Merge pull request #21 from shibayan/fix-cert-chain

Fixed an issue where intermediate certificates were not included
shibayan · Apr 29, 2019 · b9a156a · b9a156a
2 parents 6967103 + b4edafd
commit b9a156a
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj b/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj
@@ -10,7 +10,7 @@
     <PackageReference Include="Microsoft.Azure.Management.Dns" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.0.3" />
     <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="1.8.0" />
-    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.26" />
+    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.27" />
   </ItemGroup>
   <ItemGroup>
     <None Update="host.json">

diff --git a/AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs b/AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs
@@ -0,0 +1,20 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+
+namespace AzureKeyVault.LetsEncrypt.Internal
+{
+    internal static class X509Certificate2Extension
+    {
+        private static ReadOnlySpan<byte> Separator => new byte[] { 0x0A, 0x0A };
+
+        public static void ImportFromPem(this X509Certificate2Collection collection, byte[] rawData)
+        {
+            var rawDataSpan = rawData.AsSpan();
+
+            var separator = rawDataSpan.IndexOf(Separator);
+
+            collection.Add(new X509Certificate2(rawDataSpan.Slice(0, separator).ToArray()));
+            collection.Add(new X509Certificate2(rawDataSpan.Slice(separator + 2).ToArray()));
+        }
+    }
+}
diff --git a/AzureKeyVault.LetsEncrypt/SharedFunctions.cs b/AzureKeyVault.LetsEncrypt/SharedFunctions.cs
@@ -299,10 +299,12 @@ public static async Task FinalizeOrder([ActivityTrigger] DurableActivityContext
 
             var certificateData = await _httpClient.GetByteArrayAsync(finalize.Payload.Certificate);
 
-            // X509Certificate2 を作成
-            var certificate = new X509Certificate2(certificateData);
+            // X509Certificate2Collection を作成
+            var x509Certificates = new X509Certificate2Collection();
 
-            await keyVaultClient.MergeCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, new X509Certificate2Collection(certificate));
+            x509Certificates.ImportFromPem(certificateData);
+
+            await keyVaultClient.MergeCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, x509Certificates);
         }
 
         private static async Task<AcmeProtocolClient> CreateAcmeClientAsync()