Implement option to disable ARI checks

Author: webprofusion-chrisc

src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs

@@ -238,6 +238,8 @@ private async Task PerformCertificateStatusChecks(CancellationToken cancelToken,
                 var itemsOcspExpired = new List<string>();
                 var itemsViaARI = new Dictionary<string, DateTimeOffset>();
 
+                var disableARIChecks = CoreAppSettings.Current.DisableARIChecks;
+
                 if (ocspItemsToCheck?.Any() == true)
                 {
                     _serviceLog.Information(template: $"Checking OCSP for {ocspItemsToCheck.Count} items");
@@ -288,7 +290,7 @@ private async Task PerformCertificateStatusChecks(CancellationToken cancelToken,
                     _serviceLog.Verbose("Completed OCSP status checks");
                 }
 
-                if (!cancelToken.IsCancellationRequested)
+                if (!disableARIChecks && !cancelToken.IsCancellationRequested)
                 {
                     var renewalInfoItemsToCheck = await _itemManager.Find(new ManagedCertificateFilter { LastRenewalInfoCheckMins = (managedItemId == null ? lastCheckOlderThanMinutes : (int?)null), MaxResults = batchSize, Id = managedItemId });
 
@@ -391,6 +393,10 @@ private async Task PerformCertificateStatusChecks(CancellationToken cancelToken,
                         }
                     }
                 }
+                else if (disableARIChecks)
+                {
+                    _serviceLog.Information("ARI Checks are disabled.");
+                }
 
                 var allItemsToUpdate = new List<string>(completedOcspUpdateChecks);
 

src/Certify.Core/Management/SettingsManager.cs

@@ -181,6 +181,11 @@ public static CoreAppSettings Current
         public bool PerformChallengeCleanupsLast { get; set; }
         public string CurrentServiceVersion { get; set; }
 
+        /// <summary>
+        /// If true, ARI checks will not be performed during periodic maintenance
+        /// </summary>
+        public bool DisableARIChecks { get; set; }
+
         /// <summary>
         ///  if true, additional management hub features and data stores may be enabled
         /// </summary>
@@ -240,7 +245,10 @@ public static bool FromPreferences(Models.Preferences prefs)
 
             CoreAppSettings.Current.DefaultACMERetryInterval = prefs.DefaultACMERetryInterval;
 
+            CoreAppSettings.Current.DisableARIChecks = prefs.DisableARIChecks;
+
             CoreAppSettings.Current.EnableIssuerCache = prefs.EnableIssuerCache;
+
             return true;
         }
 
@@ -276,6 +284,7 @@ public static Models.Preferences ToPreferences()
                 ConfigDataStoreConnectionId = CoreAppSettings.Current.ConfigDataStoreConnectionId,
                 DefaultKeyType = CoreAppSettings.Current.DefaultKeyType,
                 EnableParallelRenewals = CoreAppSettings.Current.EnableParallelRenewals,
+                DisableARIChecks = CoreAppSettings.Current.DisableARIChecks,
                 DefaultACMERetryInterval = CoreAppSettings.Current.DefaultACMERetryInterval
             };
 

src/Certify.Models/Config/Preferences.cs

@@ -129,6 +129,11 @@ public class Preferences : BindableBase
         /// If true, system CA roots etc are loaded during chain build to help validate chain
         /// </summary>
         public bool EnableIssuerCache { get; set; }
+
+        /// <summary>
+        /// If true, ARI checks will not be performed during periodic maintenance
+        /// </summary>
+        public bool DisableARIChecks { get; set; }
     }
 
     public static class FeatureFlags