Cleanup and refactoring

Author: webprofusion-chrisc

src/Certify.Core/Management/Challenges/ChallengeResponseService.cs

@@ -315,17 +315,6 @@ public async Task<PendingAuthorization> PrepareAutomatedChallengeResponse(ILog l
                         }
                     }
 
-                    if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI)
-                    {
-                        // perform tls-sni-01 challenge response
-                        var check = PrepareChallengeResponse_TlsSni01(log, iisManager, pendingAuth.Identifier, managedCertificate, pendingAuth);
-                        if (requestConfig.PerformTlsSniBindingConfigChecks)
-                        {
-                            // set config check OK if all checks return true
-                            pendingAuth.AttemptedChallenge.ConfigCheckedOK = check();
-                        }
-                    }
-
                     if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS)
                     {
                         // perform dns-01 challenge response
@@ -341,15 +330,6 @@ public async Task<PendingAuthorization> PrepareAutomatedChallengeResponse(ILog l
                     if (requiredChallenge.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_TKAUTH)
                     {
                         pendingAuth.AttemptedChallenge.ConfigCheckedOK = true;
-                        // perform tkauth-01 challenge response
-                        //var check = await PerformChallengeResponse_Dns01(log, domain, managedCertificate, pendingAuth, isTestMode: false, credentialsManager);
-                        /*
-                         pendingAuth.AttemptedChallenge.IsFailure = !check.Result.IsSuccess;
-                         pendingAuth.AttemptedChallenge.ChallengeResultMsg = check.Result.Message;
-                         pendingAuth.AttemptedChallenge.IsAwaitingUser = check.IsAwaitingUser;
-                         pendingAuth.AttemptedChallenge.PropagationSeconds = check.PropagationSeconds;
-                         pendingAuth.IsFailure = !check.Result.IsSuccess;
-                         pendingAuth.AuthorizationError = pendingAuth.IsFailure ? check.Result.Message : "";*/
                     }
                 }
             }
@@ -555,70 +535,6 @@ private async Task<ActionResult> PerformChallengeResponse_Http01(ILog log, ITarg
             }
         }
 
-        private Func<bool> PrepareChallengeResponse_TlsSni01(ILog log, ITargetWebServer iisManager, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth)
-        {
-            var requestConfig = managedCertificate.RequestConfig;
-
-            var tlsSniChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI);
-
-            if (tlsSniChallenge == null)
-            {
-                log.Warning($"No tls-sni-01 challenge to complete for {managedCertificate.Name}. Request cannot continue.");
-                return () => false;
-            }
-
-            var sha256 = System.Security.Cryptography.SHA256.Create();
-
-            var z = new byte[tlsSniChallenge.HashIterationCount][];
-
-            // compute n sha256 hashes, where n=challengedata.iterationcount
-            z[0] = sha256.ComputeHash(Encoding.UTF8.GetBytes(tlsSniChallenge.Value));
-
-            for (var i = 1; i < z.Length; i++)
-            {
-                z[i] = sha256.ComputeHash(z[i - 1]);
-            }
-
-            // generate certs and install iis bindings
-            var cleanupQueue = new List<Func<Task>>();
-
-            var checkQueue = new List<Func<bool>>();
-
-            foreach (var hex in z.Select(b =>
-                BitConverter.ToString(b).Replace("-", "").ToLower()))
-            {
-                var sni = $"{hex.Substring(0, 32)}.{hex.Substring(32)}.acme.invalid";
-
-                log.Information($"Preparing binding at: https://{domain}, sni: {sni}");
-
-                var x509 = CertificateManager.GenerateSelfSignedCertificate(sni);
-
-                CertificateManager.StoreCertificate(x509);
-
-                var certStoreName = CertificateManager.GetMachineStore().Name;
-
-                // iisManager.InstallCertificateforBinding(certStoreName, x509.GetCertHash(),
-                // managedCertificate.ServerSiteId, sni);
-
-                // add check to the queue
-                checkQueue.Add(() => _netUtil.CheckSNI(domain.Value, sni).Result);
-
-                // add cleanup actions to queue
-                cleanupQueue.Add(() => iisManager.RemoveHttpsBinding(managedCertificate.ServerSiteId, sni));
-
-                cleanupQueue.Add(() => Task.Run(() => CertificateManager.RemoveCertificate(x509)));
-            }
-
-            // configure cleanup to execute the cleanup queue
-            pendingAuth.Cleanup = async () =>
-            {
-                cleanupQueue.ForEach(a => a());
-            };
-
-            // perform our own config checks
-            return () => checkQueue.All(check => check());
-        }
-
         private DnsChallengeHelper _dnsHelper = null;
 
         internal async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, bool isCleanupOnly, ICredentialsManager credentialsManager)

src/Certify.Models/Certify.Models.csproj

@@ -16,6 +16,24 @@
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
         <PlatformTarget>AnyCPU</PlatformTarget>
     </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|netstandard2.0|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|netstandard2.0|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
+      <NoWarn>1701;1702;CA1864</NoWarn>
+    </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="Fody" Version="6.9.1">
             <PrivateAssets>all</PrivateAssets>

src/Certify.Models/Config/CertRequestConfig.cs

@@ -109,12 +109,12 @@ public CertRequestConfig()
         /// <summary>
         /// Optional subject alternative names for our SSL Cert request 
         /// </summary>
-        public string[]? SubjectAlternativeNames { get; set; } = Array.Empty<string>();
+        public string[]? SubjectAlternativeNames { get; set; } = [];
 
         /// <summary>
         /// Optional list of IP addresses to include in cert request, primary first
         /// </summary>
-        public string[]? SubjectIPAddresses { get; set; } = Array.Empty<string>();
+        public string[]? SubjectIPAddresses { get; set; } = [];
 
         /// <summary>
         /// Root path for our website content, used when responding to file based challenges 

src/Certify.Models/Config/ManagedCertificate.cs

@@ -77,11 +77,6 @@ public Lifetime(DateTimeOffset dateStart, DateTimeOffset dateEnd)
 
         public int? GetPercentageElapsed(DateTimeOffset testDateTime)
         {
-            if (DateStart == null || DateEnd == null)
-            {
-                return null;
-            }
-
             var lifetime = DateEnd - DateStart;
 
             if (lifetime.TotalMinutes <= 0)
@@ -523,7 +518,7 @@ public CertRequestChallengeConfig GetChallengeConfig(CertIdentifierItem identifi
                         }
 
                         // if exact match exists, use that
-                        var identifierKey = identifier?.Value.ToLowerInvariant() ?? "";
+                        var identifierKey = identifier!.Value.ToLowerInvariant();
                         if (configsPerDomain.TryGetValue(identifierKey, out var value))
                         {
                             return value;
@@ -548,7 +543,7 @@ public CertRequestChallengeConfig GetChallengeConfig(CertIdentifierItem identifi
 
                         foreach (var configDomain in allMatchingConfigKeys)
                         {
-                            if (configDomain.EndsWith(identifier?.Value.ToLowerInvariant(), StringComparison.CurrentCultureIgnoreCase))
+                            if (configDomain.EndsWith(identifier!.Value.ToLowerInvariant(), StringComparison.CurrentCultureIgnoreCase))
                             {
                                 // use longest matching identifier (so subdomain.test.com takes priority
                                 // over test.com, )

src/Certify.Models/Hub/AccessControl.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 
 namespace Certify.Models.Hub
@@ -100,8 +100,8 @@ public AccessCheck(string? securityPrincipleId, string resourceType, string reso
 
     public class AccessTokenCheck
     {
-        public AccessToken Token { get; set; }
-        public AccessCheck Check { get; set; }
+        public AccessToken Token { get; set; } = default!;
+        public AccessCheck Check { get; set; } = default!;
     }
 
     public class AccessTokenTypes

src/Certify.Models/Hub/HubInfo.cs

@@ -2,17 +2,17 @@
 {
     public class HubInfo
     {
-        public string InstanceId { get; set; }
+        public string InstanceId { get; set; } = default!;
 
-        public VersionInfo Version { get; set; }
+        public VersionInfo Version { get; set; } = default!;
     }
 
     public class HubHealth
     {
-        public string Status { get; set; }
-        public string Detail { get; set; }
-        public string Version { get; set; }
-        public bool ServiceAvailable { get; set; }
-        public object env { get; set; }
+        public string Status { get; set; } = default!;
+        public string Detail { get; set; } = default!;
+        public string Version { get; set; } = default!;
+        public bool ServiceAvailable { get; set; } = default!;
+        public object env { get; set; } = default!;
     }
 }

src/Certify.Models/Plugins/PluginInterfaces.cs

@@ -51,7 +51,7 @@ public interface IDashboardClient
     public interface IProviderPlugin<TProviderInterface, TProviderDefinition>
     {
         List<TProviderDefinition> GetProviders(Type pluginType);
-        TProviderInterface GetProvider(Type pluginType, string id);
+        TProviderInterface? GetProvider(Type pluginType, string id);
     }
 
     /// <summary>

src/Certify.Models/Plugins/PluginProviderBase.cs

@@ -22,7 +22,7 @@ public PluginProviderBase(IServiceProvider serviceProvider)
 
         private IServiceProvider? _services { get; }
 
-        public TProviderInterface GetProvider(Type pluginType, string? id)
+        public TProviderInterface? GetProvider(Type pluginType, string? id)
         {
 
             id = id?.ToLowerInvariant();
@@ -34,27 +34,29 @@ public TProviderInterface GetProvider(Type pluginType, string? id)
 
             foreach (var t in typeList)
             {
-                var def = (TProviderDefinition)t.GetProperty("Definition").GetValue(null);
-                if (def != null && def is ProviderDefinition)
+                var defProperty = t.GetProperty("Definition");
+                if (defProperty != null)
                 {
-                    if ((def as ProviderDefinition)?.Id?.ToLowerInvariant() == id)
+                    var def = (TProviderDefinition?)defProperty.GetValue(null);
+                    if (def != null && def is ProviderDefinition)
                     {
-                        if (_services == null)
+                        if ((def as ProviderDefinition)?.Id?.ToLowerInvariant() == id)
                         {
-                            return (TProviderInterface)Activator.CreateInstance(t);
-                        }
-                        else
-                        {
-                            return (TProviderInterface)ActivatorUtilities.CreateInstance(_services, t);
+                            if (_services == null)
+                            {
+                                return (TProviderInterface?)Activator.CreateInstance(t);
+                            }
+                            else
+                            {
+                                return (TProviderInterface?)ActivatorUtilities.CreateInstance(_services, t);
+                            }
                         }
                     }
                 }
             }
 
             // the requested provider id is not present in this provider plugin, could be in another assembly
-#pragma warning disable CS8603 // Possible null reference return.
             return default;
-#pragma warning restore CS8603 // Possible null reference return.
         }
 
         public List<TProviderDefinition> GetProviders(Type pluginType)
@@ -70,8 +72,15 @@ public List<TProviderDefinition> GetProviders(Type pluginType)
             {
                 try
                 {
-                    var def = (TProviderDefinition)t.GetProperty("Definition").GetValue(null);
-                    list.Add(def);
+                    var defProperty = t.GetProperty("Definition");
+                    if (defProperty != null)
+                    {
+                        var def = (TProviderDefinition?)defProperty.GetValue(null);
+                        if (def != null)
+                        {
+                            list.Add(def);
+                        }
+                    }
                 }
                 catch (Exception)
                 {

src/Certify.Models/Shared/ActionLogCollector.cs

@@ -44,6 +44,6 @@ public List<string> GetActionLogSummary()
             return output;
         }
 
-        public ActionLogItem GetLastActionLogItem() => _actionLogs.LastOrDefault();
+        public ActionLogItem? GetLastActionLogItem() => _actionLogs.LastOrDefault();
     }
 }

src/Certify.Models/Shared/Validation/CertificateEditorService.cs

@@ -121,9 +121,8 @@ public static void ApplyAutoConfiguration(ManagedCertificate item, SiteInfo? sel
             }
 
             // update our list of selected subject ip addresses, if any
-            if (!config.SubjectIPAddresses.SequenceEqual(item.DomainOptions.Where(i => i.IsSelected && i.Type == CertIdentifierType.Ip).Select(s => s.Domain).ToArray()))
+            if (config.SubjectIPAddresses?.SequenceEqual(item.DomainOptions.Where(i => i.IsSelected && i.Type == CertIdentifierType.Ip).Select(s => s.Domain).ToArray()) == false)
             {
-
                 config.SubjectIPAddresses = item.DomainOptions.Where(i => i.IsSelected && i.Type == CertIdentifierType.Ip && i.Domain != null)
                                                               .Select(s => s.Domain ?? string.Empty)
                                                               .ToArray();
@@ -343,7 +342,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
                     if (
                         item.DomainOptions?.Any(d => d.IsSelected && d.Domain != null && d.Domain.StartsWith("*.", StringComparison.InvariantCultureIgnoreCase)) == true
                         &&
-                        !item.RequestConfig.Challenges.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS)
+                        item.RequestConfig.Challenges?.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS) == false
                         )
                     {
                         return new ValidationResult(
@@ -395,7 +394,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
                 }
 
                 // TLS-SNI-01 (is now not supported)
-                if (item.RequestConfig.Challenges.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI))
+                if (item.RequestConfig.Challenges?.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI) == true)
                 {
                     return new ValidationResult(
                         false,
@@ -404,7 +403,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
                     );
                 }
 
-                if (item.RequestConfig.Challenges.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS && string.IsNullOrEmpty(c.ChallengeProvider)))
+                if (item.RequestConfig.Challenges?.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS && string.IsNullOrEmpty(c.ChallengeProvider)) == true)
                 {
                     return new ValidationResult(
                         false,
@@ -413,7 +412,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
                     );
                 }
 
-                if (item.RequestConfig.Challenges.Count(c => string.IsNullOrEmpty(c.DomainMatch)) > 1)
+                if (item.RequestConfig.Challenges?.Count(c => string.IsNullOrEmpty(c.DomainMatch)) > 1)
                 {
                     return new ValidationResult(
                        false,
@@ -455,7 +454,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
                 }
 
                 // check certificate will not exceed 100 name limit. TODO: make this dynamic per selected CA
-                var numSelectedDomains = item.DomainOptions.Count(d => d.IsSelected);
+                var numSelectedDomains = item.DomainOptions?.Count(d => d.IsSelected) ?? 0;
 
                 if (numSelectedDomains > 100)
                 {