateStore();
-            
+
             foreach (var issuer in certificateChain.Issuers)
             {
                 certStore.Add(issuer.ToDer());