mirror of
https://github.com/MAKS-IT-COM/maksit-certs-ui.git
synced 2025-12-31 04:00:03 +01:00
-(bugfix): initialization without cert jws wrong placement fix
This commit is contained in:
Maksym Sadovnychyy
parent
2b89c7e41d
commit
5ecc436ddf
@ -107,7 +107,7 @@ public class LetsEncryptService : ILetsEncryptService {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// New Account request
|
// New Account request
|
||||||
|
state.JwsService = new JwsService(accountKey);
|
||||||
|
|
||||||
var letsEncryptOrder = new Account {
|
var letsEncryptOrder = new Account {
|
||||||
TermsOfServiceAgreed = true,
|
TermsOfServiceAgreed = true,
|
||||||
@ -118,7 +118,7 @@ public class LetsEncryptService : ILetsEncryptService {
|
|||||||
if (!postAccountResult.IsSuccess || account?.Result?.Location == null)
|
if (!postAccountResult.IsSuccess || account?.Result?.Location == null)
|
||||||
return postAccountResult;
|
return postAccountResult;
|
||||||
|
|
||||||
state.JwsService = new JwsService(accountKey);
|
|
||||||
state.JwsService.SetKeyId(account.Result.Location.ToString());
|
state.JwsService.SetKeyId(account.Result.Location.ToString());
|
||||||
|
|
||||||
if (account.Result.Status != "valid") {
|
if (account.Result.Status != "valid") {
|
||||||
|
|||||||
@ -154,9 +154,13 @@ public class CertsFlowService : ICertsFlowService {
|
|||||||
if (!uploadResult.IsSuccess)
|
if (!uploadResult.IsSuccess)
|
||||||
return (null, uploadResult);
|
return (null, uploadResult);
|
||||||
|
|
||||||
var notifyResult = NotifyHaproxy(results.Select(x => x.Key));
|
//var notifyResult = NotifyHaproxy(results);
|
||||||
if (!notifyResult.IsSuccess)
|
//if (!notifyResult.IsSuccess)
|
||||||
return (null, notifyResult);
|
// return (null, notifyResult);
|
||||||
|
|
||||||
|
var reloadResult = ReloadServer();
|
||||||
|
if (!reloadResult.IsSuccess)
|
||||||
|
return (null, reloadResult);
|
||||||
|
|
||||||
return IDomainResult.Success(results);
|
return IDomainResult.Success(results);
|
||||||
}
|
}
|
||||||
@ -201,8 +205,40 @@ public class CertsFlowService : ICertsFlowService {
|
|||||||
|
|
||||||
return IDomainResult.Success();
|
return IDomainResult.Success();
|
||||||
}
|
}
|
||||||
|
private IDomainResult ReloadServer() {
|
||||||
|
var server = _appSettings.Server;
|
||||||
|
|
||||||
private IDomainResult NotifyHaproxy(IEnumerable<string> certFiles) {
|
try {
|
||||||
|
using (SSHService sshClient = (server.PrivateKeys != null && server.PrivateKeys.Any(x => !string.IsNullOrWhiteSpace(x)))
|
||||||
|
? new SSHService(_logger, server.Ip, server.SSHPort, server.Username, server.PrivateKeys)
|
||||||
|
: !string.IsNullOrWhiteSpace(server.Password)
|
||||||
|
? new SSHService(_logger, server.Ip, server.SSHPort, server.Username, server.Password)
|
||||||
|
: throw new ArgumentNullException("Neither private keys nor password was provided")) {
|
||||||
|
|
||||||
|
var sshConnectResult = sshClient.Connect();
|
||||||
|
if (!sshConnectResult.IsSuccess)
|
||||||
|
return sshConnectResult;
|
||||||
|
|
||||||
|
// TODO: Prefer to create the native linux service which can receive the signal to reload the services
|
||||||
|
return sshClient.RunSudoCommand("", "systemctl reload haproxy");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception ex) {
|
||||||
|
var message = "Unable to upload files to remote server";
|
||||||
|
_logger.LogError(ex, message);
|
||||||
|
|
||||||
|
return IDomainResult.CriticalDependencyError(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
return IDomainResult.Success();
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Currently not working
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="results"></param>
|
||||||
|
/// <returns></returns>
|
||||||
|
private IDomainResult NotifyHaproxy(Dictionary<string, string> results) {
|
||||||
var server = _appSettings.Server;
|
var server = _appSettings.Server;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -212,25 +248,38 @@ public class CertsFlowService : ICertsFlowService {
|
|||||||
using (var reader = new StreamReader(networkStream, Encoding.ASCII)) {
|
using (var reader = new StreamReader(networkStream, Encoding.ASCII)) {
|
||||||
writer.AutoFlush = true;
|
writer.AutoFlush = true;
|
||||||
|
|
||||||
foreach (var certFile in certFiles) {
|
foreach (var result in results) {
|
||||||
|
var certFile = result.Key;
|
||||||
|
|
||||||
// Prepare the certificate
|
// Prepare the certificate
|
||||||
string prepareCommand = $"new ssl cert {server.Path}/{certFile}\n";
|
string prepareCommand = $"new ssl cert {server.Path}/{certFile}";
|
||||||
writer.WriteLine(prepareCommand);
|
writer.WriteLine(prepareCommand);
|
||||||
|
writer.Flush();
|
||||||
string prepareResponse = reader.ReadLine();
|
string prepareResponse = reader.ReadLine();
|
||||||
if (prepareResponse.Contains("error", StringComparison.OrdinalIgnoreCase)) {
|
//if (prepareResponse.Contains("error", StringComparison.OrdinalIgnoreCase)) {
|
||||||
_logger.LogError($"Error while preparing certificate {certFile}: {prepareResponse}");
|
// _logger.LogError($"Error while preparing certificate {certFile}: {prepareResponse}");
|
||||||
return IDomainResult.CriticalDependencyError($"Error while preparing certificate {certFile}");
|
// return IDomainResult.CriticalDependencyError($"Error while preparing certificate {certFile}");
|
||||||
}
|
//}
|
||||||
|
|
||||||
|
// Set the certificate
|
||||||
|
string setCommand = $"set ssl cert {server.Path}/{certFile} <<\n{result.Value}\n";
|
||||||
|
writer.WriteLine(setCommand);
|
||||||
|
writer.Flush();
|
||||||
|
string setResponse = reader.ReadLine();
|
||||||
|
//if (setResponse.Contains("error", StringComparison.OrdinalIgnoreCase)) {
|
||||||
|
// _logger.LogError($"Error while setting certificate {certFile}: {setResponse}");
|
||||||
|
// return IDomainResult.CriticalDependencyError($"Error while setting certificate {certFile}");
|
||||||
|
//}
|
||||||
|
|
||||||
// Commit the certificate
|
// Commit the certificate
|
||||||
string commitCommand = $"commit ssl cert {server.Path}/{certFile}\n";
|
string commitCommand = $"commit ssl cert {server.Path}/{certFile}";
|
||||||
writer.WriteLine(commitCommand);
|
writer.WriteLine(commitCommand);
|
||||||
|
writer.Flush();
|
||||||
string commitResponse = reader.ReadLine();
|
string commitResponse = reader.ReadLine();
|
||||||
if (commitResponse.Contains("error", StringComparison.OrdinalIgnoreCase)) {
|
//if (commitResponse.Contains("error", StringComparison.OrdinalIgnoreCase)) {
|
||||||
_logger.LogError($"Error while committing certificate {certFile}: {commitResponse}");
|
// _logger.LogError($"Error while committing certificate {certFile}: {commitResponse}");
|
||||||
return IDomainResult.CriticalDependencyError($"Error while committing certificate {certFile}");
|
// return IDomainResult.CriticalDependencyError($"Error while committing certificate {certFile}");
|
||||||
}
|
//}
|
||||||
}
|
}
|
||||||
|
|
||||||
_logger.LogInformation("Certificates committed successfully.");
|
_logger.LogInformation("Certificates committed successfully.");
|
||||||
@ -248,6 +297,7 @@ public class CertsFlowService : ICertsFlowService {
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private void DeleteExporedChallenges() {
|
private void DeleteExporedChallenges() {
|
||||||
var currentDate = DateTime.Now;
|
var currentDate = DateTime.Now;
|
||||||
|
|
||||||
|
|||||||
@ -125,42 +125,36 @@ namespace MaksIT.SSHProvider {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public IDomainResult RunSudoCommand(string password, string command) {
|
public IDomainResult RunSudoCommand(string password, string command) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
command = $"sudo {command}";
|
command = $"sudo {command}";
|
||||||
|
|
||||||
|
using (var shellStream = _sshClient.CreateShellStream("xterm", 80, 24, 800, 600, 1024, new Dictionary<TerminalModes, uint> {
|
||||||
var shellStream = _sshClient.CreateShellStream("xterm", 80, 24, 800, 600, 1024, new Dictionary<TerminalModes, uint> {
|
|
||||||
{ TerminalModes.ECHO, 53 }
|
{ TerminalModes.ECHO, 53 }
|
||||||
});
|
})) {
|
||||||
|
// Get logged in
|
||||||
|
string rep = shellStream.Expect(new Regex(@"[$>]"), TimeSpan.FromSeconds(10)); // expect user prompt with timeout
|
||||||
|
_logger.LogInformation("Initial prompt: {Prompt}", rep);
|
||||||
|
|
||||||
//Get logged in
|
// Send command
|
||||||
string rep = shellStream.Expect(new Regex(@"[$>]")); //expect user prompt
|
|
||||||
//this.writeOutput(results, rep);
|
|
||||||
_logger.LogInformation(rep);
|
|
||||||
|
|
||||||
//send command
|
|
||||||
shellStream.WriteLine(command);
|
shellStream.WriteLine(command);
|
||||||
rep = shellStream.Expect(new Regex(@"([$#>:])")); //expect password or user prompt
|
rep = shellStream.Expect(new Regex(@"([$#>:])"), TimeSpan.FromSeconds(10)); // expect password or user prompt with timeout
|
||||||
_logger.LogInformation(rep);
|
_logger.LogInformation("After command prompt: {Prompt}", rep);
|
||||||
|
|
||||||
//check to send password
|
// Check to send password
|
||||||
if (rep.Contains(":")) {
|
if (rep.Contains(":")) {
|
||||||
//send password
|
// Send password
|
||||||
shellStream.WriteLine(password);
|
shellStream.WriteLine(password);
|
||||||
rep = shellStream.Expect(new Regex(@"[$#>]")); //expect user or root prompt
|
rep = shellStream.Expect(new Regex(@"[$#>]"), TimeSpan.FromSeconds(10)); // expect user or root prompt with timeout
|
||||||
_logger.LogInformation(rep);
|
_logger.LogInformation("After password prompt: {Prompt}", rep);
|
||||||
}
|
}
|
||||||
|
|
||||||
return IDomainResult.Success();
|
return IDomainResult.Success();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
catch (Exception ex) {
|
catch (Exception ex) {
|
||||||
_logger.LogError(ex, "SSH Service unhandled exeption");
|
_logger.LogError(ex, "SSH Service unhandled exception");
|
||||||
return IDomainResult.CriticalDependencyError();
|
return IDomainResult.CriticalDependencyError();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void Dispose() {
|
public void Dispose() {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user