Implement ACME Profiles (draft)

Author: webprofusion-chrisc

src/Certify.Models/Config/CertRequestConfig.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
@@ -301,6 +301,11 @@ public CertRequestConfig()
         /// </summary>
         public float? PreferredExpiryDays { get; set; }
 
+        /// <summary>
+        /// If set, specifies the preferred ACME profile to request (if the selected CA offers a profile with this name)
+        /// </summary>
+        public string? AcmeProfile { get; set; }
+
         public void ApplyDeploymentOptionDefaults()
         {
             // if the selected mode is auto, discard settings which do not apply

src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs

@@ -754,8 +754,12 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
                 var orderCreated = false;
                 var orderAttemptAbandoned = false;
                 object lastException = null;
+
                 var caSupportsARI = false;
 
+                var caSupportsRequestedProfile = false;
+                var profile = managedCertificate.RequestConfig.AcmeProfile?.Trim();
+
                 try
                 {
                     // first check we can access the ACME API
@@ -766,6 +770,16 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
                         {
                             caSupportsARI = true;
                         }
+
+                        if (!string.IsNullOrWhiteSpace(profile) && dir.Meta?.Profiles.ContainsKey(profile) == true)
+                        {
+                            caSupportsRequestedProfile = true;
+                            log?.Information($"The CA supports the specified ACME Profile [{profile}].");
+                        }
+                        else
+                        {
+                            log?.Error($"CA does not support the specified ACME Profile [{profile}]. The order will continue without a specific profile.");
+                        }
                     }
                     catch (Exception exp)
                     {
@@ -828,7 +842,7 @@ public async Task<PendingOrder> BeginCertificateOrder(ILog log, ManagedCertifica
                                     ariReplacesCertId = managedCertificate.ARICertificateId;
                                 }
 
-                                order = await _acme.NewOrder(identifiers: certificateIdentifiers, notAfter: notAfter, ariReplacesCertId: ariReplacesCertId);
+                                order = await _acme.NewOrder(identifiers: certificateIdentifiers, notAfter: notAfter, ariReplacesCertId: ariReplacesCertId, profile: caSupportsRequestedProfile ? profile : null);
                             }
 
                             if (order != null)

src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml

@@ -88,7 +88,23 @@
                             Width="200"
                             HorizontalAlignment="left"
                             Controls:TextBoxHelper.Watermark="e.g. DST Root CA X3"
+                            DockPanel.Dock="Top"
                             Text="{Binding SelectedItem.RequestConfig.PreferredChain}" />
+                        <TextBlock
+                            Margin="0,8"
+                            DockPanel.Dock="Top"
+                            Style="{StaticResource Subheading}">
+                            ACME Profile (Draft)
+                        </TextBlock>
+                        <TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">
+                            The certificate authority may allow you to specify a preset "profile" name for your certificate order.
+                        </TextBlock>
+                        <TextBox
+                            Width="200"
+                            HorizontalAlignment="left"
+                            Controls:TextBoxHelper.Watermark="e.g. classic"
+                            DockPanel.Dock="Top"
+                            Text="{Binding SelectedItem.RequestConfig.AcmeProfile}" />
                     </DockPanel>
                 </TabItem>