Merge pull request #24 from glatzert/net8.0-update

Net8.0 update

README.md

@@ -6,7 +6,7 @@ If you are into PowerShell, you can e.g. use my open source module [ACME-PS](htt
 
 Please be advised that this project is _NOT_ free for commercial-use, but you may test it in any company and use it for your personal projects as you see fit.
 Buying the license does not include maintenance, nevertheless I'll do my very best to answer issues here on GitHub as fast as possible.
-If you need help installing the software or getting it up and running in your environment or you want a maintenance contract, feel free to contact me and we most likely will find a way.
+If you need help installing the software or getting it up and running in your environment or you want a maintenance contract, feel free to [contact me via e-Mail](mailto:[email protected]) and we'll figure something out.
 
 The software is provided "as is", without warranty of any kind.
 
@@ -23,16 +23,17 @@ I assume your machine is domain joined.
 IIS PS> Install-WindowsFeature Web-Server,Web-Http-Logging,Web-Request-Monitor,Web-Http-Tracing,Web-Filtering,Web-IP-Security,Web-Mgmt-Console;
 ```
 
-- [ ] Install the required [LTS Version of .NET](https://dotnet.microsoft.com/en-us/download/dotnet/6.0) (6.0 LTS). You'll need the hosting bundle from the .NET Runtime section.
+- [ ] Install the required [LTS Version of .NET](https://dotnet.microsoft.com/en-us/download/dotnet/8.0) (8.0 LTS). You'll need the hosting bundle from the .NET Runtime section.
 - [ ] Download the latest release of [ACME-ADCS](https://github.com/glatzert/ACME-Server-ADCS/releases)
 
 - [ ] Extract the contents of the Release ZIP-file into `C:\inetpub\wwwroot\`.
-- [ ] Modify the IIS-AppPool, to not use .NET Framework (new .NET is loaded via another mechanism) and set it's identity to either a custom account (recommended) or "NetworkService".
+- [ ] Modify the IIS-AppPool, to not use .NET Framework (new .NET is loaded via another mechanism) and set it's identity to either a group managed service account (recommended), custom account or "NetworkService".
+- [ ] Allow the account to "Logon as a batch job". Read more about [Appliction Pool Identites](https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities) and [Managed Service Accounts](https://learn.microsoft.com/de-de/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview)
 
 ## Configure ACME-ADCS
 
 - [ ] Create a path for working files of ACME-ADCS, e.g `C:\ACME-ADCS` (this is the default path)
-- [ ] Grant full rights to the account used above
+- [ ] Grant read/write rights to the account used above
 
 - [ ] Copy `C:\inetpub\wwwroot\appsettings-custom.dist.json` to `C:\inetpub\wwwroot\appsettings-custom.json`
 - [ ] Open `C:\inetpub\wwwroot\appsettings-custom.json` in the editor of your choice.
@@ -41,7 +42,7 @@ IIS PS> Install-WindowsFeature Web-Server,Web-Http-Logging,Web-Request-Monitor,W
 ```cmd
 CMD> certutil -dump
 ```
-- [ ] Look for "Configuration" and set this as `CAServer` in the opened configuration file. Watch for '\', which need to be escaped.
+- [ ] Look for "Configuration" and set this as `CAServer` in the opened configuration file. Watch for '\', which need to be escaped. Refer to 'appsettings-sample.json' to see how it might look like.
 
 - [ ] Use `certutil -ADTemplate`, `certutil -CATemplates` or `certutil -Template` to find the name of the template to be used (or ask your CA-Admin)
 - [ ] Set the `TemplateName` in the opened configuration file

src/ACME.CertProvider.ADCS/ACME.CertProvider.ADCS.csproj

@@ -1,58 +1,59 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
-    <AssemblyName>TGIT.ACME.Protocol.CertProvider.ADCS</AssemblyName>
-    <RootNamespace>TGIT.ACME.Protocol.CertProvider.ADCS</RootNamespace>
-    <OutputType>Library</OutputType>
-
-    <!--<Title>ACME Certificate Provider for ADCS</Title>
+	<PropertyGroup>
+		<TargetFramework>net8.0-windows</TargetFramework>
+		<AssemblyName>TGIT.ACME.Protocol.CertProvider.ADCS</AssemblyName>
+		<RootNamespace>TGIT.ACME.Protocol.CertProvider.ADCS</RootNamespace>
+		<OutputType>Library</OutputType>
+		<Nullable>enable</Nullable>
+
+		<!--<Title>ACME Certificate Provider for ADCS</Title>
     <RepositoryUrl>https://github.com/PKISharp/ACME-Server/</RepositoryUrl>
     <Description>
       Implementation of a certificate provider based on Active Directory Certificate Services
     </Description>
     <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
     <PackageTags>ACME;RFC 8555;ADCS</PackageTags>
-     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>--> 
-  </PropertyGroup>
+     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>-->
+	</PropertyGroup>
 
-  <!--
+	<!--
   <ItemGroup>
     <None Remove="LICENSE" />
     <Content Include="LICENSE" Pack="true" />
   </ItemGroup> -->
 
 
-  <ItemGroup>
-    <COMReference Include="CERTENROLLLib.dll">
-      <Guid>728ab348-217d-11da-b2a4-000e7bbb2b09</Guid>
-      <VersionMajor>1</VersionMajor>
-      <VersionMinor>0</VersionMinor>
-      <WrapperTool>tlbimp</WrapperTool>
-      <Lcid>0</Lcid>
-      <Isolated>false</Isolated>
-    </COMReference>
-    <COMReference Include="CERTCLILib.dll">
-      <Guid>372fce32-4324-11d0-8810-00a0c903b83c</Guid>
-      <VersionMajor>1</VersionMajor>
-      <VersionMinor>0</VersionMinor>
-      <WrapperTool>tlbimp</WrapperTool>
-      <Lcid>0</Lcid>
-      <Isolated>false</Isolated>
-    </COMReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="6.0.0" />
-    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="6.0.0" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\ACME.Protocol.Abstractions\ACME.Protocol.Abstractions.csproj" />
-  </ItemGroup>
+	<ItemGroup>
+		<COMReference Include="CERTENROLLLib.dll">
+			<Guid>728ab348-217d-11da-b2a4-000e7bbb2b09</Guid>
+			<VersionMajor>1</VersionMajor>
+			<VersionMinor>0</VersionMinor>
+			<WrapperTool>tlbimp</WrapperTool>
+			<Lcid>0</Lcid>
+			<Isolated>false</Isolated>
+		</COMReference>
+		<COMReference Include="CERTCLILib.dll">
+			<Guid>372fce32-4324-11d0-8810-00a0c903b83c</Guid>
+			<VersionMajor>1</VersionMajor>
+			<VersionMinor>0</VersionMinor>
+			<WrapperTool>tlbimp</WrapperTool>
+			<Lcid>0</Lcid>
+			<Isolated>false</Isolated>
+		</COMReference>
+	</ItemGroup>
+
+	<ItemGroup>
+		<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="8.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
+		<PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
+	</ItemGroup>
+
+	<ItemGroup>
+		<ProjectReference Include="..\ACME.Protocol.Abstractions\ACME.Protocol.Abstractions.csproj" />
+	</ItemGroup>
 
 </Project>

src/ACME.CertProvider.ADCS/CertificateIssuer.cs

@@ -27,7 +27,7 @@ public CertificateIssuer(IOptions<ADCSOptions> options, ILogger<CertificateIssue
 
         public Task<(byte[]? Certificates, AcmeError? Error)> IssueCertificate(string csr, CancellationToken cancellationToken)
         {
-            _logger.LogDebug($"Try to issue certificate for CSR: {csr}");
+            _logger.LogDebug("Try to issue certificate for CSR: {csr}", csr);
             var result = (Certificates: (byte[]?)null, Error: (AcmeError?)null);
 
             try
@@ -57,6 +57,7 @@ public CertificateIssuer(IOptions<ADCSOptions> options, ILogger<CertificateIssue
             } 
             catch (Exception ex)
             {
+                _logger.LogError("Tried using Config {CAServer} and Template {TemplateName} to issue certificate", _options.Value.CAServer, _options.Value.TemplateName);
                 _logger.LogError(ex, "Exception has been raised during certificate issuance.");
                 result.Error = new AcmeError("serverInternal", "Certificate Issuance failed. Contact Administrator");
             }

src/ACME.CertProvider.ADCS/CsrValidator.cs

@@ -57,15 +57,18 @@ private bool SubjectIsValid(CertEnroll.CX509CertificateRequestPkcs10 request, Or
             try
             {
                 var validCNs = order.Identifiers.Select(x => x.Value)
-                    .Concat(order.Identifiers.Where(x => x.IsWildcard).Select(x => x.Value.Substring(2)))
+                    .Concat(
+                        order.Identifiers.Where(x => x.IsWildcard)
+                        .Select(x => x.Value[2..])
+                    )
                     .Select(x => "CN=" + x)
                     .ToList();
 
                 return validCNs.Any(x => request.Subject.Name.Equals(x) ||
                     (_options.Value.AllowCNSuffix && request.Subject.Name.StartsWith(x)));
             }
             // This is thrown, if there is no subject.
-            catch (Exception ex)
+            catch (Exception)
                 when (_options.Value.AllowEmptyCN)
             {
                 return true;

src/ACME.Protocol.Abstractions/ACME.Protocol.Abstractions.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>TGIT.ACME.Protocol</RootNamespace>
     <AssemblyName>TGIT.ACME.Protocol.Abstractions</AssemblyName>
     <OutputType>Library</OutputType>

src/ACME.Protocol.Model/ACME.Protocol.Model.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>TGIT.ACME.Protocol</RootNamespace>
     <AssemblyName>TGIT.ACME.Protocol.Model</AssemblyName>
     <OutputType>Library</OutputType>
@@ -15,7 +15,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.14.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
   </ItemGroup>
 
 </Project>

src/ACME.Protocol/ACME.Protocol.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>TGIT.ACME.Protocol</RootNamespace>
     <AssemblyName>TGIT.ACME.Protocol.Impl</AssemblyName>
     <OutputType>Library</OutputType>
@@ -16,13 +16,13 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="DnsClient" Version="1.5.0" />
+    <PackageReference Include="DnsClient" Version="1.7.0" />
 
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="8.0.0" />
 
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.14.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
   </ItemGroup>
 
   <ItemGroup>

src/ACME.Server.ADCS/ACME.Server.ADCS.csproj

@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net6.0</TargetFramework>
-        <RuntimeIdentifier>win10-x64</RuntimeIdentifier>
+        <TargetFramework>net8.0-windows</TargetFramework>
     </PropertyGroup>
 
     <ItemGroup>
@@ -13,7 +12,7 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="6.0.0" />
+        <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0" />
         <PackageReference Include="Serilog.Extensions.Logging.File" Version="3.0.0" />
     </ItemGroup>
 

src/ACME.Server.ADCS/Properties/PublishProfiles/Publish-SelfContained.pubxml

@@ -4,19 +4,19 @@ https://go.microsoft.com/fwlink/?LinkID=208121.
 -->
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <DeleteExistingFiles>True</DeleteExistingFiles>
-    <ExcludeApp_Data>False</ExcludeApp_Data>
-    <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
+    <DeleteExistingFiles>true</DeleteExistingFiles>
+    <ExcludeApp_Data>false</ExcludeApp_Data>
+    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
     <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
     <LastUsedPlatform>Any CPU</LastUsedPlatform>
     <PublishProvider>FileSystem</PublishProvider>
     <PublishUrl>bin\Release\net5.0\win10-x64\publish-exe\</PublishUrl>
     <WebPublishMethod>FileSystem</WebPublishMethod>
     <SiteUrlToLaunchAfterPublish />
-    <TargetFramework>net5.0</TargetFramework>
+    <TargetFramework>net6.0</TargetFramework>
     <RuntimeIdentifier>win10-x64</RuntimeIdentifier>
     <ProjectGuid>c45b90b6-3069-444d-a243-5a117def39d8</ProjectGuid>
     <SelfContained>true</SelfContained>
-    <PublishSingleFile>True</PublishSingleFile>
+    <PublishSingleFile>true</PublishSingleFile>
   </PropertyGroup>
 </Project>

src/ACME.Server.ADCS/Properties/PublishProfiles/Publish-for-IIS.pubxml

@@ -4,19 +4,19 @@ https://go.microsoft.com/fwlink/?LinkID=208121.
 -->
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <DeleteExistingFiles>True</DeleteExistingFiles>
-    <ExcludeApp_Data>False</ExcludeApp_Data>
-    <LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
+    <DeleteExistingFiles>true</DeleteExistingFiles>
+    <ExcludeApp_Data>false</ExcludeApp_Data>
+    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
     <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
     <LastUsedPlatform>Any CPU</LastUsedPlatform>
     <PublishProvider>FileSystem</PublishProvider>
-    <PublishUrl>bin\Release\net6.0\win10-x64\publish-iis\</PublishUrl>
+    <PublishUrl>bin\publish-iis\</PublishUrl>
     <WebPublishMethod>FileSystem</WebPublishMethod>
     <SiteUrlToLaunchAfterPublish />
-    <TargetFramework>net6.0</TargetFramework>
-    <RuntimeIdentifier>win10-x64</RuntimeIdentifier>
+    <TargetFramework>net8.0-windows</TargetFramework>
+    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
     <ProjectGuid>c45b90b6-3069-444d-a243-5a117def39d8</ProjectGuid>
     <SelfContained>false</SelfContained>
-    <PublishSingleFile>False</PublishSingleFile>
+    <PublishSingleFile>false</PublishSingleFile>
   </PropertyGroup>
 </Project>

src/ACME.Server/ACME.Server.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>TGIT.ACME.Server</RootNamespace>
     <AssemblyName>TGIT.ACME.Server.Core</AssemblyName>
     <OutputType>Library</OutputType>

src/ACME.Storage.FileStore/ACME.Storage.FileStore.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>TGIT.ACME.Protocol.Storage.FileStore</RootNamespace>
     <AssemblyName>TGIT.ACME.Protocol.Storage.FileStore</AssemblyName>
     <OutputType>Library</OutputType>
@@ -16,11 +16,11 @@
 
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="6.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="8.0.0" />
 
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 
   <ItemGroup>

tests/ACME.CertProvider.ADCS.Tests.Manual/ACME.CertProvider.ADCS.Tests.Manual.csproj

@@ -2,13 +2,18 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0-windows</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="6.0.0" />
+    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\ACME.CertProvider.ADCS\ACME.CertProvider.ADCS.csproj" />
+    <ProjectReference Include="..\..\src\ACME.Protocol.Model\ACME.Protocol.Model.csproj" />
   </ItemGroup>
 
 </Project>

tests/ACME.CertProvider.ADCS.Tests.Manual/Program.cs

@@ -3,6 +3,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using TGIT.ACME.Protocol.IssuanceServices.ACDS;
+using TGIT.ACME.Protocol.IssuanceServices.ADCS;
 using TGIT.ACME.Protocol.Model;
 
 if (args.Length <= 1)
@@ -26,15 +27,15 @@ async Task ManualCSRValidationTest()
 {
     var base64Csr = "";
 
-    var acdsOptions = new Microsoft.Extensions.Options.OptionsWrapper<ACDSOptions>(
-        new ACDSOptions
+    var adcsOptions = new Microsoft.Extensions.Options.OptionsWrapper<ADCSOptions>(
+        new ADCSOptions
         {
             CAServer = "",
             TemplateName = "",
             AllowCNSuffix = true,
         });
 
-    var csrValidator = new CsrValidator(acdsOptions, new NullLogger<CsrValidator>());
+    var csrValidator = new CsrValidator(adcsOptions, new NullLogger<CsrValidator>());
 
     var validationResult = await csrValidator.ValidateCsrAsync(
         new Order("FakeAccountId", new Identifier[] { new Identifier("dns", "www.test.uni-mainz.de") }),
@@ -67,8 +68,8 @@ async Task ManualIssuanceTest(string[] args)
     var csrBytes = csr.CreateSigningRequest();
     var csrPEM = $"{Convert.ToBase64String(csrBytes)}";
 
-    var acdsOptions = new Microsoft.Extensions.Options.OptionsWrapper<ACDSOptions>(
-        new ACDSOptions
+    var acdsOptions = new Microsoft.Extensions.Options.OptionsWrapper<ADCSOptions>(
+        new ADCSOptions
         {
             CAServer = caConfig,
             TemplateName = caTemplate,