Fixed renew error

shibayan · Jul 1, 2019 · 6dab71d · 6dab71d
1 parent d3b7daa
commit 6dab71d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 20 deletions.
diff --git a/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj b/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj
@@ -6,11 +6,11 @@
   <ItemGroup>
     <PackageReference Include="ACMESharpCore" Version="2.0.1.105" />
     <PackageReference Include="DnsClient" Version="1.2.0" />
-    <PackageReference Include="DurableTask.ActivityProxy" Version="1.0.0-preview2" />
+    <PackageReference Include="DurableTask.ActivityProxy" Version="1.0.0" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.3" />
     <PackageReference Include="Microsoft.Azure.Management.Dns" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.2.0" />
-    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="1.8.2" />
+    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="1.8.3" />
     <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.29" />
   </ItemGroup>
   <ItemGroup>

diff --git a/AzureKeyVault.LetsEncrypt/RenewCertificates.cs b/AzureKeyVault.LetsEncrypt/RenewCertificates.cs
@@ -1,5 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
+using System.Threading.Tasks;
 
 using Microsoft.Azure.WebJobs;
 using Microsoft.Extensions.Logging;
@@ -24,19 +23,14 @@ public static async Task RunOrchestrator([OrchestrationTrigger] DurableOrchestra
                 return;
             }
 
-            var tasks = new List<Task>();
-
             // 証明書の更新を行う
             foreach (var certificate in certificates)
             {
                 log.LogInformation($"{certificate.Id} - {certificate.Attributes.Expires}");
 
                 // 証明書の更新処理を開始
-                tasks.Add(context.CallSubOrchestratorAsync(nameof(SharedFunctions.IssueCertificate), certificate.Policy.X509CertificateProperties.SubjectAlternativeNames.DnsNames));
+                await context.CallSubOrchestratorAsync(nameof(SharedFunctions.IssueCertificate), certificate.Policy.X509CertificateProperties.SubjectAlternativeNames.DnsNames);
             }
-
-            // サブオーケストレーターの完了を待つ
-            await Task.WhenAll(tasks);
         }
 
         [FunctionName("RenewCertificates_Timer")]

diff --git a/AzureKeyVault.LetsEncrypt/SharedFunctions.cs b/AzureKeyVault.LetsEncrypt/SharedFunctions.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Net;
 using System.Net.Http;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
@@ -54,7 +55,7 @@ public async Task IssueCertificate([OrchestrationTrigger] DurableOrchestrationCo
             foreach (var authorization in orderDetails.Payload.Authorizations)
             {
                 // ACME Challenge を実行
-                var result = await proxy.Dns01Authorization((authorization, context.InstanceId));
+                var result = await proxy.Dns01Authorization((authorization, context.ParentInstanceId));
 
                 // Azure DNS で正しくレコードが引けるか確認
                 await proxy.CheckDnsChallenge(result);
@@ -260,22 +261,35 @@ public async Task FinalizeOrder([ActivityTrigger] (string[], OrderDetails) input
 
             var keyVaultClient = CreateKeyVaultClient();
 
-            // Key Vault を使って CSR を作成
-            var request = await keyVaultClient.CreateCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, new CertificatePolicy
+            byte[] csr;
+
+            try
             {
-                X509CertificateProperties = new X509CertificateProperties
+                // Key Vault を使って CSR を作成
+                var request = await keyVaultClient.CreateCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, new CertificatePolicy
                 {
-                    SubjectAlternativeNames = new SubjectAlternativeNames(dnsNames: hostNames)
-                }
-            }, tags: new Dictionary<string, string>
+                    X509CertificateProperties = new X509CertificateProperties
+                    {
+                        SubjectAlternativeNames = new SubjectAlternativeNames(dnsNames: hostNames)
+                    }
+                }, tags: new Dictionary<string, string>
+                {
+                    { "Issuer", "letsencrypt.org" }
+                });
+
+                csr = request.Csr;
+            }
+            catch (KeyVaultErrorException ex) when (ex.Response.StatusCode == HttpStatusCode.Conflict)
             {
-                { "Issuer", "letsencrypt.org" }
-            });
+                var base64Csr = await keyVaultClient.GetPendingCertificateSigningRequestAsync(Settings.Default.VaultBaseUrl, certificateName);
+
+                csr = Convert.FromBase64String(base64Csr);
+            }
 
             var acme = await CreateAcmeClientAsync();
 
             // Order の最終処理を実行し、証明書を作成
-            var finalize = await acme.FinalizeOrderAsync(orderDetails.Payload.Finalize, request.Csr);
+            var finalize = await acme.FinalizeOrderAsync(orderDetails.Payload.Finalize, csr);
 
             var certificateData = await _httpClient.GetByteArrayAsync(finalize.Payload.Certificate);