Update external cert manager support

Author: webprofusion-chrisc

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs

@@ -25,14 +25,23 @@ public partial class CertifyManager
         /// <returns></returns>
         public async Task<ManagedCertificate> GetManagedCertificate(string id)
         {
-            var item = await _itemManager.GetById(id);
-            if (item != null)
+            if (id.StartsWith("ext-"))
             {
-                item.InstanceId = _serverConfig.HubAssignedInstanceId;
-                item.DateRetrieved = DateTime.UtcNow;
+                // look for item via external managed certificate provider
+                return _externallyManagedCertificatesCache
+                    .FirstOrDefault(i => i.Id == id);
             }
+            else
+            {
+                var item = await _itemManager.GetById(id);
+                if (item != null)
+                {
+                    item.InstanceId = _serverConfig.HubAssignedInstanceId;
+                    item.DateRetrieved = DateTime.UtcNow;
+                }
 
-            return item;
+                return item;
+            }
         }
 
         /// <summary>
@@ -58,47 +67,70 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
             return list;
         }
 
+        List<ManagedCertificate> _externallyManagedCertificatesCache = [];
+        private DateTimeOffset _externallyManagedCacheUpdated = DateTimeOffset.MinValue;
+
         private async Task<List<ManagedCertificate>> GetExternallyManagedCertificates(ManagedCertificateFilter filter)
         {
-            var externalList = new List<ManagedCertificate>();
+            if (_externallyManagedCacheUpdated > DateTimeOffset.UtcNow.AddMinutes(-10))
+            {
+                // return cached results
+                return _externallyManagedCertificatesCache;
+            }
+
             if (_pluginManager?.CertificateManagerProviders?.Any() == true)
             {
-                // TODO: cache providers/results
+                List<ManagedCertificate> list = [];
 
                 // check if we have any external sources of managed certificates
                 foreach (var p in _pluginManager.CertificateManagerProviders)
                 {
                     if (p != null)
                     {
-                        var pluginType = p.GetType();
-                        var providers = p.GetProviders(pluginType);
-
-                        foreach (var cp in providers)
+                        try
                         {
-                            if (cp?.IsEnabled == true)
-                            {
-                                try
-                                {
-                                    var certManager = p.GetProvider(pluginType, cp.Id);
-                                    var certs = await certManager.GetManagedCertificates(filter);
+                            var pluginType = p.GetType();
+                            var providers = p.GetProviders(pluginType);
 
-                                    externalList.AddRange(certs);
-                                }
-                                catch (Exception ex)
+                            foreach (var cp in providers)
+                            {
+                                if (cp?.IsEnabled == true)
                                 {
-                                    _serviceLog?.Error($"Failed to query certificate manager plugin {cp.Title} {ex}");
+                                    try
+                                    {
+                                        var certManager = p.GetProvider(pluginType, cp.Id);
+                                        var certs = await certManager.GetManagedCertificates(filter);
+
+                                        list.AddRange(certs);
+                                    }
+                                    catch (Exception ex)
+                                    {
+                                        _serviceLog?.Error($"Failed to query certificate manager plugin {cp.Title} {ex}");
+                                    }
                                 }
                             }
                         }
+                        catch (Exception ex)
+                        {
+                            _serviceLog?.Error($"Failed to query certificate manager providers {ex}");
+                        }
                     }
                     else
                     {
                         _serviceLog?.Error($"Failed to create one or more certificate manager plugins");
                     }
                 }
+
+                lock (_externallyManagedCertificatesCache)
+                {
+                    // reset cache
+                    _externallyManagedCertificatesCache = list;
+                }
             }
 
-            return externalList;
+            _externallyManagedCacheUpdated = DateTimeOffset.UtcNow;
+
+            return _externallyManagedCertificatesCache;
         }
 
         /// <summary>
@@ -152,6 +184,17 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             summary.AwaitingUser = ms.Count(c => c.Health == ManagedCertificateHealth.AwaitingUser);
             summary.NoCertificate = ms.Count(c => c.DateStart == null);
 
+            if (_externallyManagedCertificatesCache.Any())
+            {
+                summary.ExternallyManaged = _externallyManagedCertificatesCache.Count;
+                summary.Total += _externallyManagedCertificatesCache.Count;
+                summary.Healthy += _externallyManagedCertificatesCache.Count(c => c.Health == ManagedCertificateHealth.OK);
+                summary.Error += _externallyManagedCertificatesCache.Count(c => c.Health == ManagedCertificateHealth.Error);
+                summary.Warning += _externallyManagedCertificatesCache.Count(c => c.Health == ManagedCertificateHealth.Warning);
+                summary.AwaitingUser += _externallyManagedCertificatesCache.Count(c => c.Health == ManagedCertificateHealth.AwaitingUser);
+                summary.NoCertificate += _externallyManagedCertificatesCache.Count(c => c.DateStart == null);
+            }
+
             // count items with invalid config (e.g. multiple primary domains)
             summary.InvalidConfig = ms.Count(c => c.DomainOptions.Count(d => d.IsPrimaryDomain) > 1);
 

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs

@@ -463,7 +463,7 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom
             else if (arg.CommandType == ManagementHubCommands.GetManagedItems)
             {
                 // Get all managed items
-                var items = await GetManagedCertificates(new ManagedCertificateFilter { });
+                var items = await GetManagedCertificates(new ManagedCertificateFilter { IncludeExternal = CoreAppSettings.Current.EnableExternalCertManagers });
                 val = new ManagedInstanceItems { InstanceId = _serverConfig.HubAssignedInstanceId, Items = items };
             }
             else if (arg.CommandType == ManagementHubCommands.GetStatusSummary)

src/Certify.Models/Hub/ManagedCertificateSummary.cs

@@ -62,6 +62,11 @@ public record ManagedCertificateSummary
         /// If true, there is a certificate available (latest successful certificate order)
         /// </summary>
         public bool HasCertificate { get; set; }
+
+        /// <summary>
+        /// If true, is managed by an external certificate manager (e.g. Certbot, Posh-ACME, etc.)
+        /// </summary>
+        public bool IsExternallyManaged { get; set; }
     }
 
     public record ManagedCertificateSummaryResult

src/Certify.Models/Providers/ICertificateManager.cs

@@ -4,13 +4,17 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Providers;
+using Microsoft.Extensions.Logging;
 
 #nullable disable
 
 namespace Certify.Providers.CertificateManagers
 {
     public interface ICertificateManager
     {
+
+        void Init(ILogger logger, string settingsPath = "", string logPath = "");
+
         Task<bool> IsPresent();
 
         Task<ManagedCertificate> GetManagedCertificate(string id);

src/Certify.Models/Reporting/StatusSummary.cs

@@ -12,6 +12,7 @@ public class StatusSummary : BindableBase
 
         public int NoCertificate { get; set; }
 
+        public int ExternallyManaged { get; set; }
         public int TotalDomains { get; set; }
     }
 }

src/Certify.Server/Certify.Server.Hub.Api/Controllers/internal/HubController.cs

@@ -89,15 +89,16 @@ public async Task<IActionResult> GetHubManagedItems(string? instanceId, string?
                                 Id = i.Id ?? "",
                                 Title = $"{i.Name}" ?? "",
                                 OS = instance?.OS,
-                                ClientDetails = instance?.ClientName,
+                                ClientDetails = i.SourceId != null ? i.SourceName : instance?.ClientName,
                                 PrimaryIdentifier = i.GetCertificateIdentifiers().FirstOrDefault(p => p.Value == i.RequestConfig.PrimaryDomain) ?? i.GetCertificateIdentifiers().FirstOrDefault(),
                                 Identifiers = i.GetCertificateIdentifiers(),
                                 DateRenewed = i.DateRenewed,
                                 DateExpiry = i.DateExpiry,
                                 Comments = i.Comments ?? "",
                                 Status = i.Health.ToString(),
                                 DateRetrieved = i.DateRetrieved,
-                                HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
+                                HasCertificate = !string.IsNullOrEmpty(i.CertificatePath),
+                                IsExternallyManaged = i.ItemType == ManagedCertificateType.SSL_ExternallyManaged
                             };
                         }
                         )

src/Certify.Server/Certify.Server.Hub.Api/Controllers/v1/CertificateController.cs

@@ -1,6 +1,7 @@
 using System.Net;
 using System.Text;
 using Certify.Client;
+using Certify.Models;
 using Certify.Models.Hub;
 using Certify.Models.Reporting;
 using Certify.Server.Hub.Api.Services;
@@ -197,7 +198,8 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
                 DateExpiry = i.DateExpiry,
                 Comments = i.Comments ?? "",
                 Status = i.Health.ToString(),
-                HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
+                HasCertificate = !string.IsNullOrEmpty(i.CertificatePath),
+                IsExternallyManaged = i.ItemType == ManagedCertificateType.SSL_ExternallyManaged
             }).OrderBy(a => a.Title);
 
             var result = new ManagedCertificateSummaryResult