From d628c6325a3df4426bc6f28748e97ffc9b53c086 Mon Sep 17 00:00:00 2001 From: Dmitrij <3024338+iamdmitrij@users.noreply.github.com> Date: Thu, 9 Jan 2025 07:28:22 +0200 Subject: [PATCH] Check Order State before checking DNS challenges (#50) * Check overall Order state before attempting challenge check * Fix MSBuild version property * Set all challenges to validation --- .github/workflows/publish.yml | 2 +- .../CertesAcme/CertesAcmeProvider.cs | 32 +++++++++++++------ 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index eaf1cfb..52cd70c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -42,7 +42,7 @@ jobs: release_name="cli-$tag-${{ matrix.target }}" # Build everything - dotnet publish src/AzAcme.Cli/AzAcme.Cli.csproj -p:PublishSingleFile=true --runtime "${{ matrix.target }}" -c Release -o "$release_name" --self-contained true -p:EnableCompressionInSingleFile=true -p:PublishTrimmed=true /p:Version="$tag_no_v" + dotnet publish src/AzAcme.Cli/AzAcme.Cli.csproj -p:PublishSingleFile=true --runtime "${{ matrix.target }}" -c Release -o "$release_name" --self-contained true -p:EnableCompressionInSingleFile=true -p:PublishTrimmed=true -p:Version="$tag_no_v" # Pack files if [ "${{ matrix.target }}" == "win-x64" ]; then diff --git a/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs b/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs index 775119f..4fd1fb6 100644 --- a/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs +++ b/src/AzAcme.Core/Providers/CertesAcme/CertesAcmeProvider.cs @@ -10,7 +10,7 @@ namespace AzAcme.Core.Providers.CertesAcme { public class CertesAcmeProvider : IAcmeDirectory { - + private readonly CertesAcmeConfiguration configuration; private readonly ILogger logger; private readonly IScopedSecret registrationSecret; @@ -26,7 +26,7 @@ public async Task Register(AcmeRegistration registration) { try { - if(registration.Force || false == await this.registrationSecret.Exists()) + if (registration.Force || false == await this.registrationSecret.Exists()) { this.logger.LogInformation("Registering with provider..."); @@ -43,7 +43,7 @@ public async Task Register(AcmeRegistration registration) var context = new AcmeContext(configuration.Directory); // use EAB if we need to. - if(registration.EabKeyId != null + if (registration.EabKeyId != null && registration.EabKey != null) { _ = await context.NewAccount(registration.Email, termsOfServiceAgreed: true, registration.EabKeyId, registration.EabKey, registration.EabAlgorithm.ToString()); @@ -52,7 +52,7 @@ public async Task Register(AcmeRegistration registration) { _ = await context.NewAccount(registration.Email, termsOfServiceAgreed: true); } - + var credential = context.AccountKey.ToPem(); await this.registrationSecret.CreateOrUpdate(credential); @@ -127,11 +127,23 @@ public async Task ValidateChallenges(Order order) { var certesOrder = order as CertesAcmeOrder; - if(certesOrder == null) + if (certesOrder == null) { throw new ArgumentException($"Expecing Order to be of type '{typeof(CertesAcmeOrder).Name}' but was '{order.GetType().Name}'"); } + var acmeOrder = (await certesOrder.Context.Resource()).Status; + + if (acmeOrder == Certes.Acme.Resource.OrderStatus.Ready) + { + foreach (var challenge in certesOrder.Challenges) + { + challenge.SetStatus(DnsChallenge.DnsChallengeStatus.Validated); + } + + return order; + } + foreach (var challenge in certesOrder.Challenges) { // only need to do anything if challenge is pending. @@ -159,11 +171,11 @@ public async Task ValidateChallenges(Order order) // we'll ignore the exception, we may get some transient // exceptions based on the state of the order within the // provider in some cases. - + // The looping will naturally end should the errors exceed the // time allowed. } - } + } } return order; @@ -182,7 +194,7 @@ public async Task Finalise(Order order, CertificateCsr csr) var timeOut = DateTime.UtcNow.AddMinutes(5); - while(finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid) + while (finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid) { this.logger.LogDebug("Waiting for order to be status '{0}'. Current status is '{1}'.", Certes.Acme.Resource.OrderStatus.Valid, finalisedOrder.Status); if (DateTime.UtcNow > timeOut) @@ -193,7 +205,7 @@ public async Task Finalise(Order order, CertificateCsr csr) finalisedOrder = await certesOrder.Context.Resource(); } - if(finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid) + if (finalisedOrder.Status != Certes.Acme.Resource.OrderStatus.Valid) { throw new NotSupportedException($"Expecting ACME Order to be Finalised, but is still in status '{finalisedOrder.Status}'"); } @@ -222,7 +234,7 @@ public async Task Finalise(Order order, CertificateCsr csr) private static string ConvertToPem(CertificateChain certificateChain) { var certStore = new RelaxedCertificateStore(); - + foreach (var issuer in certificateChain.Issuers) { certStore.Add(issuer.ToDer());