Adds external certificate manager preferences

webprofusion-chrisc · webprofusion-chrisc · commit 0c1a35a7ccf2 · 2025-07-01T17:45:59.000+08:00
Adds support for enabling/disabling external certificate managers and setting config/log paths.

Initializes certificate managers with provided configuration and logging, and adds default provider preferences if they don't already exist.
Refreshes the externally managed certificate cache when certificate manager configuration changes.
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -82,6 +82,9 @@ private async Task<List<ManagedCertificate>> GetExternallyManagedCertificates(Ma
             {
                 List<ManagedCertificate> list = [];
 
+                var prefs = SettingsManager.ToPreferences();
+                var providerAdded = false;
+
                 // check if we have any external sources of managed certificates
                 foreach (var p in _pluginManager.CertificateManagerProviders)
                 {
@@ -91,17 +94,42 @@ private async Task<List<ManagedCertificate>> GetExternallyManagedCertificates(Ma
                         {
                             var pluginType = p.GetType();
                             var providers = p.GetProviders(pluginType);
+                            var loggerAdapter = new LogToILoggerAdapter(_serviceLog);
 
                             foreach (var cp in providers)
                             {
                                 if (cp?.IsEnabled == true)
                                 {
                                     try
                                     {
-                                        var certManager = p.GetProvider(pluginType, cp.Id);
-                                        var certs = await certManager.GetManagedCertificates(filter);
+                                        var providerPrefs = prefs.CertificateManagers.FirstOrDefault(c => c.Id == cp.Id);
+
+                                        if (providerPrefs?.IsEnabled == true || providerPrefs == null)
+                                        {
+                                            var certManager = p.GetProvider(pluginType, cp.Id);
+
+                                            // Initialize or use the certificate manager with the specified config and log paths
+
+                                            certManager.Init(loggerAdapter, providerPrefs);
 
-                                        list.AddRange(certs);
+                                            var certs = await certManager.GetManagedCertificates(filter);
+
+                                            list.AddRange(certs);
+
+                                            if (providerPrefs == null)
+                                            {
+                                                //add a default provider prefs if not already present
+                                                prefs.CertificateManagers.Add(new CertificateManagerPreference
+                                                {
+                                                    Id = cp.Id,
+                                                    IsEnabled = true,
+                                                    ConfigPath = "",
+                                                    LogPath = ""
+                                                });
+
+                                                providerAdded = true;
+                                            }
+                                        }
                                     }
                                     catch (Exception ex)
                                     {
@@ -126,6 +154,19 @@ private async Task<List<ManagedCertificate>> GetExternallyManagedCertificates(Ma
                     // reset cache
                     _externallyManagedCertificatesCache = list;
                 }
+
+                if (providerAdded)
+                {
+                    SettingsManager.FromPreferences(prefs);
+                    try
+                    {
+                        SettingsManager.SaveAppSettings();
+                    }
+                    catch (Exception ex)
+                    {
+                        _serviceLog.Error(ex, "Error saving preferences");
+                    }
+                }
             }
 
             _externallyManagedCacheUpdated = DateTimeOffset.UtcNow;
@@ -946,3 +987,4 @@ private async Task StopHttpChallengeServer()
         }
     }
 }
+
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -728,6 +728,8 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom
                     prefs.RenewalIntervalMode = update.RenewalIntervalMode;
                     prefs.UseModernPFXAlgs = update.UseModernPFXAlgs;
 
+                    prefs.CertificateManagers = update.CertificateManagers;
+
                     SettingsManager.FromPreferences(prefs);
 
                     try
@@ -740,6 +742,9 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom
                         _serviceLog.Error(ex, "Error saving preferences");
                         val = new ActionResult("Service core settings could not be updated.", false);
                     }
+
+                    // cert manager config may have changed, refresh required
+                    _externallyManagedCacheUpdated = DateTimeOffset.MinValue;
                 }
                 else
                 {
diff --git a/src/Certify.Core/Management/SettingsManager.cs b/src/Certify.Core/Management/SettingsManager.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.IO;
 using Certify.Models;
+using Certify.Models.Config;
 
 namespace Certify.Management
 {
@@ -35,6 +36,7 @@ private CoreAppSettings()
             EnableExternalCertManagers = true;
             UseModernPFXAlgs = false;
             NtpServer = "pool.ntp.org";
+            CertificateManagers = new List<CertificateManagerPreference>();
         }
 
         public static CoreAppSettings Current
@@ -185,6 +187,8 @@ public static CoreAppSettings Current
         /// If true, ARI checks will not be performed during periodic maintenance
         /// </summary>
         public bool DisableARIChecks { get; set; }
+
+        public List<CertificateManagerPreference> CertificateManagers { get; set; } = new List<CertificateManagerPreference>();
     }
 
     public class SettingsManager
@@ -244,6 +248,8 @@ public static bool FromPreferences(Models.Preferences prefs)
 
             CoreAppSettings.Current.EnableIssuerCache = prefs.EnableIssuerCache;
 
+            CoreAppSettings.Current.CertificateManagers = prefs.CertificateManagers;
+
             return true;
         }
 
@@ -280,7 +286,8 @@ public static Models.Preferences ToPreferences()
                 DefaultKeyType = CoreAppSettings.Current.DefaultKeyType,
                 EnableParallelRenewals = CoreAppSettings.Current.EnableParallelRenewals,
                 DisableARIChecks = CoreAppSettings.Current.DisableARIChecks,
-                DefaultACMERetryInterval = CoreAppSettings.Current.DefaultACMERetryInterval
+                DefaultACMERetryInterval = CoreAppSettings.Current.DefaultACMERetryInterval,
+                CertificateManagers = CoreAppSettings.Current.CertificateManagers
             };
 
             return prefs;
diff --git a/src/Certify.Models/Config/CertificateManagerPreference.cs b/src/Certify.Models/Config/CertificateManagerPreference.cs
@@ -0,0 +1,10 @@
+﻿namespace Certify.Models.Config
+{
+    public class CertificateManagerPreference
+    {
+        public string Id { get; set; }
+        public bool IsEnabled { get; set; }
+        public string ConfigPath { get; set; }
+        public string LogPath { get; set; }
+    }
+}
diff --git a/src/Certify.Models/Config/Preferences.cs b/src/Certify.Models/Config/Preferences.cs
@@ -1,4 +1,7 @@
-﻿namespace Certify.Models
+﻿using System.Collections.Generic;
+using Certify.Models.Config;
+
+namespace Certify.Models
 {
     public enum CertificateCleanupMode
     {
@@ -134,6 +137,11 @@ public class Preferences : BindableBase
         /// If true, ARI checks will not be performed during periodic maintenance
         /// </summary>
         public bool DisableARIChecks { get; set; }
+
+        /// <summary>
+        /// Preferences for external certificate managers (enable/disable, config/log paths)
+        /// </summary>
+        public List<CertificateManagerPreference> CertificateManagers { get; set; } = new List<CertificateManagerPreference>();
     }
 
     public static class FeatureFlags
diff --git a/src/Certify.Models/Providers/ICertificateManager.cs b/src/Certify.Models/Providers/ICertificateManager.cs
@@ -13,7 +13,7 @@ namespace Certify.Providers.CertificateManagers
     public interface ICertificateManager
     {
 
-        void Init(ILogger logger, string settingsPath = "", string logPath = "");
+        void Init(ILogger logger, CertificateManagerPreference prefs);
 
         Task<bool> IsPresent();
 
diff --git a/src/Certify.Shared/Utils/Loggy.cs b/src/Certify.Shared/Utils/Loggy.cs
@@ -1,4 +1,5 @@
 ﻿using System;
+using Certify.Models.Providers;
 using Microsoft.Extensions.Logging;
 
 namespace Certify.Models
@@ -24,4 +25,44 @@ public Loggy(ILogger log)
 
         public void Warning(string template, params object[] propertyValues) => _log?.LogWarning(template, propertyValues);
     }
+
+    // Create an adapter class to convert ILog to ILogger
+    public class LogToILoggerAdapter : ILogger
+    {
+        private readonly ILog _log;
+
+        public LogToILoggerAdapter(ILog log)
+        {
+            _log = log;
+        }
+
+        public IDisposable BeginScope<TState>(TState state) => null;
+
+        public bool IsEnabled(LogLevel logLevel) => true;
+
+        public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func<TState, string> formatter)
+        {
+            var message = formatter(state);
+
+            switch (logLevel)
+            {
+                case LogLevel.Critical:
+                case LogLevel.Error:
+                    _log.Error(exception, message);
+                    break;
+                case LogLevel.Warning:
+                    _log.Warning(message);
+                    break;
+                case LogLevel.Information:
+                    _log.Information(message);
+                    break;
+                case LogLevel.Debug:
+                case LogLevel.Trace:
+                    _log.Debug(message);
+                    break;
+            }
+        }
+
+        public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func<TState, Exception, string> formatter) => throw new NotImplementedException();
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -728,6 +728,8 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom`
`728`	`728`	`prefs.RenewalIntervalMode = update.RenewalIntervalMode;`
`729`	`729`	`prefs.UseModernPFXAlgs = update.UseModernPFXAlgs;`
`730`	`730`
	`731`	`+ prefs.CertificateManagers = update.CertificateManagers;`
	`732`	`+`
`731`	`733`	`SettingsManager.FromPreferences(prefs);`
`732`	`734`
`733`	`735`	`try`
`@@ -740,6 +742,9 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom`
`740`	`742`	`_serviceLog.Error(ex, "Error saving preferences");`
`741`	`743`	`val = new ActionResult("Service core settings could not be updated.", false);`
`742`	`744`	`}`
	`745`	`+`
	`746`	`+ // cert manager config may have changed, refresh required`
	`747`	`+ _externallyManagedCacheUpdated = DateTimeOffset.MinValue;`
`743`	`748`	`}`
`744`	`749`	`else`
`745`	`750`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,7 @@`
`1`		`-namespace Certify.Models`
	`1`	`+using System.Collections.Generic;`
	`2`	`+using Certify.Models.Config;`
	`3`	`+`
	`4`	`+namespace Certify.Models`
`2`	`5`	`{`
`3`	`6`	`public enum CertificateCleanupMode`
`4`	`7`	`{`
`@@ -134,6 +137,11 @@ public class Preferences : BindableBase`
`134`	`137`	`/// If true, ARI checks will not be performed during periodic maintenance`
`135`	`138`	`/// </summary>`
`136`	`139`	`public bool DisableARIChecks { get; set; }`
	`140`	`+`
	`141`	`+ /// <summary>`
	`142`	`+ /// Preferences for external certificate managers (enable/disable, config/log paths)`
	`143`	`+ /// </summary>`
	`144`	`+ public List<CertificateManagerPreference> CertificateManagers { get; set; } = new List<CertificateManagerPreference>();`
`137`	`145`	`}`
`138`	`146`
`139`	`147`	`public static class FeatureFlags`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ namespace Certify.Providers.CertificateManagers`
`13`	`13`	`public interface ICertificateManager`
`14`	`14`	`{`
`15`	`15`
`16`		`- void Init(ILogger logger, string settingsPath = "", string logPath = "");`
	`16`	`+ void Init(ILogger logger, CertificateManagerPreference prefs);`
`17`	`17`
`18`	`18`	`Task<bool> IsPresent();`
`19`	`19`