From d82872918822d73bef7624c03d4966e8f8768b05 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 15 May 2023 10:41:51 +0800
Subject: [PATCH 001/237] Package updates

---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 src/Certify.Service/App.config                                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 7545564e7..bd104c8b8 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 05fa38a59..2383d0be7 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <startup>
     <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />

From 9ef5a7d926edb07e3d90a92ad7bc861ab55de413 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 May 2023 12:55:36 +0800
Subject: [PATCH 002/237] API: add health endpoint and service config from ENV

---
 .../Controllers/v1/SystemController.cs        | 29 ++++++++++++++++++-
 .../Certify.Server.Api.Public/Startup.cs      | 19 +++++++++++-
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 5d01a0cef..3ad95e5d9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,5 +1,7 @@
-using System.Threading.Tasks;
+using System;
+using System.Threading.Tasks;
 using Certify.Client;
+using Certify.Shared;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
@@ -36,9 +38,34 @@ public SystemController(ILogger<SystemController> logger, ICertifyInternalApiCli
         [Route("version")]
         public async Task<IActionResult> GetSystemVersion()
         {
+
             var versionInfo = await _client.GetAppVersion();
 
             return new OkObjectResult(versionInfo);
         }
+
+        /// <summary>
+        /// Check API is responding and can connect to background service
+        /// </summary>
+        /// <returns></returns>
+        [HttpGet]
+        [Route("health")]
+        public async Task<IActionResult> GetHealth()
+        {
+            var serviceAvailable = false;
+            var versionInfo = "Not available. Cannot connect to service worker.";
+            try
+            {
+                versionInfo = await _client.GetAppVersion();
+                serviceAvailable = true;
+            }
+            catch { }
+
+            var env = Environment.GetEnvironmentVariables();
+
+            var health = new { API = "OK", Service = versionInfo, ServiceAvailable = serviceAvailable, env = env };
+
+            return new OkObjectResult(health);
+        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 3b2164fcb..ef6de7325 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -121,7 +121,24 @@ public void ConfigureServices(IServiceCollection services)
 #endif
             // connect to certify service 
             var configManager = new ServiceConfigManager();
-            var defaultConnectionConfig = new Shared.ServerConnection(configManager.GetServiceConfig());
+            var serviceConfig = configManager.GetServiceConfig();
+
+            var serviceHostEnv = Environment.GetEnvironmentVariable("CERTIFY_SERVER_HOST");
+            var servicePortEnv = Environment.GetEnvironmentVariable("CERTIFY_SERVER_PORT");
+
+            if (!string.IsNullOrEmpty(serviceHostEnv))
+            {
+                serviceConfig.Host = serviceHostEnv;
+            }
+
+            if (!string.IsNullOrEmpty(servicePortEnv) && int.TryParse(servicePortEnv, out var tryServicePort))
+            { 
+                serviceConfig.Port = tryServicePort;
+            }
+
+            var defaultConnectionConfig = new Shared.ServerConnection(serviceConfig);
+            System.Diagnostics.Debug.WriteLine($"Public API: conecting to background service {serviceConfig:Host}:{serviceConfig.Port}");
+
             var connections = ServerConnectionManager.GetServerConnections(null, defaultConnectionConfig);
             var serverConnection = connections.FirstOrDefault(c => c.IsDefault == true);
 

From dca8fac8c9e7fc9a08c1711d52b5597f10eee86f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 19 May 2023 11:12:11 +0800
Subject: [PATCH 003/237] Package updates and move some components to net8.0

---
 .../Certify.Server.Api.Public.Tests.csproj    |  4 +-
 .../Certify.Server.Api.Public.csproj          |  4 +-
 .../Certify.Server.Core.csproj                | 10 ++--
 .../Certify.Service.Worker.csproj             |  2 +-
 .../Certify.Shared.Extensions.csproj          | 48 ++-----------------
 .../Certify.Core.Tests.Integration.csproj     |  2 +-
 .../Certify.Core.Tests.Unit.csproj            |  6 +--
 .../Certify.Service.Tests.Integration.csproj  |  2 +-
 .../Certify.UI.Tests.Integration.csproj       |  2 +-
 .../Certify.UI.Desktop.csproj                 |  4 +-
 .../Certify.UI.Shared.csproj                  |  2 +-
 11 files changed, 22 insertions(+), 64 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 5e18d7182..604c65257 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>
@@ -33,7 +33,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="System.Text.Json" Version="7.0.2" />
+    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.4.23259.5" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index c562adaa5..f8881b424 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <DockerfileContext>..\..\..\..\certify-general</DockerfileContext>
     <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
@@ -13,7 +13,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.4.23260.4" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.30.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 2aa33e944..c79d5aa03 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <Platforms>AnyCPU</Platforms>
@@ -9,15 +9,15 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="7.0.5" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.5" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.4.23260.4" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-preview.4.23260.4" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-preview.4.23260.4" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index dd7ffcbe6..9c296840d 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>dotnet-Certify.Service.Worker-347A036F-C1EA-4D32-A163-DCB38C3CA53E</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <DockerfileRunArguments>-v certifydata:/usr/share/Certify</DockerfileRunArguments>
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 7e6e80ef6..283bdc62d 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>net462;netstandard2.0;net7.0</TargetFrameworks>
+        <TargetFrameworks>net462;netstandard2.0;net8.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
 
     </PropertyGroup>
@@ -23,51 +23,9 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        
-        <PackageReference Include="System.Management.Automation" Version="7.3.4" Condition="'$(TargetFramework)' == 'net7.0'" />
-        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net7.0'" />
 
-        <!--package references used by other plugins, included here as a workaround to hook them into the app build-->
-        <!--
-        <PackageReference Include="AWSSDK.Route53">
-            <Version>3.7.104.56</Version>
-        </PackageReference>
-        <PackageReference Include="Azure.Identity">
-            <Version>1.8.2</Version>
-        </PackageReference>
-        <PackageReference Include="Azure.Security.KeyVault.Certificates">
-            <Version>4.5.1</Version>
-        </PackageReference>
-        <PackageReference Include="Microsoft.Azure.Management.AppService.Fluent">
-            <Version>1.38.1</Version>
-        </PackageReference>
-        <PackageReference Include="Microsoft.Azure.Management.Dns">
-            <Version>3.0.1</Version>
-        </PackageReference>
-        <PackageReference Include="Microsoft.Azure.Management.ResourceManager.Fluent">
-            <Version>1.38.1</Version>
-        </PackageReference>
-
-        <PackageReference Include="Microsoft.Rest.ClientRuntime.Azure.Authentication">
-            <Version>2.4.1</Version>
-        </PackageReference>
-        <PackageReference Include="Serilog">
-            <Version>2.12.0</Version>
-        </PackageReference>
-
-        <PackageReference Include="SSH.NET">
-            <Version>2020.0.2</Version>
-        </PackageReference>
-        <PackageReference Include="System.Diagnostics.DiagnosticSource">
-            <Version>7.0.2</Version>
-        </PackageReference>
-        <PackageReference Include="System.Security.Permissions">
-            <Version>7.0.0</Version>
-        </PackageReference>
-        <PackageReference Include="System.ServiceProcess.ServiceController">
-            <Version>7.0.0</Version>
-        </PackageReference>
-        -->
+        <PackageReference Include="System.Management.Automation" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index ef9a8a5ca..727b93613 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net7.0;net462;</TargetFrameworks>
+    <TargetFrameworks>net8.0;net462;</TargetFrameworks>
     <Configurations>Debug;Release;Debug;Release</Configurations>
     <RootNamespace>Certify.Core.Tests</RootNamespace>
     <AssemblyName>Certify.Core.Tests</AssemblyName>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index c0439e6d4..f1d0a157e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net7.0;net462;</TargetFrameworks>
+    <TargetFrameworks>net8.0;net462;</TargetFrameworks>
     <Configurations>Debug;Release</Configurations>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
@@ -85,10 +85,10 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <PlatformTarget>x64</PlatformTarget>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net7.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net7.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 9d3c8e642..ae0b8939c 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net7.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <Configurations>Debug;Release;</Configurations>
 
   </PropertyGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 18b711624..96d8fbd3d 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net7.0-windows</TargetFramework>
+    <TargetFramework>net8.0-windows</TargetFramework>
     <Configurations>Debug;Release;</Configurations>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
diff --git a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
index bc5b55f80..a3b194749 100644
--- a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
+++ b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
@@ -2,12 +2,12 @@
 
     <PropertyGroup>
         <OutputType>WinExe</OutputType>
-        <TargetFramework>net7.0-windows</TargetFramework>
+        <TargetFramework>net8.0-windows</TargetFramework>
         <UseWPF>true</UseWPF>
         <UseWindowsForms>true</UseWindowsForms>
         <ApplicationIcon>icon.ico</ApplicationIcon>
         <StartupObject>Certify.UI.App</StartupObject>
-        <Platforms>AnyCPU;x64</Platforms>
+        <Platforms>AnyCPU;</Platforms>
         <XamlDebuggingInformation>True</XamlDebuggingInformation>
     </PropertyGroup>
 
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index a8973f02b..c7ea0f478 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFrameworks>net462;net7.0-windows; </TargetFrameworks>
+		<TargetFrameworks>net462;net8.0-windows;</TargetFrameworks>
 		<UseWPF>true</UseWPF>
 		<UseWindowsForms>true</UseWindowsForms>
 		<!--assembly version specified here to allow WPF to load windows via startupUI without version dependency-->

From 97fd3ae55c100af1ea880d0c1bfd19ac3ab0d4c6 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 19 May 2023 11:49:07 +0800
Subject: [PATCH 004/237] cleanup

---
 src/Certify.Models/Config/CertRequestConfig.cs          | 2 +-
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Models/Config/CertRequestConfig.cs b/src/Certify.Models/Config/CertRequestConfig.cs
index de88d4cfd..d57cb32c4 100644
--- a/src/Certify.Models/Config/CertRequestConfig.cs
+++ b/src/Certify.Models/Config/CertRequestConfig.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index ef6de7325..d3335a10d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -137,7 +137,7 @@ public void ConfigureServices(IServiceCollection services)
             }
 
             var defaultConnectionConfig = new Shared.ServerConnection(serviceConfig);
-            System.Diagnostics.Debug.WriteLine($"Public API: conecting to background service {serviceConfig:Host}:{serviceConfig.Port}");
+            System.Diagnostics.Debug.WriteLine($"Public API: connecting to background service {serviceConfig:Host}:{serviceConfig.Port}");
 
             var connections = ServerConnectionManager.GetServerConnections(null, defaultConnectionConfig);
             var serverConnection = connections.FirstOrDefault(c => c.IsDefault == true);

From 28bb55ac696072fcf2b41973169e6017b9ff7db2 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 19 May 2023 13:30:11 +0800
Subject: [PATCH 005/237] Adjust default launch settings

---
 .../Properties/launchSettings.json            | 35 ++++++++++++-------
 .../appsettings.Development.json              |  8 +++++
 .../Certify.Service.Worker/appsettings.json   |  2 +-
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index a17832104..9db54dd53 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -1,16 +1,7 @@
 {
-  "iisSettings": {
-    "windowsAuthentication": false,
-    "anonymousAuthentication": true,
-    "iisExpress": {
-      "applicationUrl": "http://localhost:59059/",
-      "sslPort": 44361
-    }
-  },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
-      "launchBrowser": false,
       "launchUrl": "docs",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
@@ -18,11 +9,31 @@
     },
     "Certify.Server.Api.Public": {
       "commandName": "Project",
-      "launchBrowser": false,
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "CERTIFY_SERVER_HOST": "127.0.0.2",
+        "CERTIFY_SERVER_PORT": "9695"
+      },
+      "applicationUrl": "https://localhost:44361;http://localhost:44360"
+    },
+    "WSL": {
+      "commandName": "WSL2",
+      "launchUrl": "https://localhost:5001",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
+        "CERTIFY_SERVER_HOST": "localhost",
+        "CERTIFY_SERVER_PORT": "9695"
       },
-      "applicationUrl": "https://localhost:5001;http://localhost:5000"
+      "distributionName": ""
+    }
+  },
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:59059/",
+      "sslPort": 44361
     }
   }
 }
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json
index d941ff89b..1412eecd3 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json
@@ -7,5 +7,13 @@
       "Microsoft.AspNetCore.SignalR": "Debug",
       "Microsoft.AspNetCore.Http.Connections": "Debug"
     }
+  },
+  "API": {
+    "Service": {
+      "HttpPort": 9695,
+      "HttpsPort": 9443,
+      "UseHttps": false,
+      "BindingIP": "any"
+    }
   }
 }
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json
index 937f63c3f..c723fdbd8 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json
@@ -10,7 +10,7 @@
   },
   "API": {
     "Service": {
-      "HttpPort": 9695,
+      "HttpPort": 9696,
       "HttpsPort": 9443,
       "UseHttps": false,
       "BindingIP": "any"

From 7a37fc3f9e8ab5d9bf14ceab596d0255d462489a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 25 May 2023 16:34:48 +0800
Subject: [PATCH 006/237] Package updates

---
 .../Certify.Service.Worker/Certify.Service.Worker.csproj    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 9c296840d..56fa79ead 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -11,9 +11,9 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="7.0.1" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="7.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-preview.4.23259.5" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.4.23259.5" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
   </ItemGroup>

From 85d56b298c1eff8af32f284886fc3fd302eef5aa Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 25 May 2023 17:11:44 +0800
Subject: [PATCH 007/237] Reduce size of API in use

---
 .../Certify.Server.Api.Public/Certify.Server.Api.Public.csproj   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index f8881b424..c97fef982 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -10,6 +10,7 @@
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <Optimize>True</Optimize>
   </PropertyGroup>
 
   <ItemGroup>

From bb52af7be21e468cdf3aecec4695e962643760bb Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Tue, 30 May 2023 12:05:21 +0800
Subject: [PATCH 008/237] Package updates

---
 src/Certify.Service/App.config                      |  2 +-
 src/Certify.Service/Certify.Service.csproj          | 13 ++++++-------
 src/Certify.Shared/Certify.Shared.Core.csproj       |  7 +++----
 .../Certify.Core.Tests.Integration.csproj           |  2 +-
 .../Certify.UI.Tests.Integration.csproj             |  2 +-
 5 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 2383d0be7..1222abb07 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.54.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.54.1.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index a89735035..3f487ed0a 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -49,13 +49,12 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.AspNet.SignalR.Core" Version="2.4.3" />
         <PackageReference Include="Microsoft.AspNet.SignalR.SelfHost" Version="2.4.3" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Core" Version="5.3.0" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.54.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="5.2.9" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Core" Version="5.2.9" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.2.9" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.2.9" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 254af5b42..efed0ac7c 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -1,7 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>netstandard2.0;net6.0</TargetFrameworks>
+        <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
         <Platforms>AnyCPU;x64</Platforms>
     </PropertyGroup>
 
@@ -20,8 +20,7 @@
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.2.0" Condition="'$(TargetFramework)' == 'net6.0'" />
-        <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.3.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 727b93613..6c3b6449c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFrameworks>net8.0;net462;</TargetFrameworks>
     <Configurations>Debug;Release;Debug;Release</Configurations>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 96d8fbd3d..4cb5cb968 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>net8.0-windows</TargetFramework>
     <Configurations>Debug;Release;</Configurations>

From 89dfed39122ebf5f9a9c85faa4a2108aea9fc086 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 1 Jun 2023 14:18:05 +0800
Subject: [PATCH 009/237] Cleanup

---
 .../Controllers/v1/SystemController.cs                          | 1 -
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs         | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 3ad95e5d9..da0203190 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Threading.Tasks;
 using Certify.Client;
-using Certify.Shared;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index d3335a10d..988893c56 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -132,7 +132,7 @@ public void ConfigureServices(IServiceCollection services)
             }
 
             if (!string.IsNullOrEmpty(servicePortEnv) && int.TryParse(servicePortEnv, out var tryServicePort))
-            { 
+            {
                 serviceConfig.Port = tryServicePort;
             }
 

From 686a6bebadc0c3911b5971d24f11ae846d3c469c Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 1 Jun 2023 14:18:55 +0800
Subject: [PATCH 010/237] API: update endpoints and implement credential update

---
 .../Certify.Server.Api.Public.csproj          |  4 ----
 .../internal/StoredCredentialController.cs    | 20 +++++++++++++++++++
 .../Controllers/v1/AuthController.cs          |  2 +-
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index c97fef982..0b7e2c71c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -27,9 +27,5 @@
 
   </ItemGroup>
 
-  <ItemGroup>
-    <Folder Include="Models\" />
-  </ItemGroup>
-
 
 </Project>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
index fa2abc6dc..843116c2f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
@@ -46,5 +46,25 @@ public async Task<IActionResult> GetStoredCredentials()
             var list = await _client.GetCredentials();
             return new OkObjectResult(list);
         }
+
+        /// <summary>
+        /// Add/Update a stored credential
+        /// </summary>
+        /// <returns></returns>
+        [HttpPost]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.Config.StoredCredential))]
+        public async Task<IActionResult> UpdateStoredCredential(Models.Config.StoredCredential credential)
+        {
+            var update = await _client.UpdateCredentials(credential);
+            if (update != null)
+            {
+                return new OkObjectResult(update);
+            }
+            else
+            {
+                return new BadRequestResult();
+            }
+        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index ee27d15ca..59a35233d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -41,7 +41,7 @@ public AuthController(ILogger<AuthController> logger, ICertifyInternalApiClient
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [HttpGet]
         [Route("status")]
-        public async Task<IActionResult> Get()
+        public async Task<IActionResult> CheckAuthStatus()
         {
             return await Task.FromResult(new OkResult());
         }

From 30966553d2c91ea991428992dab6aed95d0ee16f Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 1 Jun 2023 14:19:26 +0800
Subject: [PATCH 011/237] Core: Enable powershell on linux

---
 .../Certify.Shared.Extensions.csproj            |  2 +-
 .../Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1  | 13 ++++++++++++-
 .../Utils/PowerShellManager.cs                  | 17 +++++++++++------
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 283bdc62d..b5711e9cf 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -24,7 +24,7 @@
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
 
-        <PackageReference Include="System.Management.Automation" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1 b/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
index 2bbd11170..5d22f1410 100644
--- a/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
+++ b/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
@@ -15,7 +15,18 @@ try {
 # iwr https://tls13.1d.pw # TLS 1.3 test
 
 # Load Assembly without using Add-Type to avoid locking assembly dll
-$assemblyBytes = [System.IO.File]::ReadAllBytes("$($PoshACMERoot)\..\..\..\BouncyCastle.Cryptography.dll")
+$bcPath = "$($PoshACMERoot)/../../../BouncyCastle.Cryptography.dll"
+If (Test-Path -Path $bcPath -PathType Leaf -ne $true)
+{
+    $bcPath =   "$($PoshACMERoot)\lib\BC.Crypto.1.8.8.2-netstandard2.0.dll"
+
+    If (Test-Path -Path $bcPath -PathType Leaf -ne $true){
+        Write-Error "Unable to find BouncyCastle dll at $bcPath"
+        Exit 1
+    }
+}
+
+$assemblyBytes = [System.IO.File]::ReadAllBytes($bcPath)
 [System.Reflection.Assembly]::Load($assemblyBytes) | out-null
 
 # Dot source the files (in the same manner as Posh-ACME would)
diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index 0502ed92d..e8fabb035 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -5,6 +5,7 @@
 using System.Linq;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
+using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.AccessControl;
 using System.Security.Principal;
@@ -383,13 +384,17 @@ private static ActionResult InvokePowershell(CertificateRequestResult result, st
                 executionPolicy = parameters.FirstOrDefault(p => p.Key.ToLower() == "executionpolicy").Value?.ToString();
             }
 
-            if (!string.IsNullOrEmpty(executionPolicy))
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
-                shell.AddCommand("Set-ExecutionPolicy")
-                        .AddParameter("ExecutionPolicy", executionPolicy)
-                        .AddParameter("Scope", "Process")
-                        .AddParameter("Force")
-                        .Invoke();
+                // on windows we may need to set execution policy depending on user preferences
+                if (!string.IsNullOrEmpty(executionPolicy))
+                {
+                    shell.AddCommand("Set-ExecutionPolicy")
+                            .AddParameter("ExecutionPolicy", executionPolicy)
+                            .AddParameter("Scope", "Process")
+                            .AddParameter("Force")
+                            .Invoke();
+                }
             }
 
             // add script command to invoke

From eab0ede2dcd26964eb3bbf6aa222234b547d2457 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 8 Jun 2023 11:48:14 +0800
Subject: [PATCH 012/237] API: implement dns zone lookup

---
 .../internal/ChallengeProviderController.cs     | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
index 6ee41ac9e..ff3234c7e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Certify.Client;
+using Certify.Models.Providers;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -38,7 +39,6 @@ public ChallengeProviderController(ILogger<ChallengeProviderController> logger,
         /// <returns></returns>
         [HttpGet]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<Models.Config.ChallengeProviderDefinition>))]
 
         public async Task<IActionResult> GetChallengeProviders()
@@ -46,5 +46,20 @@ public async Task<IActionResult> GetChallengeProviders()
             var list = await _client.GetChallengeAPIList();
             return new OkObjectResult(list);
         }
+
+        /// <summary>
+        /// Fetch list of DNS zones for a given DNS provider and credential
+        /// </summary>
+        /// <param name="providerTypeId"></param>
+        /// <param name="credentialsId"></param>
+        /// <returns></returns>
+        [HttpGet]
+        [Route("dnszones")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<DnsZone>))]
+        public async Task<List<DnsZone>> GetDnsZones(string providerTypeId, string credentialsId)
+        {
+            return await _client.GetDnsProviderZones(providerTypeId, credentialsId);
+        }
     }
 }

From 400891b60ffc49d3aff7e2af582ea7cc676ee0b3 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 15 Jun 2023 17:34:01 +0800
Subject: [PATCH 013/237] Package updates

Package updates
---
 src/Certify.Client/Certify.Client.csproj               |  2 +-
 src/Certify.Core/Certify.Core.csproj                   |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                  |  3 ++-
 .../Certify.Server.Api.Public.Tests.csproj             |  1 -
 .../Certify.Server.Api.Public.csproj                   |  6 +++---
 .../Certify.Server.Core/Certify.Server.Core.csproj     | 10 +++++-----
 .../Certify.Service.Worker.csproj                      |  2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj          |  2 +-
 .../Certify.Core.Tests.Integration.csproj              |  2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj         |  6 +++---
 src/Certify.UI/Certify.UI.csproj                       |  3 ++-
 11 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index c224410c3..a7b2a9657 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.5" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.30.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 144ad0de9..d53f15c4f 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -71,7 +71,7 @@
     <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index f7a863373..b8bed8208 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
@@ -10,6 +10,7 @@
     <PackageReference Include="Azure.Core" Version="1.32.0" />
     <PackageReference Include="Azure.Identity" Version="1.9.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0-preview.5.23280.8" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 604c65257..5d28b3f6f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -33,7 +33,6 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.4.23259.5" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 0b7e2c71c..c38ebf9bc 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -14,11 +14,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.4.23260.4" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.30.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.5.23302.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.31.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.30.1" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.31.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index c79d5aa03..6cf4c5298 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,15 +9,15 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.4.23260.4" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-preview.4.23260.4" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-preview.4.23260.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.5.23302.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.5" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.4.23259.5" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
     <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 56fa79ead..559de7603 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -15,7 +15,7 @@
     <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index efed0ac7c..ad1a3f114 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -20,7 +20,7 @@
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.3.0" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.4.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 6c3b6449c..524064b0c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -84,7 +84,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index c7ea0f478..011ebd213 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -32,10 +32,10 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="ControlzEx" Version="5.0.2" />
-		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
+		<PackageReference Include="ControlzEx" Version="6.0.0" />
+		<PackageReference Include="Fody" Version="6.7.0" PrivateAssets="All" />
 		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9" />
-		<PackageReference Include="MahApps.Metro" Version="2.4.10" />
+		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0457" />
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 5e47bfd30..e0cf64800 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
@@ -159,6 +159,7 @@
     </PackageReference>
     <PackageReference Include="MahApps.Metro">
       <Version>2.4.10</Version>
+      <Version>3.0.0-alpha0457</Version>
     </PackageReference>
     <PackageReference Include="Markdig.Wpf">
       <Version>0.5.0.1</Version>

From f32c1df3bf3116f6e2f8c1682569e7f97f003383 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Mon, 19 Jun 2023 13:34:18 +0800
Subject: [PATCH 014/237] Minor updates

---
 .../Certify.Server.Api.Public.csproj                      | 2 +-
 .../Middleware/AuthenticationExtension.cs                 | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index c38ebf9bc..be973e4fa 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -10,7 +10,7 @@
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <Optimize>True</Optimize>
+
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
index c13134e70..240207755 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
@@ -1,4 +1,5 @@
-using System.Text;
+using System;
+using System.Text;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -21,6 +22,11 @@ public static IServiceCollection AddTokenAuthentication(this IServiceCollection
         {
             var secret = config.GetSection("JwtSettings").GetSection("secret").Value;
 
+            if (secret == null)
+            {
+                throw new ArgumentNullException("Token authentication requires JwtSettings > Secret to be set in order to perform JWT operations");
+            }
+
             var key = Encoding.ASCII.GetBytes(secret);
             services.AddAuthentication(x =>
             {

From d040edfe618d786f83eda98f7d33453b2ae055b8 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Mon, 19 Jun 2023 15:08:59 +0800
Subject: [PATCH 015/237] Update readme

---
 .../Certify.Service.Worker/readme.md                      | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
index 9f863b4a7..7546905d5 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
@@ -1,5 +1,13 @@
 Certify Service Worker (Cross Platform)
 -----------------
+
+# Architecture
+- Certify.Server.Core, running as a hosted internal API app within a Worker (Certify.Service.Worker). This is a re-implementation of the original service usedby the desktop UI.
+- Certify.Server.Api.Public, running as a API for public consumption, wrapping calls to the core internal API
+
+The advantage of this structure is that the public API can be exposed to the network for Web UI access, without client machines talking directly to the core service. The public API can run as the least prvilelged service user, while the core service may require elevated privileges depending on how it is used.
+
+
 Development workflow
 
 

From 5f66afb2659a92fa008ff6964e8599f759ed6b40 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 28 Jun 2023 17:23:01 +0800
Subject: [PATCH 016/237] Implement paged result set with count for managed
 cert search

---
 src/Certify.Client/CertifyApiClient.cs        | 18 +++++++++++++
 src/Certify.Client/ICertifyClient.cs          |  1 +
 .../CertifyManager.ManagedCertificates.cs     | 23 +++++++++++++++++
 .../CertifyManager/ICertifyManager.cs         |  1 +
 .../API/ManagedCertificateSummary.cs          |  8 ++++++
 .../Config/ManagedCertificate.cs              | 12 +++++++++
 .../Controllers/v1/CertificateController.cs   | 25 +++++++++++++------
 .../ManagedCertificateController.cs           |  8 ++++++
 8 files changed, 89 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 6b5dce441..9889fda58 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -379,6 +379,24 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
             }
         }
 
+        /// <summary>
+        /// Get search results, same as GetManagedCertificates but result has count of total results available as used when paging
+        /// </summary>
+        /// <param name="filter"></param>
+        /// <returns></returns>
+        public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter)
+        {
+            var response = await PostAsync("managedcertificates/results/", filter);
+            var serializer = new JsonSerializer();
+
+            using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
+            using (var reader = new JsonTextReader(sr))
+            {
+                var result = serializer.Deserialize<ManagedCertificateSearchResult>(reader);
+                return result;
+            }
+        }
+
         public async Task<ManagedCertificate> GetManagedCertificate(string managedItemId)
         {
             var result = await FetchAsync($"managedcertificates/{managedItemId}");
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 844e8994e..d76755cd1 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -76,6 +76,7 @@ public interface ICertifyInternalApiClient
         #region Managed Certificates
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter);
+        Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter);
 
         Task<ManagedCertificate> GetManagedCertificate(string managedItemId);
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 8bc72d6cc..0141027fa 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -69,6 +69,29 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
             return list;
         }
 
+        /// <summary>
+        /// Get list of managed certificates based on then given filter criteria, as search result with total count
+        /// </summary>
+        /// <param name="filter"></param>
+        /// <returns></returns>
+        public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(ManagedCertificateFilter filter)
+        {
+            var result = new ManagedCertificateSearchResult();
+
+            var list = await _itemManager.Find(filter);
+            if (filter.PageSize > 0)
+            {
+                // TODO: implement count on provider directly
+                filter.PageSize = null;
+                filter.PageIndex = null;
+                var all = await _itemManager.Find(filter);
+                result.TotalResults = all.Count;
+            }
+            
+            result.Results = list;
+
+            return result;
+        }
         /// <summary>
         /// Update the stored details for the given managed certificate and report update to client(s)
         /// </summary>
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index ddbd48990..04c0614cf 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -27,6 +27,7 @@ public interface ICertifyManager
         Task<ManagedCertificate> GetManagedCertificate(string id);
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter = null);
+        Task<ManagedCertificateSearchResult> GetManagedCertificateResults(ManagedCertificateFilter filter = null);
 
         Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site);
 
diff --git a/src/Certify.Models/API/ManagedCertificateSummary.cs b/src/Certify.Models/API/ManagedCertificateSummary.cs
index 712f5b740..8ce588047 100644
--- a/src/Certify.Models/API/ManagedCertificateSummary.cs
+++ b/src/Certify.Models/API/ManagedCertificateSummary.cs
@@ -53,4 +53,12 @@ public class ManagedCertificateSummary
         /// </summary>
         public bool HasCertificate { get; set; }
     }
+
+    public class ManagedCertificateSummaryResult
+    {
+        public IEnumerable<ManagedCertificateSummary> Results { get; set; } = new List<ManagedCertificateSummary>();
+        public int TotalResults { get; set; }
+        public int PageIndex { get; set; }
+        public int PageSize { get; set; }
+    }
 }
diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index 6dedce45d..19f009444 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -110,6 +110,18 @@ public Lifetime(DateTimeOffset dateStart, DateTimeOffset dateEnd)
         }
     }
 
+    public class ManagedCertificateSearchResult
+    {
+        /// <summary>
+        /// Results in this search (may be a paged subset)
+        /// </summary>
+        public IEnumerable<ManagedCertificate> Results { get; set; } = Enumerable.Empty<ManagedCertificate>();
+        /// <summary>
+        /// Total results available
+        /// </summary>
+        public int TotalResults { get; set; }
+    }
+
     public class ManagedCertificate : BindableBase
     {
         public ManagedCertificate()
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index c505e3a2e..33f75a9df 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -149,15 +149,19 @@ public async Task<IActionResult> DownloadLogAsText(string managedCertId, int max
         /// <returns></returns>
         [HttpGet]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<ManagedCertificateSummary>))]
-        public async Task<IActionResult> GetManagedCertificates(string keyword)
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(ManagedCertificateSummaryResult))]
+        public async Task<IActionResult> GetManagedCertificates(string keyword, int? page = null, int? pageSize = null)
         {
 
-            var managedCerts = await _client.GetManagedCertificates(new Models.ManagedCertificateFilter { Keyword = keyword });
+            var managedCertResult = await _client.GetManagedCertificateSearchResult(
+                new Models.ManagedCertificateFilter
+                {
+                    Keyword = keyword,
+                    PageIndex = page,
+                    PageSize = pageSize
+                });
 
-            //TODO: this assumes all identifiers are DNS, may be IPs in the future.
-
-            var list = managedCerts.Select(i => new ManagedCertificateSummary
+            var list = managedCertResult.Results.Select(i => new ManagedCertificateSummary
             {
                 Id = i.Id,
                 Title = i.Name,
@@ -170,7 +174,14 @@ public async Task<IActionResult> GetManagedCertificates(string keyword)
                 HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
             }).OrderBy(a => a.Title);
 
-            return new OkObjectResult(list);
+            var result = new ManagedCertificateSummaryResult { 
+                Results = list, 
+                TotalResults = managedCertResult.TotalResults, 
+                PageIndex = page ?? 0, 
+                PageSize = pageSize ?? list.Count()
+            };
+
+            return new OkObjectResult(result);
         }
 
         /// <summary>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 81bed9095..8c891b901 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -34,6 +34,14 @@ public async Task<List<ManagedCertificate>> Search(ManagedCertificateFilter filt
             return await _certifyManager.GetManagedCertificates(filter);
         }
 
+        // Get List of Top N Managed Certificates, filtered by title, as a Search Result with total count
+        [HttpPost, Route("results")]
+        public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateFilter filter)
+        {
+            DebugLog();
+            return await _certifyManager.GetManagedCertificateResults(filter);
+        }
+
         [HttpGet, Route("{id}")]
         public async Task<ManagedCertificate> GetById(string id)
         {

From 0ad4cd514a792fc6cb5eb71705f952f0a77c2d9f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 28 Jun 2023 17:33:42 +0800
Subject: [PATCH 017/237] Package updates

---
 src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index b5711e9cf..95aef1a40 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
         <TargetFrameworks>net462;netstandard2.0;net8.0</TargetFrameworks>

From ccf4886c194c20118d00c155926737406d98ebf0 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Fri, 30 Jun 2023 16:54:24 +0800
Subject: [PATCH 018/237] WIP: pref for powershell executable path

---
 .../Utils/PowerShellManager.cs                | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index e8fabb035..9c0693e33 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -153,13 +153,24 @@ public static async Task<ActionResult> RunScript(
             }
         }
 
-        private static string GetPowershellExePath()
+        /// <summary>
+        /// Get the path to the pwoershell exe, optionally using a preferred path first
+        /// </summary>
+        /// <param name="powershellPathPreference"></param>
+        /// <returns></returns>
+        private static string GetPowershellExePath(string powershellPathPreference)
         {
             var searchPaths = new List<string>() {
                 "%WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
-                "%PROGRAMFILES%\\PowerShell\\7\\pwsh.exe"
+                "%PROGRAMFILES%\\PowerShell\\7\\pwsh.exe",
+                "/usr/bin/pwsh"
             };
 
+            if (!string.IsNullOrWhiteSpace(powershellPathPreference))
+            {
+                searchPaths.Insert(0, powershellPathPreference);
+            }
+
             // if powershell exe path supplied, use that (with expansion) and check exe exists
             // otherwise detect powershell exe location
             foreach (var exePath in searchPaths)
@@ -174,15 +185,15 @@ private static string GetPowershellExePath()
             return null;
         }
 
-        private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5)
+        private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
         {
 
             var _log = new StringBuilder();
 
-            var commandExe = GetPowershellExePath();
+            var commandExe = GetPowershellExePath(powershellPathPreference);
             if (commandExe == null)
             {
-                return new ActionResult("Failed to locate powershell exe. Cannot launch as new process.", false);
+                return new ActionResult("Failed to locate powershell executable. Cannot launch as new process.", false);
             }
 
             if (!string.IsNullOrEmpty(scriptContent))

From c3293209093cef2a19d7a1427cca0bf33e0a4b8e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 May 2023 12:55:36 +0800
Subject: [PATCH 019/237] API: add health endpoint and service config from ENV

---
 .../Controllers/v1/SystemController.cs                          | 1 +
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs         | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index da0203190..3ad95e5d9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using Certify.Client;
+using Certify.Shared;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 988893c56..037560049 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;

From 7489345ff598142593d6891ac67506be0aadd357 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 19 May 2023 11:12:11 +0800
Subject: [PATCH 020/237] Package updates and move some components to net8.0

---
 .../Certify.Server.Api.Public.Tests.csproj                    | 1 +
 .../Certify.Server.Api.Public.csproj                          | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj            | 4 ++--
 .../Certify.Shared.Extensions.csproj                          | 2 ++
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 5d28b3f6f..604c65257 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -33,6 +33,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.4.23259.5" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index be973e4fa..43ef7e789 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 6cf4c5298..af98d2773 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -17,7 +17,7 @@
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 95aef1a40..6552aef74 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -26,6 +26,8 @@
 
         <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
+        <PackageReference Include="System.Management.Automation" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
 

From f2e179d2833a59a3242b35032a254b9126400482 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 1 Jun 2023 14:18:05 +0800
Subject: [PATCH 021/237] Cleanup

---
 .../Certify.Server.Api.Public/Controllers/v1/SystemController.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 3ad95e5d9..da0203190 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Threading.Tasks;
 using Certify.Client;
-using Certify.Shared;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 

From 9e840731d55e6590d3fd7e4970237baf7572f349 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 15 Jun 2023 17:34:01 +0800
Subject: [PATCH 022/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                        | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                      | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj              | 2 +-
 .../Certify.Service.Worker/Certify.Service.Worker.csproj        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index a7b2a9657..f25797cdc 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 604c65257..a89c912fd 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -33,7 +33,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.4.23259.5" />
+    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.5.23280.8" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index af98d2773..99b1995b1 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -17,7 +17,7 @@
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.4.23259.5" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.5.23280.8" />
     <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 559de7603..f68127134 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
+<Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>dotnet-Certify.Service.Worker-347A036F-C1EA-4D32-A163-DCB38C3CA53E</UserSecretsId>

From 3c3170ad1ff1b9f14afa72d8622e7baab667a22c Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Fri, 16 Jun 2023 15:19:20 +0800
Subject: [PATCH 023/237] Package updates

---
 .../Certify.Server.Api.Public.Tests.csproj                      | 1 -
 .../Certify.Server.Core/Certify.Server.Core.csproj              | 2 +-
 src/Certify.UI/Certify.UI.csproj                                | 1 -
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index a89c912fd..5d28b3f6f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -33,7 +33,6 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="System.Text.Json" Version="8.0.0-preview.5.23280.8" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 99b1995b1..d02e3857d 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -17,7 +17,7 @@
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-preview.5.23280.8" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
     <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
   </ItemGroup>
 
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index e0cf64800..3afcb0ac0 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -158,7 +158,6 @@
       <Version>4.7.0.9</Version>
     </PackageReference>
     <PackageReference Include="MahApps.Metro">
-      <Version>2.4.10</Version>
       <Version>3.0.0-alpha0457</Version>
     </PackageReference>
     <PackageReference Include="Markdig.Wpf">

From ad92710bc4dccd3cb9080c51f05ea026ac79ff69 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 28 Jun 2023 17:23:01 +0800
Subject: [PATCH 024/237] Implement paged result set with count for managed
 cert search

---
 src/Certify.Models/Config/ManagedCertificate.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index 19f009444..3798f19af 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;

From 27129b4c42c9ed992455817501e83db829d9a153 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Mon, 31 Jul 2023 17:27:17 +0800
Subject: [PATCH 025/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                    | 6 +++---
 src/Certify.Core/Certify.Core.csproj                        | 2 +-
 src/Certify.Models/Certify.Models.csproj                    | 5 ++---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj             | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                  | 4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj          | 6 +++---
 .../Certify.Service.Worker/Certify.Service.Worker.csproj    | 2 +-
 .../Certify.Shared.Extensions.csproj                        | 6 +++---
 src/Certify.Shared/Certify.Shared.Core.csproj               | 2 +-
 .../Certify.Core.Tests.Integration.csproj                   | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj              | 4 ++--
 11 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index f25797cdc..1387da6e6 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,11 +16,11 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.5" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.9" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.9" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.30.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
+    <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index d53f15c4f..144ad0de9 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -71,7 +71,7 @@
     <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
+    <PackageReference Include="Polly" Version="7.2.4" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index dbedd5145..0e73dcb9d 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
 	<PropertyGroup>
 		<TargetFrameworks>netstandard2.0;net462</TargetFrameworks>
 		<RootNamespace>Certify</RootNamespace>
@@ -30,8 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
-		<PackageReference Include="System.Text.Json" Version="7.0.2" />
+		<PackageReference Include="System.Text.Json" Version="7.0.3" />
 	</ItemGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index bd104c8b8..f9fec9c23 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.401" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.200.6" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 5d28b3f6f..77bd246fa 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,8 +25,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.5" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.9" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index d02e3857d..fc310df3c 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -10,10 +10,10 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.5" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.5" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.9" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.9" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
-    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
+    <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="Serilog" Version="2.12.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index f68127134..4cd27752d 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -15,7 +15,7 @@
     <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.4.23259.5" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
-    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
+    <PackageReference Include="Polly" Version="7.2.4" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 6552aef74..f4704487d 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
         <TargetFrameworks>net462;netstandard2.0;net8.0</TargetFrameworks>
@@ -24,9 +24,9 @@
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
 
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
-        <PackageReference Include="System.Management.Automation" Version="7.3.4" Condition="'$(TargetFramework)' == 'net8.0'" />
+       <!-- <PackageReference Include="System.Management.Automation" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />-->
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index ad1a3f114..a05ae7d49 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -20,7 +20,7 @@
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.4.0" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.5.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 524064b0c..6c3b6449c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -84,7 +84,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.0.0-alpha.1" />
+    <PackageReference Include="Polly" Version="7.2.4" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 011ebd213..7597ff47e 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -33,14 +33,14 @@
 
 	<ItemGroup>
 		<PackageReference Include="ControlzEx" Version="6.0.0" />
-		<PackageReference Include="Fody" Version="6.7.0" PrivateAssets="All" />
+		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
 		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9" />
 		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0457" />
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="2.12.0" />
-		<PackageReference Include="System.Text.Json" Version="7.0.2" />
+		<PackageReference Include="System.Text.Json" Version="7.0.3" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1" />
 	</ItemGroup>
 

From ed83c166c9de9d2e58d17dca8d86cd608bf69db6 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Wed, 2 Aug 2023 16:23:10 +0800
Subject: [PATCH 026/237] Implement Log parsing

---
 src/Certify.Client/CertifyApiClient.cs        |  5 +-
 src/Certify.Client/ICertifyClient.cs          |  2 +-
 .../CertifyManager.ManagedCertificates.cs     | 14 ++--
 .../CertifyManager/ICertifyManager.cs         |  3 +-
 src/Certify.Models/API/LogResult.cs           | 72 +++++++++++++++++++
 .../Certify.Server.Api.Public.csproj          |  4 ++
 .../Controllers/v1/CertificateController.cs   | 56 +++------------
 .../ManagedCertificateController.cs           |  3 +-
 .../ManagedCertificateController.cs           |  3 +-
 .../Certify.Core.Tests.Unit/MiscTests.cs      | 22 +++++-
 .../ManagedCertificate/StatusInfo.xaml.cs     |  3 +-
 .../AppViewModel.ManagedCerticates.cs         |  3 +-
 12 files changed, 126 insertions(+), 64 deletions(-)
 create mode 100644 src/Certify.Models/API/LogResult.cs

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 9889fda58..faf53c515 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -8,6 +8,7 @@
 using System.Threading.Tasks;
 using Certify.Config.Migration;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
 using Certify.Shared;
@@ -564,10 +565,10 @@ public async Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValid
             return JsonConvert.DeserializeObject<List<ActionResult>>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<string[]> GetItemLog(string id, int limit)
+        public async Task<LogItem[]> GetItemLog(string id, int limit)
         {
             var response = await FetchAsync($"managedcertificates/log/{id}/{limit}");
-            return JsonConvert.DeserializeObject<string[]>(response);
+            return JsonConvert.DeserializeObject<LogItem[]>(response);
         }
 
         public async Task<List<ActionResult>> PerformManagedCertMaintenance(string id = null)
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index d76755cd1..339fac4c1 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -115,7 +115,7 @@ public interface ICertifyInternalApiClient
 
         Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValidationInfo info);
 
-        Task<string[]> GetItemLog(string id, int limit);
+        Task<Models.API.LogItem[]> GetItemLog(string id, int limit);
 
         #endregion Managed Certificates
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 0141027fa..088fc4a65 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -5,6 +5,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Providers;
 using Certify.Models.Shared;
 
@@ -87,7 +88,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
                 var all = await _itemManager.Find(filter);
                 result.TotalResults = all.Count;
             }
-            
+
             result.Results = list;
 
             return result;
@@ -472,7 +473,7 @@ public async Task<List<DnsZone>> GetDnsProviderZones(string providerTypeId, stri
             }
         }
 
-        public async Task<string[]> GetItemLog(string id, int limit)
+        public async Task<LogItem[]> GetItemLog(string id, int limit)
         {
             var logPath = ManagedCertificateLog.GetLogPath(id);
 
@@ -485,19 +486,18 @@ public async Task<string[]> GetItemLog(string id, int limit)
                     var log = System.IO.File.ReadAllLines(logPath)
                         .Reverse()
                         .Take(limit)
-                        .Reverse()
                         .ToArray();
-
-                    return log;
+                    var parsed = LogParser.Parse(log);
+                    return parsed;
                 }
                 catch (Exception exp)
                 {
-                    return new string[] { $"Failed to read log: {exp}" };
+                    return new LogItem[] { new LogItem { LogLevel = "ERR", EventDate = DateTime.Now, Message = $"Failed to read log: {exp}" } };
                 }
             }
             else
             {
-                return await Task.FromResult(new string[] { "" });
+                return await Task.FromResult(Array.Empty<LogItem>());
             }
         }
 
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index 04c0614cf..d936cf4d3 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -5,6 +5,7 @@
 using Certify.Config;
 using Certify.Config.Migration;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Providers;
 using Certify.Providers;
@@ -94,7 +95,7 @@ public interface ICertifyManager
 
         Task<DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, DeploymentTaskConfig config);
 
-        Task<string[]> GetItemLog(string id, int limit = 1000);
+        Task<LogItem[]> GetItemLog(string id, int limit = 1000);
 
         Task<string[]> GetServiceLog(string logType, int limit = 10000);
 
diff --git a/src/Certify.Models/API/LogResult.cs b/src/Certify.Models/API/LogResult.cs
new file mode 100644
index 000000000..173c95220
--- /dev/null
+++ b/src/Certify.Models/API/LogResult.cs
@@ -0,0 +1,72 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Certify.CertificateAuthorities.Definitions;
+
+namespace Certify.Models.API
+{
+    public class LogItem
+    {
+        public DateTime? EventDate { get; set; }
+        public string LogLevel { get; set; } = string.Empty;
+        public string Message { get; set; } = string.Empty;
+    }
+    public class LogResult
+    {
+        public LogItem[] Items { get; set; } = Array.Empty<LogItem>();
+    }
+
+    public class LogParser
+    {
+        public static LogItem[] Parse(string[] items)
+        {
+
+            var output = new List<LogItem>();
+
+            var logLevelTrim = "] '".ToCharArray();
+            var itemSplitChars = "[]".ToCharArray();
+
+            LogItem? unclosedItem = null;
+            LogItem? lastItem = null;
+
+            foreach (var item in items)
+            {
+                var parts = item.Trim().Split(itemSplitChars);
+                if (parts.Length >= 3 && DateTime.TryParse($"{parts[0]}", out var eventDate))
+                {
+                    if (unclosedItem != null)
+                    {
+                        output.Add(unclosedItem);
+                        unclosedItem = null;
+                    }
+
+                    lastItem = new LogItem { EventDate = eventDate, LogLevel = parts[1].Trim(logLevelTrim), Message = item.Substring(item.IndexOf(']') + 1) };
+                    output.Add(lastItem);
+
+                }
+                else
+                {
+                    // line is probably a continuation
+                    if (lastItem != null)
+                    {
+                        output.Remove(lastItem); // remove so we can re-add the continuation
+                        lastItem.Message += $"\n{item}";
+                        unclosedItem = lastItem;
+                    }
+                }
+            }
+
+            if (unclosedItem != null)
+            {
+                if (lastItem != null)
+                {
+                    output.Remove(lastItem);
+                }
+
+                output.Add(unclosedItem);
+            }
+
+            return output.ToArray();
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 43ef7e789..fb0a08ad4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -27,5 +27,9 @@
 
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="Models\" />
+  </ItemGroup>
+
 
 </Project>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 33f75a9df..70b675e9b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -80,7 +80,7 @@ public async Task<IActionResult> Download(string managedCertId, string format, s
         [HttpGet]
         [Route("{managedCertId}/log")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(string))]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(LogResult))]
         public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines = 1000)
         {
             var managedCert = await _client.GetManagedCertificate(managedCertId);
@@ -96,50 +96,9 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
             }
 
             var log = await _client.GetItemLog(managedCertId, maxLines);
-            var logByteArrays = log.Select(l => System.Text.Encoding.UTF8.GetBytes(l + "\n")).ToArray();
-
-            // combine log lines to one byte array
-
-            var bytes = new byte[logByteArrays.Sum(a => a.Length)];
-            var offset = 0;
-            foreach (var array in logByteArrays)
-            {
-                System.Buffer.BlockCopy(array, 0, bytes, offset, array.Length);
-                offset += array.Length;
-            }
-
-            return new FileContentResult(bytes, "text/plain") { FileDownloadName = "log.txt" };
-
-        }
-
-        /// <summary>
-        /// Download text log for the given managed certificate
-        /// </summary>
-        /// <param name="managedCertId"></param>
-        /// <param name="maxLines"></param>
-        /// <returns>Log file in text format</returns>
-        [HttpGet]
-        [Route("{managedCertId}/log/text")]
-        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(string))]
-        public async Task<IActionResult> DownloadLogAsText(string managedCertId, int maxLines = 1000)
-        {
-            var managedCert = await _client.GetManagedCertificate(managedCertId);
-
-            if (managedCert == null)
-            {
-                return new NotFoundResult();
-            }
-
-            if (maxLines > 1000)
-            {
-                maxLines = 1000;
-            }
-
-            var log = await _client.GetItemLog(managedCertId, maxLines);
-
-            return new OkObjectResult(string.Join("\n", log));
 
+          
+            return new OkObjectResult(new LogResult { Items = log });
         }
 
         /// <summary>
@@ -174,10 +133,11 @@ public async Task<IActionResult> GetManagedCertificates(string keyword, int? pag
                 HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
             }).OrderBy(a => a.Title);
 
-            var result = new ManagedCertificateSummaryResult { 
-                Results = list, 
-                TotalResults = managedCertResult.TotalResults, 
-                PageIndex = page ?? 0, 
+            var result = new ManagedCertificateSummaryResult
+            {
+                Results = list,
+                TotalResults = managedCertResult.TotalResults,
+                PageIndex = page ?? 0,
                 PageSize = pageSize ?? list.Count()
             };
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 8c891b901..2a9a656a3 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -6,6 +6,7 @@
 using Certify.Config;
 using Certify.Management;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
 using Microsoft.AspNetCore.Mvc;
@@ -217,7 +218,7 @@ public RequestProgressState CheckCertificateRequest(string managedItemId)
         }
 
         [HttpGet, Route("log/{managedItemId}/{limit}")]
-        public async Task<string[]> GetLog(string managedItemId, int limit)
+        public async Task<LogItem[]> GetLog(string managedItemId, int limit)
         {
             DebugLog();
             return await _certifyManager.GetItemLog(managedItemId, limit);
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 04b9170b0..db5492737 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -7,6 +7,7 @@
 using Certify.Config;
 using Certify.Management;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
 using Serilog;
@@ -208,7 +209,7 @@ public RequestProgressState CheckCertificateRequest(string managedItemId)
         }
 
         [HttpGet, Route("log/{managedItemId}/{limit}")]
-        public async Task<string[]> GetLog(string managedItemId, int limit)
+        public async Task<LogItem[]> GetLog(string managedItemId, int limit)
         {
             DebugLog();
             return await _certifyManager.GetItemLog(managedItemId, limit);
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
index a74dbe87b..205121e47 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
@@ -1,4 +1,5 @@
-using System;
+using Certify.Models.API;
+using System;
 using System.Threading.Tasks;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
@@ -35,6 +36,25 @@ public void TestNullOrBlankCoalesce()
             Assert.AreEqual(result, null);
         }
 
+        [TestMethod, Description("Test log parser using array of strings")]
+        public void TestLogParser()
+        {
+            var testLog = new string[]
+            {
+                "2023-06-14 13:00:30.480 +08:00 [WRN] ARI Update Renewal Info Failed[MGAwDQYJYIZIAWUDBAIBBQAEIDfbgj - 5Rkkn0NG7u0eFv_M1omHdEwY_mIQn6QxbuJ68BCA9ROYZMeqCkxyMzaMePORi17Gc9xSbp8XkoE1Ub0IPrwILBm8t23CUKQnarrc] Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/'." ,
+                "urn:ietf:params:acme: error: malformed: Certificate not found" ,
+                "2023-06-14 13:01:11.139 +08:00 [INF] Performing Certificate Request: SporkDemo[zerossl][2390d803 - e036 - 4bf5 - 8fa5 - 590497392c35: 7]"
+            };
+
+            var items = LogParser.Parse(testLog);
+
+            Assert.AreEqual(2, items.Length);
+
+            Assert.AreEqual("WRN", items[0].LogLevel);
+            Assert.AreEqual("INF", items[1].LogLevel);
+
+        }
+
         [TestMethod, Description("Test ntp check")]
         public async Task TestNtp()
         {
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
index b72577130..47bea48a0 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Linq;
 using System.Windows;
 using System.Windows.Controls;
 using System.Windows.Media;
@@ -98,7 +99,7 @@ private async void OpenLogFile_Click(object sender, System.Windows.RoutedEventAr
                     var log = await AppViewModel.GetItemLog(ItemViewModel.SelectedItem.Id, 1000);
                     var tempPath = System.IO.Path.GetTempFileName() + ".txt";
 
-                    System.IO.File.WriteAllLines(tempPath, log);
+                    System.IO.File.WriteAllLines(tempPath, log.Select(i=>i.ToString()));
                     _tempLogFilePath = tempPath;
 
                     try
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index f72eb274a..17108b0c6 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -7,6 +7,7 @@
 using System.Windows.Input;
 using Certify.Locales;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.UI.Shared;
 using PropertyChanged;
 
@@ -485,7 +486,7 @@ internal async Task<CertificateRequestResult> ReapplyCertificateBindings(string
         /// <param name="id"></param>
         /// <param name="limit"></param>
         /// <returns></returns>
-        public async Task<string[]> GetItemLog(string id, int limit)
+        public async Task<LogItem[]> GetItemLog(string id, int limit)
         {
             var result = await _certifyClient.GetItemLog(id, limit);
             return result;

From 719a0c07e24dd9a351a138e26bc6ad2e9bcec46f Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Fri, 4 Aug 2023 16:08:43 +0800
Subject: [PATCH 027/237] Core: implement page results

---
 .../CertifyManager/CertifyManager.ManagedCertificates.cs      | 4 +---
 src/Certify.Models/API/ManagedCertificateSummary.cs           | 2 +-
 src/Certify.Models/Config/ManagedCertificate.cs               | 4 ++--
 src/Certify.Models/Providers/IManagedItemManager.cs           | 1 +
 src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs    | 2 +-
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 088fc4a65..bf3f41218 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -82,11 +82,9 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             var list = await _itemManager.Find(filter);
             if (filter.PageSize > 0)
             {
-                // TODO: implement count on provider directly
                 filter.PageSize = null;
                 filter.PageIndex = null;
-                var all = await _itemManager.Find(filter);
-                result.TotalResults = all.Count;
+                result.TotalResults = await _itemManager.CountAll(filter);
             }
 
             result.Results = list;
diff --git a/src/Certify.Models/API/ManagedCertificateSummary.cs b/src/Certify.Models/API/ManagedCertificateSummary.cs
index 8ce588047..7c2c09b55 100644
--- a/src/Certify.Models/API/ManagedCertificateSummary.cs
+++ b/src/Certify.Models/API/ManagedCertificateSummary.cs
@@ -57,7 +57,7 @@ public class ManagedCertificateSummary
     public class ManagedCertificateSummaryResult
     {
         public IEnumerable<ManagedCertificateSummary> Results { get; set; } = new List<ManagedCertificateSummary>();
-        public int TotalResults { get; set; }
+        public long TotalResults { get; set; }
         public int PageIndex { get; set; }
         public int PageSize { get; set; }
     }
diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index 3798f19af..fda9d6f33 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
@@ -119,7 +119,7 @@ public class ManagedCertificateSearchResult
         /// <summary>
         /// Total results available
         /// </summary>
-        public int TotalResults { get; set; }
+        public long TotalResults { get; set; }
     }
 
     public class ManagedCertificate : BindableBase
diff --git a/src/Certify.Models/Providers/IManagedItemManager.cs b/src/Certify.Models/Providers/IManagedItemManager.cs
index 00cf45809..9fe685473 100644
--- a/src/Certify.Models/Providers/IManagedItemManager.cs
+++ b/src/Certify.Models/Providers/IManagedItemManager.cs
@@ -14,6 +14,7 @@ public interface IManagedItemStore
         Task DeleteByName(string nameStartsWith);
         Task<ManagedCertificate> GetById(string siteId);
         Task<List<ManagedCertificate>> Find(ManagedCertificateFilter filter);
+        Task<long> CountAll(ManagedCertificateFilter filter);
         Task<ManagedCertificate> Update(ManagedCertificate managedCertificate);
 
         Task PerformMaintenance();
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
index 50caaffc4..e7b023501 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
@@ -82,7 +82,7 @@ private void SetFilter()
 
             //sort by name ascending
             CollectionViewSource.GetDefaultView(_appViewModel.ManagedCertificates).SortDescriptions.Clear();
-
+            
             if (_sortOrder == "NameAsc")
             {
                 CollectionViewSource.GetDefaultView(_appViewModel.ManagedCertificates).SortDescriptions.Add(

From 7348840479ac4a74eb2fc4f6a70bbe324b5a3fdd Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Fri, 4 Aug 2023 16:40:56 +0800
Subject: [PATCH 028/237] Update Db tests for item count

---
 .../ManagedItemDataStoreTests.cs                            | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
index 2bde078e2..7f8c90b22 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
@@ -101,9 +101,13 @@ public async Task TestLoadManagedCertificates(string storeType = null)
             try
             {
                 var managedCertificate = await itemManager.Update(testCert);
+                var filter = new ManagedCertificateFilter { MaxResults = 10 };
+                var managedCertificates = await itemManager.Find(filter);
 
-                var managedCertificates = await itemManager.Find(new ManagedCertificateFilter { MaxResults = 10 });
                 Assert.IsTrue(managedCertificates.Count > 0);
+
+                var total = await itemManager.CountAll(filter);
+                Assert.IsTrue(total > 0);
             }
             finally
             {

From 69740dcd8c0d6e040ca743a0d8d06b587c51c480 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 7 Aug 2023 13:52:31 +0800
Subject: [PATCH 029/237] Package updates

Package updates

Package updates
---
 src/Certify.CLI/Certify.CLI.csproj               |  2 +-
 src/Certify.Client/Certify.Client.csproj         |  6 +++---
 src/Certify.Core/Certify.Core.csproj             | 16 ++++++++++++++--
 src/Certify.Models/Certify.Models.csproj         |  2 +-
 .../Anvil/Certify.Providers.ACME.Anvil.csproj    |  2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj  |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj            |  6 +++---
 .../Certify.Server.Api.Public.Tests.csproj       |  4 ++--
 .../Certify.Server.Api.Public.csproj             |  4 ++--
 .../Certify.Server.Core.csproj                   | 10 +++++-----
 .../Certify.Service.Worker.csproj                | 10 +++++-----
 src/Certify.Service/App.config                   |  2 +-
 src/Certify.Service/Certify.Service.csproj       |  4 ++--
 .../Certify.Shared.Extensions.csproj             |  1 -
 src/Certify.Shared/Certify.Shared.Core.csproj    |  2 +-
 .../Certify.Core.Tests.Integration.csproj        |  2 +-
 .../Certify.Core.Tests.Unit.csproj               |  2 +-
 .../Certify.Service.Tests.Integration.csproj     |  2 +-
 .../Certify.UI.Tests.Integration.csproj          |  2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj   |  2 +-
 src/Certify.UI/Certify.UI.csproj                 |  4 ++--
 21 files changed, 49 insertions(+), 38 deletions(-)

diff --git a/src/Certify.CLI/Certify.CLI.csproj b/src/Certify.CLI/Certify.CLI.csproj
index b2a6714ee..9228a8a5a 100644
--- a/src/Certify.CLI/Certify.CLI.csproj
+++ b/src/Certify.CLI/Certify.CLI.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net462</TargetFramework>
+    <TargetFrameworks>net462;net8.0</TargetFrameworks>
     <Configurations>Debug;Release;Debug;Release</Configurations>
     <AssemblyName>Certify</AssemblyName>
     <OutputType>Exe</OutputType>
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 1387da6e6..7511ef8b5 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.9" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.9" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.30.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 144ad0de9..8a4bea2cb 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -1,6 +1,6 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net462;netstandard2.0;netstandard2.1</TargetFrameworks>
+    <TargetFrameworks>net462;net8.0</TargetFrameworks>
     <Configurations>Debug;Release;</Configurations>
     <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
@@ -70,6 +70,18 @@
     <NuGetPackageImportStamp />
     <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
+    <NoWarn>1701;1702;CA1068</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
+    <NoWarn>1701;1702;CA1068</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
+    <NoWarn>1701;1702;CA1068</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
+    <NoWarn>1701;1702;CA1068</NoWarn>
+  </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Polly" Version="7.2.4" />
   </ItemGroup>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 0e73dcb9d..a407227fe 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.30.1" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.1" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.6.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj b/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
index 9200167f1..de8e5d824 100644
--- a/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
+++ b/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;netstandard2.1</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
     <Platforms>AnyCPU</Platforms>
     <RootNamespace>Certify.Providers.Acme.Anvil</RootNamespace>
     <AssemblyName>Certify.Providers.Acme.Anvil</AssemblyName>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index f9fec9c23..42b556378 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.200.6" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.11" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index b8bed8208..baa13e875 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,10 +7,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.32.0" />
-    <PackageReference Include="Azure.Identity" Version="1.9.0" />
+    <PackageReference Include="Azure.Core" Version="1.34.0" />
+    <PackageReference Include="Azure.Identity" Version="1.10.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
-    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0-preview.5.23280.8" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="7.0.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 77bd246fa..e30bac79b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,8 +25,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.9" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.10" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index fb0a08ad4..fff5aa804 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -15,10 +15,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.31.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.31.0" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index fc310df3c..ea89f7285 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,12 +9,12 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.9" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.9" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.7.23375.9" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Polly" Version="7.2.4" />
-    <PackageReference Include="Serilog" Version="2.12.0" />
+    <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 4cd27752d..578719047 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
+<Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>dotnet-Certify.Service.Worker-347A036F-C1EA-4D32-A163-DCB38C3CA53E</UserSecretsId>
@@ -11,10 +11,10 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-preview.4.23259.5" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.4.23259.5" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.4.23259.5" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-preview.7.23375.6" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.7.23375.6" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.7.23375.6" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Polly" Version="7.2.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 1222abb07..0dbd94a9f 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.31.0.0" newVersion="1.32.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.31.0.0" newVersion="1.34.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 3f487ed0a..5bef08190 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.2.9" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.2.9" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.55.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />
@@ -64,7 +64,7 @@
         <PackageReference Include="Microsoft.Owin.SelfHost" Version="4.2.2" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Owin" Version="1.0.0" />
-        <PackageReference Include="Serilog" Version="2.12.0" />
+        <PackageReference Include="Serilog" Version="3.0.1" />
         <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
         <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="7.0.2" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index f4704487d..b33b24a2c 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -27,7 +27,6 @@
         <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
        <!-- <PackageReference Include="System.Management.Automation" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />-->
-        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index a05ae7d49..936ec0190 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -12,7 +12,7 @@
         <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
         <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-        <PackageReference Include="Serilog" Version="2.12.0" />
+        <PackageReference Include="Serilog" Version="3.0.1" />
         <PackageReference Include="Serilog.Sinks.Debug" Version="2.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 6c3b6449c..e0a05c825 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -80,7 +80,7 @@
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
-    <PackageReference Include="Moq" Version="4.20.2" />
+    <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index f1d0a157e..c0b3c3f83 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -131,7 +131,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
-    <PackageReference Include="Moq" Version="4.20.2" />
+    <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index ae0b8939c..554077f07 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -75,7 +75,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.2" />
+    <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 4cb5cb968..7933dedb0 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -69,7 +69,7 @@
     <ProjectReference Include="..\..\Certify.UI.Shared\Certify.UI.Shared.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.2" />
+    <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 7597ff47e..d5d62e6ad 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -39,7 +39,7 @@
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
-		<PackageReference Include="Serilog" Version="2.12.0" />
+		<PackageReference Include="Serilog" Version="3.0.1" />
 		<PackageReference Include="System.Text.Json" Version="7.0.3" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1" />
 	</ItemGroup>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 3afcb0ac0..c759b4786 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
@@ -177,7 +177,7 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="Serilog">
-      <Version>2.12.0</Version>
+      <Version>3.0.1</Version>
     </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
       <Version>7.0.2</Version>

From cb128aa9b1890f2bf3552c8762f2848500fe8918 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 08:31:06 +0800
Subject: [PATCH 030/237] Update build version

---
 Directory.Build.props | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index e37c0efed..ea837cc5d 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -4,11 +4,11 @@
     <AssemblyVersion>6.1.0</AssemblyVersion>
     <Authors>Webprofusion Pty Ltd</Authors>
     <Company>Webprofusion Pty Ltd</Company>
-    <Product>Certify Community Edition [via github]</Product>
+    <Product>Certify The Web - Certify SSL Manager</Product>
     <PackageProjectUrl>https://certifytheweb.com</PackageProjectUrl>
     <RepositoryUrl>https://github.com/webprofusion/certify</RepositoryUrl>
     <Deterministic>false</Deterministic>
     <DebugSymbols>true</DebugSymbols>
-    <DebugType>portable</DebugType>
+    <DebugType>full</DebugType>
   </PropertyGroup>
 </Project>

From 98b0fe211dc485c0e5661b78cacbd6664f69d47a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 08:32:20 +0800
Subject: [PATCH 031/237] Move job timers into main CertifyManager instead of
 firing from service

---
 .../CertifyManager.Maintenance.cs             | 24 +++++++++++++++++
 .../CertifyManager/CertifyManager.cs          | 27 +++----------------
 src/Certify.Service/APIHost.cs                |  2 +-
 3 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index d9b618382..efd5cfe43 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -37,6 +37,30 @@ private async Task UpgradeSettings()
             }
         }
 
+        /// <summary>
+        /// Upgrade/migrate settings from previous version if applicable
+        /// </summary>
+        /// <returns></returns>
+        private async Task UpgradeSettings()
+        {
+            var systemVersion = Util.GetAppVersion().ToString();
+            var previousVersion = CoreAppSettings.Current.CurrentServiceVersion;
+
+            if (CoreAppSettings.Current.CurrentServiceVersion != systemVersion)
+            {
+                _tc?.TrackEvent("ServiceUpgrade", new Dictionary<string, string> {
+                    { "previousVersion", previousVersion },
+                    { "currentVersion", systemVersion }
+                });
+
+                // service has been updated, run any required migrations
+                await PerformServiceUpgrades();
+
+                CoreAppSettings.Current.CurrentServiceVersion = systemVersion;
+                SettingsManager.SaveAppSettings();
+            }
+        }
+
         /// <summary>
         /// When called, perform daily cache cleanup, cert cleanup, diagnostics and maintenance
         /// </summary>
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 9812d4128..6f1cbcd68 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -100,7 +100,6 @@ public partial class CertifyManager : ICertifyManager, IDisposable
         /// </summary>
         private Shared.ServiceConfig _serverConfig;
 
-        private System.Timers.Timer _heartbeatTimer;
         private System.Timers.Timer _frequentTimer;
         private System.Timers.Timer _hourlyTimer;
         private System.Timers.Timer _dailyTimer;
@@ -195,21 +194,17 @@ public async Task Init()
 
             SetupJobs();
 
-            await UpgradeSettings();
-
             _serviceLog?.Information("Certify Manager Started");
         }
 
+            await UpgradeSettings();
+        }
+
         /// <summary>
         /// Setup the continuous job tasks for renewals and maintenance
         /// </summary>
         private void SetupJobs()
         {
-            // 60 second job timer (reporting etc)
-            _heartbeatTimer = new System.Timers.Timer(60 * 1000); // every n seconds
-            _heartbeatTimer.Elapsed += _heartbeatTimer_Elapsed;
-            _heartbeatTimer.Start();
-
             // 5 minute job timer (maintenance etc)
             _frequentTimer = new System.Timers.Timer(5 * 60 * 1000); // every 5 minutes
             _frequentTimer.Elapsed += _frequentTimer_Elapsed;
@@ -234,20 +229,6 @@ private async void _dailyTimer_Elapsed(object sender, System.Timers.ElapsedEvent
         private async void _hourlyTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
         {
             await PerformCertificateMaintenanceTasks();
-
-            try
-            {
-                GC.Collect(GC.MaxGeneration, GCCollectionMode.Default);
-            }
-            catch
-            {
-                // failed to perform garbage collection, ignore.
-            }
-        }
-
-        private async void _heartbeatTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
-        {
-
         }
 
         private async void _frequentTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
diff --git a/src/Certify.Service/APIHost.cs b/src/Certify.Service/APIHost.cs
index d43b67f78..8cca98136 100644
--- a/src/Certify.Service/APIHost.cs
+++ b/src/Certify.Service/APIHost.cs
@@ -1,4 +1,4 @@
-using System.Diagnostics;
+using System.Diagnostics;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Formatting;

From 10a959f601761c13ddc4cf8d42aa44257f57f8ae Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 08:32:48 +0800
Subject: [PATCH 032/237] Worker service updates

---
 .../Certify.Service.Worker/Program.cs         | 169 +++++++++---------
 .../Certify.Service.Worker/Worker.cs          |  29 ++-
 .../Certify.Service.Worker/readme.md          |  29 ++-
 3 files changed, 141 insertions(+), 86 deletions(-)

diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
index cb5ec853b..b1169602b 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
@@ -39,114 +39,123 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                      logging.ClearProviders();
                      logging.AddConsole();
 
-                 })
-                .UseSystemd()
-                .ConfigureServices((hostContext, services) =>
+                 });
+
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                builder.UseSystemd();
+            }
+
+            builder.ConfigureServices((hostContext, services) =>
+            {
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                 {
-                    if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-                    {
-                        services.AddWindowsService(options =>
-                            options.ServiceName = "Certify Certificate Manager Background Service"
+                    services.AddWindowsService(options =>
+                        options.ServiceName = "Certify Certificate Manager Background Service"
 
-                           );
-                    }
+                       );
+                }
 
-                    services.AddHostedService<Worker>();
-                })
-                .ConfigureWebHostDefaults(webBuilder =>
+                services.AddHostedService<Worker>();
+            })
+            .ConfigureWebHostDefaults(webBuilder =>
+            {
+                webBuilder.ConfigureKestrel(serverOptions =>
                 {
-                    webBuilder.ConfigureKestrel(serverOptions =>
+                    if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                     {
                         serverOptions.UseSystemd();
-                        // configure https listener, cert path and pwd can come either from an environment variable, usersecrets or appsettings.
-                        // configuration precedence is secrets first, https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0#default
-                        var configuration = (IConfiguration)serverOptions.ApplicationServices.GetService(typeof(IConfiguration));
+                    }
+
+                    // configure https listener, cert path and pwd can come either from an environment variable, usersecrets or appsettings.
+                    // configuration precedence is secrets first, https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0#default
+                    var configuration = (IConfiguration)serverOptions.ApplicationServices.GetService(typeof(IConfiguration));
 
-                        var useHttps = bool.Parse(configuration["API:Service:UseHttps"]);
+                    var useHttps = bool.Parse(configuration["API:Service:UseHttps"]);
 
-                        // default IP to localhost then specify from configuration
-                        var ipSelection = configuration["API:Service:BindingIP"];
-                        var ipBinding = IPAddress.Loopback;
+                    // default IP to localhost then specify from configuration
+                    var ipSelection = configuration["API:Service:BindingIP"];
+                    var ipBinding = IPAddress.Loopback;
 
-                        if (ipSelection != null)
+                    if (ipSelection != null)
+                    {
+                        if (ipSelection.ToLower() == "loopback")
                         {
-                            if (ipSelection.ToLower() == "loopback")
-                            {
-                                ipBinding = IPAddress.Loopback;
-                            }
-                            else if (ipSelection.ToLower() == "any")
-                            {
-                                ipBinding = IPAddress.Any;
-                            }
-                            else
-                            {
-                                ipBinding = IPAddress.Parse(ipSelection);
-                            }
+                            ipBinding = IPAddress.Loopback;
                         }
-
-                        if (useHttps)
+                        else if (ipSelection.ToLower() == "any")
+                        {
+                            ipBinding = IPAddress.Any;
+                        }
+                        else
                         {
+                            ipBinding = IPAddress.Parse(ipSelection);
+                        }
+                    }
 
-                            var certPassword = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Password");
-                            var certPath = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Path");
+                    if (useHttps)
+                    {
 
-                            // if not yet defined load config from usersecrets (development env only) or appsettings
-                            if (certPassword == null)
-                            {
-                                certPassword = configuration["Kestrel:Certificates:Default:Password"];
-                            }
+                        var certPassword = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Password");
+                        var certPath = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Path");
 
-                            if (certPath == null)
-                            {
-                                certPath = configuration["Kestrel:Certificates:Default:Path"];
-                            }
+                        // if not yet defined load config from usersecrets (development env only) or appsettings
+                        if (certPassword == null)
+                        {
+                            certPassword = configuration["Kestrel:Certificates:Default:Password"];
+                        }
 
-                            try
-                            {
-                                var certificate = new X509Certificate2(certPath, certPassword);
+                        if (certPath == null)
+                        {
+                            certPath = configuration["Kestrel:Certificates:Default:Path"];
+                        }
 
-                                // if password is wrong at this stage the attempts to use the cert will results in SSL Protocol Error
+                        try
+                        {
+                            var certificate = new X509Certificate2(certPath, certPassword);
 
-                                var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions()
-                                {
-                                    ClientCertificateMode = ClientCertificateMode.NoCertificate,
-                                    SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13,
-                                    ServerCertificate = certificate,
-                                };
+                            // if password is wrong at this stage the attempts to use the cert will results in SSL Protocol Error
 
-                                var httpsPort = Convert.ToInt32(configuration["API:Service:HttpsPort"]);
+                            var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions()
+                            {
+                                ClientCertificateMode = ClientCertificateMode.NoCertificate,
+                                SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13,
+                                ServerCertificate = certificate,
+                            };
 
-                                serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpsPort), listenOptions =>
-                                {
-                                    listenOptions.UseHttps(httpsConnectionAdapterOptions);
-                                });
+                            var httpsPort = Convert.ToInt32(configuration["API:Service:HttpsPort"]);
 
-                            }
-                            catch (Exception exp)
+                            serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpsPort), listenOptions =>
                             {
-                                // TODO: there is no logger yet, need to report this failure to main log once the log exists
-                                System.Diagnostics.Debug.WriteLine("Failed to load PFX certificate for application. Check service certificate config." + exp.ToString());
-                            }
+                                listenOptions.UseHttps(httpsConnectionAdapterOptions);
+                            });
+
                         }
-                        else
+                        catch (Exception exp)
                         {
-                            var httpPort = Convert.ToInt32(configuration["API:Service:HttpPort"]);
-
-                            serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpPort), listenOptions =>
-                            {
-                            });
+                            // TODO: there is no logger yet, need to report this failure to main log once the log exists
+                            System.Diagnostics.Debug.WriteLine("Failed to load PFX certificate for application. Check service certificate config." + exp.ToString());
                         }
-                    });
-
-                    webBuilder.ConfigureLogging(logging =>
-                      {
-                          logging.AddFilter("Microsoft.AspNetCore.SignalR", LogLevel.Debug);
-                          logging.AddFilter("Microsoft.AspNetCore.Http.Connections", LogLevel.Debug);
-                      });
+                    }
+                    else
+                    {
+                        var httpPort = Convert.ToInt32(configuration["API:Service:HttpPort"]);
 
-                    webBuilder.UseStartup<Startup>();
+                        serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpPort), listenOptions =>
+                        {
+                        });
+                    }
                 });
 
+                webBuilder.ConfigureLogging(logging =>
+                  {
+                      logging.AddFilter("Microsoft.AspNetCore.SignalR", LogLevel.Debug);
+                      logging.AddFilter("Microsoft.AspNetCore.Http.Connections", LogLevel.Debug);
+                  });
+
+                webBuilder.UseStartup<Startup>();
+            });
+
             return builder;
         }
     }
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
index 6fd55ebef..4f05e30ab 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
@@ -17,10 +17,33 @@ public Worker(ILogger<Worker> logger)
 
         protected override async Task ExecuteAsync(CancellationToken stoppingToken)
         {
-            while (!stoppingToken.IsCancellationRequested)
+            // https://learn.microsoft.com/en-us/dotnet/core/extensions/windows-service?pivots=dotnet-7-0
+            try
             {
-                _logger.LogInformation("Certify Service Worker heartbeat: {time}", DateTimeOffset.Now);
-                await Task.Delay(1000 * 60 * 60, stoppingToken);
+                while (!stoppingToken.IsCancellationRequested)
+                {
+                    _logger.LogInformation("Certify Service Worker heartbeat: {time}", DateTimeOffset.Now);
+                    await Task.Delay(1000 * 60 * 60, stoppingToken);
+                }
+            }
+            catch (TaskCanceledException)
+            {
+                // When the stopping token is canceled, for example, a call made from services.msc,
+                // we shouldn't exit with a non-zero exit code. In other words, this is expected...
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "{Message}", ex.Message);
+
+                // Terminates this process and returns an exit code to the operating system.
+                // This is required to avoid the 'BackgroundServiceExceptionBehavior', which
+                // performs one of two scenarios:
+                // 1. When set to "Ignore": will do nothing at all, errors cause zombie services.
+                // 2. When set to "StopHost": will cleanly stop the host, and log errors.
+                //
+                // In order for the Windows Service Management system to leverage configured
+                // recovery options, we need to terminate the process with a non-zero exit code.
+                Environment.Exit(1);
             }
         }
     }
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
index 7546905d5..0d33aeb8a 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
@@ -30,13 +30,13 @@ WSL debug
 Linux Install
 ------------
 
-apt-get certifytheweb
+`apt-get certifytheweb`
 
-sudo mkdir /opt/certifytheweb
+`sudo mkdir /opt/certifytheweb`
 
 Systemd
 -----------
-
+```
 [Unit]
 Description=Certify The Web
 
@@ -50,3 +50,26 @@ PrivateTmp=true
 
 [Install]
 WantedBy=multi-user.target
+```
+
+Windows Service
+-----------------
+
+` sc create "Certify Certificate Manager [dotnet]" binpath="C:\Work\GIT\certify_dev\certify\src\Certify.Server\Certify.Service.Worker\Certify.Service.Worker\bin\Debug\net8.0\Certify.Service.Worker.exe"`
+
+
+Publishing:
+
+-
+
+Windows:
+
+dotnet publish -c Release -r win-x64 --self-contained true
+
+Linux:
+
+dotnet publish -c Release -r linux-x64 --self-contained true
+
+Single File:
+
+dotnet publish -c Release -r win-x64 --self-contained true -p:PublishSingleFile=true

From 211818fb027b37fc387efc7e8aeae732ffbcec91 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 12:32:18 +0800
Subject: [PATCH 033/237] Import/Export: optionally skip deployment

---
 .../CertifyManager/CertifyManager.cs          |  60 +++++++
 src/Certify.Models/Config/Migration.cs        |   3 +-
 .../Windows/ImportExport.xaml                 | 147 +++++++++++-------
 .../Windows/ImportExport.xaml.cs              |   5 +
 4 files changed, 156 insertions(+), 59 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 6f1cbcd68..0f1405cb9 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -462,6 +462,66 @@ public RequestProgressState GetRequestProgressState(string managedItemId)
 
         public void Dispose() => ManagedCertificateLog.DisposeLoggers();
 
+        /// <summary>
+        /// Perform (or preview) an import of settings from another instance
+        /// </summary>
+        /// <param name="importRequest"></param>
+        /// <returns></returns>
+        public async Task<List<ActionStep>> PerformImport(ImportRequest importRequest)
+        {
+            var migrationManager = new MigrationManager(_itemManager, _credentialsManager, _serverProviders);
+
+            var importResult = await migrationManager.PerformImport(importRequest.Package, importRequest.Settings, importRequest.IsPreviewMode);
+
+            // store and apply certs if we have no errors
+
+            var hasError = false;
+            if (!importResult.Any(i => i.HasError))
+            {
+                if (importRequest.Settings.IncludeDeployment)
+                {
+
+                    var deploySteps = new List<ActionStep>();
+                    foreach (var m in importRequest.Package.Content.ManagedCertificates)
+                    {
+                        var managedCert = await GetManagedCertificate(m.Id);
+
+                        if (managedCert != null && !string.IsNullOrEmpty(managedCert.CertificatePath))
+                        {
+                            var deployResult = await DeployCertificate(managedCert, null, isPreviewOnly: importRequest.IsPreviewMode);
+
+                            deploySteps.Add(new ActionStep { Category = "Deployment", HasError = !deployResult.IsSuccess, Key = managedCert.Id, Description = deployResult.Message });
+                        }
+                    }
+
+                    importResult.Add(new ActionStep { Title = "Deployment" + (importRequest.IsPreviewMode ? " [Preview]" : ""), Substeps = deploySteps });
+                }
+            }
+            else
+            {
+                hasError = true;
+            }
+
+            _tc?.TrackEvent("Import" + (importRequest.IsPreviewMode ? "_Preview" : ""), new Dictionary<string, string> {
+                { "hasErrors", hasError.ToString() }
+            });
+
+            return importResult;
+        }
+
+        /// <summary>
+        /// Perform (or preview) and export of settings from this instance
+        /// </summary>
+        /// <param name="exportRequest"></param>
+        /// <returns></returns>
+        public async Task<ImportExportPackage> PerformExport(ExportRequest exportRequest)
+        {
+            _tc?.TrackEvent("Export" + (exportRequest.IsPreviewMode ? "_Preview" : ""));
+
+            var migrationManager = new MigrationManager(_itemManager, _credentialsManager, _serverProviders);
+            return await migrationManager.PerformExport(exportRequest.Filter, exportRequest.Settings, exportRequest.IsPreviewMode);
+        }
+
         /// <summary>
         /// Get the current service log (per line)
         /// </summary>
diff --git a/src/Certify.Models/Config/Migration.cs b/src/Certify.Models/Config/Migration.cs
index b2751b87a..9bcfa2045 100644
--- a/src/Certify.Models/Config/Migration.cs
+++ b/src/Certify.Models/Config/Migration.cs
@@ -82,7 +82,8 @@ public class ExportSettings
     public class ImportSettings
     {
         public string? EncryptionSecret { get; set; } = string.Empty;
-        public bool OverwriteExisting { get; set; } = false;
+        public bool OverwriteExisting { get; set; }
+        public bool IncludeDeployment { get; set; }
     }
 
     public class ExportRequest
diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml b/src/Certify.UI.Shared/Windows/ImportExport.xaml
index e180c83ee..08d1b163b 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml
@@ -26,72 +26,103 @@
                 Controls:TextBoxHelper.Watermark="Password" />
 
         </StackPanel>
-        <StackPanel DockPanel.Dock="Top" Orientation="Vertical">
-            <TextBlock DockPanel.Dock="Top" Style="{StaticResource SubheadingWithMargin}">Export</TextBlock>
-            <TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">Export a settings bundle including managed certificate settings, certificate files and encrypted credentials.</TextBlock>
-            <Button
-                x:Name="Export"
-                Width="120"
-                HorizontalAlignment="Left"
-                Click="Export_Click"
-                DockPanel.Dock="Top">
-                Export..
-            </Button>
-        </StackPanel>
 
-        <DockPanel Margin="0,16,0,0" DockPanel.Dock="Top">
-            <TextBlock DockPanel.Dock="Top" Style="{StaticResource SubheadingWithMargin}">Import</TextBlock>
-            <TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">Import a settings bundle exported from another instance of the app.</TextBlock>
-            <CheckBox
-                x:Name="OverwriteExisting"
-                Margin="0,4,4,4"
-                Content="Overwrite Existing"
-                DockPanel.Dock="Top" />
-            <StackPanel DockPanel.Dock="Top" Orientation="Horizontal">
-                <Button
-                    x:Name="Import"
-                    Width="120"
-                    HorizontalAlignment="Left"
-                    Click="Import_Click"
-                    DockPanel.Dock="Top">
-                    Preview Import..
-                </Button>
+        <TabControl
+            x:Name="GeneralSettingsTab"
+            Height="auto"
+            Margin="0,8,0,0"
+            HorizontalContentAlignment="Left"
+            VerticalContentAlignment="Stretch"
+            Controls:TabControlHelper.UnderlineBrush="{DynamicResource MahApps.Brushes.Accent4}"
+            Controls:TabControlHelper.Underlined="TabPanel"
+            DockPanel.Dock="Top"
+            TabStripPlacement="Top">
+            <TabItem
+                Height="32"
+                MinWidth="140"
+                Controls:HeaderedControlHelper.HeaderFontSize="12"
+                Header="Export Settings"
+                IsSelected="true">
+                <StackPanel DockPanel.Dock="Top" Orientation="Vertical">
+                    <TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">Export a settings bundle including managed certificate settings, certificate files and encrypted credentials.</TextBlock>
+                    <Button
+                        x:Name="Export"
+                        Width="120"
+                        HorizontalAlignment="Left"
+                        Click="Export_Click"
+                        DockPanel.Dock="Top">
+                        Export..
+                    </Button>
+                </StackPanel>
+            </TabItem>
+            <TabItem
+                Height="32"
+                MinWidth="140"
+                Controls:HeaderedControlHelper.HeaderFontSize="12"
+                Header="Import Settings">
+                <StackPanel Margin="0,16,0,0" Orientation="Vertical">
+                    <TextBlock DockPanel.Dock="Top" Style="{StaticResource Instructions}">Import a settings bundle exported from another instance of the app.</TextBlock>
+                    <CheckBox
+                        x:Name="OverwriteExisting"
+                        Margin="0,4,4,4"
+                        Content="Overwrite Existing"
+                        DockPanel.Dock="Top" />
+                    <CheckBox
+                        x:Name="IncludeDeployment"
+                        Margin="0,4,4,4"
+                        Content="Include Standard Certificate Storage and Auto Deployment"
+                        DockPanel.Dock="Top"
+                        IsChecked="True"
+                        Visibility="{Binding IsImportReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}" />
+                    <StackPanel DockPanel.Dock="Top" Orientation="Horizontal">
+                        <Button
+                            x:Name="Import"
+                            Width="120"
+                            HorizontalAlignment="Left"
+                            Click="Import_Click"
+                            DockPanel.Dock="Top">
+                            Preview Import..
+                        </Button>
 
 
-                <Button
-                    x:Name="CompleteImport"
-                    Width="120"
-                    Margin="16,0,0,0"
-                    HorizontalAlignment="Left"
-                    Click="CompleteImport_Click"
-                    DockPanel.Dock="Bottom"
-                    Visibility="{Binding IsImportReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}">
-                    Complete Import
-                </Button>
-            </StackPanel>
+                        <Button
+                            x:Name="CompleteImport"
+                            Width="120"
+                            Margin="16,0,0,0"
+                            HorizontalAlignment="Left"
+                            Click="CompleteImport_Click"
+                            DockPanel.Dock="Bottom"
+                            Visibility="{Binding IsImportReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}">
+                            Complete Import
+                        </Button>
+                    </StackPanel>
+
+                    <Controls:MetroProgressBar
+                        Width="250"
+                        Height="32"
+                        Margin="4"
+                        HorizontalAlignment="Left"
+                        DockPanel.Dock="Top"
+                        IsIndeterminate="True"
+                        Visibility="{Binding InProgress, Converter={StaticResource ResourceKey=BoolToVisConverter}}" />
+
+                    <DockPanel
+                        DockPanel.Dock="Top"
+                        LastChildFill="False"
+                        Visibility="{Binding IsPreviewReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}">
 
-            <Controls:MetroProgressBar
-                Width="250"
-                Height="32"
-                Margin="4"
-                HorizontalAlignment="Left"
-                DockPanel.Dock="Top"
-                IsIndeterminate="True"
-                Visibility="{Binding InProgress, Converter={StaticResource ResourceKey=BoolToVisConverter}}" />
 
-            <DockPanel
-                DockPanel.Dock="Top"
-                LastChildFill="False"
-                Visibility="{Binding IsPreviewReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}">
+                        <WebBrowser
+                            x:Name="MarkdownView"
+                            Margin="0,16,0,0"
+                            DockPanel.Dock="Top" />
 
+                    </DockPanel>
 
-                <WebBrowser
-                    x:Name="MarkdownView"
-                    Margin="0,16,0,0"
-                    DockPanel.Dock="Top" />
+                </StackPanel>
+            </TabItem>
+        </TabControl>
 
-            </DockPanel>
 
-        </DockPanel>
     </DockPanel>
 </Controls:MetroWindow>
diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs b/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
index e73e58b04..3c4b3ae03 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
@@ -68,6 +68,7 @@ private async void Import_Click(object sender, RoutedEventArgs e)
                 }
 
                 Model.ImportSettings.OverwriteExisting = (OverwriteExisting.IsChecked == true);
+                Model.ImportSettings.IncludeDeployment = (IncludeDeployment.IsChecked == true);
                 Model.ImportSettings.EncryptionSecret = txtSecret.Password;
                 Model.InProgress = true;
 
@@ -104,6 +105,10 @@ private async void CompleteImport_Click(object sender, RoutedEventArgs e)
             if (MessageBox.Show("Are you sure you wish to perform the import as shown in the preview? The import cannot be reverted once complete.", "Perform Import?", MessageBoxButton.YesNoCancel) == MessageBoxResult.Yes)
             {
                 Model.InProgress = true;
+
+                Model.ImportSettings.OverwriteExisting = (OverwriteExisting.IsChecked == true);
+                Model.ImportSettings.IncludeDeployment = (IncludeDeployment.IsChecked == true);
+
                 var results = await MainViewModel.PerformSettingsImport(Model.Package, Model.ImportSettings, false);
 
                 PrepareImportSummary(false, results);

From a6d6f0fe46c0ab2851b1dbc151dd697d88c36bad Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 12:33:25 +0800
Subject: [PATCH 034/237] Server connection: update UI

---
 .../AppViewModel/AppViewModel.Connections.cs      | 15 +++++++++++++++
 .../Windows/EditServerConnection.xaml             |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Connections.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Connections.cs
index 916cf1661..dad39393a 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Connections.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Connections.cs
@@ -302,8 +302,23 @@ internal async Task<bool> SaveServerConnection(ServerConnection item)
                 serverConnections.Remove(serverConnections.Find(c => c.Id == item.Id));
             }
 
+            // if item is the default, all other items are no longer the default
+            if (item.IsDefault)
+            {
+                serverConnections
+                    .Where(s => s.Id != item.Id)
+                    .ToList()
+                    .ForEach(s => s.IsDefault = false);
+            }
+
             serverConnections.Add(item);
 
+            // if no default exists, make the first item default
+            if (!serverConnections.Exists(e => e.IsDefault))
+            {
+                serverConnections.First().IsDefault = true;
+            }
+
             ServerConnectionManager.Save(Log, serverConnections);
 
             return await Task.FromResult(true);
diff --git a/src/Certify.UI.Shared/Windows/EditServerConnection.xaml b/src/Certify.UI.Shared/Windows/EditServerConnection.xaml
index 50bc3e64d..baac89cd2 100644
--- a/src/Certify.UI.Shared/Windows/EditServerConnection.xaml
+++ b/src/Certify.UI.Shared/Windows/EditServerConnection.xaml
@@ -88,7 +88,7 @@
                 Width="120"
                 Margin="0,0,8,0"
                 VerticalAlignment="Top"
-                Content="Use https" />
+                Content="Use Https" />
             <CheckBox IsChecked="{Binding Item.UseHTTPS}" />
         </StackPanel>
         <StackPanel DockPanel.Dock="Top" Orientation="Horizontal">

From c707904803039c2e2b60dd3f38195a28ff0ae9a7 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 12:33:53 +0800
Subject: [PATCH 035/237] Data Stores: show the current default store

---
 src/Certify.UI.Shared/Windows/DataStoreConnections.xaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml b/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
index b151a7a22..eb929c88f 100644
--- a/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
+++ b/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
@@ -1,4 +1,4 @@
-<Controls:MetroWindow
+<Controls:MetroWindow
     x:Class="Certify.UI.Windows.DataStoreConnections"
     xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
     xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"

From 78531ff7e56396fe2a6e1998afcfd2bf9b10ca6e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 15:28:46 +0800
Subject: [PATCH 036/237] Import: show option to skip deployment

---
 src/Certify.UI.Shared/Windows/ImportExport.xaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml b/src/Certify.UI.Shared/Windows/ImportExport.xaml
index 08d1b163b..560db8a5f 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml
@@ -73,7 +73,7 @@
                         Content="Include Standard Certificate Storage and Auto Deployment"
                         DockPanel.Dock="Top"
                         IsChecked="True"
-                        Visibility="{Binding IsImportReady, Converter={StaticResource ResourceKey=BoolToVisConverter}}" />
+                        />
                     <StackPanel DockPanel.Dock="Top" Orientation="Horizontal">
                         <Button
                             x:Name="Import"

From 68cad14d1f27ff2ea34dc14b45abf264c6c63c51 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 17 Aug 2023 17:24:27 +0800
Subject: [PATCH 037/237] Sync service controller endpoints

---
 .../Certify.Server.Core/Controllers/SystemController.cs  | 9 ---------
 .../Controllers/ManagedCertificateController.cs          | 8 ++++++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
index c097c5878..1f3e47430 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
@@ -40,15 +40,6 @@ public async Task<UpdateCheck> PerformUpdateCheck()
             return await new Management.Util().CheckForUpdates();
         }
 
-        [HttpGet, Route("maintenance")]
-        public async Task<string> PerformMaintenanceTasks()
-        {
-            DebugLog();
-
-            await _certifyManager.PerformCertificateCleanup();
-            return "OK";
-        }
-
         [HttpGet, Route("diagnostics")]
         public async Task<List<Models.Config.ActionResult>> PerformServiceDiagnostics()
         {
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index db5492737..c09fbe836 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -34,6 +34,14 @@ public async Task<List<ManagedCertificate>> Search(ManagedCertificateFilter filt
             return await _certifyManager.GetManagedCertificates(filter);
         }
 
+        // Get List of Top N Managed Certificates, filtered by title, as a Search Result with total count
+        [HttpPost, Route("results")]
+        public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateFilter filter)
+        {
+            DebugLog();
+            return await _certifyManager.GetManagedCertificateResults(filter);
+        }
+
         [HttpGet, Route("{id}")]
         public async Task<ManagedCertificate> GetById(string id)
         {

From ad05230a29dd937bc3e08cd8a565c83c0cdbed3e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sat, 19 Aug 2023 17:47:48 +0800
Subject: [PATCH 038/237] Core: Implement renewal attempt result ordering

---
 .../CertifyManager.ManagedCertificates.cs     |  5 +-
 .../Util/ManagedCertificateFilter.cs          |  2 +-
 .../ManagedItemDataStoreTests.cs              | 54 +++++++++++++------
 3 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index bf3f41218..d3b565cec 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -79,7 +79,8 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
         {
             var result = new ManagedCertificateSearchResult();
 
-            var list = await _itemManager.Find(filter);
+            result.Results = await _itemManager.Find(filter);
+
             if (filter.PageSize > 0)
             {
                 filter.PageSize = null;
@@ -87,8 +88,6 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
                 result.TotalResults = await _itemManager.CountAll(filter);
             }
 
-            result.Results = list;
-
             return result;
         }
         /// <summary>
diff --git a/src/Certify.Models/Util/ManagedCertificateFilter.cs b/src/Certify.Models/Util/ManagedCertificateFilter.cs
index 13dd90416..9846ef519 100644
--- a/src/Certify.Models/Util/ManagedCertificateFilter.cs
+++ b/src/Certify.Models/Util/ManagedCertificateFilter.cs
@@ -1,4 +1,4 @@
-namespace Certify.Models
+namespace Certify.Models
 {
     public class ManagedCertificateFilter
     {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
index 7f8c90b22..4a878b0eb 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
@@ -346,11 +346,12 @@ public async Task TestManagedCertificateFilters(string storeType = null)
                     newTestItem.Name = "FilterMultiTest_" + i;
                     newTestItem.Id = Guid.NewGuid().ToString();
                     newTestItem.RequestConfig.PrimaryDomain = i + "_" + testItem.RequestConfig.PrimaryDomain;
-                    newTestItem.DateExpiry = DateTimeOffset.UtcNow.AddDays(new Random().Next(5, 90));
-                    newTestItem.DateStart = DateTimeOffset.UtcNow.AddDays(-new Random().Next(1, 30));
-                    newTestItem.DateLastOcspCheck = DateTimeOffset.UtcNow.AddMinutes(-new Random().Next(1, 60));
-                    newTestItem.DateLastRenewalInfoCheck = DateTimeOffset.UtcNow.AddMinutes(-new Random().Next(1, 30));
-                    newTestItem.DateRenewed = DateTimeOffset.UtcNow.AddDays(-new Random().Next(1, 30));
+                    newTestItem.DateExpiry = DateTimeOffset.UtcNow.AddDays(rnd.Next(5, 90));
+                    newTestItem.DateStart = newTestItem.DateExpiry.Value.AddDays(-rnd.Next(1, 30));
+                    newTestItem.DateLastOcspCheck = DateTimeOffset.UtcNow.AddMinutes(-rnd.Next(1, 60));
+                    newTestItem.DateLastRenewalInfoCheck = DateTimeOffset.UtcNow.AddMinutes(-rnd.Next(1, 30));
+                    newTestItem.DateRenewed = newTestItem.DateStart;
+                    newTestItem.DateLastRenewalAttempt = newTestItem.DateRenewed;
 
                     if (rnd.Next(0, 10) >= 8)
                     {
@@ -369,11 +370,12 @@ public async Task TestManagedCertificateFilters(string storeType = null)
                     newTestItem.Name = "ExtraMultiTest_" + i;
                     newTestItem.Id = Guid.NewGuid().ToString();
                     newTestItem.RequestConfig.PrimaryDomain = i + "_" + testItem.RequestConfig.PrimaryDomain;
-                    newTestItem.DateExpiry = DateTimeOffset.UtcNow.AddDays(new Random().Next(5, 90));
-                    newTestItem.DateStart = DateTimeOffset.UtcNow.AddDays(-new Random().Next(1, 30));
-                    newTestItem.DateLastOcspCheck = DateTimeOffset.UtcNow.AddMinutes(-new Random().Next(1, 30));
-                    newTestItem.DateLastRenewalInfoCheck = DateTimeOffset.UtcNow.AddMinutes(-new Random().Next(1, 30));
-                    newTestItem.DateRenewed = DateTimeOffset.UtcNow.AddDays(-new Random().Next(1, 30));
+                    newTestItem.DateExpiry = DateTimeOffset.UtcNow.AddDays(rnd.Next(5, 90));
+                    newTestItem.DateStart = DateTimeOffset.UtcNow.AddDays(-rnd.Next(1, 30));
+                    newTestItem.DateLastOcspCheck = DateTimeOffset.UtcNow.AddMinutes(-rnd.Next(1, 30));
+                    newTestItem.DateLastRenewalInfoCheck = DateTimeOffset.UtcNow.AddMinutes(-rnd.Next(1, 30));
+                    newTestItem.DateRenewed = DateTimeOffset.UtcNow.AddDays(-rnd.Next(1, 30));
+                    newTestItem.DateLastRenewalAttempt = newTestItem.DateRenewed;
 
                     inMemoryList.Add(newTestItem);
                 }
@@ -427,6 +429,7 @@ public async Task TestManagedCertificateFilters(string storeType = null)
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", PageIndex=0, PageSize =5, FilterDescription="Paging test 0" },
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", PageIndex=1, PageSize =5, FilterDescription="Paging test 1" },
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", PageIndex=2, PageSize =5, FilterDescription="Paging test 3" },
+                    new ManagedCertificateFilter { Keyword = "FilterMultiTest_", PageIndex=2, PageSize =5, FilterDescription="Paging test 4 with sorting by renewal date", OrderBy= ManagedCertificateFilter.SortMode.RENEWAL_ASC },
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", ChallengeType ="http-01", FilterDescription="Challenge type filter"},
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", ChallengeProvider ="A.Test.Provider", FilterDescription="Challenge provider filter"},
                     new ManagedCertificateFilter { Keyword = "FilterMultiTest_", StoredCredentialKey ="ABCD123", FilterDescription="Stored Credential filter"}
@@ -447,9 +450,21 @@ public async Task TestManagedCertificateFilters(string storeType = null)
                            && (filter.ChallengeType == null || i.RequestConfig.Challenges.Any(c => c.ChallengeType == filter.ChallengeType))
                            && (filter.ChallengeProvider == null || i.RequestConfig.Challenges.Any(c => c.ChallengeProvider == filter.ChallengeProvider))
                            && (filter.StoredCredentialKey == null || i.RequestConfig.Challenges.Any(c => c.ChallengeCredentialKey == filter.StoredCredentialKey))
-                        )
-                        .OrderBy(t => t.Name)
-                        .AsQueryable();
+                        ).AsQueryable();
+
+                    if (filter.OrderBy == ManagedCertificateFilter.SortMode.NAME_ASC)
+                    {
+                        expectedResult = expectedResult
+                            .OrderBy(t => t.Name)
+                            .AsQueryable();
+                    }
+
+                    if (filter.OrderBy == ManagedCertificateFilter.SortMode.RENEWAL_ASC)
+                    {
+                        expectedResult = expectedResult
+                            .OrderBy(t => t.DateLastRenewalAttempt)
+                            .AsQueryable();
+                    }
 
                     if (filter.PageIndex != null && filter.PageSize != null)
                     {
@@ -471,8 +486,17 @@ public async Task TestManagedCertificateFilters(string storeType = null)
 
                     Assert.AreEqual(expectedResult.Count(), testResult.Count, filter.FilterDescription);
 
-                    Assert.IsTrue(expectedResult.First().Id == testResult.First().Id, $"{filter.FilterDescription} Test and expected should return same first items");
-                    Assert.IsTrue(expectedResult.Last().Id == testResult.Last().Id, $"{filter.FilterDescription} Test and expected should return same last items");
+                    if (filter.OrderBy == ManagedCertificateFilter.SortMode.NAME_ASC)
+                    {
+                        Assert.IsTrue(expectedResult.First().Id == testResult.First().Id, $"{filter.FilterDescription} Test and expected should return same first items");
+                        Assert.IsTrue(expectedResult.Last().Id == testResult.Last().Id, $"{filter.FilterDescription} Test and expected should return same last items");
+                    }
+
+                    if (filter.OrderBy == ManagedCertificateFilter.SortMode.RENEWAL_ASC)
+                    {
+                        Assert.IsTrue(expectedResult.First().Id == testResult.First().Id, $"{filter.FilterDescription} Test and expected should return same first items");
+                        Assert.IsTrue(expectedResult.Last().Id == testResult.Last().Id, $"{filter.FilterDescription} Test and expected should return same last items");
+                    }
                 }
             }
             finally

From 990ba3172eec3428497af6015e7068c259c7ae17 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sat, 19 Aug 2023 17:48:00 +0800
Subject: [PATCH 039/237] Cleanup

---
 src/Certify.UI.Shared/Windows/ImportExport.xaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml b/src/Certify.UI.Shared/Windows/ImportExport.xaml
index 560db8a5f..12073af34 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml
@@ -72,8 +72,7 @@
                         Margin="0,4,4,4"
                         Content="Include Standard Certificate Storage and Auto Deployment"
                         DockPanel.Dock="Top"
-                        IsChecked="True"
-                        />
+                        IsChecked="True" />
                     <StackPanel DockPanel.Dock="Top" Orientation="Horizontal">
                         <Button
                             x:Name="Import"

From 3f85283895b55e8bb9e0362b78feebc0920bdac0 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 21 Aug 2023 11:11:44 +0800
Subject: [PATCH 040/237] WIP: paged managed cert list

---
 .../AppViewModel.ManagedCerticates.cs         | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 17108b0c6..29b1516bd 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -92,6 +92,9 @@ public int NumManagedCerts
             }
         }
 
+        int _filterPageIndex = 0;
+        int _filterPageSize = 10;
+
         /// <summary>
         /// Refresh the cached list of managed certs via the connected service
         /// </summary>
@@ -102,20 +105,12 @@ public virtual async Task RefreshManagedCertificates()
 
             // include external managed certs if enabled
             filter.IncludeExternal = IsFeatureEnabled(FeatureFlags.EXTERNAL_CERT_MANAGERS) && Preferences.EnableExternalCertManagers;
+            filter.PageSize = _filterPageSize;
+            filter.PageIndex= _filterPageIndex;
 
-            var list = await _certifyClient.GetManagedCertificates(filter);
-
-            foreach (var i in list)
-            {
-                i.IsChanged = false;
-
-                if (!HasDeprecatedChallengeTypes && i.RequestConfig.Challenges.Any(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_SNI))
-                {
-                    HasDeprecatedChallengeTypes = true;
-                }
-            }
+            var result = await _certifyClient.GetManagedCertificateSearchResult(filter);
 
-            ManagedCertificates = new ObservableCollection<ManagedCertificate>(list);
+            ManagedCertificates = new ObservableCollection<ManagedCertificate>(result.Results);
         }
 
         /// <summary>

From 75d8b1ab83390a41e4cfed6c856d598758a93181 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 21 Aug 2023 11:16:49 +0800
Subject: [PATCH 041/237] Core: remove unused request status check

---
 src/Certify.Client/CertifyApiClient.cs        |   6 -
 src/Certify.Client/ICertifyClient.cs          |   2 -
 .../CertifyManager.CertificateRequest.cs      |   9 +-
 .../CertifyManager/CertifyManager.cs          | 111 ++++++++++++++----
 .../CertifyManager/ICertifyManager.cs         |   4 -
 .../ManagedCertificateController.cs           |  15 ---
 .../ManagedCertificateController.cs           |  15 ---
 7 files changed, 91 insertions(+), 71 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index faf53c515..f55c2c9e3 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -459,12 +459,6 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
             }
         }
 
-        public async Task<RequestProgressState> CheckCertificateRequest(string managedItemId)
-        {
-            var json = await FetchAsync($"managedcertificates/requeststatus/{managedItemId}");
-            return JsonConvert.DeserializeObject<RequestProgressState>(json);
-        }
-
         public async Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site)
         {
             var response = await PostAsync($"managedcertificates/testconfig", site);
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 339fac4c1..71246761c 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -96,8 +96,6 @@ public interface ICertifyInternalApiClient
 
         Task<CertificateRequestResult> BeginCertificateRequest(string managedItemId, bool resumePaused, bool isInteractive);
 
-        Task<RequestProgressState> CheckCertificateRequest(string managedItemId);
-
         Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site);
         Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate site);
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
index 31041c9a6..a8880478d 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
@@ -85,9 +85,11 @@ public async Task<List<CertificateRequestResult>> PerformRenewAll(RenewalSetting
                 _itemManager,
                 settings,
                 prefs,
-                BeginTrackingProgress,
+           
                 ReportProgress, IsManagedCertificateRunning,
-                (ManagedCertificate item, IProgress<RequestProgressState> progress, bool isPreview, string reason) => { return PerformCertificateRequest(null, item, progress, skipRequest: isPreview, skipTasks: isPreview, reason: reason); },
+                (ManagedCertificate item, IProgress<RequestProgressState> progress, bool isPreview, string reason) => { 
+                    return PerformCertificateRequest(null, item, progress, skipRequest: isPreview, skipTasks: isPreview, reason: reason);
+                },
                 progressTrackers);
 
             _isRenewAllInProgress = false;
@@ -1069,9 +1071,6 @@ private async Task<CertificateRequestResult> CompleteCertificateRequest(ILog log
 
             log?.Debug($"End of CompleteCertificateRequest.");
 
-            // cleanup progress tracking
-            _progressResults.TryRemove(managedCertificate.Id, out _);
-
             return result;
         }
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 0f1405cb9..81a2fb903 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -75,11 +75,6 @@ public partial class CertifyManager : ICertifyManager, IDisposable
         /// </summary>
         private ConcurrentDictionary<string, SimpleAuthorizationChallengeItem> _currentChallenges = new ConcurrentDictionary<string, SimpleAuthorizationChallengeItem>();
 
-        /// <summary>
-        /// Set of current in-progress renewals
-        /// </summary>
-        private ConcurrentDictionary<string, RequestProgressState> _progressResults { get; set; }
-
         /// <summary>
         /// Service for reporting status/progress results back to client(s)
         /// </summary>
@@ -175,8 +170,6 @@ public async Task Init()
                 throw (new Exception(msg));
             }
 
-            _progressResults = new ConcurrentDictionary<string, RequestProgressState>();
-
             LoadCertificateAuthorities();
 
             // init remaining utilities and optionally enable telematics
@@ -381,22 +374,82 @@ public void SetStatusReporting(IStatusReporting statusReporting)
             _statusReporting = statusReporting;
         }
         /// <summary>
-        /// Begin/restart progress tracking for renewal requests of a given managed certificate
+        /// used to set a specific account for testing, instead of loading from config
         /// </summary>
-        /// <param name="state"></param>
-        public void BeginTrackingProgress(RequestProgressState state)
+        public AccountDetails OverrideAccountDetails { get; set; }
+        /// <summary>
+        /// Get the ACME client applicable for the given managed certificate
+        /// </summary>
+        /// <param name="managedItem"></param>
+        /// <returns></returns>
+        public async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)
         {
-            try
+            // determine account to use for the given managed cert
+
+            if (caAccount != null)
             {
-                if (state?.Id != null)
+                _certificateAuthorities.TryGetValue(caAccount?.CertificateAuthorityId, out var ca);
+
+                if (ca != null)
                 {
-                    _progressResults.AddOrUpdate(state.Id, state, (id, s) => state);
+                    var acmeBaseUrl = managedItem.UseStagingMode ? ca.StagingAPIEndpoint : ca.ProductionAPIEndpoint;
+
+                    return await GetACMEProvider(caAccount.StorageKey, acmeBaseUrl, caAccount, ca.AllowUntrustedTls);
+                }
+                else
+                {
+                    // Unknown acme CA. May have been removed from CA list.
+                    return null;
                 }
             }
-            catch (Exception)
+            else
             {
-                // failed to add progress tracking, likely concurrency issue
-                _serviceLog?.Warning($"Failed to add tracking progress for {state.ManagedCertificate.Id}. Likely concurrency issue.");
+                return null;
+            }
+        }
+
+        /// <summary>
+        /// Get the ACME client for the given storage key or create and add a new one
+        /// </summary>
+        /// <param name="storageKey"></param>
+        /// <param name="acmeApiEndpoint"></param>
+        /// <param name="account"></param>
+        /// <param name="allowUntrustedTls"></param>
+        /// <returns></returns>
+        private async Task<IACMEClientProvider> GetACMEProvider(string storageKey, string acmeApiEndpoint = null, AccountDetails account = null, bool allowUntrustedTls = false)
+        {
+            // get or init acme provider required for the given account
+            if (_acmeClientProviders.TryGetValue(storageKey, out var provider))
+            {
+                return provider;
+            }
+            else
+            {
+                var userAgent = Util.GetUserAgent();
+                var settingBaseFolder = EnvironmentUtil.CreateAppDataPath();
+                var providerPath = Path.Combine(settingBaseFolder, "certes_" + storageKey);
+
+                var newProvider = new AnvilACMEProvider(new AnvilACMEProviderSettings
+                {
+                    AcmeBaseUri = acmeApiEndpoint,
+                    ServiceSettingsBasePath = settingBaseFolder,
+                    LegacySettingsPath = providerPath,
+                    UserAgentName = userAgent,
+                    AllowUntrustedTls = allowUntrustedTls,
+                    DefaultACMERetryIntervalSeconds = CoreAppSettings.Current.DefaultACMERetryInterval,
+                    EnableIssuerCache = CoreAppSettings.Current.EnableIssuerCache
+                });
+
+                if (!_useWindowsNativeFeatures)
+                {
+                    newProvider.DefaultCertificateFormat = "pem";
+                }
+
+                await newProvider.InitProvider(_serviceLog, account);
+
+                _acmeClientProviders.TryAdd(storageKey, newProvider);
+
+                return newProvider;
             }
         }
 
@@ -444,20 +497,30 @@ public void ReportProgress(IProgress<RequestProgressState> progress, RequestProg
         }, _loggingLevelSwitch);
 
         /// <summary>
-        /// Get current progress result for the given managed certificate id
+        /// When called, look for periodic maintenance tasks we can perform such as renewal
         /// </summary>
-        /// <param name="managedItemId"></param>
-        /// <returns></returns>
-        public RequestProgressState GetRequestProgressState(string managedItemId)
+        /// <returns>  </returns>
+        public async Task<bool> PerformRenewalTasks()
         {
-            if (_progressResults.TryGetValue(managedItemId, out var progress))
+            try
             {
-                return progress;
+                Debug.WriteLine("Checking for renewal tasks..");
+
+                SettingsManager.LoadAppSettings();
+
+                // perform pending renewals
+                await PerformRenewAll(new RenewalSettings { });
+
+                // flush status report queue
+                await SendQueuedStatusReports();
             }
-            else
+            catch (Exception exp)
             {
-                return new RequestProgressState(RequestState.NotRunning, "No request in progress", null);
+                _tc?.TrackException(exp);
+                return await Task.FromResult(false);
             }
+
+            return await Task.FromResult(true);
         }
 
         public void Dispose() => ManagedCertificateLog.DisposeLoggers();
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index d936cf4d3..d94b15501 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -61,8 +61,6 @@ public interface ICertifyManager
         Task<ActionResult> RemoveCertificateAuthority(string id);
         Task<List<SiteInfo>> GetPrimaryWebSites(StandardServerTypes serverType, bool ignoreStoppedSites, string itemId = null);
 
-        void BeginTrackingProgress(RequestProgressState state);
-
         Task<List<CertificateRequestResult>> RedeployManagedCertificates(ManagedCertificateFilter filter, IProgress<RequestProgressState> progress = null, bool isPreviewOnly = false, bool includeDeploymentTasks = false);
 
         Task<CertificateRequestResult> DeployCertificate(ManagedCertificate managedCertificate, IProgress<RequestProgressState> progress = null, bool isPreviewOnly = false, bool includeDeploymentTasks = false);
@@ -73,8 +71,6 @@ public interface ICertifyManager
 
         Task<List<CertificateRequestResult>> PerformRenewAll(RenewalSettings settings, ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers = null);
 
-        RequestProgressState GetRequestProgressState(string managedItemId);
-
         Task<bool> PerformRenewalTasks();
 
         Task<bool> PerformDailyMaintenanceTasks();
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 2a9a656a3..e26dfa264 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -79,9 +79,6 @@ public async Task<List<StatusMessage>> TestChallengeResponse(ManagedCertificate
 
             var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
 
-            //begin monitoring progress
-            _certifyManager.BeginTrackingProgress(progressState);
-
             // perform challenge response test, log to string list and return in result
             var logList = new List<string>();
             using (var log = new LoggerConfiguration()
@@ -194,9 +191,6 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
 
             var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
 
-            //begin monitoring progress
-            _certifyManager.BeginTrackingProgress(progressState);
-
             //begin request
             var result = await _certifyManager.PerformCertificateRequest(
                                                                            null,
@@ -208,15 +202,6 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
             return result;
         }
 
-        [HttpGet, Route("requeststatus/{managedItemId}")]
-        public RequestProgressState CheckCertificateRequest(string managedItemId)
-        {
-            DebugLog();
-
-            //TODO: check current status of request in progress
-            return _certifyManager.GetRequestProgressState(managedItemId);
-        }
-
         [HttpGet, Route("log/{managedItemId}/{limit}")]
         public async Task<LogItem[]> GetLog(string managedItemId, int limit)
         {
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index c09fbe836..47b6fd053 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -78,9 +78,6 @@ public async Task<List<StatusMessage>> TestChallengeResponse(ManagedCertificate
 
             var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
 
-            //begin monitoring progress
-            _certifyManager.BeginTrackingProgress(progressState);
-
             // perform challenge response test, log to string list and return in result
             var logList = new List<string>();
             using (var log = new LoggerConfiguration()
@@ -193,9 +190,6 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
 
             var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
 
-            //begin monitoring progress
-            _certifyManager.BeginTrackingProgress(progressState);
-
             //begin request
             var result = await _certifyManager.PerformCertificateRequest(
                                                                            null,
@@ -207,15 +201,6 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
             return result;
         }
 
-        [HttpGet, Route("requeststatus/{managedItemId}")]
-        public RequestProgressState CheckCertificateRequest(string managedItemId)
-        {
-            DebugLog();
-
-            //TODO: check current status of request in progress
-            return _certifyManager.GetRequestProgressState(managedItemId);
-        }
-
         [HttpGet, Route("log/{managedItemId}/{limit}")]
         public async Task<LogItem[]> GetLog(string managedItemId, int limit)
         {

From 13738f7ce6ce58a86bf8e4ea1717edb4c486e525 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 21 Aug 2023 12:01:25 +0800
Subject: [PATCH 042/237] Core: refactor renewal manager for batched querying

---
 src/Certify.Core/Management/RenewalManager.cs | 295 ++++++++----------
 1 file changed, 136 insertions(+), 159 deletions(-)

diff --git a/src/Certify.Core/Management/RenewalManager.cs b/src/Certify.Core/Management/RenewalManager.cs
index 30f7a75c4..348023306 100644
--- a/src/Certify.Core/Management/RenewalManager.cs
+++ b/src/Certify.Core/Management/RenewalManager.cs
@@ -2,6 +2,7 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading;
 using System.Threading.Tasks;
 using Certify.Locales;
 using Certify.Models;
@@ -19,75 +20,42 @@ public static class RenewalManager
 
         private const int DEFAULT_CERTIFICATE_REQUEST_TASKS = 50;
 
-        public static async Task<List<CertificateRequestResult>> PerformRenewAll(
-            ILog _serviceLog,
-            IManagedItemStore _itemManager,
-            RenewalSettings settings,
-            RenewalPrefs prefs,
-            Action<RequestProgressState> BeginTrackingProgress,
-            Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgress,
-            Func<string, Task<bool>> IsManagedCertificateRunning,
-            Func<ManagedCertificate, IProgress<RequestProgressState>, bool, string, Task<CertificateRequestResult>> PerformCertificateRequest,
-            ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers = null
-            )
+        private static Progress<RequestProgressState> SetupProgressTracker(
+            ManagedCertificate item, string renewalReason,
+            ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers,
+            Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgress
+        )
         {
-            // we can perform request in parallel but if processing many requests this can cause issues committing IIS bindings etc
 
-            var testModeOnly = false;
+            // track progress
+            var progressState = new RequestProgressState(RequestState.Running, "Starting..", item);
+            var progressTracker = new Progress<RequestProgressState>(progressState.ProgressReport);
 
-            IEnumerable<ManagedCertificate> managedCertificates;
+            progressTrackers.TryAdd(item.Id, progressTracker);
 
-            if (settings.TargetManagedCertificates?.Any() == true)
-            {
-                var targetCerts = new List<ManagedCertificate>();
-                foreach (var id in settings.TargetManagedCertificates)
-                {
-                    targetCerts.Add(await _itemManager.GetById(id));
-                }
+            ReportProgress(progressTracker, new RequestProgressState(RequestState.Queued, $"Queued for renewal: {renewalReason}", item), false);
 
-                managedCertificates = targetCerts;
-            }
-            else
-            {
-                managedCertificates = await _itemManager.Find(
-                    new ManagedCertificateFilter
-                    {
-                        IncludeOnlyNextAutoRenew = (settings.Mode == RenewalMode.Auto)
-                    }
-                );
-            }
+            return progressTracker;
+        }
 
-            if (settings.Mode == RenewalMode.Auto || settings.Mode == RenewalMode.RenewalsDue)
-            {
-                // auto renew enabled sites in order of oldest date renewed (or earliest attempted), items not yet attempted are first.
-                // if mode is just RenewalDue then we also include items that are not marked auto renew (the user may be controlling when to perform renewal).
+        public static async Task<List<CertificateRequestResult>> PerformRenewAll(
+                ILog _serviceLog,
+                IManagedItemStore _itemManager,
+                RenewalSettings settings,
+                RenewalPrefs prefs,
+                Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgress,
+                Func<string, Task<bool>> IsManagedCertificateRunning,
+                Func<ManagedCertificate, IProgress<RequestProgressState>, bool, string, Task<CertificateRequestResult>> PerformCertificateRequest,
+                ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers = null
+                )
+        {
 
-                managedCertificates = managedCertificates.Where(s => s.IncludeInAutoRenew == true || settings.Mode == RenewalMode.RenewalsDue)
-                             .OrderBy(s => s.DateRenewed ?? s.DateLastRenewalAttempt ?? DateTimeOffset.MinValue);
-            }
-            else if (settings.Mode == RenewalMode.NewItems)
-            {
-                // new items not yet completed in order of oldest renewal attempt first
-                managedCertificates = managedCertificates.Where(s => s.DateRenewed == null)
-                              .OrderBy(s => s.DateLastRenewalAttempt ?? DateTimeOffset.UtcNow.AddHours(-48));
-            }
-            else if (settings.Mode == RenewalMode.RenewalsWithErrors)
+            var maxRenewalTasks = prefs.MaxRenewalRequests;
+            if (maxRenewalTasks <= 0)
             {
-                // items with current errors in order of oldest renewal attempt first
-                managedCertificates = managedCertificates.Where(s => s.LastRenewalStatus == RequestState.Error)
-                              .OrderBy(s => s.DateLastRenewalAttempt ?? DateTimeOffset.UtcNow.AddHours(-1));
+                maxRenewalTasks = DEFAULT_CERTIFICATE_REQUEST_TASKS;
             }
 
-            // check site list and examine current certificates. If certificate is less than n days
-            // old, don't attempt to renew it
-            var sitesToRenew = new List<ManagedCertificate>();
-            var renewalIntervalDays = prefs.RenewalIntervalDays;
-            var renewalIntervalMode = prefs.RenewalIntervalMode ?? RenewalIntervalModes.DaysAfterLastRenewal;
-
-            var numRenewalTasks = 0;
-
-            var maxRenewalTasks = prefs.MaxRenewalRequests;
-
             var renewalTasks = new List<Task<CertificateRequestResult>>();
 
             if (progressTrackers == null)
@@ -95,129 +63,141 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
                 progressTrackers = new ConcurrentDictionary<string, Progress<RequestProgressState>>();
             }
 
-            if (managedCertificates.Count(c => c.LastRenewalStatus == RequestState.Error) > MAX_CERTIFICATE_REQUEST_TASKS)
-            {
-                _serviceLog?.Warning("Too many failed certificates outstanding. Fix failures or delete. Failures: " + managedCertificates.Count(c => c.LastRenewalStatus == RequestState.Error));
-            }
+            List<ManagedCertificate> managedCertificateBatch;
 
-            foreach (var managedCertificate in managedCertificates)
+            if (settings.TargetManagedCertificates?.Any() == true)
             {
-                // if cert is not awaiting manual user input (manual DNS etc), proceed with renewal checks
-                if (managedCertificate.LastRenewalStatus != RequestState.Paused)
+                // prepare renewal batch using just the selected set of target items
+                var targetCerts = new List<ManagedCertificate>();
+
+                foreach (var id in settings.TargetManagedCertificates)
                 {
-                    var progressState = new RequestProgressState(RequestState.Running, "Starting..", managedCertificate);
-                    var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
+                    targetCerts.Add(await _itemManager.GetById(id));
+                }
 
-                    try
-                    {
-                        progressTrackers.TryAdd(managedCertificate.Id, progressIndicator);
-                    }
-                    catch
-                    {
-                        _serviceLog?.Error($"Failed to add progress tracker for {managedCertificate.Id}. Likely concurrency issue, skipping this managed cert during this run.");
-                        continue;
-                    }
+                managedCertificateBatch = targetCerts;
 
-                    BeginTrackingProgress(progressState);
+                foreach (var item in managedCertificateBatch)
+                {
+                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, ReportProgress);
 
-                    // determine if this site currently requires renewal for auto mode (or renewals due mode)
-                    // In auto mode we skip if recent failures, in Renewals Due mode we ignore recent failures
+                    renewalTasks.Add(
+                    new Task<CertificateRequestResult>(
+                            () => PerformCertificateRequest(item, progressTracker, settings.IsPreviewMode, "Renewal requested").Result,
+                            TaskCreationOptions.LongRunning
+                            )
+                    );
+                }
+            }
+            else
+            {
 
-                    var renewalDueCheck = ManagedCertificate.CalculateNextRenewalAttempt(managedCertificate, renewalIntervalDays, renewalIntervalMode, checkFailureStatus: false);
-                    var isRenewalRequired = (settings.Mode != RenewalMode.Auto && settings.Mode != RenewalMode.RenewalsDue) || renewalDueCheck.IsRenewalDue;
+                // prepare batch of renewals until we have reached the limit of tasks we will perform in one pass, or run out of items to attempt
 
-                    var renewalReason = renewalDueCheck.Reason;
+                // auto renew enabled sites in order of oldest date renewed (or earliest attempted), items not yet attempted are first.
+                var filter = new ManagedCertificateFilter
+                {
+                    IncludeOnlyNextAutoRenew = (settings.Mode == RenewalMode.Auto),
+                    OrderBy = ManagedCertificateFilter.SortMode.RENEWAL_ASC
+                };
 
-                    if (settings.Mode == RenewalMode.All)
+                /*   if (settings.Mode == RenewalMode.Auto || settings.Mode == RenewalMode.RenewalsDue)
                     {
-                        // on all mode, everything gets an attempted renewal
-                        isRenewalRequired = true;
-                        renewalReason = "Renewal Mode is set to All";
-                    }
 
-                    //if we care about stopped sites being stopped, check for that if a specific site is selected
-                    var isSiteRunning = true;
-                    if (prefs.IncludeStoppedSites && !string.IsNullOrEmpty(managedCertificate.ServerSiteId))
+                        // if mode is just RenewalDue then we also include items that are not marked auto renew (the user may be controlling when to perform renewal).
+
+                        managedCertificateBatch = managedCertificateBatch.Where(s => s.IncludeInAutoRenew == true || settings.Mode == RenewalMode.RenewalsDue)
+                                     .OrderBy(s => s.DateRenewed ?? s.DateLastRenewalAttempt ?? DateTimeOffset.MinValue);
+                    }
+                    else if (settings.Mode == RenewalMode.NewItems)
                     {
-                        isSiteRunning = await IsManagedCertificateRunning(managedCertificate.Id);
+                        // new items not yet completed in order of oldest renewal attempt first
+                        managedCertificateBatch = managedCertificateBatch.Where(s => s.DateRenewed == null)
+                                      .OrderBy(s => s.DateLastRenewalAttempt ?? DateTimeOffset.UtcNow.AddHours(-48));
                     }
-
-                    if (!renewalDueCheck.IsRenewalOnHold && isRenewalRequired && isSiteRunning && !testModeOnly)
+                    else if (settings.Mode == RenewalMode.RenewalsWithErrors)
                     {
-                        //get matching progress tracker for this site
-                        IProgress<RequestProgressState> tracker = null;
-                        if (progressTrackers != null)
-                        {
-                            tracker = progressTrackers[managedCertificate.Id];
-                        }
+                        // items with current errors in order of oldest renewal attempt first
+                        managedCertificateBatch = managedCertificateBatch.Where(s => s.LastRenewalStatus == RequestState.Error)
+                                      .OrderBy(s => s.DateLastRenewalAttempt ?? DateTimeOffset.UtcNow.AddHours(-1));
+                    }*/
 
-                        // limit the number of renewal tasks to attempt in this pass either to custom setting or max allowed
-                        if (
-                            (maxRenewalTasks == 0 && numRenewalTasks < DEFAULT_CERTIFICATE_REQUEST_TASKS)
-                            ||
-                            (maxRenewalTasks > 0 && numRenewalTasks < maxRenewalTasks && numRenewalTasks < MAX_CERTIFICATE_REQUEST_TASKS)
-                            )
-                        {
+                var totalRenewalCandidates = await _itemManager.CountAll(filter);
 
-                            renewalTasks.Add(
-                               new Task<CertificateRequestResult>(
-                                () => PerformCertificateRequest(managedCertificate, tracker, settings.IsPreviewMode, renewalReason).Result,
-                                TaskCreationOptions.LongRunning
-                           ));
+                var renewalIntervalDays = prefs.RenewalIntervalDays;
+                var renewalIntervalMode = prefs.RenewalIntervalMode ?? RenewalIntervalModes.DaysAfterLastRenewal;
 
-                            ReportProgress((IProgress<RequestProgressState>)progressTrackers[managedCertificate.Id], new RequestProgressState(RequestState.Queued, $"Queued for renewal: {renewalDueCheck.Reason}", managedCertificate), false);
+                filter.PageSize = MAX_CERTIFICATE_REQUEST_TASKS;
+                filter.PageIndex = 0;
 
-                        }
-                        else
-                        {
-                            if (!prefs.SuppressSkippedItems)
-                            {
-                                //send progress back to report skip
-                                var progress = (IProgress<RequestProgressState>)progressTrackers[managedCertificate.Id];
-                                ReportProgress(progress, new RequestProgressState(RequestState.NotRunning, "Skipped renewal because the max requests per batch has been reached. This request will be attempted again later.", managedCertificate, isSkipped: true), true);
-                            }
-                            else
-                            {
-                                _serviceLog.Debug($"Skipping item {managedCertificate.Id}:{managedCertificate.Name}, max batch size exceeded.");
-                            }
-                        }
+                var batch = new List<ManagedCertificate>();
+                var resultsRemaining = totalRenewalCandidates;
 
-                        // track number of tasks being attempted
-                        numRenewalTasks++;
+                // identify items we will attempt and begin tracking progress
+                while (batch.Count() < maxRenewalTasks && resultsRemaining > 0)
+                {
+                    var results = await _itemManager.Find(filter);
+                    resultsRemaining = results.Count();
 
-                    }
-                    else
+                    foreach (var item in results)
                     {
-                        var msg = renewalDueCheck.Reason;
-                        var requestState = RequestState.Success;
-
-                        var logThisEvent = false;
-
-                        if (isRenewalRequired && !isSiteRunning)
-                        {
-                            msg = CoreSR.CertifyManager_SiteStopped;
-                        }
-
-                        if (renewalDueCheck.IsRenewalOnHold)
-                        {
-                            logThisEvent = true;
-                        }
-
-                        if (progressTrackers != null)
+                        if (batch.Count() < maxRenewalTasks)
                         {
-                            if (!renewalDueCheck.IsRenewalDue || renewalDueCheck.IsRenewalOnHold && prefs.SuppressSkippedItems)
-                            {
-                                _serviceLog.Debug($"Skipping item {managedCertificate.Id}:{managedCertificate.Name}, UI reporting suppressed: {msg}");
-                            }
-                            else
+                            // if cert is not awaiting manual user input (manual DNS etc), proceed with renewal checks
+                            if (item.LastRenewalStatus != RequestState.Paused)
                             {
-                                //send progress back to report skip
-                                /* var progress = (IProgress<RequestProgressState>)progressTrackers[managedCertificate.Id];
-                                 ReportProgress(progress, new RequestProgressState(requestState, msg, managedCertificate, isSkipped: true), logThisEvent);*/
+                                // check if item is due for renewal based on current settings
+
+                                var renewalDueCheck = ManagedCertificate.CalculateNextRenewalAttempt(item, renewalIntervalDays, renewalIntervalMode, checkFailureStatus: false);
+                                var isRenewalRequired = (settings.Mode != RenewalMode.Auto && settings.Mode != RenewalMode.RenewalsDue) || renewalDueCheck.IsRenewalDue;
+
+                                var renewalReason = renewalDueCheck.Reason;
+
+                                if (settings.Mode == RenewalMode.All)
+                                {
+                                    // on all mode, everything gets an attempted renewal
+                                    isRenewalRequired = true;
+                                    renewalReason = "Renewal Mode is set to All";
+                                }
+
+                                // if we care about stopped sites being stopped, check if a specific site is selected and if it's running
+                                if (!prefs.IncludeStoppedSites && !string.IsNullOrEmpty(item.ServerSiteId) && item.RequestConfig.DeploymentSiteOption == DeploymentOption.SingleSite)
+                                {
+                                    var isSiteRunning = await IsManagedCertificateRunning(item.Id);
+
+                                    if (!isSiteRunning)
+                                    {
+                                        isRenewalRequired = false;
+                                        renewalReason = "Target site is not running and 'Include Stopped Sites' preference is False. Renewal will not be attempted.";
+                                    }
+                                }
+
+                                if (isRenewalRequired && !renewalDueCheck.IsRenewalOnHold)
+                                {
+                                    batch.Add(item);
+
+                                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, ReportProgress);
+
+                                    renewalTasks.Add(
+                                        new Task<CertificateRequestResult>(
+                                                () => PerformCertificateRequest(item, progressTracker, settings.IsPreviewMode, renewalReason).Result,
+                                                TaskCreationOptions.LongRunning
+                                                )
+                                        );
+                                }
                             }
                         }
                     }
+
+                    filter.PageIndex++;
                 }
+
+                managedCertificateBatch = batch;
+            }
+
+            if (managedCertificateBatch.Count(c => c.LastRenewalStatus == RequestState.Error) > MAX_CERTIFICATE_REQUEST_TASKS)
+            {
+                _serviceLog?.Warning("Too many failed certificates outstanding. Fix failures or delete. Failures: " + managedCertificateBatch.Count(c => c.LastRenewalStatus == RequestState.Error));
             }
 
             if (!renewalTasks.Any())
@@ -234,10 +214,7 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
             if (prefs.PerformParallelRenewals)
             {
                 renewalTasks.ForEach(t => t.Start());
-
-                var allTaskResults = await Task.WhenAll(renewalTasks);
-
-                return allTaskResults.ToList();
+                return (await Task.WhenAll(renewalTasks)).ToList();
             }
             else
             {

From 3f186a25969e7020b59dbddf2084420d5bac0d4a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 22 Aug 2023 11:42:37 +0800
Subject: [PATCH 043/237] Cleanup

---
 src/Certify.Models/Config/CertRequestConfig.cs       |  2 +-
 src/Certify.Models/Util/BindableBase.cs              | 10 +++++-----
 .../Certify.Core.Tests.Integration.csproj            | 12 ++++++++++++
 .../Certify.UI.Tests.Integration.csproj              |  8 +++-----
 src/Certify.UI.Desktop/Certify.UI.Desktop.csproj     |  4 +++-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj       |  8 ++++++--
 6 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Models/Config/CertRequestConfig.cs b/src/Certify.Models/Config/CertRequestConfig.cs
index d57cb32c4..0efb3360f 100644
--- a/src/Certify.Models/Config/CertRequestConfig.cs
+++ b/src/Certify.Models/Config/CertRequestConfig.cs
@@ -370,7 +370,7 @@ public List<CertIdentifierItem> GetCertificateIdentifiers()
                     var atc = jwt.Claims.FirstOrDefault(c => c.Type == "atc");
                     if (atc != null)
                     {
-                        var parsedAtc = System.Text.Json.JsonSerializer.Deserialize<AtcClaim>(atc.Value, _defaultJsonSerializerOptions);
+                        var parsedAtc = System.Text.Json.JsonSerializer.Deserialize<AtcClaim>(atc.Value, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
                         if (parsedAtc != null)
                         {
                             identifiers.Add(new CertIdentifierItem { IdentifierType = CertIdentifierType.TnAuthList, Value = parsedAtc.TkValue });
diff --git a/src/Certify.Models/Util/BindableBase.cs b/src/Certify.Models/Util/BindableBase.cs
index 56beb33e4..60cebf682 100644
--- a/src/Certify.Models/Util/BindableBase.cs
+++ b/src/Certify.Models/Util/BindableBase.cs
@@ -134,7 +134,7 @@ public bool IsChanged
             {
                 if (!value)
                 {
-                    UnsetChanged(this);
+                    BindableBase.UnsetChanged(this);
                 }
                 else
                 {
@@ -160,7 +160,7 @@ public void ResetIsChanged(bool val)
         /// BindableBase, and any BindableBase objects nested in ICollection properties
         /// </summary>
         /// <param name="obj"></param>
-        private void UnsetChanged(object obj)
+        private static void UnsetChanged(object obj)
         {
             if (obj is BindableBase bb)
             {
@@ -175,13 +175,13 @@ private void UnsetChanged(object obj)
                     {
                         foreach (var subObj in propertyCollection)
                         {
-                            UnsetChanged(subObj);
+                            BindableBase.UnsetChanged(subObj);
                         }
                     }
 
                     if (val is BindableBase bbSub)
                     {
-                        UnsetChanged(bbSub);
+                        BindableBase.UnsetChanged(bbSub);
                     }
                 }
             }
@@ -190,7 +190,7 @@ private void UnsetChanged(object obj)
             {
                 foreach (var subObj in collection)
                 {
-                    UnsetChanged(subObj);
+                    BindableBase.UnsetChanged(subObj);
                 }
             }
         }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index e0a05c825..90159d5b0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -62,6 +62,18 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <PlatformTarget>x64</PlatformTarget>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
+    <NoWarn>1701;1702;NU1701</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
+    <NoWarn>1701;1702;NU1701</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
+    <NoWarn>1701;1702;NU1701</NoWarn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
+    <NoWarn>1701;1702;NU1701</NoWarn>
+  </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\Postgres\Plugin.Datastore.Postgres.csproj" />
     <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 7933dedb0..b5b62b9b6 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -20,6 +20,7 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
     <PlatformTarget>AnyCPU</PlatformTarget>
+    <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
     <DebugSymbols>true</DebugSymbols>
@@ -61,6 +62,7 @@
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <PlatformTarget>x64</PlatformTarget>
+    <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Client\Certify.Client.csproj" />
@@ -75,11 +77,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>
-  <ItemGroup>
-    <Reference Include="PresentationCore" />
-    <Reference Include="System.Configuration" />
-    <Reference Include="WindowsBase" />
-  </ItemGroup>
+
   <ItemGroup>
     <None Include="app.config" />
   </ItemGroup>
diff --git a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
index a3b194749..c76fc4cea 100644
--- a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
+++ b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
@@ -12,7 +12,9 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="ToastNotifications.Messages" Version="2.5.1" />
+        <PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
+          <NoWarn>NU1701</NoWarn>
+        </PackageReference>
     </ItemGroup>
 
     <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index d5d62e6ad..00486dc1b 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -34,14 +34,18 @@
 	<ItemGroup>
 		<PackageReference Include="ControlzEx" Version="6.0.0" />
 		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
-		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9" />
+		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9">
+		  <NoWarn>NU1701</NoWarn>
+		</PackageReference>
 		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0457" />
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="3.0.1" />
 		<PackageReference Include="System.Text.Json" Version="7.0.3" />
-		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1" />
+		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
+		  <NoWarn>NU1701</NoWarn>
+		</PackageReference>
 	</ItemGroup>
 
 	<ItemGroup>

From de12aa68badb25f6b95c1f53665a939695829940 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 22 Aug 2023 13:39:20 +0800
Subject: [PATCH 044/237] Package updates

---
 src/Certify.Models/Certify.Models.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                      | 2 +-
 .../Certify.Core.Tests.Integration.csproj                       | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj      | 2 +-
 .../Certify.Service.Tests.Integration.csproj                    | 2 +-
 .../Certify.UI.Tests.Integration.csproj                         | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index a407227fe..f351c5258 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -22,7 +22,7 @@
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
 		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.1" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.6.0">
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 42b556378..436c1e0a8 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.11" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.15" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index e30bac79b..8024cbd01 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -26,7 +26,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.10" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 90159d5b0..2ffb0f7a0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -88,7 +88,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index c0b3c3f83..adf2d424e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -133,7 +133,7 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 554077f07..365a305a6 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -77,7 +77,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index b5b62b9b6..c92e4ae0d 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -73,7 +73,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>

From 996b508a5ec215ce8ceb6895e2849aedd5a394aa Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 22 Aug 2023 13:39:36 +0800
Subject: [PATCH 045/237] Cleanup

---
 src/Certify.Core/Certify.Core.csproj            | 6 ------
 src/Certify.Models/Config/ManagedCertificate.cs | 7 ++++---
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 8a4bea2cb..00d97a462 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -99,10 +99,4 @@
     <Reference Include="System.Security" />
   </ItemGroup>
 
-  <ItemGroup>
-    <Compile Update="Management\CertifyManager\ICertifyManager.cs">
-      <DependentUpon>CertifyManager.cs</DependentUpon>
-    </Compile>
-  </ItemGroup>
-
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index fda9d6f33..9dbd35627 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
@@ -785,8 +785,9 @@ public static bool IsDomainOrWildcardMatch(List<string> dnsNames, string? hostna
                         {
                             targetRenewalPercentage = selectedRenewalInterval;
 
-                            if (targetRenewalPercentage > 100) { targetRenewalPercentage = 100; }
-                        }
+                    var targetRenewalMinutesAfterCertStart = certLifetime.Value.TotalMinutes * (targetRenewalPercentage / 100);
+                    var targetRenewalDate = s.DateStart != null ? s.DateStart.Value.AddMinutes(targetRenewalMinutesAfterCertStart) : s.DateRenewed.Value;
+                    nextRenewalAttemptDate = targetRenewalDate;
 
                         var targetRenewalMinutesAfterCertStart = certLifetime.Value.TotalMinutes * (targetRenewalPercentage / 100);
                         var targetRenewalDate = s.DateStart != null ? s.DateStart.Value.AddMinutes(targetRenewalMinutesAfterCertStart) : s.DateRenewed.Value;

From 92870ce373a7fd9df4b2184a5e4ddc146d878de4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sat, 26 Aug 2023 09:58:45 +0800
Subject: [PATCH 046/237] U/Core: implement summary query instead of counting
 all managed certs in the UI

---
 src/Certify.Client/CertifyApiClient.cs        | 14 +++++++
 src/Certify.Client/ICertifyClient.cs          |  2 +
 .../CertifyManager.Maintenance.cs             |  2 +-
 .../CertifyManager.ManagedCertificates.cs     | 24 +++++++++++-
 .../CertifyManager/ICertifyManager.cs         |  1 +
 src/Certify.Models/Reporting/Summary.cs       | 21 ++++++++++
 .../ManagedCertificateController.cs           |  9 ++++-
 .../ManagedCertificateController.cs           |  8 ++++
 .../ManagedCertificate/Dashboard.xaml.cs      | 38 +++++++------------
 .../AppViewModel.ManagedCerticates.cs         | 16 +++++++-
 10 files changed, 105 insertions(+), 30 deletions(-)
 create mode 100644 src/Certify.Models/Reporting/Summary.cs

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index f55c2c9e3..4dcbe9a62 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -11,6 +11,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
+using Certify.Reporting;
 using Certify.Shared;
 using Newtonsoft.Json;
 using Polly;
@@ -398,6 +399,19 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchRes
             }
         }
 
+        public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
+        {
+            var response = await PostAsync("managedcertificates/summary/", filter);
+            var serializer = new JsonSerializer();
+
+            using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
+            using (var reader = new JsonTextReader(sr))
+            {
+                var result = serializer.Deserialize<Summary>(reader);
+                return result;
+            }
+        }
+
         public async Task<ManagedCertificate> GetManagedCertificate(string managedItemId)
         {
             var result = await FetchAsync($"managedcertificates/{managedItemId}");
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 71246761c..4d4e48eb6 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -5,6 +5,7 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Utils;
+using Certify.Reporting;
 using Certify.Shared;
 
 namespace Certify.Client
@@ -77,6 +78,7 @@ public interface ICertifyInternalApiClient
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter);
         Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter);
+        Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter);
 
         Task<ManagedCertificate> GetManagedCertificate(string managedItemId);
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index efd5cfe43..2ba2845ef 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -11,7 +11,7 @@
 
 namespace Certify.Management
 {
-    public partial class CertifyManager : ICertifyManager, IDisposable
+    public partial class CertifyManager
     {
         /// <summary>
         /// Upgrade/migrate settings from previous version if applicable
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index d3b565cec..5944c768f 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -7,7 +7,7 @@
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Providers;
-using Certify.Models.Shared;
+using Certify.Reporting;
 
 namespace Certify.Management
 {
@@ -90,6 +90,26 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
 
             return result;
         }
+
+        public async Task<Certify.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
+        {
+            var ms = await _itemManager.Find(filter);
+
+            var summary = new Summary();
+            summary.Total = ms.Count();
+            summary.Healthy = ms.Count(c => c.Health == ManagedCertificateHealth.OK);
+            summary.Error = ms.Count(c => c.Health == ManagedCertificateHealth.Error);
+            summary.Warning = ms.Count(c => c.Health == ManagedCertificateHealth.Warning);
+            summary.AwaitingUser = ms.Count(c => c.Health == ManagedCertificateHealth.AwaitingUser);
+            summary.NoCertificate = ms.Count(c => c.CertificatePath == null);
+
+            // count items with invalid config (e.g. multiple primary domains)
+            summary.InvalidConfig = ms.Count(c => c.DomainOptions.Count(d => d.IsPrimaryDomain) > 1);
+
+            summary.TotalDomains = ms.Sum(s => s.RequestConfig.SubjectAlternativeNames.Count());
+
+            return summary;
+        }
         /// <summary>
         /// Update the stored details for the given managed certificate and report update to client(s)
         /// </summary>
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index d94b15501..045292cb0 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -29,6 +29,7 @@ public interface ICertifyManager
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter = null);
         Task<ManagedCertificateSearchResult> GetManagedCertificateResults(ManagedCertificateFilter filter = null);
+        Task<Certify.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter = null);
 
         Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site);
 
diff --git a/src/Certify.Models/Reporting/Summary.cs b/src/Certify.Models/Reporting/Summary.cs
new file mode 100644
index 000000000..792289e7d
--- /dev/null
+++ b/src/Certify.Models/Reporting/Summary.cs
@@ -0,0 +1,21 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Certify.Models;
+
+namespace Certify.Reporting
+{
+    public class Summary : BindableBase
+    {
+        public int Total { get; set; }
+        public int Healthy { get; set; }
+        public int Error { get; set; }
+        public int Warning { get; set; }
+        public int AwaitingUser { get; set; }
+        public int InvalidConfig { get; set; }
+
+        public int NoCertificate { get; set; }
+
+        public int TotalDomains { get; set; }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index e26dfa264..c738a18f5 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -9,7 +9,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
-using Microsoft.AspNetCore.Mvc;
+using Certify.Reporting;
 using Serilog;
 
 namespace Certify.Service.Controllers
@@ -43,6 +43,13 @@ public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateF
             return await _certifyManager.GetManagedCertificateResults(filter);
         }
 
+        [HttpPost, Route("summary")]
+        public async Task<Summary> GetSummary(ManagedCertificateFilter filter)
+        {
+            DebugLog();
+            return await _certifyManager.GetManagedCertificateSummary(filter);
+        }
+
         [HttpGet, Route("{id}")]
         public async Task<ManagedCertificate> GetById(string id)
         {
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 47b6fd053..2a55ea676 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -10,6 +10,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
+using Certify.Reporting;
 using Serilog;
 
 namespace Certify.Service.Controllers
@@ -42,6 +43,13 @@ public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateF
             return await _certifyManager.GetManagedCertificateResults(filter);
         }
 
+        [HttpPost, Route("summary")]
+        public async Task<Summary> GetSummary(ManagedCertificateFilter filter)
+        {
+            DebugLog();
+            return await _certifyManager.GetManagedCertificateSummary(filter);
+        }
+
         [HttpGet, Route("{id}")]
         public async Task<ManagedCertificate> GetById(string id)
         {
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
index 35509a987..322ec8aa1 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
@@ -2,8 +2,10 @@
 using System.Collections.ObjectModel;
 using System.ComponentModel;
 using System.Linq;
+using System.Threading.Tasks;
 using System.Windows.Controls;
 using Certify.Models;
+using Certify.Reporting;
 using Certify.UI.ViewModel;
 
 namespace Certify.UI.Controls.ManagedCertificate
@@ -20,22 +22,7 @@ public class DailySummary : BindableBase
 
         }
 
-        public class SummaryModel : BindableBase
-        {
-            public int Total { get; set; }
-            public int Healthy { get; set; }
-            public int Error { get; set; }
-            public int Warning { get; set; }
-            public int AwaitingUser { get; set; }
-            public int InvalidConfig { get; set; }
-
-            public int NoCertificate { get; set; }
-
-            public int TotalDomains { get; set; }
-
-            public ObservableCollection<DailySummary> DailyRenewals { get; set; }
-        }
-        public SummaryModel ViewModel { get; set; } = new SummaryModel();
+        public Summary ViewModel { get; set; } = new Summary();
 
         protected ViewModel.AppViewModel _appViewModel => AppViewModel.Current;
 
@@ -57,25 +44,26 @@ private void AppViewModel_PropertyChanged(object sender, PropertyChangedEventArg
             }
         }
 
-        public void RefreshSummary()
+        public async Task RefreshSummary()
         {
 
             if (AppViewModel.Current.ManagedCertificates?.Any() == true)
             {
+                var summary = await AppViewModel.Current.GetManagedCertificateSummary();
 
                 var ms = AppViewModel.Current.ManagedCertificates;
 
-                ViewModel.Total = ms.Count();
-                ViewModel.Healthy = ms.Count(c => c.Health == ManagedCertificateHealth.OK);
-                ViewModel.Error = ms.Count(c => c.Health == ManagedCertificateHealth.Error);
-                ViewModel.Warning = ms.Count(c => c.Health == ManagedCertificateHealth.Warning);
-                ViewModel.AwaitingUser = ms.Count(c => c.Health == ManagedCertificateHealth.AwaitingUser);
-                ViewModel.NoCertificate = ms.Count(c => c.CertificatePath == null);
+                ViewModel.Total = summary.Total;
+                ViewModel.Healthy = summary.Healthy;
+                ViewModel.Error = summary.Error;
+                ViewModel.Warning = summary.Warning;
+                ViewModel.AwaitingUser = summary.AwaitingUser;
+                ViewModel.NoCertificate = summary.NoCertificate;
 
                 // count items with invalid config (e.g. multiple primary domains)
-                ViewModel.InvalidConfig = ms.Count(c => c.DomainOptions.Count(d => d.IsPrimaryDomain) > 1);
+                ViewModel.InvalidConfig = summary.InvalidConfig;
 
-                ViewModel.TotalDomains = ms.Sum(s => s.RequestConfig.SubjectAlternativeNames.Count());
+                ViewModel.TotalDomains = summary.TotalDomains;
 
                 PanelTotal.Visibility = ViewModel.Total == 0 ? System.Windows.Visibility.Collapsed : System.Windows.Visibility.Visible;
                 PanelHealthy.Visibility = ViewModel.Healthy == 0 ? System.Windows.Visibility.Collapsed : System.Windows.Visibility.Visible;
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 29b1516bd..7ffdd1593 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -1,4 +1,4 @@
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
 using System.Threading;
@@ -8,6 +8,7 @@
 using Certify.Locales;
 using Certify.Models;
 using Certify.Models.API;
+using Certify.Reporting;
 using Certify.UI.Shared;
 using PropertyChanged;
 
@@ -80,6 +81,11 @@ public ObservableCollection<ManagedCertificate> ManagedCertificates
             }
         }
 
+        public long TotalManagedCertificates
+        {
+            get; set;
+        }
+
         /// <summary>
         /// Cached count of the number of managed certificate (not counting external certificate managers)
         /// </summary>
@@ -111,6 +117,14 @@ public virtual async Task RefreshManagedCertificates()
             var result = await _certifyClient.GetManagedCertificateSearchResult(filter);
 
             ManagedCertificates = new ObservableCollection<ManagedCertificate>(result.Results);
+            TotalManagedCertificates = result.TotalResults;
+        }
+
+        public async Task<Summary> GetManagedCertificateSummary()
+        {
+            var filter = new ManagedCertificateFilter();
+
+            return await _certifyClient.GetManagedCertificateSummary(filter);
         }
 
         /// <summary>

From 1d11fcb928a08b63b544003f5b8568afac0dcff4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 31 Aug 2023 17:17:42 +0800
Subject: [PATCH 047/237] Cleanup

---
 .../CertifyManager.ManagedCertificates.cs     | 55 +++++++------
 .../Challenges/DNS/DnsChallengeHelper.cs      | 79 +++++++++----------
 src/Certify.Core/Management/RenewalManager.cs | 60 +++++++-------
 .../ManagedCertificateController.cs           |  1 +
 .../Controls/ManagedCertificates.xaml         | 10 ++-
 5 files changed, 104 insertions(+), 101 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 5944c768f..833581cef 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -96,7 +96,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             var ms = await _itemManager.Find(filter);
 
             var summary = new Summary();
-            summary.Total = ms.Count();
+            summary.Total = ms.Count;
             summary.Healthy = ms.Count(c => c.Health == ManagedCertificateHealth.OK);
             summary.Error = ms.Count(c => c.Health == ManagedCertificateHealth.Error);
             summary.Warning = ms.Count(c => c.Health == ManagedCertificateHealth.Warning);
@@ -110,6 +110,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
 
             return summary;
         }
+
         /// <summary>
         /// Update the stored details for the given managed certificate and report update to client(s)
         /// </summary>
@@ -188,7 +189,7 @@ private async Task UpdateManagedCertificateStatus(ManagedCertificate managedCert
                 await ReportManagedCertificateStatus(managedCertificate);
             }
 
-            _tc?.TrackEvent("UpdateManagedCertificatesStatus_" + status.ToString());
+            _tc?.TrackEvent("UpdateManagedCertificatesStatus_" + status);
         }
 
         private ConcurrentDictionary<string, RenewalStatusReport> _statusReportQueue { get; set; } = new ConcurrentDictionary<string, RenewalStatusReport>();
@@ -509,7 +510,13 @@ public async Task<LogItem[]> GetItemLog(string id, int limit)
                 }
                 catch (Exception exp)
                 {
-                    return new LogItem[] { new LogItem { LogLevel = "ERR", EventDate = DateTime.Now, Message = $"Failed to read log: {exp}" } };
+                    return new LogItem[]
+                    {
+                        new LogItem
+                        {
+                            LogLevel = "ERR", EventDate = DateTime.Now, Message = $"Failed to read log: {exp}"
+                        }
+                    };
                 }
             }
             else
@@ -681,36 +688,32 @@ private async Task<bool> StartHttpChallengeServer()
         /// Stop our temporary http challenge response service
         /// </summary>
         /// <returns></returns>
-        private async Task<bool> StopHttpChallengeServer()
+        private async Task StopHttpChallengeServer()
         {
-            if (_httpChallengeServerClient != null)
+            if (_httpChallengeServerClient == null)
             {
-                try
+                return;
+            }
+
+            try
+            {
+                var response = await _httpChallengeServerClient.GetAsync($"http://127.0.0.1:{_httpChallengePort}/.well-known/acme-challenge/{_httpChallengeControlKey}");
+                if (response.IsSuccessStatusCode)
                 {
-                    var response = await _httpChallengeServerClient.GetAsync($"http://127.0.0.1:{_httpChallengePort}/.well-known/acme-challenge/{_httpChallengeControlKey}");
-                    if (response.IsSuccessStatusCode)
-                    {
-                        return true;
-                    }
-                    else
-                    {
-                        try
-                        {
-                            if (_httpChallengeProcess != null && !_httpChallengeProcess.HasExited)
-                            {
-                                _httpChallengeProcess.CloseMainWindow();
-                            }
-                        }
-                        catch { }
-                    }
+                    return;
                 }
-                catch
+                else
                 {
-                    return true;
+                    if (_httpChallengeProcess?.HasExited == false)
+                    {
+                        _httpChallengeProcess.CloseMainWindow();
+                    }
                 }
             }
-
-            return true;
+            catch
+            {
+                // ignored
+            }
         }
     }
 }
diff --git a/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs b/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
index a04d9c3ea..f8fa7f26b 100644
--- a/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
+++ b/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
@@ -167,54 +167,52 @@ public async Task<DnsChallengeHelperResult> CompleteDNSChallenge(ILog log, Manag
 #pragma warning restore CS0618 // Type or member is obsolete
             }
 
-            if (dnsAPIProvider != null)
-            {
-                //most DNS providers require domains to by ASCII
-                txtRecordName = _idnMapping.GetAscii(txtRecordName).ToLower().Trim();
+            //most DNS providers require domains to by ASCII
+            txtRecordName = _idnMapping.GetAscii(txtRecordName).ToLower().Trim();
 
-                if (!string.IsNullOrEmpty(challengeConfig.ChallengeDelegationRule))
-                {
-                    var delegatedTXTRecordName = ApplyChallengeDelegationRule(domain.Value, txtRecordName, challengeConfig.ChallengeDelegationRule);
-                    log.Information($"DNS: Challenge Delegation Domain enabled, using {delegatedTXTRecordName} in place of {txtRecordName}.");
+            if (!string.IsNullOrEmpty(challengeConfig.ChallengeDelegationRule))
+            {
+                var delegatedTxtRecordName = ApplyChallengeDelegationRule(domain.Value, txtRecordName, challengeConfig.ChallengeDelegationRule);
+                log.Information($"DNS: Challenge Delegation Domain enabled, using {delegatedTxtRecordName} in place of {txtRecordName}.");
 
-                    txtRecordName = delegatedTXTRecordName;
-                }
+                txtRecordName = delegatedTxtRecordName;
+            }
 
-                log.Information($"DNS: Creating TXT Record '{txtRecordName}' with value '{txtRecordValue}', [{domain.Value}] {(zoneId != null ? $"in ZoneId '{zoneId}'" : "")} using API provider '{dnsAPIProvider.ProviderTitle}'");
-                try
+            log.Information($"DNS: Creating TXT Record '{txtRecordName}' with value '{txtRecordValue}', [{domain.Value}] {(zoneId != null ? $"in ZoneId '{zoneId}'" : "")} using API provider '{dnsAPIProvider.ProviderTitle}'");
+            try
+            {
+                var result = await dnsAPIProvider.CreateRecord(new DnsRecord
                 {
-                    var result = await dnsAPIProvider.CreateRecord(new DnsRecord
-                    {
-                        RecordType = "TXT",
-                        TargetDomainName = domain.Value.Trim(),
-                        RecordName = txtRecordName,
-                        RecordValue = txtRecordValue,
-                        ZoneId = zoneId
-                    });
+                    RecordType = "TXT",
+                    TargetDomainName = domain.Value.Trim(),
+                    RecordName = txtRecordName,
+                    RecordValue = txtRecordValue,
+                    ZoneId = zoneId
+                });
 
-                    result.Message = $"{dnsAPIProvider.ProviderTitle} :: {result.Message}";
+                result.Message = $"{dnsAPIProvider.ProviderTitle} :: {result.Message}";
 
-                    var isAwaitingUser = false;
+                var isAwaitingUser = false;
 
-                    if (challengeConfig.ChallengeProvider.Contains(".Manual") || result.Message.Contains("[Action Required]"))
-                    {
-                        isAwaitingUser = true;
-                    }
-
-                    return new DnsChallengeHelperResult
-                    {
-                        Result = result,
-                        PropagationSeconds = dnsAPIProvider.PropagationDelaySeconds,
-                        IsAwaitingUser = isAwaitingUser
-                    };
-                }
-                catch (Exception exp)
+                if (challengeConfig.ChallengeProvider.Contains(".Manual") || result.Message.Contains("[Action Required]"))
                 {
-                    return new DnsChallengeHelperResult(failureMsg: $"Failed [{dnsAPIProvider.ProviderTitle}]: {exp}");
+                    isAwaitingUser = true;
                 }
 
-                //TODO: DNS query to check for new record
-                /*
+                return new DnsChallengeHelperResult
+                {
+                    Result = result,
+                    PropagationSeconds = dnsAPIProvider.PropagationDelaySeconds,
+                    IsAwaitingUser = isAwaitingUser
+                };
+            }
+            catch (Exception exp)
+            {
+                return new DnsChallengeHelperResult(failureMsg: $"Failed [{dnsAPIProvider.ProviderTitle}]: {exp}");
+            }
+
+            //TODO: DNS query to check for new record
+            /*
                 if (result.IsSuccess)
                 {
                     // do our own txt record query before proceeding with challenge completion
@@ -245,11 +243,6 @@ public async Task<DnsChallengeHelperResult> CompleteDNSChallenge(ILog log, Manag
                 return result;
             }
           */
-            }
-            else
-            {
-                return new DnsChallengeHelperResult(failureMsg: "Error: Could not determine DNS API Provider.");
-            }
         }
 
         /// <summary>
diff --git a/src/Certify.Core/Management/RenewalManager.cs b/src/Certify.Core/Management/RenewalManager.cs
index 348023306..e93a25f4b 100644
--- a/src/Certify.Core/Management/RenewalManager.cs
+++ b/src/Certify.Core/Management/RenewalManager.cs
@@ -2,9 +2,7 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;
-using System.Threading;
 using System.Threading.Tasks;
-using Certify.Locales;
 using Certify.Models;
 using Certify.Models.Providers;
 using Certify.Providers;
@@ -23,7 +21,7 @@ public static class RenewalManager
         private static Progress<RequestProgressState> SetupProgressTracker(
             ManagedCertificate item, string renewalReason,
             ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers,
-            Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgress
+            Action<IProgress<RequestProgressState>, RequestProgressState, bool> reportProgress
         )
         {
 
@@ -33,19 +31,19 @@ Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgre
 
             progressTrackers.TryAdd(item.Id, progressTracker);
 
-            ReportProgress(progressTracker, new RequestProgressState(RequestState.Queued, $"Queued for renewal: {renewalReason}", item), false);
+            reportProgress(progressTracker, new RequestProgressState(RequestState.Queued, $"Queued for renewal: {renewalReason}", item), false);
 
             return progressTracker;
         }
 
         public static async Task<List<CertificateRequestResult>> PerformRenewAll(
-                ILog _serviceLog,
-                IManagedItemStore _itemManager,
+                ILog serviceLog,
+                IManagedItemStore itemManager,
                 RenewalSettings settings,
                 RenewalPrefs prefs,
-                Action<IProgress<RequestProgressState>, RequestProgressState, bool> ReportProgress,
-                Func<string, Task<bool>> IsManagedCertificateRunning,
-                Func<ManagedCertificate, IProgress<RequestProgressState>, bool, string, Task<CertificateRequestResult>> PerformCertificateRequest,
+                Action<IProgress<RequestProgressState>, RequestProgressState, bool> reportProgress,
+                Func<string, Task<bool>> isManagedCertificateRunning,
+                Func<ManagedCertificate, IProgress<RequestProgressState>, bool, string, Task<CertificateRequestResult>> performCertificateRequest,
                 ConcurrentDictionary<string, Progress<RequestProgressState>> progressTrackers = null
                 )
         {
@@ -72,18 +70,18 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
 
                 foreach (var id in settings.TargetManagedCertificates)
                 {
-                    targetCerts.Add(await _itemManager.GetById(id));
+                    targetCerts.Add(await itemManager.GetById(id));
                 }
 
                 managedCertificateBatch = targetCerts;
 
                 foreach (var item in managedCertificateBatch)
                 {
-                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, ReportProgress);
+                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, reportProgress);
 
                     renewalTasks.Add(
                     new Task<CertificateRequestResult>(
-                            () => PerformCertificateRequest(item, progressTracker, settings.IsPreviewMode, "Renewal requested").Result,
+                            () => performCertificateRequest(item, progressTracker, settings.IsPreviewMode, "Renewal requested").Result,
                             TaskCreationOptions.LongRunning
                             )
                     );
@@ -122,7 +120,7 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
                                       .OrderBy(s => s.DateLastRenewalAttempt ?? DateTimeOffset.UtcNow.AddHours(-1));
                     }*/
 
-                var totalRenewalCandidates = await _itemManager.CountAll(filter);
+                var totalRenewalCandidates = await itemManager.CountAll(filter);
 
                 var renewalIntervalDays = prefs.RenewalIntervalDays;
                 var renewalIntervalMode = prefs.RenewalIntervalMode ?? RenewalIntervalModes.DaysAfterLastRenewal;
@@ -134,14 +132,14 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
                 var resultsRemaining = totalRenewalCandidates;
 
                 // identify items we will attempt and begin tracking progress
-                while (batch.Count() < maxRenewalTasks && resultsRemaining > 0)
+                while (batch.Count < maxRenewalTasks && resultsRemaining > 0)
                 {
-                    var results = await _itemManager.Find(filter);
-                    resultsRemaining = results.Count();
+                    var results = await itemManager.Find(filter);
+                    resultsRemaining = results.Count;
 
                     foreach (var item in results)
                     {
-                        if (batch.Count() < maxRenewalTasks)
+                        if (batch.Count < maxRenewalTasks)
                         {
                             // if cert is not awaiting manual user input (manual DNS etc), proceed with renewal checks
                             if (item.LastRenewalStatus != RequestState.Paused)
@@ -163,7 +161,7 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
                                 // if we care about stopped sites being stopped, check if a specific site is selected and if it's running
                                 if (!prefs.IncludeStoppedSites && !string.IsNullOrEmpty(item.ServerSiteId) && item.RequestConfig.DeploymentSiteOption == DeploymentOption.SingleSite)
                                 {
-                                    var isSiteRunning = await IsManagedCertificateRunning(item.Id);
+                                    var isSiteRunning = await isManagedCertificateRunning(item.Id);
 
                                     if (!isSiteRunning)
                                     {
@@ -176,11 +174,11 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
                                 {
                                     batch.Add(item);
 
-                                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, ReportProgress);
+                                    var progressTracker = SetupProgressTracker(item, "", progressTrackers, reportProgress);
 
                                     renewalTasks.Add(
                                         new Task<CertificateRequestResult>(
-                                                () => PerformCertificateRequest(item, progressTracker, settings.IsPreviewMode, renewalReason).Result,
+                                                () => performCertificateRequest(item, progressTracker, settings.IsPreviewMode, renewalReason).Result,
                                                 TaskCreationOptions.LongRunning
                                                 )
                                         );
@@ -197,7 +195,7 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
 
             if (managedCertificateBatch.Count(c => c.LastRenewalStatus == RequestState.Error) > MAX_CERTIFICATE_REQUEST_TASKS)
             {
-                _serviceLog?.Warning("Too many failed certificates outstanding. Fix failures or delete. Failures: " + managedCertificateBatch.Count(c => c.LastRenewalStatus == RequestState.Error));
+                serviceLog?.Warning("Too many failed certificates outstanding. Fix failures or delete. Failures: " + managedCertificateBatch.Count(c => c.LastRenewalStatus == RequestState.Error));
             }
 
             if (!renewalTasks.Any())
@@ -208,7 +206,7 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
             }
             else
             {
-                _serviceLog.Information($"Attempting {renewalTasks.Count} renewal tasks. Max renewal tasks is set to {maxRenewalTasks}, max supported tasks is {MAX_CERTIFICATE_REQUEST_TASKS}");
+                serviceLog?.Information($"Attempting {renewalTasks.Count} renewal tasks. Max renewal tasks is set to {maxRenewalTasks}, max supported tasks is {MAX_CERTIFICATE_REQUEST_TASKS}");
             }
 
             if (prefs.PerformParallelRenewals)
@@ -241,42 +239,42 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
         /// <returns></returns>
         private static List<AccountDetails> GetAccountsWithRequiredCAFeatures(ManagedCertificate item, string defaultCA, ICollection<CertificateAuthority> certificateAuthorities, List<AccountDetails> accounts)
         {
-            var requiredCAFeatures = new List<CertAuthoritySupportedRequests>();
+            var requiredCaFeatures = new List<CertAuthoritySupportedRequests>();
             var identifiers = item.GetCertificateIdentifiers();
 
             if (identifiers.Any(i => i.IdentifierType == CertIdentifierType.Dns && i.Value.StartsWith("*")))
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_WILDCARD);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_WILDCARD);
             }
 
             if (identifiers.Count(i => i.IdentifierType == CertIdentifierType.Dns) == 1)
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_SINGLE);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_SINGLE);
             }
 
             if (identifiers.Count(i => i.IdentifierType == CertIdentifierType.Dns) > 2)
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_MULTIPLE_SAN);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_MULTIPLE_SAN);
             }
 
             if (identifiers.Any(i => i.IdentifierType == CertIdentifierType.Ip))
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.IP_SINGLE);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.IP_SINGLE);
             }
 
             if (identifiers.Count(i => i.IdentifierType == CertIdentifierType.Ip) > 1)
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.IP_MULTIPLE);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.IP_MULTIPLE);
             }
 
             if (identifiers.Any(i => i.IdentifierType == CertIdentifierType.TnAuthList))
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.TNAUTHLIST);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.TNAUTHLIST);
             }
 
             if (item.RequestConfig.PreferredExpiryDays > 0)
             {
-                requiredCAFeatures.Add(CertAuthoritySupportedRequests.OPTIONAL_LIFETIME_DAYS);
+                requiredCaFeatures.Add(CertAuthoritySupportedRequests.OPTIONAL_LIFETIME_DAYS);
             }
 
             var fallbackCandidateAccounts = accounts.Where(a => a.CertificateAuthorityId != defaultCA && a.IsStagingAccount == item.UseStagingMode);
@@ -287,7 +285,7 @@ private static List<AccountDetails> GetAccountsWithRequiredCAFeatures(ManagedCer
                 // select a candidate based on features required by the certificate. If a CA has no known features we assume it supports all the ones we might be interested in
                 foreach (var ca in certificateAuthorities)
                 {
-                    if (!ca.SupportedFeatures.Any() || requiredCAFeatures.All(r => ca.SupportedFeatures.Contains(r.ToString())))
+                    if (!ca.SupportedFeatures.Any() || requiredCaFeatures.All(r => ca.SupportedFeatures.Contains(r.ToString())))
                     {
                         fallbackAccounts.AddRange(fallbackCandidateAccounts.Where(f => f.CertificateAuthorityId == ca.Id));
                     }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index c738a18f5..559029026 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -10,6 +10,7 @@
 using Certify.Models.Config;
 using Certify.Models.Utils;
 using Certify.Reporting;
+using Microsoft.AspNetCore.Mvc;
 using Serilog;
 
 namespace Certify.Service.Controllers
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
index 06ef4a448..b430a74d7 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
@@ -88,7 +88,15 @@
                     PreviewKeyDown="TxtFilter_PreviewKeyDown"
                     TextChanged="TxtFilter_TextChanged" />
             </DockPanel>
-
+            <StackPanel
+                Margin="0,8,0,0"
+                HorizontalAlignment="Center"
+                DockPanel.Dock="Bottom"
+                Orientation="Horizontal">
+                <Button x:Name="Prev" Click="Prev_Click">&lt;</Button>
+                <TextBlock Margin="8,8,8,0" Text="{Binding ResultPageDescription}" />
+                <Button x:Name="Next" Click="Next_Click">&gt;</Button>
+            </StackPanel>
             <ListView
                 Name="lvManagedCertificates"
                 AutomationProperties.Name="Managed Certificates List"

From ce0d4ecbcd807f83978df72ba00aad24dbf6b9b5 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 1 Sep 2023 16:23:24 +0800
Subject: [PATCH 048/237] Update reporting namespace

---
 src/Certify.Client/CertifyApiClient.cs        |  2 +-
 src/Certify.Client/ICertifyClient.cs          |  2 +-
 .../CertifyManager.ManagedCertificates.cs     |  4 ++--
 .../CertifyManager/ICertifyManager.cs         |  2 +-
 src/Certify.Models/Reporting/Summary.cs       |  2 +-
 .../Controllers/v1/CertificateController.cs   | 22 +++++++++++++++++++
 .../ManagedCertificateController.cs           |  2 +-
 .../ManagedCertificateController.cs           |  2 +-
 .../ManagedCertificate/Dashboard.xaml.cs      |  2 +-
 .../AppViewModel.ManagedCerticates.cs         |  2 +-
 10 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 4dcbe9a62..bb7217688 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -11,7 +11,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Certify.Shared;
 using Newtonsoft.Json;
 using Polly;
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 4d4e48eb6..a216a74e4 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -5,7 +5,7 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Utils;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Certify.Shared;
 
 namespace Certify.Client
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 833581cef..95585ace2 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -7,7 +7,7 @@
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Providers;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 
 namespace Certify.Management
 {
@@ -91,7 +91,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             return result;
         }
 
-        public async Task<Certify.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
+        public async Task<Certify.Models.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
         {
             var ms = await _itemManager.Find(filter);
 
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index 045292cb0..c4c3fac72 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -29,7 +29,7 @@ public interface ICertifyManager
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter = null);
         Task<ManagedCertificateSearchResult> GetManagedCertificateResults(ManagedCertificateFilter filter = null);
-        Task<Certify.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter = null);
+        Task<Certify.Models.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter = null);
 
         Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site);
 
diff --git a/src/Certify.Models/Reporting/Summary.cs b/src/Certify.Models/Reporting/Summary.cs
index 792289e7d..0e1e4cc48 100644
--- a/src/Certify.Models/Reporting/Summary.cs
+++ b/src/Certify.Models/Reporting/Summary.cs
@@ -3,7 +3,7 @@
 using System.Text;
 using Certify.Models;
 
-namespace Certify.Reporting
+namespace Certify.Models.Reporting
 {
     public class Summary : BindableBase
     {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 70b675e9b..4f945e5ce 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -3,6 +3,7 @@
 using System.Threading.Tasks;
 using Certify.Client;
 using Certify.Models.API;
+using Certify.Models.Reporting;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -143,6 +144,27 @@ public async Task<IActionResult> GetManagedCertificates(string keyword, int? pag
 
             return new OkObjectResult(result);
         }
+        
+        /// <summary>
+        /// Get summary counts of all managed certs
+        /// </summary>
+        /// <param name="keyword"></param>
+        /// <returns></returns>
+        [HttpPost]
+        [Route("summary")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Summary))]
+        public async Task<IActionResult> GetManagedCertificateSummary(string keyword)
+        {
+
+            var summary = await _client.GetManagedCertificateSummary(
+                new Models.ManagedCertificateFilter
+                {
+                    Keyword = keyword
+                });
+            
+            return new OkObjectResult(summary);
+        }
 
         /// <summary>
         /// Gets the full settings for a specific managed certificate
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 559029026..856054b0e 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -9,7 +9,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Microsoft.AspNetCore.Mvc;
 using Serilog;
 
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 2a55ea676..5cd750443 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -10,7 +10,7 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Utils;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Serilog;
 
 namespace Certify.Service.Controllers
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
index 322ec8aa1..6e071d5f4 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
@@ -5,7 +5,7 @@
 using System.Threading.Tasks;
 using System.Windows.Controls;
 using Certify.Models;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Certify.UI.ViewModel;
 
 namespace Certify.UI.Controls.ManagedCertificate
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 7ffdd1593..3c8850e49 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -8,7 +8,7 @@
 using Certify.Locales;
 using Certify.Models;
 using Certify.Models.API;
-using Certify.Reporting;
+using Certify.Models.Reporting;
 using Certify.UI.Shared;
 using PropertyChanged;
 

From 27bc8ba68a9e2fc025ec44b5c5a1a545a9f7a041 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 5 Sep 2023 13:23:52 +0800
Subject: [PATCH 049/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                      | 2 +-
 src/Certify.Models/Certify.Models.csproj                      | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                    | 2 +-
 .../Certify.Server.Api.Public.csproj                          | 4 ++--
 src/Certify.Service/App.config                                | 2 +-
 .../Certify.Core.Tests.Integration.csproj                     | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj    | 2 +-
 .../Certify.Service.Tests.Integration.csproj                  | 2 +-
 .../Certify.UI.Tests.Integration.csproj                       | 2 +-
 10 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 7511ef8b5..fe19a90fc 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.1" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index f351c5258..0bea35ab6 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.1" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 436c1e0a8..2f11dbab9 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.15" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.25" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 8024cbd01..b57ef4fe2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -26,7 +26,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.10" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index fff5aa804..b412fd086 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -15,10 +15,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.2" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.1" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 0dbd94a9f..6152ece63 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.54.1.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.55.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 2ffb0f7a0..7a91fef88 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -88,7 +88,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index adf2d424e..70c813aa7 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -133,7 +133,7 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 365a305a6..354fde3b9 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -77,7 +77,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index c92e4ae0d..3ff65e868 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -73,7 +73,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>

From 866047832d0f5c7db04048a9d2b46be332b34323 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 7 Sep 2023 17:44:25 +0800
Subject: [PATCH 050/237] UI: Implement result paging and XAML cleanup

---
 src/Certify.UI.Desktop/App.xaml               | 22 +++++----
 .../Controls/ManagedCertificates.xaml         | 30 ++++++++----
 .../Controls/ManagedCertificates.xaml.cs      | 10 ++++
 .../AppViewModel.ManagedCerticates.cs         | 48 ++++++++++++++-----
 src/Certify.UI/App.xaml                       | 25 +++++-----
 5 files changed, 95 insertions(+), 40 deletions(-)

diff --git a/src/Certify.UI.Desktop/App.xaml b/src/Certify.UI.Desktop/App.xaml
index efbd87683..a0a6511ac 100644
--- a/src/Certify.UI.Desktop/App.xaml
+++ b/src/Certify.UI.Desktop/App.xaml
@@ -1,8 +1,8 @@
-<Application
+<Application
     x:Class="Certify.UI.App"
     xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
     xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
-    xmlns:Controls="http://metro.mahapps.com/winfx/xaml/controls"
+    xmlns:controls="http://metro.mahapps.com/winfx/xaml/controls"
     xmlns:utils="clr-namespace:Certify.UI.Utils;assembly=Certify.UI.Shared"
     StartupUri="pack://application:,,,/Certify.UI.Shared;component/Windows/MainWindow.xaml">
     <Application.Resources>
@@ -10,10 +10,13 @@
             <ResourceDictionary.MergedDictionaries>
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Controls.xaml" />
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Fonts.xaml" />
-                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
-                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
 
-                <ResourceDictionary Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
             </ResourceDictionary.MergedDictionaries>
             <!--  Heading  -->
             <Style x:Key="Subheading" TargetType="TextBlock">
@@ -51,9 +54,10 @@
 
             <!--  brush color overrides (tab items and disabled buttons)  -->
             <SolidColorBrush x:Key="MahApps.Brushes.Gray" Color="{DynamicResource MahApps.Colors.SystemChromeHigh}" />
-            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled" Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
+            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled"
+                             Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
 
-            <Style TargetType="Controls:NumericUpDown">
+            <Style TargetType="controls:NumericUpDown">
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />
             </Style>
 
@@ -71,8 +75,8 @@
                 <Setter Property="BorderThickness" Value="1" />
 
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />
-                <Setter Property="Controls:ControlsHelper.ContentCharacterCasing" Value="Normal" />
-                <Setter Property="Controls:ControlsHelper.CornerRadius" Value="0" />
+                <Setter Property="controls:ControlsHelper.ContentCharacterCasing" Value="Normal" />
+                <Setter Property="controls:ControlsHelper.CornerRadius" Value="0" />
             </Style>
 
 
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
index b430a74d7..b5caf5da6 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml
@@ -88,15 +88,27 @@
                     PreviewKeyDown="TxtFilter_PreviewKeyDown"
                     TextChanged="TxtFilter_TextChanged" />
             </DockPanel>
-            <StackPanel
-                Margin="0,8,0,0"
-                HorizontalAlignment="Center"
-                DockPanel.Dock="Bottom"
-                Orientation="Horizontal">
-                <Button x:Name="Prev" Click="Prev_Click">&lt;</Button>
-                <TextBlock Margin="8,8,8,0" Text="{Binding ResultPageDescription}" />
-                <Button x:Name="Next" Click="Next_Click">&gt;</Button>
-            </StackPanel>
+            <DockPanel
+                Margin="4,8,4,4"
+                LastChildFill="False" Visibility="{Binding HasPagesOfResults, Converter={StaticResource BoolToVisConverter }}"
+                DockPanel.Dock="Bottom">
+                <Button x:Name="Prev" Click="Prev_Click" DockPanel.Dock="Left"> <fa:FontAwesome
+                        Margin="4,4,4,4"
+                        VerticalAlignment="top"
+                        FontSize="10"
+                        Icon="ChevronLeft" />
+                </Button>
+                <TextBlock Margin="16,4,16,4" DockPanel.Dock="Left" TextAlignment="Center"
+                           Foreground="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseMedium}"
+                           Text="{Binding ResultPageDescription}" />
+                <Button x:Name="Next" Click="Next_Click" DockPanel.Dock="Right">
+                    <fa:FontAwesome
+                        Margin="4,4,4,4"
+                        VerticalAlignment="top"
+                        FontSize="10"
+                        Icon="ChevronRight" />
+                </Button>
+            </DockPanel>
             <ListView
                 Name="lvManagedCertificates"
                 AutomationProperties.Name="Managed Certificates List"
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
index e7b023501..a859bed0e 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
@@ -371,6 +371,16 @@ private void GettingStarted_FilterApplied(string filter)
         {
             txtFilter.Text = filter;
         }
+
+        private void Prev_Click(object sender, RoutedEventArgs e)
+        {
+            _appViewModel.ManagedCertificatesPrevPage();
+        }
+
+        private void Next_Click(object sender, RoutedEventArgs e)
+        {
+            _appViewModel.ManagedCertificatesNextPage();
+        }
     }
 
     public static class StringExtensions
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 3c8850e49..012ecd8f0 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -16,7 +16,6 @@ namespace Certify.UI.ViewModel
 {
     public partial class AppViewModel : BindableBase
     {
-
         /// <summary>
         /// If set, there are one or more vault items available to be imported as managed sites 
         /// </summary>
@@ -81,10 +80,7 @@ public ObservableCollection<ManagedCertificate> ManagedCertificates
             }
         }
 
-        public long TotalManagedCertificates
-        {
-            get; set;
-        }
+        public long TotalManagedCertificates { get; set; }
 
         /// <summary>
         /// Cached count of the number of managed certificate (not counting external certificate managers)
@@ -92,14 +88,11 @@ public long TotalManagedCertificates
         [DependsOn(nameof(ManagedCertificates))]
         public int NumManagedCerts
         {
-            get
-            {
-                return ManagedCertificates?.Where(c => string.IsNullOrEmpty(c.SourceId)).Count() ?? 0;
-            }
+            get { return ManagedCertificates?.Where(c => string.IsNullOrEmpty(c.SourceId)).Count() ?? 0; }
         }
 
         int _filterPageIndex = 0;
-        int _filterPageSize = 10;
+        int _filterPageSize = 15;
 
         /// <summary>
         /// Refresh the cached list of managed certs via the connected service
@@ -112,7 +105,7 @@ public virtual async Task RefreshManagedCertificates()
             // include external managed certs if enabled
             filter.IncludeExternal = IsFeatureEnabled(FeatureFlags.EXTERNAL_CERT_MANAGERS) && Preferences.EnableExternalCertManagers;
             filter.PageSize = _filterPageSize;
-            filter.PageIndex= _filterPageIndex;
+            filter.PageIndex = _filterPageIndex;
 
             var result = await _certifyClient.GetManagedCertificateSearchResult(filter);
 
@@ -127,6 +120,39 @@ public async Task<Summary> GetManagedCertificateSummary()
             return await _certifyClient.GetManagedCertificateSummary(filter);
         }
 
+        public async Task ManagedCertificatesNextPage()
+        {
+            if (ManagedCertificates.Count() >= _filterPageSize)
+            {
+                _filterPageIndex++;
+                await RefreshManagedCertificates();
+                RaisePropertyChangedEvent(nameof(ResultPageDescription));
+            }
+        }
+
+        public async Task ManagedCertificatesPrevPage()
+        {
+            if (_filterPageIndex > 0)
+            {
+                _filterPageIndex--;
+                await RefreshManagedCertificates();
+                RaisePropertyChangedEvent(nameof(ResultPageDescription));
+            }
+        }
+
+        /// <summary>
+        /// Formatted description of the current page index in the result set
+        /// </summary>
+        public string ResultPageDescription
+        {
+            get { return $"Page {_filterPageIndex + 1} of {Math.Ceiling((decimal)TotalManagedCertificates / _filterPageSize)}"; }
+        }
+
+        /// <summary>
+        /// True if there are more managed certificates than the current result set batch size
+        /// </summary>
+        public bool HasPagesOfResults => TotalManagedCertificates > _filterPageSize;
+
         /// <summary>
         /// Add/Update a managed certificate via service
         /// </summary>
diff --git a/src/Certify.UI/App.xaml b/src/Certify.UI/App.xaml
index 014fd7976..dad6035b3 100644
--- a/src/Certify.UI/App.xaml
+++ b/src/Certify.UI/App.xaml
@@ -1,8 +1,8 @@
-<Application
+<Application
     x:Class="Certify.UI.App"
     xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
     xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
-    xmlns:Controls="http://metro.mahapps.com/winfx/xaml/controls"
+    xmlns:controls="http://metro.mahapps.com/winfx/xaml/controls"
     xmlns:utils="clr-namespace:Certify.UI.Utils;assembly=Certify.UI.Shared"
     StartupUri="pack://application:,,,/Certify.UI.Shared;component/Windows/MainWindow.xaml">
     <Application.Resources>
@@ -10,10 +10,13 @@
             <ResourceDictionary.MergedDictionaries>
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Controls.xaml" />
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Fonts.xaml" />
-                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
-                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
 
-                <ResourceDictionary Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
+                <ResourceDictionary
+                    Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
             </ResourceDictionary.MergedDictionaries>
             <!--  Heading  -->
             <Style x:Key="Subheading" TargetType="TextBlock">
@@ -51,9 +54,10 @@
 
             <!--  brush color overrides (tab items and disabled buttons)  -->
             <SolidColorBrush x:Key="MahApps.Brushes.Gray" Color="{DynamicResource MahApps.Colors.SystemChromeHigh}" />
-            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled" Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
+            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled"
+                             Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
 
-            <Style TargetType="Controls:NumericUpDown">
+            <Style TargetType="controls:NumericUpDown">
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />
             </Style>
 
@@ -71,11 +75,10 @@
                 <Setter Property="BorderThickness" Value="1" />
 
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />
-                <Setter Property="Controls:ControlsHelper.ContentCharacterCasing" Value="Normal" />
-                <Setter Property="Controls:ControlsHelper.CornerRadius" Value="0" />
+                <Setter Property="controls:ControlsHelper.ContentCharacterCasing" Value="Normal" />
+                <Setter Property="controls:ControlsHelper.CornerRadius" Value="0" />
             </Style>
-
-
+            
             <!--  control templates  -->
             <DataTemplate x:Key="ProviderHiddenParameter" />
 

From 1b140211d266f149ef39c9545833e7139886c701 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Sep 2023 20:52:46 +0800
Subject: [PATCH 051/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                      | 2 +-
 src/Certify.Models/Certify.Models.csproj                      | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj       | 2 +-
 .../Certify.Server.Api.Public.csproj                          | 4 ++--
 src/Certify.Service/App.config                                | 4 ++--
 src/Certify.Service/Certify.Service.csproj                    | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index fe19a90fc..658b60abb 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 0bea35ab6..94ae051fe 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.2" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.3" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 2f11dbab9..59198bc1c 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.25" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.29" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index baa13e875..0337ec6d3 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.34.0" />
+    <PackageReference Include="Azure.Core" Version="1.35.0" />
     <PackageReference Include="Azure.Identity" Version="1.10.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="7.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index b412fd086..be2e1d996 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -15,10 +15,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.3" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.2" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.3" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 6152ece63..a8ae0f42f 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.31.0.0" newVersion="1.34.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.31.0.0" newVersion="1.35.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.55.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.56.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 5bef08190..2a81cda48 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.2.9" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.2.9" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.55.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.56.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />

From e54a2a06947933d31ef504dc0a467b4dad7d9c5f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Sep 2023 20:54:02 +0800
Subject: [PATCH 052/237] Dashboard summary fix

---
 .../Controls/ManagedCertificate/Dashboard.xaml.cs           | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
index 6e071d5f4..c75548ae8 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
@@ -46,12 +46,10 @@ private void AppViewModel_PropertyChanged(object sender, PropertyChangedEventArg
 
         public async Task RefreshSummary()
         {
+            var summary = await AppViewModel.Current.GetManagedCertificateSummary();
 
-            if (AppViewModel.Current.ManagedCertificates?.Any() == true)
+            if (summary?.Total > 0)
             {
-                var summary = await AppViewModel.Current.GetManagedCertificateSummary();
-
-                var ms = AppViewModel.Current.ManagedCertificates;
 
                 ViewModel.Total = summary.Total;
                 ViewModel.Healthy = summary.Healthy;

From 322e539933e9054949074abaeb102558807fb350 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Sep 2023 20:54:27 +0800
Subject: [PATCH 053/237] WIP: text filter refresh results

---
 .../Controls/ManagedCertificates.xaml.cs      | 87 ++++++++++++++++---
 .../AppViewModel.ManagedCerticates.cs         | 11 ++-
 2 files changed, 84 insertions(+), 14 deletions(-)

diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
index a859bed0e..d9cf9ea77 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
@@ -1,6 +1,8 @@
 using System;
 using System.ComponentModel;
 using System.Linq;
+using System.Threading.Tasks;
+using System.Threading;
 using System.Windows;
 using System.Windows.Controls;
 using System.Windows.Data;
@@ -82,7 +84,7 @@ private void SetFilter()
 
             //sort by name ascending
             CollectionViewSource.GetDefaultView(_appViewModel.ManagedCertificates).SortDescriptions.Clear();
-            
+
             if (_sortOrder == "NameAsc")
             {
                 CollectionViewSource.GetDefaultView(_appViewModel.ManagedCertificates).SortDescriptions.Add(
@@ -121,21 +123,78 @@ private async void ListViewItem_InteractionEvent(object sender, InputEventArgs e
             }
         }
 
-        private void TxtFilter_TextChanged(object sender, TextChangedEventArgs e)
+        class Debouncer : IDisposable
         {
-            var defaultView = CollectionViewSource.GetDefaultView(lvManagedCertificates.ItemsSource);
+            private CancellationTokenSource lastCancellationTokenSource;
+            private int milliseconds;
 
-            defaultView.Refresh();
+            public Debouncer(int milliseconds = 300)
+            {
+                this.milliseconds = milliseconds;
+            }
 
-            if (lvManagedCertificates.SelectedIndex == -1 && _appViewModel.SelectedItem != null)
+            public async Task Debounce(Func<Task> action)
             {
-                // if the data model's selected item has come into view after filter box text
-                // changed, select the item in the list
-                if (defaultView.Filter(_appViewModel.SelectedItem))
+                Cancel(lastCancellationTokenSource);
+
+                var tokenSrc = lastCancellationTokenSource = new CancellationTokenSource();
+                
+                try
                 {
-                    lvManagedCertificates.SelectedItem = _appViewModel.SelectedItem;
+                    await Task.Delay(new TimeSpan(milliseconds), tokenSrc.Token);
+                    if (!tokenSrc.IsCancellationRequested)
+                    {
+                        await Task.Run(action, tokenSrc.Token);
+                    }
+                }
+                catch (TaskCanceledException)
+                {
+                }
+            }
+
+            public void Cancel(CancellationTokenSource source)
+            {
+                if (source != null)
+                {
+                    source.Cancel();
+                    source.Dispose();
                 }
             }
+
+            public void Dispose()
+            {
+                Cancel(lastCancellationTokenSource);
+            }
+
+            ~Debouncer()
+            {
+                Dispose();
+            }
+        }
+
+        private Debouncer _filterDebouncer = new Debouncer();
+
+        private async void TxtFilter_TextChanged(object sender, TextChangedEventArgs e)
+        {
+            // refresh db results, then refresh UI view
+
+            _appViewModel.FilterKeyword = txtFilter.Text;
+
+            await _filterDebouncer.Debounce(_appViewModel.RefreshManagedCertificates);
+
+            var defaultView = CollectionViewSource.GetDefaultView(lvManagedCertificates.ItemsSource);
+
+            defaultView.Refresh();
+
+            /* if (lvManagedCertificates.SelectedIndex == -1 && _appViewModel.SelectedItem != null)
+             {
+                 // if the data model's selected item has come into view after filter box text
+                 // changed, select the item in the list
+                 if (defaultView.Filter(_appViewModel.SelectedItem))
+                 {
+                     lvManagedCertificates.SelectedItem = _appViewModel.SelectedItem;
+                 }
+             }*/
         }
 
         private async void TxtFilter_PreviewKeyDown(object sender, KeyEventArgs e)
@@ -169,6 +228,8 @@ private async void TxtFilter_PreviewKeyDown(object sender, KeyEventArgs e)
 
         private void ResetFilter()
         {
+            _appViewModel.FilterKeyword = string.Empty;
+
             txtFilter.Text = "";
             txtFilter.Focus();
 
@@ -372,14 +433,14 @@ private void GettingStarted_FilterApplied(string filter)
             txtFilter.Text = filter;
         }
 
-        private void Prev_Click(object sender, RoutedEventArgs e)
+        private async void Prev_Click(object sender, RoutedEventArgs e)
         {
-            _appViewModel.ManagedCertificatesPrevPage();
+            await _appViewModel.ManagedCertificatesPrevPage();
         }
 
-        private void Next_Click(object sender, RoutedEventArgs e)
+        private async void Next_Click(object sender, RoutedEventArgs e)
         {
-            _appViewModel.ManagedCertificatesNextPage();
+            await _appViewModel.ManagedCertificatesNextPage();
         }
     }
 
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 012ecd8f0..c0ae7c5c2 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -94,6 +94,8 @@ public int NumManagedCerts
         int _filterPageIndex = 0;
         int _filterPageSize = 15;
 
+        public string FilterKeyword { get; set; }= string.Empty;
+
         /// <summary>
         /// Refresh the cached list of managed certs via the connected service
         /// </summary>
@@ -106,6 +108,8 @@ public virtual async Task RefreshManagedCertificates()
             filter.IncludeExternal = IsFeatureEnabled(FeatureFlags.EXTERNAL_CERT_MANAGERS) && Preferences.EnableExternalCertManagers;
             filter.PageSize = _filterPageSize;
             filter.PageIndex = _filterPageIndex;
+            
+            filter.Keyword = string.IsNullOrWhiteSpace(FilterKeyword) ? null : FilterKeyword;
 
             var result = await _certifyClient.GetManagedCertificateSearchResult(filter);
 
@@ -115,9 +119,14 @@ public virtual async Task RefreshManagedCertificates()
 
         public async Task<Summary> GetManagedCertificateSummary()
         {
+            if (!IsServiceAvailable)
+            {
+                return null;
+            }
+
             var filter = new ManagedCertificateFilter();
 
-            return await _certifyClient.GetManagedCertificateSummary(filter);
+            return await _certifyClient?.GetManagedCertificateSummary(filter);
         }
 
         public async Task ManagedCertificatesNextPage()

From 5058d098bfe8321e50992212dea06e37e9ad2236 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 22 Sep 2023 16:30:04 +0800
Subject: [PATCH 054/237] Access Control: WIP implement RBAC and storage

---
 .../Management/Access/AccessControl.cs        | 346 +++++++++---------
 .../Management/Access/IAccessControl.cs       |  25 ++
 .../Config/AccessControl,Config.cs            | 141 +++++++
 src/Certify.Models/Config/AccessControl.cs    | 126 +++++++
 .../Providers/IAccessControlStore.cs          |  16 +
 .../DataStores/AccessControlDataStoreTests.cs | 192 ++++++++++
 .../ManagedItemDataStoreTests.cs              |   4 +-
 .../StoredCredentialsDataStoreTests.cs        |   4 +-
 .../AccessControlTests.cs                     | 225 +++++++-----
 9 files changed, 808 insertions(+), 271 deletions(-)
 create mode 100644 src/Certify.Core/Management/Access/IAccessControl.cs
 create mode 100644 src/Certify.Models/Config/AccessControl,Config.cs
 create mode 100644 src/Certify.Models/Config/AccessControl.cs
 create mode 100644 src/Certify.Models/Providers/IAccessControlStore.cs
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
 rename src/Certify.Tests/Certify.Core.Tests.Integration/{ => DataStores}/ManagedItemDataStoreTests.cs (99%)
 rename src/Certify.Tests/Certify.Core.Tests.Integration/{ => DataStores}/StoredCredentialsDataStoreTests.cs (98%)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 4c79e939a..6a26dafe8 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -1,96 +1,21 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
+using Certify.Models.Config.AccessControl;
 using Certify.Models.Providers;
+using Certify.Providers;
 
 namespace Certify.Core.Management.Access
 {
-    public enum SecurityPrincipleType
-    {
-        User = 1,
-        Application = 2
-    }
-
-    public class SecurityPrinciple
-    {
-        public string Id { get; set; }
-        public string Username { get; set; }
-        public string Password { get; set; }
-        public string Email { get; set; }
-        public string Description { get; set; }
-
-        /// <summary>
-        /// If true, user is a mapping to an external AD/LDAP group or user
-        /// </summary>
-        public bool IsDirectoryMapping { get; set; }
-
-        public List<string> SystemRoleIds { get; set; }
 
-        public SecurityPrincipleType PrincipleType { get; set; }
-
-        public string AuthKey { get; set; }
-    }
-
-    public class StandardRoles
-    {
-        public static Role Administrator { get; } = new Role("sysadmin", "Administrator", "Certify Server Administrator");
-        public static Role DomainOwner { get; } = new Role("domain_owner", "Domain Owner", "Controls certificate access for a given domain");
-        public static Role DomainRequestor { get; } = new Role("subdomain_requestor", "Subdomain Requestor", "Can request new certs for subdomains on a given domain");
-        public static Role CertificateConsumer { get; } = new Role("cert_consumer", "Certificate Consumer", "User of a given certificate");
-
-    }
-
-    public class ResourceTypes
+    public class AccessControl : IAccessControl
     {
-        public static string System { get; } = "system";
-        public static string Domain { get; } = "domain";
-    }
-
-    public class Role
-    {
-        public string Id { get; set; }
-        public string Title { get; set; }
-        public string Description { get; set; }
-
-        public Role() { }
-        public Role(string id, string title, string description)
-        {
-            Id = id;
-            Title = title;
-            Description = description;
-        }
-    }
-
-    public class ResourceAssignedRole
-    {
-        public string PrincipleId { get; set; }
-        public string RoleId { get; set; }
-    }
-    /// <summary>
-    /// Define a domain or resource and who the controlling users are
-    /// </summary>
-    public class ResourceProfile
-    {
-        public string Id { get; set; } = new Guid().ToString();
-        public string ResourceType { get; set; }
-        public string Identifier { get; set; }
-        public List<ResourceAssignedRole> AssignedRoles { get; set; }
-        // public List<Certify.Models.CertRequestChallengeConfig> DefaultChallenges { get; set; }
-    }
-
-    public interface IObjectStore
-    {
-        Task<bool> Save<T>(string id, object item);
-        Task<T> Load<T>(string id);
-    }
-
-    public class AccessControl
-    {
-        private IObjectStore _store;
+        private IAccessControlStore _store;
         private ILog _log;
 
-        public AccessControl(ILog log, IObjectStore store)
+        public AccessControl(ILog log, IAccessControlStore store)
         {
             _store = store;
             _log = log;
@@ -98,55 +23,48 @@ public AccessControl(ILog log, IObjectStore store)
 
         public async Task<List<Role>> GetSystemRoles()
         {
-
             return await Task.FromResult(new List<Role>
             {
                 StandardRoles.Administrator,
-                StandardRoles.DomainOwner,
+                StandardRoles.IdentifierController,
                 StandardRoles.CertificateConsumer
             });
         }
 
-        public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
+        public async Task<List<SecurityPrinciple>> GetSecurityPrinciples(string contextUserId)
         {
-            return await _store.Load<List<SecurityPrinciple>>("principles");
+            return await _store.GetItems<SecurityPrinciple>(nameof(SecurityPrinciple));
         }
 
-        public async Task<bool> AddSecurityPrinciple(SecurityPrinciple principle, string contextUserId, bool bypassIntegrityCheck = false)
+        public async Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinciple principle, bool bypassIntegrityCheck = false)
         {
-            if (!await IsPrincipleInRole(contextUserId, StandardRoles.Administrator.Id, contextUserId) && !bypassIntegrityCheck)
+            if (!bypassIntegrityCheck && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
                 _log?.Warning($"User {contextUserId} attempted to use AddSecurityPrinciple [{principle?.Id}] without being in required role.");
                 return false;
             }
 
-            var principles = await GetSecurityPrinciples();
-            principles.Add(principle);
-            await _store.Save<List<SecurityPrinciple>>("principles", principles);
+            if (!string.IsNullOrWhiteSpace(principle.Password))
+            {
+                principle.Password = HashPassword(principle.Password);
+            }
+
+            await _store.Add<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
 
             _log?.Information($"User {contextUserId} added security principle [{principle?.Id}] {principle?.Username}");
             return true;
         }
 
-        public async Task<bool> UpdateSecurityPrinciple(SecurityPrinciple principle, string contextUserId)
+        public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle)
         {
 
-            if (!await IsPrincipleInRole(contextUserId, StandardRoles.Administrator.Id, contextUserId))
+            if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
                 _log?.Warning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}] without being in required role.");
                 return false;
             }
 
-            var principles = await GetSecurityPrinciples();
-
-            var existing = principles.Find(p => p.Id == principle.Id);
-            if (existing != null)
-            {
-                principles.Remove(existing);
-            }
-
-            principles.Add(principle);
-            await _store.Save<List<SecurityPrinciple>>("principles", principles);
+            await _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
 
             _log?.Information($"User {contextUserId} updated security principle [{principle?.Id}] {principle?.Username}");
             return true;
@@ -155,91 +73,113 @@ public async Task<bool> UpdateSecurityPrinciple(SecurityPrinciple principle, str
         /// <summary>
         /// delete a single security principle
         /// </summary>
-        /// <param name="id"></param>
         /// <param name="contextUserId"></param>
+        /// <param name="id"></param>
         /// <returns></returns>
-        public async Task<bool> DeleteSecurityPrinciple(string id, string contextUserId)
+        public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id, bool allowSelfDelete = false)
         {
-            if (!await IsPrincipleInRole(contextUserId, StandardRoles.Administrator.Id, contextUserId))
+            if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
                 _log?.Warning($"User {contextUserId} attempted to use DeleteSecurityPrinciple [{id}] without being in required role.");
                 return false;
             }
 
-            if (id == contextUserId)
+            if (!allowSelfDelete && id == contextUserId)
             {
                 _log?.Information($"User {contextUserId} tried to delete themselves.");
                 return false;
             }
 
-            var principles = await GetSecurityPrinciples();
-
-            var existing = principles.Find(p => p.Id == id);
-            if (existing != null)
-            {
-                principles.Remove(existing);
-            }
-
-            await _store.Save<List<SecurityPrinciple>>("principles", principles);
+            var existing = await GetSecurityPrinciple(contextUserId, id);
 
-            // TODO: remove assigned roles within all resource profiles
+            await _store.Delete<SecurityPrinciple>(nameof(SecurityPrinciple), id);
 
-            var allResourceProfiles = await GetResourceProfiles(id, contextUserId);
-            foreach (var r in allResourceProfiles)
-            {
-                if (r.AssignedRoles.Any(ro => ro.PrincipleId == id))
-                {
-                    var newAssignedRoles = r.AssignedRoles.Where(ra => ra.PrincipleId != id).ToList();
-                    r.AssignedRoles = newAssignedRoles;
-                }
-            }
-
-            await _store.Save<List<SecurityPrinciple>>("resourceprofiles", allResourceProfiles);
+            // TODO: remove assigned roles
 
             _log?.Information($"User {contextUserId} deleted security principle [{id}] {existing?.Username}");
 
             return true;
         }
 
-        public async Task<bool> IsAuthorised(string principleId, string roleId, string resourceType, string identifier, string contextUserId)
+        public async Task<SecurityPrinciple> GetSecurityPrinciple(string contextUserId, string id)
         {
-            var resourceProfiles = await GetResourceProfiles(principleId, contextUserId);
+            return await _store.Get<SecurityPrinciple>(nameof(SecurityPrinciple), id);
+        }
 
-            if (resourceProfiles.Any(r => r.ResourceType == resourceType && r.Identifier == identifier && r.AssignedRoles.Any(a => a.PrincipleId == principleId && a.RoleId == roleId)))
-            {
-                // principle has an exactly matching role granted for this resource
-                return true;
-            }
+        public async Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier)
+        {
+            // to determine is a principle has access to perform a particular action
+            // for each group the principle is part of
 
-            if (resourceType == ResourceTypes.Domain && !identifier.Trim().StartsWith("*") && identifier.Contains("."))
-            {
-                // get wildcard for respective domain identifier
-                var identifierComponents = identifier.Split('.');
+            var allAssignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
+
+            var spAssigned = allAssignedRoles.Where(a => a.SecurityPrincipleId == principleId);
+
+            var allRoles = await _store.GetItems<Role>(nameof(Role));
+
+            var spAssignedRoles = allRoles.Where(r => spAssigned.Any(t => t.RoleId == r.Id));
+
+            var spSpecificAssignedRoles = spAssigned.Where(a => spAssignedRoles.Any(r => r.Id == a.RoleId));
 
-                var wildcard = "*." + string.Join(".", identifierComponents.Skip(1));
+            var allPolicies = await _store.GetItems<ResourcePolicy>(nameof(ResourcePolicy));
 
-                if (resourceProfiles.Any(r => r.ResourceType == resourceType && r.Identifier == wildcard && r.AssignedRoles.Any(a => a.PrincipleId == principleId && a.RoleId == roleId)))
+            var spAssignedPolicies = allPolicies.Where(r => spAssignedRoles.Any(p => p.Policies.Contains(r.Id)));
+
+            if (spAssignedPolicies.Any(a => a.ResourceActions.Contains(actionId)))
+            {
+                // if and of the service principles assigned roles are restricted by the type of resource type, check for identifier matches (e.g. role assignment restricted on domains )
+                if (spSpecificAssignedRoles.Any(a => a.IncludedResources.Any(r => r.ResourceType == resourceType)))
+                {
+                    var allIncludedResources = spSpecificAssignedRoles.SelectMany(a => a.IncludedResources).Distinct();
+
+                    if (resourceType == ResourceTypes.Domain && !identifier.Trim().StartsWith("*") && identifier.Contains("."))
+                    {
+                        // get wildcard for respective domain identifier
+                        var identifierComponents = identifier.Split('.');
+
+                        var wildcard = "*." + string.Join(".", identifierComponents.Skip(1));
+
+                        // search for matching identifier
+
+                        foreach (var includedResource in allIncludedResources)
+                        {
+                            if (includedResource.ResourceType == resourceType && includedResource.Identifier == wildcard)
+                            {
+                                return true;
+                            }
+                            else if (includedResource.ResourceType == resourceType && includedResource.Identifier == identifier)
+                            {
+                                return true;
+                            }
+                        }
+                    }
+
+                    // no match
+                    return false;
+                }
+                else
                 {
-                    // principle has an matching role granted for this resource as a wildcard
                     return true;
                 }
             }
-
-            return false;
+            else
+            {
+                return false;
+            }
         }
 
         /// <summary>
         /// Check security principle is in a given role at the system level
         /// </summary>
+        /// <param name="contextUserId"></param>
         /// <param name="id"></param>
         /// <param name="roleId"></param>
-        /// <param name="contextUserId"></param>
         /// <returns></returns>
-        public async Task<bool> IsPrincipleInRole(string id, string roleId, string contextUserId)
+        public async Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId)
         {
-            var resourceProfiles = await GetResourceProfiles(id, contextUserId);
+            var assignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
 
-            if (resourceProfiles.Any(r => r.ResourceType == ResourceTypes.System && r.AssignedRoles.Any(a => a.PrincipleId == id && a.RoleId == roleId)))
+            if (assignedRoles.Any(a => a.RoleId == roleId && a.SecurityPrincipleId == id))
             {
                 return true;
             }
@@ -249,46 +189,110 @@ public async Task<bool> IsPrincipleInRole(string id, string roleId, string conte
             }
         }
 
-        /// <summary>
-        /// return list of resources this user has some access to
-        /// </summary>
-        /// <param name="contextUserId"></param>
-        /// <returns></returns>
-        public async Task<List<ResourceProfile>> GetResourceProfiles(string userId, string contextUserId)
+        public async Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy resourceProfile, bool bypassIntegrityCheck = false)
         {
-            var allResourceProfiles = await _store.Load<List<ResourceProfile>>("resourceprofiles");
+            if (!bypassIntegrityCheck && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            {
+                _log?.Warning($"User {contextUserId} attempted to use AddResourcePolicy [{resourceProfile.Id}] without being in required role.");
+                return false;
+            }
+
+            await _store.Add(nameof(ResourcePolicy), resourceProfile);
+
+            _log?.Information($"User {contextUserId} added resource policy [{resourceProfile.Id}]");
+            return true;
+        }
 
-            if (userId != null)
+        public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, string id, string oldpassword, string newpassword)
+        {
+            if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                var filteredprofiles = allResourceProfiles.Where(r => r.AssignedRoles.Any(ra => ra.PrincipleId == userId));
+                _log?.Warning("User {contextUserId} attempted to use updated password for [{username} - {id}] without being in required role.");
+                return false;
+            }
 
-                foreach (var f in filteredprofiles)
-                {
-                    f.AssignedRoles = f.AssignedRoles.Where(a => a.PrincipleId == userId).ToList();
-                }
+            var updated = false;
+
+            var principle = await GetSecurityPrinciple(contextUserId, id);
 
-                return filteredprofiles.ToList();
+            if (IsPasswordValid(oldpassword, principle.Password))
+            {
+                principle.Password = HashPassword(newpassword);
+                updated = await UpdateSecurityPrinciple(contextUserId, principle);
             }
             else
             {
-                return allResourceProfiles;
+                _log?.Information("Previous password did not match while updating security principle password", contextUserId, principle.Username, principle.Id);
             }
+
+            if (updated)
+            {
+                _log?.Information("User {contextUserId} updated password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
+            }
+            else
+            {
+
+                _log?.Warning("User {contextUserId} failed to update password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
+            }
+
+            return updated;
         }
 
-        public async Task<bool> AddResourceProfile(ResourceProfile resourceProfile, string contextUserId, bool bypassIntegrityCheck = false)
+        public bool IsPasswordValid(string password, string currentHash)
         {
-            if (!await IsPrincipleInRole(contextUserId, StandardRoles.Administrator.Id, contextUserId) && !bypassIntegrityCheck)
+            var components = currentHash.Split('.');
+
+            // hash provided password with same salt to compare result
+            return currentHash == HashPassword(password, components[1]);
+        }
+
+        /// <summary>
+        /// Hash password, optionally using the provided salt or generating new salt
+        /// </summary>
+        /// <param name="password"></param>
+        /// <param name="saltString"></param>
+        /// <returns></returns>
+        public string HashPassword(string password, string saltString = null)
+        {
+            var iterations = 600000;
+            var salt = new byte[24];
+
+            if (saltString == null)
             {
-                _log?.Warning($"User {contextUserId} attempted to use AddResourceProfile [{resourceProfile.Identifier}] without being in required role.");
-                return false;
+                RandomNumberGenerator.Create().GetBytes(salt);
             }
+            else
+            {
+                salt = Convert.FromBase64String(saltString);
+            }
+#if NET8_0_OR_GREATER
+            var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.SHA512);
+#else
+            var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
+#endif
 
-            var profiles = await GetResourceProfiles(null, contextUserId);
-            profiles.Add(resourceProfile);
-            await _store.Save<List<SecurityPrinciple>>("resourceprofiles", profiles);
+            var hash = pbkdf2.GetBytes(24);
 
-            _log?.Information($"User {contextUserId} added resource profile [{resourceProfile.Identifier}]");
-            return true;
+            var hashed = $"v1.{Convert.ToBase64String(salt)}.{Convert.ToBase64String(hash)}";
+
+            return hashed;
+        }
+
+        public Task<List<ResourcePolicy>> GetSecurityPrincipleResourcePolicies(string contextUserId, string userId) => throw new NotImplementedException();
+
+        public async Task AddRole(Role r)
+        {
+            await _store.Add(nameof(Role), r);
+        }
+
+        public async Task AddAssignedRole(AssignedRole r)
+        {
+            await _store.Add(nameof(AssignedRole), r);
+        }
+
+        public async Task AddAction(ResourceAction action)
+        {
+            await _store.Add(nameof(ResourceAction), action);
         }
     }
 }
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
new file mode 100644
index 000000000..a6593f4a5
--- /dev/null
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -0,0 +1,25 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Models.Config.AccessControl;
+
+namespace Certify.Core.Management.Access
+{
+    public interface IAccessControl
+    {
+        Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy resourceProfile, bool bypassIntegrityCheck = false);
+        Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinciple principle, bool bypassIntegrityCheck = false);
+        Task<bool> DeleteSecurityPrinciple(string contextUserId, string id, bool allowSelfDelete = false);
+        Task<List<ResourcePolicy>> GetSecurityPrincipleResourcePolicies(string contextUserId, string userId);
+        Task<List<SecurityPrinciple>> GetSecurityPrinciples(string contextUserId);
+        
+        /// <summary>
+        /// Get the list of standard roles built-in to the system
+        /// </summary>
+        /// <returns></returns>
+        Task<List<Role>> GetSystemRoles();
+        Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier);
+        Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
+        Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle);
+        Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, string id, string oldpassword, string newpassword);
+    }
+}
diff --git a/src/Certify.Models/Config/AccessControl,Config.cs b/src/Certify.Models/Config/AccessControl,Config.cs
new file mode 100644
index 000000000..3e8f0cdd3
--- /dev/null
+++ b/src/Certify.Models/Config/AccessControl,Config.cs
@@ -0,0 +1,141 @@
+using System;
+using System.Collections.Generic;
+
+namespace Certify.Models.Config.AccessControl
+{
+    public enum SecurityPrincipleType
+    {
+        User = 1,
+        Application = 2,
+        Group
+    }
+
+    public enum SecurityPermissionType
+    {
+        ALLOW = 1,
+        DENY = 0
+    }
+
+    public class StandardRoles
+    {
+
+        public static Role Administrator { get; } = new Role("sysadmin", "Administrator", "Certify Server Administrator", policies: new List<string> {
+                     "managed_item_admin",
+                     "access_admin",
+                     "storedcredential_admin"
+                    });
+        public static Role CertificateManager { get; } = new Role("cert_manager", "Certificate Manager", "Can manage and administer all certificates");
+        public static Role CertificateConsumer { get; } = new Role("cert_consumer", "Certificate Consumer", "User of a given certificate", policies: new List<string> { "certificate_consumer" });
+        public static Role StoredCredentialConsumer { get; } = new Role("storedcredential_consumer", "Stored Credential Fetch Consumer", "Can fetch a decrypted stored credential", policies: new List<string> { "storedcredential_fetch" });
+        public static Role IdentifierController { get; } = new Role("identifier_controller", "Subject Identifier Controller", "Controls certificate access for a given domain/identifier");
+        public static Role IdentifierRequestor { get; } = new Role("identifier_requestor", "Subject Identifier Requestor", "Can request new certs for subdomains/subresources on a given domain/identifier ");
+    }
+
+    public class StandardProviders
+    {
+        /// <summary>
+        /// Identity is stored in the app/service database
+        /// </summary>
+        public const string INTERNAL = "INTERNAL";
+
+        /// <summary>
+        /// Identity is provided by the OS
+        /// </summary>
+        public const string OS = "OS";
+
+        /// <summary>
+        /// Identity is stored in LDAP/AD
+        /// </summary>
+        public const string LDAP = "LDAP";
+
+        /// <summary>
+        /// Identity is provided by OpenID
+        /// </summary>
+        public const string OID = "OID";
+    }
+
+    public class ResourceTypes
+    {
+        public static string System { get; } = "system";
+        public static string Domain { get; } = "domain";
+        public static string ManagedItem { get; } = "manageditem";
+        public static string Certificate { get; } = "certificate";
+        public static string StoredCredential { get; } = "storedcredential";
+        public static string CertificateAuthority { get; } = "ca";
+    }
+
+    public static class Policies
+    {
+        public static List<ResourceAction> GetStandardResourceActions()
+        {
+            return new List<ResourceAction> {
+
+                new ResourceAction("certificate_download", "Certificate Download", ResourceTypes.Certificate),
+
+                new ResourceAction("storedcredential_add", "Add New Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction("storedcredential_update", "Update Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction("storedcredential_delete", "Delete Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction("storedcredential_fetch", "Fetch Decrypted Stored Credential", ResourceTypes.StoredCredential),
+
+                new ResourceAction("securityprinciple_add", "Add New Security Principle", ResourceTypes.System),
+                new ResourceAction("securityprinciple_update", "UPdate Security Principles", ResourceTypes.System),
+                new ResourceAction("securityprinciple_changepassword", "Update Security Principle Passwords", ResourceTypes.System),
+                new ResourceAction("securityprinciple_delete", "Delete Security Principle", ResourceTypes.System),
+
+                new ResourceAction("manageditem_requester", "Request New Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_add", "Add Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_update", "Update Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_delete", "Delete Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_test", "Test Managed Item Renewal Checks", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_renew", "Request/Renew Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_updatetasks", "Add or Update Managed Item Tasks", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_updatescript", "Add or Update Managed Item Deployment Scripts", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_log", "View/Download Managed Item Log", ResourceTypes.ManagedItem),
+            };
+        }
+
+        public static List<ResourcePolicy> GetStandardPolicies()
+        {
+            return new List<ResourcePolicy> {
+                new ResourcePolicy{ Id="managed_item_admin", Title="Managed Item Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    ResourceActions= new List<string>{
+                        "manageditem_add",
+                        "manageditem_update",
+                        "manageditem_delete",
+                        "manageditem_test",
+                        "manageditem_renew",
+                        "manageditem_updatetasks",
+                        "manageditem_updatescript",
+                        "manageditem_log",
+                    }
+                },
+                new ResourcePolicy{ Id="access_admin", Title="Access Control Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    ResourceActions= new List<string>{
+                        "securityprinciple_add",
+                        "securityprinciple_update",
+                        "securityprinciple_changepassword",
+                        "securityprinciple_delete"
+                    }
+                },
+                new ResourcePolicy{ Id="certificate_consumer", Title="Consume Certificates", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    ResourceActions= new List<string>{
+                        "certificate_download",
+                        "certificate_key_download"
+                    }
+                },
+                new ResourcePolicy{ Id="storedcredential_admin", Title="Stored Credential Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    ResourceActions= new List<string>{
+                        "storedcredential_add",
+                        "storedcredential_update",
+                        "storedcredential_delete"
+                    }
+                },
+                new ResourcePolicy{ Id="storedcredential_fetch", Title="Stored Credential Fetch", Description="Provides access to fetch a decrypted stored credential.", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    ResourceActions= new List<string>{
+                        "storedcredential_fetch"
+                    }
+                }
+            };
+        }
+    }
+}
diff --git a/src/Certify.Models/Config/AccessControl.cs b/src/Certify.Models/Config/AccessControl.cs
new file mode 100644
index 000000000..4a8a4830d
--- /dev/null
+++ b/src/Certify.Models/Config/AccessControl.cs
@@ -0,0 +1,126 @@
+using System;
+using System.Collections.Generic;
+
+namespace Certify.Models.Config.AccessControl
+{
+    public class AccessStoreItem
+    {
+        public AccessStoreItem()
+        {
+            Id = Guid.NewGuid().ToString();
+        }
+        public string Id { get; set; }
+        public string Title { get; set; } = string.Empty;
+        public string Description { get; set; } = string.Empty;
+        public string ItemType { get; set; } = string.Empty;
+    }
+
+    /// <summary>
+    /// A Security Principle is a user or service account which can be assigned roles and other permissions
+    /// </summary>
+    public class SecurityPrinciple : AccessStoreItem
+    {
+
+        public string? Username { get; set; }
+        public string? Password { get; set; }
+        public string? Email { get; set; }
+
+        /// <summary>
+        /// Provider e.g. if identifier is a mapping to an external AD/LDAP group or user
+        /// </summary>
+        public string? Provider { get; set; }
+
+        /// <summary>
+        /// If principle is externally controlled, this is the identifier from the external system
+        /// </summary>
+        public string? ExternalIdentifier { get; set; }
+
+        public SecurityPrincipleType? PrincipleType { get; set; }
+
+        public string? AuthKey { get; set; }
+    }
+
+    public class Role : AccessStoreItem
+    {
+        public List<string> Policies { get; set; } = new List<string>();
+        public Role(string id, string title, string description, List<string> policies = null)
+        {
+            Id = id;
+            Title = title;
+            Description = description;
+
+            if (policies != null)
+            {
+                Policies = policies;
+            }
+        }
+    }
+
+    /// <summary>
+    /// A role assigned to a security principle
+    /// </summary>
+    public class AssignedRole : AccessStoreItem
+    {
+        /// <summary>
+        /// Defines the role to be assigned 
+        /// </summary>
+        public string? RoleId { get; set; }
+
+        /// <summary>
+        /// Specific security principle assigned to the role
+        /// </summary>
+        public string? SecurityPrincipleId { get; set; }
+
+        public List<Resource> IncludedResources { get; set; }
+    }
+
+    /// <summary>
+    /// Defines a restricted resource
+    /// </summary>
+    public class Resource : AccessStoreItem
+    {
+        /// <summary>
+        /// Type of this resource
+        /// </summary>
+        public string? ResourceType { get; set; }
+
+        /// <summary>
+        /// Identifier for this resource, can include wildcards for domains etc
+        /// </summary>
+        public string? Identifier { get; set; }
+    }
+
+    public class ResourcePolicy : AccessStoreItem
+    {
+
+        /// <summary>
+        /// Whether policy is allow or deny for the set of actions
+        /// </summary>
+        public SecurityPermissionType SecurityPermissionType { get; set; } = SecurityPermissionType.DENY;
+
+        /// <summary>
+        /// List of actions to apply to this policy
+        /// </summary>
+        public List<string> ResourceActions { get; set; } = new List<string>();
+
+        /// <summary>
+        /// If true, this policy requires on or more specific identified resources and cannot be applied to all resources
+        /// </summary>
+        public bool IsResourceSpecific { get; set; }
+    }
+
+    /// <summary>
+    ///  Specific system action which may be allowed/disallowed on a specific type of resource
+    /// </summary>
+    public class ResourceAction : AccessStoreItem
+    {
+        public ResourceAction(string id, string title, string resourceType)
+        {
+            Id = id;
+            Title = title;
+            ResourceType = resourceType;
+        }
+
+        public string? ResourceType { get; set; }
+    }
+}
diff --git a/src/Certify.Models/Providers/IAccessControlStore.cs b/src/Certify.Models/Providers/IAccessControlStore.cs
new file mode 100644
index 000000000..2a2a70408
--- /dev/null
+++ b/src/Certify.Models/Providers/IAccessControlStore.cs
@@ -0,0 +1,16 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Certify.Providers
+{
+    public interface IAccessControlStore
+    {
+        Task<T> Get<T>(string itemType, string id);
+        Task Add<T>(string itemType, T item);
+        Task Update<T>(string itemType, T item);
+        Task<bool> Delete<T>(string itemType, string id);
+        Task<List<T>> GetItems<T>(string itemType);
+    }
+}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
new file mode 100644
index 000000000..dc9b5492c
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -0,0 +1,192 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Certify.Core.Management.Access;
+using Certify.Datastore.Postgres;
+using Certify.Datastore.SQLServer;
+using Certify.Management;
+using Certify.Models.Config.AccessControl;
+using Certify.Providers;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests.DataStores
+{
+    [TestClass]
+    public class AccessControlDataStoreTests
+    {
+        private string _storeType = "sqlite";
+        private const string TEST_PATH = "Tests\\credentials";
+
+        public static IEnumerable<object[]> TestDataStores
+        {
+            get
+            {
+                return new[]
+                {
+                    new object[] { "sqlite" },
+                    //new object[] { "postgres" },
+                    //new object[] { "sqlserver" }
+                };
+            }
+        }
+
+        private IAccessControlStore GetStore(string storeType = null)
+        {
+            if (storeType == null)
+            {
+                storeType = _storeType;
+            }
+
+            if (storeType == "sqlite")
+            {
+                return new SQLiteAccessControlStore(storageSubfolder: TEST_PATH);
+            }
+            /* else if (storeType == "postgres")
+             {
+                 return new PostgresCredentialStore(Environment.GetEnvironmentVariable("CERTIFY_TEST_POSTGRES"));
+             }
+             else if (storeType == "sqlserver")
+             {
+                 return new SQLServerCredentialStore(Environment.GetEnvironmentVariable("CERTIFY_TEST_SQLSERVER"));
+             }*/
+            else
+            {
+                throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupported store type " + storeType);
+            }
+        }
+
+        [TestMethod]
+        [DynamicData(nameof(TestDataStores))]
+        public async Task TestStoreSecurityPrinciple(string storeType)
+        {
+            var store = GetStore(storeType ?? _storeType);
+
+            var sp = new SecurityPrinciple
+            {
+                Email = "test@test.com",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "test",
+                Provider = StandardProviders.INTERNAL
+            };
+
+            try
+            {
+                await store.Add(nameof(SecurityPrinciple), sp);
+
+                var list = await store.GetItems<SecurityPrinciple>(nameof(SecurityPrinciple));
+
+                Assert.IsTrue(list.Any(l => l.Id == sp.Id), "Security Principle retrieved");
+            }
+            finally
+            {
+                // cleanup
+                await store.Delete<SecurityPrinciple>(nameof(SecurityPrinciple), sp.Id);
+            }
+        }
+
+        [TestMethod]
+        [DynamicData(nameof(TestDataStores))]
+        public async Task TestStoreRole(string storeType)
+        {
+            var store = GetStore(storeType ?? _storeType);
+
+            var role1 = new Role("test", "Test Role", "A test role");
+            var role2 = new Role("test2", "Test Role 2", "A test role 2");
+
+            try
+            {
+                await store.Add(nameof(Role), role1);
+                await store.Add(nameof(Role), role2);
+
+                var item = await store.Get<Role>(nameof(Role), role1.Id);
+
+                Assert.IsTrue(item.Id == role1.Id, "Role retrieved");
+            }
+            finally
+            {
+                // cleanup
+                await store.Delete<Role>(nameof(Role), role1.Id);
+                await store.Delete<Role>(nameof(Role), role2.Id);
+            }
+        }
+
+        [TestMethod]
+        public void TestStorePasswordHashing()
+        {
+            var store = GetStore(_storeType);
+            var access = new AccessControl(null, store);
+
+            var firstHash = access.HashPassword("secret");
+
+            Assert.IsNotNull(firstHash);
+
+            Assert.IsTrue(access.IsPasswordValid("secret", firstHash));
+        }
+
+        [TestMethod]
+        [DynamicData(nameof(TestDataStores))]
+        public async Task TestStoreGeneralAccessControl(string storeType)
+        {
+
+            var store = GetStore(storeType ?? _storeType);
+
+            var access = new AccessControl(null, store);
+
+            var adminSp = new SecurityPrinciple
+            {
+                Id = "admin_01",
+                Email = "admin@test.com",
+                Description = "Primary test admin",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "admin01",
+                Provider = StandardProviders.INTERNAL
+            };
+
+            var consumerSp = new SecurityPrinciple
+            {
+                Id = "dev_01",
+                Email = "dev_test01@test.com",
+                Description = "Consumer test",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "dev01",
+                Password = "oldpassword",
+                Provider = StandardProviders.INTERNAL
+            };
+
+            try
+            {
+                // add first admin security principle, bypass role check as there is no user to check yet
+
+                await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
+
+                // add second security principle, enforcing role checks for calling user
+                await access.AddSecurityPrinciple(adminSp.Id, consumerSp);
+
+                var list = await access.GetSecurityPrinciples(adminSp.Id);
+
+                Assert.IsTrue(list.Any());
+
+                // get updated sp so that password is hashed for comparison check
+                consumerSp = await access.GetSecurityPrinciple(adminSp.Id, consumerSp.Id);
+
+                Assert.IsTrue(access.IsPasswordValid("oldpassword", consumerSp.Password));
+
+                var updated = await access.UpdateSecurityPrinciplePassword(adminSp.Id, consumerSp.Id, "oldpassword", "newpassword");
+
+                Assert.IsTrue(updated, "SP password should have been updated OK");
+
+                consumerSp = await access.GetSecurityPrinciple(adminSp.Id, consumerSp.Id);
+
+                Assert.IsFalse(access.IsPasswordValid("oldpassword", consumerSp.Password), "Old password should no longer be valid");
+
+                Assert.IsTrue(access.IsPasswordValid("newpassword", consumerSp.Password), "New password should be valid");
+            }
+            finally
+            {
+                await access.DeleteSecurityPrinciple(adminSp.Id, consumerSp.Id);
+                await access.DeleteSecurityPrinciple(adminSp.Id, adminSp.Id, allowSelfDelete: true);
+            }
+        }
+    }
+}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
similarity index 99%
rename from src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
index 4a878b0eb..7e71f821a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/ManagedItemDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
@@ -11,7 +11,7 @@
 using Certify.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests
+namespace Certify.Core.Tests.DataStores
 {
     [TestClass]
     public class ManagedItemDataStoreTests
@@ -58,7 +58,7 @@ private IManagedItemStore GetManagedItemStore(string storeType = null)
             }
             else
             {
-                throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupport store type " + storeType);
+                throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupported store type " + storeType);
             }
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/StoredCredentialsDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
similarity index 98%
rename from src/Certify.Tests/Certify.Core.Tests.Integration/StoredCredentialsDataStoreTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
index 4915a7e3d..ad8884431 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/StoredCredentialsDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
@@ -8,7 +8,7 @@
 using Certify.Models.Config;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests
+namespace Certify.Core.Tests.DataStores
 {
     [TestClass]
     public class StoredCredentialsDataStoreTests
@@ -50,7 +50,7 @@ private ICredentialsManager GetCredentialManager(string storeType = null)
             }
             else
             {
-                throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupport store type " + storeType);
+                throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupported store type " + storeType);
             }
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
index 39bcdeec8..3bb72c655 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
@@ -1,57 +1,77 @@
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Certify.Core.Management.Access;
 using Certify.Models;
+using Certify.Models.Config.AccessControl;
+using Certify.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
-
-    public class MemoryObjectStore : IObjectStore
+    public class MemoryObjectStore : IAccessControlStore
     {
-        private ConcurrentDictionary<string, object> _store = new ConcurrentDictionary<string, object>();
+        private ConcurrentDictionary<string, AccessStoreItem> _store = new ConcurrentDictionary<string, AccessStoreItem>();
 
-        public Task<T> Load<T>(string id)
+        public Task Add<T>(string itemType, AccessStoreItem item)
         {
-            if (_store.TryGetValue(id, out var value))
-            {
-                return Task.FromResult((T)value);
-            }
-            else
-            {
-                var empty = (T)Activator.CreateInstance(typeof(T));
+            item.ItemType = itemType;
+            return Task.FromResult(_store.TryAdd(item.Id, item));
+        }
 
-                return Task.FromResult(empty);
-            }
+        public Task<bool> Delete<T>(string itemType, string id)
+        {
+            return Task.FromResult((_store.TryRemove(id, out _)));
+        }
+
+        public Task<List<T>> GetItems<T>(string itemType)
+        {
+            var items = _store.Values
+                    .Where((s => s.ItemType == itemType))
+                    .Select(s => (T)Convert.ChangeType(s, typeof(T)));
+
+            return Task.FromResult((items.ToList()));
+        }
+
+        public Task<T> Get<T>(string itemType, string id)
+        {
+            _store.TryGetValue(id, out var value);
+            return Task.FromResult((T)Convert.ChangeType(value, typeof(T)));
+        }
+
+        public Task Add<T>(string itemType, T item)
+        {
+            var o = item as AccessStoreItem;
+            o.ItemType = itemType;
+            return Task.FromResult(_store.TryAdd(o.Id, o));
         }
 
-        public Task<bool> Save<T>(string id, object item)
+        public Task Update<T>(string itemType, T item)
         {
-            _ = _store.AddOrUpdate(id, item, (key, oldVal) => item);
-            return Task.FromResult(true);
+            var o = item as AccessStoreItem;
+            return Task.FromResult(_store.TryUpdate(o.Id, o, o));
         }
     }
 
     [TestClass]
     public class AccessControlTests
     {
-
         private List<SecurityPrinciple> GetTestSecurityPrinciples()
         {
-
-            return new List<SecurityPrinciple> {
-                new SecurityPrinciple {
+            return new List<SecurityPrinciple>
+            {
+                new SecurityPrinciple
+                {
                     Id = "admin_01",
                     Username = "admin",
                     Description = "Administrator account",
-                    Email="info@test.com", Password="ABCDEFG",
-                    PrincipleType= SecurityPrincipleType.User,
-                    SystemRoleIds=new List<string>{ StandardRoles.Administrator.Id
-    }
-},
+                    Email = "info@test.com",
+                    Password = "ABCDEFG",
+                    PrincipleType = SecurityPrincipleType.User
+                },
                 new SecurityPrinciple
                 {
                     Id = "domain_owner_01",
@@ -59,65 +79,34 @@ private List<SecurityPrinciple> GetTestSecurityPrinciples()
                     Description = "Example domain owner",
                     Email = "domains@test.com",
                     Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User,
-                    SystemRoleIds = new List<string> { StandardRoles.DomainOwner.Id }
-                },
-                 new SecurityPrinciple
-                 {
-                     Id = "devops_user_01",
-                     Username = "devops_01",
-                     Description = "Example devops user",
-                     Email = "devops01@test.com",
-                     Password = "ABCDEFG",
-                     PrincipleType = SecurityPrincipleType.User,
-                     SystemRoleIds = new List<string> { StandardRoles.CertificateConsumer.Id, StandardRoles.DomainRequestor.Id }
-                 },
-                  new SecurityPrinciple
-                  {
-                      Id = "devops_app_01",
-                      Username = "devapp_01",
-                      Description = "Example devops app domain consumer",
-                      Email = "dev_app01@test.com",
-                      Password = "ABCDEFG",
-                      PrincipleType = SecurityPrincipleType.User,
-                      SystemRoleIds = new List<string> { StandardRoles.CertificateConsumer.Id }
-                  }
-            };
-        }
-
-        public List<ResourceProfile> GetTestResourceProfiles()
-        {
-            return new List<ResourceProfile> {
-                new ResourceProfile {
-                    ResourceType = ResourceTypes.System,
-                    AssignedRoles = new List<ResourceAssignedRole>{
-                        new ResourceAssignedRole{ RoleId=StandardRoles.Administrator.Id, PrincipleId = "admin_01" },
-                        new ResourceAssignedRole{ RoleId=StandardRoles.CertificateConsumer.Id, PrincipleId = "devops_user_01" },
-                        new ResourceAssignedRole{ RoleId=StandardRoles.DomainRequestor.Id, PrincipleId = "devops_user_01" }
-                    }
+                    PrincipleType = SecurityPrincipleType.User
                 },
-                new ResourceProfile {
-                    ResourceType = ResourceTypes.Domain,
-                    Identifier = "example.com",
-                    AssignedRoles= new List<ResourceAssignedRole>{
-                        new ResourceAssignedRole{ RoleId=StandardRoles.CertificateConsumer.Id, PrincipleId = "devops_user_01" },
-                        new ResourceAssignedRole{ RoleId=StandardRoles.DomainRequestor.Id, PrincipleId = "devops_user_01" }
-                    }
+                new SecurityPrinciple
+                {
+                    Id = "devops_user_01",
+                    Username = "devops_01",
+                    Description = "Example devops user",
+                    Email = "devops01@test.com",
+                    Password = "ABCDEFG",
+                    PrincipleType = SecurityPrincipleType.User
                 },
-                  new ResourceProfile {
-                    ResourceType = ResourceTypes.Domain,
-                    Identifier = "www.example.com",
-                    AssignedRoles= new List<ResourceAssignedRole>{
-                        new ResourceAssignedRole{ RoleId=StandardRoles.CertificateConsumer.Id, PrincipleId = "devops_user_01" },
-                        new ResourceAssignedRole{ RoleId=StandardRoles.DomainRequestor.Id, PrincipleId = "devops_user_01" }
-                    }
+                new SecurityPrinciple
+                {
+                    Id = "devops_app_01",
+                    Username = "devapp_01",
+                    Description = "Example devops app domain consumer",
+                    Email = "dev_app01@test.com",
+                    Password = "ABCDEFG",
+                    PrincipleType = SecurityPrincipleType.User
                 },
-                new ResourceProfile {
-                    ResourceType = ResourceTypes.Domain,
-                    Identifier = "*.microsoft.com",
-                    AssignedRoles= new List<ResourceAssignedRole>{
-                        new ResourceAssignedRole{ RoleId=StandardRoles.CertificateConsumer.Id, PrincipleId = "devops_user_01" }
-                    }
+                    new SecurityPrinciple
+                {
+                    Id = "[test]",
+                    Username = "test administrator",
+                    Description = "Example test administrator used as context user during test",
+                    Email = "test_admin@test.com",
+                    Password = "ABCDEFG",
+                    PrincipleType = SecurityPrincipleType.User
                 }
             };
         }
@@ -126,8 +115,8 @@ public List<ResourceProfile> GetTestResourceProfiles()
         public async Task TestAccessControlChecks()
         {
             var log = new LoggerConfiguration()
-                   .WriteTo.Debug()
-                   .CreateLogger();
+                .WriteTo.Debug()
+                .CreateLogger();
 
             var loggy = new Loggy(log);
 
@@ -139,46 +128,90 @@ public async Task TestAccessControlChecks()
             var allPrinciples = GetTestSecurityPrinciples();
             foreach (var p in allPrinciples)
             {
-                _ = await access.AddSecurityPrinciple(p, contextUserId, bypassIntegrityCheck: true);
+                _ = await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true);
+            }
+
+            // setup known actions
+            var actions = Policies.GetStandardResourceActions();
+
+            foreach (var action in actions)
+            {
+                await access.AddAction(action);
+            }
+
+            // setup policies with actions
+
+            var policies = Policies.GetStandardPolicies();
+
+            // add policies to store
+            foreach (var r in policies)
+            {
+                _ = await access.AddResourcePolicy(contextUserId, r, bypassIntegrityCheck: true);
             }
 
-            // assign resource roles per principle
-            var allResourceProfiles = GetTestResourceProfiles();
-            foreach (var r in allResourceProfiles)
+            // setup roles with policies
+            var roles = await access.GetSystemRoles();
+
+            foreach (var r in roles)
+            {
+                // add roles and policy assignments to store
+                await access.AddRole(r);
+            }
+
+            // assign security principles to roles
+            var assignedRoles = new List<AssignedRole> {
+                // administrator
+                new AssignedRole{
+                    RoleId=StandardRoles.Administrator.Id,
+                    SecurityPrincipleId="admin_01"
+                },
+                // devops user in consumer role for a couple of specific domains
+                new AssignedRole{
+                    RoleId=StandardRoles.CertificateConsumer.Id,
+                    SecurityPrincipleId="devops_user_01",
+                    IncludedResources=new List<Resource>{
+                        new Resource{ ResourceType=ResourceTypes.Domain, Identifier="www.example.com" },
+                        new Resource{ ResourceType=ResourceTypes.Domain, Identifier="*.microsoft.com" }
+                    }
+                }
+            };
+
+            foreach (var r in assignedRoles)
             {
-                _ = await access.AddResourceProfile(r, contextUserId, bypassIntegrityCheck: true);
+                // add roles and policy assignments to store
+                await access.AddAssignedRole(r);
             }
 
             // assert
 
-            var hasAccess = await access.IsPrincipleInRole("admin_01", StandardRoles.Administrator.Id, contextUserId);
+            var hasAccess = await access.IsPrincipleInRole(contextUserId, "admin_01", StandardRoles.Administrator.Id);
             Assert.IsTrue(hasAccess, "User should be in role");
 
-            hasAccess = await access.IsPrincipleInRole("admin_02", StandardRoles.Administrator.Id, contextUserId);
+            hasAccess = await access.IsPrincipleInRole(contextUserId, "admin_02", StandardRoles.Administrator.Id);
             Assert.IsFalse(hasAccess, "User should not be in role");
 
             // check user can consume a cert for a given domain 
-            var isAuthorised = await access.IsAuthorised("devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "www.example.com", contextUserId);
+            var isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "www.example.com");
             Assert.IsTrue(isAuthorised, "User should be a cert consumer for this domain");
 
             // check user can't consume a cert for a subdomain they haven't been granted
-            isAuthorised = await access.IsAuthorised("devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "secure.example.com", contextUserId);
+            isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "secure.example.com");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for this domain");
 
             // check user can consume any subdomain via a granted wildcard
-            isAuthorised = await access.IsAuthorised("devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "random.microsoft.com", contextUserId);
+            isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
             Assert.IsTrue(isAuthorised, "User should be a cert consumer for this subdomain via wildcard");
 
             // check user can't consume a random wildcard
-            isAuthorised = await access.IsAuthorised("devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "*  lkjhasdf98862364", contextUserId);
+            isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "*  lkjhasdf98862364");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for random wildcard");
 
             // check user can't consume a random wildcard
-            isAuthorised = await access.IsAuthorised("devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "  lkjhasdf98862364.*.microsoft.com", contextUserId);
+            isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "lkjhasdf98862364.*.microsoft.com");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for random wildcard");
 
             // random user should not be authorised
-            isAuthorised = await access.IsAuthorised("randomuser", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "random.microsoft.com", contextUserId);
+            isAuthorised = await access.IsAuthorised(contextUserId, "randomuser", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
             Assert.IsFalse(isAuthorised, "Unknown user should not be a cert consumer for this subdomain via wildcard");
         }
     }

From cb4a539d7c48a5bef4e528be344bbfa1cacfb963 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 22 Sep 2023 16:30:21 +0800
Subject: [PATCH 055/237] Cleanup

---
 .../DNS/DnsAPITest.AWSRoute53.cs                          | 8 ++++----
 .../DNS/DnsAPITest.Azure.cs                               | 8 ++++----
 .../DNS/DnsAPITest.Cloudflare.cs                          | 8 ++++----
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
index 2513984b3..7d3fc8b7f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
@@ -5,7 +5,7 @@
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests
+namespace Certify.Core.Tests.DNS
 {
     [TestClass]
     public class DnsAPITestAWSRoute53 : IntegrationTestBase
@@ -40,7 +40,7 @@ public async Task<DnsRecord> TestCreateRecord()
             Assert.IsTrue(createResult.IsSuccess);
 
             stopwatch.Stop();
-            System.Diagnostics.Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
             return createRequest;
         }
 
@@ -62,7 +62,7 @@ public async Task TestCreateRecords()
             // also create a duplicate
             var record2 = await TestCreateRecord();
 
-            System.Diagnostics.Debug.WriteLine($"Cloudflare DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
+            Debug.WriteLine($"Cloudflare DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
         }
 
         [TestMethod, TestCategory("DNS")]
@@ -80,7 +80,7 @@ public async Task TestDeleteRecord()
             var deleteResult = await _provider.DeleteRecord(deleteRequest);
             Assert.IsTrue(deleteResult.IsSuccess);
 
-            System.Diagnostics.Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
         }
 
         [TestMethod, TestCategory("DNS")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
index bb2ed8933..86d5669e6 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
@@ -5,7 +5,7 @@
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests
+namespace Certify.Core.Tests.DNS
 {
     [TestClass]
     [Ignore("Requires credential setup")]
@@ -41,7 +41,7 @@ private async Task<DnsRecord> TestCreateRecord()
             Assert.IsTrue(createResult.IsSuccess);
 
             stopwatch.Stop();
-            System.Diagnostics.Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
             return createRequest;
         }
 
@@ -63,7 +63,7 @@ public async Task TestCreateRecords()
             // also create a duplicate
             var record2 = await TestCreateRecord();
 
-            System.Diagnostics.Debug.WriteLine($"Azure DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
+            Debug.WriteLine($"Azure DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
         }
 
         [TestMethod, TestCategory("DNS")]
@@ -81,7 +81,7 @@ public async Task TestDeleteRecord()
             var deleteResult = await _provider.DeleteRecord(deleteRequest);
             Assert.IsTrue(deleteResult.IsSuccess);
 
-            System.Diagnostics.Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
         }
     }
 }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
index 3657e7f57..dd3351d24 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
@@ -5,7 +5,7 @@
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests
+namespace Certify.Core.Tests.DNS
 {
     [TestClass]
     public class DnsAPITestCloudflare : IntegrationTestBase
@@ -33,7 +33,7 @@ public async Task<DnsRecord> TestCreateRecord()
             Assert.IsTrue(createResult.IsSuccess);
 
             stopwatch.Stop();
-            System.Diagnostics.Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Create DNS Record {createRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
             return createRequest;
         }
 
@@ -62,7 +62,7 @@ public async Task TestCreateRecords()
             // also create a duplicate
             var record2 = await TestCreateRecord();
 
-            System.Diagnostics.Debug.WriteLine($"Cloudflare DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
+            Debug.WriteLine($"Cloudflare DNS should now have record {record1.RecordName} with values {record1.RecordValue} and {record2.RecordValue}");
         }
 
         [TestMethod, TestCategory("DNS")]
@@ -80,7 +80,7 @@ public async Task TestDeleteRecord()
             var deleteResult = await _provider.DeleteRecord(deleteRequest);
             Assert.IsTrue(deleteResult.IsSuccess);
 
-            System.Diagnostics.Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
+            Debug.WriteLine($"Delete DNS Record {deleteRequest.RecordName} took {stopwatch.Elapsed.TotalSeconds} seconds");
         }
     }
 }

From 1b370e33ab0ce71193f4432a316f81803b714803 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 22 Sep 2023 16:30:33 +0800
Subject: [PATCH 056/237] Package updates

---
 .../Certify.Server.Api.Public.csproj          |  4 ++++
 .../Certify.Server.Core.csproj                | 19 +++++--------------
 .../Certify.Service.Worker.csproj             | 10 +++-------
 .../Certify.UI.Tests.Integration.csproj       |  2 +-
 4 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index be2e1d996..a3be4f8b1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -19,6 +19,10 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.3" />
+      <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.1.23421.29" />
+      <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.1.23419.6" />
+      <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.1.23421.29" />
+      
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index ea89f7285..0ee3ccf66 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,35 +1,26 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-preview.7.23375.9" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
-    <PackageReference Include="System.Threading.Timer" Version="4.3.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.1.23421.29" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.1.23421.29" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.1.23421.29" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.1.23419.4" />
   </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Core\Certify.Core.csproj" />
     <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Models\Certify.Models.csproj" />
     <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
-
   <ItemGroup>
     <Folder Include="Properties\" />
   </ItemGroup>
-
-
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 578719047..401a265e9 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -9,17 +9,13 @@
     <DebugType>portable</DebugType>
     <DebugSymbols>true</DebugSymbols>
   </PropertyGroup>
-  
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-preview.7.23375.6" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-preview.7.23375.6" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-preview.7.23375.6" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.1.23419.4" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.1.23419.4" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.1.23419.4" />
   </ItemGroup>
-  
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
   </ItemGroup>
-
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 3ff65e868..09aded4a4 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>net8.0-windows</TargetFramework>
     <Configurations>Debug;Release;</Configurations>

From fe25cab72492e9acd87b76d93285a421f5d18844 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 4 Oct 2023 17:10:46 +0800
Subject: [PATCH 057/237] Package updates

---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj             | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj     | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                  | 2 +-
 .../Certify.Shared.Extensions.csproj                        | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 59198bc1c..5bd45b48c 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.29" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.43" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 0337ec6d3..3ecb168ba 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.35.0" />
-    <PackageReference Include="Azure.Identity" Version="1.10.0" />
+    <PackageReference Include="Azure.Identity" Version="1.10.1" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="7.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index b57ef4fe2..5d2eb357d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.10" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.11" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index b33b24a2c..7ac20406d 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
         <TargetFrameworks>net462;netstandard2.0;net8.0</TargetFrameworks>
@@ -24,8 +24,8 @@
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
 
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />
-        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies"  Version="1.1.0"  Condition="'$(TargetFramework)' != 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.7" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
        <!-- <PackageReference Include="System.Management.Automation" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />-->
     </ItemGroup>
 

From a7064f1312c8b7229c99b6d3c24a595926083cb1 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 13 Oct 2023 18:02:53 +0800
Subject: [PATCH 058/237] Package updates (.net 8 rc2 etc)

---
 src/Certify.Client/Certify.Client.csproj            |  6 +++---
 src/Certify.Models/Certify.Models.csproj            |  4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj     |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj               |  4 ++--
 .../Certify.Server.Api.Public.Tests.csproj          |  2 +-
 .../Certify.Server.Api.Public.csproj                | 13 +++++++------
 .../Certify.Server.Core/Certify.Server.Core.csproj  |  8 ++++----
 .../Certify.Service.Worker.csproj                   |  6 +++---
 src/Certify.Service/Certify.Service.csproj          |  2 +-
 .../Certify.Shared.Extensions.csproj                |  4 +---
 src/Certify.Shared/Certify.Shared.Core.csproj       |  2 +-
 .../Certify.Core.Tests.Integration.csproj           |  2 +-
 .../Certify.Core.Tests.Unit.csproj                  |  4 ++--
 .../Certify.Service.Tests.Integration.csproj        |  2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj      |  2 +-
 src/Certify.UI/Certify.UI.csproj                    |  2 +-
 16 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 658b60abb..d3d975772 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.10" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="7.0.10" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.3" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 94ae051fe..680a47cbf 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.32.3" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="7.0.3" />
+		<PackageReference Include="System.Text.Json" Version="8.0.0-rc.2.23479.6" />
 	</ItemGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 5bd45b48c..7a5ef76b5 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.201.43" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.202.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 3ecb168ba..085c1960f 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -8,9 +8,9 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.35.0" />
-    <PackageReference Include="Azure.Identity" Version="1.10.1" />
+    <PackageReference Include="Azure.Identity" Version="1.10.2" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
-    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 5d2eb357d..be4eca0ee 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.11" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.12" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index a3be4f8b1..76e40b01b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -14,14 +14,15 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-preview.5.23302.2" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.2" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.3" />
-      <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.1.23421.29" />
-      <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.1.23419.6" />
-      <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.1.23421.29" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.2" />
+      <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.2.23480.2" />
+      <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.2.23480.1" />
+      <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.2.23480.2" />
       
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 0ee3ccf66..d560be7b9 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -10,10 +10,10 @@
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.1.23421.29" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.1.23421.29" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.1.23421.29" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.1.23419.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Core\Certify.Core.csproj" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 401a265e9..70cd9e1bf 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -11,9 +11,9 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Polly" Version="7.2.4" />
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.1.23419.4" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.1.23419.4" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.1.23419.4" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 2a81cda48..b587d2ff3 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -67,7 +67,7 @@
         <PackageReference Include="Serilog" Version="3.0.1" />
         <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
-        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="7.0.2" />
+        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
         <PackageReference Include="System.ServiceProcess.ServiceController" Version="7.0.1" />
         <PackageReference Include="System.ValueTuple" Version="4.5.0" />
         <PackageReference Include="Topshelf" Version="4.3.0" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 7ac20406d..a05eb2590 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,10 +23,8 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.7" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.8" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
-       <!-- <PackageReference Include="System.Management.Automation" Version="7.3.6" Condition="'$(TargetFramework)' == 'net8.0'" />-->
     </ItemGroup>
 
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 936ec0190..31d03bdd2 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -18,7 +18,7 @@
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
-        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
+        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
         <PackageReference Include="Arsoft.Tools.Net" Version="3.5.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 7a91fef88..0a5961ba3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -103,7 +103,7 @@
     <PackageReference Include="System.Collections.Concurrent" Version="4.3.0" />
     <PackageReference Include="System.Console" Version="4.3.1" />
     <PackageReference Include="System.Diagnostics.Debug" Version="4.3.0" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="7.0.2" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="System.Diagnostics.Tools" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.Tracing" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 70c813aa7..0c4c2be7e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -137,8 +137,8 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="7.0.2" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 354fde3b9..0a192b307 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -81,7 +81,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="Polly" Version="7.2.4" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="7.0.2" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>
     <Folder Include="Properties\" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 00486dc1b..49b0f8756 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="3.0.1" />
-		<PackageReference Include="System.Text.Json" Version="7.0.3" />
+		<PackageReference Include="System.Text.Json" Version="8.0.0-rc.2.23479.6" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index c759b4786..4abb7cb30 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -180,7 +180,7 @@
       <Version>3.0.1</Version>
     </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
-      <Version>7.0.2</Version>
+      <Version>8.0.0-rc.2.23479.6</Version>
     </PackageReference>
     <PackageReference Include="System.Net.Http">
       <Version>4.3.4</Version>

From 4bfda096eb4cceab41d1eb1180d23175eba7a811 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Fri, 13 Oct 2023 18:10:19 -0700
Subject: [PATCH 059/237] Fix to Debug Port of Public.API always being
 overwritten by servers.json

WebUI would not launch in Debug mode because the default servers.json file always overwrites the debug port values (9695) with release port (9696) when ServerConnectionManager.GetServerConnections() is called on line 142.
---
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 037560049..e623a8ee2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -141,7 +141,9 @@ public void ConfigureServices(IServiceCollection services)
 
             var connections = ServerConnectionManager.GetServerConnections(null, defaultConnectionConfig);
             var serverConnection = connections.FirstOrDefault(c => c.IsDefault == true);
-
+#if DEBUG
+            serverConnection = defaultConnectionConfig;
+#endif
             var internalServiceClient = new Client.CertifyServiceClient(configManager, serverConnection);
 
             internalServiceClient.ConnectStatusStreamAsync();

From cd5ddfc74ecaa5b03ee77f6e5fcd092e40d37ffd Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 16 Oct 2023 10:00:08 +0800
Subject: [PATCH 060/237] WIP: scaffold access control Api

---
 src/Certify.Client/CertifyApiClient.cs        |  6 +++
 src/Certify.Client/ICertifyClient.cs          |  5 ++
 ...ntrol,Config.cs => AccessControlConfig.cs} |  0
 .../Controllers/internal/AccessController.cs  | 50 +++++++++++++++++++
 .../Controllers/AccessController.cs           | 40 +++++++++++++++
 5 files changed, 101 insertions(+)
 rename src/Certify.Models/Config/{AccessControl,Config.cs => AccessControlConfig.cs} (100%)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
 create mode 100644 src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index bb7217688..ffe9d474f 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -15,6 +15,7 @@
 using Certify.Shared;
 using Newtonsoft.Json;
 using Polly;
+using Certify.Models.Config.AccessControl;
 
 namespace Certify.Client
 {
@@ -712,6 +713,11 @@ public async Task<string> RefreshAccessToken()
             return _refreshToken;
         }
 
+        public async Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples()
+        {
+            var result = await FetchAsync("access/securityprinciples");
+            return JsonConvert.DeserializeObject<List<SecurityPrinciple>>(result);
+        }
         #endregion
     }
 }
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index a216a74e4..6ccc5fb89 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -7,6 +7,7 @@
 using Certify.Models.Utils;
 using Certify.Models.Reporting;
 using Certify.Shared;
+using Certify.Models.Config.AccessControl;
 
 namespace Certify.Client
 {
@@ -130,6 +131,10 @@ public interface ICertifyInternalApiClient
         Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM = null);
 
         #endregion Accounts
+        Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples();
+        #region Access Control
+
+        #endregion
     }
 
     /// <summary>
diff --git a/src/Certify.Models/Config/AccessControl,Config.cs b/src/Certify.Models/Config/AccessControlConfig.cs
similarity index 100%
rename from src/Certify.Models/Config/AccessControl,Config.cs
rename to src/Certify.Models/Config/AccessControlConfig.cs
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
new file mode 100644
index 000000000..d4beb18bb
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
@@ -0,0 +1,50 @@
+using Certify.Client;
+using Certify.Server.API.Controllers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Certify.Models.Config.AccessControl;
+
+namespace Certify.Server.Api.Public.Controllers
+{
+    /// <summary>
+    /// Internal API controller for access related admin
+    /// </summary>
+    [Route("internal/v1/[controller]")]
+    [ApiController]
+    
+    public class AccessController : ControllerBase
+    {
+        private readonly ILogger<CertificateAuthorityController> _logger;
+
+        private readonly ICertifyInternalApiClient _client;
+
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="client"></param>
+        public AccessController(ILogger<CertificateAuthorityController> logger, ICertifyInternalApiClient client)
+        {
+            _logger = logger;
+            _client = client;
+        }
+
+        /// <summary>
+        /// Get list of Security Principles
+        /// </summary>
+        /// <returns></returns>
+        [HttpGet]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<SecurityPrinciple>))]
+        public async Task<IActionResult> GetSecurityPrinciples()
+        {
+            var list = await _client.GetAccessSecurityPrinciples();
+            return new OkObjectResult(list);
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
new file mode 100644
index 000000000..b3c66e1b6
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -0,0 +1,40 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Core.Management.Access;
+using Certify.Models.Config.AccessControl;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Certify.Service.Controllers
+{
+    [ApiController]
+    [Route("api/access")]
+    public class AccessController : ControllerBase
+    {
+        private IAccessControl _accessControl;
+
+        private string GetContextUserId()
+        {
+            // TODO: sign passed value provided by public API using public APIs access token
+            var contextUserId = Request.Headers["X-Context-User-Id"];
+            return contextUserId;
+        }
+
+        public AccessController(IAccessControl manager)
+        {
+            _accessControl = manager;
+        }
+
+        [HttpGet, Route("securityprinciples")]
+        public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
+        {
+
+            return await _accessControl.GetSecurityPrinciples(GetContextUserId());
+        }
+
+        [HttpPost, Route("updatepassword")]
+        public async Task<bool> UpdatePassword(string id, string oldpassword, string newpassword)
+        {
+            return await _accessControl.UpdateSecurityPrinciplePassword(GetContextUserId(), id: id, oldpassword: oldpassword, newpassword: newpassword);
+        }
+    }
+}

From 3825b977091ef4f6b52d3b198c60a8821578b6d2 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 18 Oct 2023 14:57:30 +0800
Subject: [PATCH 061/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj        |  3 ++-
 src/Certify.Models/Certify.Models.csproj        |  2 +-
 .../Certify.Server.Api.Public.csproj            | 17 ++++++++++-------
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index d3d975772..f874fdbfc 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,13 +18,14 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.2.23480.2" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="7.2.4" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
   <ItemGroup>
+    <ProjectReference Include="..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
     <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
 
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 680a47cbf..1aa1612ce 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 76e40b01b..504d52806 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -13,10 +13,12 @@
 
   </PropertyGroup>
 
+  
+
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.2" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.2" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.2" />
@@ -26,11 +28,12 @@
       
   </ItemGroup>
 
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
-    <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
+    <ItemGroup>
+        <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
+        <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
+        <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
 
-  </ItemGroup>
+    </ItemGroup>
 
   <ItemGroup>
     <Folder Include="Models\" />

From 99414798e4cd5c895ecb8ba026236428bbedb001 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 18 Oct 2023 15:02:13 +0800
Subject: [PATCH 062/237] Cleanup

---
 .../CertifyManager/CertifyManager.CertificateRequest.cs   | 5 +++--
 src/Certify.Models/API/LogResult.cs                       | 2 --
 src/Certify.Models/Reporting/Summary.cs                   | 7 +------
 .../Controllers/v1/CertificateController.cs               | 8 +++++---
 src/Certify.Server/Certify.Server.Api.Public/Program.cs   | 1 +
 .../Controllers/ManagedCertificateController.cs           | 3 +--
 .../Controllers/ManagedCertificateController.cs           | 2 +-
 src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs    | 2 +-
 .../Controls/ManagedCertificate/AdvancedOptions.xaml.cs   | 1 -
 .../Controls/ManagedCertificate/Dashboard.xaml.cs         | 5 +----
 .../Controls/ManagedCertificate/StatusInfo.xaml.cs        | 2 +-
 .../Controls/ManagedCertificates.xaml.cs                  | 4 ++--
 .../AppViewModel/AppViewModel.ManagedCerticates.cs        | 4 ++--
 13 files changed, 19 insertions(+), 27 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
index a8880478d..cb3eb504a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
@@ -85,9 +85,10 @@ public async Task<List<CertificateRequestResult>> PerformRenewAll(RenewalSetting
                 _itemManager,
                 settings,
                 prefs,
-           
+
                 ReportProgress, IsManagedCertificateRunning,
-                (ManagedCertificate item, IProgress<RequestProgressState> progress, bool isPreview, string reason) => { 
+                (ManagedCertificate item, IProgress<RequestProgressState> progress, bool isPreview, string reason) =>
+                {
                     return PerformCertificateRequest(null, item, progress, skipRequest: isPreview, skipTasks: isPreview, reason: reason);
                 },
                 progressTrackers);
diff --git a/src/Certify.Models/API/LogResult.cs b/src/Certify.Models/API/LogResult.cs
index 173c95220..b74bdcc2e 100644
--- a/src/Certify.Models/API/LogResult.cs
+++ b/src/Certify.Models/API/LogResult.cs
@@ -1,7 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
-using Certify.CertificateAuthorities.Definitions;
 
 namespace Certify.Models.API
 {
diff --git a/src/Certify.Models/Reporting/Summary.cs b/src/Certify.Models/Reporting/Summary.cs
index 0e1e4cc48..94129011b 100644
--- a/src/Certify.Models/Reporting/Summary.cs
+++ b/src/Certify.Models/Reporting/Summary.cs
@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-using Certify.Models;
-
-namespace Certify.Models.Reporting
+namespace Certify.Models.Reporting
 {
     public class Summary : BindableBase
     {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 4f945e5ce..261634bac 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -98,7 +98,7 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
 
             var log = await _client.GetItemLog(managedCertId, maxLines);
 
-          
+
             return new OkObjectResult(new LogResult { Items = log });
         }
 
@@ -106,6 +106,8 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
         /// Get all managed certificates matching criteria
         /// </summary>
         /// <param name="keyword"></param>
+        /// <param name="page"></param>
+        /// <param name="pageSize"></param>
         /// <returns></returns>
         [HttpGet]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
@@ -144,7 +146,7 @@ public async Task<IActionResult> GetManagedCertificates(string keyword, int? pag
 
             return new OkObjectResult(result);
         }
-        
+
         /// <summary>
         /// Get summary counts of all managed certs
         /// </summary>
@@ -162,7 +164,7 @@ public async Task<IActionResult> GetManagedCertificateSummary(string keyword)
                 {
                     Keyword = keyword
                 });
-            
+
             return new OkObjectResult(summary);
         }
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Program.cs b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
index 5841eaf67..32061a7fc 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Program.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
@@ -14,6 +14,7 @@ public class Program
         /// <param name="args"></param>
         public static void Main(string[] args)
         {
+
             CreateHostBuilder(args).Build().Run();
         }
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 856054b0e..d59f09c6b 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -2,14 +2,13 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-
 using Certify.Config;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Config;
-using Certify.Models.Utils;
 using Certify.Models.Reporting;
+using Certify.Models.Utils;
 using Microsoft.AspNetCore.Mvc;
 using Serilog;
 
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 5cd750443..5680ab0bb 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -9,8 +9,8 @@
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Config;
-using Certify.Models.Utils;
 using Certify.Models.Reporting;
+using Certify.Models.Utils;
 using Serilog;
 
 namespace Certify.Service.Controllers
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
index 205121e47..c382954f3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
@@ -1,6 +1,6 @@
-using Certify.Models.API;
 using System;
 using System.Threading.Tasks;
+using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 namespace Certify.Core.Tests.Unit
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
index bd5f3614e..8fea57666 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
@@ -6,7 +6,6 @@
 using System.Windows.Controls;
 using Certify.Locales;
 using Certify.Management;
-using Certify.UI.ViewModel;
 using Microsoft.Win32;
 
 namespace Certify.UI.Controls.ManagedCertificate
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
index c75548ae8..14197f015 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
@@ -1,7 +1,4 @@
-
-using System.Collections.ObjectModel;
-using System.ComponentModel;
-using System.Linq;
+using System.ComponentModel;
 using System.Threading.Tasks;
 using System.Windows.Controls;
 using Certify.Models;
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
index 47bea48a0..405fbd93d 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/StatusInfo.xaml.cs
@@ -99,7 +99,7 @@ private async void OpenLogFile_Click(object sender, System.Windows.RoutedEventAr
                     var log = await AppViewModel.GetItemLog(ItemViewModel.SelectedItem.Id, 1000);
                     var tempPath = System.IO.Path.GetTempFileName() + ".txt";
 
-                    System.IO.File.WriteAllLines(tempPath, log.Select(i=>i.ToString()));
+                    System.IO.File.WriteAllLines(tempPath, log.Select(i => i.ToString()));
                     _tempLogFilePath = tempPath;
 
                     try
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
index d9cf9ea77..354a7da39 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificates.xaml.cs
@@ -1,8 +1,8 @@
 using System;
 using System.ComponentModel;
 using System.Linq;
-using System.Threading.Tasks;
 using System.Threading;
+using System.Threading.Tasks;
 using System.Windows;
 using System.Windows.Controls;
 using System.Windows.Data;
@@ -138,7 +138,7 @@ public async Task Debounce(Func<Task> action)
                 Cancel(lastCancellationTokenSource);
 
                 var tokenSrc = lastCancellationTokenSource = new CancellationTokenSource();
-                
+
                 try
                 {
                     await Task.Delay(new TimeSpan(milliseconds), tokenSrc.Token);
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index c0ae7c5c2..7444298f4 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -94,7 +94,7 @@ public int NumManagedCerts
         int _filterPageIndex = 0;
         int _filterPageSize = 15;
 
-        public string FilterKeyword { get; set; }= string.Empty;
+        public string FilterKeyword { get; set; } = string.Empty;
 
         /// <summary>
         /// Refresh the cached list of managed certs via the connected service
@@ -108,7 +108,7 @@ public virtual async Task RefreshManagedCertificates()
             filter.IncludeExternal = IsFeatureEnabled(FeatureFlags.EXTERNAL_CERT_MANAGERS) && Preferences.EnableExternalCertManagers;
             filter.PageSize = _filterPageSize;
             filter.PageIndex = _filterPageIndex;
-            
+
             filter.Keyword = string.IsNullOrWhiteSpace(FilterKeyword) ? null : FilterKeyword;
 
             var result = await _certifyClient.GetManagedCertificateSearchResult(filter);

From 5a569c7e1a644ab1adcc14e6da7f39adee208184 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 18 Oct 2023 15:15:06 +0800
Subject: [PATCH 063/237] Access Control: implement user/role api and bootstrap
 of basic access config

---
 src/Certify.Client/CertifyApiClient.cs        |  14 +-
 src/Certify.Client/ICertifyClient.cs          |   8 +-
 .../Management/Access/AccessControl.cs        |  18 ++-
 .../Management/Access/IAccessControl.cs       |  11 +-
 .../CertifyManager/CertifyManager.cs          |  13 ++
 .../CertifyManager/ICertifyManager.cs         |   1 +
 .../Config/AccessControlConfig.cs             |   3 +-
 .../Providers/IAccessControlStore.cs          |   4 +-
 .../Controllers/internal/AccessController.cs  |  24 +---
 .../Controllers/AccessController.cs           | 120 +++++++++++++++++-
 .../AccessControlTests.cs                     |   8 ++
 11 files changed, 176 insertions(+), 48 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index ffe9d474f..efde8d88c 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -10,12 +10,12 @@
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Config;
-using Certify.Models.Utils;
+using Certify.Models.Config.AccessControl;
 using Certify.Models.Reporting;
+using Certify.Models.Utils;
 using Certify.Shared;
 using Newtonsoft.Json;
 using Polly;
-using Certify.Models.Config.AccessControl;
 
 namespace Certify.Client
 {
@@ -56,7 +56,7 @@ protected override Task<HttpResponseMessage> SendAsync(
     }
 
     // This version of the client communicates with the Certify.Service instance on the local machine
-    public class CertifyApiClient : ICertifyInternalApiClient
+    public partial class CertifyApiClient : ICertifyInternalApiClient
     {
         private HttpClient _client;
         private readonly string _baseUri = "/api/";
@@ -716,8 +716,14 @@ public async Task<string> RefreshAccessToken()
         public async Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples()
         {
             var result = await FetchAsync("access/securityprinciples");
-            return JsonConvert.DeserializeObject<List<SecurityPrinciple>>(result);
+            return JsonToObject<List<SecurityPrinciple>>(result);
         }
+
         #endregion
+
+        private T JsonToObject<T>(string json)
+        {
+            return JsonConvert.DeserializeObject<T>(json);
+        }
     }
 }
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 6ccc5fb89..93c0914af 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -4,10 +4,9 @@
 using Certify.Config.Migration;
 using Certify.Models;
 using Certify.Models.Config;
-using Certify.Models.Utils;
 using Certify.Models.Reporting;
+using Certify.Models.Utils;
 using Certify.Shared;
-using Certify.Models.Config.AccessControl;
 
 namespace Certify.Client
 {
@@ -15,7 +14,7 @@ namespace Certify.Client
     /// <summary>
     /// Base API
     /// </summary>
-    public interface ICertifyInternalApiClient
+    public partial interface ICertifyInternalApiClient
     {
 
         #region System
@@ -131,10 +130,7 @@ public interface ICertifyInternalApiClient
         Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM = null);
 
         #endregion Accounts
-        Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples();
-        #region Access Control
 
-        #endregion
     }
 
     /// <summary>
diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 6a26dafe8..9dcc74c3c 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -207,7 +207,7 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, st
         {
             if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning("User {contextUserId} attempted to use updated password for [{username} - {id}] without being in required role.");
+                _log?.Warning("User {contextUserId} attempted to use updated password for [{id}] without being in required role.", contextUserId, id);
                 return false;
             }
 
@@ -278,8 +278,6 @@ public string HashPassword(string password, string saltString = null)
             return hashed;
         }
 
-        public Task<List<ResourcePolicy>> GetSecurityPrincipleResourcePolicies(string contextUserId, string userId) => throw new NotImplementedException();
-
         public async Task AddRole(Role r)
         {
             await _store.Add(nameof(Role), r);
@@ -294,5 +292,19 @@ public async Task AddAction(ResourceAction action)
         {
             await _store.Add(nameof(ResourceAction), action);
         }
+
+        public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id)
+        {
+
+            if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            {
+                _log?.Warning("User {contextUserId} attempted to read assigned role for [{id}] without being in required role.", contextUserId, id);
+                return new List<AssignedRole>();
+            }
+
+            var assignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
+
+            return assignedRoles.Where(r => r.SecurityPrincipleId == id).ToList();
+        }
     }
 }
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
index a6593f4a5..b5a4b8c2a 100644
--- a/src/Certify.Core/Management/Access/IAccessControl.cs
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -9,9 +9,9 @@ public interface IAccessControl
         Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy resourceProfile, bool bypassIntegrityCheck = false);
         Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinciple principle, bool bypassIntegrityCheck = false);
         Task<bool> DeleteSecurityPrinciple(string contextUserId, string id, bool allowSelfDelete = false);
-        Task<List<ResourcePolicy>> GetSecurityPrincipleResourcePolicies(string contextUserId, string userId);
         Task<List<SecurityPrinciple>> GetSecurityPrinciples(string contextUserId);
-        
+        Task<SecurityPrinciple> GetSecurityPrinciple(string contextUserId, string id);
+
         /// <summary>
         /// Get the list of standard roles built-in to the system
         /// </summary>
@@ -19,7 +19,14 @@ public interface IAccessControl
         Task<List<Role>> GetSystemRoles();
         Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier);
         Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
+        Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id);
         Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle);
         Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, string id, string oldpassword, string newpassword);
+
+        Task AddRole(Role role);
+        Task AddAssignedRole(AssignedRole assignedRole);
+        Task AddAction(ResourceAction action);
+
+
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 81a2fb903..c9c0e05be 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -8,6 +8,7 @@
 using System.Threading.Tasks;
 using Certify.Config.Migration;
 using Certify.Core.Management;
+using Certify.Core.Management.Access;
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
 using Certify.Models;
@@ -642,5 +643,17 @@ public Task ApplyPreferences()
 
             return Task.FromResult(true);
         }
+
+        private IAccessControl _accessControl;
+        public Task<IAccessControl> GetCurrentAccessControl()
+        {
+            if (_accessControl == null)
+            {
+                var store = new SQLiteAccessControlStore();
+                _accessControl = new AccessControl(_serviceLog, store);
+            }
+
+            return Task.FromResult(_accessControl);
+        }
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index c4c3fac72..2327eec54 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -109,5 +109,6 @@ public interface ICertifyManager
         Task<List<ActionStep>> RemoveDataStoreConnection(string dataStoreId);
         Task<List<ActionStep>> TestDataStoreConnection(DataStoreConnection connection);
         Task<ActionResult> TestCredentials(string storageKey);
+        Task<Core.Management.Access.IAccessControl> GetCurrentAccessControl();
     }
 }
diff --git a/src/Certify.Models/Config/AccessControlConfig.cs b/src/Certify.Models/Config/AccessControlConfig.cs
index 3e8f0cdd3..ffa269302 100644
--- a/src/Certify.Models/Config/AccessControlConfig.cs
+++ b/src/Certify.Models/Config/AccessControlConfig.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 
 namespace Certify.Models.Config.AccessControl
 {
diff --git a/src/Certify.Models/Providers/IAccessControlStore.cs b/src/Certify.Models/Providers/IAccessControlStore.cs
index 2a2a70408..6aa6d62c3 100644
--- a/src/Certify.Models/Providers/IAccessControlStore.cs
+++ b/src/Certify.Models/Providers/IAccessControlStore.cs
@@ -1,6 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 
 namespace Certify.Providers
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
index d4beb18bb..664d6b6bd 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
@@ -1,23 +1,16 @@
 using Certify.Client;
 using Certify.Server.API.Controllers;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
-using Certify.Models.Config.AccessControl;
 
 namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
-    /// Internal API controller for access related admin
+    /// Internal API controller for access related admin. Some controller endpoints may be Source Generated by Certify.SourceGenerators.
     /// </summary>
     [Route("internal/v1/[controller]")]
     [ApiController]
-    
-    public class AccessController : ControllerBase
+    public partial class AccessController : ControllerBase
     {
         private readonly ILogger<CertificateAuthorityController> _logger;
 
@@ -33,18 +26,5 @@ public AccessController(ILogger<CertificateAuthorityController> logger, ICertify
             _logger = logger;
             _client = client;
         }
-
-        /// <summary>
-        /// Get list of Security Principles
-        /// </summary>
-        /// <returns></returns>
-        [HttpGet]
-        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<SecurityPrinciple>))]
-        public async Task<IActionResult> GetSecurityPrinciples()
-        {
-            var list = await _client.GetAccessSecurityPrinciples();
-            return new OkObjectResult(list);
-        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index b3c66e1b6..758956746 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,6 +1,9 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Certify.Core.Management.Access;
+using Certify.Management;
 using Certify.Models.Config.AccessControl;
 using Microsoft.AspNetCore.Mvc;
 
@@ -10,31 +13,136 @@ namespace Certify.Service.Controllers
     [Route("api/access")]
     public class AccessController : ControllerBase
     {
-        private IAccessControl _accessControl;
+        private ICertifyManager _certifyManager;
 
         private string GetContextUserId()
         {
             // TODO: sign passed value provided by public API using public APIs access token
             var contextUserId = Request.Headers["X-Context-User-Id"];
+
+#if DEBUG
+            if (string.IsNullOrEmpty(contextUserId))
+            {
+                // TODO: our context user has to at least come from a valid JWT claim
+                contextUserId = "admin_01";
+            }
+#endif
             return contextUserId;
         }
 
-        public AccessController(IAccessControl manager)
+        public AccessController(ICertifyManager certifyManager)
+        {
+            _certifyManager = certifyManager;
+        }
+
+#if DEBUG
+        private async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
         {
-            _accessControl = manager;
+
+            var adminSp = new SecurityPrinciple
+            {
+                Id = "admin_01",
+                Email = "admin@test.com",
+                Description = "Primary test admin",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "admin",
+                Provider = StandardProviders.INTERNAL
+            };
+
+            await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
+
+            var actions = Policies.GetStandardResourceActions();
+
+            foreach (var action in actions)
+            {
+                await access.AddAction(action);
+            }
+
+            // setup policies with actions
+
+            var policies = Policies.GetStandardPolicies();
+
+            // add policies to store
+            foreach (var r in policies)
+            {
+                _ = await access.AddResourcePolicy(adminSp.Id, r, bypassIntegrityCheck: true);
+            }
+
+            // setup roles with policies
+            var roles = await access.GetSystemRoles();
+
+            foreach (var r in roles)
+            {
+                // add roles and policy assignments to store
+                await access.AddRole(r);
+            }
+
+            // assign security principles to roles
+            var assignedRoles = new List<AssignedRole> {
+                 // administrator
+                 new AssignedRole{
+                     Id= Guid.NewGuid().ToString(),
+                     RoleId=StandardRoles.Administrator.Id,
+                     SecurityPrincipleId=adminSp.Id
+                 }
+            };
+
+            foreach (var r in assignedRoles)
+            {
+                // add roles and policy assignments to store
+                await access.AddAssignedRole(r);
+            }
         }
 
+#endif
+
         [HttpGet, Route("securityprinciples")]
         public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
         {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+
+            var results = await accessControl.GetSecurityPrinciples(GetContextUserId());
+
+#if DEBUG
+            // bootstrap the default user
+            if (!results.Any())
+            {
+                await BootstrapTestAdminUserAndRoles(accessControl);
+                results = await accessControl.GetSecurityPrinciples(GetContextUserId());
+            }
+#endif
+            foreach (var r in results)
+            {
+                r.AuthKey = "<sanitized>";
+                r.Password = "<sanitized>";
+            }
+
+            return results;
+        }
+
+        [HttpGet, Route("roles")]
+        public async Task<List<Role>> GetRoles()
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var roles = await accessControl.GetSystemRoles();
+            return roles;
+        }
+
+        [HttpGet, Route("securityprinciple/{id}/assignedroles")]
+        public async Task<List<AssignedRole>> GetSecurityPrincipleAssignedRoles(string id)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+
+            var results = await accessControl.GetAssignedRoles(GetContextUserId(), id);
 
-            return await _accessControl.GetSecurityPrinciples(GetContextUserId());
+            return results;
         }
 
         [HttpPost, Route("updatepassword")]
         public async Task<bool> UpdatePassword(string id, string oldpassword, string newpassword)
         {
-            return await _accessControl.UpdateSecurityPrinciplePassword(GetContextUserId(), id: id, oldpassword: oldpassword, newpassword: newpassword);
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            return await accessControl.UpdateSecurityPrinciplePassword(GetContextUserId(), id: id, oldpassword: oldpassword, newpassword: newpassword);
         }
     }
 }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
index 3bb72c655..138fbad82 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
@@ -160,6 +160,11 @@ public async Task TestAccessControlChecks()
 
             // assign security principles to roles
             var assignedRoles = new List<AssignedRole> {
+                 // test administrator
+                new AssignedRole{
+                    RoleId=StandardRoles.Administrator.Id,
+                    SecurityPrincipleId="[test]"
+                },
                 // administrator
                 new AssignedRole{
                     RoleId=StandardRoles.Administrator.Id,
@@ -184,6 +189,9 @@ public async Task TestAccessControlChecks()
 
             // assert
 
+            var adminAssignedRoles = await access.GetAssignedRoles(contextUserId, "admin_01");
+            Assert.AreEqual(1, adminAssignedRoles.Count);
+
             var hasAccess = await access.IsPrincipleInRole(contextUserId, "admin_01", StandardRoles.Administrator.Id);
             Assert.IsTrue(hasAccess, "User should be in role");
 

From f981279b38b02875ce00799495e9d18bf92d9491 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 19 Oct 2023 08:11:37 -0700
Subject: [PATCH 064/237] Created basic unit tests for the Loggy class in
 Certify.Shared.Core

Created this basic unit tests for Loggy as an easy entry point into writing MSTest C# unit tests for a simple wrapper class, increased unit test code coverage for Loggy.cs to 100%
https://github.com/webprofusion/certify-general/issues/7
---
 .../Certify.Core.Tests.Unit/LoggyTests.cs     | 170 ++++++++++++++++++
 1 file changed, 170 insertions(+)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
new file mode 100644
index 000000000..a3283b9a4
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
@@ -0,0 +1,170 @@
+using System;
+using System.IO;
+using Certify.Models;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Serilog;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class LoggyTests
+    {
+        private string logFilePath = "C:\\ProgramData\\certify\\Tests\\test.log";
+
+        [TestInitialize]
+        public void TestInitialize()
+        {
+            File.Delete(this.logFilePath);
+        }
+
+        [TestCleanup]
+        public void TestCleanup()
+        {
+            File.Delete(this.logFilePath);
+        }
+
+        [TestMethod, Description("Test Loggy.Error() Method")]
+        public void TestLoggyError()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Log an error message using Loggy.Error()
+            var logMessage = "New Loggy Error";
+            log.Error(logMessage);
+            logImp.Dispose();
+
+            // Read in logged out error text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out error text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged error message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[ERR]"), "Logged error message should contain '[ERR]'");
+        }
+
+        [TestMethod, Description("Test Loggy.Error() Method (Exception)")]
+        public void TestLoggyErrorException()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Trigger an exception error and log it using Loggy.Error()
+            var logMessage = "New Loggy Exception Error";
+            var exceptionError = "System.IO.FileNotFoundException: Could not find file 'C:\\ProgramData\\certify\\Tests\\test1.log'.";
+            try
+            {
+                var badFilePath = "C:\\ProgramData\\certify\\Tests\\test1.log";
+                var nullObject = File.ReadAllBytes(badFilePath);
+            }
+            catch (Exception e)
+            {
+                log.Error(e, logMessage);
+            }
+            logImp.Dispose();
+
+            // Read in logged out exception error text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out exception error text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged error message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[ERR]"), "Logged error message should contain '[ERR]'");
+            Assert.IsTrue(logText.Contains(exceptionError), $"Logged error message should contain exception error '{exceptionError}'");
+        }
+
+        [TestMethod, Description("Test Loggy.Information() Method")]
+        public void TestLoggyInformation()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Log an info message using Loggy.Information()
+            var logMessage = "New Loggy Information";
+            log.Information(logMessage);
+            logImp.Dispose();
+
+            // Read in logged out info text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out info text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged info message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[INF]"), "Logged info message should contain '[INF]'");
+        }
+
+        [TestMethod, Description("Test Loggy.Debug() Method")]
+        public void TestLoggyDebug()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .MinimumLevel.Debug()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Log a debug message using Loggy.Debug()
+            var logMessage = "New Loggy Debug";
+            log.Debug(logMessage);
+            logImp.Dispose();
+
+            // Read in logged out debug text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out debug text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged debug message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[DBG]"), "Logged debug message should contain '[DBG]'");
+        }
+
+        [TestMethod, Description("Test Loggy.Verbose() Method")]
+        public void TestLoggyVerbose()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .MinimumLevel.Verbose()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Log a verbose message using Loggy.Verbose()
+            var logMessage = "New Loggy Verbose";
+            log.Verbose(logMessage);
+            logImp.Dispose();
+
+            // Read in logged out verbose text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out verbose text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged verbose message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[VRB]"), "Logged verbose message should contain '[VRB]'");
+        }
+
+        [TestMethod, Description("Test Loggy.Warning() Method")]
+        public void TestLoggyWarning()
+        {
+            // Setup instance of Loggy
+            var logImp = new LoggerConfiguration()
+                .WriteTo.File(this.logFilePath)
+                .CreateLogger();
+            var log = new Loggy(logImp);
+
+            // Log a warning message using Loggy.Warning()
+            var logMessage = "New Loggy Warning";
+            log.Warning(logMessage);
+            logImp.Dispose();
+
+            // Read in logged out warning text
+            var logText = File.ReadAllText(this.logFilePath);
+
+            // Validate logged out warning text
+            Assert.IsTrue(logText.Contains(logMessage), $"Logged warning message should contain '{logMessage}'");
+            Assert.IsTrue(logText.Contains("[WRN]"), "Logged warning message should contain '[WRN]'");
+        }
+    }
+}

From 36c90af6425128630a1f42f0caf66d5d9ec7e362 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 20 Oct 2023 17:13:42 +0800
Subject: [PATCH 065/237] DNS: add experimental dns provider caching

---
 .../Challenges/ChallengeResponseService.cs    |  8 +--
 .../Challenges/DNS/DnsChallengeHelper.cs      | 49 +++++++++++++++++--
 2 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs b/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
index f7adadcab..4ac46c835 100644
--- a/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
+++ b/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
@@ -621,7 +621,7 @@ private Func<bool> PrepareChallengeResponse_TlsSni01(ILog log, ITargetWebServer
 
         private DnsChallengeHelper _dnsHelper = null;
 
-        private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, bool isCleanupOnly, ICredentialsManager credentialsManager)
+        private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, ICredentialsManager credentialsManager)
         {
             var dnsChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS);
 
@@ -639,12 +639,12 @@ private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog
             }
 
             // create DNS records (manually or via automation)
-            if (_dnsHelper == null)
-            {
+            if (_dnsHelper == null) {
                 _dnsHelper = new DnsChallengeHelper(credentialsManager);
             }
 
-            DnsChallengeHelperResult dnsResult;
+            var dnsResult = await _dnsHelper.CompleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value, isTestMode);
+
             if (!isCleanupOnly)
             {
                 dnsResult = await _dnsHelper.CompleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value, isTestMode);
diff --git a/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs b/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
index f8fa7f26b..dca4b4be0 100644
--- a/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
+++ b/src/Certify.Core/Management/Challenges/DNS/DnsChallengeHelper.cs
@@ -6,6 +6,7 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Providers;
+using Newtonsoft.Json;
 
 namespace Certify.Core.Management.Challenges
 {
@@ -94,6 +95,46 @@ public async Task<DnsChallengeHelperResult> GetDnsProvider(string providerTypeId
             };
         }
 
+        private Dictionary<string, IDnsProvider> _dnsProviderCache = new Dictionary<string, IDnsProvider>();
+        private bool _useDnsProviderCaching = false;
+
+        /// <summary>
+        /// Gets optionally cached DNS provider instance, caching may be based credentials/parameters to allow for zone query caching. TODO: log context will be first caller instead of current
+        /// </summary>
+        /// <param name="log"></param>
+        /// <param name="challengeProvider"></param>
+        /// <param name="credentials"></param>
+        /// <param name="parameters"></param>
+        /// <returns></returns>
+        private async Task<IDnsProvider> GetDnsProvider(ILog log, string challengeProvider, Dictionary<string, string> credentials, Dictionary<string, string> parameters)
+        {
+
+            IDnsProvider dnsAPIProvider = null;
+
+            if (_useDnsProviderCaching)
+            {
+                // construct basic cache key for dns provider and credentials combo
+                var providerCacheKey = challengeProvider + (challengeProvider + JsonConvert.SerializeObject(credentials ?? new Dictionary<string, string>()) + JsonConvert.SerializeObject(parameters ?? new Dictionary<string, string>())).GetHashCode().ToString();
+                if (_dnsProviderCache.ContainsKey(providerCacheKey))
+                {
+                    log.Warning("Developer Note: DNS provider log context will be first caller instead of current");
+
+                    dnsAPIProvider = _dnsProviderCache[providerCacheKey];
+                }
+                else
+                {
+                    dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeProvider, credentials, parameters, log);
+                    _dnsProviderCache.Add(providerCacheKey, dnsAPIProvider);
+                }
+            }
+            else
+            {
+                dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeProvider, credentials, parameters, log);
+            }
+
+            return dnsAPIProvider;
+        }
+
         public async Task<DnsChallengeHelperResult> CompleteDNSChallenge(ILog log, ManagedCertificate managedcertificate, CertIdentifierItem domain, string txtRecordName, string txtRecordValue, bool isTestMode)
         {
             // for a given managed site configuration, attempt to complete the required challenge by
@@ -129,7 +170,7 @@ public async Task<DnsChallengeHelperResult> CompleteDNSChallenge(ILog log, Manag
 
             try
             {
-                dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeConfig.ChallengeProvider, credentials, parameters, log);
+                dnsAPIProvider = await GetDnsProvider(log, challengeConfig.ChallengeProvider, credentials, parameters);
             }
             catch (ChallengeProviders.CredentialsRequiredException)
             {
@@ -358,15 +399,15 @@ public async Task<DnsChallengeHelperResult> DeleteDNSChallenge(ILog log, Managed
 
             try
             {
-                dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeConfig.ChallengeProvider, credentials, parameters);
+                dnsAPIProvider = await GetDnsProvider(log, challengeConfig.ChallengeProvider, credentials, parameters);
             }
             catch (ChallengeProviders.CredentialsRequiredException)
             {
-                return new DnsChallengeHelperResult(failureMsg: "This DNS Challenge API requires one or more credentials to be specified.");
+                return new DnsChallengeHelperResult("This DNS Challenge API requires one or more credentials to be specified.");
             }
             catch (Exception exp)
             {
-                return new DnsChallengeHelperResult(failureMsg: $"DNS Challenge API Provider could not be created. Check all required credentials are set. {exp.ToString()}");
+                return new DnsChallengeHelperResult($"DNS Challenge API Provider could not be created. Check all required credentials are set. {exp.ToString()}");
             }
 
             if (dnsAPIProvider == null)

From e7d8214507b9dccfa176a04f5e9fde8692707036 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 19 Oct 2023 22:26:25 -0700
Subject: [PATCH 066/237] Simplify SelectCAWithFailover based on
 GetAccountsWithRequiredCAFeatures

Filtering logic for SelectCAWithFailover() on line 323 is already handled in GetAccountsWithRequiredCAFeatures() on line 280

Change IP_SINGLE feature logic to match DOMAIN_SINGLE logic (line 252)

Expanded unit testing scenarios in CAFailoverTests for RenewalManager

Added in the start of a test for CAs with TnAuthList

Code is commented out, as it requires addition setup info (A test CA auth token) to function properly

Split up existing AccessControl unit test and added new tests

The existing unit test for Access Control was testing too many things, so it was split into several tests, and new tests were added for testing methods such as GetSecurityPrinciple(), UpdateSecurityPrinciple(), and DeleteSecurityPrinciple().

Update fixing the Update() method for MemoryObjectStore

The existing method did not correctly call TryUpdate() as it did not use the previous value of the key for comparison

See https://learn.microsoft.com/en-us/dotnet/api/system.collections.concurrent.concurrentdictionary-2.tryupdate?view=net-7.0

Fixes for UpdateSecurityPrinciple and DeleteSecurityPrinciple failures

The current logic for these methods to not report back if the data mutation methods fail, and assume they always succeed.

Added test for AccessControl.UpdateSecurityPrinciplePassword()

Added more negative testing for error cases of methods in AccessControl

One if-logic branch of IsAuthorised() is still uncovered on line 174 of AccessControl

Added TestInitialize Method to reduce duplication in AccessControlTests
---
 .../Management/Access/AccessControl.cs        |  20 +-
 src/Certify.Core/Management/RenewalManager.cs |   4 +-
 .../AccessControlTests.cs                     | 741 +++++++++++++++---
 .../CAFailoverTests.cs                        |  63 +-
 4 files changed, 689 insertions(+), 139 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 9dcc74c3c..f73d9baa1 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -64,7 +64,15 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
                 return false;
             }
 
-            await _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
+            try
+            {
+                var updated = _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
+            }
+            catch
+            {
+                _log?.Warning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}], but was not successful");
+                return false;
+            }
 
             _log?.Information($"User {contextUserId} updated security principle [{principle?.Id}] {principle?.Username}");
             return true;
@@ -92,8 +100,13 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
 
             var existing = await GetSecurityPrinciple(contextUserId, id);
 
-            await _store.Delete<SecurityPrinciple>(nameof(SecurityPrinciple), id);
+            var deleted = await _store.Delete<SecurityPrinciple>(nameof(SecurityPrinciple), id);
 
+            if (deleted != true)
+            {
+                _log?.Warning($"User {contextUserId} attempted to delete security principle [{id}] {existing?.Username}, but was not successful");
+                return false;
+            }
             // TODO: remove assigned roles
 
             _log?.Information($"User {contextUserId} deleted security principle [{id}] {existing?.Username}");
@@ -127,7 +140,8 @@ public async Task<bool> IsAuthorised(string contextUserId, string principleId, s
 
             if (spAssignedPolicies.Any(a => a.ResourceActions.Contains(actionId)))
             {
-                // if and of the service principles assigned roles are restricted by the type of resource type, check for identifier matches (e.g. role assignment restricted on domains )
+                // if any of the service principles assigned roles are restricted by the type of resource type,
+                // check for identifier matches (e.g. role assignment restricted on domains )
                 if (spSpecificAssignedRoles.Any(a => a.IncludedResources.Any(r => r.ResourceType == resourceType)))
                 {
                     var allIncludedResources = spSpecificAssignedRoles.SelectMany(a => a.IncludedResources).Distinct();
diff --git a/src/Certify.Core/Management/RenewalManager.cs b/src/Certify.Core/Management/RenewalManager.cs
index e93a25f4b..32a4c92c2 100644
--- a/src/Certify.Core/Management/RenewalManager.cs
+++ b/src/Certify.Core/Management/RenewalManager.cs
@@ -257,7 +257,7 @@ private static List<AccountDetails> GetAccountsWithRequiredCAFeatures(ManagedCer
                 requiredCaFeatures.Add(CertAuthoritySupportedRequests.DOMAIN_MULTIPLE_SAN);
             }
 
-            if (identifiers.Any(i => i.IdentifierType == CertIdentifierType.Ip))
+            if (identifiers.Count(i => i.IdentifierType == CertIdentifierType.Ip) == 1)
             {
                 requiredCaFeatures.Add(CertAuthoritySupportedRequests.IP_SINGLE);
             }
@@ -320,7 +320,7 @@ public static AccountDetails SelectCAWithFailover(ICollection<CertificateAuthori
                 if (fallbackAccounts.Any())
                 {
                     // use the next suitable fallback account
-                    var nextFallback = fallbackAccounts.FirstOrDefault(f => f.CertificateAuthorityId != item.LastAttemptedCA && f.CertificateAuthorityId != defaultMatchingAccount?.CertificateAuthorityId);
+                    var nextFallback = fallbackAccounts.FirstOrDefault(f => f.CertificateAuthorityId != item.LastAttemptedCA);
 
                     if (nextFallback != null)
                     {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
index 138fbad82..66c6bb8bf 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
@@ -52,174 +52,679 @@ public Task Add<T>(string itemType, T item)
         public Task Update<T>(string itemType, T item)
         {
             var o = item as AccessStoreItem;
-            return Task.FromResult(_store.TryUpdate(o.Id, o, o));
+            _store.TryGetValue(o.Id, out var value);
+            var c = Task.FromResult((T)Convert.ChangeType(value, typeof(T))).Result as AccessStoreItem;
+            var r = Task.FromResult(_store.TryUpdate(o.Id, o, c));
+            if(r.Result == false)
+            {
+                throw new Exception("Could not store item type");
+            }
+
+            return r;
         }
     }
 
-    [TestClass]
-    public class AccessControlTests
+    public class TestAssignedRoles
     {
-        private List<SecurityPrinciple> GetTestSecurityPrinciples()
+        public static AssignedRole TestAdmin { get; } = new AssignedRole
+        { // test administrator
+            RoleId = StandardRoles.Administrator.Id,
+            SecurityPrincipleId = "[test]"
+        };
+        public static AssignedRole Admin { get; } = new AssignedRole
+        { // administrator
+            RoleId = StandardRoles.Administrator.Id,
+            SecurityPrincipleId = "admin_01"
+        };
+        public static AssignedRole DevopsUserDomainConsumer { get; } = new AssignedRole
+        { // devops user in consumer role for a specific domain
+            RoleId = StandardRoles.CertificateConsumer.Id,
+            SecurityPrincipleId = "devops_user_01",
+            IncludedResources = new List<Resource>{
+                new Resource{ ResourceType=ResourceTypes.Domain, Identifier="www.example.com" },
+            }
+        };
+        public static AssignedRole DevopsUserWildcardDomainConsumer { get; } = new AssignedRole
+        { // devops user in consumer role for a wildcard domain
+            RoleId = StandardRoles.CertificateConsumer.Id,
+            SecurityPrincipleId = "devops_user_01",
+            IncludedResources = new List<Resource>{
+                new Resource{ ResourceType=ResourceTypes.Domain, Identifier="*.microsoft.com" },
+            }
+        };
+    }
+
+    public class TestSecurityPrinciples
+    {
+        public static SecurityPrinciple TestAdmin() 
+        { 
+            return new SecurityPrinciple
+            {
+                Id = "[test]",
+                Username = "test administrator",
+                Description = "Example test administrator used as context user during test",
+                Email = "test_admin@test.com",
+                Password = "ABCDEFG",
+                PrincipleType = SecurityPrincipleType.User
+            }; 
+        }
+        public static SecurityPrinciple Admin()
+        {
+            return new SecurityPrinciple
+            {
+                Id = "admin_01",
+                Username = "admin",
+                Description = "Administrator account",
+                Email = "info@test.com",
+                Password = "ABCDEFG",
+                PrincipleType = SecurityPrincipleType.User,
+            };
+        }
+        public static SecurityPrinciple DomainOwner()
+        {
+            return new SecurityPrinciple
+            {
+                Id = "domain_owner_01",
+                Username = "demo_owner",
+                Description = "Example domain owner",
+                Email = "domains@test.com",
+                Password = "ABCDEFG",
+                PrincipleType = SecurityPrincipleType.User,
+            };
+        }
+        public static SecurityPrinciple DevopsUser()
         {
-            return new List<SecurityPrinciple>
+            return new SecurityPrinciple
             {
-                new SecurityPrinciple
-                {
-                    Id = "admin_01",
-                    Username = "admin",
-                    Description = "Administrator account",
-                    Email = "info@test.com",
-                    Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User
-                },
-                new SecurityPrinciple
-                {
-                    Id = "domain_owner_01",
-                    Username = "demo_owner",
-                    Description = "Example domain owner",
-                    Email = "domains@test.com",
-                    Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User
-                },
-                new SecurityPrinciple
-                {
-                    Id = "devops_user_01",
-                    Username = "devops_01",
-                    Description = "Example devops user",
-                    Email = "devops01@test.com",
-                    Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User
-                },
-                new SecurityPrinciple
-                {
-                    Id = "devops_app_01",
-                    Username = "devapp_01",
-                    Description = "Example devops app domain consumer",
-                    Email = "dev_app01@test.com",
-                    Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User
-                },
-                    new SecurityPrinciple
-                {
-                    Id = "[test]",
-                    Username = "test administrator",
-                    Description = "Example test administrator used as context user during test",
-                    Email = "test_admin@test.com",
-                    Password = "ABCDEFG",
-                    PrincipleType = SecurityPrincipleType.User
-                }
+                Id = "devops_user_01",
+                Username = "devops_01",
+                Description = "Example devops user",
+                Email = "devops01@test.com",
+                Password = "ABCDEFG",
+                PrincipleType = SecurityPrincipleType.User,
             };
         }
+        public static SecurityPrinciple DevopsAppDomainConsumer()
+        {
+            return new SecurityPrinciple
+            {
+                Id = "devops_app_01",
+                Username = "devapp_01",
+                Description = "Example devops app domain consumer",
+                Email = "dev_app01@test.com",
+                Password = "ABCDEFG",
+                PrincipleType = SecurityPrincipleType.User,
+            };
+        }
+    }
 
-        [TestMethod]
-        public async Task TestAccessControlChecks()
+    [TestClass]
+    public class AccessControlTests
+    {
+        private Loggy loggy;
+        private AccessControl access;
+        private const string contextUserId = "[test]";
+
+        [TestInitialize]
+        public void TestInitialize()
         {
-            var log = new LoggerConfiguration()
+            this.loggy = new Loggy(new LoggerConfiguration()
                 .WriteTo.Debug()
-                .CreateLogger();
-
-            var loggy = new Loggy(log);
+                .CreateLogger());
+            this.access = new AccessControl(loggy, new MemoryObjectStore());
+        }
 
-            var access = new AccessControl(loggy, new MemoryObjectStore());
+        [TestMethod]
+        public async Task TestAccessControlAddGetSecurityPrinciples()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
-            var contextUserId = "[test]";
+            // Get stored security principles
+            var storedSecurityPrinciples = await access.GetSecurityPrinciples(contextUserId);
 
-            // add test security principles
-            var allPrinciples = GetTestSecurityPrinciples();
-            foreach (var p in allPrinciples)
+            // Validate SecurityPrinciple list returned by AccessControl.GetSecurityPrinciples()
+            Assert.IsNotNull(storedSecurityPrinciples, "Expected list returned by AccessControl.GetSecurityPrinciples() to not be null");
+            Assert.AreEqual(2, storedSecurityPrinciples.Count, "Expected list returned by AccessControl.GetSecurityPrinciples() to have 2 SecurityPrinciple objects");
+            foreach (var passedPrinciple in adminSecurityPrinciples)
             {
-                _ = await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true);
+                Assert.IsNotNull(storedSecurityPrinciples.Find(x => x.Id == passedPrinciple.Id), $"Expected a SecurityPrinciple returned by GetSecurityPrinciples() to match Id '{passedPrinciple.Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
             }
+        }
 
-            // setup known actions
-            var actions = Policies.GetStandardResourceActions();
+        [TestMethod]
+        public async Task TestAccessControlGetSecurityPrinciplesNoRoles()
+        {
+            // Add test security principles
+            var securityPrincipleAdded = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.TestAdmin());
+
+            // Get stored security principles
+            Assert.IsFalse(securityPrincipleAdded, $"Expected AddSecurityPrinciple() to be unsuccessful without roles defined for {contextUserId}");
+        }
 
-            foreach (var action in actions)
+        [TestMethod]
+        public async Task TestAccessControlAddGetSecurityPrinciple()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            foreach (var securityPrinciple in adminSecurityPrinciples)
             {
-                await access.AddAction(action);
+                // Get stored security principle
+                var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, securityPrinciple.Id);
+
+                // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple()
+                Assert.IsNotNull(storedSecurityPrinciple, "Expected object returned by AccessControl.GetSecurityPrinciple() to not be null");
+                Assert.AreEqual(storedSecurityPrinciple.Id, securityPrinciple.Id, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Id '{securityPrinciple.Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
             }
+        }
 
-            // setup policies with actions
+        [TestMethod]
+        public async Task TestAccessControlAddGetAssignedRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
-            var policies = Policies.GetStandardPolicies();
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
 
-            // add policies to store
-            foreach (var r in policies)
-            {
-                _ = await access.AddResourcePolicy(contextUserId, r, bypassIntegrityCheck: true);
-            }
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
 
-            // setup roles with policies
-            var roles = await access.GetSystemRoles();
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
 
-            foreach (var r in roles)
+            // Validate AssignedRole list returned by AccessControl.GetAssignedRoles()
+            foreach (var assignedRole in assignedRoles)
             {
-                // add roles and policy assignments to store
-                await access.AddRole(r);
+                var adminAssignedRoles = await access.GetAssignedRoles(contextUserId, assignedRole.SecurityPrincipleId);
+                Assert.IsNotNull(adminAssignedRoles, "Expected list returned by AccessControl.GetAssignedRoles() to not be null");
+                Assert.AreEqual(1, adminAssignedRoles.Count, "Expected list returned by AccessControl.GetAssignedRoles() to have 1 AssignedRole object");
+                Assert.AreEqual(assignedRole.SecurityPrincipleId, adminAssignedRoles[0].SecurityPrincipleId, "Expected AssignedRole returned by GetAssignedRoles() to match SecurityPrincipleId of AssignedRole passed into AddAssignedRole()");
             }
+        }
 
-            // assign security principles to roles
-            var assignedRoles = new List<AssignedRole> {
-                 // test administrator
-                new AssignedRole{
-                    RoleId=StandardRoles.Administrator.Id,
-                    SecurityPrincipleId="[test]"
-                },
-                // administrator
-                new AssignedRole{
-                    RoleId=StandardRoles.Administrator.Id,
-                    SecurityPrincipleId="admin_01"
-                },
-                // devops user in consumer role for a couple of specific domains
-                new AssignedRole{
-                    RoleId=StandardRoles.CertificateConsumer.Id,
-                    SecurityPrincipleId="devops_user_01",
-                    IncludedResources=new List<Resource>{
-                        new Resource{ ResourceType=ResourceTypes.Domain, Identifier="www.example.com" },
-                        new Resource{ ResourceType=ResourceTypes.Domain, Identifier="*.microsoft.com" }
-                    }
-                }
-            };
+        [TestMethod]
+        public async Task TestAccessControlGetAssignedRolesNoRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Validate AssignedRole list returned by AccessControl.GetAssignedRoles()
+            var adminAssignedRoles = await access.GetAssignedRoles(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsNotNull(adminAssignedRoles, "Expected list returned by AccessControl.GetAssignedRoles() to not be null");
+            Assert.AreEqual(0, adminAssignedRoles.Count, "Expected list returned by AccessControl.GetAssignedRoles() to have no AssignedRole objects");
+        }
 
-            foreach (var r in assignedRoles)
-            {
-                // add roles and policy assignments to store
-                await access.AddAssignedRole(r);
-            }
+        [TestMethod]
+        public async Task TestAccessControlAddResourcePolicyNoRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
 
-            // assert
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var addedResourcePolicy = await access.AddResourcePolicy(contextUserId, policy);
 
-            var adminAssignedRoles = await access.GetAssignedRoles(contextUserId, "admin_01");
-            Assert.AreEqual(1, adminAssignedRoles.Count);
+            // Validate that AddResourcePolicy() failed when no roles are defined
+            Assert.IsFalse(addedResourcePolicy, $"Unable to add a resource policy using {contextUserId} when roles are undefined");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrinciple()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Update security principle in AccessControl with a new principle object of the same Id, but different email
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            newSecurityPrinciple.Email = "new_test_email@test.com";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
+            Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to succeed");
+
+            // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after update
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, newSecurityPrinciple.Id);
+            Assert.AreNotEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to not match previous Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+            Assert.AreEqual(storedSecurityPrinciple.Email, newSecurityPrinciple.Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match updated Email '{newSecurityPrinciple.Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+        }
 
-            var hasAccess = await access.IsPrincipleInRole(contextUserId, "admin_01", StandardRoles.Administrator.Id);
-            Assert.IsTrue(hasAccess, "User should be in role");
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrincipleNoRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Update security principle in AccessControl with a new principle object of the same Id, but different email, with roles undefined
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            newSecurityPrinciple.Email = "new_test_email@test.com";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
+            Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to be unsuccessful without roles defined");
+        }
 
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrincipleBadUpdate()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Update security principle in AccessControl with a new principle object with a bad Id name and different email
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            newSecurityPrinciple.Email = "new_test_email@test.com";
+            newSecurityPrinciple.Id = "missing_username";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
+            Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to be unsuccessful with bad update data (Id does not already exist in store)");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrinciplePassword()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var firstPassword = adminSecurityPrinciples[0].Password;
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            var firstPasswordHashed = access.HashPassword(firstPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+            Assert.AreEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Update security principle in AccessControl with a new password
+            var newPassword = "GFEDCBA";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword, newPassword);
+            Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to succeed");
+
+            // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after update
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            var newPasswordHashed = access.HashPassword(newPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+            Assert.AreNotEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to not match previous Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+            Assert.AreEqual(storedSecurityPrinciple.Password, newPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match updated Password '{newPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrinciplePasswordNoRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var firstPassword = adminSecurityPrinciples[0].Password;
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Update security principle in AccessControl with a new password
+            var newPassword = "GFEDCBA";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword, newPassword);
+            Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to fail without roles");
+
+            // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after failed update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            var firstPasswordHashed = access.HashPassword(firstPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+            Assert.AreEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlUpdateSecurityPrinciplePasswordBadPassword()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var firstPassword = adminSecurityPrinciples[0].Password;
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Update security principle in AccessControl with a new password, but wrong original password
+            var newPassword = "GFEDCBA";
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword.ToLower(), newPassword);
+            Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to fail with wrong password");
+
+            // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after failed update
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            var firstPasswordHashed = access.HashPassword(firstPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+            Assert.AreEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlDeleteSecurityPrinciple()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before delete is not null
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, "Expected object returned by AccessControl.GetSecurityPrinciple() to not be null");
+            Assert.AreEqual(storedSecurityPrinciple.Id, adminSecurityPrinciples[0].Id, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Id '{adminSecurityPrinciples[0].Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Delete first security principle in adminSecurityPrinciples list from AccessControl store
+            var securityPrincipleDeleted = await access.DeleteSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsTrue(securityPrincipleDeleted, $"Expected security principle deletion for {adminSecurityPrinciples[0].Id} to succeed");
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after delete is null
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsNull(storedSecurityPrinciple, $"Expected SecurityPrinciple for '{adminSecurityPrinciples[0].Id}' to be null from GetSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlDeleteSecurityPrincipleNoRoles()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before delete is not null
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, "Expected object returned by AccessControl.GetSecurityPrinciple() to not be null");
+            Assert.AreEqual(storedSecurityPrinciple.Id, adminSecurityPrinciples[0].Id, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Id '{adminSecurityPrinciples[0].Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Try to delete first security principle in adminSecurityPrinciples list from AccessControl store
+            var securityPrincipleDeleted = await access.DeleteSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsFalse(securityPrincipleDeleted, $"Expected security principle deletion for {adminSecurityPrinciples[0].Id} to fail without roles defined");
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after delete is not null
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, $"Expected SecurityPrinciple for '{adminSecurityPrinciples[0].Id}' to not be null from GetSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlDeleteSecurityPrincipleSelfDeletion()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before delete is not null
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[1].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, "Expected object returned by AccessControl.GetSecurityPrinciple() to not be null");
+            Assert.AreEqual(storedSecurityPrinciple.Id, adminSecurityPrinciples[1].Id, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Id '{adminSecurityPrinciples[1].Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Try to delete second security principle in adminSecurityPrinciples list from AccessControl store
+            var securityPrincipleDeleted = await access.DeleteSecurityPrinciple(contextUserId, contextUserId);
+            Assert.IsFalse(securityPrincipleDeleted, $"Expected security principle self deletion for {contextUserId} to fail");
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after delete is not null
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[1].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, $"Expected SecurityPrinciple for '{adminSecurityPrinciples[1].Id}' to not be null from GetSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlDeleteSecurityPrincipleBadId()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before delete is not null
+            var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[1].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, "Expected object returned by AccessControl.GetSecurityPrinciple() to not be null");
+            Assert.AreEqual(storedSecurityPrinciple.Id, adminSecurityPrinciples[1].Id, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Id '{adminSecurityPrinciples[1].Id}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+
+            // Try to delete second security principle in adminSecurityPrinciples list from AccessControl store
+            var securityPrincipleDeleted = await access.DeleteSecurityPrinciple(contextUserId, contextUserId.ToUpper());
+            Assert.IsFalse(securityPrincipleDeleted, $"Expected security principle deletion for {contextUserId.ToUpper()} to fail");
+
+            // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after delete is not null
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[1].Id);
+            Assert.IsNotNull(storedSecurityPrinciple, $"Expected SecurityPrinciple for '{adminSecurityPrinciples[1].Id}' to not be null from GetSecurityPrinciple()");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlIsPrincipleInRole()
+        {
+            // Add test security principles
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
+
+            // Setup security principle actions
+            var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
+            actions.ForEach(async a => await access.AddAction(a));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
+            assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
+
+            // Validate specified admin user is a principle role
+            bool hasAccess;
+            foreach (var assignedRole in assignedRoles)
+            {
+                hasAccess = await access.IsPrincipleInRole(contextUserId, assignedRole.SecurityPrincipleId, StandardRoles.Administrator.Id);
+                Assert.IsTrue(hasAccess, $"User '{assignedRole.SecurityPrincipleId}' should be in role");
+            }
+
+            // Validate fake admin user is not a principle role
             hasAccess = await access.IsPrincipleInRole(contextUserId, "admin_02", StandardRoles.Administrator.Id);
             Assert.IsFalse(hasAccess, "User should not be in role");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlDomainAuth()
+        {
+            // Add test devops user security principle
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+
+            // Setup security principle actions
+            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            await access.AddAssignedRole(TestAssignedRoles.DevopsUserDomainConsumer); // devops user in consumer role for a specific domain
 
-            // check user can consume a cert for a given domain 
+            // Validate user can consume a cert for a given domain 
             var isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "www.example.com");
             Assert.IsTrue(isAuthorised, "User should be a cert consumer for this domain");
 
-            // check user can't consume a cert for a subdomain they haven't been granted
+            // Validate user can't consume a cert for a subdomain they haven't been granted
             isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "secure.example.com");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for this domain");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlWildcardDomainAuth()
+        {
+            // Add test devops user security principle
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+
+            // Setup security principle actions
+            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            await access.AddAssignedRole(TestAssignedRoles.DevopsUserWildcardDomainConsumer); // devops user in consumer role for a wildcard domain
 
-            // check user can consume any subdomain via a granted wildcard
-            isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
+            // Validate user can consume any subdomain via a granted wildcard
+            var isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
             Assert.IsTrue(isAuthorised, "User should be a cert consumer for this subdomain via wildcard");
 
-            // check user can't consume a random wildcard
+            // Validate user can't consume a random wildcard
             isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "*  lkjhasdf98862364");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for random wildcard");
 
-            // check user can't consume a random wildcard
+            // Validate user can't consume a random wildcard
             isAuthorised = await access.IsAuthorised(contextUserId, "devops_user_01", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "lkjhasdf98862364.*.microsoft.com");
             Assert.IsFalse(isAuthorised, "User should not be a cert consumer for random wildcard");
+        }
+
+        [TestMethod]
+        public async Task TestAccessControlRandomUserAuth()
+        {
+            // Add test devops user security principle
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+
+            // Setup security principle actions
+            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+
+            // Setup policy with actions and add policy to store
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
+
+            // Setup and add roles and policy assignments to store
+            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            await access.AddRole(role);
+
+            // Assign security principles to roles and add roles and policy assignments to store
+            await access.AddAssignedRole(TestAssignedRoles.DevopsUserWildcardDomainConsumer); // devops user in consumer role for a wildcard domain
 
-            // random user should not be authorised
-            isAuthorised = await access.IsAuthorised(contextUserId, "randomuser", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
+            // Validate that random user should not be authorised
+            var isAuthorised = await access.IsAuthorised(contextUserId, "randomuser", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
             Assert.IsFalse(isAuthorised, "Unknown user should not be a cert consumer for this subdomain via wildcard");
         }
     }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
index 25a0cf707..da80b9e06 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
@@ -1,9 +1,11 @@
-using System;
+using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
 using System.Linq;
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Newtonsoft.Json;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -12,6 +14,14 @@ public class CAFailoverTests
     {
         private const string DEFAULTCA = "letscertify";
 
+        // TODO: This requires a valid test CA auth token to run
+        //private Dictionary<string, string> ConfigSettings = new Dictionary<string, string>();
+
+        //public CAFailoverTests()
+        //{
+        //    ConfigSettings = JsonConvert.DeserializeObject<Dictionary<string, string>>(System.IO.File.ReadAllText("C:\\temp\\Certify\\TestConfigSettings.json"));
+        //}
+
         private List<CertificateAuthority> GetTestCAs()
         {
             var caList = new List<CertificateAuthority> {
@@ -195,7 +205,7 @@ public void TestBasicNoFallbacks()
             var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts.FindAll(a => a.IsStagingAccount == false), managedCertificate, defaultCAAccount);
 
             // assert result
-            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, $"Default CA should be selected: returned CA {selectedAccount.CertificateAuthorityId}");
+            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, "Default CA should be selected");
             Assert.IsFalse(selectedAccount.IsFailoverSelection, "Account should not be marked as a failover choice");
         }
 
@@ -203,7 +213,7 @@ public void TestBasicNoFallbacks()
         public void TestBasicNextFallbackNull()
         {
             // setup
-            var accounts = GetTestAccounts().FindAll(a => a.ID != "letsreluctantlyfallback_ABC234_staging");
+            var accounts = GetTestAccounts().FindAll(a  => a.ID != "letsreluctantlyfallback_ABC234_staging");
             var caList = GetTestCAs();
 
             var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: "letsfallback");
@@ -211,19 +221,13 @@ public void TestBasicNextFallbackNull()
             // perform check
             var defaultCAAccount = accounts.FirstOrDefault(a => a.CertificateAuthorityId == DEFAULTCA && a.IsStagingAccount == managedCertificate.UseStagingMode);
 
-            accounts.Add(new AccountDetails
-            {
-                ID = "letsfallback_ABC234_staging_isfailover",
-                IsStagingAccount = true,
-                IsFailoverSelection = true,
-                CertificateAuthorityId = "letsfallback",
-                Title = "A fallback account with is failover"
-            });
+            accounts.Add(new AccountDetails { ID = "letsfallback_ABC234_staging_isfailover", IsStagingAccount = true, IsFailoverSelection = true, 
+                CertificateAuthorityId = "letsfallback", Title = "A fallback account with is failover" });
 
             var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts, managedCertificate, defaultCAAccount);
 
             // assert result
-            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, $"Default CA should be selected: returned CA {selectedAccount.CertificateAuthorityId}");
+            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, "Default CA should be selected");
             Assert.IsFalse(selectedAccount.IsFailoverSelection, "Account should not be marked as a failover choice");
         }
 
@@ -234,7 +238,7 @@ public void TestBasicFailoverOccursWildcardDomainCA()
             var accounts = GetTestAccounts();
             var caList = GetTestCAs();
 
-            var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA,
+            var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA, 
                 new CertRequestConfig { SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray() });
 
             // perform check
@@ -315,9 +319,7 @@ public void TestBasicFailoverOccursOptionalLifetimeDays()
             var caList = GetTestCAs();
 
             var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA,
-                new CertRequestConfig
-                {
-                    SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray(),
+                new CertRequestConfig { SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray(),
                     PreferredExpiryDays = 7,
                 });
 
@@ -331,4 +333,33 @@ public void TestBasicFailoverOccursOptionalLifetimeDays()
             Assert.IsTrue(selectedAccount.IsFailoverSelection, "Account should be marked as a failover choice");
         }
     }
+
+    // TODO: This test requires a valid test CA auth token to run
+    //[TestMethod, Description("Failover to an alternate CA when an item has repeatedly failed, with TnAuthList CA")]
+    //public void TestBasicFailoverOccursTnAuthList()
+    //{
+    //    // setup
+    //    var accounts = GetTestAccounts();
+    //    var caList = GetTestCAs();
+
+    //    var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA,
+    //        new CertRequestConfig {
+    //            //SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com" }.ToArray(),
+    //            AuthorityTokens = new ObservableCollection<TkAuthToken> {
+    //                new TkAuthToken{
+    //                    Token = ConfigSettings["TestAuthToken"],
+    //                    Crl =ConfigSettings["TestAuthTokenCRL"]
+    //                }
+    //            }
+    //        });
+
+    //    // perform check
+    //    var defaultCAAccount = accounts.FirstOrDefault(a => a.CertificateAuthorityId == DEFAULTCA && a.IsStagingAccount == managedCertificate.UseStagingMode);
+
+    //    var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts, managedCertificate, defaultCAAccount);
+
+    //    // assert result
+    //    Assert.IsTrue(selectedAccount.CertificateAuthorityId == "letsreluctantlyfallback", "Fallback CA should be selected");
+    //    Assert.IsTrue(selectedAccount.IsFailoverSelection, "Account should be marked as a failover choice");
+    //}
 }

From a520490aa88ddfbf03c17cc712673b2fbc04fb95 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 25 Oct 2023 13:36:16 +0800
Subject: [PATCH 067/237] Add regular GC sweep

---
 .../Management/CertifyManager/CertifyManager.cs          | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index c9c0e05be..004e8ec78 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -223,6 +223,15 @@ private async void _dailyTimer_Elapsed(object sender, System.Timers.ElapsedEvent
         private async void _hourlyTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
         {
             await PerformCertificateMaintenanceTasks();
+
+            try
+            {
+                GC.Collect(GC.MaxGeneration, GCCollectionMode.Default);
+            }
+            catch
+            {
+                // failed to perform garbage collection, ignore.
+            }
         }
 
         private async void _frequentTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)

From c9c634656c811b99b767d23193d6f977ed0ea379 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Wed, 25 Oct 2023 17:27:44 +0800
Subject: [PATCH 068/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj             |  2 +-
 src/Certify.Core/Certify.Core.csproj                 |  2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj      |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj           |  2 +-
 .../Certify.Server.Api.Public.csproj                 |  2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj   |  2 +-
 .../Certify.Service.Worker.csproj                    |  2 +-
 .../Certify.Service.Worker/Dockerfile                |  4 ++--
 src/Certify.Service/Certify.Service.csproj           | 12 ++++++------
 .../Certify.Core.Tests.Integration.csproj            |  2 +-
 .../Certify.Core.Tests.Unit.csproj                   |  2 +-
 .../Certify.Service.Tests.Integration.csproj         |  2 +-
 13 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index f874fdbfc..e27a06f95 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 00d97a462..61b680a0f 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 7a5ef76b5..f6fdb983e 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.202.2" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.202.9" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 085c1960f..b178c09dd 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.35.0" />
-    <PackageReference Include="Azure.Identity" Version="1.10.2" />
+    <PackageReference Include="Azure.Identity" Version="1.10.3" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index be4eca0ee..758dd3b80 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="7.0.12" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.0-rc.2.23480.2" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 504d52806..c9e721ceb 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -21,7 +21,7 @@
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.2" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
       <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.2.23480.2" />
       <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.2.23480.1" />
       <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.2.23480.2" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index d560be7b9..15b0e512d 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.2.23480.2" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 70cd9e1bf..d42e45ffc 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -10,7 +10,7 @@
     <DebugSymbols>true</DebugSymbols>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.2.23479.6" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
index c4714dbf8..53e0dff18 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
@@ -1,10 +1,10 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
-FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
 WORKDIR /app
 EXPOSE 80
 EXPOSE 443
 
-FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 WORKDIR /src
 COPY ["Certify.Service.Worker/Certify.Service.Worker.csproj", "Certify.Service.Worker/"]
 RUN dotnet restore "Certify.Service.Worker/Certify.Service.Worker.csproj"
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index b587d2ff3..e8dabde64 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -49,12 +49,12 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.AspNet.SignalR.Core" Version="2.4.3" />
         <PackageReference Include="Microsoft.AspNet.SignalR.SelfHost" Version="2.4.3" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="5.2.9" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Core" Version="5.2.9" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.2.9" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.2.9" />
-        <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.56.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Core" Version="5.3.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
+        <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.57.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 0a5961ba3..7aa438dc1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -96,7 +96,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 0c4c2be7e..a178f4522 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -136,7 +136,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 0a192b307..31455ada4 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -80,7 +80,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="7.2.4" />
+    <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>

From 0238bca74aea63356f3eee1be401dcb2d9c8e954 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 26 Oct 2023 16:54:04 +0800
Subject: [PATCH 069/237] Implement challenge cleanup action by repurposing
 challenge test cleanup

---
 .../Management/Challenges/ChallengeResponseService.cs     | 8 ++++----
 .../Controls/ManagedCertificate/AdvancedOptions.xaml.cs   | 1 +
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs b/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
index 4ac46c835..f7adadcab 100644
--- a/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
+++ b/src/Certify.Core/Management/Challenges/ChallengeResponseService.cs
@@ -621,7 +621,7 @@ private Func<bool> PrepareChallengeResponse_TlsSni01(ILog log, ITargetWebServer
 
         private DnsChallengeHelper _dnsHelper = null;
 
-        private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, ICredentialsManager credentialsManager)
+        private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog log, CertIdentifierItem domain, ManagedCertificate managedCertificate, PendingAuthorization pendingAuth, bool isTestMode, bool isCleanupOnly, ICredentialsManager credentialsManager)
         {
             var dnsChallenge = pendingAuth.Challenges.FirstOrDefault(c => c.ChallengeType == SupportedChallengeTypes.CHALLENGE_TYPE_DNS);
 
@@ -639,12 +639,12 @@ private async Task<DnsChallengeHelperResult> PerformChallengeResponse_Dns01(ILog
             }
 
             // create DNS records (manually or via automation)
-            if (_dnsHelper == null) {
+            if (_dnsHelper == null)
+            {
                 _dnsHelper = new DnsChallengeHelper(credentialsManager);
             }
 
-            var dnsResult = await _dnsHelper.CompleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value, isTestMode);
-
+            DnsChallengeHelperResult dnsResult;
             if (!isCleanupOnly)
             {
                 dnsResult = await _dnsHelper.CompleteDNSChallenge(log, managedCertificate, domain, dnsChallenge.Key, dnsChallenge.Value, isTestMode);
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
index 8fea57666..bd5f3614e 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml.cs
@@ -6,6 +6,7 @@
 using System.Windows.Controls;
 using Certify.Locales;
 using Certify.Management;
+using Certify.UI.ViewModel;
 using Microsoft.Win32;
 
 namespace Certify.UI.Controls.ManagedCertificate

From 55a89e7f2d82ff00b1a229c347f6d18eaf017372 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 26 Oct 2023 00:02:38 -0700
Subject: [PATCH 070/237] Updates and expansions to various tests

---
 .../ServerManagers/IISManagerTests.cs         |   7 +
 .../Assets/badcert.pfx                        |   0
 .../Assets/dummycert.pfx                      | Bin 0 -> 3044 bytes
 .../BindingMatchTests.cs                      | 317 +++++++++---------
 .../Certify.Core.Tests.Unit.csproj            |   6 +
 .../ChallengeConfigMatchTests.cs              |  11 +-
 .../DomainZoneMatchTests.cs                   |   7 +-
 .../GetDnsProviderTests.cs                    | 140 ++++++++
 8 files changed, 328 insertions(+), 160 deletions(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Assets/badcert.pfx
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Assets/dummycert.pfx
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs

diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/ServerManagers/IISManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/ServerManagers/IISManagerTests.cs
index 0e7679732..6dc42066b 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/ServerManagers/IISManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/ServerManagers/IISManagerTests.cs
@@ -69,6 +69,13 @@ public async Task TestIISVersionCheck()
             Assert.IsTrue(version.Major >= 7);
         }
 
+        [TestMethod]
+        public async Task TestIISIsAvailable()
+        {
+            var isAvailable = await iisManager.IsAvailable();
+            Assert.IsTrue(isAvailable);
+        }
+
         [TestMethod]
         public async Task TestIISSiteRunning()
         {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Assets/badcert.pfx b/src/Certify.Tests/Certify.Core.Tests.Unit/Assets/badcert.pfx
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Assets/dummycert.pfx b/src/Certify.Tests/Certify.Core.Tests.Unit/Assets/dummycert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..2148c5a292fcad0a6f852ed7c0843a561d5caab8
GIT binary patch
literal 3044
zcmZve2{hF07sr3Y7(^(VG6-XhFeH0p7qU&3l<X4Oca?n~`_?d7i|lLmCD}tV7(>L!
zzGca4AHDv1|J(aN=l`7Z+;i^t-sd^z`P}E8a}hygAaX<ygjyg%J>u{ph!T_=#2o|<
zAzwuV{T~^`i3kC)oo{9c&A(32UI3Bh1}7kbV-ft23;!0+FNJ}bvfpvd3cIp8kfMye
z`iZ01KHpbCWMp6fY_Vv7VTO8hO4B#)xU*)ue8nv2XJ~=%`JvOvBQFHMokNzss%Iji
ze+@bvnr=^)HN{{&YSH^@+TYEGCQvS(IE9Z2wNWFl0BpZ-1xk9c2fC*f(<wtCUmirB
zu;!MqDe8;h`p=`NuZTjyOju87M&R}Nq|+sF!O9d3{H@IfeFW;iNlc<D*OdSdz#6aw
z9Dyf*FCYxK0`7nd@a){P20Q^Pz#gzU&k#QMT+Xc*-~gBa%I8t{^Qb*w3p@u*fxp(@
z*+Fv8QIdgxziXiXfd%;u3&;Jdh=Qd|xHSe^-I*LmiruI5`VA}huX2?6uMzP_!YD5Q
zb^C15`-n@1Ak=dwQ%U_MO6stKwJf4z(}lIeOOKiJwbm7@C0x4VY3S?czJEZZC64k!
z=VIIpJJ;J$VW32>IcH2@!Q5A(O{~*;l7WLcp&g1ftFlAeT{7^qPifOC<S|)5P_9A~
z8Y`GiVP|?vy@FhyjLCYPhM@1JlU+-dzTd|_tmKEf&wKf0zEh(5oKV<TgXH1N47L`{
z={G<~**-8la`b?Zf_?eE@<VV>2!0;Z;k*dX^(lOW_a1y6W<L;LO<D-OpWU}hk!%cW
zm)Ge@oh5v(<P--_UjO#3h<?Dr_$4<-_x;-aT|)+cm!)pi^cY!4{YM%0UVF-FpNlJ?
z^bAGAaNCvB1its39us@fG<m)BQ`uF-i{p~hFQdNgcmJ$SL^7Zj{1cn5+`}8ug|gde
z^Jirj_c#aS&^2V$?D=>}vytSkh>Mp`VKdgn395K&SxJddCN*9Ks+Az?Vykq&Ger*p
zcph2PR+er(n!v@#*k?657Z9**ecdLqIiuvD-c_1zj3wH}$Ckvt{KP1dGPK&i1$}T&
zud0sw#bk06Eo0{dIN1GoUXxwT8%;lPp?Gl_Uo)lpK^p6wCMXwc%HA>Nb}boPD>NOL
zZN~a?kvuCdM|R79MAlRagAv)P^BmfHSDshg$ShpN%t4oT70aDA(^fKwPjr86Vkg90
zXF)+YMW&RLYG^LD!4yma1Op9Zc<SO(yZf5UQ$qA(P7M1eIulfM`>PpvZdhU?h6Oj3
zN#h+eORZYfc^j2kPTM?#KEHc?n%<;1aCL!D&AcB7^G-Z993oExFQq{(FGwQ8n^Gko
zzWC&W=6j^Ai1RZ6%a{Kte;_Mb@r~07ZGgPv{#<vfm2Y5%|KK<Y8>5ek^&M^(N$6X*
zD6a8R8O;(AOV(OWLo5tTA8QTjp|as_#K<6;IXhQRivW|sAu1_<bdQIb{7}#+Nn%rt
zpZvPvH5oWhGh^3rxB1IMByKi0TEkUw*kNJXlKVr79_M0XG<7{83JZv`8cZeehMYuj
z-#zJlwKWI|)-wN4Ft3buIcuzseuJd`RKp!EA3Vx4O{zVpeSW+jH+=2Zc%Ph_)E9OO
zj|?$s!b<sa_mgbxM?)~Vs!a}e?1aFW$*@KrA(vwIi#QYWS((t!_*)9ZH{%lHI^37D
z<#}{gLq&ZIo+{p&wzR=>?Z3IyyzZzHSD94KiM~<=qNXJ#R3>2XSuYb^cXvWw%tpH}
z1Ikl3R5N^ZV0I2wUPP@dxGM&nWbq&<-p&anuWj6!{O<JaET=(-bB=4fXvA8XwW{rR
zU-I82Ib?=Ji4y538W)*v?dqrwX6@p{|Ip`C7MA)*tcPo6=q~9Zd+(_%bL>i6(xv(L
z=84?pJ4nnTN+0%%6{8EX=yDZ4|5(f&$Q&>a(uf<wjmb0eohVau)}G|2^_C1|sL_RD
z>BG1Oa^%NY?iTKG|037cYFG+iR+_9DrD)R=f7)9e?qqpzt<p+;eJ0NVAM}H#{B1%}
zAxe2OztOMa(NBN+r>z|bLRpc$*%CwD^->4|k2$t~rt`#UO#fB~{3Z$SQYsO{X(Gh*
z@JhUr_IdL^%s0eHMEPJkgehd${6Hl;p~!XrXRE}%FpUS^xRayLvyl=KbrkEgQnLpS
ze>8dBWY~6mwA*|Ew~4tYr<j7<G@H>9cb=#G8GF|73WH~U<`JcG?Roi^*e_2idH|oP
zn+KNfSDv;`*M+XJ?Kh9AjP9UVtU3u#g$KXKm1$^KNTmjh&!vbZm1NwG$YmJ0iq6hh
zIIC$&c~G?&2|4q4oL6);L`)ODy-C6^TTCHyjmQjX;r%-m4`4(2+`(hRcel9QN|)iR
zSHJ6w@BPdZ0*-Eids4)y;H!s2?4?p1Jq=WA-u-b$vK{(&E*Czox8C3d@kDD5jAYZ@
z)QHJ>%(86jw|?Upb?A%6!01xyuCPU&7JZ5Dlj*jN4@i5T2@#I7TCg8A8Z3>;OFUnX
z?@@YM9ZrauRfVPIEsrJUed}uW&19xmUV7T`evJ|Rr3Z73-8}g7O#T-3sR?B#HUO`S
z7$p5l$gG3Q(k$5=;Qix0v2@(l1pl2DDeZR<8&|ILk5!r(Q^mtigNmFayUE=kIPQ#-
zvW!qy#ZG9l40(SemRrDBs2DjM^}pFk+E`C{xz5Wv1d(;UT?$4-F@g&>THqx`E)fd2
zswV0&W0iQ#*e?;o7W%oyj_*72C6_+gi+{JRO~V$K;Xssq4kdjnp&j>}slNW&P*L@d
zdgfv|Ib+OkWky9DcUJwHFXs%Z5|hYZT+#4^IgFaNM;;6du=-z(=7nncwaFakiYBU8
z;lLH`V1ws@T{d7H=R)Re#_RNak@w@eL;CNJM2*ApI_pJ)*PX&RbLR`TN1UZ2+&>qn
zH=&Fcbi1aETBhjL1J9hWLYj^;i?&f^qc$J0tQ)9{XO0R;O|j-2@oZVQ30*YXS&x1G
z-omkS6e60Hc2pv^QO{b#3X?^9h_8x8ZTMa4;8^_p!Va3s#YJsTW?nhm#t~@*nO^+`
z)yzCC%8`D_M)o%F!y6>q@g%$A?J$vqx;fv=;p+xcd5Z|CdYW`Q!zN?y-c*@8LxLL?
z7X^oQYbviP$+JYga%-(4JcAuS3I&IdQC)J;6dBQ#XZ#?r_o`2&!BNb1`u<J$AD<3x
zf7&EY7oDsc%jTA{|8b+uC+t#cpsD*dhx@2c64`O~S1<3v9}Co#9r6s0Kh4`VYOC96
z_&Lm>x(l`Ta_*X2;1(BQdDdphk<q*-Fl;!EDWR!rZ0%)K?8-?d9};Qi8p&@VunL!*
zDn|z+15SJCRV#082&d{p1uE4+eu9G@3rBEA>Wdv(`6=7GGTP|rfG19v*0cf9@mjgd
zZqtEs4_up<`=@&#Z4<{vHhPd6bzO&#yAKm9+T#F83!NpCKhuBq*}YQgY2>|9Tj2JE
z6eT-zHrXxxRnHAhTV>ofcIu?oyxhd9JJWCNcB{TXus>&o#?Ep%#F!MYmh(Z1*79<t
z=z%Hp_VW{y!;S8hMg^zdsfnz4Zx-p)tK)I(yxz>x6-bscjv0zSm*3B1C9<M7o%7a&
zQ?O*v23|&qfObwud+!FO3pK$o0ndgxj>L=MNd8AOg`f5=Q&_y=`My{-EcjX|aU0iU
zORLGSuV+@7zyM*`Zk33<VQNn$a5f=$A2rJztz~}4>W%{1J*ehE#VW0isQgh*$!;0N
zN7$F6i1!eAnj6myISY2%RkIkf=hDq(L@u`%QQyr7?jB6!-I;9Jt?(_}niC;?@}%o|
zlOpRK8;=-vI~f|)&23@7o+YY4zP8qXIS5_z&++l^7I6o`iJ*p12-1<0!6*PQ(>s$$
wY8R`DmPa8Nu0Wg2Q#Q^eaxl|lrZzT|5%J;9nE0fcSbHUb+GOST_y_?107&|%YXATM

literal 0
HcmV?d00001

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
index eb650ded1..8b45ca4cc 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.IO;
@@ -9,6 +9,7 @@
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Certify.Management;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -360,19 +361,19 @@ public async Task MixedIPBindingChecks()
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Storage", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"));
+            Assert.AreEqual(results[0].Title, "Certificate Storage");
 
             Assert.IsTrue(results[1].HasError, "This call to StoreAndDeploy() should have an error adding binding while deploying certificate in preview");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsTrue(results[2].HasError, "This call to StoreAndDeploy() should have an error adding binding while deploying certificate in preview");
-            Assert.AreEqual("Deployment.AddBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[2].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when not in preview")]
@@ -385,6 +386,7 @@ public async Task MixedIPBindingChecksNoPreview()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -405,30 +407,30 @@ public async Task MixedIPBindingChecksNoPreview()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled with blank certStoreName")]
@@ -441,6 +443,7 @@ public async Task MixedIPBindingChecksBlankCertStoreName()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -461,30 +464,30 @@ public async Task MixedIPBindingChecksBlankCertStoreName()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, "");
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, "");
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx file path")]
@@ -497,6 +500,7 @@ public async Task MixedIPBindingChecksBadPfxPath()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Asset\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -517,13 +521,13 @@ public async Task MixedIPBindingChecksBadPfxPath()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath.Replace("Assets", "Asset"), pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
+            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async() => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx file")]
@@ -536,7 +540,7 @@ public async Task MixedIPBindingChecksBadPfxFile()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var badCertPath = Path.Combine(Environment.CurrentDirectory, "Assets", "badcert.pfx");
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\badcert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -557,13 +561,13 @@ public async Task MixedIPBindingChecksBadPfxFile()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            await Assert.ThrowsExceptionAsync<ArgumentException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, badCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
+            await Assert.ThrowsExceptionAsync<ArgumentException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx password")]
@@ -576,6 +580,7 @@ public async Task MixedIPBindingChecksBadPfxPassword()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -596,30 +601,30 @@ public async Task MixedIPBindingChecksBadPfxPassword()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "badpass", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "badpass", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad cert store name")]
@@ -632,6 +637,7 @@ public async Task MixedIPBindingChecksBadCertStoreName()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -652,27 +658,19 @@ public async Task MixedIPBindingChecksBadCertStoreName()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, "BadCertStoreName");
-
-            Assert.AreEqual(1, results.Count);
-            Assert.IsTrue(results[0].HasError);
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-            {
-                Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The system cannot find the file specified."), $"Unexpected description: '{results[0].Description}'");
-            }
-            else
-            {
-                Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The specified X509 certificate store does not exist."), $"Unexpected description: '{results[0].Description}'");
-            }
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, "BadCertStoreName");
 
-            Assert.AreEqual("Certificate Storage Failed", results[0].Title);
+            Assert.AreEqual(results.Count, 1);
+            Assert.IsTrue(results[0].HasError);            
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The system cannot find the file specified."));
+            Assert.AreEqual(results[0].Title, "Certificate Storage Failed");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when DeploymentBindingOption = DeploymentBindingOption.UpdateOnly")]
@@ -686,6 +684,7 @@ public async Task MixedIPBindingChecksRequestConfigUpdateOnly()
             };
 
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -707,27 +706,27 @@ public async Task MixedIPBindingChecksRequestConfigUpdateOnly()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
-            Assert.AreEqual(1, results.Count);
+            Assert.AreEqual(results.Count, 1);
             Assert.IsFalse(results[0].HasError);
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
         }
 
         [TestMethod, Description("Test if https IP bindings are handled")]
         public async Task HttpsIPBindingChecks()
         {
             var bindings = new List<BindingInfo> {
-                new BindingInfo{ Host="test.com", IP="127.0.0.1", Port=443, Protocol="https" },
-                new BindingInfo{ Host="www.test.com", IP="127.0.0.1", Port=443, Protocol="https" },
+                new BindingInfo{ Host="test.com", IP="127.0.0.1", Port=80, Protocol="https" },
+                new BindingInfo{ Host="www.test.com", IP="127.0.0.1", Port=80, Protocol="https" },
             };
             var deployment = new BindingDeploymentManager();
             var testManagedCert = new ManagedCertificate
@@ -760,17 +759,17 @@ public async Task HttpsIPBindingChecks()
             Assert.IsTrue(results.Any());
             Assert.AreEqual(2, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Storage", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"));
+            Assert.AreEqual(results[0].Title, "Certificate Storage");
 
-            // because the existing binding uses an IP address with non-SNI the resulting update should also use the IP address and no SNI.
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:443:test.com Non-SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:80:test.com Non-SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
         }
 
+#if NET462
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when CertificateThumbprintHash is defined")]
         public async Task MixedIPBindingChecksCertificateThumbprintHash()
         {
@@ -785,6 +784,7 @@ public async Task MixedIPBindingChecksCertificateThumbprintHash()
             };
 
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -806,32 +806,30 @@ public async Task MixedIPBindingChecksCertificateThumbprintHash()
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
                 CertificateThumbprintHash = cert.Thumbprint,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
-
-            CertificateManager.RemoveCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when CertificatePreviousThumbprintHash is defined")]
@@ -849,6 +847,7 @@ public async Task MixedIPBindingChecksCertificatePreviousThumbprintHash()
             };
 
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -870,33 +869,32 @@ public async Task MixedIPBindingChecksCertificatePreviousThumbprintHash()
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
                 CertificatePreviousThumbprintHash = cert.Thumbprint,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
-
-            CertificateManager.RemoveCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
+#endif
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview")]
         public async Task FtpBindingChecksNoPreview()
@@ -906,6 +904,7 @@ public async Task FtpBindingChecksNoPreview()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -926,30 +925,30 @@ public async Task FtpBindingChecksNoPreview()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | ***:21:ftp.test.com **"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | ***:21:ftp.test.com **"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview with Certificate Request that defines a BindingIPAddress")]
@@ -960,6 +959,7 @@ public async Task FtpBindingChecksCertReqBindingIPAddr()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -981,30 +981,30 @@ public async Task FtpBindingChecksCertReqBindingIPAddr()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: {results[0].Description}");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: {results[1].Description}");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | **127.0.0.1:21:ftp.test.com **"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: {results[2].Description}");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | **127.0.0.1:21:ftp.test.com **"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview with Certificate Request that defines a BindingPort")]
@@ -1015,6 +1015,7 @@ public async Task FtpBindingChecksCertReqBindingPort()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1036,30 +1037,30 @@ public async Task FtpBindingChecksCertReqBindingPort()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | ***:22:ftp.test.com **"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
+            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | ***:22:ftp.test.com **"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
         }
 
         [TestMethod, Description("Test update bindings are skipped when using a protocol other than http, https, or ftp")]
@@ -1069,6 +1070,7 @@ public async Task UpdateBindingSkippedUnsupportedProtocol()
                 new BindingInfo{ Host="smtp.test.com", IP="127.0.0.1", Port = 587, Protocol="smtp" },
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1089,20 +1091,20 @@ public async Task UpdateBindingSkippedUnsupportedProtocol()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(1, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview")]
@@ -1113,6 +1115,7 @@ public async Task FtpBindingChecksUpdateExisting()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 21, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
+            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1133,40 +1136,40 @@ public async Task FtpBindingChecksUpdateExisting()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = _dummyCertPath
+                CertificatePath = dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(1, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             testManagedCert.RequestConfig.DeploymentSiteOption = DeploymentOption.AllSites;
-            results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual("CertificateStorage", results[0].Category);
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
-            Assert.AreEqual("Certificate Stored", results[0].Title);
+            Assert.AreEqual(results[0].Category, "CertificateStorage");
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
+            Assert.AreEqual(results[0].Title, "Certificate Stored");
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
+            Assert.AreEqual(results[1].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"));
+            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
-            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:21:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
-            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
+            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"));
+            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
         }
 
         [TestMethod, Description("Test that duplicate https bindings are not created when multiple non-port 443 same-hostname bindings exist")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index a178f4522..48a2bc52f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -112,6 +112,12 @@
     <Content Include="Assets\Powershell\Simple.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>
+    <None Include="Assets\dummycert.pfx">
+        <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Include="Assets\badcert.pfx">
+        <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\Postgres\Plugin.Datastore.Postgres.csproj" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
index fd5b5553a..2053786f1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
@@ -102,7 +102,7 @@ public void MultiChallengeConfigMatch()
         }
 
         [TestMethod, Description("Ensure correct challenge config selected based on domain")]
-        public void ChallengeDelgationRuleTests()
+        public void ChallengeDelegationRuleTests()
         {
             // wildcard rule tests [any subdomain source, any subdomain target]
             var testRule = "*.test.com:*.auth.test.co.uk";
@@ -140,5 +140,14 @@ public void ChallengeDelgationRuleTests()
             result = Management.Challenges.DnsChallengeHelper.ApplyChallengeDelegationRule("www.subdomain.example.com", "_acme-challenge.www.subdomain.example.com", testRule);
             Assert.AreEqual("_acme-challenge.www.subdomain.auth.example.co.uk", result);
         }
+
+        [TestMethod, Description("Ensure correct challenge config selected when rule is blank")]
+        public void ChallengeDelegationRuleBlankRule()
+        {
+            // wildcard rule tests [any subdomain source, any subdomain target]
+            var testRule = "*.test.com:*.auth.test.co.uk";
+            var result = Management.Challenges.DnsChallengeHelper.ApplyChallengeDelegationRule("test.com", "_acme-challenge.test.com", null);
+            Assert.AreEqual("_acme-challenge.test.com", result);
+        }
     }
 }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs
index 7a82f1011..0b724a6d2 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs
@@ -18,8 +18,8 @@ public async Task DetermineRootDomainTests()
                     new DnsZone{ Name="test.com", ZoneId="123-test.com"},
                     new DnsZone{ Name="subdomain.test.com", ZoneId="345-subdomain-test.com"},
                     new DnsZone{ Name="long-subdomain.test.com", ZoneId="345-subdomain-test.com"},
-                        new DnsZone{ Name="bar.co.uk", ZoneId="lengthtest-1"},
-                           new DnsZone{ Name="foobar.co.uk", ZoneId="lengthtest-2"}
+                    new DnsZone{ Name="bar.co.uk", ZoneId="lengthtest-1"},
+                    new DnsZone{ Name="foobar.co.uk", ZoneId="lengthtest-2"}
                 }
             );
 
@@ -32,6 +32,9 @@ public async Task DetermineRootDomainTests()
             domainRoot = await mockDnsProvider.Object.DetermineZoneDomainRoot("www.test.com", "123-test.com");
             Assert.IsTrue(domainRoot.ZoneId == "123-test.com");
 
+            domainRoot = await mockDnsProvider.Object.DetermineZoneDomainRoot("test.com", "bad.domain.com");
+            Assert.IsTrue(domainRoot.ZoneId == "123-test.com");
+
             domainRoot = await mockDnsProvider.Object.DetermineZoneDomainRoot("www.test.com", null);
             Assert.IsTrue(domainRoot.ZoneId == "123-test.com");
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
new file mode 100644
index 000000000..4dcfc9c55
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
@@ -0,0 +1,140 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Core.Management.Challenges;
+using Certify.Management;
+using Certify.Models.Config;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class GetDnsProviderTests
+    {
+        private SQLiteCredentialStore credentialsManager;
+        private DnsChallengeHelper dnsHelper;
+
+        public GetDnsProviderTests() 
+        {
+            var pluginManager = new PluginManager();
+            pluginManager.LoadPlugins(new List<string> { PluginManager.PLUGINS_DNS_PROVIDERS });
+            var TEST_PATH = "Tests\\credentials";
+            credentialsManager = new SQLiteCredentialStore(storageSubfolder: TEST_PATH);
+            dnsHelper = new DnsChallengeHelper(credentialsManager);
+        }
+
+        [TestMethod, Description("Test Getting DNS Provider with empty CredentialsID")]
+        public async Task TestGetDnsProvidersEmptyCredentialsID()
+        {
+            var providerTypeId = "DNS01.Powershell";
+            var credentialsId = "";
+            var result = await dnsHelper.GetDnsProvider(providerTypeId, credentialsId, null, credentialsManager);
+
+            // Assert
+            Assert.AreEqual("DNS Challenge API Provider not set or could not load.", result.Result.Message);
+            Assert.IsFalse(result.Result.IsSuccess);
+            Assert.IsFalse(result.Result.IsWarning);
+        }
+
+        [TestMethod, Description("Test Getting DNS Provider with empty ProviderTypeId")]
+        public async Task TestGetDnsProvidersEmptyProviderTypeId()
+        {
+            var providerTypeId = "";
+            var secrets = new Dictionary<string, string>();
+            secrets.Add("zoneid", "ABC123");
+            secrets.Add("secretid", "thereisnosecret");
+            var testCredential = new StoredCredential
+            {
+                ProviderType = "DNS01.Manual",
+                Title = "A test credential",
+                StorageKey = Guid.NewGuid().ToString(),
+                Secret = Newtonsoft.Json.JsonConvert.SerializeObject(secrets)
+            };
+            var updateResult = await credentialsManager.Update(testCredential);
+
+            var result = await dnsHelper.GetDnsProvider(providerTypeId, testCredential.StorageKey, null, credentialsManager);
+
+            // Assert
+            Assert.AreEqual("DNS Challenge API Provider not set or could not load.", result.Result.Message);
+            Assert.IsFalse(result.Result.IsSuccess);
+            Assert.IsFalse(result.Result.IsWarning);
+        }
+
+        [TestMethod, Description("Test Getting DNS Provider with a bad CredentialId")]
+        public async Task TestGetDnsProvidersBadCredentialId()
+        {
+            var secrets = new Dictionary<string, string>();
+            secrets.Add("zoneid", "ABC123");
+            secrets.Add("secretid", "thereisnosecret");
+            var testCredential = new StoredCredential
+            {
+                ProviderType = "DNS01.Manual",
+                Title = "A test credential",
+                StorageKey = Guid.NewGuid().ToString(),
+                Secret = Newtonsoft.Json.JsonConvert.SerializeObject(secrets)
+            };
+
+            var updateResult = await credentialsManager.Update(testCredential);
+
+            var result = await dnsHelper.GetDnsProvider(testCredential.ProviderType, testCredential.StorageKey.Substring(5), null, credentialsManager);
+
+            // Assert
+            Assert.AreEqual("DNS Challenge API Credentials could not be decrypted or no longer exists. The original user must be used for decryption.", result.Result.Message);
+            Assert.IsFalse(result.Result.IsSuccess);
+            Assert.IsFalse(result.Result.IsWarning);
+        }
+
+        [TestMethod, Description("Test Getting DNS Provider")]
+        public async Task TestGetDnsProviders()
+        {
+            var secrets = new Dictionary<string, string>();
+            secrets.Add("zoneid", "ABC123");
+            secrets.Add("secretid", "thereisnosecret");
+            var testCredential = new StoredCredential
+            {
+                ProviderType = "DNS01.Manual",
+                Title = "A test credential",
+                StorageKey = Guid.NewGuid().ToString(),
+                Secret = Newtonsoft.Json.JsonConvert.SerializeObject(secrets)
+            };
+
+            var updateResult = await credentialsManager.Update(testCredential);
+
+            var result = await dnsHelper.GetDnsProvider(testCredential.ProviderType, testCredential.StorageKey, null, credentialsManager);
+
+            // Assert
+            Assert.AreEqual("Create Provider Instance", result.Result.Message);
+            Assert.IsTrue(result.Result.IsSuccess);
+            Assert.IsFalse(result.Result.IsWarning);
+            Assert.AreEqual(testCredential.ProviderType, result.Provider.ProviderId);
+        }
+
+        [TestMethod, Description("Test Getting Challenge API Providers")]
+        public async Task TestGetChallengeAPIProviders()
+        {
+            var challengeAPIProviders = await ChallengeProviders.GetChallengeAPIProviders();
+
+            // Assert
+            Assert.IsNotNull(challengeAPIProviders);
+            Assert.AreNotEqual(0, challengeAPIProviders.Count);
+            foreach (object item in challengeAPIProviders)
+            {
+                var itemType = item.GetType();
+                Assert.IsTrue(itemType.GetProperty("ChallengeType") != null);
+                Assert.IsTrue(itemType.GetProperty("Config") != null);
+                Assert.IsTrue(itemType.GetProperty("Description") != null);
+                Assert.IsTrue(itemType.GetProperty("HandlerType") != null);
+                Assert.IsTrue(itemType.GetProperty("HasDynamicParameters") != null);
+                Assert.IsTrue(itemType.GetProperty("HelpUrl") != null);
+                Assert.IsTrue(itemType.GetProperty("Id") != null);
+                Assert.IsTrue(itemType.GetProperty("IsEnabled") != null);
+                Assert.IsTrue(itemType.GetProperty("IsExperimental") != null);
+                Assert.IsTrue(itemType.GetProperty("IsTestModeSupported") != null);
+                Assert.IsTrue(itemType.GetProperty("PropagationDelaySeconds") != null);
+                Assert.IsTrue(itemType.GetProperty("ProviderCategoryId") != null);
+                Assert.IsTrue(itemType.GetProperty("ProviderParameters") != null);
+                Assert.IsTrue(itemType.GetProperty("Title") != null);
+            }
+        }
+    }
+}

From 3346e83ee5cc8797dcbf124fc13071ed484a44a0 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 30 Oct 2023 14:20:00 +0800
Subject: [PATCH 071/237] Update docker related settings for service worker.

---
 src/.dockerignore                             | 30 +++++++++++++++++++
 src/Certify.Core.Service.sln                  | 10 +++++++
 .../Certify.Service.Worker.csproj             |  4 ++-
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 src/.dockerignore

diff --git a/src/.dockerignore b/src/.dockerignore
new file mode 100644
index 000000000..fe1152bdb
--- /dev/null
+++ b/src/.dockerignore
@@ -0,0 +1,30 @@
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/azds.yaml
+**/bin
+**/charts
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
+!**/.gitignore
+!.git/HEAD
+!.git/config
+!.git/packed-refs
+!.git/refs/heads/**
\ No newline at end of file
diff --git a/src/Certify.Core.Service.sln b/src/Certify.Core.Service.sln
index a6b5fb3f5..7339e860a 100644
--- a/src/Certify.Core.Service.sln
+++ b/src/Certify.Core.Service.sln
@@ -69,6 +69,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Providers.ACME.Anvi
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.ACME.Anvil", "..\..\libs\anvil\src\Certify.ACME.Anvil\Certify.ACME.Anvil.csproj", "{443202E1-B6E5-4625-BC3E-B3CB54CF4055}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Service.Worker", "Certify.Server\Certify.Service.Worker\Certify.Service.Worker\Certify.Service.Worker.csproj", "{D786EFD1-7402-43F0-B74F-504DB7C25FF6}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -277,6 +279,14 @@ Global
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|Any CPU.Build.0 = Release|Any CPU
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|x64.ActiveCfg = Release|Any CPU
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|x64.Build.0 = Release|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|x64.Build.0 = Debug|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.ActiveCfg = Release|Any CPU
+		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index d42e45ffc..06f0b6c9e 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -1,15 +1,17 @@
-<Project Sdk="Microsoft.NET.Sdk.Worker;Microsoft.NET.Sdk.Publish">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <UserSecretsId>dotnet-Certify.Service.Worker-347A036F-C1EA-4D32-A163-DCB38C3CA53E</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <DockerfileRunArguments>-v certifydata:/usr/share/Certify</DockerfileRunArguments>
+    <DockerfileContext>..\..\..</DockerfileContext>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <DebugType>portable</DebugType>
     <DebugSymbols>true</DebugSymbols>
   </PropertyGroup>
   <ItemGroup>
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Polly" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.2.23479.6" />

From f45d6a2e4c6c128a8ffac38ae149c4d3fece4163 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Mon, 30 Oct 2023 15:36:49 +0800
Subject: [PATCH 072/237] Update notes for docker

---
 .../Certify.Service.Worker/Certify.Service.Worker/readme.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
index 0d33aeb8a..aa95fc5c0 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
@@ -73,3 +73,9 @@ dotnet publish -c Release -r linux-x64 --self-contained true
 Single File:
 
 dotnet publish -c Release -r win-x64 --self-contained true -p:PublishSingleFile=true
+
+
+Docker
+---------
+Requires a dockerfile to define how to build the images. certify-manager/docker for more dockerfile examples
+Requries Microsoft.VisualStudio.Azure.Containers.Tools.Targets NuGet package installed in the project to hook up docker integration.

From 5fd625bf7260ad83e90a2956424ac0ce95b0a294 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Tue, 31 Oct 2023 13:30:19 -0700
Subject: [PATCH 073/237] Added 31 new unit tests for methods in
 CertifyManage.Account

---
 docs/testing.md                               |   8 +-
 .../CertifyManager/CertifyManager.Account.cs  |  30 +-
 .../Certify.Core.Tests.Unit.csproj            |   1 +
 .../CertifyManagerAccountTests.cs             | 807 ++++++++++++++++++
 4 files changed, 816 insertions(+), 30 deletions(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs

diff --git a/docs/testing.md b/docs/testing.md
index 00c00ba28..2706964c8 100644
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -3,6 +3,11 @@ Testing Configuration
 
 - In Visual Studio (or other Test UI such as AxoCover), set execution environment to 64-bit to ensure tests load.
 - Units tests are for discreet function testing or limited component dependency tests.
+    - `CertifyManagerAccountTests` require an existing Prod and Staging ACME account for letsencrypt.org to exist. It also requires a `.env.test_accounts` file in the directory `C:\ProgramData\certify\Tests` with values for `RESTORE_KEY_PEM`, `RESTORE_ACCOUNT_URI`, and `RESTORE_ACCOUNT_EMAIL` for an existing letsencrypt.org ACME account
+      ```.env
+      RESTORE_KEY_PEM="-----BEGIN EC PRIVATE KEY-----\r\nMHcCAQEEINL5koIn4o+an+EwyDQEd4Ggnxra5j7Oro13M5klKmhaoAoGCCqGSM49\r\nAwEHoUQDQgAEPF7u1CLMe9FIBQo0MVmv7vlvqGOdSERG5nRLkNKTDUgBRxkXGqY+\r\nGbnnzXUb7j4g7VN7CuEy0SpCdFItD+63hQ==\r\n-----END EC PRIVATE KEY-----\r\n"
+      RESTORE_ACCOUNT_URI=https://acme-staging-v02.api.letsencrypt.org/acme/acct/123456789
+      RESTORE_ACCOUNT_EMAIL=admin.8c635b@test.com
 - Integration tests exercise multiple components and may interact with ACME services etc. Required elements include:
 	- IIS Installed on local machine
     - The debug version of the app must be configured with a contact against staging Let's Encrypt servers
@@ -26,8 +31,7 @@ Testing Configuration
         "Cloudflare_ZoneId": "5265262gdd562s4x6xd64zxczxcv",
         "Cloudflare_TestDomain": "anothertest.com"
     }
-```
-In addition, the test domain for some tests can be set using the CERTIFYSSLDOMAIN environment variable.
+- In addition, the test domain for some tests can be set using the CERTIFYSSLDOMAIN environment variable.
 		
 
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index c93efeb16..c9186e3fb 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -670,33 +670,7 @@ public async Task<ActionResult> RemoveCertificateAuthority(string id)
             }
         }
 
-        /// <summary>
-        /// Load cached set of ACME Certificate authorities
-        /// </summary>
-        private void LoadCertificateAuthorities()
-        {
-            _certificateAuthorities.Clear();
-
-            // load core CAs and custom CAs
-            foreach (var ca in CertificateAuthority.CoreCertificateAuthorities)
-            {
-                _certificateAuthorities.TryAdd(ca.Id, ca);
-            }
-
-            try
-            {
-                var customCAs = SettingsManager.GetCustomCertificateAuthorities();
-
-                foreach (var ca in customCAs)
-                {
-                    _certificateAuthorities.TryAdd(ca.Id, ca);
-                }
-            }
-            catch (Exception exp)
-            {
-                // failed to load custom CAs
-                _serviceLog?.Error(exp.Message);
-            }
+            return await Task.FromResult(new ActionResult("An error occurred removing the indicated Custom CA from the Certificate Authorities list.", false));
         }
     }
 }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 48a2bc52f..d694a6b47 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -136,6 +136,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="DotNetEnv" Version="2.5.0"/>
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
new file mode 100644
index 000000000..a0a75fa02
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
@@ -0,0 +1,807 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using Certify.ACME.Anvil;
+using Certify.Management;
+using Certify.Models;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class CertifyManagerAccountTests
+    {
+        private readonly CertifyManager _certifyManager;
+
+        public CertifyManagerAccountTests()
+        {
+            _certifyManager = new CertifyManager();
+            _certifyManager.Init().Wait();
+            var testCredentialsPath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests", ".env.test_accounts");
+            DotNetEnv.Env.Load(testCredentialsPath);
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetAccountDetails()")]
+        public async Task TestCertifyManagerGetAccountDetails()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when passed in managed certificate is null")]
+        public async Task TestCertifyManagerGetAccountDetailsNullItem()
+        {
+            var caAccount = await _certifyManager.GetAccountDetails(null);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when allowCache is false")]
+        public async Task TestCertifyManagerGetAccountDetailsAllowCacheFalse()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, false);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when CertificateAuthorityId is defined in passed ManagedCertificate")]
+        public async Task TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "letsencrypt.org" });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+            Assert.AreEqual("letsencrypt.org", caAccount.CertificateAuthorityId, $"Unexpected certificate authority id '{caAccount.CertificateAuthorityId}'");
+        }
+        
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when OverrideAccountDetails is defined in CertifyManager")]
+        public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetails()
+        {
+            var testUrl = "test.com";
+            var account = new AccountDetails
+            {
+                AccountKey = "",
+                AccountURI = "",
+                Title = "Dev",
+                Email = "test@certifytheweb.com",
+                CertificateAuthorityId = "letsencrypt.org",
+                StorageKey = "dev",
+                IsStagingAccount = true,
+            };
+            _certifyManager.OverrideAccountDetails = account;
+
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+            Assert.AreEqual("test@certifytheweb.com", caAccount.Email);
+
+            _certifyManager.OverrideAccountDetails = null;
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when there is no matching account")]
+        public async Task TestCertifyManagerGetAccountDetailsNoMatches()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "sectigo-ev" });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+            Assert.IsNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when there is no matching account")]
+        public async Task TestCertifyManagerGetAccountDetailsIsResumeOrder()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "letsencrypt.org", LastAttemptedCA = "zerossl.com" });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, true, false, true);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when allowFailover is true")]
+        public async Task TestCertifyManagerGetAccountDetailsAllowFailover()
+        {
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, true, true);
+            Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.AddAccount()")]
+        public async Task TestCertifyManagerAddAccount()
+        {
+            AccountDetails accountDetails = null;
+            try
+            {
+                // Setup account registration info
+                var contactRegEmail = "admin."+ Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+                var contactRegistration = new ContactRegistration
+                {
+                    AgreedToTermsAndConditions = true,
+                    CertificateAuthorityId = "letsencrypt.org",
+                    EmailAddress = contactRegEmail,
+                    ImportedAccountKey = "",
+                    ImportedAccountURI = "",
+                    IsStaging = true
+                };
+                
+                // Add account
+                var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+                Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+                accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+                Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            }
+            finally
+            {
+                // Cleanup added account
+                if (accountDetails != null)
+                {
+                    await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+                }
+            }
+        }
+        
+        [TestMethod, Description("Happy path test for using CertifyManager.RemoveAccount()")]
+        public async Task TestCertifyManagerRemoveAccount()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin."+ Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+            
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Remove account
+            var removeAccountRes = await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+            Assert.IsTrue(removeAccountRes.IsSuccess, $"Expected account removal to be successful for {contactRegEmail}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when AgreedToTermsAndConditions is false")]
+        public async Task TestCertifyManagerAddAccountDidNotAgree()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = false,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Attempt to add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsFalse(addAccountRes.IsSuccess, $"Expected account creation to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(addAccountRes.Message, "You must agree to the terms and conditions of the Certificate Authority to register with them.", "Unexpected error message");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when CertificateAuthorityId is a bad value")]
+        public async Task TestCertifyManagerAddAccountBadCaId()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "bad_ca.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Attempt to add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsFalse(addAccountRes.IsSuccess, $"Expected account creation to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(addAccountRes.Message, "Invalid Certificate Authority specified.", "Unexpected error message");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when ImportedAccountKey is a blank value")]
+        public async Task TestCertifyManagerAddAccountMissingAccountKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/123403114",
+                IsStaging = true
+            };
+
+            // Attempt to add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsFalse(addAccountRes.IsSuccess, $"Expected account creation to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(addAccountRes.Message, "To import account details both the existing account URI and account key in PEM format are required. ", "Unexpected error message");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when ImportedAccountURI is a blank value")]
+        public async Task TestCertifyManagerAddAccountMissingAccountUri()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = DotNetEnv.Env.GetString("RESTORE_KEY_PEM"),
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Attempt to add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsFalse(addAccountRes.IsSuccess, $"Expected account creation to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(addAccountRes.Message, "To import account details both the existing account URI and account key in PEM format are required. ", "Unexpected error message");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when ImportedAccountKey is a bad value")]
+        public async Task TestCertifyManagerAddAccountBadAccountKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "tHiSiSnOtApEm",
+                ImportedAccountURI = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_URI"),
+                IsStaging = true
+            };
+
+            // Attempt to add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsFalse(addAccountRes.IsSuccess, $"Expected account creation to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(addAccountRes.Message, "The provided account key was invalid or not supported for import. A PEM (text) format RSA or ECDA private key is required.", "Unexpected error message");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for CertifyManager.AddAccount() when ImportedAccountKey and ImportedAccountURI are valid")]
+        public async Task TestCertifyManagerAddAccountImport()
+        {
+            // Setup account registration info
+            //var contactRegEmail = "admin.98b9a6@test.com";
+            var contactRegEmail = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_EMAIL");
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = DotNetEnv.Env.GetString("RESTORE_KEY_PEM"),
+                ImportedAccountURI = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_URI"),
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Remove account
+            var removeAccountRes = await _certifyManager.RemoveAccount(accountDetails.StorageKey);
+            Assert.IsTrue(removeAccountRes.IsSuccess, $"Expected account removal to be successful for {contactRegEmail}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.RemoveAccount() with a bad storage key")]
+        public async Task TestCertifyManagerRemoveAccountBadKey()
+        {
+            // Attempt to remove account with bad storage key
+            var badStorageKey = "8da1a662-18ed-4787-a0b1-dc36db5a866b";
+            var removeAccountRes = await _certifyManager.RemoveAccount(badStorageKey, true);
+            Assert.IsFalse(removeAccountRes.IsSuccess, $"Expected account removal to be unsuccessful for storage key {badStorageKey}");
+            Assert.AreEqual(removeAccountRes.Message, "Account not found.", "Unexpected error message");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetAccountAndACMEProvider()")]
+        public async Task TestCertifyManagerGetAccountAndAcmeProvider()
+        {
+            AccountDetails accountDetails = null;
+            try
+            {
+                // Setup account registration info
+                var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+                var contactRegistration = new ContactRegistration
+                {
+                    AgreedToTermsAndConditions = true,
+                    CertificateAuthorityId = "letsencrypt.org",
+                    EmailAddress = contactRegEmail,
+                    ImportedAccountKey = "",
+                    ImportedAccountURI = "",
+                    IsStaging = true
+                };
+
+                // Add account
+                var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+                Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+                accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+                Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+                var (account, certAuthority, acmeProvider) = await _certifyManager.GetAccountAndACMEProvider(accountDetails.StorageKey);
+                Assert.IsNotNull(account, $"Expected account returned by GetAccountAndACMEProvider() to not be null for storage key {accountDetails.StorageKey}");
+                Assert.IsNotNull(certAuthority, $"Expected certAuthority returned by GetAccountAndACMEProvider() to not be null for storage key {accountDetails.StorageKey}");
+                Assert.IsNotNull(acmeProvider, $"Expected acmeProvider returned by GetAccountAndACMEProvider() to not be null for storage key {accountDetails.StorageKey}");
+            }
+            finally
+            {
+                // Cleanup added account
+                if (accountDetails != null)
+                {
+                    await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+                }
+            }
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetAccountAndACMEProvider() with a bad storage key")]
+        public async Task TestCertifyManagerGetAccountAndAcmeProviderBadKey()
+        {
+            // Attempt to retrieve account with bad storage key
+            var badStorageKey = "8da1a662-18ed-4787-a0b1-dc36db5a866b";
+            var (account, certAuthority, acmeProvider) = await _certifyManager.GetAccountAndACMEProvider(badStorageKey);
+            Assert.IsNull(account, $"Expected account returned by GetAccountAndACMEProvider() to be null for storage key {badStorageKey}");
+            Assert.IsNull(certAuthority, $"Expected certAuthority returned by GetAccountAndACMEProvider() to be null for storage key {badStorageKey}");
+            Assert.IsNull(acmeProvider, $"Expected acmeProvider returned by GetAccountAndACMEProvider() to be null for storage key {badStorageKey}");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.UpdateAccountContact()")]
+        public async Task TestCertifyManagerUpdateAccountContact()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Update account
+            var newContactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var newContactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = newContactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+            var updateAccountRes = await _certifyManager.UpdateAccountContact(accountDetails.StorageKey, newContactRegistration);
+            Assert.IsTrue(updateAccountRes.IsSuccess, $"Expected account creation to be successful for {newContactRegEmail}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == newContactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {newContactRegEmail}");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.UpdateAccountContact() when AgreedToTermsAndConditions is false")]
+        public async Task TestCertifyManagerUpdateAccountContactNoAgreement()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Update account
+            var newContactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var newContactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = false,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = newContactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+            var updateAccountRes = await _certifyManager.UpdateAccountContact(accountDetails.StorageKey, newContactRegistration);
+            Assert.IsFalse(updateAccountRes.IsSuccess, $"Expected account creation to not be successful for {newContactRegEmail}");
+            Assert.AreEqual(updateAccountRes.Message, "You must agree to the terms and conditions of the Certificate Authority to register with them.", "Unexpected error message");
+            var newAccountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == newContactRegEmail);
+            Assert.IsNull(newAccountDetails, $"Expected none of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {newContactRegEmail}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.UpdateAccountContact() when passed storage key doesn't exist")]
+        public async Task TestCertifyManagerUpdateAccountContactBadKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Update account
+            var newContactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var newContactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = newContactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+            var badStorageKey = Guid.NewGuid().ToString();
+            var updateAccountRes = await _certifyManager.UpdateAccountContact(badStorageKey, newContactRegistration);
+            Assert.IsFalse(updateAccountRes.IsSuccess, $"Expected account creation to not be successful for {newContactRegEmail}");
+            Assert.AreEqual(updateAccountRes.Message, "Account not found.", "Unexpected error message");
+            var newAccountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == newContactRegEmail);
+            Assert.IsNull(newAccountDetails, $"Expected none of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {newContactRegEmail}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.ChangeAccountKey()")]
+        public async Task TestCertifyManagerChangeAccountKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            var firstAccountKey = accountDetails.AccountKey;
+
+            // Update account key
+            var newKeyPem = KeyFactory.NewKey(KeyAlgorithm.ES256).ToPem();
+            var changeAccountKeyRes = await _certifyManager.ChangeAccountKey(accountDetails.StorageKey, newKeyPem);
+            Assert.IsTrue(changeAccountKeyRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            Assert.AreEqual(changeAccountKeyRes.Message, "Completed account key rollover", "Unexpected message for CertifyManager.GetAccountRegistrations() success");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            Assert.AreNotEqual(firstAccountKey, accountDetails.AccountKey, $"Expected account key for {contactRegEmail} to have changed after successful CertifyManager.ChangeAccountKey()");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.ChangeAccountKey() with no passed in new account key")]
+        public async Task TestCertifyManagerChangeAccountKeyNull()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            var firstAccountKey = accountDetails.AccountKey;
+
+            // Update account key
+            var changeAccountKeyRes = await _certifyManager.ChangeAccountKey(accountDetails.StorageKey);
+            Assert.IsTrue(changeAccountKeyRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            Assert.AreEqual(changeAccountKeyRes.Message, "Completed account key rollover", "Unexpected message for CertifyManager.GetAccountRegistrations() success");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            Assert.AreNotEqual(firstAccountKey, accountDetails.AccountKey, $"Expected account key for {contactRegEmail} to have changed after successful CertifyManager.ChangeAccountKey()");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.ChangeAccountKey() when passed an invalid storage key")]
+        public async Task TestCertifyManagerChangeAccountKeyBadStorageKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account key update to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            var firstAccountKey = accountDetails.AccountKey;
+
+            // Attempt to update account key
+            var newKeyPem = KeyFactory.NewKey(KeyAlgorithm.ES256).ToPem();
+            var badStorageKey = Guid.NewGuid().ToString();
+            var changeAccountKeyRes = await _certifyManager.ChangeAccountKey(badStorageKey, newKeyPem);
+            Assert.IsFalse(changeAccountKeyRes.IsSuccess, $"Expected account key update to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(changeAccountKeyRes.Message, "Failed to match account to known ACME provider", "Unexpected error message for CertifyManager.GetAccountRegistrations() failure");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            Assert.AreEqual(firstAccountKey, accountDetails.AccountKey, $"Expected account key for {contactRegEmail} not to have changed after unsuccessful CertifyManager.ChangeAccountKey()");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.ChangeAccountKey() when passed an invalid new account key")]
+        public async Task TestCertifyManagerChangeAccountKeyBadAccountKey()
+        {
+            // Setup account registration info
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = "letsencrypt.org",
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account key update to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            var firstAccountKey = accountDetails.AccountKey;
+
+            // Attempt to update account key
+            var badKeyPem = KeyFactory.NewKey(KeyAlgorithm.ES256).ToPem().Substring(20);
+            var changeAccountKeyRes = await _certifyManager.ChangeAccountKey(accountDetails.StorageKey, badKeyPem);
+            Assert.IsFalse(changeAccountKeyRes.IsSuccess, $"Expected account key update to be unsuccessful for {contactRegEmail}");
+            Assert.AreEqual(changeAccountKeyRes.Message, "Failed to use provide key for account rollover", "Unexpected error message for CertifyManager.GetAccountRegistrations() failure");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
+            Assert.AreEqual(firstAccountKey, accountDetails.AccountKey, $"Expected account key for {contactRegEmail} not to have changed after unsuccessful CertifyManager.ChangeAccountKey()");
+
+            // Cleanup account
+            await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.UpdateCertificateAuthority() to add a new custom CA")]
+        public async Task TestCertifyManagerUpdateCertificateAuthorityAdd()
+        {
+            CertificateAuthority newCustomCa = null;
+            try
+            {
+                newCustomCa = new CertificateAuthority
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    Title = "Test Custom CA",
+                    IsCustom = true,
+                    IsEnabled = true,
+                    SupportedFeatures = new List<string>
+                    {
+                        CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                    }
+                };
+                var updateCaRes = await _certifyManager.UpdateCertificateAuthority(newCustomCa);
+                Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {newCustomCa.Id} to be successful");
+                Assert.AreEqual(updateCaRes.Message, "OK", "Unexpected result message for CertifyManager.UpdateCertificateAuthority() success");
+                var certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+                var newCaDetails = certificateAuthorities.Find(c => c.Id == newCustomCa.Id);
+                Assert.IsNotNull(newCaDetails, $"Expected one of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {newCustomCa.Id}");
+            }
+            finally
+            {
+                if (newCustomCa != null)
+                {
+                    await _certifyManager.RemoveCertificateAuthority(newCustomCa.Id);
+                }
+            }
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.UpdateCertificateAuthority() to update an existing custom CA")]
+        public async Task TestCertifyManagerUpdateCertificateAuthorityUpdate()
+        {
+            CertificateAuthority newCustomCa = null;
+            try
+            {
+                newCustomCa = new CertificateAuthority
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    Title = "Test Custom CA",
+                    IsCustom = true,
+                    IsEnabled = true,
+                    AllowInternalHostnames = false,
+                    SupportedFeatures = new List<string>
+                    {
+                        CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                    }
+                };
+                
+                // Add new CA
+                var addCaRes = await _certifyManager.UpdateCertificateAuthority(newCustomCa);
+                Assert.IsTrue(addCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {newCustomCa.Id} to be successful");
+                Assert.AreEqual(addCaRes.Message, "OK", "Unexpected result message for CertifyManager.UpdateCertificateAuthority() success");
+                var certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+                var newCaDetails = certificateAuthorities.Find(c => c.Id == newCustomCa.Id);
+                Assert.IsNotNull(newCaDetails, $"Expected one of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {newCustomCa.Id}");
+                Assert.IsFalse(newCaDetails.AllowInternalHostnames);
+
+                var updatedCustomCa = new CertificateAuthority
+                {
+                    Id = newCustomCa.Id,
+                    Title = "Test Custom CA",
+                    IsCustom = true,
+                    IsEnabled = true,
+                    AllowInternalHostnames = true,
+                    SupportedFeatures = new List<string>
+                    {
+                        CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                    }
+                };
+                
+                // Update existing CA
+                var updateCaRes = await _certifyManager.UpdateCertificateAuthority(updatedCustomCa);
+                Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA update for CA with ID {updatedCustomCa.Id} to be successful");
+                Assert.AreEqual(updateCaRes.Message, "OK", "Unexpected result message for CertifyManager.UpdateCertificateAuthority() success");
+                certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+                newCaDetails = certificateAuthorities.Find(c => c.Id == updatedCustomCa.Id);
+                Assert.IsNotNull(newCaDetails, $"Expected one of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {updatedCustomCa.Id}");
+                Assert.IsTrue(newCaDetails.AllowInternalHostnames);
+            }
+            finally
+            {
+                if (newCustomCa != null)
+                {
+                    await _certifyManager.RemoveCertificateAuthority(newCustomCa.Id);
+                }
+            }
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.UpdateCertificateAuthority() on a default CA")]
+        public async Task TestCertifyManagerUpdateCertificateAuthorityDefaultCa()
+        {
+            var certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+            var defaultCa = certificateAuthorities.First();
+            var newCustomCa = new CertificateAuthority
+            {
+                Id = defaultCa.Id,
+                Title = "Test Custom CA",
+                IsCustom = true,
+                IsEnabled = true,
+                AllowInternalHostnames = false,
+                SupportedFeatures = new List<string>
+                {
+                    CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                }
+            };
+
+            // Attempt to update default CA
+            var updateCaRes = await _certifyManager.UpdateCertificateAuthority(newCustomCa);
+            Assert.IsFalse(updateCaRes.IsSuccess, $"Expected CA update for default CA with ID {defaultCa.Id} to be unsuccessful");
+            Assert.AreEqual(updateCaRes.Message, "Default Certificate Authorities cannot be modified.", "Unexpected result message for CertifyManager.UpdateCertificateAuthority() failure");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.RemoveCertificateAuthority()")]
+        public async Task TestCertifyManagerRemoveCertificateAuthority()
+        {
+            var newCustomCa = new CertificateAuthority
+            {
+                Id = Guid.NewGuid().ToString(),
+                Title = "Test Custom CA",
+                IsCustom = true,
+                IsEnabled = true,
+                SupportedFeatures = new List<string>
+                {
+                    CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                }
+            };
+
+            // Add custom CA
+            var updateCaRes = await _certifyManager.UpdateCertificateAuthority(newCustomCa);
+            Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {newCustomCa.Id} to be successful");
+            Assert.AreEqual(updateCaRes.Message, "OK", "Unexpected result message for CertifyManager.UpdateCertificateAuthority() success");
+            var certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+            var newCaDetails = certificateAuthorities.Find(c => c.Id == newCustomCa.Id);
+            Assert.IsNotNull(newCaDetails, $"Expected one of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {newCustomCa.Id}");
+            
+            // Delete custom CA
+            var deleteCaRes = await _certifyManager.RemoveCertificateAuthority(newCustomCa.Id); 
+            Assert.IsTrue(deleteCaRes.IsSuccess, $"Expected Custom CA deletion for CA with ID {newCustomCa.Id} to be successful");
+            Assert.AreEqual(deleteCaRes.Message, "OK", "Unexpected result message for CertifyManager.RemoveCertificateAuthority() success");
+            certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
+            newCaDetails = certificateAuthorities.Find(c => c.Id == newCustomCa.Id);
+            Assert.IsNull(newCaDetails, $"Expected none of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {newCustomCa.Id}");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.RemoveCertificateAuthority() when passed a bad custom CA ID")]
+        public async Task TestCertifyManagerRemoveCertificateAuthorityBadId()
+        {
+            var badId = Guid.NewGuid().ToString();
+
+            // Delete custom CA
+            var deleteCaRes = await _certifyManager.RemoveCertificateAuthority(badId);
+            Assert.IsFalse(deleteCaRes.IsSuccess, $"Expected Custom CA deletion for CA with ID {badId} to be unsuccessful");
+            Assert.AreEqual(deleteCaRes.Message, "An error occurred removing the indicated Custom CA from the Certificate Authorities list.", "Unexpected result message for CertifyManager.RemoveCertificateAuthority() failure");
+        }
+    }
+}

From 4d1c8b5e26ed7d3acedb68ca5aaf00a92c6d971e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 2 Nov 2023 11:59:57 +0800
Subject: [PATCH 074/237] Automated code cleanup

---
 .../AccessControlTests.cs                     |  8 ++++----
 .../BindingMatchTests.cs                      |  5 ++---
 .../CAFailoverTests.cs                        | 20 ++++++++++++-------
 .../CertifyManagerAccountTests.cs             | 20 +++++++++----------
 .../GetDnsProviderTests.cs                    |  2 +-
 5 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
index 66c6bb8bf..b4bf9786f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
@@ -55,7 +55,7 @@ public Task Update<T>(string itemType, T item)
             _store.TryGetValue(o.Id, out var value);
             var c = Task.FromResult((T)Convert.ChangeType(value, typeof(T))).Result as AccessStoreItem;
             var r = Task.FromResult(_store.TryUpdate(o.Id, o, c));
-            if(r.Result == false)
+            if (r.Result == false)
             {
                 throw new Exception("Could not store item type");
             }
@@ -96,8 +96,8 @@ public class TestAssignedRoles
 
     public class TestSecurityPrinciples
     {
-        public static SecurityPrinciple TestAdmin() 
-        { 
+        public static SecurityPrinciple TestAdmin()
+        {
             return new SecurityPrinciple
             {
                 Id = "[test]",
@@ -106,7 +106,7 @@ public static SecurityPrinciple TestAdmin()
                 Email = "test_admin@test.com",
                 Password = "ABCDEFG",
                 PrincipleType = SecurityPrincipleType.User
-            }; 
+            };
         }
         public static SecurityPrinciple Admin()
         {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
index 8b45ca4cc..b492f8874 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
@@ -9,7 +9,6 @@
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Certify.Management;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -527,7 +526,7 @@ public async Task MixedIPBindingChecksBadPfxPath()
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async() => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
+            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx file")]
@@ -667,7 +666,7 @@ public async Task MixedIPBindingChecksBadCertStoreName()
             var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, "BadCertStoreName");
 
             Assert.AreEqual(results.Count, 1);
-            Assert.IsTrue(results[0].HasError);            
+            Assert.IsTrue(results[0].HasError);
             Assert.AreEqual(results[0].Category, "CertificateStorage");
             Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The system cannot find the file specified."));
             Assert.AreEqual(results[0].Title, "Certificate Storage Failed");
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
index da80b9e06..c163e6d27 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
@@ -1,11 +1,9 @@
 using System;
 using System.Collections.Generic;
-using System.Collections.ObjectModel;
 using System.Linq;
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Newtonsoft.Json;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -213,7 +211,7 @@ public void TestBasicNoFallbacks()
         public void TestBasicNextFallbackNull()
         {
             // setup
-            var accounts = GetTestAccounts().FindAll(a  => a.ID != "letsreluctantlyfallback_ABC234_staging");
+            var accounts = GetTestAccounts().FindAll(a => a.ID != "letsreluctantlyfallback_ABC234_staging");
             var caList = GetTestCAs();
 
             var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: "letsfallback");
@@ -221,8 +219,14 @@ public void TestBasicNextFallbackNull()
             // perform check
             var defaultCAAccount = accounts.FirstOrDefault(a => a.CertificateAuthorityId == DEFAULTCA && a.IsStagingAccount == managedCertificate.UseStagingMode);
 
-            accounts.Add(new AccountDetails { ID = "letsfallback_ABC234_staging_isfailover", IsStagingAccount = true, IsFailoverSelection = true, 
-                CertificateAuthorityId = "letsfallback", Title = "A fallback account with is failover" });
+            accounts.Add(new AccountDetails
+            {
+                ID = "letsfallback_ABC234_staging_isfailover",
+                IsStagingAccount = true,
+                IsFailoverSelection = true,
+                CertificateAuthorityId = "letsfallback",
+                Title = "A fallback account with is failover"
+            });
 
             var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts, managedCertificate, defaultCAAccount);
 
@@ -238,7 +242,7 @@ public void TestBasicFailoverOccursWildcardDomainCA()
             var accounts = GetTestAccounts();
             var caList = GetTestCAs();
 
-            var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA, 
+            var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA,
                 new CertRequestConfig { SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray() });
 
             // perform check
@@ -319,7 +323,9 @@ public void TestBasicFailoverOccursOptionalLifetimeDays()
             var caList = GetTestCAs();
 
             var managedCertificate = GetBasicManagedCertificate(RequestState.Error, 3, lastCA: DEFAULTCA,
-                new CertRequestConfig { SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray(),
+                new CertRequestConfig
+                {
+                    SubjectAlternativeNames = new List<string> { "test.com", "anothertest.com", "www.test.com", "*.wildtest.com" }.ToArray(),
                     PreferredExpiryDays = 7,
                 });
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
index a0a75fa02..6f59667d3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
@@ -57,7 +57,7 @@ public async Task TestCertifyManagerGetAccountDetailsDefinedCertificateAuthority
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
             Assert.AreEqual("letsencrypt.org", caAccount.CertificateAuthorityId, $"Unexpected certificate authority id '{caAccount.CertificateAuthorityId}'");
         }
-        
+
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when OverrideAccountDetails is defined in CertifyManager")]
         public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetails()
         {
@@ -116,7 +116,7 @@ public async Task TestCertifyManagerAddAccount()
             try
             {
                 // Setup account registration info
-                var contactRegEmail = "admin."+ Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+                var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
                 var contactRegistration = new ContactRegistration
                 {
                     AgreedToTermsAndConditions = true,
@@ -126,7 +126,7 @@ public async Task TestCertifyManagerAddAccount()
                     ImportedAccountURI = "",
                     IsStaging = true
                 };
-                
+
                 // Add account
                 var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
                 Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
@@ -142,12 +142,12 @@ public async Task TestCertifyManagerAddAccount()
                 }
             }
         }
-        
+
         [TestMethod, Description("Happy path test for using CertifyManager.RemoveAccount()")]
         public async Task TestCertifyManagerRemoveAccount()
         {
             // Setup account registration info
-            var contactRegEmail = "admin."+ Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
@@ -157,7 +157,7 @@ public async Task TestCertifyManagerRemoveAccount()
                 ImportedAccountURI = "",
                 IsStaging = true
             };
-            
+
             // Add account
             var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
             Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
@@ -696,7 +696,7 @@ public async Task TestCertifyManagerUpdateCertificateAuthorityUpdate()
                         CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
                     }
                 };
-                
+
                 // Add new CA
                 var addCaRes = await _certifyManager.UpdateCertificateAuthority(newCustomCa);
                 Assert.IsTrue(addCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {newCustomCa.Id} to be successful");
@@ -718,7 +718,7 @@ public async Task TestCertifyManagerUpdateCertificateAuthorityUpdate()
                         CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
                     }
                 };
-                
+
                 // Update existing CA
                 var updateCaRes = await _certifyManager.UpdateCertificateAuthority(updatedCustomCa);
                 Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA update for CA with ID {updatedCustomCa.Id} to be successful");
@@ -783,9 +783,9 @@ public async Task TestCertifyManagerRemoveCertificateAuthority()
             var certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
             var newCaDetails = certificateAuthorities.Find(c => c.Id == newCustomCa.Id);
             Assert.IsNotNull(newCaDetails, $"Expected one of the CAs returned by CertifyManager.GetCertificateAuthorities() to have an ID of {newCustomCa.Id}");
-            
+
             // Delete custom CA
-            var deleteCaRes = await _certifyManager.RemoveCertificateAuthority(newCustomCa.Id); 
+            var deleteCaRes = await _certifyManager.RemoveCertificateAuthority(newCustomCa.Id);
             Assert.IsTrue(deleteCaRes.IsSuccess, $"Expected Custom CA deletion for CA with ID {newCustomCa.Id} to be successful");
             Assert.AreEqual(deleteCaRes.Message, "OK", "Unexpected result message for CertifyManager.RemoveCertificateAuthority() success");
             certificateAuthorities = await _certifyManager.GetCertificateAuthorities();
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
index 4dcfc9c55..cc5e74f9d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
@@ -14,7 +14,7 @@ public class GetDnsProviderTests
         private SQLiteCredentialStore credentialsManager;
         private DnsChallengeHelper dnsHelper;
 
-        public GetDnsProviderTests() 
+        public GetDnsProviderTests()
         {
             var pluginManager = new PluginManager();
             pluginManager.LoadPlugins(new List<string> { PluginManager.PLUGINS_DNS_PROVIDERS });

From 7f0ef517562a67cb1548412e6332a09f710f33a3 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 2 Nov 2023 13:07:36 -0700
Subject: [PATCH 075/237] Added Integration Tests for CertifyManager.ServerType
 partial class

Adds full line coverage for the file CertifyManager.ServerType.cs

Will require changes once an Apache plugin is created
---
 docs/testing.md                               |   2 +
 .../CertifyManagerServerTypeTests.cs          | 280 ++++++++++++++++++
 2 files changed, 282 insertions(+)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs

diff --git a/docs/testing.md b/docs/testing.md
index 2706964c8..0f1a666e9 100644
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -10,6 +10,8 @@ Testing Configuration
       RESTORE_ACCOUNT_EMAIL=admin.8c635b@test.com
 - Integration tests exercise multiple components and may interact with ACME services etc. Required elements include:
 	- IIS Installed on local machine
+        * A non-enabled site in IIS is needed for TestCertifyManagerGetPrimaryWebSitesIncludeStoppedSites() in CertifyManagerServerTypeTests.cs
+    - Must set IncludeExternalPlugins to true in C:\ProgramData\certify\appsettings.json and run copy-plugins.bat from certify-internal
     - The debug version of the app must be configured with a contact against staging Let's Encrypt servers
 	- Completing HTTP challenges requires that the machine can respond to port 80 requests from the internet (such as the Let's Encrypt staging server checks)
 	- DNS API Credentials test and DNS Challenges require the respective DNS credentials by configured as saved credentials in the UI (see config below)
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
new file mode 100644
index 000000000..74b62fe62
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
@@ -0,0 +1,280 @@
+using System;
+using System.Threading.Tasks;
+using Certify.Management;
+using Certify.Management.Servers;
+using Certify.Models;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests
+{
+    [TestClass]
+    public class CertifyManagerServerTypeTests : IntegrationTestBase, IDisposable 
+    {
+        private readonly CertifyManager _certifyManager;
+        private readonly ServerProviderIIS _iisManager;
+        private readonly string _testSiteName = "Test1ServerTypes";
+        private readonly string _testSiteDomain = "integration1.anothertest.com";
+        private readonly string _testSiteIp = "192.168.68.20";
+        private readonly int _testSiteHttpPort = 80;
+        private string _testSiteId = "";
+
+        public CertifyManagerServerTypeTests()
+        {
+            // Must set IncludeExternalPlugins to true in C:\ProgramData\certify\appsettings.json and run copy-plugins.bat from certify-internal
+            _certifyManager = new CertifyManager();
+            _certifyManager.Init().Wait();
+
+            _iisManager = new ServerProviderIIS();
+            SetupIIS().Wait();
+        }
+
+        public void Dispose() => TeardownIIS().Wait();
+
+        public async Task SetupIIS()
+        {
+            if (await _iisManager.SiteExists(_testSiteName))
+            {
+                await _iisManager.DeleteSite(_testSiteName);
+            }
+
+            var site = await _iisManager.CreateSite(_testSiteName, _testSiteDomain, _primaryWebRoot, "DefaultAppPool", ipAddress: _testSiteIp, port: _testSiteHttpPort);
+            Assert.IsTrue(await _iisManager.SiteExists(_testSiteName));
+            _testSiteId = site.Id.ToString();
+        }
+
+        public async Task TeardownIIS()
+        {
+            await _iisManager.DeleteSite(_testSiteName);
+            Assert.IsFalse(await _iisManager.SiteExists(_testSiteName));
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for IIS")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesIIS()
+        {
+            // Request websites from CertifyManager.GetPrimaryWebSites() for IIS
+            var primaryWebsites = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.IIS, true);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS
+            Assert.IsNotNull(primaryWebsites, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be null");
+            Assert.IsTrue(primaryWebsites.Count > 0, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be empty");
+            Assert.IsTrue(primaryWebsites.Exists(s => s.IsEnabled), "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to have at least one enabled site");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for Apache")]
+        [Ignore]
+        public async Task TestCertifyManagerGetPrimaryWebSitesApache()
+        {
+            // TODO: Support for Apache via plugin must be added
+            // This test requires at least one website in Apache to be active
+            var primaryWebsites = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.Apache, true);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for Apache
+            Assert.IsNotNull(primaryWebsites, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for Apache sites to not be null");
+            Assert.IsTrue(primaryWebsites.Count > 0, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for Apache sites to not be empty");
+            Assert.IsTrue(primaryWebsites.Exists(s => s.IsEnabled), "Expected website list returned by CertifyManager.GetPrimaryWebSites() for Apache sites to have at least one enabled site");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for Nginx")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesNginx()
+        {
+            // This test requires at least one website in Nginx conf to be defined
+            var primaryWebsites = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.Nginx, true);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for Nginx
+            Assert.IsNotNull(primaryWebsites, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for Nginx sites to not be null");
+            Assert.IsTrue(primaryWebsites.Count > 0, "Expected website list returned by CertifyManager.GetPrimaryWebSites() to not be empty");
+            Assert.IsTrue(primaryWebsites.Exists(s => s.IsEnabled), "Expected website list returned by CertifyManager.GetPrimaryWebSites() for Nginx sites to have at least one enabled site");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for IIS using an item id")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesItemId()
+        {
+            // Request website info from CertifyManager.GetPrimaryWebSites() for IIS using Item ID
+            var itemIdWebsite = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.IIS, true, _testSiteId);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS using item id
+            Assert.IsNotNull(itemIdWebsite, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be null");
+            Assert.AreEqual(1, itemIdWebsite.Count, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be empty");
+            Assert.AreEqual(_testSiteId, itemIdWebsite[0].Id, "Expected the same Item Id for SiteInfo objects returned by CertifyManager.GetPrimaryWebSites() for IIS sites");
+            Assert.AreEqual(_testSiteName, itemIdWebsite[0].Name, "Expected the same Name for SiteInfo objects returned by CertifyManager.GetPrimaryWebSites() for IIS sites");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetPrimaryWebSites() for IIS using a bad item id")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesBadItemId()
+        {
+            // Request website from CertifyManager.GetPrimaryWebSites() using a non-existent Item ID
+            var itemIdWebsite = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.IIS, true, "bad_id");
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS using a non-existent Item ID
+            Assert.IsNotNull(itemIdWebsite, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be null");
+            Assert.AreEqual(1, itemIdWebsite.Count, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be empty");
+            Assert.IsNull(itemIdWebsite[0], "Expected website list object returned by CertifyManager.GetPrimaryWebSites() for IIS with a bad itemId to be null");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for IIS including stopped sites")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesIncludeStoppedSites()
+        {
+            // This test requires at least one website in IIS that is stopped
+            var primaryWebsites = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.IIS, false);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS
+            Assert.IsNotNull(primaryWebsites, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be null");
+            Assert.IsTrue(primaryWebsites.Count > 0, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to not be empty");
+            Assert.IsTrue(primaryWebsites.Exists(s => s.IsEnabled), "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to have at least one enabled site");
+            Assert.IsTrue(primaryWebsites.Exists(s => s.IsEnabled == false), "Expected website list returned by CertifyManager.GetPrimaryWebSites() for IIS sites to have at least one disabled site");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetPrimaryWebSites() when server type is not found")]
+        public async Task TestCertifyManagerGetPrimaryWebSitesServerTypeNotFound()
+        {
+            // Request websites from CertifyManager.GetPrimaryWebSites() using StandardServerTypes.Other
+            var primaryWebsites = await _certifyManager.GetPrimaryWebSites(StandardServerTypes.Other, true);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for StandardServerTypes.Other
+            Assert.IsNotNull(primaryWebsites, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for StandardServerTypes.Other to not be null");
+            Assert.AreEqual(0, primaryWebsites.Count, "Expected website list returned by CertifyManager.GetPrimaryWebSites() for StandardServerTypes.Other to be empty");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetDomainOptionsFromSite() for IIS")]
+        public async Task TestCertifyManagerGetDomainOptionsFromSite()
+        {
+            // Request website Domain Options using Item ID
+            var siteDomainOptions = await _certifyManager.GetDomainOptionsFromSite(StandardServerTypes.IIS, _testSiteId);
+
+            // Evaluate return from CertifyManager.GetDomainOptionsFromSite() for IIS
+            Assert.IsNotNull(siteDomainOptions, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for IIS to not be null");
+            Assert.AreEqual(1, siteDomainOptions.Count, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for IIS to not be empty");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetDomainOptionsFromSite() for IIS site with no defined domain")]
+        public async Task TestCertifyManagerGetDomainOptionsFromSiteNoDomain()
+        {
+            // Verify no domain site does not exist from previous test run
+            var noDomainSiteName = "NoDomainSite";
+            if (await _iisManager.SiteExists(noDomainSiteName))
+            {
+                await _iisManager.DeleteSite(noDomainSiteName);
+            }
+
+            // Add no domain site
+            var noDomainSite = await _iisManager.CreateSite(noDomainSiteName, "", _primaryWebRoot, "DefaultAppPool", port: 81);
+            Assert.IsTrue(await _iisManager.SiteExists(_testSiteName), "Expected no domain site to be created");
+            var noDomainSiteId = noDomainSite.Id.ToString();
+            
+            // Request website Domain Options using Item ID
+            var siteDomainOptions = await _certifyManager.GetDomainOptionsFromSite(StandardServerTypes.IIS, noDomainSiteId);
+
+            // Evaluate return from CertifyManager.GetDomainOptionsFromSite() for IIS
+            Assert.IsNotNull(siteDomainOptions, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for IIS to not be null");
+            Assert.AreEqual(0, siteDomainOptions.Count, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for IIS to be empty");
+
+            // Remove no domain site
+            await _iisManager.DeleteSite(noDomainSiteName);
+            Assert.IsFalse(await _iisManager.SiteExists(noDomainSiteName), "Expected no domain site to be deleted");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetDomainOptionsFromSite() when server type is not found")]
+        public async Task TestCertifyManagerGetDomainOptionsFromSiteServerTypeNotFound()
+        {
+            // Request website Domain Options for a non-initialized server type (StandardServerTypes.Other)
+            var siteDomainOptions = await _certifyManager.GetDomainOptionsFromSite(StandardServerTypes.Other, "1");
+
+            // Evaluate return from CertifyManager.GetDomainOptionsFromSite() for StandardServerTypes.Other
+            Assert.IsNotNull(siteDomainOptions, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for StandardServerTypes.Other to not be null");
+            Assert.AreEqual(0, siteDomainOptions.Count, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for StandardServerTypes.Other to be empty");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetDomainOptionsFromSite() for IIS using a bad item id")]
+        public async Task TestCertifyManagerGetDomainOptionsFromSiteBadItemId()
+        {
+            // Request website Domain Options using a non-existent Item ID for IIS
+            var siteDomainOptions = await _certifyManager.GetDomainOptionsFromSite(StandardServerTypes.IIS, "bad_id");
+
+            // Evaluate return from CertifyManager.GetDomainOptionsFromSite() using a non-existent Item ID
+            Assert.IsNotNull(siteDomainOptions, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() to not be null");
+            Assert.AreEqual(0, siteDomainOptions.Count, "Expected domain options list returned by CertifyManager.GetDomainOptionsFromSite() for a non-existent Item ID to be empty");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.IsServerTypeAvailable()")]
+        public async Task TestCertifyManagerIsServerTypeAvailable()
+        {
+            // This test requires at least one website in Nginx conf to be defined
+            var isIisAvailable = await _certifyManager.IsServerTypeAvailable(StandardServerTypes.IIS);
+            var isNginxAvailable = await _certifyManager.IsServerTypeAvailable(StandardServerTypes.Nginx);
+            var isApacheAvailable = await _certifyManager.IsServerTypeAvailable(StandardServerTypes.Apache);
+            var isOtherAvailable = await _certifyManager.IsServerTypeAvailable(StandardServerTypes.Other);
+
+            // Evaluate returns from CertifyManager.IsServerTypeAvailable()
+            Assert.IsTrue(isIisAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one IIS site is active");
+            
+            Assert.IsTrue(isNginxAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one Nginx site is active");
+            
+            Assert.IsFalse(isApacheAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be false when Apache plugin does not exist");
+            // TODO: Support for Apache via plugin must be added to enable the next assert
+            //Assert.IsTrue(isApacheAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one Apache site is active");
+            
+            Assert.IsFalse(isOtherAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be false for StandardServerTypes.Other");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetServerTypeVersion()")]
+        public async Task TestCertifyManagerGetServerTypeVersion()
+        {
+            // This test requires at least one website in Nginx conf to be defined
+            var iisServerVersion = await _certifyManager.GetServerTypeVersion(StandardServerTypes.IIS);
+            var nginxServerVersion = await _certifyManager.GetServerTypeVersion(StandardServerTypes.Nginx);
+            var apacheServerVersion = await _certifyManager.GetServerTypeVersion(StandardServerTypes.Apache);
+            var otherServerVersion = await _certifyManager.GetServerTypeVersion(StandardServerTypes.Other);
+
+            var unknownVersion = new Version(0, 0);
+
+            // Evaluate returns from CertifyManager.GetServerTypeVersion()
+            Assert.AreNotEqual(unknownVersion, iisServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one IIS site is active");
+            Assert.IsTrue(iisServerVersion.Major > 0);
+            
+            Assert.AreNotEqual(unknownVersion, nginxServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one Nginx site is active");
+            Assert.IsTrue(nginxServerVersion.Major > 0);
+            
+            Assert.AreEqual(unknownVersion, apacheServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be unknown when Apache plugin does not exist");
+            // TODO: Support for Apache via plugin must be added to enable the next assert
+            //Assert.AreNotEqual(unknownVersion, isApacheAvailable, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one Apache site is active");
+            
+            Assert.AreEqual(unknownVersion, otherServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be unknown for StandardServerTypes.Other");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.RunServerDiagnostics() for IIS")]
+        public async Task TestCertifyManagerRunServerDiagnostics()
+        {
+            // Run diagnostics on the IIS site using Item ID
+            var siteDiagnostics = await _certifyManager.RunServerDiagnostics(StandardServerTypes.IIS, _testSiteId);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS
+            Assert.IsNotNull(siteDiagnostics, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for IIS site to not be null");
+            Assert.AreEqual(1, siteDiagnostics.Count, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for IIS site to not be empty");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.RunServerDiagnostics() when server type is not found")]
+        public async Task TestCertifyManagerRunServerDiagnosticsServerTypeNotFound()
+        {
+            // Run diagnostics for a non-initialized server type (StandardServerTypes.Other)
+            var siteDiagnostics = await _certifyManager.RunServerDiagnostics(StandardServerTypes.Other, _testSiteId);
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for StandardServerTypes.Other
+            Assert.IsNotNull(siteDiagnostics, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for StandardServerTypes.Other to not be null");
+            Assert.AreEqual(0, siteDiagnostics.Count, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for StandardServerTypes.Other to be empty");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.RunServerDiagnostics() using a bad item id")]
+        public async Task TestCertifyManagerRunServerDiagnosticsBadItemId()
+        {
+            // Run diagnostics on the IIS site using bad Item ID
+            var siteDiagnostics = await _certifyManager.RunServerDiagnostics(StandardServerTypes.IIS, "bad_id");
+
+            // Evaluate return from CertifyManager.GetPrimaryWebSites() for IIS with bad Item ID
+            Assert.IsNotNull(siteDiagnostics, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for IIS site to not be null");
+
+            // Note: There seems to be no difference at the moment as to whether the Item ID passed in is valid or not,
+            // as RunServerDiagnostics() for IIS never uses the passed siteId string (is this intentional?)
+            Assert.AreEqual(1, siteDiagnostics.Count, "Expected diagnostics list returned by CertifyManager.RunServerDiagnostics() for IIS site to be empty");
+        }
+    }
+}

From 820eecf001a2ba7e11645cf2c0098e63ac9929c4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 3 Nov 2023 15:47:59 +0800
Subject: [PATCH 076/237] Settings > Certificate Authorities, convert some text
 to resources

---
 src/Certify.Locales/SR.Designer.cs             | 18 ++++++++++++++++++
 src/Certify.Locales/SR.resx                    |  8 +++++++-
 .../Settings/CertificateAuthorities.xaml       | 11 +++++------
 src/Certify.UI/App.xaml                        | 14 +++++---------
 4 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/src/Certify.Locales/SR.Designer.cs b/src/Certify.Locales/SR.Designer.cs
index 47f9f432f..383805912 100644
--- a/src/Certify.Locales/SR.Designer.cs
+++ b/src/Certify.Locales/SR.Designer.cs
@@ -1619,6 +1619,24 @@ public static string Settings_AutoRenewalRequestLimit {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to If you register with multiple authorities this may enable you to use automatic Certificate Authority Failover, so if your preferred Certificate Authority can&apos;t issue a new certificate an alternative compatible provider can be used automatically..
+        /// </summary>
+        public static string Settings_CA_Fallback {
+            get {
+                return ResourceManager.GetString("Settings_CA_Fallback", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to  Certificate Authorities are the organisations who can issue trusted certificates. You need to register an account for each (ACME) Certificate Authority you wish to use. Accounts can either be Production (live, trusted certificates) or Staging (test, non-trusted)..
+        /// </summary>
+        public static string Settings_CA_Intro {
+            get {
+                return ResourceManager.GetString("Settings_CA_Intro", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Check for updates automatically.
         /// </summary>
diff --git a/src/Certify.Locales/SR.resx b/src/Certify.Locales/SR.resx
index a9d642894..1074da072 100644
--- a/src/Certify.Locales/SR.resx
+++ b/src/Certify.Locales/SR.resx
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -698,4 +698,10 @@
   <data name="ExpiryDateConverter_CertificateExpiredNHoursAgo" xml:space="preserve">
     <value>Expired {0} hours ago</value>
   </data>
+  <data name="Settings_CA_Intro" xml:space="preserve">
+    <value> Certificate Authorities are the organisations who can issue trusted certificates. You need to register an account for each (ACME) Certificate Authority you wish to use. Accounts can either be Production (live, trusted certificates) or Staging (test, non-trusted).</value>
+  </data>
+  <data name="Settings_CA_Fallback" xml:space="preserve">
+    <value>If you register with multiple authorities this may enable you to use automatic Certificate Authority Failover, so if your preferred Certificate Authority can't issue a new certificate an alternative compatible provider can be used automatically.</value>
+  </data>
 </root>
diff --git a/src/Certify.UI.Shared/Controls/Settings/CertificateAuthorities.xaml b/src/Certify.UI.Shared/Controls/Settings/CertificateAuthorities.xaml
index bc1787558..293bd78a4 100644
--- a/src/Certify.UI.Shared/Controls/Settings/CertificateAuthorities.xaml
+++ b/src/Certify.UI.Shared/Controls/Settings/CertificateAuthorities.xaml
@@ -15,13 +15,12 @@
     <!--  Certificate Authority Preference  -->
     <StackPanel Orientation="Vertical">
 
-        <TextBlock Style="{StaticResource Instructions}">
-            Certificate Authorities are the organisations who can issue trusted certificates. You need to register an account for each (ACME) Certificate Authority you wish to use. Accounts can either be Production (live, trusted certificates) or Staging (test, non-trusted).
-        </TextBlock>
+        <TextBlock Style="{StaticResource Instructions}" Text="{x:Static res:SR.Settings_AutoRenewalRequestLimit}" />
 
-        <TextBlock Style="{StaticResource Instructions}" Visibility="{Binding Converter={StaticResource FeatureVisibilityConverter}, ConverterParameter='CA_FAILOVER', Path=Prefs}">
-            If you register with multiple authorities this may enable you to use automatic Certificate Authority Failover, so if your preferred Certificate Authority can't issue a new certificate an alternative compatible provider can be used automatically.
-        </TextBlock>
+        <TextBlock
+            Style="{StaticResource Instructions}"
+            Text="{x:Static res:SR.Settings_CA_Fallback}"
+            Visibility="{Binding Converter={StaticResource FeatureVisibilityConverter}, ConverterParameter='CA_FAILOVER', Path=Prefs}" />
 
         <StackPanel Orientation="Horizontal">
             <Label Content="{x:Static res:SR.PreferredCertificateAuthority}" />
diff --git a/src/Certify.UI/App.xaml b/src/Certify.UI/App.xaml
index dad6035b3..d62c524e1 100644
--- a/src/Certify.UI/App.xaml
+++ b/src/Certify.UI/App.xaml
@@ -10,13 +10,10 @@
             <ResourceDictionary.MergedDictionaries>
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Controls.xaml" />
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Fonts.xaml" />
-                <ResourceDictionary
-                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
-                <ResourceDictionary
-                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
 
-                <ResourceDictionary
-                    Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
             </ResourceDictionary.MergedDictionaries>
             <!--  Heading  -->
             <Style x:Key="Subheading" TargetType="TextBlock">
@@ -54,8 +51,7 @@
 
             <!--  brush color overrides (tab items and disabled buttons)  -->
             <SolidColorBrush x:Key="MahApps.Brushes.Gray" Color="{DynamicResource MahApps.Colors.SystemChromeHigh}" />
-            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled"
-                             Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
+            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled" Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
 
             <Style TargetType="controls:NumericUpDown">
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />
@@ -78,7 +74,7 @@
                 <Setter Property="controls:ControlsHelper.ContentCharacterCasing" Value="Normal" />
                 <Setter Property="controls:ControlsHelper.CornerRadius" Value="0" />
             </Style>
-            
+
             <!--  control templates  -->
             <DataTemplate x:Key="ProviderHiddenParameter" />
 

From 2793911be7c7aed379d91d26de8716232d92ce95 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 2 Nov 2023 18:03:36 -0700
Subject: [PATCH 077/237] Added new Unit tests for methods in CertifyManager.cs

---
 .../CertifyManagerTests.cs                    | 174 ++++++++++++++++++
 1 file changed, 174 insertions(+)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs
new file mode 100644
index 000000000..7d312aee0
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs
@@ -0,0 +1,174 @@
+using System;
+using System.Threading.Tasks;
+using Certify.Config.Migration;
+using Certify.Management;
+using Certify.Models;
+using Certify.Service;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class CertifyManagerTests
+    {
+        private readonly CertifyManager _certifyManager;
+
+        public CertifyManagerTests()
+        {
+            _certifyManager = new CertifyManager();
+            _certifyManager.Init().Wait();
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.GetACMEProvider()")]
+        public async Task TestCertifyManagerGetACMEProvider()
+        {
+            // Setup test data
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+
+            // Get results from CertifyManager.GetACMEProvider()
+            var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, caAccount);
+
+            // Validate return from CertifyManager.GetACMEProvider()
+            Assert.IsNotNull(acmeClientProvider, "Expected response from CertifyManager.GetACMEProvider() to not be null");
+            Assert.AreEqual("https://acme-staging-v02.api.letsencrypt.org/directory", acmeClientProvider.GetAcmeBaseURI());
+            Assert.AreEqual("Anvil", acmeClientProvider.GetProviderName());
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetACMEProvider() with a null ca account")]
+        public async Task TestCertifyManagerGetACMEProviderNullCaAccount()
+        {
+            // Setup test data
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+
+            // Get results from CertifyManager.GetACMEProvider()
+            var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, null);
+
+            // Validate return from CertifyManager.GetACMEProvider() with null ca account
+            Assert.IsNull(acmeClientProvider, "Expected response from CertifyManager.GetACMEProvider() to be null");
+        }
+
+        [TestMethod, Description("Test for using CertifyManager.GetACMEProvider() with an invalid ca account")]
+        public async Task TestCertifyManagerGetACMEProviderBadCaAccount()
+        {
+            // Setup test data
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var account = new AccountDetails
+            {
+                AccountKey = "",
+                AccountURI = "",
+                Title = "Dev",
+                Email = "test@certifytheweb.com",
+                CertificateAuthorityId = "badca.com",
+                StorageKey = "dev",
+                IsStagingAccount = true,
+            };
+
+            // Get results from CertifyManager.GetACMEProvider()
+            var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, account);
+
+            // Validate return from CertifyManager.GetACMEProvider() with invalid ca account
+            Assert.IsNull(acmeClientProvider, "Expected response from CertifyManager.GetACMEProvider() to be null");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.ReportProgress()")]
+        public async Task TestCertifyManagerReportProgress()
+        {
+            // Setup test data
+            var testUrl = "test.com";
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+
+            var progressState = new RequestProgressState(RequestState.Running, "Starting..", dummyManagedCert);
+            var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
+            _certifyManager.SetStatusReporting(new StatusHubReporting());
+
+            // Set event handler for when Progress changes
+            var progressChanged = false;
+            var progressNewState = RequestState.Running;
+            progressIndicator.ProgressChanged += (obj, e) =>
+            {
+                progressChanged = true;
+                progressNewState = e.CurrentState;
+            };
+
+            // Execute CertifyManager.ReportProgress() with new Warning state
+            _certifyManager.ReportProgress(progressIndicator, new RequestProgressState(RequestState.Warning, "Warning message", dummyManagedCert), logThisEvent: true);
+            await Task.Delay(100);
+            
+            // Validate events from CertifyManager.ReportProgress()
+            Assert.IsTrue(progressChanged, "Expected progressChanged to be true after CertifyManager.ReportProgress() completed");
+            Assert.AreEqual(RequestState.Warning, progressNewState, "Expected progressNewState to be changed to RequestState.Warning");
+
+            // Execute CertifyManager.ReportProgress() with new Error state
+            progressChanged = false;
+            _certifyManager.ReportProgress(progressIndicator, new RequestProgressState(RequestState.Error, "Error message", dummyManagedCert), logThisEvent: true);
+            await Task.Delay(100);
+
+            // Validate events from CertifyManager.ReportProgress()
+            Assert.IsTrue(progressChanged, "Expected progressChanged to be true after CertifyManager.ReportProgress() completed");
+            Assert.AreEqual(RequestState.Error, progressNewState, "Expected progressNewState to be changed to RequestState.Error");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.PerformRenewalTasks()")]
+        public async Task TestCertifyManagerPerformRenewalTasks()
+        {
+            // Get results from CertifyManager.PerformRenewalTasks()
+            var renewalPerformed = await _certifyManager.PerformRenewalTasks();
+
+            // Validate return from CertifyManager.PerformRenewalTasks()
+            Assert.IsTrue(renewalPerformed, "Expected response from CertifyManager.PerformRenewalTasks() to be true");
+        }
+
+        [TestMethod, Description("Happy path test for using CertifyManager.PerformExport() and CertifyManager.PerformImport()")]
+        public async Task TestCertifyManagerPerformExportAndImport()
+        {
+            // Setup export test data
+            var exportReq = new ExportRequest
+            {
+                Filter = new ManagedCertificateFilter { }, 
+                Settings = new ExportSettings { ExportAllStoredCredentials = true, EncryptionSecret = "secret" },
+                IsPreviewMode = false,
+            };
+
+            // Get results from CertifyManager.PerformExport()
+            var performExportRes = await _certifyManager.PerformExport(exportReq);
+
+            // Validate return from CertifyManager.PerformExport()
+            Assert.IsNotNull(performExportRes, "Expected response from CertifyManager.PerformExport() to not be null");
+            Assert.AreEqual(1, performExportRes.FormatVersion, "Expected FormatVersion of response from CertifyManager.PerformExport() to equal 1 by default");
+            Assert.AreEqual("Certify The Web - Exported App Settings", performExportRes.Description, "Unexpected default Description in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(0, performExportRes.Errors.Count, "Unexpected Errors in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(Certify.Management.Util.GetAppVersion(), performExportRes.SystemVersion?.ToVersion(), "Unexpected SystemVersion in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(Environment.MachineName, performExportRes.SourceName, "Unexpected SourceName in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(DateTime.Now.Year, performExportRes.ExportDate.Year, "Unexpected ExportDate.Year in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(DateTime.Now.Day, performExportRes.ExportDate.Day, "Unexpected ExportDate.Year in response from CertifyManager.PerformExport()");
+            Assert.AreEqual(DateTime.Now.Month, performExportRes.ExportDate.Month, "Unexpected ExportDate.Year in response from CertifyManager.PerformExport()");
+
+            // Setup import test data
+            var importReq = new ImportRequest
+            {
+                Package = performExportRes,
+                Settings = new ImportSettings { EncryptionSecret = "secret" },
+                IsPreviewMode = false,
+            };
+
+            // Get results from CertifyManager.PerformImport()
+            var performImportRes = await _certifyManager.PerformImport(importReq);
+
+            // Validate return from CertifyManager.PerformImport()
+            Assert.IsNotNull(performImportRes, "Expected response from CertifyManager.PerformImport() to not be null");
+            Assert.IsTrue(0 < performImportRes.Count, "Expected response from CertifyManager.PerformImport() to not be an empty list");
+            foreach (var step in performImportRes)
+            {
+                Assert.AreEqual("Import", step.Category, $"Unexpected Category value in step '{step.Title}' from response of CertifyManager.PerformImport()");
+                Assert.IsTrue(!string.IsNullOrEmpty(step.Title), $"Unexpected Title value in step '{step.Title}' from response of CertifyManager.PerformImport()");
+                Assert.IsTrue(!string.IsNullOrEmpty(step.Key), $"Unexpected Key value in step '{step.Title}' from response of CertifyManager.PerformImport()");
+                Assert.IsFalse(step.HasError, $"Unexpected HasError value in step '{step.Title}' from response of CertifyManager.PerformImport()");
+                Assert.IsFalse(step.HasWarning, $"Unexpected HasWarning value in step '{step.Title}' from response of CertifyManager.PerformImport()");
+            }
+        }
+    }
+}

From 51868eca6202da4d5b0863fdb663f31ebdec8dec Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Fri, 3 Nov 2023 11:44:25 -0700
Subject: [PATCH 078/237] Refactored TestCertifyManagerGetACMEProvider, moved
 to integration tests

TestCertifyManagerGetACMEProvider now creates/destroys its own ACME account, and grabs the expected Acme Base URI from definition in CertificateAuthority.CoreCertificateAuthorities
---
 .../CertifyManagerTests.cs                    | 59 ++++++++++++++-----
 1 file changed, 45 insertions(+), 14 deletions(-)
 rename src/Certify.Tests/{Certify.Core.Tests.Unit => Certify.Core.Tests.Integration}/CertifyManagerTests.cs (73%)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
similarity index 73%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
index 7d312aee0..8b9af1fb6 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
@@ -6,10 +6,10 @@
 using Certify.Service;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
-namespace Certify.Core.Tests.Unit
+namespace Certify.Core.Tests
 {
     [TestClass]
-    public class CertifyManagerTests
+    public class CertifyManagerTests : IntegrationTestBase
     {
         private readonly CertifyManager _certifyManager;
 
@@ -22,18 +22,49 @@ public CertifyManagerTests()
         [TestMethod, Description("Happy path test for using CertifyManager.GetACMEProvider()")]
         public async Task TestCertifyManagerGetACMEProvider()
         {
-            // Setup test data
+            // Setup account registration info
+            var testCaId = StandardCertAuthorities.LETS_ENCRYPT;
+            var contactRegEmail = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com";
+            var contactRegistration = new ContactRegistration
+            {
+                AgreedToTermsAndConditions = true,
+                CertificateAuthorityId = testCaId,
+                EmailAddress = contactRegEmail,
+                ImportedAccountKey = "",
+                ImportedAccountURI = "",
+                IsStaging = true
+            };
+
+            // Add new ACME account
+            var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
+
+            // Setup dummy ManagedCertificate
             var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
-            var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
+            var dummyManagedCert = new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true };
 
-            // Get results from CertifyManager.GetACMEProvider()
-            var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, caAccount);
+            // Get expected certificate authority staging URI
+            var expectedAcmeBaseUri = CertificateAuthority.CoreCertificateAuthorities.Find((c) => c.Id == testCaId).StagingAPIEndpoint;
 
-            // Validate return from CertifyManager.GetACMEProvider()
-            Assert.IsNotNull(acmeClientProvider, "Expected response from CertifyManager.GetACMEProvider() to not be null");
-            Assert.AreEqual("https://acme-staging-v02.api.letsencrypt.org/directory", acmeClientProvider.GetAcmeBaseURI());
-            Assert.AreEqual("Anvil", acmeClientProvider.GetProviderName());
+            try
+            {
+                // Get results from CertifyManager.GetACMEProvider()
+                var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, accountDetails);
+
+                // Validate return from CertifyManager.GetACMEProvider()
+                Assert.IsNotNull(acmeClientProvider, "Expected response from CertifyManager.GetACMEProvider() to not be null");
+                Assert.AreEqual(expectedAcmeBaseUri, acmeClientProvider.GetAcmeBaseURI(), "Unexpected CA Base URI in returned value from acmeClientProvider.GetAcmeBaseURI()");
+                Assert.AreEqual("Anvil", acmeClientProvider.GetProviderName(), "Unexpected Provider name in returned value from acmeClientProvider.GetProviderName()");
+                await Assert.ThrowsExceptionAsync<NotImplementedException>(async () => await acmeClientProvider.GetAcmeAccountStatus(), "Expected acmeClientProvider.GetAcmeAccountStatus() to throw NotImplementedException");
+                Assert.IsNotNull(await acmeClientProvider.GetAcmeDirectory(), "Expected acmeClientProvider.GetAcmeDirectory() to return a non-null value");
+            }
+            finally
+            {
+                // Remove created ACME account
+                var removeAccountRes = await _certifyManager.RemoveAccount(accountDetails.StorageKey, true);
+                Assert.IsTrue(removeAccountRes.IsSuccess, $"Expected account removal to be successful for {contactRegEmail}");
+            }
         }
 
         [TestMethod, Description("Test for using CertifyManager.GetACMEProvider() with a null ca account")]
@@ -41,7 +72,7 @@ public async Task TestCertifyManagerGetACMEProviderNullCaAccount()
         {
             // Setup test data
             var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true };
 
             // Get results from CertifyManager.GetACMEProvider()
             var acmeClientProvider = await _certifyManager.GetACMEProvider(dummyManagedCert, null);
@@ -55,7 +86,7 @@ public async Task TestCertifyManagerGetACMEProviderBadCaAccount()
         {
             // Setup test data
             var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true };
             var account = new AccountDetails
             {
                 AccountKey = "",
@@ -79,7 +110,7 @@ public async Task TestCertifyManagerReportProgress()
         {
             // Setup test data
             var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true };
 
             var progressState = new RequestProgressState(RequestState.Running, "Starting..", dummyManagedCert);
             var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);

From 695f585935600853804438a0d7a5f7d1fc6f6be7 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 7 Nov 2023 17:59:38 +0800
Subject: [PATCH 079/237] UI: add/convert more string resources

---
 src/Certify.Locales/SR.Designer.cs            | 110 ++--
 src/Certify.Locales/SR.es-ES.resx             | 484 +++++++++---------
 src/Certify.Locales/SR.ja-JP.resx             |   6 +-
 src/Certify.Locales/SR.nb-NO.resx             |   4 +-
 src/Certify.Locales/SR.resx                   |  22 +-
 src/Certify.Locales/SR.tr-TR.resx             |  10 +-
 src/Certify.Locales/SR.zh-Hans.resx           |   4 +-
 .../ManagedCertificate/AdvancedOptions.xaml   |   4 +-
 .../Windows/EditAccountDialog.xaml            |  10 +-
 .../Windows/EditAccountDialog.xaml.cs         |   2 +-
 .../Windows/EditCertificateAuthority.xaml     |   4 +-
 11 files changed, 354 insertions(+), 306 deletions(-)

diff --git a/src/Certify.Locales/SR.Designer.cs b/src/Certify.Locales/SR.Designer.cs
index 383805912..9076e2510 100644
--- a/src/Certify.Locales/SR.Designer.cs
+++ b/src/Certify.Locales/SR.Designer.cs
@@ -141,6 +141,51 @@ public static string AboutControl_TrialDetailLabel {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to To proceed, confirm that you agree to the current terms and conditions for this Certificate Authority..
+        /// </summary>
+        public static string Account_Edit_AgreeConditions {
+            get {
+                return ResourceManager.GetString("Account_Edit_AgreeConditions", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Yes, I Agree.
+        /// </summary>
+        public static string Account_Edit_AgreeConfirm {
+            get {
+                return ResourceManager.GetString("Account_Edit_AgreeConfirm", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to To request certificates you need to register with each of the Certificate Authorities that you want to use..
+        /// </summary>
+        public static string Account_Edit_Intro {
+            get {
+                return ResourceManager.GetString("Account_Edit_Intro", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The email address provided may be used to notify you of upcoming certificate renewals if required. Invalid email addresses will be rejected by the Certificate Authority..
+        /// </summary>
+        public static string Account_Edit_Intro2 {
+            get {
+                return ResourceManager.GetString("Account_Edit_Intro2", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Edit ACME Account.
+        /// </summary>
+        public static string Account_Edit_SectionTitle {
+            get {
+                return ResourceManager.GetString("Account_Edit_SectionTitle", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Advanced.
         /// </summary>
@@ -294,6 +339,24 @@ public static string DiscardChanges {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to (Url for the production directory endpoint).
+        /// </summary>
+        public static string EditCertificateAuthority_ProductionDirectoryHelp {
+            get {
+                return ResourceManager.GetString("EditCertificateAuthority_ProductionDirectoryHelp", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to (Display Name for the Certificate Authority).
+        /// </summary>
+        public static string EditCertificateAuthority_TitleHelp {
+            get {
+                return ResourceManager.GetString("EditCertificateAuthority_TitleHelp", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Email Address.
         /// </summary>
@@ -529,7 +592,7 @@ public static string MainWindow_KeyExpired {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to This will renew certificates for all auto-renewed items. Proceed?.
+        ///   Looks up a localized string similar to This will renew certificates for all auto-renewed items, if applicable. Proceed?.
         /// </summary>
         public static string MainWindow_RenewAllConfirm {
             get {
@@ -582,6 +645,15 @@ public static string Managed_Sites {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Use Staging Mode (Test Certificates).
+        /// </summary>
+        public static string ManagedCertificate_CertificateAuthority_UseTestCertificates {
+            get {
+                return ResourceManager.GetString("ManagedCertificate_CertificateAuthority_UseTestCertificates", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to   Deployment of your certificate can be automatic or you can perform your own deployment tasks (see the Tasks tab)..
         /// </summary>
@@ -1268,33 +1340,6 @@ public static string New_Contact_EmailError {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to To proceed, confirm that you agree to the current terms and conditions for this Certificate Authority..
-        /// </summary>
-        public static string New_Contact_NeedAgree {
-            get {
-                return ResourceManager.GetString("New_Contact_NeedAgree", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to To request certificates you need to register with each of the Certificate Authorities that you want to use..
-        /// </summary>
-        public static string New_Contact_Tip1 {
-            get {
-                return ResourceManager.GetString("New_Contact_Tip1", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The email address provided may be used to notify you of upcoming certificate renewals if required. Invalid email addresses will be rejected by the Certificate Authority..
-        /// </summary>
-        public static string New_Contact_Tip2 {
-            get {
-                return ResourceManager.GetString("New_Contact_Tip2", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to OK.
         /// </summary>
@@ -1807,14 +1852,5 @@ public static string ValidateKey {
                 return ResourceManager.GetString("ValidateKey", resourceCulture);
             }
         }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to Yes, I Agree.
-        /// </summary>
-        public static string Yes_I_Agree {
-            get {
-                return ResourceManager.GetString("Yes_I_Agree", resourceCulture);
-            }
-        }
     }
 }
diff --git a/src/Certify.Locales/SR.es-ES.resx b/src/Certify.Locales/SR.es-ES.resx
index 39fb39652..7594fa083 100644
--- a/src/Certify.Locales/SR.es-ES.resx
+++ b/src/Certify.Locales/SR.es-ES.resx
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <root>
-	<!-- 
+  <!-- 
     Microsoft ResX Schema 
     
     Version 2.0
@@ -59,609 +59,609 @@
             : using a System.ComponentModel.TypeConverter
             : and then encoded with base64 encoding.
     -->
-	<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
-		<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
-		<xsd:element name="root" msdata:IsDataSet="true">
-			<xsd:complexType>
-				<xsd:choice maxOccurs="unbounded">
-					<xsd:element name="metadata">
-						<xsd:complexType>
-							<xsd:sequence>
-								<xsd:element name="value" type="xsd:string" minOccurs="0" />
-							</xsd:sequence>
-							<xsd:attribute name="name" use="required" type="xsd:string" />
-							<xsd:attribute name="type" type="xsd:string" />
-							<xsd:attribute name="mimetype" type="xsd:string" />
-							<xsd:attribute ref="xml:space" />
-						</xsd:complexType>
-					</xsd:element>
-					<xsd:element name="assembly">
-						<xsd:complexType>
-							<xsd:attribute name="alias" type="xsd:string" />
-							<xsd:attribute name="name" type="xsd:string" />
-						</xsd:complexType>
-					</xsd:element>
-					<xsd:element name="data">
-						<xsd:complexType>
-							<xsd:sequence>
-								<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-								<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
-							</xsd:sequence>
-							<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
-							<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
-							<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
-							<xsd:attribute ref="xml:space" />
-						</xsd:complexType>
-					</xsd:element>
-					<xsd:element name="resheader">
-						<xsd:complexType>
-							<xsd:sequence>
-								<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-							</xsd:sequence>
-							<xsd:attribute name="name" type="xsd:string" use="required" />
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:choice>
-			</xsd:complexType>
-		</xsd:element>
-	</xsd:schema>
-	<resheader name="resmimetype">
-		<value>text/microsoft-resx</value>
-	</resheader>
-	<resheader name="version">
-		<value>2.0</value>
-	</resheader>
-	<resheader name="reader">
-		<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-	</resheader>
-	<resheader name="writer">
-		<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-	</resheader>
-	<data name="Registration" xml:space="preserve">
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Registration" xml:space="preserve">
     <value>Registro</value>
   </data>
-	<data name="RegistrationEmailAddress" xml:space="preserve">
+  <data name="RegistrationEmailAddress" xml:space="preserve">
     <value>Correo electrónico Registrado</value>
   </data>
-	<data name="LicenseKey" xml:space="preserve">
+  <data name="LicenseKey" xml:space="preserve">
     <value>Clave de Licencia</value>
   </data>
-	<data name="Cancel" xml:space="preserve">
+  <data name="Cancel" xml:space="preserve">
     <value>Cancelar</value>
   </data>
-	<data name="ValidateKey" xml:space="preserve">
+  <data name="ValidateKey" xml:space="preserve">
     <value>Validar Clave</value>
   </data>
-	<data name="New_Certificate" xml:space="preserve">
+  <data name="New_Certificate" xml:space="preserve">
     <value>Nuevo certificado</value>
   </data>
-	<data name="Renew_All" xml:space="preserve">
+  <data name="Renew_All" xml:space="preserve">
     <value>Renovar todo</value>
   </data>
-	<data name="Configure_Auto_Renew" xml:space="preserve">
+  <data name="Configure_Auto_Renew" xml:space="preserve">
     <value>Configurar renovación automática</value>
   </data>
-	<data name="Update_Available" xml:space="preserve">
+  <data name="Update_Available" xml:space="preserve">
     <value>Actualización disponible</value>
   </data>
-	<data name="Managed_Sites" xml:space="preserve">
+  <data name="Managed_Sites" xml:space="preserve">
     <value>Sitios</value>
   </data>
-	<data name="In_Progress" xml:space="preserve">
+  <data name="In_Progress" xml:space="preserve">
     <value>En Progreso</value>
   </data>
-	<data name="Settings" xml:space="preserve">
+  <data name="Settings" xml:space="preserve">
     <value>Configuración</value>
   </data>
-	<data name="About" xml:space="preserve">
+  <data name="About" xml:space="preserve">
     <value>Acerca de</value>
   </data>
-	<data name="Email_Address" xml:space="preserve">
+  <data name="Email_Address" xml:space="preserve">
     <value>Correo electrónico</value>
   </data>
-	<data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>Sí, estoy de acuerdo</value>
   </data>
-	<data name="Register_Contact" xml:space="preserve">
+  <data name="Register_Contact" xml:space="preserve">
     <value>Registrar Contacto</value>
   </data>
-	<data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>La dirección de correo electrónico provista se puede ser utilizada para notificarle acerca de la próxima renovación de certificados si es necesario. Las direcciones de correo electrónico inválidas serán rechazadas por la Autoridad de Certificación.</value>
   </data>
-	<data name="Send_Feedback" xml:space="preserve">
+  <data name="Send_Feedback" xml:space="preserve">
     <value>Enviar comentarios</value>
   </data>
-	<data name="Send_Feedback_Tip" xml:space="preserve">
+  <data name="Send_Feedback_Tip" xml:space="preserve">
     <value>Tu opinión es importante para nosotros. Por favor, déjanos saber cómo podemos mejorar.</value>
   </data>
-	<data name="Send_Feedback_Quest" xml:space="preserve">
+  <data name="Send_Feedback_Quest" xml:space="preserve">
     <value>¿Tienes alguna sugerencia?</value>
   </data>
-	<data name="Send_Feedback_Email" xml:space="preserve">
+  <data name="Send_Feedback_Email" xml:space="preserve">
     <value>Su correo electrónico (si desea una respuesta):</value>
   </data>
-	<data name="Send" xml:space="preserve">
+  <data name="Send" xml:space="preserve">
     <value>Enviar</value>
   </data>
-	<data name="ImportDlg_Title" xml:space="preserve">
+  <data name="ImportDlg_Title" xml:space="preserve">
     <value>Certify - Importar</value>
   </data>
-	<data name="ImportDlg_OpTitle" xml:space="preserve">
+  <data name="ImportDlg_OpTitle" xml:space="preserve">
     <value>Importar Sitios Administrados</value>
   </data>
-	<data name="ImportDlg_OpComment" xml:space="preserve">
+  <data name="ImportDlg_OpComment" xml:space="preserve">
     <value>Está actualizando desde una versión anterior de Certify. Esto creará nuevos Sitios Administrados que luego puede editar para ajustar la configuración de renovación, etc.</value>
   </data>
-	<data name="ImportDlg_Merge" xml:space="preserve">
+  <data name="ImportDlg_Merge" xml:space="preserve">
     <value>Combinar múltiples dominios/certificados por sitio en un Sitio Administrado</value>
   </data>
-	<data name="Import" xml:space="preserve">
+  <data name="Import" xml:space="preserve">
     <value>Importar</value>
   </data>
-	<data name="ImportDlg_Skip" xml:space="preserve">
+  <data name="ImportDlg_Skip" xml:space="preserve">
     <value>Omitir Importar</value>
   </data>
-	<data name="Send_Feedback_Exception" xml:space="preserve">
+  <data name="Send_Feedback_Exception" xml:space="preserve">
     <value>¡Huy! Algo salió mal. Por favor cuéntanos más detalles al respecto.</value>
   </data>
-	<data name="Info" xml:space="preserve">
+  <data name="Info" xml:space="preserve">
     <value>Información</value>
   </data>
-	<data name="Comments" xml:space="preserve">
+  <data name="Comments" xml:space="preserve">
     <value>Comentarios:</value>
   </data>
-	<data name="ManagedCertificateSettings_HookUrl" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookUrl" xml:space="preserve">
     <value>Url:</value>
   </data>
-	<data name="ManagedCertificateSettings_HookMethod" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookMethod" xml:space="preserve">
     <value>Método:</value>
   </data>
-	<data name="ManagedCertificateSettings_HookBody" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookBody" xml:space="preserve">
     <value>Cuerpo:</value>
   </data>
-	<data name="ManagedCertificateSettings_HookContentType" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookContentType" xml:space="preserve">
     <value>ContentType:</value>
   </data>
-	<data name="ManagedCertificateSettings_RevokeCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_RevokeCertificate" xml:space="preserve">
     <value>Revocar Certificado</value>
   </data>
-	<data name="MainWindow_TitleTrialPostfix" xml:space="preserve">
+  <data name="MainWindow_TitleTrialPostfix" xml:space="preserve">
     <value>[Edición de la comunidad] </value>
   </data>
-	<data name="ManagedCertificateSettings_Certificate_Revoked" xml:space="preserve">
+  <data name="ManagedCertificateSettings_Certificate_Revoked" xml:space="preserve">
     <value>Certificado Revocado.</value>
   </data>
-	<data name="Alert" xml:space="preserve">
+  <data name="Alert" xml:space="preserve">
     <value>Alerta</value>
   </data>
-	<data name="Error" xml:space="preserve">
+  <data name="Error" xml:space="preserve">
     <value>Error</value>
   </data>
-	<data name="OK" xml:space="preserve">
+  <data name="OK" xml:space="preserve">
     <value>OK</value>
   </data>
-	<data name="Password" xml:space="preserve">
+  <data name="Password" xml:space="preserve">
     <value>Contraseña</value>
   </data>
-	<data name="Send_Feedback_Success" xml:space="preserve">
+  <data name="Send_Feedback_Success" xml:space="preserve">
     <value>Gracias, tus comentarios han sido enviados.</value>
   </data>
-	<data name="Send_Feedback_Error" xml:space="preserve">
+  <data name="Send_Feedback_Error" xml:space="preserve">
     <value>Lo sentimos, hubo un problema al enviar sus comentarios.</value>
   </data>
-	<data name="Registration_NeedEmail" xml:space="preserve">
+  <data name="Registration_NeedEmail" xml:space="preserve">
     <value>Ingrese el correo electrónico que utilizó al registrar su clave.</value>
   </data>
-	<data name="Registration_NeedKey" xml:space="preserve">
+  <data name="Registration_NeedKey" xml:space="preserve">
     <value>Por favor, introduzca su clave de licencia.</value>
   </data>
-	<data name="Registration_KeyValidationError" xml:space="preserve">
+  <data name="Registration_KeyValidationError" xml:space="preserve">
     <value>Hubo un problema al tratar de validar su clave de licencia. Por favor intente de nuevo o contáctenos.</value>
   </data>
-	<data name="Registration_UnableToVerify" xml:space="preserve">
+  <data name="Registration_UnableToVerify" xml:space="preserve">
     <value>Hubo un problema al comenzar el proceso de validación de la licencia.</value>
   </data>
-	<data name="ScheduledTaskConfig_AlreadyConfiged" xml:space="preserve">
+  <data name="ScheduledTaskConfig_AlreadyConfiged" xml:space="preserve">
     <value>La tarea de renovación automática ya está configurada. Si es necesario, puede cambiar la cuenta de usuario de administrador utilizada para ejecutar la tarea.</value>
   </data>
-	<data name="ScheduledTaskConfig_FailedToCreateTask" xml:space="preserve">
+  <data name="ScheduledTaskConfig_FailedToCreateTask" xml:space="preserve">
     <value>Error al crear la tarea programada con las credenciales suministradas</value>
   </data>
-	<data name="ScheduledTaskConfig_TaskCreated" xml:space="preserve">
+  <data name="ScheduledTaskConfig_TaskCreated" xml:space="preserve">
     <value>Tarea programada creada</value>
   </data>
-	<data name="ScheduledTaskConfig_PleaseProvideCredential" xml:space="preserve">
+  <data name="ScheduledTaskConfig_PleaseProvideCredential" xml:space="preserve">
     <value>Proporcione el nombre de usuario y la contraseña para un usuario de nivel de administrador.</value>
   </data>
-	<data name="ScheduledTaskConfig_WindowTitle" xml:space="preserve">
+  <data name="ScheduledTaskConfig_WindowTitle" xml:space="preserve">
     <value>Configurar la renovación automática</value>
   </data>
-	<data name="ScheduledTaskConfig_UserNameLabel" xml:space="preserve">
+  <data name="ScheduledTaskConfig_UserNameLabel" xml:space="preserve">
     <value>Usuario (DOMINIO\Usuario)</value>
   </data>
-	<data name="ScheduledTaskConfig_Tip" xml:space="preserve">
+  <data name="ScheduledTaskConfig_Tip" xml:space="preserve">
     <value>Para realizar la renovación automática de certificados, Certify creará una tarea en el Programador de Tareas de Windows. Esta tarea debe ejecutarse como un usuario de nivel de Administrador para realizar tareas de administración de certificados y administración de IIS.</value>
   </data>
-	<data name="AboutControl_TrialDetailLabel" xml:space="preserve">
+  <data name="AboutControl_TrialDetailLabel" xml:space="preserve">
     <value>Esta versión es gratuita para evaluación y gestionará un número limitado de certificados. Para eliminar esta limitación, compre una clave de registro en https://certifytheweb.com/register. Los usuarios registrados pueden obtener asistencia enviando un correo electrónico a support@certifytheweb.com </value>
   </data>
-	<data name="AboutControl_RegistrationTypeLabel" xml:space="preserve">
+  <data name="AboutControl_RegistrationTypeLabel" xml:space="preserve">
     <value>No Registrado</value>
   </data>
-	<data name="AboutControl_CheckForUpdateButton" xml:space="preserve">
+  <data name="AboutControl_CheckForUpdateButton" xml:space="preserve">
     <value>Buscar actualizaciones...</value>
   </data>
-	<data name="AboutControl_Register" xml:space="preserve">
+  <data name="AboutControl_Register" xml:space="preserve">
     <value>Registrar</value>
   </data>
-	<data name="AboutControl_EnterKey" xml:space="preserve">
+  <data name="AboutControl_EnterKey" xml:space="preserve">
     <value>Introducir clave...</value>
   </data>
-	<data name="AboutControl_Support" xml:space="preserve">
+  <data name="AboutControl_Support" xml:space="preserve">
     <value>Soporte</value>
   </data>
-	<data name="AboutControl_SendFeedback" xml:space="preserve">
+  <data name="AboutControl_SendFeedback" xml:space="preserve">
     <value>Enviar Comentarios</value>
   </data>
-	<data name="UpdateCheckLatestVersion" xml:space="preserve">
+  <data name="UpdateCheckLatestVersion" xml:space="preserve">
     <value>Estás usando la última versión.</value>
   </data>
-	<data name="ManagedCertificates_Filter" xml:space="preserve">
+  <data name="ManagedCertificates_Filter" xml:space="preserve">
     <value>Filtrar...</value>
   </data>
-	<data name="ManagedCertificates_NoItemSelectedTip" xml:space="preserve">
+  <data name="ManagedCertificates_NoItemSelectedTip" xml:space="preserve">
     <value>Seleccione un Sitio Administrado o seleccione Nuevo certificado para comenzar.</value>
   </data>
-	<data name="ManagedCertificates_UnsavedWarning" xml:space="preserve">
+  <data name="ManagedCertificates_UnsavedWarning" xml:space="preserve">
     <value>Hay cambios no guardados en el sitio seleccionado. ¿Descartar los cambios?</value>
   </data>
-	<data name="ProgressMonitor_NoProgress" xml:space="preserve">
+  <data name="ProgressMonitor_NoProgress" xml:space="preserve">
     <value>No hay solicitudes actualmente en curso.</value>
   </data>
-	<data name="Settings_PrimaryContact" xml:space="preserve">
+  <data name="Settings_PrimaryContact" xml:space="preserve">
     <value>Contacto Principal:</value>
   </data>
-	<data name="Settings_AutoRenewalInterval" xml:space="preserve">
+  <data name="Settings_AutoRenewalInterval" xml:space="preserve">
     <value>Intervalo de renovación automática (días)</value>
   </data>
-	<data name="ExpiryDateConverter_CertificateExpiresIn" xml:space="preserve">
+  <data name="ExpiryDateConverter_CertificateExpiresIn" xml:space="preserve">
     <value>Caduca en {0} días</value>
   </data>
-	<data name="ExpiryDateConverter_NoCurrentCertificate" xml:space="preserve">
+  <data name="ExpiryDateConverter_NoCurrentCertificate" xml:space="preserve">
     <value>Sin certificado actual.</value>
   </data>
-	<data name="ManagedCertificateSettings_CertificatePathEmpty" xml:space="preserve">
+  <data name="ManagedCertificateSettings_CertificatePathEmpty" xml:space="preserve">
     <value>Ruta del certificado: [establecer]</value>
   </data>
-	<data name="ManagedCertificateSettings_HookTrigger" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookTrigger" xml:space="preserve">
     <value>Trigger de Webhook:</value>
   </data>
-	<data name="ManagedCertificateSettings_UseSpecificBinding" xml:space="preserve">
+  <data name="ManagedCertificateSettings_UseSpecificBinding" xml:space="preserve">
     <value>Usar enlaces de IP/Puerto específicos</value>
   </data>
-	<data name="ManagedCertificateSettings_AutoUpdateBinding" xml:space="preserve">
+  <data name="ManagedCertificateSettings_AutoUpdateBinding" xml:space="preserve">
     <value>Creación/ ctualización automática de enlaces de IIS (utiliza SNI)</value>
   </data>
-	<data name="ManagedCertificateSettings_PostRequestScript" xml:space="preserve">
+  <data name="ManagedCertificateSettings_PostRequestScript" xml:space="preserve">
     <value>Post-solicitud PS Script:</value>
   </data>
-	<data name="About_LanguageTranslator" xml:space="preserve">
+  <data name="About_LanguageTranslator" xml:space="preserve">
     <value>Traductor de idiomas actual:</value>
   </data>
-	<data name="LanguageAuthor" xml:space="preserve">
+  <data name="LanguageAuthor" xml:space="preserve">
     <value>Colaboradores de Certify Certificate Manager https://certifytheweb.com</value>
   </data>
-	<data name="MainWindow_VisitDownloadPage" xml:space="preserve">
+  <data name="MainWindow_VisitDownloadPage" xml:space="preserve">
     <value>¿Desea visitar la página de descarga ahora?</value>
   </data>
-	<data name="ManagedCertificateSettings_RevokeCertificateError" xml:space="preserve">
+  <data name="ManagedCertificateSettings_RevokeCertificateError" xml:space="preserve">
     <value>Error al Revocar Certificado: {0}</value>
   </data>
-	<data name="ManagedCertificateSettings_ConfirmRevokeCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ConfirmRevokeCertificate" xml:space="preserve">
     <value>¿Está seguro de que desea revocar este certificado?</value>
   </data>
-	<data name="MainWindow_TrialLimitationReached" xml:space="preserve">
+  <data name="MainWindow_TrialLimitationReached" xml:space="preserve">
     <value>Estás usando la versión de prueba de esta aplicación. Por favor, compre una clave de registro para actualizar. Vea la opción Registrar en la pestaña Acerca de.</value>
   </data>
-	<data name="MainWindow_RenewAllConfirm" xml:space="preserve">
+  <data name="MainWindow_RenewAllConfirm" xml:space="preserve">
     <value>Esto renovará los certificados para todos los elementos de auto-renovación. ¿Proceder?</value>
   </data>
-	<data name="MainWindow_IISNotAvailable" xml:space="preserve">
+  <data name="MainWindow_IISNotAvailable" xml:space="preserve">
     <value>No se detectó IIS en este servidor, una serie de características importantes no estarán disponible. Si IIS está instalado y ejecutándose en este servidor, informe este error a support@certifytheweb.com proporcionando detalles de la versión del sistema operativo del servidor y las versiones de IIS.</value>
   </data>
-	<data name="MainWindow_GetStartGuideWithNewCert" xml:space="preserve">
+  <data name="MainWindow_GetStartGuideWithNewCert" xml:space="preserve">
     <value>Comience registrando un nuevo contacto, luego puede comenzar a solicitar certificados.</value>
   </data>
-	<data name="Settings_AutoRenewalRequestLimit" xml:space="preserve">
+  <data name="Settings_AutoRenewalRequestLimit" xml:space="preserve">
     <value>Número máximo de solicitudes de renovación automática por sesión (0 = Ilimitado)</value>
   </data>
-	<data name="Settings_CheckUpdates" xml:space="preserve">
+  <data name="Settings_CheckUpdates" xml:space="preserve">
     <value>Buscar actualizaciones automáticamente</value>
   </data>
-	<data name="Browser" xml:space="preserve">
+  <data name="Browser" xml:space="preserve">
     <value>...</value>
   </data>
-	<data name="Delete" xml:space="preserve">
+  <data name="Delete" xml:space="preserve">
     <value>Eliminar</value>
   </data>
-	<data name="Save" xml:space="preserve">
+  <data name="Save" xml:space="preserve">
     <value>Guardar</value>
   </data>
-	<data name="SaveChanges" xml:space="preserve">
+  <data name="SaveChanges" xml:space="preserve">
     <value>Guardar Cambios</value>
   </data>
-	<data name="Settings_EnableTelemetry" xml:space="preserve">
+  <data name="Settings_EnableTelemetry" xml:space="preserve">
     <value>Habilitar la aplicación de telemetría (informes de uso de características)</value>
   </data>
-	<data name="Settings_EnableProxyApiForDomainConfig" xml:space="preserve">
+  <data name="Settings_EnableProxyApiForDomainConfig" xml:space="preserve">
     <value>Habilitar proxy API para las comprobaciones de configuración de dominio</value>
   </data>
-	<data name="succeed" xml:space="preserve">
+  <data name="succeed" xml:space="preserve">
     <value>exitoso</value>
   </data>
-	<data name="failed" xml:space="preserve">
+  <data name="failed" xml:space="preserve">
     <value>fallido</value>
   </data>
-	<data name="ManagedCertificateSettings_WebhookTest" xml:space="preserve">
+  <data name="ManagedCertificateSettings_WebhookTest" xml:space="preserve">
     <value>Prueba de Webhook</value>
   </data>
-	<data name="ManagedCertificateSettings_ViewCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ViewCertificate" xml:space="preserve">
     <value>Ver Certificado</value>
   </data>
-	<data name="SaveError" xml:space="preserve">
+  <data name="SaveError" xml:space="preserve">
     <value>Error al Guardar</value>
   </data>
-	<data name="Settings_EnableEFS" xml:space="preserve">
+  <data name="Settings_EnableEFS" xml:space="preserve">
     <value>Habilite el Sistema de Cifrados de Archivos (EFS) para archivos confidenciales. Esta opción no funciona en todas las versiones de Windows.</value>
   </data>
-	<data name="Settings_IgnoreStoppedSites" xml:space="preserve">
+  <data name="Settings_IgnoreStoppedSites" xml:space="preserve">
     <value>Ignorar sitios IIS detenidos para nuevos certificados y renovaciones</value>
   </data>
-	<data name="Settings_EnableDnsValidation" xml:space="preserve">
+  <data name="Settings_EnableDnsValidation" xml:space="preserve">
     <value>Habilitar comprobaciones de validación de DNS (Resolution, CAA, DNSSEC)</value>
   </data>
-	<data name="DiscardChanges" xml:space="preserve">
+  <data name="DiscardChanges" xml:space="preserve">
     <value>Descartar Cambios</value>
   </data>
-	<data name="ManagedCertificateSettings_RequestCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_RequestCertificate" xml:space="preserve">
     <value>Solicitar Certificado</value>
   </data>
-	<data name="ManagedCertificateSettings_EnableAutoRenewal" xml:space="preserve">
+  <data name="ManagedCertificateSettings_EnableAutoRenewal" xml:space="preserve">
     <value>Habilitar renovación automática</value>
   </data>
-	<data name="ManagedCertificateSettings_NotifyPrimaryContactOnRenewalFailure" xml:space="preserve">
+  <data name="ManagedCertificateSettings_NotifyPrimaryContactOnRenewalFailure" xml:space="preserve">
     <value>Notificar al contacto principal sobre la falla de renovación</value>
   </data>
-	<data name="ManagedCertificateSettings_Tab_Options" xml:space="preserve">
+  <data name="ManagedCertificateSettings_Tab_Options" xml:space="preserve">
     <value>Opciones</value>
   </data>
-	<data name="ManagedCertificateSettings_SelectWebsite" xml:space="preserve">
+  <data name="ManagedCertificateSettings_SelectWebsite" xml:space="preserve">
     <value>Seleccione el sitio IIS:</value>
   </data>
-	<data name="ManagedCertificateSettings_DisplayName" xml:space="preserve">
+  <data name="ManagedCertificateSettings_DisplayName" xml:space="preserve">
     <value>Nombre para mostrar:</value>
   </data>
-	<data name="ManagedCertificateSettings_DomainIncluded" xml:space="preserve">
+  <data name="ManagedCertificateSettings_DomainIncluded" xml:space="preserve">
     <value>Los siguientes dominios seleccionados se incluirán como una única solicitud de certificado. El servicio Let's Encrypt debe poder acceder a todos estos dominios a través del puerto 80 (para desafíos HTTP) o el puerto 443 (para desafíos TLS-SNI) para que el proceso de certificación funcione.</value>
   </data>
-	<data name="ManagedCertificateSettings_SelectDomain" xml:space="preserve">
+  <data name="ManagedCertificateSettings_SelectDomain" xml:space="preserve">
     <value>Dominios y subdominios para incluir:</value>
   </data>
-	<data name="SelectAll" xml:space="preserve">
+  <data name="SelectAll" xml:space="preserve">
     <value>Seleccionar todo</value>
   </data>
-	<data name="ManagedCertificateSettings_SelectNone" xml:space="preserve">
+  <data name="ManagedCertificateSettings_SelectNone" xml:space="preserve">
     <value>Quitar Selección</value>
   </data>
-	<data name="ManagedCertificateSettings_Primary" xml:space="preserve">
+  <data name="ManagedCertificateSettings_Primary" xml:space="preserve">
     <value>Primario</value>
   </data>
-	<data name="ManagedCertificateSettings_Include" xml:space="preserve">
+  <data name="ManagedCertificateSettings_Include" xml:space="preserve">
     <value>Incluir</value>
   </data>
-	<data name="ManagedCertificateSettings_Domain" xml:space="preserve">
+  <data name="ManagedCertificateSettings_Domain" xml:space="preserve">
     <value>Dominio</value>
   </data>
-	<data name="Advanced" xml:space="preserve">
+  <data name="Advanced" xml:space="preserve">
     <value>Avanzado</value>
   </data>
-	<data name="ManagedCertificateSettings_ChallengeTypes" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ChallengeTypes" xml:space="preserve">
     <value>Tipo de desafío:</value>
   </data>
-	<data name="ManagedCertificateSettings_WebsiteRoot" xml:space="preserve">
+  <data name="ManagedCertificateSettings_WebsiteRoot" xml:space="preserve">
     <value>Directorio raíz del sitio web</value>
   </data>
-	<data name="ManagedCertificateSettings_BrowseFolder" xml:space="preserve">
+  <data name="ManagedCertificateSettings_BrowseFolder" xml:space="preserve">
     <value>...</value>
   </data>
-	<data name="ManagedCertificateSettings_PerformChallengeResponseConfigCheck" xml:space="preserve">
+  <data name="ManagedCertificateSettings_PerformChallengeResponseConfigCheck" xml:space="preserve">
     <value>Realizar comprobaciones de configuración de respuesta de desafío</value>
   </data>
-	<data name="ManagedCertificateSettings_PerformWebAppAutoConfig" xml:space="preserve">
+  <data name="ManagedCertificateSettings_PerformWebAppAutoConfig" xml:space="preserve">
     <value>Realizar la configuración automática de la aplicación web</value>
   </data>
-	<data name="ManagedCertificateSettings_BindIP" xml:space="preserve">
+  <data name="ManagedCertificateSettings_BindIP" xml:space="preserve">
     <value>Enlace a IP específico:</value>
   </data>
-	<data name="ManagedCertificateSettings_BindPort" xml:space="preserve">
+  <data name="ManagedCertificateSettings_BindPort" xml:space="preserve">
     <value>Enlace al puerto específico:</value>
   </data>
-	<data name="ManagedCertificateSettings_UseSNI" xml:space="preserve">
+  <data name="ManagedCertificateSettings_UseSNI" xml:space="preserve">
     <value>Usar SNI (IIS 8+):</value>
   </data>
-	<data name="ManagedCertificateSettings_PerRequsetScript" xml:space="preserve">
+  <data name="ManagedCertificateSettings_PerRequsetScript" xml:space="preserve">
     <value>Pre-solicitud PS Script:</value>
   </data>
-	<data name="Test" xml:space="preserve">
+  <data name="Test" xml:space="preserve">
     <value>Prueba</value>
   </data>
-	<data name="ManagedCertificateSettings_ExportTip" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ExportTip" xml:space="preserve">
     <value>Nota: Para exportar este certificado, use la opción Administrar Certificados en Windows.</value>
   </data>
-	<data name="ManagedCertificateSettings_OpenLogFile" xml:space="preserve">
+  <data name="ManagedCertificateSettings_OpenLogFile" xml:space="preserve">
     <value>brir archivo de registro</value>
   </data>
-	<data name="ManagedCertificateSettings_CertificateRevokeWarning" xml:space="preserve">
+  <data name="ManagedCertificateSettings_CertificateRevokeWarning" xml:space="preserve">
     <value>ADVERTENCIA: este certificado ha sido revocado.</value>
   </data>
-	<data name="ManagedCertificateSettings_SelectWebsiteOrCert" xml:space="preserve">
+  <data name="ManagedCertificateSettings_SelectWebsiteOrCert" xml:space="preserve">
     <value>Seleccione el sitio web para crear un certificado</value>
   </data>
-	<data name="ManagedCertificateSettings_NameRequired" xml:space="preserve">
+  <data name="ManagedCertificateSettings_NameRequired" xml:space="preserve">
     <value>Se requiere un nombre para este elemento.</value>
   </data>
-	<data name="ManagedCertificateSettings_NeedPrimaryDomain" xml:space="preserve">
+  <data name="ManagedCertificateSettings_NeedPrimaryDomain" xml:space="preserve">
     <value>Se debe incluir un Dominio Principal</value>
   </data>
-	<data name="ManagedCertificateSettings_ChallengeNotAvailable" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ChallengeNotAvailable" xml:space="preserve">
     <value>El desafío {0} solo está disponible para las versiones de IIS 8+.</value>
   </data>
-	<data name="ManagedCertificateSettings_HookMustBeValidUrl" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookMustBeValidUrl" xml:space="preserve">
     <value>La URL para el webhook debe establecerse en una URL válida.</value>
   </data>
-	<data name="ManagedCertificateSettings_HookMethodMustBeSet" xml:space="preserve">
+  <data name="ManagedCertificateSettings_HookMethodMustBeSet" xml:space="preserve">
     <value>El Método para el webhook debe estar configurado.</value>
   </data>
-	<data name="ManagedCertificateSettings_NoChanges" xml:space="preserve">
+  <data name="ManagedCertificateSettings_NoChanges" xml:space="preserve">
     <value>No se realizaron cambios, omitiendo guardar</value>
   </data>
-	<data name="ConfirmDelete" xml:space="preserve">
+  <data name="ConfirmDelete" xml:space="preserve">
     <value>Confirmar eliminación</value>
   </data>
-	<data name="ManagedCertificateSettings_ConfirmDelete" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ConfirmDelete" xml:space="preserve">
     <value>¿Seguro que quieres eliminar este elemento? Eliminalo no afectará la configuración de IIS, etc.</value>
   </data>
-	<data name="ManagedCertificateSettings_LogNotCreated" xml:space="preserve">
+  <data name="ManagedCertificateSettings_LogNotCreated" xml:space="preserve">
     <value>El archivo de registro para este elemento no ha sido creado todavía.</value>
   </data>
-	<data name="ManagedCertificateSettings_CertificateNotReady" xml:space="preserve">
+  <data name="ManagedCertificateSettings_CertificateNotReady" xml:space="preserve">
     <value>El archivo de certificado para este elemento no ha sido creado todavía.</value>
   </data>
-	<data name="ChallengeError" xml:space="preserve">
+  <data name="ChallengeError" xml:space="preserve">
     <value>Error de Desafío</value>
   </data>
-	<data name="ManagedCertificateSettings_CannotChallengeWithoutIIS" xml:space="preserve">
+  <data name="ManagedCertificateSettings_CannotChallengeWithoutIIS" xml:space="preserve">
     <value>No se pueden verificar los desafíos si el IIS no está disponible.</value>
   </data>
-	<data name="Challenge" xml:space="preserve">
+  <data name="Challenge" xml:space="preserve">
     <value>Desafío</value>
   </data>
-	<data name="ManagedCertificateSettings_ConfigurationCheckOk" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ConfigurationCheckOk" xml:space="preserve">
     <value>Configuración comprobada OK</value>
   </data>
-	<data name="ManagedCertificateSettings_ConfigurationCheckFailed" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ConfigurationCheckFailed" xml:space="preserve">
     <value>Error de comprobación de configuración:
 {0}</value>
   </data>
-	<data name="ManagedCertificateSettings_ChallengeTestFailed" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ChallengeTestFailed" xml:space="preserve">
     <value>Prueba de Desafío Fallida</value>
   </data>
-	<data name="ManagedCertificateSettings_WebhookTestFailed" xml:space="preserve">
+  <data name="ManagedCertificateSettings_WebhookTestFailed" xml:space="preserve">
     <value>Prueba de Webhook Fallida</value>
   </data>
-	<data name="ManagedCertificateSettings_WebhookRequestResult" xml:space="preserve">
+  <data name="ManagedCertificateSettings_WebhookRequestResult" xml:space="preserve">
     <value>Solicitud de Webhook {0}: HTTP {1}</value>
   </data>
-	<data name="ManagedCertificateSettings_WebhookRequestError" xml:space="preserve">
+  <data name="ManagedCertificateSettings_WebhookRequestError" xml:space="preserve">
     <value>Error de solicitud de Webhook: {0}</value>
   </data>
-	<data name="New_Contact_Tip1" xml:space="preserve">
+  <data name="Account_Edit_Intro" xml:space="preserve">
 		<value>Para solicitar certificados, debe registrarse en cada una de las Autoridades de certificación que desee utilizar. </value>
 	</data>
-	<data name="New_Contact_EmailError" xml:space="preserve">
+  <data name="New_Contact_EmailError" xml:space="preserve">
 		<value>Hubo un problema al registrarse con la Autoridad de Certificación utilizando este correo electrónico. Verifique que el correo electrónico sea válido y que esta computadora tenga una conexión abierta a Internet (se requiere https saliente para las llamadas API). </value>
 	</data>
-	<data name="New_Contact_NeedAgree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConditions" xml:space="preserve">
 		<value>Para continuar, confirme que acepta los términos y condiciones actuales de esta Autoridad de Certificación. </value>
 	</data>
-	<data name="ManagedCertificateSettings_NoHostNameBindingWarning" xml:space="preserve">
+  <data name="ManagedCertificateSettings_NoHostNameBindingWarning" xml:space="preserve">
 		<value>Se requiere al menos un nombre de host completo (por ejemplo, 'github.com') o comodín (por ejemplo, '*.github.com) para crear un certificado. </value>
 	</data>
-	<data name="General_Loading" xml:space="preserve">
+  <data name="General_Loading" xml:space="preserve">
 		<value>Cargando...</value>
 	</data>
-	<data name="Update_MandatoryUpdateQuit" xml:space="preserve">
+  <data name="Update_MandatoryUpdateQuit" xml:space="preserve">
 		<value>La versión actual de la aplicación ya no es compatible. Por favor actualize para continuar.</value>
 	</data>
-	<data name="ManagedCertificateSettings_BindingNote" xml:space="preserve">
+  <data name="ManagedCertificateSettings_BindingNote" xml:space="preserve">
 		<value>Nota: esta configuración solo se aplica a los nuevos enlaces https, los enlaces existentes solo se actualizan con el nuevo certificado. El uso de una IP fija para varios certificados provocará un conflicto de vinculación en Windows, utilícelo con precaución. </value>
 	</data>
-	<data name="ManagedCertificateSettings_ReapplyCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_ReapplyCertificate" xml:space="preserve">
 		<value>Vuelva a aplicar el certificado a los enlaces</value>
 	</data>
-	<data name="Dashboard_Register" xml:space="preserve">
+  <data name="Dashboard_Register" xml:space="preserve">
 		<value>Agregar</value>
 	</data>
-	<data name="Dashboard_Password" xml:space="preserve">
+  <data name="Dashboard_Password" xml:space="preserve">
 		<value>Contraseña</value>
 	</data>
-	<data name="GettingStarted_AddToDashboard" xml:space="preserve">
+  <data name="GettingStarted_AddToDashboard" xml:space="preserve">
 		<value>Agregar al panel de informes </value>
 	</data>
-	<data name="GettingStarted_Dashboard" xml:space="preserve">
+  <data name="GettingStarted_Dashboard" xml:space="preserve">
 		<value>Panel de informes</value>
 	</data>
-	<data name="GettingStarted_DashboardIntro" xml:space="preserve">
+  <data name="GettingStarted_DashboardIntro" xml:space="preserve">
 		<value>Puede utilizar el panel de informes para ver fácilmente el estado de renovación del certificado en uno o más servidores. </value>
 	</data>
-	<data name="GettingStarted_ViewDashboard" xml:space="preserve">
+  <data name="GettingStarted_ViewDashboard" xml:space="preserve">
 		<value>Ver panel de informes</value>
 	</data>
-	<data name="Dashboard_NewAccount" xml:space="preserve">
+  <data name="Dashboard_NewAccount" xml:space="preserve">
 		<value>Crear una nueva cuenta</value>
 	</data>
-	<data name="Dashboard_AddIntro" xml:space="preserve">
+  <data name="Dashboard_AddIntro" xml:space="preserve">
 		<value>Para agregar este servidor a su panel, proporcione sus https://certifytheweb.com/profile detalles de inicio de sesión o registre una nueva cuenta: </value>
 	</data>
-	<data name="ScheduledTaskConfig_UseBackgroundService" xml:space="preserve">
+  <data name="ScheduledTaskConfig_UseBackgroundService" xml:space="preserve">
 		<value>Usar servicio en segundo plano (se ejecuta como sistema local) </value>
 	</data>
-	<data name="ScheduledTaskConfig_UseScheduledTask" xml:space="preserve">
+  <data name="ScheduledTaskConfig_UseScheduledTask" xml:space="preserve">
 		<value>Usar una tarea programada (se ejecuta como usuario especificado) </value>
 	</data>
-	<data name="ManagedCertificatesSettings_RefreshDomains" xml:space="preserve">
+  <data name="ManagedCertificatesSettings_RefreshDomains" xml:space="preserve">
 		<value>Actualizar</value>
 	</data>
-	<data name="Update_DownloadNow" xml:space="preserve">
+  <data name="Update_DownloadNow" xml:space="preserve">
 		<value>¿Le gustaría descargar automáticamente la actualización? Se le notificará cuando esté listo para aplicar.</value>
 	</data>
-	<data name="Update_ReadyToApply" xml:space="preserve">
+  <data name="Update_ReadyToApply" xml:space="preserve">
 		<value>Una nueva actualización está lista para aplicarse. ¿Le gustaría instalarlo ahora? </value>
 	</data>
-	<data name="ManagedCertificateSettings_InvalidSNI" xml:space="preserve">
+  <data name="ManagedCertificateSettings_InvalidSNI" xml:space="preserve">
 		<value>Está intentando crear un enlace SNI que también tiene una dirección IP enlazada específica. En su lugar, se recomienda que los enlaces SNI utilicen Todos sin asignar. ¿Desea continuar? </value>
 	</data>
-	<data name="Credentials_EditCredential" xml:space="preserve">
+  <data name="Credentials_EditCredential" xml:space="preserve">
 		<value>Agregar / actualizar credencial almacenada </value>
 	</data>
-	<data name="Update_DownloadFailed" xml:space="preserve">
+  <data name="Update_DownloadFailed" xml:space="preserve">
 		<value>Lo sentimos, no se pudo descargar la actualización. Por favor, inténtelo de nuevo más tarde. </value>
 	</data>
-	<data name="Managed_Certificates" xml:space="preserve">
+  <data name="Managed_Certificates" xml:space="preserve">
 		<value>Administrar Certificados</value>
 	</data>
-	<data name="ManagedCertificateSettings_DefaultTitle" xml:space="preserve">
+  <data name="ManagedCertificateSettings_DefaultTitle" xml:space="preserve">
 		<value>Nuevo certificado administrado</value>
 	</data>
-	<data name="ManagedCertificateSettings_AddDomainsToCertificate" xml:space="preserve">
+  <data name="ManagedCertificateSettings_AddDomainsToCertificate" xml:space="preserve">
 		<value>Agregue dominios al certificado:</value>
 	</data>
-	<data name="ManagedCertificateSettings_AddDomainsHelpText" xml:space="preserve">
+  <data name="ManagedCertificateSettings_AddDomainsHelpText" xml:space="preserve">
 		<value>p.ej. test.com, www.test.com o * .test.com </value>
 	</data>
-	<data name="Settings_EnableHttpChallengeServer" xml:space="preserve">
+  <data name="Settings_EnableHttpChallengeServer" xml:space="preserve">
 		<value>Habilitar el servidor de desafío Http</value>
 	</data>
-	<data name="Settings_EnableCertificateCleanup" xml:space="preserve">
+  <data name="Settings_EnableCertificateCleanup" xml:space="preserve">
 		<value>Habilitar la limpieza de certificados </value>
 	</data>
-	<data name="Settings_EnableStatusReporting" xml:space="preserve">
+  <data name="Settings_EnableStatusReporting" xml:space="preserve">
 		<value>Habilitar informes de estado en el panel </value>
 	</data>
-	<data name="PreferredCertificateAuthority" xml:space="preserve">
+  <data name="PreferredCertificateAuthority" xml:space="preserve">
 		<value>Autoridad de Certificación preferida</value>
 	</data>
-	<data name="MainWindow_KeyExpired" xml:space="preserve">
+  <data name="MainWindow_KeyExpired" xml:space="preserve">
 		<value>Su clave de licencia ha caducado o ya no está activa. </value>
 	</data>
-</root>
+</root>
\ No newline at end of file
diff --git a/src/Certify.Locales/SR.ja-JP.resx b/src/Certify.Locales/SR.ja-JP.resx
index cc7d4edd3..af2c187c8 100644
--- a/src/Certify.Locales/SR.ja-JP.resx
+++ b/src/Certify.Locales/SR.ja-JP.resx
@@ -123,7 +123,7 @@
   <data name="Send_Feedback_Email" xml:space="preserve">
     <value>あなたのメール アドレス (回答が必要な場合):</value>
   </data>
-  <data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>はい、同意します</value>
   </data>
   <data name="ManagedCertificateSettings_HookTrigger" xml:space="preserve">
@@ -612,7 +612,7 @@
   <data name="MainWindow_RenewAllConfirm" xml:space="preserve">
     <value>すべての自動更新アイテムの証明書が更新されます。 続行しますか？</value>
   </data>
-  <data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>提供された電子メールアドレスは、必要に応じて今後の証明書の更新を通知するために使用することができます。 無効な電子メールアドレスはLet's Encrypt によって拒否されます。</value>
   </data>
   <data name="ManagedCertificateSettings_LogNotCreated" xml:space="preserve">
@@ -642,4 +642,4 @@
   <data name="ManagedCertificates_UnsavedWarning" xml:space="preserve">
     <value>選択したサイトに保存されていない変更があります。 変更を破棄しますか？</value>
   </data>
-</root>
+</root>
\ No newline at end of file
diff --git a/src/Certify.Locales/SR.nb-NO.resx b/src/Certify.Locales/SR.nb-NO.resx
index e7bb08bcb..1229266cf 100644
--- a/src/Certify.Locales/SR.nb-NO.resx
+++ b/src/Certify.Locales/SR.nb-NO.resx
@@ -156,13 +156,13 @@
   <data name="Email_Address" xml:space="preserve">
     <value>E-postadresse</value>
   </data>
-  <data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>Ja, jeg aksepterer</value>
   </data>
   <data name="Register_Contact" xml:space="preserve">
     <value>Registrer kontakt</value>
   </data>
-  <data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>E-postadressen som er oppgitt, kan brukes til å varsle deg om kommende sertifikatfornyelser hvis nødvendig. Ugyldige e-postadresser blir avvist av Let's Encrypt.</value>
   </data>
   <data name="Send_Feedback" xml:space="preserve">
diff --git a/src/Certify.Locales/SR.resx b/src/Certify.Locales/SR.resx
index 1074da072..755cea639 100644
--- a/src/Certify.Locales/SR.resx
+++ b/src/Certify.Locales/SR.resx
@@ -159,16 +159,16 @@
   <data name="Email_Address" xml:space="preserve">
     <value>Email Address</value>
   </data>
-  <data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>Yes, I Agree</value>
   </data>
   <data name="Register_Contact" xml:space="preserve">
     <value>Register Contact</value>
   </data>
-  <data name="New_Contact_Tip1" xml:space="preserve">
+  <data name="Account_Edit_Intro" xml:space="preserve">
     <value>To request certificates you need to register with each of the Certificate Authorities that you want to use.</value>
   </data>
-  <data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>The email address provided may be used to notify you of upcoming certificate renewals if required. Invalid email addresses will be rejected by the Certificate Authority.</value>
   </data>
   <data name="Send_Feedback" xml:space="preserve">
@@ -216,7 +216,7 @@
   <data name="New_Contact_EmailError" xml:space="preserve">
     <value>There was a problem registering with the Certificate Authority using this email address. Check the email address is valid and that this computer has an open connection to the internet (outgoing https is required for API calls).</value>
   </data>
-  <data name="New_Contact_NeedAgree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConditions" xml:space="preserve">
     <value>To proceed, confirm that you agree to the current terms and conditions for this Certificate Authority.</value>
   </data>
   <data name="Registration_NeedEmail" xml:space="preserve">
@@ -516,7 +516,7 @@
     <value>You are using the evaluation version of this app. Please purchase a registration key to upgrade. See the Register option on the About tab.</value>
   </data>
   <data name="MainWindow_RenewAllConfirm" xml:space="preserve">
-    <value>This will renew certificates for all auto-renewed items. Proceed?</value>
+    <value>This will renew certificates for all auto-renewed items, if applicable. Proceed?</value>
   </data>
   <data name="MainWindow_IISNotAvailable" xml:space="preserve">
     <value>IIS Was not detected on this server, important functionality will be unavailable. If you know IIS is installed and working on this server, please report this error to support@certifytheweb.com providing details of your server Operating System version and IIS versions</value>
@@ -704,4 +704,16 @@
   <data name="Settings_CA_Fallback" xml:space="preserve">
     <value>If you register with multiple authorities this may enable you to use automatic Certificate Authority Failover, so if your preferred Certificate Authority can't issue a new certificate an alternative compatible provider can be used automatically.</value>
   </data>
+  <data name="Account_Edit_SectionTitle" xml:space="preserve">
+    <value>Edit ACME Account</value>
+  </data>
+  <data name="ManagedCertificate_CertificateAuthority_UseTestCertificates" xml:space="preserve">
+    <value>Use Staging Mode (Test Certificates)</value>
+  </data>
+  <data name="EditCertificateAuthority_TitleHelp" xml:space="preserve">
+    <value>(Display Name for the Certificate Authority)</value>
+  </data>
+  <data name="EditCertificateAuthority_ProductionDirectoryHelp" xml:space="preserve">
+    <value>(Url for the production directory endpoint)</value>
+  </data>
 </root>
diff --git a/src/Certify.Locales/SR.tr-TR.resx b/src/Certify.Locales/SR.tr-TR.resx
index eb73c406e..4108843b0 100644
--- a/src/Certify.Locales/SR.tr-TR.resx
+++ b/src/Certify.Locales/SR.tr-TR.resx
@@ -159,16 +159,16 @@
   <data name="Email_Address" xml:space="preserve">
     <value>E-posta Adresi</value>
   </data>
-  <data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>Evet katılıyorum</value>
   </data>
   <data name="Register_Contact" xml:space="preserve">
     <value>Yetkiliyi Kaydet</value>
   </data>
-  <data name="New_Contact_Tip1" xml:space="preserve">
+  <data name="Account_Edit_Intro" xml:space="preserve">
     <value>Sertifika talep etmek için kullanmak istediğiniz Sertifika Yetkililerinin her birine kaydolmanız gerekir.</value>
   </data>
-  <data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>Sağlanan e-posta adresi, gerekirse yaklaşan sertifika yenilemelerini size bildirmek için kullanılabilir. Geçersiz e-posta adresleri Sertifika Yetkilisi tarafından reddedilecektir.</value>
   </data>
   <data name="Send_Feedback" xml:space="preserve">
@@ -216,7 +216,7 @@
   <data name="New_Contact_EmailError" xml:space="preserve">
     <value>Bu e-posta adresini kullanarak Sertifika Yetkilisine kaydolurken bir sorun oluştu. E-posta adresinin geçerli olduğunu ve bu bilgisayarın internete açık bir bağlantısı olduğunu kontrol edin (API çağrıları için giden https gereklidir).</value>
   </data>
-  <data name="New_Contact_NeedAgree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConditions" xml:space="preserve">
     <value>Devam etmek için bu Sertifika Yetkilisi için geçerli hüküm ve koşulları kabul ettiğinizi onaylayın.</value>
   </data>
   <data name="Registration_NeedEmail" xml:space="preserve">
@@ -689,4 +689,4 @@
   <data name="ManagedCertificateSettings_CertificateAuthority_Intro" xml:space="preserve">
     <value>Sertifika Yetkilileri, güvenilir sertifikalar verebilen kuruluşlardır. Kullanmak istediğiniz her (ACME) Sertifika Yetkilisi için Ayarlar altında bir hesap açmanız gerekir.</value>
   </data>
-</root>
+</root>
\ No newline at end of file
diff --git a/src/Certify.Locales/SR.zh-Hans.resx b/src/Certify.Locales/SR.zh-Hans.resx
index 09657f8e2..2b2af61f3 100644
--- a/src/Certify.Locales/SR.zh-Hans.resx
+++ b/src/Certify.Locales/SR.zh-Hans.resx
@@ -159,13 +159,13 @@
   <data name="Email_Address" xml:space="preserve">
     <value>邮箱地址</value>
   </data>
-  <data name="Yes_I_Agree" xml:space="preserve">
+  <data name="Account_Edit_AgreeConfirm" xml:space="preserve">
     <value>是的，我同意</value>
   </data>
   <data name="Register_Contact" xml:space="preserve">
     <value>新建联系方式</value>
   </data>
-  <data name="New_Contact_Tip2" xml:space="preserve">
+  <data name="Account_Edit_Intro2" xml:space="preserve">
     <value>这个邮箱地址将会在未来可能需要续期的时候通知你，不合法的电子邮箱地址将会被Let's Encrypt拒绝。</value>
   </data>
   <data name="Send_Feedback" xml:space="preserve">
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml
index 492f61e0d..a0b9eebdb 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/AdvancedOptions.xaml
@@ -40,7 +40,7 @@
                     Height="32"
                     MinWidth="140"
                     Controls:HeaderedControlHelper.HeaderFontSize="12"
-                    Header="Certificate Authority"
+                    Header="{x:Static Resources:SR.ManagedCertificateSettings_CertificateAuthority_Title}"
                     IsSelected="true">
                     <!--  Certificate Authority Preference  -->
                     <DockPanel Margin="16,0,8,8" DockPanel.Dock="Top">
@@ -70,7 +70,7 @@
 
                             <CheckBox
                                 Margin="4,4,0,4"
-                                Content="Use Staging Mode (Test Certificates)"
+                                Content="{x:Static Resources:SR.ManagedCertificate_CertificateAuthority_UseTestCertificates}"
                                 IsChecked="{Binding SelectedItem.UseStagingMode}"
                                 Visibility="{Binding SelectedItem.CertificateAuthorityId, Converter={StaticResource NullCollapsedConverter}}" />
                         </StackPanel>
diff --git a/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml b/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml
index 2ab1d51b4..500cd180a 100644
--- a/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml
+++ b/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml
@@ -7,7 +7,7 @@
     xmlns:local="clr-namespace:Certify.UI.Windows"
     xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
     xmlns:res="clr-namespace:Certify.Locales;assembly=Certify.Locales"
-    Title="Edit ACME Account"
+    Title="{x:Static res:SR.Account_Edit_SectionTitle}"
     Width="514"
     Height="416"
     ResizeMode="CanResizeWithGrip"
@@ -43,7 +43,7 @@
                         VerticalAlignment="Top"
                         DockPanel.Dock="Top"
                         Style="{StaticResource Instructions}"
-                        TextWrapping="Wrap"><Run Text="{x:Static res:SR.New_Contact_Tip1}" /><LineBreak /><Run /></TextBlock>
+                        TextWrapping="Wrap"><Run Text="{x:Static res:SR.Account_Edit_Intro}" /><LineBreak /><Run /></TextBlock>
                     <!--  Certificate Authority Preference  -->
                     <StackPanel
                         Margin="0,0,0,8"
@@ -83,7 +83,7 @@
                         Margin="0,0,8,0"
                         DockPanel.Dock="Top"
                         Style="{StaticResource Instructions}"
-                        TextWrapping="Wrap"><Run Text="{x:Static res:SR.New_Contact_Tip2}" /></TextBlock>
+                        TextWrapping="Wrap"><Run Text="{x:Static res:SR.Account_Edit_Intro2}" /></TextBlock>
 
                     <StackPanel
                         Margin="0,8"
@@ -95,14 +95,14 @@
                             Margin="0,0,0,0"
                             FontWeight="Bold"
                             Style="{StaticResource Instructions}"
-                            Text="{x:Static res:SR.New_Contact_NeedAgree}"
+                            Text="{x:Static res:SR.Account_Edit_AgreeConditions}"
                             TextWrapping="Wrap" />
 
                         <CheckBox
                             Margin="12,12,12,12"
                             HorizontalAlignment="Left"
                             VerticalAlignment="Top"
-                            Content="{x:Static res:SR.Yes_I_Agree}"
+                            Content="{x:Static res:SR.Account_Edit_AgreeConfirm}"
                             DockPanel.Dock="Top"
                             IsChecked="{Binding Item.AgreedToTermsAndConditions}" />
 
diff --git a/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml.cs b/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml.cs
index 63b6731f5..a597f783b 100644
--- a/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml.cs
+++ b/src/Certify.UI.Shared/Windows/EditAccountDialog.xaml.cs
@@ -141,7 +141,7 @@ private async void Save_Click(object sender, RoutedEventArgs e)
             }
             else
             {
-                MessageBox.Show(Certify.Locales.SR.New_Contact_NeedAgree);
+                MessageBox.Show(Certify.Locales.SR.Account_Edit_AgreeConditions);
             }
         }
 
diff --git a/src/Certify.UI.Shared/Windows/EditCertificateAuthority.xaml b/src/Certify.UI.Shared/Windows/EditCertificateAuthority.xaml
index 3fc7669e9..1adac373d 100644
--- a/src/Certify.UI.Shared/Windows/EditCertificateAuthority.xaml
+++ b/src/Certify.UI.Shared/Windows/EditCertificateAuthority.xaml
@@ -51,7 +51,7 @@
                 Height="23"
                 HorizontalAlignment="Left"
                 VerticalAlignment="Top"
-                Controls:TextBoxHelper.Watermark="(Display Name for the Certificate Authority)"
+                Controls:TextBoxHelper.Watermark="{x:Static res:SR.EditCertificateAuthority_TitleHelp}"
                 Text="{Binding Model.Item.Title}"
                 TextWrapping="Wrap" />
         </StackPanel>
@@ -88,7 +88,7 @@
                 Height="23"
                 HorizontalAlignment="Left"
                 VerticalAlignment="Top"
-                Controls:TextBoxHelper.Watermark="(Url for the production directory endpoint)"
+                Controls:TextBoxHelper.Watermark="{x:Static res:SR.EditCertificateAuthority_ProductionDirectoryHelp}"
                 Text="{Binding Model.Item.ProductionAPIEndpoint}"
                 TextWrapping="Wrap" />
         </StackPanel>

From 77bf8ceab36a0db310b0cdff34745091fd5386f1 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 7 Nov 2023 18:00:01 +0800
Subject: [PATCH 080/237] Make CA controller partial for extending with source
 generators

---
 .../Controllers/internal/CertificateAuthorityController.cs    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
index e845bab3f..a9b3b675a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
@@ -7,14 +7,14 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class CertificateAuthorityController : ControllerBase
+    public partial class CertificateAuthorityController : ControllerBase
     {
 
         private readonly ILogger<CertificateAuthorityController> _logger;

From accb35d881c14e9e434cd6507ff2d052aa58959b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 9 Nov 2023 09:08:33 +0800
Subject: [PATCH 081/237] Core: update to error messages when saving ca or
 account

---
 .../Management/CertifyManager/CertifyManager.Account.cs        | 3 ---
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs        | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index c9186e3fb..1b3137c62 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -669,8 +669,5 @@ public async Task<ActionResult> RemoveCertificateAuthority(string id)
                 return new ActionResult($"The certificate authority {id} was not found in the list of custom CAs and could not be removed.", false);
             }
         }
-
-            return await Task.FromResult(new ActionResult("An error occurred removing the indicated Custom CA from the Certificate Authorities list.", false));
-        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index e623a8ee2..60bc7053d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -72,6 +72,8 @@ public void ConfigureServices(IServiceCollection services)
             services.AddSwaggerGen(c =>
             {
 
+                // docs UI will be available at /docs
+
                 c.SwaggerDoc("v1", new OpenApiInfo
                 {
                     Title = "Certify Server API",

From 8cdd3afa8937e223bad68ce59bba1693a871468a Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 9 Nov 2023 12:16:34 +0800
Subject: [PATCH 082/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                    | 2 +-
 src/Certify.Core/Certify.Core.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj             | 2 +-
 src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj     | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                  | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj          | 2 +-
 .../Certify.Service.Worker/Certify.Service.Worker.csproj    | 2 +-
 .../Certify.Shared.Extensions.csproj                        | 2 +-
 .../Certify.Core.Tests.Integration.csproj                   | 4 ++--
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj  | 6 +++---
 .../Certify.Service.Tests.Integration.csproj                | 4 ++--
 .../Certify.UI.Tests.Integration.csproj                     | 2 +-
 12 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index e27a06f95..5ffab76aa 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 61b680a0f..7737f607e 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index f6fdb983e..424015779 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.202.9" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.203.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj b/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
index c2f045250..57f33b801 100644
--- a/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
+++ b/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Management.Infrastructure" Version="2.0.0">
+    <PackageReference Include="Microsoft.Management.Infrastructure" Version="3.0.0">
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 758dd3b80..6a3571ca1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -26,7 +26,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 15b0e512d..c50431f4f 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
     <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.2.23480.2" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 06f0b6c9e..f3cb3e98e 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -12,7 +12,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.2.23479.6" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index a05eb2590..e7fe84833 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.8" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.9" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 7aa438dc1..a858c5861 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -88,7 +88,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
@@ -96,7 +96,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index d694a6b47..9f7c7fe11 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -136,14 +136,14 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="DotNetEnv" Version="2.5.0"/>
+    <PackageReference Include="DotNetEnv" Version="2.5.0" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 31455ada4..ab0db9dbe 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -77,10 +77,10 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.0.0" />
+    <PackageReference Include="Polly" Version="8.1.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 09aded4a4..618dabff8 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -73,7 +73,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>

From c3a72e81be87963807f47c1397e2e8522c1c158b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 9 Nov 2023 16:45:27 +0800
Subject: [PATCH 083/237] Docker: update debug config and allow write to app
 settings for non-privileged app user

---
 .../Certify.Server.Api.Public.csproj          | 37 +++++++------------
 .../Certify.Server.Api.Public/Dockerfile      | 33 +++++++++++++++++
 .../Properties/launchSettings.json            | 11 ++++++
 .../Certify.Service.Worker/Dockerfile         | 24 ++++++++----
 .../Properties/launchSettings.json            |  6 +--
 5 files changed, 74 insertions(+), 37 deletions(-)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Dockerfile

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index c9e721ceb..54d1d9632 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,43 +1,32 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <DockerfileContext>..\..\..\..\certify-general</DockerfileContext>
+    <DockerfileContext>..\..</DockerfileContext>
     <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
-		<GenerateDocumentationFile>True</GenerateDocumentationFile>
+    <GenerateDocumentationFile>True</GenerateDocumentationFile>
   </PropertyGroup>
-
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <DefineConstants>DEBUG;TRACE</DefineConstants>
-
   </PropertyGroup>
-
-  
-
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-rc.2.23480.2" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
-      <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.2.23480.2" />
-      <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.2.23480.1" />
-      <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.2.23480.2" />
-      
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.2.23480.1" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
+    <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
+    <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
-
-    <ItemGroup>
-        <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
-        <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
-        <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
-
-    </ItemGroup>
-
   <ItemGroup>
     <Folder Include="Models\" />
   </ItemGroup>
-
-
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Dockerfile b/src/Certify.Server/Certify.Server.Api.Public/Dockerfile
new file mode 100644
index 000000000..a9b4d78e0
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Dockerfile
@@ -0,0 +1,33 @@
+#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
+
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+
+# grant write to store settings path before switching to app user
+RUN mkdir /usr/share/certify && chown -R app:app /usr/share/certify 
+
+USER app
+WORKDIR /app
+EXPOSE 32768
+EXPOSE 44360
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+ARG BUILD_CONFIGURATION=Release
+WORKDIR /src
+COPY ["Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj", "Certify.Server/Certify.Server.Api.Public/"]
+COPY ["Certify.Client/Certify.Client.csproj", "Certify.Client/"]
+COPY ["Certify.Locales/Certify.Locales.csproj", "Certify.Locales/"]
+COPY ["Certify.Models/Certify.Models.csproj", "Certify.Models/"]
+COPY ["Certify.Shared/Certify.Shared.Core.csproj", "Certify.Shared/"]
+RUN dotnet restore "./Certify.Server/Certify.Server.Api.Public/./Certify.Server.Api.Public.csproj"
+COPY . .
+WORKDIR "/src/Certify.Server/Certify.Server.Api.Public"
+RUN dotnet build "./Certify.Server.Api.Public.csproj" -c $BUILD_CONFIGURATION -o /app/build
+
+FROM build AS publish
+ARG BUILD_CONFIGURATION=Release
+RUN dotnet publish "./Certify.Server.Api.Public.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
+
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+ENTRYPOINT ["dotnet", "Certify.Server.Api.Public.dll"]
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index 9db54dd53..4529b8901 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -26,6 +26,17 @@
         "CERTIFY_SERVER_PORT": "9695"
       },
       "distributionName": ""
+    },
+    "Docker": {
+      "commandName": "Docker",
+      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/docs",
+      "environmentVariables": {
+        "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
+        "CERTIFY_SERVER_HOST": "localhost",
+        "CERTIFY_SERVER_PORT": "9695"
+      },
+      "publishAllPorts": true,
+      "useSSL": true
     }
   },
   "iisSettings": {
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
index 53e0dff18..78f967792 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
@@ -1,19 +1,27 @@
-#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
+#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
+
 FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+
+# grant write to store settings path before switching to app user
+RUN mkdir /usr/share/certify && chown -R app:app /usr/share/certify 
+
+USER app
 WORKDIR /app
-EXPOSE 80
-EXPOSE 443
+EXPOSE 8080
+EXPOSE 8081
 
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
-COPY ["Certify.Service.Worker/Certify.Service.Worker.csproj", "Certify.Service.Worker/"]
-RUN dotnet restore "Certify.Service.Worker/Certify.Service.Worker.csproj"
+COPY ["Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj", "Certify.Server/Certify.Service.Worker/Certify.Service.Worker/"]
+RUN dotnet restore "./Certify.Server/Certify.Service.Worker/Certify.Service.Worker/./Certify.Service.Worker.csproj"
 COPY . .
-WORKDIR "/src/Certify.Service.Worker"
-RUN dotnet build "Certify.Service.Worker.csproj" -c Release -o /app/build
+WORKDIR "/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker"
+RUN dotnet build "./Certify.Service.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/build
 
 FROM build AS publish
-RUN dotnet publish "Certify.Service.Worker.csproj" -c Release -o /app/publish
+ARG BUILD_CONFIGURATION=Release
+RUN dotnet publish "./Certify.Service.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
 
 FROM base AS final
 WORKDIR /app
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
index e9093ef61..6ab245a4f 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
@@ -30,11 +30,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "sslPort": 44360,
-      "applicationUrl": "http://localhost:32768;https://localhost:44360",
-      "httpPort": 32768,
-      "publishAllPorts": true,
-      "useSSL": true
+      "publishAllPorts": true      
     },
     "WSL": {
       "commandName": "WSL2",

From 5a9fa88e799c88c1e8dec31e3164fc7637c1781b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 9 Nov 2023 16:45:48 +0800
Subject: [PATCH 084/237] Add public API to service solution

---
 src/Certify.Core.Service.sln | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Certify.Core.Service.sln b/src/Certify.Core.Service.sln
index 7339e860a..6af14c6ef 100644
--- a/src/Certify.Core.Service.sln
+++ b/src/Certify.Core.Service.sln
@@ -71,6 +71,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.ACME.Anvil", "..\..
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Service.Worker", "Certify.Server\Certify.Service.Worker\Certify.Service.Worker\Certify.Service.Worker.csproj", "{D786EFD1-7402-43F0-B74F-504DB7C25FF6}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Server.Api.Public", "Certify.Server\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj", "{2DB50C13-7535-4D01-8EA5-1839F1472D7B}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -287,6 +289,14 @@ Global
 		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|Any CPU.Build.0 = Release|Any CPU
 		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.ActiveCfg = Release|Any CPU
 		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.Build.0 = Release|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|x64.Build.0 = Debug|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Release|x64.ActiveCfg = Release|Any CPU
+		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Release|x64.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

From 0dec563a55ce9a87a926697c1813de61c1c48b8b Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Fri, 10 Nov 2023 15:36:20 +0800
Subject: [PATCH 085/237] Fix migration and public API namespaces

---
 src/Certify.CLI/CertifyCLI.Backup.cs                        | 3 +--
 src/Certify.Client/CertifyApiClient.cs                      | 6 +++---
 src/Certify.Client/ICertifyClient.cs                        | 5 ++---
 .../Management/CertifyManager/CertifyManager.cs             | 2 +-
 .../Management/CertifyManager/ICertifyManager.cs            | 2 +-
 src/Certify.Core/Management/MigrationManager.cs             | 2 +-
 src/Certify.Models/Config/Migration.cs                      | 2 +-
 .../Certify.Server.Api.Public.Tests/APITestBase.cs          | 2 +-
 .../Controllers/internal/AccessController.cs                | 1 -
 .../Controllers/internal/ChallengeProviderController.cs     | 2 +-
 .../Controllers/internal/DeploymentTaskController.cs        | 2 +-
 .../Controllers/internal/PreviewController.cs               | 2 +-
 .../Controllers/internal/StoredCredentialController.cs      | 4 ++--
 .../Controllers/internal/TargetController.cs                | 2 +-
 .../Controllers/v1/AuthController.cs                        | 2 +-
 .../Controllers/v1/CertificateController.cs                 | 3 +--
 .../Controllers/v1/SystemController.cs                      | 4 ++--
 .../Controllers/v1/ValidationController.cs                  | 2 +-
 .../Certify.Server.Core/Controllers/SystemController.cs     | 2 +-
 src/Certify.Service/Controllers/SystemController.cs         | 2 +-
 .../Certify.Core.Tests.Integration/CertifyManagerTests.cs   | 2 +-
 .../Certify.Core.Tests.Integration/MigrationManagerTests.cs | 2 +-
 .../ViewModel/AppViewModel/AppViewModel.Settings.cs         | 2 +-
 src/Certify.UI.Shared/Windows/ImportExport.xaml.cs          | 3 +--
 24 files changed, 28 insertions(+), 33 deletions(-)

diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index c17faf9cb..bdba39de3 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -2,8 +2,7 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
-
-using Certify.Config.Migration;
+using Certify.Models.Config.Migration;
 using Newtonsoft.Json;
 
 namespace Certify.CLI
diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index efde8d88c..6d904e026 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -6,11 +6,11 @@
 using System.Net.Http.Headers;
 using System.Threading;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Config.AccessControl;
+using Certify.Models.Config.Migration;
 using Certify.Models.Reporting;
 using Certify.Models.Utils;
 using Certify.Shared;
@@ -256,7 +256,7 @@ public async Task<List<ActionResult>> PerformServiceDiagnostics()
             return JsonConvert.DeserializeObject<List<ActionResult>>(result);
         }
 
-        public async Task<ImportExportPackage> PerformExport(ExportRequest exportRequest)
+        /*public async Task<ImportExportPackage> PerformExport(ExportRequest exportRequest)
         {
             var result = await PostAsync("system/migration/export", exportRequest);
             return JsonConvert.DeserializeObject<ImportExportPackage>(await result.Content.ReadAsStringAsync());
@@ -266,7 +266,7 @@ public async Task<List<ActionStep>> PerformImport(ImportRequest importRequest)
         {
             var result = await PostAsync("system/migration/import", importRequest);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
-        }
+        }*/
         public async Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId)
         {
             var result = await PostAsync($"system/datastores/setdefault/{dataStoreId}", null);
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index 93c0914af..e4f913811 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Reporting;
@@ -26,8 +25,8 @@ public partial interface ICertifyInternalApiClient
         Task<List<Models.Config.ActionResult>> PerformServiceDiagnostics();
         Task<List<Models.Config.ActionResult>> PerformManagedCertMaintenance(string id = null);
 
-        Task<ImportExportPackage> PerformExport(ExportRequest exportRequest);
-        Task<List<ActionStep>> PerformImport(ImportRequest importRequest);
+       // Task<ImportExportPackage> PerformExport(ExportRequest exportRequest);
+      //  Task<List<ActionStep>> PerformImport(ImportRequest importRequest);
 
         Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId);
         Task<List<ProviderDefinition>> GetDataStoreProviders();
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 004e8ec78..1fd40af2f 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -6,12 +6,12 @@
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
 using Certify.Core.Management;
 using Certify.Core.Management.Access;
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
 using Certify.Providers.ACME.Anvil;
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index 2327eec54..08191c91d 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -3,10 +3,10 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Certify.Config;
-using Certify.Config.Migration;
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
 using Certify.Shared;
diff --git a/src/Certify.Core/Management/MigrationManager.cs b/src/Certify.Core/Management/MigrationManager.cs
index 215d31160..ed2aad3fb 100644
--- a/src/Certify.Core/Management/MigrationManager.cs
+++ b/src/Certify.Core/Management/MigrationManager.cs
@@ -8,10 +8,10 @@
 using System.Text;
 using System.Threading.Tasks;
 using Certify.Config;
-using Certify.Config.Migration;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
 
diff --git a/src/Certify.Models/Config/Migration.cs b/src/Certify.Models/Config/Migration.cs
index 9bcfa2045..4f8243b19 100644
--- a/src/Certify.Models/Config/Migration.cs
+++ b/src/Certify.Models/Config/Migration.cs
@@ -3,7 +3,7 @@
 using Certify.Models;
 using Certify.Models.Config;
 
-namespace Certify.Config.Migration
+namespace Certify.Models.Config.Migration
 {
     public class ImportExportContent
     {
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index 7cca8db97..586e0c34b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -3,7 +3,7 @@
 using System.Net.Http;
 using System.Threading.Tasks;
 using Certify.Models.API;
-using Certify.Server.API.Controllers;
+using Certify.Server.Api.Public.Controllers;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
index 664d6b6bd..eb8738c17 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
@@ -1,5 +1,4 @@
 using Certify.Client;
-using Certify.Server.API.Controllers;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
index ff3234c7e..d1b7cf026 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
@@ -8,7 +8,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
index c8db0ad71..a5f8278dd 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
@@ -7,7 +7,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index 27bcc3a64..70ebed9fe 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -8,7 +8,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
index 843116c2f..023b3d581 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
@@ -7,14 +7,14 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class StoredCredentialController : ControllerBase
+    public partial class StoredCredentialController : ControllerBase
     {
 
         private readonly ILogger<StoredCredentialController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
index 296fb8bc9..f3c8bc83d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
@@ -9,7 +9,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Internal API for extended certificate management. Not intended for general use.
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index 59a35233d..4e81051e7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -8,7 +8,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Provides auth related operations
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 261634bac..8c1b63f87 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -11,7 +11,7 @@
 using Microsoft.Extensions.Logging;
 using Swashbuckle.AspNetCore.Annotations;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Provides managed certificate related operations
@@ -98,7 +98,6 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
 
             var log = await _client.GetItemLog(managedCertId, maxLines);
 
-
             return new OkObjectResult(new LogResult { Items = log });
         }
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index da0203190..c3e2eb018 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -4,14 +4,14 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Provides general system level information (version etc)
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public class SystemController : ControllerBase
+    public partial class SystemController : ControllerBase
     {
 
         private readonly ILogger<SystemController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
index bd8326eb7..27df4e2b7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
@@ -7,7 +7,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
-namespace Certify.Server.API.Controllers
+namespace Certify.Server.Api.Public.Controllers
 {
     /// <summary>
     /// Provides operations related to identifier validation challenges (proof of domain control etc)
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
index 1f3e47430..91917727a 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
@@ -1,9 +1,9 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Shared;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Cors;
diff --git a/src/Certify.Service/Controllers/SystemController.cs b/src/Certify.Service/Controllers/SystemController.cs
index e408d0900..35de239b3 100644
--- a/src/Certify.Service/Controllers/SystemController.cs
+++ b/src/Certify.Service/Controllers/SystemController.cs
@@ -2,10 +2,10 @@
 using System.Threading.Tasks;
 using System.Web.Http;
 using System.Web.Http.Cors;
-using Certify.Config.Migration;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Shared;
 
 namespace Certify.Service.Controllers
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
index 8b9af1fb6..405da925e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
@@ -1,6 +1,6 @@
 using System;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
+using Certify.Models.Config.Migration;
 using Certify.Management;
 using Certify.Models;
 using Certify.Service;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
index 47e115dbc..a7d1daed5 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
@@ -1,6 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
+using Certify.Models.Config.Migration;
 using Certify.Core.Management;
 using Certify.Datastore.SQLite;
 using Certify.Management;
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
index 0b352fc28..a6ff83306 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
@@ -4,8 +4,8 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 using Certify.UI.Settings;
 
 namespace Certify.UI.ViewModel
diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs b/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
index 3c4b3ae03..c6c229066 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml.cs
@@ -3,9 +3,8 @@
 using System.Linq;
 using System.Text;
 using System.Windows;
-
-using Certify.Config.Migration;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 using Certify.UI.Shared;
 using Microsoft.Win32;
 using Newtonsoft.Json;

From 0f22e70ca414211a2a8508693b524ba3a541f654 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Tue, 14 Nov 2023 15:40:45 +0800
Subject: [PATCH 086/237] UI: use resource for string in import/export

---
 src/Certify.Locales/SR.Designer.cs              | 9 +++++++++
 src/Certify.Locales/SR.resx                     | 3 +++
 src/Certify.UI.Shared/Windows/ImportExport.xaml | 2 +-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Locales/SR.Designer.cs b/src/Certify.Locales/SR.Designer.cs
index 9076e2510..a54c4900b 100644
--- a/src/Certify.Locales/SR.Designer.cs
+++ b/src/Certify.Locales/SR.Designer.cs
@@ -1754,6 +1754,15 @@ public static string Settings_EnableTelemetry {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to You can create an export file to bundle all of the related settings and file for this instance together. Note: sensitive content is encrypted but you should not share this file with untrusted sources or use unsecured storage..
+        /// </summary>
+        public static string Settings_Export_Intro {
+            get {
+                return ResourceManager.GetString("Settings_Export_Intro", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Ignore stopped IIS sites for new certificates and renewals.
         /// </summary>
diff --git a/src/Certify.Locales/SR.resx b/src/Certify.Locales/SR.resx
index 755cea639..e20402ad3 100644
--- a/src/Certify.Locales/SR.resx
+++ b/src/Certify.Locales/SR.resx
@@ -716,4 +716,7 @@
   <data name="EditCertificateAuthority_ProductionDirectoryHelp" xml:space="preserve">
     <value>(Url for the production directory endpoint)</value>
   </data>
+  <data name="Settings_Export_Intro" xml:space="preserve">
+    <value>You can create an export file to bundle all of the related settings and file for this instance together. Note: sensitive content is encrypted but you should not share this file with untrusted sources or use unsecured storage.</value>
+  </data>
 </root>
diff --git a/src/Certify.UI.Shared/Windows/ImportExport.xaml b/src/Certify.UI.Shared/Windows/ImportExport.xaml
index 12073af34..67b953e83 100644
--- a/src/Certify.UI.Shared/Windows/ImportExport.xaml
+++ b/src/Certify.UI.Shared/Windows/ImportExport.xaml
@@ -17,7 +17,7 @@
     <DockPanel Margin="16" LastChildFill="true">
         <StackPanel DockPanel.Dock="Top" Orientation="Vertical">
             <TextBlock DockPanel.Dock="Top" Style="{StaticResource Subheading}">Import/Export Settings</TextBlock>
-            <TextBlock HorizontalAlignment="Left" Style="{StaticResource Instructions}">You can create an export file to bundle all of the related settings and file for this instance together. Note: sensitive content is encrypted but you should not share this file with untrusted sources or use unsecured storage.</TextBlock>
+            <TextBlock HorizontalAlignment="Left" Style="{StaticResource Instructions}">"{x:Static properties:SR.Settings_Export_Intro}"</TextBlock>
             <TextBlock HorizontalAlignment="Left" Style="{StaticResource Instructions}">To import or export, you should specify a password to use for encryption/decryption:</TextBlock>
             <PasswordBox
                 x:Name="txtSecret"

From 86c6fe3ebc430843cce0fd5dfb7c4a9e2044855f Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Wed, 15 Nov 2023 16:15:56 +0800
Subject: [PATCH 087/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj             |  6 +++---
 src/Certify.Core/Certify.Core.csproj                 |  2 +-
 src/Certify.Models/Certify.Models.csproj             |  2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj      |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                |  6 +++---
 .../Certify.Server.Api.Public.Tests.csproj           |  2 +-
 .../Certify.Server.Api.Public.csproj                 |  8 ++++----
 .../Certify.Server.Core/Certify.Server.Core.csproj   | 12 ++++++------
 .../Certify.Service.Worker.csproj                    |  8 ++++----
 src/Certify.Service/App.config                       |  8 ++++----
 src/Certify.Service/Certify.Service.csproj           |  7 ++++---
 src/Certify.Shared/Certify.Shared.Core.csproj        |  4 ++--
 .../Certify.Core.Tests.Integration.csproj            |  4 ++--
 .../Certify.Core.Tests.Unit.csproj                   |  8 ++++----
 .../Certify.Service.Tests.Integration.csproj         |  4 ++--
 src/Certify.UI.Shared/Certify.UI.Shared.csproj       |  4 ++--
 src/Certify.UI/Certify.UI.csproj                     |  4 ++--
 17 files changed, 46 insertions(+), 45 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 5ffab76aa..d05161e55 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,11 +16,11 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.1.0" />
+    <PackageReference Include="Polly" Version="8.2.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 7737f607e..815d2c69b 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.1.0" />
+    <PackageReference Include="Polly" Version="8.2.0" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 1aa1612ce..a918579d1 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="8.0.0-rc.2.23479.6" />
+		<PackageReference Include="System.Text.Json" Version="8.0.0" />
 	</ItemGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 424015779..6cc8ed027 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.203.2" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index b178c09dd..26de95501 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,10 +7,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.35.0" />
-    <PackageReference Include="Azure.Identity" Version="1.10.3" />
+    <PackageReference Include="Azure.Core" Version="1.36.0" />
+    <PackageReference Include="Azure.Identity" Version="1.10.4" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
-    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 6a3571ca1..6854064ce 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.0-rc.2.23480.2" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 54d1d9632..978ee4a26 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -16,10 +16,10 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0-rc.2.23480.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index c50431f4f..24c804572 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -7,13 +7,13 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Polly" Version="8.1.0" />
-    <PackageReference Include="Serilog" Version="3.0.1" />
+    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Serilog" Version="3.1.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0-rc.2.23480.2" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Core\Certify.Core.csproj" />
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index f3cb3e98e..98a7f08a9 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -12,10 +12,10 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
-    <PackageReference Include="Polly" Version="8.1.0" />
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0-rc.2.23479.6" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0-rc.2.23479.6" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index a8ae0f42f..ec7fc9391 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -8,20 +8,20 @@
       <!-- System.Text.Encodings.Web : Azure.Security.KeyVault.Certificates.ImportCertificateOptions tries to load old version -->
       <dependentAssembly>
         <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.5.1" newVersion="7.0.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="8.0.0.0"/>
       </dependentAssembly>
 
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.31.0.0" newVersion="1.35.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.35.0.0" newVersion="1.36.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
       <!-- application insights also references v5.0, so we overide that here and also reference 7.x in the service and the plugins.all -->
       <dependentAssembly>
         <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.0.22.0" newVersion="7.0.0.2"/>
+        <bindingRedirect oldVersion="0.0.0.0-7.0.0.2" newVersion="8.0.0.0"/>
       </dependentAssembly>
 
       <!-- Azure resource manager references an old version of Microsoft.Bcl.AsyncInterfaces-->
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.53.0.0" newVersion="4.56.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.56.0.0" newVersion="4.57.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index e8dabde64..25b0969b0 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -64,11 +64,12 @@
         <PackageReference Include="Microsoft.Owin.SelfHost" Version="4.2.2" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Owin" Version="1.0.0" />
-        <PackageReference Include="Serilog" Version="3.0.1" />
+        <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
-        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
-        <PackageReference Include="System.ServiceProcess.ServiceController" Version="7.0.1" />
+        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+        <PackageReference Include="System.ServiceProcess.ServiceController" Version="8.0.0" />
+        <PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
         <PackageReference Include="System.ValueTuple" Version="4.5.0" />
         <PackageReference Include="Topshelf" Version="4.3.0" />
         <PackageReference Include="Topshelf.Serilog" Version="4.3.0" />
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 31d03bdd2..bd8ee3afc 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -12,13 +12,13 @@
         <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
         <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-        <PackageReference Include="Serilog" Version="3.0.1" />
+        <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Serilog.Sinks.Debug" Version="2.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
-        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
+        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
         <PackageReference Include="Arsoft.Tools.Net" Version="3.5.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index a858c5861..0edf6955c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -96,14 +96,14 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.1.0" />
+    <PackageReference Include="Polly" Version="8.2.0" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
     <PackageReference Include="System.Collections.Concurrent" Version="4.3.0" />
     <PackageReference Include="System.Console" Version="4.3.1" />
     <PackageReference Include="System.Diagnostics.Debug" Version="4.3.0" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Diagnostics.Tools" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.Tracing" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 9f7c7fe11..262d6e2de 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -137,15 +137,15 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="DotNetEnv" Version="2.5.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.1.0" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index ab0db9dbe..d155c9add 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -80,8 +80,8 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.1.0" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0-rc.2.23479.6" />
+    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
     <Folder Include="Properties\" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 49b0f8756..1dfec6cde 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -41,8 +41,8 @@
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
-		<PackageReference Include="Serilog" Version="3.0.1" />
-		<PackageReference Include="System.Text.Json" Version="8.0.0-rc.2.23479.6" />
+		<PackageReference Include="Serilog" Version="3.1.1" />
+		<PackageReference Include="System.Text.Json" Version="8.0.0" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 4abb7cb30..6f6198df1 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -177,10 +177,10 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="Serilog">
-      <Version>3.0.1</Version>
+      <Version>3.1.1</Version>
     </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
-      <Version>8.0.0-rc.2.23479.6</Version>
+      <Version>8.0.0</Version>
     </PackageReference>
     <PackageReference Include="System.Net.Http">
       <Version>4.3.4</Version>

From c3c4eec14723dd8f7a5ba696288f92f56fa64292 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Thu, 16 Nov 2023 15:09:35 +0800
Subject: [PATCH 088/237] aspire experiment

---
 .../Certify.Server.Api.Public.csproj          | 23 +++-----
 .../Controllers/v1/CertificateController.cs   |  7 ---
 .../Certify.Server.Api.Public/Program.cs      | 58 +++++++++----------
 .../Properties/launchSettings.json            |  2 +-
 .../Certify.Server.Api.Public/Startup.cs      |  2 +-
 .../Certify.Service.Worker.csproj             |  1 +
 6 files changed, 38 insertions(+), 55 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 978ee4a26..104053b36 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,32 +1,25 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <InvariantGlobalization>true</InvariantGlobalization>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <DockerfileContext>..\..</DockerfileContext>
     <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
     <GenerateDocumentationFile>True</GenerateDocumentationFile>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-  </PropertyGroup>
+
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.0.3" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.3" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="[1.19.6-Preview.1, 1.19.6]" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
+    <ProjectReference Include="C:\Users\chris\source\repos\Certify.AspireContainers\Certify.AspireContainers.ServiceDefaults\Certify.AspireContainers.ServiceDefaults.csproj" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Models\" />
-  </ItemGroup>
+
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 8c1b63f87..c60ecc529 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -9,7 +9,6 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
-using Swashbuckle.AspNetCore.Annotations;
 
 namespace Certify.Server.Api.Public.Controllers
 {
@@ -113,7 +112,6 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(ManagedCertificateSummaryResult))]
         public async Task<IActionResult> GetManagedCertificates(string keyword, int? page = null, int? pageSize = null)
         {
-
             var managedCertResult = await _client.GetManagedCertificateSearchResult(
                 new Models.ManagedCertificateFilter
                 {
@@ -176,7 +174,6 @@ public async Task<IActionResult> GetManagedCertificateSummary(string keyword)
         [Route("settings/{managedCertId}")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        [SwaggerOperation(OperationId = nameof(GetManagedCertificateDetails))]
         public async Task<IActionResult> GetManagedCertificateDetails(string managedCertId)
         {
 
@@ -194,7 +191,6 @@ public async Task<IActionResult> GetManagedCertificateDetails(string managedCert
         [Route("settings/update")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        [SwaggerOperation(OperationId = nameof(UpdateManagedCertificateDetails))]
         public async Task<IActionResult> UpdateManagedCertificateDetails(Models.ManagedCertificate managedCertificate)
         {
 
@@ -218,7 +214,6 @@ public async Task<IActionResult> UpdateManagedCertificateDetails(Models.ManagedC
         [Route("order")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        [SwaggerOperation(OperationId = nameof(BeginOrder))]
         public async Task<IActionResult> BeginOrder(string id)
         {
 
@@ -242,7 +237,6 @@ public async Task<IActionResult> BeginOrder(string id)
         [Route("renew")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        [SwaggerOperation(OperationId = nameof(PerformRenewal))]
         public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         {
 
@@ -266,7 +260,6 @@ public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         [Route("test")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<Models.StatusMessage>))]
-        [SwaggerOperation(OperationId = nameof(PerformConfigurationTest))]
         public async Task<IActionResult> PerformConfigurationTest(Models.ManagedCertificate item)
         {
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Program.cs b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
index 32061a7fc..338e6a72a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Program.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
@@ -1,34 +1,30 @@
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Hosting;
+
+var builder = WebApplication.CreateBuilder(args);
 
-namespace Certify.Server.API
+builder.AddServiceDefaults();
+
+// Add services to the container.
+
+builder.Services.AddControllers();
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen();
+
+var app = builder.Build();
+
+app.MapDefaultEndpoints();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
 {
-    /// <summary>
-    /// API Server hosting
-    /// </summary>
-    public class Program
-    {
-        /// <summary>
-        /// Entry point for API host
-        /// </summary>
-        /// <param name="args"></param>
-        public static void Main(string[] args)
-        {
-
-            CreateHostBuilder(args).Build().Run();
-        }
-
-        /// <summary>
-        /// Build hosting for API
-        /// </summary>
-        /// <param name="args"></param>
-        /// <returns></returns>
-
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureWebHostDefaults(webBuilder =>
-                {
-                    webBuilder.UseStartup<Startup>();
-                });
-    }
+    app.UseSwagger();
+    app.UseSwaggerUI();
 }
+
+app.UseHttpsRedirection();
+
+app.UseAuthorization();
+
+app.MapControllers();
+
+app.Run();
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index 4529b8901..b542b9c09 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -14,7 +14,7 @@
         "CERTIFY_SERVER_HOST": "127.0.0.2",
         "CERTIFY_SERVER_PORT": "9695"
       },
-      "applicationUrl": "https://localhost:44361;http://localhost:44360"
+      "applicationUrl": "https://localhost:54361;http://localhost:54360"
     },
     "WSL": {
       "commandName": "WSL2",
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 60bc7053d..580f741e1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -44,7 +44,7 @@ public Startup(IConfiguration configuration)
         /// <param name="services"></param>
         public void ConfigureServices(IServiceCollection services)
         {
-
+            
             services
                 .AddTokenAuthentication(Configuration)
                 .AddAuthorization()
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 98a7f08a9..0b879d060 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -19,5 +19,6 @@
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
+    <ProjectReference Include="C:\Users\chris\source\repos\Certify.AspireContainers\Certify.AspireContainers.ServiceDefaults\Certify.AspireContainers.ServiceDefaults.csproj" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From 8df5464930377d73927c00eca7e3fdb5ea24dc88 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 16 Nov 2023 17:36:08 +0800
Subject: [PATCH 089/237] Fixes for build/untime errors

---
 .../Certify.Server.Api.Public.csproj                          | 1 -
 .../Controllers/v1/CertificateController.cs                   | 4 ++--
 .../Certify.Server.Api.Public/Properties/launchSettings.json  | 2 +-
 .../Certify.Service.Worker/Certify.Service.Worker.csproj      | 1 -
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 104053b36..9f25dd140 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -19,7 +19,6 @@
     <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
-    <ProjectReference Include="C:\Users\chris\source\repos\Certify.AspireContainers\Certify.AspireContainers.ServiceDefaults\Certify.AspireContainers.ServiceDefaults.csproj" />
   </ItemGroup>
 
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index c60ecc529..6254f9489 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -110,7 +110,7 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
         [HttpGet]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(ManagedCertificateSummaryResult))]
-        public async Task<IActionResult> GetManagedCertificates(string keyword, int? page = null, int? pageSize = null)
+        public async Task<IActionResult> GetManagedCertificates(string? keyword, int? page = null, int? pageSize = null)
         {
             var managedCertResult = await _client.GetManagedCertificateSearchResult(
                 new Models.ManagedCertificateFilter
@@ -153,7 +153,7 @@ public async Task<IActionResult> GetManagedCertificates(string keyword, int? pag
         [Route("summary")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Summary))]
-        public async Task<IActionResult> GetManagedCertificateSummary(string keyword)
+        public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
         {
 
             var summary = await _client.GetManagedCertificateSummary(
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index b542b9c09..4529b8901 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -14,7 +14,7 @@
         "CERTIFY_SERVER_HOST": "127.0.0.2",
         "CERTIFY_SERVER_PORT": "9695"
       },
-      "applicationUrl": "https://localhost:54361;http://localhost:54360"
+      "applicationUrl": "https://localhost:44361;http://localhost:44360"
     },
     "WSL": {
       "commandName": "WSL2",
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
index 0b879d060..98a7f08a9 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
@@ -19,6 +19,5 @@
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
-    <ProjectReference Include="C:\Users\chris\source\repos\Certify.AspireContainers\Certify.AspireContainers.ServiceDefaults\Certify.AspireContainers.ServiceDefaults.csproj" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From 68aa9a058f4a32c2fb74aaeadba7f164fe0d8024 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 16 Nov 2023 17:39:41 +0800
Subject: [PATCH 090/237] Cleanup app startup

Cleanup with implicit usings

Cleanup
---
 src/Certify.Models/Config/Migration.cs        |  2 -
 .../Controllers/internal/AccessController.cs  |  1 -
 .../CertificateAuthorityController.cs         |  6 +-
 .../internal/ChallengeProviderController.cs   |  6 +-
 .../internal/DeploymentTaskController.cs      |  6 +-
 .../Controllers/internal/PreviewController.cs |  6 +-
 .../internal/StoredCredentialController.cs    |  6 +-
 .../Controllers/internal/TargetController.cs  |  7 +--
 .../Controllers/v1/AuthController.cs          |  3 -
 .../Controllers/v1/CertificateController.cs   |  7 +--
 .../Controllers/v1/SystemController.cs        |  5 +-
 .../Controllers/v1/ValidationController.cs    |  6 +-
 .../Middleware/AuthenticationExtension.cs     |  5 +-
 .../Certify.Server.Api.Public/Program.cs      | 30 ++++------
 .../Services/JwtService.cs                    |  4 +-
 .../Certify.Server.Api.Public/Startup.cs      | 60 +++++++++----------
 .../Certify.Server.Api.Public/StatusHub.cs    |  4 +-
 .../CertifyManagerServerTypeTests.cs          | 16 ++---
 .../CertifyManagerTests.cs                    |  6 +-
 .../MigrationManagerTests.cs                  |  2 +-
 20 files changed, 65 insertions(+), 123 deletions(-)

diff --git a/src/Certify.Models/Config/Migration.cs b/src/Certify.Models/Config/Migration.cs
index 4f8243b19..4ac2d544f 100644
--- a/src/Certify.Models/Config/Migration.cs
+++ b/src/Certify.Models/Config/Migration.cs
@@ -1,7 +1,5 @@
 using System;
 using System.Collections.Generic;
-using Certify.Models;
-using Certify.Models.Config;
 
 namespace Certify.Models.Config.Migration
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
index eb8738c17..fd92b18e4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
@@ -1,6 +1,5 @@
 using Certify.Client;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
index a9b3b675a..733fb2204 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
@@ -1,11 +1,7 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
index d1b7cf026..0b17a5579 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
@@ -1,12 +1,8 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Certify.Models.Providers;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
index a5f8278dd..c9798e017 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
@@ -1,11 +1,7 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index 70ebed9fe..f035d576e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -1,12 +1,8 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Certify.Models;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
index 023b3d581..c22fe5c57 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
@@ -1,11 +1,7 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
index f3c8bc83d..0d469e433 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
@@ -1,13 +1,8 @@
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Certify.Models;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index 4e81051e7..c667da260 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -1,12 +1,9 @@
 using System.Net.Http.Headers;
-using System.Threading.Tasks;
 using Certify.Client;
 using Certify.Models.API;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 6254f9489..182f407c0 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -1,14 +1,9 @@
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Certify.Models.API;
 using Certify.Models.Reporting;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index c3e2eb018..efdef9c32 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,8 +1,5 @@
-using System;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
index 27df4e2b7..9f7212972 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
@@ -1,11 +1,7 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
index 240207755..990ee518f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
@@ -1,8 +1,5 @@
-using System;
-using System.Text;
+using System.Text;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
 
 namespace Certify.Server.Api.Public.Middleware
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Program.cs b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
index 338e6a72a..7ff00a0c1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Program.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
@@ -1,30 +1,22 @@
 
+using Certify.Server.API;
+
 var builder = WebApplication.CreateBuilder(args);
 
-builder.AddServiceDefaults();
+#if ASPIRE
+    builder.AddServiceDefaults();
+#endif
 
-// Add services to the container.
+var startup = new Startup(builder.Configuration);
 
-builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
-builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddSwaggerGen();
+startup.ConfigureServices(builder.Services);
 
 var app = builder.Build();
 
-app.MapDefaultEndpoints();
-
-// Configure the HTTP request pipeline.
-if (app.Environment.IsDevelopment())
-{
-    app.UseSwagger();
-    app.UseSwaggerUI();
-}
-
-app.UseHttpsRedirection();
-
-app.UseAuthorization();
+#if ASPIRE
+    app.MapDefaultEndpoints();
+#endif
 
-app.MapControllers();
+startup.Configure(app, builder.Environment);
 
 app.Run();
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
index f23c31550..529013fec 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
@@ -1,8 +1,6 @@
-using System;
-using System.Security.Claims;
+using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
-using Microsoft.Extensions.Configuration;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 580f741e1..0ef5e6eba 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,18 +1,9 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Reflection;
+using System.Reflection;
 using Certify.Server.Api.Public.Middleware;
 using Certify.Shared.Core.Management;
 using Certify.SharedUtils;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Hosting;
 using Microsoft.OpenApi.Models;
 
 namespace Certify.Server.API
@@ -44,7 +35,7 @@ public Startup(IConfiguration configuration)
         /// <param name="services"></param>
         public void ConfigureServices(IServiceCollection services)
         {
-            
+
             services
                 .AddTokenAuthentication(Configuration)
                 .AddAuthorization()
@@ -67,6 +58,9 @@ public void ConfigureServices(IServiceCollection services)
             });
 
 #if DEBUG
+
+            services.AddEndpointsApiExplorer();
+
             // Register the Swagger generator, defining 1 or more Swagger documents
             // https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio
             services.AddSwaggerGen(c =>
@@ -156,32 +150,20 @@ public void ConfigureServices(IServiceCollection services)
             services.AddSingleton(typeof(Certify.Client.ICertifyInternalApiClient), internalServiceClient);
         }
 
-        private StatusHubReporting _statusReporting;
-
-        private void InternalServiceClient_OnManagedCertificateUpdated(Models.ManagedCertificate obj)
-        {
-            System.Diagnostics.Debug.WriteLine("Public API: got ManagedCertUpdate msg to forward:" + obj.ToString());
-
-            _statusReporting.ReportManagedCertificateUpdated(obj);
-        }
-        private void InternalServiceClient_OnRequestProgressStateUpdated(Models.RequestProgressState obj)
-        {
-            System.Diagnostics.Debug.WriteLine("Public API: got Progress Message to forward:" + obj.ToString());
-            _statusReporting.ReportRequestProgress(obj);
-        }
-        private void InternalServiceClient_OnMessageFromService(string arg1, string arg2)
-        {
-            System.Diagnostics.Debug.WriteLine($"Public API: got message to forward: {arg1} {arg2}"); ;
-        }
-
         /// <summary>
         /// Configure the http request pipeline
         /// </summary>
         /// <param name="app"></param>
         /// <param name="env"></param>
-        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IHubContext<StatusHub> statusHubContext)
+        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
 
+            var statusHubContext = app.ApplicationServices.GetService(typeof(IHubContext<StatusHub>)) as IHubContext<StatusHub>;
+            if (statusHubContext == null)
+            {
+                throw new Exception("Status Hub not registered");
+            }
+
             // setup signalr message forwarding, message received from internal service will be resent to our connected clients via our own SignalR hub
             _statusReporting = new StatusHubReporting(statusHubContext);
 
@@ -225,5 +207,23 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IHubCont
             });
 #endif
         }
+
+        private StatusHubReporting _statusReporting;
+
+        private void InternalServiceClient_OnManagedCertificateUpdated(Models.ManagedCertificate obj)
+        {
+            System.Diagnostics.Debug.WriteLine("Public API: got ManagedCertUpdate msg to forward:" + obj.ToString());
+
+            _statusReporting.ReportManagedCertificateUpdated(obj);
+        }
+        private void InternalServiceClient_OnRequestProgressStateUpdated(Models.RequestProgressState obj)
+        {
+            System.Diagnostics.Debug.WriteLine("Public API: got Progress Message to forward:" + obj.ToString());
+            _statusReporting.ReportRequestProgress(obj);
+        }
+        private void InternalServiceClient_OnMessageFromService(string arg1, string arg2)
+        {
+            System.Diagnostics.Debug.WriteLine($"Public API: got message to forward: {arg1} {arg2}"); ;
+        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs b/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
index 9d8010613..2c2ad987a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
@@ -1,6 +1,4 @@
-using System;
-using System.Diagnostics;
-using System.Threading.Tasks;
+using System.Diagnostics;
 using Certify.Models;
 using Certify.Providers;
 using Microsoft.AspNetCore.SignalR;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
index 74b62fe62..cfa981f6b 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
@@ -8,7 +8,7 @@
 namespace Certify.Core.Tests
 {
     [TestClass]
-    public class CertifyManagerServerTypeTests : IntegrationTestBase, IDisposable 
+    public class CertifyManagerServerTypeTests : IntegrationTestBase, IDisposable
     {
         private readonly CertifyManager _certifyManager;
         private readonly ServerProviderIIS _iisManager;
@@ -160,7 +160,7 @@ public async Task TestCertifyManagerGetDomainOptionsFromSiteNoDomain()
             var noDomainSite = await _iisManager.CreateSite(noDomainSiteName, "", _primaryWebRoot, "DefaultAppPool", port: 81);
             Assert.IsTrue(await _iisManager.SiteExists(_testSiteName), "Expected no domain site to be created");
             var noDomainSiteId = noDomainSite.Id.ToString();
-            
+
             // Request website Domain Options using Item ID
             var siteDomainOptions = await _certifyManager.GetDomainOptionsFromSite(StandardServerTypes.IIS, noDomainSiteId);
 
@@ -206,13 +206,13 @@ public async Task TestCertifyManagerIsServerTypeAvailable()
 
             // Evaluate returns from CertifyManager.IsServerTypeAvailable()
             Assert.IsTrue(isIisAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one IIS site is active");
-            
+
             Assert.IsTrue(isNginxAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one Nginx site is active");
-            
+
             Assert.IsFalse(isApacheAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be false when Apache plugin does not exist");
             // TODO: Support for Apache via plugin must be added to enable the next assert
             //Assert.IsTrue(isApacheAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be true when at least one Apache site is active");
-            
+
             Assert.IsFalse(isOtherAvailable, "Expected return from CertifyManager.IsServerTypeAvailable() to be false for StandardServerTypes.Other");
         }
 
@@ -230,14 +230,14 @@ public async Task TestCertifyManagerGetServerTypeVersion()
             // Evaluate returns from CertifyManager.GetServerTypeVersion()
             Assert.AreNotEqual(unknownVersion, iisServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one IIS site is active");
             Assert.IsTrue(iisServerVersion.Major > 0);
-            
+
             Assert.AreNotEqual(unknownVersion, nginxServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one Nginx site is active");
             Assert.IsTrue(nginxServerVersion.Major > 0);
-            
+
             Assert.AreEqual(unknownVersion, apacheServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be unknown when Apache plugin does not exist");
             // TODO: Support for Apache via plugin must be added to enable the next assert
             //Assert.AreNotEqual(unknownVersion, isApacheAvailable, "Expected return from CertifyManager.GetServerTypeVersion() to be known when at least one Apache site is active");
-            
+
             Assert.AreEqual(unknownVersion, otherServerVersion, "Expected return from CertifyManager.GetServerTypeVersion() to be unknown for StandardServerTypes.Other");
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
index 405da925e..9f3f4c649 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
@@ -1,8 +1,8 @@
 using System;
 using System.Threading.Tasks;
-using Certify.Models.Config.Migration;
 using Certify.Management;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 using Certify.Service;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
@@ -128,7 +128,7 @@ public async Task TestCertifyManagerReportProgress()
             // Execute CertifyManager.ReportProgress() with new Warning state
             _certifyManager.ReportProgress(progressIndicator, new RequestProgressState(RequestState.Warning, "Warning message", dummyManagedCert), logThisEvent: true);
             await Task.Delay(100);
-            
+
             // Validate events from CertifyManager.ReportProgress()
             Assert.IsTrue(progressChanged, "Expected progressChanged to be true after CertifyManager.ReportProgress() completed");
             Assert.AreEqual(RequestState.Warning, progressNewState, "Expected progressNewState to be changed to RequestState.Warning");
@@ -159,7 +159,7 @@ public async Task TestCertifyManagerPerformExportAndImport()
             // Setup export test data
             var exportReq = new ExportRequest
             {
-                Filter = new ManagedCertificateFilter { }, 
+                Filter = new ManagedCertificateFilter { },
                 Settings = new ExportSettings { ExportAllStoredCredentials = true, EncryptionSecret = "secret" },
                 IsPreviewMode = false,
             };
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
index a7d1daed5..f31e480c2 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
@@ -1,10 +1,10 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Certify.Models.Config.Migration;
 using Certify.Core.Management;
 using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 using Certify.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 

From 497d5fb431b8ed26a15f94781f7f52fbc9f17326 Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Thu, 30 Nov 2023 14:56:23 -0800
Subject: [PATCH 091/237] Fixing file paths for tests running in Linux
 containers/envs

Fix loading Credential Manager in Linux containers/envs

Fix loading Env strings on Linux containers/envs

Fix when there is no existing ACME accounts in a container/env

Initial implementation for managing certs on different OSs

Changes for testing error message for bad Cert Store name on various OSs

Improve error logging for Binding Match tests

Changes for getting debug info on non-Windows systems

Changes for making Linux and Windows Docker Images of Core Unit Tests

Only the .NET 8.0 images are currently working as they should, there are some issues with the .NET 4.6.2 images for Windows and Linux

Fix to generating debug info for non-Windows OSs

Create common utility method to get Environment values in Account Tests

Remove unneeded changes to Certify.Core.Tests.Unit.csproj

Improve path strings for multiple OSs using Path.Combine()

Changes to Linux Dockerfiles for Certify.Core.Tests.Unit

Changes to enable using Step CA for CertifyManagerAccount unit tests

Fix to BindingMatchTests for bad file path

Windows docker changes

More Windows Docker changes

Fixes to compose files

Documents for running the Certify Core Unit Tests in Docker

Fix to formatting of Certify Core Unit Test Docker.md

Cleanup linux_compose.yaml
---
 Directory.Build.props                         |   4 +
 ...ntainer_Debug_Attach_To_Process_Window.png | Bin 0 -> 32123 bytes
 ...ontainer_Debug_Select_Code_Type_Window.png | Bin 0 -> 9962 bytes
 .../AcmeDns/AcmeDns/Plugin.DNS.AcmeDns.csproj |   1 -
 .../DNS/Aliyun/Plugin.DNS.Aliyun.csproj       |   1 -
 .../Cloudflare/Plugin.DNS.Cloudflare.csproj   |   2 +-
 .../DNS/MSDNS/Plugin.DNS.MSDNS.csproj         |   2 +-
 .../Plugin.DNS.SimpleDNSPlus.csproj           |   2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj |   1 -
 .../Management/CertificateManager.cs          | 107 ++++-
 .../Certify.Core.Tests.Unit/.dockerignore     |  32 ++
 .../BindingMatchTests.cs                      | 301 +++++++-------
 .../Certify.Core.Tests.Unit.csproj            |   6 +-
 .../CertifyManagerAccountTests.cs             | 366 ++++++++++++++++--
 .../Certify.Core.Tests.Unit/Docker.md         | 169 ++++++++
 .../GetDnsProviderTests.cs                    |  12 +-
 .../Certify.Core.Tests.Unit/LoggyTests.cs     |  22 +-
 ...rtify-core-tests-unit-4_6_2-win.dockerfile |  29 ++
 ...rtify-core-tests-unit-8_0-linux.dockerfile |  28 ++
 ...certify-core-tests-unit-8_0-win.dockerfile |  31 ++
 .../linux_compose.yaml                        |  37 ++
 .../step-ca-win-init.bat                      |  23 ++
 .../step-ca-win.dockerfile                    |  21 +
 .../windows_compose.yaml                      |  57 +++
 24 files changed, 1029 insertions(+), 225 deletions(-)
 create mode 100644 docs/images/VS_Container_Debug_Attach_To_Process_Window.png
 create mode 100644 docs/images/VS_Container_Debug_Select_Code_Type_Window.png
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/.dockerignore
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml

diff --git a/Directory.Build.props b/Directory.Build.props
index ea837cc5d..8c52450e0 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -11,4 +11,8 @@
     <DebugSymbols>true</DebugSymbols>
     <DebugType>full</DebugType>
   </PropertyGroup>
+  <PropertyGroup>
+	<Configuration Condition="'$(OS)|$(Configuration)' == 'UNIX|Debug'"></Configuration>
+	<DebugType>portable</DebugType>
+  </PropertyGroup>
 </Project>
diff --git a/docs/images/VS_Container_Debug_Attach_To_Process_Window.png b/docs/images/VS_Container_Debug_Attach_To_Process_Window.png
new file mode 100644
index 0000000000000000000000000000000000000000..c2ff170017401d9693cdbc7408ecf76451f09ad6
GIT binary patch
literal 32123
zcmdqIcUV*3_bv!Z5fM=Vk*=sgdhbnCIsv42r1##WBZ#Q<4xvg3y>|jZMS3T62%vNV
zp|^xG2fv?Row;}Joq6V;;dyvY_DRk;d+)RNTJL(-yS}I@%aYutzKw%}Ln1HtMhyq&
zCKw0j#@ky2z?sx{2Je9buA7?dE1dE{+6|zAXC(!e!ojJECO$X82iio=a=LCfI1k*f
z|8eIn8GtMN@5#TB(s*yQeL?C@JL$i8cKL!ij;)K4{cSZH_PM~V7;e02?uE}}AE>Rw
z$YSuS=I;qV5sP=BkNtH+zD@Um8bJWGy<yEfncM#(9ns?8*JsNSKYsOq7U@H##daC~
znE&}4L#ezTc+d34V{;2}jM-a0>w#Ey-3Rj*$mVfFq@l+Ma-E==W?@KJ+7pQ}Zcz0I
z^l;KF!;G+23=#u<#(6y9feyU>@bXSD==!+(*!l)=xQEKR+|aeL#RSb^qV(-2>;2OV
zV4edcWo!)R!>#+{ZP;Q|Uw*s9VK{@kf2b~(HD;JFEw5td?W8un$dxPS>xQTO_S>00
zw*4fy*SA}nw#rHjJfX>oxx!+H`m!!}0yzS$ZbVC-jWWQ#C9X(b6kLG=)*3|3ZZd%p
zCReB{OqPLyNsAQX1bz}RR#p<vdAWAAr8dg9`?(j*NodGG67cnCdq<32(q~0e*z2;w
z9F=73Qgl6pKj-0rd-sKRrx)VKOSJm}PZs=@Bu;;jYT1Jkvi;4MzXR#}iPC=t$%kzS
zb?g#=3zSLv+OS@2Ha83Oic_1eE-lX{+xA(<1g?AT?Q<T8RoUNm3e=xb+SMqkzFDA#
zr_@WsXG4OJ#9CeT6DTu<UC!l0?Gg{K!Wd?<5Db@hVO(Gvhqvx2$6-G~?k;umBJ+eh
zt+JWkmJ?BA0&B#{44$FyPhblUHw%uBujV~}yIw_KEtz+U<^D*#jJiv_acH7fTV&!s
z=d7O##wVHsx}mypxvX-jBXN+b(l=t(<=~+HJe)u||5l2I>2O}CcbSRL0(PFW?Gh!r
zLTvp0C&~TUU+m{sBV8CbO#6b#Nn(Xx2f-baMKXbSgz{R&W!Ke?)LHn|0jC3mL;Gg(
z3p$ko-zzL?O9+W1on2g};vI4}x;hJI+P8%l9AvhNrRg1OUv5?`BeE_d{7|!Gp0Ge{
zgJ=F~QQsKUuNf_(6d2ZCt4`f$^NtF7vAu9fDGG<8L_#;3#SGULFxv~t`8H*g*Td+M
zIJi2i^}9TXp5ob2NO;6&Goa>P;I|)7x{AjmK~4Lyj#*DM@A7izYJQOEj#kcP!PS{6
z%SCeFnQ`w)+g0G~f&_KCbtT#8qH-v|$TZ(O#L-B$+|9fgfpOxH<m+VvF-(prk1ww&
z_dTwRAqW*2a`xrFh1g3IlzfNCt&_hx&$@~uxko&m40Pwa>*!hvx@?yks#+^=R9iG}
z`iuaqS3^#MS8H6dvi}ViAt{cvFBXut3rkWnP=)638-)4{`OYr|bc7G;i;^tXA{L^>
z_Pt@G{3(b<B}6BOm<_@@lMn|dNI}pQQ+j?rbk%|?F_<3WvXETTD4oidx09+peol>N
zUBLgsgguJj)d+RQ)@7EPsAfoTB~(5udUTPs2xR?)`cCM9n%>iVTzR=k{j_6t867h6
zQIBztiFZuCI_t()s6cjE4A#K7{P*uGUQK<9QOgKDyZkzBU{Eig`|j^t4#ERk;-0r2
zek1>&Za<vIui&yxQMXv(G^S4d!rHB2_c`gvC7tMugY!3jX6mtz{9x+Cbriha($!>J
z@d;lFVxv|-G0V=UE!9e>;_56A<4=>#_K83iL#rk<v`bamXfnf05>)%e$kXTWIR$1b
zaY9TwjeRp*z?}x@LXd*z=`KTe)@4stBfOVaQj+tk{c3l|?FLl!k<bM;@aoEwIaK#3
zSKBDVtL=K1WwY2U*4mD<Ols?W8REM>^Rn)R_V>J75a1)u_mFI&>!aBJlcw4D+}vCX
zmgM>d-LJr8*T?tw{yrm!Q0o7yW>;}jQ<L`zjgCMC98+x2>Z3XDgJMs<Hmz)f9+QSl
z4M@+lIoCdRj(j0JaN(_mtILy>i=Du>IlqGej%#<Klb&_H%(UOnJJjvFfHg{1qlK(}
zW3(nA!@cgaf_z_czID%=VLYILLyrfzDjb|essGx1yP9pI73HY=)NZ2DvF~lX+BeJS
z-XwngW$TXeMFlslV}rm}1BMNHA=haV)}+A$T-`%^Mh*t=m*op?T7&2&qyE7A+<hXj
zt|&WD9N|~J=+TO+pB#O$gp6mq-|xp)<9(f%-Qx><7<dl6^2B04sd$oC0=@Z}!l`L)
zNbXp-T*uRDnnbj9j7Ed@;7~?#t4Dd@NcCzo;~Zx+xRu!nUWEM2CtfRYON1qqd1{Ax
zGp5LF)_gXKaOI17tOrc&IoW=~oya`m&Ex{m@?|GMtOs_vM=&eFA2k=GU~x0~h{v0&
z|0W{i9+j@f!)2<|#P<viq5{w9Uc-`v7J-SW%Tba-l+q&IUQ(+J${U9(s)4wsX|@UX
z>%mcAanOmROD{Q$wS6V_No<rr)e7d5OjDpKizabyJA~d>$=p>$DfZo=LUh8b<dyF7
zusoY(FgLdegvjz(8e7sSGVN6<Prq4~oeivb@~r~Niz2@r-vu}SCij#mb=wsph~-ev
z?)!q;vm4L!$r2r#Co_saxbpMK!qnUA^NQ{K+9M*oJ=3aQrw-u3WIZHAEmS*KzRSd0
zQf6xMYK&n*tJea@I3&eM&Bm0R(pa0%BB99*ivsyjLz9U*`K}8Ux#Cw{6Cd-^qAavt
zSqQN9m1VmQT>ZqQI+$6yQIoA@K9otwX!EV~vD_s1)3ZXI+n@OB%aWlQF@o&zD*Qb@
zqCU0t9TyVSOm*c{1Ko_MqwlfI$?MPT11;5mltSn-I`101yE34U{Z>GqKnKTRcDZ75
zh=(@x0PjSsc0LbA<nG_TH_HE|WBaMoyaj$eu!%AKLqm#zfo*<EGz-qmHV|mL!k!`2
ze#I`c!RECyp+pi9xc~wG+xqGGj&`0V-UpS|l`ci>k36f@J4tDYg7H~xQU=|0W;mO@
zGs!pVc*lZla_=-4-x&o@PL4AATYglYeir6&9<j+)mvW>&eXzjl>nmd6{7igey*u0e
zcq=iRKRea9qMN&cO}Mg)oz*7o9dQRL1afcI-hPui)tZ=in)+U8^0%lWjhgC+nFpdR
z;5P+zH{Fe1kKPx+r@b$nz>*;OoGg+_3B%nJ!H^>rqsN3w%XFnsv`iuTHZ$Q6Pe-cU
zoiMn$#q9m(2c7Q0t<=Y+u3`GeA^T&mTQ`CO&1qCpvbTuR%HtX&bBnTd(Z4R@Y(ds`
zUA12pr;WS|ZJwn}xTj*fn%ds>rx5vJjXN9=0>YM_=n#_{#fD*rt~oLHDY7uegU|ch
zxnc*78APU85Wc3HI5@@Qk%IFt!tT<=Nn&y(dvB#5Hb6Hj(;S<7@{^R$f}wkgJznls
zR!ZM^)W|d&w0%UnR@7{7klAm!-PE7yPl@M=|4Q-T)3kRpgsv=cTG(3aNB{7+&k^~4
z<!H_X=Z7dkp}5<-G9Xe#A!5-sGmfCI9Kh`9Va(BfkDSZ+PG)%mcl%ZIK;}pZ;nQql
zJp=ZhA0G)#KY8NgYO<(04>3&7kd~EM`@YIl;4gtm?tnas-bvrggB~42rCyuetIW%^
z`f3sUnZAK%)-$Ed^+Qtm<VCc+kTnt>Vwtiudnp&$JFQMO>Qeby`{$voZI^pG)66-i
z>@NNz_=-N!EV-<4jEUWs+J`J(tQb}@yhujhw^@k;K0@<7c6K52zL4}y5S`XtV9RaR
zD`25gUo=YDVwHu9_<2l{)kA92^~@K3%j>K2`POQKW*b0w;x#<H8v%NWEnvldg4ZK6
z8Kz<u&Df{-sNoPEQ#(-uO8uj19Lmyke%#Rz4v5aA<&C7C*nIy?=5dYP(samrOufU5
z(~ZZ-z<L6ut`SOh>+Nw48vA9wp+3jkx*RjLgIbu4fULMKwATiHkKj(V9U(5@&%P2U
zuiQ=1NVSD*2CrI+)?_ZFinGYpwUrxDKYyT+dN}_BKl6j$=QJzj1AfZyD|y%ivx|u4
zvTeq8+2!s^IqZaWHy=m)+8jnYi%@X}N^z#7K1ItmI;Oyr<s@?WvE<Ad|I(eetPq>O
z^edi+F;?%PV8!WP{I4;+sdp<+Y<yo><5K2rxPeJ~UU!gBIJi}ZJ@fPWvGO!*l%E^E
zo$QfQH8WiPn#aUg<J$$9Yw_fprQhMK=^oh31ZJ`#rDct_^>8x!1g4ql8!R>HPiJ-v
z18|{CD@B!5*(6^bY%g#3i0Zqo*}2{VR_hl6`7lz3dPCuxAWitH_sqwB3F2i)l1+oG
zc?pS_ULL1NzeEGVN{#YqN&)Ruicx0dloF2DWgef*XvoWQ=@}72L_<Wka-!*l>1qXd
zhnmo$vWf{czM7V|H%i~Y=AXo3pfxH`MjmUaJ;@N)S+rgw_+$1Er1Wk6Zo^RB$054Z
z8&~mYiWSe9IY`1H#h7K|1zMGhv!-(Fl(=nX4j&Y&{gu$>B(1T3d{qZy5P!zG=M7@0
zF?uSsn1ibA`)FRY>g|}Z)UZ(cr97SJ<<A-R?X35vjE1v`whz2oO9Km;;mk|*W@z2#
z4R^LZztm2Lo+f80orLviBfDmOmbuBS%Nq_d6QIF%klWp&B*O+Z@&NXwafF{)&L+<O
z0}T}4)%r$8)Jhw7lsgTf5=kf(&ms#q4^*xWRa}R}Pa5GYE@z*`-UWXqQ$goGHrhK}
zVGyWcxx(rImNqXl0Aq93l!X<Z)K1?Y=X;VYaM1T27q57x+21wCOm2cxhc$G?({sqj
zyKv+2HDY*iTM7~9yzphzGT^uVzAD*aYIcqh^@ryc#&*gQxHv(KBVwc!-&oSt0PvOl
z2WVUair$E9B8uP5sPg!0EK+`bPDhO0*jCuB$~rUb>+WVrMQ?w9M9U=x^$%vDacX(H
zi9)R;={veGcRcwUOX841uJ4NTzX-Q>dtEd>PEYGn(a^+C8u<?71DCSRg9VY#1_lPy
zw6)jNf_~oT`^M<Ep=cZz9eBP}?YXUYjjSr)YnL0uN?sjECad`UA>(*H5A?>QYn*hu
z?Px-ugJN7+($;s@p`nLFaBflU>+9i<Uw6X-Ps8?i+eu*(K>tR)4@YEIyaLv|42(HQ
zQZjwf!c9w2qFW?$sPZMEB)#k(J3v6W(m`pQ0Na84zWqQZdkw#|_}Fz808Hn)mf`h)
zYy94TB1v!^Lho0{Vj=MD_pis-(*)tSGhncdBmmEBxpMc?@(uKku-k1(S;N?6!3v=e
zaTfgv``BCxSTJzOi)2(q+x*3=vXK_UEjQa0Vu<~{>bD$6{XKK(sHiXLG#>5A$U=A7
zki6zr*8p_O7W;I#X7#GEmSR&Wiy(qCP1_;ql4>&0vY}M3PC?57oy<iPp3oY7aDO#q
zLx7Xd<jE38UWx}hWz@iaNv#<os!e~e(Fo_|3XA$MAFJ#MZA@pp+vwz<xCA1lV;Ss+
zYSE{#+|WGCg{#SB@K(hnJ+D1B$UP%7`HUFb0n#ij-G0$+3T1zFEMeq44Iw2P6?E7)
zxvb^$*x8S$So)ftIb<~_W?qU?>zfgzO<U3C?plpFbQ1V6&K%1DytqR9{{dL41N{S*
zRR3pSNnafROMh0K)L@7MV#Log4=*R~4abb9ee<q|g;uTZ=P4GE5RZ~&XbeTZE;Y@Z
z3R`q4bE-8uMnFHtA(76|j7QiZY+1xjfuPwlrAnjZ@bJr>NH)zczC|wf9I$G-w4>^)
zV50J<9p?)i)rgwvH4MrDQB&!=*liKpC%gOs#c=OJ_fdv1H=^v$U#JsO>L%%y8hqKA
z4eAw`g}v7SdCA<kNrJ;shu^O3*?aoosT7yVa}tF2T}7<4;7~kctLG<bE{BBQ$Kg`V
z8yG#kyrGC;=CtL?sI0ei(1$evECHA7{*D16_LYKW0r50ZsfQB07OU0KJ(WbCU%AXS
zI(~2{!bg{v+8tMm+V`2J&3xQ2AxmCF@1c=th8Rz(7+^lQ+O|LbMp|4*irc$gQNbd{
zS`q~^_5>n(ty*&qBFfYB7p5G#lbXtZcs{B^SXQXd)e@mHp3Z5P3+66dprh@g$fGD5
zwjLchj6Qk&Ac1qJyXXVQ^!)@ew|*tCoZGXwLgR&JW<>c@yfC*De_INVh3OAxj_MDh
zz)=G)pLBtOI?gs!0$Bi(;sn@RbkL>JJ12c+>Q23BP6Wt!tkQ-rQo?(GfJr(q$Gw-5
zFVZ;f*Gmsi84#FTQu99}8l3+?G`G3_BAS_pWugBa(G0z|3$iDPowy_I5O-YWc;P;s
zc2`jd+uSN{d8s@qU}?7z-*n)cF97!~3oRs|+Du9Ep53xAikf{D&V0ysM?TC!z^oa;
z7^a4w3*bhv-<^`|hNHB66+|F+y_NUoQ=u1S)mQJ5@1!eGW)7xP$CQW2gLC~*<Luy>
zQUyc-*4)&$)|s+=)}@93?(n(SVDg>l1E@HH6$vf~;e#o2BUU5G*z%pB--Vmn+1nI5
zn|%lLq&v#I(tV}_f0Bdic5QE0yXu_`{Ha5KUS3O8=NU<dA4u}@Jlh)=B6d(G?*aic
zx{@6@>+kRHy7xyqISy(g5)qBa8S5qE8+S-N28Zy(>0VUhiLB(6^|%;5A8)p<Y0mgF
zv6DkPzdTB;^<!4&F7HzwzKQ3AH4Gvnmb`jg)uB`f2Zqmc;|@tt+2UXmJukV*@66hb
zB2NoIm^@iUITx>iRun}OjbWSdT}!@=FQxjU0?Te;k~TA+WNhfC&=pU<&@ff#h1x^E
z+jzx%!w!~?Bv@5xZNd3$U~iNggZHD<;nbh-Tn@&!(^Gh!eC!$c7v#$YAtawt^L8*i
z1&|(Wo;Iy&`d3wIQQ;BcqT5oWU@yb@4~A}rixCD3JY|eN!hH&G1<PvMIo7<QC)n=H
zevsdj*#u6dEY~le)u9lm$n-3NIYcyf=mr(YS*ZBJ<7o6nY<6$n$z6`!J7cfr#6m#c
z_c?<4<WHEpFoy7FOD6Hs`dABfw~gv9((d~WThqC%8+t`~4*m6}nKqlQq=vBa)7jA|
zi7+mcov%ZO3~^tg>KB#a{_n*Ml#6!wy6j)i_bFx`f844Lt)04IG$&+%?EIXvGNqU0
zY)nJN|3<euO)MYsrlTyd*d~#Hif(kG_#&RCOe*wDQ*}#i_wx7D^3)-18qULQfMoQQ
zStKV(ai8kl1EMU63nfHm4To?Dm6faP@JFX*Deuj1Mq~=iWU6I>auAtds6SKx_#RPO
zln`Ke3c$a%YF?Hzr+WInsh|0tD~-u%-*OYdhz*(I9VFbOLG;z!PXkEgtb|TEpL^YP
za{2{!n@RVli_}VuC(iYcdrX8M(|82<a>$#Rg5!0Mdmb;2S?t6fyB~-(7&XnV&nB@H
z;4iFxn1f0kq4MQTM=6WoV7sS2`GQrTpStf_)mDmA1B4R}X@8m4n|!cAofyY#z%5gE
z=ZuWsrxV!NM~%H%4?&}?n5Tb2%W!X7BWl)bo>19?-!ymTH_Rrh9GTX*X+JWzzWSKH
znbH5^7G<OvFMSuZYPgChn>^<OqW4aU#wstktG;RZj%7N%;Jewo-l}#Bb=4dD2}*NU
zDIY^7wneQ!J&`{P23fTEliMgf^dAJ7=^SF^KwNTLCnUVp$;r0O(4~At`|?;gm3^?2
zQKrS}VS&Y<afsk#AY27A7>4+zRDoNde|%QP7(e>r==bhNhkhL`us9;mDRp%6L|{sE
zXhU?Y%+;@1<yjp46_?j;C+n=n3(xmSfOo94c}V~PmKn9}l@Hk73uT_QE!PZ7-w`O>
z+LlWZ*w0A$ga%E%VYQo?a`}_uFlJ@*(}8*OsM~w%YGR28$^DGPF{8fErYWXY*=O>y
zw%b#*T*A!tN1BSj@FPV^qq;!TcR6oDb)yDwx}chiz_jr3$zjgdB%NT1lw2mvWjy%X
z0Odp>XRHo)+pjbzO?~`gp5gL0LvK5&<Q66=8Sb$?7S$p4@ooZP7YK)ZZA6wKap5du
z!NtGnFw*yA-nRl(@(|N9`ot!^H$dHpPuw?s%fx~4sT9fh%2U#AOxPRxzSKd%w#~ha
z9Y5K5fSGTC|4eLv5=nQTL&pYxC=2T@;i^lIfE0hfKGu=3GH-yvvd~(muYu)F5o|{G
zvTO>}C377^1h0MblqVcG5G%BKC9QJ_fiCh7Ak8qhO(EmianANPzMGC)g2`@6fyq=K
zU}!(XkzZdivycFt#_5avKXHK+Qf+hoE4>tx0Pm_wtp^`={WJu?F{?JWk24xyTUMm+
z72c|;so@b209CXeLlgllsv|~{0!d5DFXuQj{KeU_8$9QOD%&sjYVFI<PO@I~+n(WX
zIv5l+RQUaua;(g0-Rq>;pK}|U&fWmVUf_=}Se!M%W%E4`iS$}v7o2krp-~h1n?Wgk
zPc0;l-Kudt+SE+VDtK=|%y(+o>Qm=GerkFHB>fLV*K+Hc3jE(>G?TcjA&Fi36WtL0
zay#$2JdMKXu6zq{xR_BDYf5&^5&d>~x?kbM1;BL%QJC0BIF^L|iOfp$RR+i}MUm~j
zzN|Qv(2G7>jpj))MiggMZ^5R4ntY<~W$5V9H1mUj=;xX?Sb%N7k*mk!2iNSMqDzD1
z$2Aqc*Qz0zP?Jqr*Ij;)C}|B5XKgp$Nf0m&GEcM0PeXe|H@oXU9bt@?L_^|I%b$;b
z>J#kmPO)mB5>1#^s`TY6^q@+p=(7@p@WGq~cbq+?%Zy+6UPjNZ6s(z8s|(L64GuW*
zwYHqsGm{(c<azWNWR0CuPIaQu4;%XDJjPtC7$$#@tl-H25Kn1m))nmpbR@g>;kejN
zZz3yNyS&bBl0dQ+r$vAHbiLpi{JECuXJvj0#Gc??MVLeL%I&EPCJSXkTW1s5?f9h1
z-3%eN(eu7LcB%7BmJ~|gtKWW_<%BGZ)b&tH=1S@)|3*<J!X)fuW`b?(cc`gs5NEJ6
z<cV-oA(quj*JU=LmJaUG2T9&OaauxT5uc={IW<Ok!b4n*g~TfS?=_tFA8~jFVxxeV
z52sYAXev)G{4V670j~afMx4qTc}_;k?^LOe70wx4O759ii4}IPa>O%ODA|O?H*boX
z08b4j$CmpxH3xic`cR835*D`t6?Qwrp8`$aS?^^?IHnS{e;o`F!x*YkG^$8gA;b|0
z=7HC5?L&)c5`IFPw-Hjnrp-xJMh#q=q)?Eao<>GSPGBhGTr~#}A#0gQvh-Q}d%aKh
z-Ldr_^%`|k17<F2S-jIst+_1ig5CW&d)Lrz8^HZuQs@R#N{#gtNFV`+3h))&_?uk-
zUm=B#l~c7CWuP)xq$&(;^tM%v`+@H)ydkloBbn={59{8&FU-R>3TLP0@i+W5)O-{!
zL7G$x&R2yxB=o88A7LlL{TDtWAEs?;mwQ|XhF@#>7Hn(*OctIMUjSYtm-yah+0ZSZ
zf6p-%zRra`SMWS&dWC<GFyyGjIV58b3ZfBbK6&#GRglXG`pnXS>F94mtM7045?JhJ
zs#x)}!&K0zGuuh|PIPyY6R#g0CB~(9+_Sb^Q~h?W$yWg_KhBrv`*+^*)i13eF)uDk
zqZAjZ=z#uY=M^udf_@<^tyBV)kKcw~Z&eMxVCeHTI9dL{U=&m9r|X}+%+L0w2aZ7y
z=>sv~i1UK?zvNJHNdIZ-BxTFDsU%=t+U3mxF^PM{G^4B)@-sfbjkC)>PcdloP7uG!
zvD#V}qpS&NvW#}DVt7C9A9t2934|`5gbX1WKzR5M{cgFko+Kxcw_nizFY=uyI%~a3
zD_@}{I!-zomM==+cF?bLxDXR<HS69~<o33K%B_mAPp{hVjo3hVxA35Q;`=gP*YN;@
zq~FwPX_N2YtpL3%%6C#;U9A;m&Zw5ZYkUVYv{U9~mZ0D>-(1>xlO}{rEuV|2Q@nlK
zwW>l|Z|0hFt#+*8<zZgp@#FA6PRmG50Mkr-8QV@ga9gu*%5STf%RChX5&>MKN?uCK
zb2-(Ihr(ZdIeDwNAZ^1iuf9T=Tk5aP-t{*2(8>0E)MAqI5gk>+V0}_P((^)eirJOt
zoTjl+%5rPr<(Jz+(hiF356k^#HPG8-yLMptl_t)Ti*vP2J2`fvr4JOA`20h5vGDLP
z3&i4Q;T7#q({AmI+xj6+{AII`(?C{g{FEZ4d%GsF8sD6>f=5bL*hKy<#5Fbj$>+vB
zrJu-fSQg(Z9_hL$SN8CuZOkRu;=DDwxBFdzb$@LhhjH8<nC2IG=nYM*V9>e7d>sKr
z_G<aw_g?i>DTGDYx6d}K@9a2!g6_G14f;Da&*zs(J172v@VMsbc<#2X;)8xmizY#m
zBgZtVhj%|4HY`RNc%3B4>AgVV6`?@w59Zu&e{z`8<BTjK-mz%nn}2cSdAOb-ae}pO
zK2sT$n00mUd@e#Xn>8Kr7*(F5Y(~gY8F-ytIK6>C_Uj_677T%_6IdABwddP#ykWTD
z+;WIS{yB~n+~MKyft#_LEReUf5|i+nP8wQNgbXtIE;M<E)v(%L@N}$&%Kqe0biHGF
z)fyeu{mv?_M|hSj)oRYKIw^JBc-XVPR(|aicRIdm$UT5~S=KYq+}PrhohdqbKC`gV
zf`(X`vN&l;w6<}Z{WL|3!lUeMes9gGf0OyzV#1cmh((cKaz<Ar{+h{~3CTU~5ItDu
zO;%NW0`RK&9ILBRnsEA7!ro2UIiikp6DQiF<4U4m^0D*jHEK`X1Ej!m!{)1%O6WT(
zv_92SFWR>$4c)>^0os19z9Cjv^m~Kj5>M0b6!{&u&^pyayrRuKxXT>Uou|Ej!^6%n
zyw*dxH)4<__j~fdR*j;A<McF^tu?Z%pU8I@TC%)7WG(Y9Nwi5`4SdUfJ4JxukvJnE
zwF&_O!r^u$Gy+2j|E1^Si8OM+BFI;~5Z}AUGOPDjW@Wus4Ktd)M;h}qEycTUk=L|-
zdo?NUNcZQ&aK?0klfA9w)^pApzOHu}_6`fr;*Uw?td=0F7JX|vgKATroAAli44S8*
z(V_cK^;hA&=lW54FBmlEst;0?HJA2UQ?}XpDwa-@5^E)2i}+PdLey4u&jXCA-JA&)
zD(yRH1E>8^S@Y37foc5jBMG%qZr_3Q_nfA{LMpthJ2F%au*SY#iaUN=wEf;jPbAZ}
z&K{>2=YjGZD-PY8$si@qH{`8V#afseaq^WJ=RIZ<ygYn2-$0p$I(=ZI6ArhOEsN?0
ztNJBo*R(*sSq>s>zq7An=6@*q_3pgdlUkHQ%B9?PiUX#W_aI6efB?Vs;fa-C7d6sp
z6y5N%O#cM0`LcMDG%?h-xTp+i2d57x`1d`U5{<K1Z6hJLMbi4C(pgBRV`su0)2omB
z!bvq0)frkDTjC544Zb$om0(#moP=$E_$kHgxR3kzS+SZ+Qlw9QyWKRA@O-G6ZCY4}
z<;t!kP=6n(JcL<0Xs{WZ<EPg#Dc(wj4j#6T%~1HD+Kt3=>O?yp2_m80^5V7K9_r{f
z0=CMTzv*1`*J17){*3y!i!AYSd3dHd^z~~O@Lo1wZ6UeoWEnKZMfH8RLOBZVr69%f
z4QiRCHlJX_UEjwma>~KIlMO|6h!mXX5*6h4e=>J)7ydkpkb(9k4f*9ftjVy{?dr!X
zg0<*;=V4grSoO#^wo|Z?ANrwLo&*?++Zy6h@dA-?KjiBCzx^!Ulv8KrZPS?UNI&&$
z5Bp{KK{7x$E$?E=TbMakluNoyU#ToqJeDpdgD`kz?=g5*j3MS`hd~g)+TVNthrK(t
zcEWIEJ7J~M_%{p(jZ$kli-#}esf1nShc=JVI)#oq-c8o!aVBJieEu%43hr1gXbScT
z7hlY;P(H@Qw6YgYjh$1(c^#K$R`h&}b>B*`_05f&K>D78UUXn6Ae8eKNq-(`{P4TG
z&Y(HrKFzb18<-UfL;F}wU9i0ul^x*D(&KN97tM5*ovu+rYRd=qz3o^vgCjIidl~Et
zN9>#DY9^Bq*R^T2%n&l~OV3{Lq-0hbIN$s2_~d&x`!4Yc{L*`x8i+B|1-WM!7VWa1
zla4?18Dd$k_*<)go7NgSa!ER{n1#&>jGN3_J18s}(V&tNTMPfi<!h;MqgIvm%IREQ
zA_P+HEDoa@>%9f8p4WREbE7<XZW*{|9H$^Wnx})Dumh0w-qdj8_iKt+CPF6li;dMs
zcIHbTI!{-hv-=mV%KdJ%JN|56N4&==nTjS&u4s<Fj)dLr&seYd%Tp7>`*dH<+x-5{
zUnG|V>~>hIggh#<<t`PL<2BJl#bV1YXU(&&>~9E%(Hqv7XcqM?zfq|+I)R*%pBb+j
zYVwUZ@&{kjY`fi9+vcf0XuqDTFTh-#t(qNIA7qsKMDOI(3+}Xd9@L}My(b}~tGW|#
zgI+gh#)SptrqrV$l#}}S)b;Y#0=Vx1*aAMxb>(ZRA#CF4+q)WBi*O>wsI&Rgu-o5A
z)o1(v%u?Y5z4tL(crWj>?<0jDl&|(RCBHY*rkES!_ZnMi&vsf)oit<JFmdnj9v3do
zgGhSe7{~Hk*-%vkz+<Z>EGD7})rMR*6xj<cZm@uvO&|UX!0?B!dSBxkRm=Ztoxy*T
z9sK{kS!L_!=s17DF_p-wJ;!-HGlfcaljR<5Uuz2g6`k7B4IEsb|9_=i`5&lW{#gp&
zt5dVGk{jlI`YwUIj4De-+hwzX7t+J^U_cN?p6z_CDsgJr`_yu=?esUF@UJ{dNd?>%
zrtjF)k^c)(-3<)DJ|<t#^(_tGf)i|8py~G~8UqEFTM*Uzhi^PkWeqd&)Bw;eS|^#-
zHuCNORByt|O>3F)qUgrg6Xk|>c2Ly|zSCBpqvDp+KjE$?NH0zn=RcpXNB$LxkAk6_
z711pR$~U0YIo?H5m7aRxjgM$4fUk8%YV-U4OHSlpf%cz01CQ;|ziAH(Qiu#}vKxX1
zG=&_wqpg<Vv>6_)h4PASY>C5LZ>QA`U5dKg_m2nZk&JdM$0;XQ;xisY)8%>Fk%N7a
zWE<}8z6R#`b`8%x@vlL1_j~;)NJ75G<@TMZNayzrsk1-b=l8HB8acCsI4_TworcYC
zN4Caij0#Vuc~teogE+?V6N$aX6~vPKl0@2SlC=L_#M1UI&0Kx!II1`H<`UW~k^8LC
zs?m_+xUTWz3*>x;z)QJ$07a+AH#KD=rfUyFFPQRqdCvWgqZ*{PWSYj}GXu~m-A#Tu
zU*lMIJdNOd92rdQF4$*|DpqzIuov6yzCwaGaALAcr4U<9Cb7r<)fI;3r?lE;<WBkY
zijk4rv!Wu5AsL_`_tx=e-CbpI<g)cAv`Iblu49+|y(8j;c_VmaRC^F2`;%2N%><pZ
zdUc0564cyK%XrUxri`$&dCyZhoR?1q(N*AqV8`fmkDk53-b@rj%+q8;&WHICfMy17
zC0C?q)>g5(JSf|1$*VUzqVGebojKUcODoWMWYGF+oQtABjW@V6yU&M7SZ>I{Hm=n`
z@LMaEmbYyLZDHLU@?O3xuD2X~8%x~3<J>%Q=uG#}VUt`O>KZ-NxMESE-(Lm$?ow}J
z9L+~BWV%YubFiL~(2kuk2z-3G)4_gKsQZa#b%B7XI=Y@#9MVKWh2<PQWHp0OC8w}w
zM1PssPR#7QS<O_P`JCHV`BRr@{s84;c4vEcFI3fHy|9hsa*4sL&GBA;o+!aU^GYV+
z(IX`wM@M6hSXTO3mEt@Pp0oP2lcKYAc{3<+egD4qcY{mWc|Y~}F~{P!(DSzl#(T~d
ztj2(}lH7(;U!r){Hh@IYxxEG8R0k9>m}*Rj8dyd>;Ya0{IHN|vUS}YW!{#$NMNaM`
z9c6>*QKlMtVO_knviT9pRm<IowO{kv1CVUQL)W+WA4EUTGTj$FctkzdBy-$d^=_`z
zjOFAsLf<H1XX?l%wti5GN}fXPDVCA(az{GVp?U1#9ermSK7Ka_I$lMZS~FHU%cSyI
zt2L%kJEnawnTIY%q@Y48lcgHFKNC1RWlV#O?jE_p)O@W}9P7J>5&|H>^{VUvWZdy<
zlir#PkLr^aea;%wo`dMO+MJO~$x0j+iXxu=*nTgi1j{Sj?_YVvnN^SrFG$L@C${7L
zXXl&}45x#k{gy%=ITU#K{1?NbyY=6*y>{rl8XB37pWIj15w922F;YxpZc*;-e>M4g
znu=Fz8SREN+Ss5?R@Ae#zRtEd2Iy#oOC-I5pVwDMe*<sm#cr9gpid9wMLZ9L2KA2f
z(_ACzx$#FbQ})OvyX+AX4L{E8L(sY4u;=M{j!x03omE&)wUh<n7fa0tehBgoylkd;
z$k(Rqv4`^qzD7*X1s*%^3kj%oy&4U8p_5wAD}58am+fs;Y-yEC`-mYS<Je1UAclxp
z(Eh8i6NnB5_g@tSDb!!#ybGPKe@*YV`DB_x`y#ham6(54k#?<`*88zio6&LlxE@r%
z`&DLK*hE^bxJAieF^k1*NHF1e7peUnj<3+!Leg^5sAaD%4bELrY2}$4?b5<6J^5z%
zddpQBcNP8pKGoUfVt69lrTFqwj+lLDM38*teHG26&g|Ib-C$0|7eVNDa4a=Unsp=q
z2>Uv%$BM<thSM8R#oif4C;j7t6`)GKq;;ViL6B;2RI4zcZbKP5FU8d{BQZ}lQd|d)
zW!~If!PAmovi@Fc^hpF7?2e$Dh4xX!60QVzD|JcAcqFl?4Cj#+JBhGS=2A-gRt?q+
zyPm~Ggn@0g43*O$ET;*j%wYnuvDOGC^%r#RUdoj3C-4-_f0)VdM9JFXx%-{)hH<tL
z$GZDrp3%X)>8#LCE;0xi`5o_fl&bt$ND&wjd2F)MwKXz-c<GMiw4(7tn0J@=JR0y>
zW$m>;;C4VKT7l<--5ChL95q=m0EULr(#T_<jHo$UeMEk`VRYNXF3c3d^>1(G_Iw~t
zP_0Mxjyzenk~oOWfy22O&;pv2#Y{Y`6Mv!tRwm31i|cF>V|=Y5{(|si#kWeQsrLb2
zWYnErX!_3#fs&bLA;-6A_-LvIc<qTmCB{4OUfk(Ie&Xxg#wJH&{p6%4W<xLRCwh35
zqhYANopiOXv%ZG2p7~C%$!{}e!$<YrLOCauuPu6ael79(dcO@9^YlnfGlj?%{W{v)
zwSS%Eo2fYI5?yPxrGgB!ys17LGgI*e@dh8vdJup$K^h4sspGF6SLg>wEj%2B#*Ca#
zI!1SE`Qnhf+CSS0Gj*y>a2Mr&>4uoL`dV%5UD0Lo)6?cLQpc&Y8$g+u<J6rLxhY^0
z&dX+*nCM}~nL-p=g5oIwQXf65>Rz8kggh%*1^$pu@1|P-V%imO)V+XX-&9k*f35J0
zOwKD<U$d=VKUd0jEhWgJ9Ba5ARl9->j#kL!^sS_-`MmQL_oc-sBoT1x(vD3l50m3i
zfXFm+&UdG^yy8`cIHN4}vAimCf}_^SGTa7xXY`jDMpVx%ZwN#O$ZePg_<p!4G%dYZ
zi|2Fj3><Y5HR-?%dcmIp`bR*M{JZz$SPVx~#aJxXwp07IUdgBg8;xDLrHO{jSDQ`U
zCo(X>-VdGhH$XUr=Cc!h=2I<b%+bCo;xn;(eNR<U*BkoVnI6@KgMBn{og=FOPe;k+
zNkK@EDE+eZy|-h4@<SD&!5loPh=K{+z<dw*Vw(!!2?FX{V{gD@4?`g!oacE%6>p52
zrM?5G_T_(-#Qw#mK@{77rlqFhw~Pae^!z^KEe$;X`@aBb2jx)^K<K@!x61UES#|P*
z%^eM9c`!E_z5k7meO2t$iZbNDuUiHvXV?FnAW*%3t?fM<O@^D3S_5>Tnl3>1pP#f{
z(p0Y|0dR_=)f@YtQU^=)|21_G<9CPc<6qdwnn|EMB!Mk;IOCC2*=u}gy;~wxQ*W-P
z^dCZKN~vpD`M;>7`QK7Gv)K&u&9ur)xJNg`83!ad*zNR|_jI?Z647Hj&)_cmsn=BJ
zcZGU)sdyq!dhcd+k*ol77byi~fw{Y*hJ@xC=9<dQj!0qy(gUIZ{i||Z7k(!z-xkQq
z;JozE$pN&;_WiYG%A57mg*|zA8_^A=u@Mh_bCK216&KMtfi?Z5<}tY*@aCT`FAlpJ
z_&Xg%HO*uP4CP?%EE{v0{;~C3ORxzN$-ZI3yP8~=;W+E|siXY$Tw{2~b=O`>{O1@6
zn`pN^Q-@CehJS`+?2?sy?op59<Qoj~q<$7z+hbrHPN#V@E4E(Pr8SD+S#&ohTm(Go
zBv_m%KB!F9vg79ZHn{>-?V>Y72}#ziNZRn{fp9N{uGXn%Ud~Aif`>VokoD#fCD?a>
zKs9XX(}Rg`zvVh5s;iInvx7G1jOni#<GROB1(<*4gh2hY-W~5foM!J*#|=JqO2^c)
z{<4z_d^59($&(IjQ0kMQG1z!a_GpWC%(&Bkze&S6j&}XDi}X|8&6;kmk?hr){iAmY
zFW2M)RdbkK4n|D`<REb>v)i}xIt`OW`>PSZO55Q!X^sLf=**j3mPYp>*VCbcyC13R
zmz3>2Ur2klHMxSyLZ;Z#*N+_bEq<oT`Hw_^#ii`>#<7Fc_dML7vcgmVw1)3DVYj+_
z_UQw)pjn=hZtl$+hLq~O@jZeSrX8gr{%0NOM50~=X_FoKy57pyny|;5D*#rP4PLb$
z32q^=C9wEKF(0y)9@QQD+jkjZ0`6X6KEwE<EHW-Lfy5EjI1_ivQlR+7K9Ojt`b_oG
zw`PJSSptXM)#R?0gf!#ENa`_hp7qYMS<tp6)-9>-yU3Wotp*3gdUs>va5tis5qiC(
z7PXJFZQRXO(ZqJqYMbWzSbv_BC`cZX{FrdZMp01PZkj18eyCTbEMrFe`3ai_Vwvtr
zqREP-&_cInuf}z#r_|C#EBw&#JY6nNhV3#<?W|uB|G?L$AT1eCdeSy1OYr-sp}(-P
z>S+8Fv95VN*|t~1Q5m7gYVHF(9miWY&I)2Hi{|~Syl2r)6uXY0ad5`N|H)7OEd#;H
zw){_0y6f-%y@tW+y0oFVzkf>+O{wa;i9$QKDdduK6JM7kyi6R)-ncsZ?K4R@78Q8f
zsU%GR<{P@s@%(#E;a_E1s+D_tE@wX};g7Gi!Dd}iJ@G0M%ucOGNi=%;|EiWC2kM5F
zRhEY?w}#AJUDe8sT3OW9)%RC81E&d8>K+N*zb=Is`{>leAbDOXM!VrNB+0pd?!DpP
zsC{U~rF=^BB5H!`qFwSlq-EQ|DSqL6U?CxdkhGUc@=V^lOLYDTFE8)@b$wB!uIS$<
z+IGS$^oMfy*K?&NYgUjToA5)inWq?DGF<Yn2Y|$3_VNk^6e{iiCJoea1Y%Abd;0`K
znCJANQ@}ym@s-}IzZUzk6QF@izqq=tiMWu|(AKuP3cNg<3IBDb{C9%BTq(y-&}Jli
z9hpzENF&-8^p`v4$@WPEKl!~+7Q>`5+=lEQWhQ2KV@;-y)}4C8<_@9S@V!WwfnN83
zQ!*9m4HpvDaD>Ni;DWH|H>SiEuAAN*>N}e^5=Id~0mGtxZCE5uBST5<-0Aje!y0aE
zZpIm(h8jBqf$W&waY-j(*2R{Up)J&HZE%{y7Bx{;ukKes1iT}Q<CgSouq5KJYr(Zg
zSmIgR**XW=tHxD70aGq1<(-D**Cq#WL&i0Ahm*`?%K0OrczTkQSC*+D0nA5bL=AX(
zE13~|nS<CkAL=y(y{tMAT!K3@+S5P6<6gk1s&MtYOWljFR9?Wa3i~D#9p)@`=2P&9
z@7G%nP-Cx#hhxNm^z(58ffAE)dS%;A>xmIIkd`DW;4C?C`sm9A9f49Jpz8!|wWYZP
zLPM2n_dI<672mqZ9!dP+O~GB{{x@GY`me72Jd#x%=OvO2-ASa9oJBo3i0QLH9f?Qf
z>h5!EZBG|`F59c0V}F$7c{Cpw?xUU3ZyCAY|9ZVYmRFpvj-6KQjIodlaX~?*i;D}-
z1zQpXX~6Ey>$Eyp!m+A7{(Q6IvX~?ZD4`k;`nzYM1dJ644W&plo+#Zr494p6aHGtP
z9rp_TUcnQ}--avJ?5EQcj|OdUUjE@U$eMzB?|2XSZaFzz9*;x^XwdttKWW;4rrATH
z2^7a4a54You2Nq9F?3D#dpi1z(|D+_0loxv;g>0z$$KGq<rIe7d$6{0E;!e?1J{-~
zM5kDARx0nzk3JQjooDB4Nuke-)%tb#xnSrCpf7h&D;VOtK<`|ZlgJ!VL8JY*%)IfH
z#y|gc$Qr2~ZMPU7t?37zSEdg)Nd1D}`dPUV$7M{>ud>xgA6zubsrgwqE8@&f{pY%v
z$N6C&^B?2ock3elyR-F08H%@z(7R=lgJ49~neq-Mh84R)GD0bspqCH775w*2_5LCR
z_dNk|y&4#y201_qdM{`nIQ=yUsvgCA9VGcOe>ctdk{P2pRolNT-HW(@oi9-DLjQj_
zyC30?fu&g-0l#&lP_sq++HT_{-TT)~f_R?(qtyK;WBD)Z^52Zje{V)VziQl$%?&|c
zSN7p7&one3F7#T|{N_A$gQ05Zzvi$mcWm#KCLy>)yTX&1b&|EBh4E@n@>2E;xo}~4
zZ9aahX=kow`YNO0SjWi**V3_Vf}{t5R*KR7QH2T;^g>#!2q3x7!ejj>6>5=#i$Eh`
z+YBXujP`l}+57kS*h9G9VH&QE7ZkL$lh4Dhb{TG^178K*mL9JC1zgZ2am<}oA8_Gw
zgX#K;SNHkYZ<ZO}zIk1WCVq8(@K?C}^7&(HJyXoju)s6Ut9(>n-iLTk;MX`T|5hQU
z@ov~%#<N22d5Id*awE$nr1HkbUghjL&1DolO^LZ%Bt5N_r<J3Xt*_Tk(!iHMvgW{3
zU)=q~Q?E{jw^SV&1-&k4*U50?kMXCG2j(5ZHKO|`ltw$OJ%A8aIg0_%=n68Avu!v%
ze&P>ZP)F<NveZJ0bTQC1i+}(lDE3XWmnIhX>!>^f&A~xIei7`+YL3o@UUWf26>IeX
zWfVg)@d2fIU~5!I2ZK(;ueO>+(mR?Jx)7#%MG_-M+pve-4dLnafnm@z$Alt<UQQY=
zzV788y9OrBWQ<Q)H&Tih7?{0E?I{+-Dgv&gHmGUh?%)2@J;Krj)<B9m7vI=X!o^9_
z@A@H;D)cLI@+-eMv)Mr8=%P<u5WH>t!pM_%w5>!RqCC{Mw=SYNCSuC0In4|Hk#U5C
z2^N$%ZyN@=*V(Mn<@d9Uk5xw4{48E<bRmPvt`s`ON3G%t*O~5vN)1P^8v24F<h??K
zC6?|EPA$>CtX@pd+FQ#5huOQ)o-}xYF1!*)BBI+G9xyLA)2V~HCn}Ba3V8IDe`Gm}
z06~gES61upLN+E>@Gh49zto~*%Bwz}_rOZEK>w0Diu&QIb&AML7Q~npRxS<r_8%9d
ziGb*G)35~wrtrCz?X7)dW%f&U4ZmSNM4%i2L^O|GlU)b|R0Np^TsGF)uJYq~;Rf3x
zB~qv8ElV#=_`6lR+=~_X8`ZNBcjRTKexYi+pJXg5Rk#ag4AKg6kQCl3a}@)O&Dx@p
z&>-&nvA)X?L!Nt0#BQr&LGE;OPM-?7Hzc09zPf@2*Dq}Z;{`h9-}glxZ7*1-J~l$R
zIP}u3YC?gb-3((~db5wI6$aH;#2M!F5n;NnC8Nyy0WODn0_=3JN$RsR?z=DRYq1ts
zv+LY7?8@UQ>^*s;b{35iw`B7Ar4-+k$z(1^VDD4q*H^UN7J8cmqV#DU>2^RkHjI2$
z!1<AqZJdqH1dpHhIT>^+rI}b2P<eVr_AJ+)ZKLne_B(#GDUcru96!dTLJ(0?=X<~N
zwfse!{OR@>TV#(_T_W>_5aD8h7hD}207!$sNNmVc^h5G@KEmiN44h7VSyLNP<z81Z
zy?9@gew@3<yPrVA3z>_O?^zG{YdotsO8Lyub*$2zP|oOWeB)Yg&1^oK-HxvunlRpL
zW3TqW4N-3PifXL);8FGMN0VOtpO{Lv%xZ=G>1(1}@g&2Sb(JHp*fq|>ANzSlf1OMW
zSXUKo)ik+#OuTwRL^f+@IV(BS$fxm;hE}l0$IDSlqu=H3JKVBSgrLbzjIClApy<qg
z9B(EA1<k31w>6ye$(hw)sj5TSz35e1&>XH;^~Z9?$BIvCncr?c$3u)Jw;Fjr-BJ9x
zd_fdXv;mnH>$6=^`!aB)=-Hp7=m7KtSpB-2lW7S1<sbn<#5Y{ZBUp%df$cCjUc*AC
z?J8I)E!UZm?y?K|?ZHRQ!IfL3C382rgoDhF9OxKdw~mTF)2(}C#zPKIe1U1X8R&#x
zn0y2_qjKsHN6fOD8H(}@E>TS)<F*z6z3?kL9!9UVT+SzzXEy4@uje@jQ!nKXs;Q{B
zQ-@2zvbR}EQmbDc^9l;Lh5v@2KGhjNQJ>hF3}}d|vKV${UQHQ4qD3WD=8Q`mKR9PA
zqu6awMM}kMHNiFw^eL=o)jr`{m!Ul>@+M4*L?8U%dm!IHIw}n(%Ld<YsDU@~vDL_p
z?-ait6>5#k;<p3T^p1hcbB>C@YG*4oGN$Kxd=pGqV^lNC29Ezhht{MLv<DW$8`Pf7
zM!chqGu9USCQB)dX@3gk_~p2wq(^RKrodU;6Re>A)@!>5D{W)Q8DC`Q6XI{g{C*`6
z*P_nVRy@;IAVn|QkkR4TnPh?+en$@^O;=+nj&xIN&V=Q?j!RpU?$gob^wv?`zG5#0
zRDNk*ZN#2{K2R6tS%&Hx0z6i=lT$&dQR__pyL?}C)7ml`w&Ur~+NFSWe8)_I^@2JT
ziqt*zQJ2}#Lq$@<wX5$9I(#l(Uix5G#{(c$b_&h}1#WJ|dX@^C8#vj&YE!|T#E)@s
zSm~~@dlHr)LZF6d!5kka=$dT^S~2n$W0=IN(2VMW-o(+m@qg!H*<gv7NIW<RZUV!9
z_JeP4{ZB89rntwK5sNGlP`rvjNo%HVEU=YmmGy3VrWx=LZYk$GL|HnkiQteg_M>;x
z<9$i0)}R9yKdGRqE|bfy1_d6OpdHWI66vVL8MQAKHw~S<BE$KgUZk}zjk?#l-kCww
zJHe8T{3IHedOd&dZq;_Inw%f{Nc4)Od$g3A>73+7@d0%w;UaLeRb3w9?c`oru)0*Q
zH`f#8i%Vi2Ny)5DC>E06R3WR!&sh(+q7A@_`6l-z=egr_XFXKC%dZS`8^WJ9-XYMj
z%4_iLzmQqsnGFB(ntL)xVX#eWdW8RR!5@XB`p0vR;|URyzs>-^70wdM;nmcMf3M(8
zvw=eX=YcR@^-&?ZEiA(F^a;{M*oGv$zx~uK+e0?_&Koi-sQIf-bL(dr-n@YBd~PZ`
zl&LAkZC=kY(+s9?kMG;p_0V$pyPLX;{mfMBGbWdKnm{Fpyz?J91;U_~j97Ite^<tD
zzqkR%kXJE8-t%??0x>PeJr)_!bO}9FEopKFFDI~povZ%wgNrvPxk8sNMlOrhIkB86
z-+!Opoir9UJ@_`h<>aMjZS8IqlyW_bTZbf(qhj2N#fcCqsyL7veO%85m$Xuxd#$EM
zUc!@rHjQY&R`Zl_sE@}Ayo#15-AOp~g;;<K3I-k}2@P#|3|rVI<C2Yg38vKci;TYP
zY^lA?lOk*Dt>-{p_Gy5M!D#iBpov{-e>w3EROkqmX5ODJ6gP_dSpUzNF7Y@xev~FN
zt7dQ(1|sd<6PS#C(6@$RFyaicyFw#p#yBpiXQtd#A<e!|+xyQ+!E(kbmQTcy<Ouho
zP)y&$J;b9}59HiJmTr9fkmp!~ysRh5bpPi&ksdvFje`=ncl>(g_EsRjw)JfO>_0Id
zq$GJwmnx{0W7Dy0a!5-q*b425!8^eT#wn_DXyqeGckLRfRf+<NlVJ)RL)(p)OF{?l
zGhDwY|Kv`b*5GPpdtFd<)9f<I?8N5yJ=INC1wcvEd_Zkp_|*R4eVJvDI(6_ZBvd8M
z+Qau*{9$x}t1Q=+dvb(D`m=$`*NjZApS)MSq1w%9%CZyRG^2*Hk~nOVB!Ee31ZQ6t
z0sk(x9w>AzG&aA&cVL9}@wV4Z1C<^R&cAd-8aEO4?h|vkC;AcMzx0rokfgauwgD0Z
zBdhx|vj)7alZBm5P8G^^64LD|z=sB$UFJD^ALS*{dXLQeY#-#|YpWmj!xL)hy$&W&
z=PzqjlMU)WXUR<R8<q>1BniCh(mHdLZQYWbO3;5jG52CaKX{raIn9`g8Ez2Y!l?!M
z=r^3bsG6%JJ47jbJ$D*&hey?Ln|@8URGc3AE+0R@bw(wPjDqw>U0R0sr~{QO_$bC`
zW(GE>4a;!JTD|G84YW0e!b_Tt!WH|$Aj&VZAf31M+m_E>RV;84!hVLxrb=RVUrjW(
zM{L|>?7JiS`|k2O*Me9bwL9SG`Or%<Ni#5hYIY|EXMWn%JagrUS?vu9VOKR3T865_
zMr#orlWjL#jfRg0HJb`qPPIYr?5eR|J*r(qga1c+?-|up*RBiO02`u$@_-Z@AiaZt
zfGE-f(tDE{s&wfBHk96zP=(N&w9q3(S}0NjgeD~rs)SHNJuCR^{l4$`_ILJq$N6{8
z;ZFu*tYnqB=De?Y-S>6f&lhOC*0xP}VYKxSYuE+G%j+{~IN|r-L!z6V6gKb}iAjU4
zn+xoQt)R@6@d>tH54R7fpy1?ZRV`cvVB6MWx31AFb`G}EEuN~dI2ISv!ly1oJ^+7$
zRs<t6sw<vtm2Ove%b)+2gwt&LTtrEgU~_Ega6M*nfK~I^G4GptpRSJLycx(p<i*g7
ztnr!Uh=QN^9RXld@en&xZFYZ(8W_nZ_=1deSKhm?ja41Bs-Cr*);M4$6;eDs%j<qy
zM#o({^Tn;J@rhYs-MvRIMch%NdI+KUdgA2(%9~P`V_sdcDb`n?t@OHqMwRLh0#XQ}
zXr8;-w%jtyWX}M|(AQ%3L&ajDj<KjLGtbbcWex3UYZCl%>C05HL3})wQV49-?~Agb
zJ5w7MhK$ojWh@&NAG(ZD`7R(<R?#O2hhARZN;?&gu-*+DnP)xbw%JI0)rCQ20t4#x
zazRMDz|>haub;!y4S(l%1!a#s)7B6IfxClYedXMltcaL%-|BLFWz+VJ?QTN~9oQ}9
zv6O2~RbBsR`xN9NW^?(<{jXjkuYi?7zL}`M(V7iq0T0fc)qE<()7}zX>^bN^Ffoxh
zCQIRc5&D<Mh7twL;6N~8xbV^3c-_*9)z62yzI6?E=dp<+H{bPSJJ{30mJ@}-iwiDg
zx17sp6ndy_s5#?lDJ4{b`N?t~Q+_!<dt#vE$Z6^e&jXhAFACmln_iAx-rhmv31fXf
zf57R;7R(6{RyLb45k1^($v91``#lFiPB>M`KCQP;BG7vl`6fa-cg8&wSXZax0PL7I
z)tQX^R_*HE>q&Qv_q59W4rO(FIp&F7cQWBvc8H&=l7ttGRILTaj`J;|1pBnM2^`>y
z)1%fOR+n70SHv=2^YIGu2~XxvVyVoxJa_Tu{9`fi9Mq0vTEo*M)h>Lc5*7EcX%;Ey
z_s@Yd?b`K_Lf5Rcv{y%zquj6=1~Yg)-Q6HkO*xHyPq^BCdgl_g-v^1uzfPZyeI!A+
zUFb+xoXaT9ICdaTZB1!b$l6$qg3Q9W&p7)NEI`>b2$MlJzw~^|0Ct1BeAMbo#h5W|
zcinFR4V{|oB!BglvaO8kz(Wa3wz7ZyN&r3vNSC1>vB=g%h~I4~lh_D$!xpRH<=<@;
zJ8D;DQzavh3_ZVM7VeZZ|2G&2*yax1Eef(tiVF$l&DVR&{?aLRIr_@Pk)g?#&W}Kd
zDq=dHx>gH_Y&lFG#lL!$;Bd+)Sf!U(R|$iK<}ToM@?@xaPlc<Y-OjxZ%u8K<@se-J
zXa=vjf=_c0aqpxO8NJOFzV+bW-YRf)=Kr@c6IwE-d+%|sqxgeyPp<cZbymZ`DA|50
z1ver1MC#64W(T@)a8JT>2B|2?!3>&b2>Y*kDe44!x!9YCSsHz}j_oszcaztY#;4%*
zy=~kD3@Eknk*5pTqGGR+N}lIfuXJDoUNTcMPIGsi9=WPwGI~^S@WglWcGt%&KlgU4
z{DM}C*Z0OSGhJqaM`dD_lH#fvn1qTx4tdI9p<A&sV@mu~aS0OqDK~Mh><Py%PPAf<
z$PgC;Xsy?nU%_<XJ-mOIH)P#D0o%xQkaCqWiG+8|X)UEq?_9WxW#D&tgsl&h^Qmi}
z*x<0}jja11Zn^(vf;QOQ7oq%&OWh)$-`UVg9{o1?Gm6>pkz-V62+n@u@KSX2i-iT(
zMBkgmoAF#Fe!u54#dr>~LvVli0*e{g6!{vDZBTvy(nwEhtP9b{alU8k<*$j4=OO_y
zYY-&*-VNHTIA()LvCXUDmT8`Z=Fx`~Yo@>H#Dx3V*gnObu>{+F77I)kV>xeZJggb@
zrF5}9qN-I*){|j1HuSl$#`AA)?Yc2KZZfbAb}{J8D_w*Tpb8Gt8>P|O)!jzB&6RA%
zbDsEp>T6d4R&^!xXw*E7sZOrn&X{X{cY3GXrg{8yoU;4<mWnIu3AmJ)HG#Vp1CwS0
zj$iA12huR_P+dupIuva^50ra_niyk-{3?CK3|_zlr4r(5_*CBo#hW~YvBE{WBMra<
zXUzKPeXl8LdO6QCIQFi6WX&pJE5DoQG-Y2qB-|WW6q?r7QQf<3Gqt8x>uISH>*1&Z
ziN0%%pSWu`%1Z&OwL;^ydEZn+DG(`n#<%O#g8h-c2$9M!$Tl7MDQic0f0(-^I;tnE
z<ELKY>Tfayx~+)Sy4JOygb7!*S<j-!MXra<0n{U4Gp{F)l)2)l`d!V8q<nrb^o4rc
zJ!G<}+1g~9wi(#!m+5b35a{Z;;=1((_Hd^<l4$64P^h78_S4eS=lS&?_VLq~=mY|P
zW^|ix4YJ;!ET*%(wn`ivxTQmz-5lt4KWXAdm~X9en+BU|N?(-wJMAwyFRpEiKJ0!#
zBO0D0{m_v<drP>bvL@;1yfQs9DuhZ3z<l?KdGFt?X5Vgl&!0KN$9FHBM_N_aA?WP)
z0hHbCuVfE!QLELN+tm_jE0wSA8vLbHJMs_|>&=a7=>1_V;WsD?Le1;N7VfsH<Zr*J
z)pvU#b}D6^l)AEkJt)qx5a@r?oK^SCF~Y9H@YdutO@;peGL-8!#oY_pD0!#XtDdci
zDKWcbT+ULmEb|tvDkt~oY$KQ=`{%wV<}}W!SREU`iFBsUOn%+|<NJ<w8LFFm>v5<>
z_TW<q`ri+g9<N)RjD+~><Z<xYLLo7sSSg%~jkKW$-Qm>_kVdU{rvE`#tn`_yUicMe
z;FZMAW~oF)Bax=?!I?Sg+dSmL%^ZF<Mz=E#rtlk@^I68-0#Qhk>`v5tr*3`PSYT{u
zmHe@fxr2DpSXCA0<aBLI^3@KiGZBurXQ72D0Az^{`9)d!X$WOQSohOvu9W)$DxdM-
z!H)leWk2#+vx`|baR%GqgoTv0zVCEPOiZnS%aJ-gxqJ1MW&aFjE`?H$dLMMjr>=D*
zRP&k<@lA0ctfpvRc(q>`!+FX{P&90f!<AtVKjf9HuiqZKu_yH_!8!6vhx^oAs|qc-
zOx{~InE@B(T|{xWE9da#fb2X}gY0*YDF&)r;vjz1)5ZZ_|LVIE-OQGn^CS6HIA?s7
z#hJGk9dF-%F5sGNdJU9y<pKM6{ljfM1dKz~s!<mtfeTq`Ju7w;relyaUuEdacSE?f
zYR36B`RdK8h=8({tdLO4{VGk%YO1O$BHKyvM@21VkMi#*zkW>RGn!;7eWLA)^ATC}
z12^+OJqZ_Er#=}$HOhb1@s`m%@&VH;Gn-W{3+&Nd74*m1dAglr&`S?@W)Mw#4@0FW
zBKlO4+rliU<cgdwW5D#@yyw4oS|c3#s;`qf?%&DWUi4{ysLfIY+9l8Wl79KA(oe1|
zUth07Wtwa@D=vowi!}Svya2_)d6yJajptr=XS$3cVg2>IctVTA)+I+gHBgksD2>~F
zHH6yF{uU<s0le0yhmHvQ8Z$*Rh)7di`oOjCWAMuxc6Te|&E$u4qLy5geV5G9_y)FN
z39mle_-NNfo%?nNMNxmJk9F-*;+@lxvEsz;@xaL<4#JSzmvw`LLF1NpAKw+mPp~ku
zN>M`0t3Wvgv*nHtTOJu>xa*dYWX>?ME&c}-Tm8MNb1?Y{A#7ypyNxCkIf2rNx=eDr
zJ*MJn+=tZM$$;T>;Y=TiVh|E5|MBYB@-K2sM8aq3GjtVLcnzw-MexftfI9i<)?2LD
z>2!mE(}mtm%3wyE*2`Zhl{MdFTzqzl6`CG^OxBw<>?>-|89eym?lZ`_?L*KK{F;u_
zh@xewPStUrVtq~ZBc}^GPC%)oahxCf8*fN7`pw5`ud`d5779)IeTq(r^xj&?+jxvB
zTlI#%o@hTV(yh{Vb938T_i8FOs<}@pd-W%Zxw^mHSzC((N+{}R07HyYNWj<xA3KHe
zu$KIy&1Dxh0Vh^-eJ&AaP?PJHmfCMd2CWj;MT@+?d#Kg%O8dMw8Csu1^~;K8NJ&w>
zfGTf;QNL`Oik(~w1^UZH;WC}v;?9PV)O^Fi0*e-%efK_*WR%}yx(=l}cY=xwS=+wY
zn8rQ7GjH|sxSs5BZ^9{SubgkPWBRFHF<%Zk^fVfwcbUNk74&y<_D^c`zp2j6yd0b@
zSmrxS;`<x)Aib*z+6A7l%zJ!;NU?4IVE06(RLOv)?)BG35$tDt{P`C{-bH>VUxX-0
z>h6_<drrDlae{pl@#1$7g|1xEV8iqAFhuQC4Z66Zdt<9`e8O47?rF1dT^ZNHbf+uF
zCcg;4pkyBOU_CsT>V&lhwLXV<!w+S&sCV0am9kLqM+d*!hITJut!e>c|G+0p*xV0(
zb}*w2EZRf%>%qzy+3p&P*_YkkCt(E7$eL;GHX032N{<fr)pkdZ{|ZO!Ih^8%>3`se
zn3A#Kf{BIxAKigLU}e`ZEAC7HIw-`~beFE3AMhCOMqHL|Q{H-_^?3IzVot&+kfGs>
zNT<vJEkx+}pE1KtI{HqI7k^-bwtf_hj_xMTR+%fx{a;|i2ve-In0o9b9#0SDSat{N
z*5>S|wa9#=9kfrFN!cPV;+r+t;k9&uiWNCXWWd;}U_)eAtwxqjK&5WR2_jdCv3lB;
zRo9e-k)_4$)Y(0iDCr0lw2(4jVGxbv5*xhWrJ%7j%+YS^VbQzy=!)Cf<kCtNCZA{r
zXxtQ^v>jaW{M#4yt74BplMT^s6=DcxXjEfrcd${dcL`1deetA{HGuxXoH#no+eQR8
z9?cILspPkk3r^~E3&}M{GB_+J828)1`te$r%1J`Aj>|Lc!a=~UlcODNV0ckPeb0Er
zz6h?P_#TWdI^!G9*sr>uR^1Y18#fWp2i;JTp_s~>#AEEMU9SnLZD#qJc3Hp13pYRf
zVA356RBj~FlQCPkw3lSFIh?3q@uItF-&PW9yk*2{|KJ3>=hty|l`{ZNka!#?<`7V;
z##&`BSJAZz-~_9$=tgjZ#SLtAXHq9)Q*}<AC6~wS5D_r7h_L?{%CPLLkR<=ei9Y&>
zR<(}0jIPmm-aWsT-|29P?mGO2(U}IacR#<s6RJIYZ2XOk{ERYhfnwZkrmW{>YMe#w
zlSHGETj%?qISy2^f}!2^`s*G%>p=WtwKHIChgu$;%V`~%^I02@*XJv_VB-U?!&P8x
zela>vZ@a6o(yJvA<}Qi$=HGMHc9&STI%&$DpfAJ9DK^Ta)l9e(J18S2BlgNP@r`=m
z+g+&YBja_v?ZhE<L_snVp5^gH@AqGZOMAoS#G(Vhe*^n?BPK|pXc?jjyqT|&D+N#D
zX@z=JI%VC`2-QbM$dmN3rig2T{&|n81CR`>^s${_bXtq0%HzxtM(eIikb%R>Eq;np
zxhDEs&Y~{Pc$IUZgGnLZ86IOm1g@M1Y-_I)f|_w;r8u*IJ~j_{yZxlOs=++PnRby-
zSI|f=0ooi@^LjB^r<o#YZE_&@oqhOcn03>NQFmpFC`g?!KKyX90e4RMg{^HIHfT-X
zYt|n<h$VA|YWqzY=wr+ihJ}P)p~b8m2Hv$^TCMkAc+lr*sXRf;*&Xa%qq5NNpt$wv
zz|f#0xLt2E@Z&dkQ^0G4ENcI+7u7J1ep1L+R;^pYc)Hy1ig=d8ZcX>-UDc#BeuU-x
zQ>F^VxT~EV0RKSa^=rhM-N(5*wJ!%=G6p}O5e%=CMMsP<;SBMK&wwPyPC)5<eq9Oc
z%W1UTB56^^Rb~k$h!?A|`2eUN>mTCIOVUAPi2WkF0oNjUX1sy#`9?zIXQwrS>m$Bt
zq`?f}InK=^dOd(A#-+aUr1*4vaQ6Q8fKY;z`jV>3B<`nqHm`Aylj_^^S1OQUbJ*Bo
z9TnHM$`&DM>Ky*LQR*-q(f4Z-;q{3@vt*9DTR!POr+O~J=xk#f&*JWno{PFE6uLY$
z#dvb_Jx-DC3aogv>O^Fi7Yuz;>?Vf3HZ4Ra^eA-XzHG6D7;yDJtzY!hzhBx@MABxO
zjEIIS?iLf=-~dN4Qu$y~qvfY)*0P~GoBQ+I{*pz%>p@Y(XBQ_w@X(E>YVQdzqz9~d
zZJD?eAGw&u9aQH&^`2iCh?keVoh08j9ito2KKgY;SkB+@W5>%90uO=9nvBFQI0{_1
zgvzzmWwo?c-V^Muy5pf8Qsrnh`cM^!_;xL1EjTkN>v=P&@iDO9)+bmSg8~dumw5d`
zKYnNE3VBRI&_HL&TENq-%;z5*DqTYy7weYpJUnCfWu#unt47qty5D?&o6?78T9_R~
zoCs1&ZcC25T@4`ew3wXGd|E^D&HyG>#iIbRZ>__Z{tomQw*7$;c{O25Ll(+B#Mguw
zAA^1X*&MvT4ou#1K_`PchiH+ym0<7o#7MugF3BIOU!aw*O?Y&@h1~R-pWHl7s9#BF
z=TE3B9=kji@Ej&0LfP@OG17o5^M5_)Q=3}9yql87zLcEXypcYX`~zFWzIRF~#G61b
z+?JUhePbuTuf2#aHdg*|1+Jme9pgwQ4OCBk$CvjEHnXb3(<|i}pASU!8Jolnf8DCu
zeteeN4kqGQ_?!0WJ5uD<(|}B?jY<8yMKpQ=UUIwoB~ancd(ObAbCpd;MYe-&)We&i
zq$;BCG5Lu{wD+CUIkd~4Xq~~|?oiu9xMs|zSzSJ@dOGt~{zv`ASHnRYwWg$Ozs}d1
zzIxc763eHR|6yMCuW6S^dMc<>{NTrFUVpC|6D@eL+F@`v^R-$Ww`h&l9PKo9+PaXl
zH?mvW@1s!N@k<TyxAAf%H?R!&P($NDR^Q^>QTtCP`_^blo4S}PFZPmn7ZgW3KDJ8u
zWsP^i$`KRJ)xX9mrtxFQO6r>3f`N6(V&j_0HCEo$<6-~Q2B#|vEzgL0mz68Slny2I
znQr|h#LXJg1*u_pjG8T$$a0yj+gbZuaP0}(Aaes|A*eGl^2=(kBGn`Zg*5bz0!z+$
zJ%~vxM8Y{z457PO)0`}-CUhh^b_i##A!%3Y76`nxQ&637?}G<o+XM+qd86YbzZ8*$
zsO>;T6Kc?I&V9x&U8n^fO!Z8r;(VBL-W%_Q5H@CIRxn*$Ch9%bJJ*4?{^8`bJF<uD
z^)k!u7VY%CA~odw^Hq!Tu1n6c<5EeD7e$<FjOU$A66ny(N=g)^uAq~<TZiT~ZYskx
z^Y@|Bd*%13rDOQfX^!(HrU@ScD+TN@1^mtw$6fPknx2%9OFRK{o{;0Mjjo*`;r@<l
zIh{;&)`2>;yC3cr+7yTH`?%-FRRq@~AK>7z75CqB0t-_t93LU0iggg`{(6-3Ixnns
z!c&i5gqvApYe(Y*p)OY4x{JRCu0XsV*)WE9XC>rl_w_GhMjeBvL1o7gXe&IK=A-H@
zIS8@Ip2yg7m7+xXD8<PX=I=Y(n`m`_2$_ll$Ux5VIQBOxf$om;PaJxuPnP9yCj|hW
zsK|T0FFv!L>J;kC!yp}gqlR3?x#q#vHHU%idlt~br*{`vakc_M{fNQEc82V?=z|c<
zg6!;*1kIgoG)wz>tl4zh@jDU^5pl{xv|o{qiC(2It8<F4k}!$Z1e{qdruqdy1D>`%
zPGhVtbvnt+ojdZTG5mK%kI*x$YtM++xmSKHWd4#I3E*FMo)F}+q1*JP51hF5a-`>R
z_JhUnR*T}d-hk_9zSb>TAxG)o$;tc_wt>hg@1NOZ*76%C`gHvPMdyy(qM3S1O^rAY
z0)HFj+qoZz_B5pk775T1N@P99z^2jrL!Fw7cP6+?x0Xcv_uD5!xi`E&&W@;eGebn~
z3@$)^jmLE#Z?c3li(R}?utM#n+%j$CQmL%i&AjZK<bR+$<{bx6?D{=M6=n}lKp#wA
zAN77uoDefCq1ctZ!hsccTjX5#V`}InQ4>dFEYkLusWY-xLY$$wgdUc(Al@Is_Qhw!
z(54`Qv7mDdxkMx95H|Niy>|Z^-+KZwKoap`6^^!QKI)FInFtdIzlC7jw1Un1pGCo_
z)HjJsk|WLd{7&i4y#p2cgod!{C!ojc9MufQc^pXZDPyecSGw%zJh^n{K>3%MznfPC
z-1;UVH=Ma*WdfIj<DKn14#Nj>>FgHo)EK6FO{I#^-eFAGtxw7F7z#l%B)5ayxdWNR
zGT0&_-!w6PNo9WWfO1jNOD!DB?WK%qbsI?WkWo>hIAaB?sb;k|M!vdyE|76*{<A`Z
zpWH^09Ari1&2v_t6m^%uCE*!(;zCs2aac;=n9AHkV`e}M^P)tp1a)khR|<Vsy;8CZ
zB|`s+c(AX<jdZidc}+Y5t=n9a*mx%pzAzTy5PEPfftR_FXlkXsOkQ&%F%mEe;3{cb
zFdZnZwvuIG^txpfQLLqnR~h774+=zs-`NS|G#yT{cwrcg20j{mfqHd|``i*gR)U|6
zy(E4@sG~cpDd+a&fo-u@tbaA)ICH$U>G0PY(s+3T5XU_^3=q2kYZMqKobLz`af?oi
zk1(x&?z65!>!VqLQ&?UQ>{AHb^MkAL59%qq`|n|I;Y<OHBAW`L96J|Vz^Gh*%yY^=
z94n|E&3KCa<%D!<QC<l6_Ew$XS#+Ij@wtu^wjt0trcGk9k72B(Ea3(xwz^=()g7LH
zn2vjowltWE9`$ovJrpb>I-A6PP&g~j>(q$j@O2YtU@K3_51c}fJE}O!rc^{&GaR&U
zCU>+ySSz9(WtAP}m`ZfB|Fmix=9QKIi7G$~^BegPGs&F1wr`pMNi<35iIlQ9dE+){
zu`Y5>FC*BR=Ri8Z7vLw>Yt@%qti^U}$WK!tCg;}`Xk7_p!g&(CifD>|z!z-*zMSNV
z<b_UcMnt3$eECgcJDDdQ9t1w{A5^jrT-M~>xnyY+NbBEIcnVyifLrGr*xxKXm&;y9
z03%_D5|!A*R)6*NxvvIXQB($B;yj*<JYa5U9|z&AJw5e=PW)QRBICKPFnGlqM-+1b
zQ3HHnq5HyyndTtc0kI}(%pK$jP0gP=B&+$|kA|a1o>{7`P<JDm81_7+s<`3y&vbv+
z&yDmSo|R;f3dwZ#s#A~1IgYwnbxEv(Tyg!<y4JgtqV?grzp8MV+2E~q8(SX=GnWeN
z0$g`OOd238Fblz{ZUJ+0klw{>ezQX3LOhS&;KbJ69U>Go>;6n)v}H$JhimFb#aF%X
zI+YA-c1k}Sgb=_#xhY|)ie!@fwO_YnZ~bD?F?jXkVI?jRBBky04Rsr+(it+F`esF6
zQdkD!KX?V-#6AzRmGapwxx}#UzQA};_>y${VPO{VeN=zE-5)o2<5EuD;tqg%Fg6W{
zU|@{%_m!~PULNLQdD%Jaa^_52kFi$=;rI?*bkmBQY=8)PHo;>zm^l4vYlKEBXQRGs
zW~)B;^%ZR9NbLlV=8=o&TmP2(c1wDYgYG)b&1ZQu)a8~1Kz%qM3<i<N49gsV%&?uc
zS!fRS`mFBsr5EFTta~oopp=H#@lC^%luzNx>vm3JKrY62u(2yWPh*)OdydLD^uA)|
z{qxj|_34X0W;18BGCt=4Wha2$X&F$95)Q~+fWKUkzpFg|kJn!RzZ)ct_y3RK|NrF=
z=bv@?mVo@Hm{(dp;#yZ@L&~Xj@tFZ7Mqbj?%*-ZL>HkBD@joR6GxJTwj%@;WZ18v#
z@2O2NzWQhfvoL)K3!K|O6GvUbK$4@p<!EVlBq^Y@uG*259cR+J{;eb@7s~7OYj+jl
z{yE^zkke_c$Kf||oAhHOBWBX)f2v3R>wgm#;^!87Q({X3whQoc%qOGpc^?dBiWSi1
zr>%~DYav+xoOx=VkCy<ow6x&&S4xz9ed{R0Vn_`tdXvQ-Z1^ooSOH1~9+F1?3|=>W
z8oYmiJn<c?a)gPRX^@&$9FCV9L5rfh_{X{JM+#kx5n<$^f5iEfl8@x7O%V+70~>9&
z$5EtSB)Lq=OhVw;CzPM?89~~r)Qw}AWmY*Ioi$>R!Sz{k$fd8WT%RvldR|jnR4iBP
z+lUuWBsE|vbRXWm{|S|7={HEOzvu&ZDp_@OL4H$!Sw6RGC#`)ihiQc>|F$L?s#?LT
zkIh2Y9YZ5Bg|+fn{Q;Y;VbyTYoWMn)JA>eX^NgaswiB)-?U<oTt-VN6>BM)SE5uDf
zE(>TW(fm~Bk+stB$3ZE~L2b6S-NEMF`rvD*FyxBC(~;x8C0<Lza&#YJ4LJ2%(_4+M
zfDjzZqjd1QE$Lh-J7M=T!=SY<n}pTj_h|QfK67WmL)kV}iqqzh2|AiKLy}=uYmcS7
zEURef)wC;0Yvqd{SQ?jE$`}NB#Y)*UeljO^Qnq)y?sr33c||Xt69M$(Kg^PF`wrm{
zRY9&b+DRd{7d{@r{SREzH!ZQ%F5venX<rWrS?*n|Vh-67NZmV&#1Z2c2tiHdG??6?
z*ytUI^^MD8I-F$zQ;wvU^Dv*!R)eJcW<P@o_7i$7@c!6h-J78(Iz|!FFF;rgBM!4W
znw!^<e1alSa1?g8ma+`&+V+kw`=XQp`<mn$y)fihzdtF@-+p3HGI~LF(aKRtZO(9g
zRg8{lBaZ1#y6h-8n4Z~Cu*~gco5wlhzNQpNr48vyH|7kzILlJTG<cVPju+fyw=^v3
z*uPZ^Jj(Rhp1wYmTHwCsfesdM`VKFa6YtUN!6<3MWnwKZ<J+$}E1_v_WjYm9ph}Zr
zjPcQ(o@3)*j}qt0$c3@G8b(nfoPx3IHl6O-rtTRjI^ju<lFk9lv63QBOM_k+LE{$*
z3+X)zz=^9LvHB`yMmhFWX<@DbC7QB-@lC#&3n%Gj$5$kbx4i&)LISCq0(o=%?Z?`t
zKZSgR1}2p4L)xqcpE>j979`5i#c4TMUEXO3G3QoFaTxA`OEw6MH4YQNCs|<(HCe+d
zGL9M%n_AS3rEQP2A5bqC7L(h<$RG4{GKhjyYc&zO^+rO`9a%-su2^Q>;`is;klOmx
znA@^`2L{dYC^Og060vu0EtJWARwZmWMY>3ialpO&p6Ik+`I=6V!GebRnh>wB?SS8K
zdUXt!_fMJw`ppabL73zXvC1J7yi{xi8or|+KSRfmb{jDHC$75hh$RuqAA0~J*X%!<
zd}@Ca3rp){1=rII85Dl&JDQh5Q~&1Hh5eNp*LJ?CTz{NQ`0i<iFR$h&KbRe0l9R4)
zYGiP4(3iNY|24tiRqtAdT#9uc3z#c6yK^-*Rh8~)qS)7M1=V{PXweMmO^aVGLQIua
zs^o&`A8Q+c21!=;U(vZqB`c{CUaA3mEzC;x_657XAbLH2BFeN%qNri=g77U1z>$*B
z_2J9n`!Z2LWI8ZtV@j}oWS1!Anc?!3owQ^d;?osV#66VS+S?ZZ<yok5Cw$nInb;w3
ziK%krfoq(uwOnk$+2is*wYE>wJNRv4`E+9D$pTr;&YY-`Qt_~JolL-7+Vs7Tn7}Fc
z-VLE)sZ(yJ@M0PfzdJuV-8i#<dj~SI+htSLfZk>)h)4$;9OI+SiSp<ish`JSqF%^~
zqQFrizM~Yf91+>U7Pyl5kZ7LpehHrzCm}^N#4G>kvmDbh_^CB{8Wr@u+j=#B3Fe3o
zXtV$kLhvj!jSOIv`ayWtEEolQkKPPqM$QH-EG`9lPaWmo^6HS6B7%v891!~WEV2C;
zQYa%V@{&6s|7{x1p}obIF+{qtr)vXh)+(M#i<Zu3WfTI=%HS-y`vOc$86wXnEvz!c
z^~Smhcuo0dA-nxR_*tWaP1w3FrQIGG@vTub;BRy+>(#-Cs7uTJiv$_dt$R}M+y+mx
z9S~q)zeI2AR)ETWE^;T17gGRTu7;~|8(q><n`iZzb(oEhpnjXt^7A(^U`nmg<P8?$
zGA&ayZvZHh6Lj$PaKSX7Kb%@L1r%4}&#&Sudn{m(vhC_~XqNhjoKzQ`tG<8Za7H3*
z2Nu?{cpo%SW*^%ea1@wxwX2%p=f<-SJ^K!^H8Zflak$|@4Nh*b#bb1}pF7V5A)8<5
zped8c)GguUJ+>mkDUZm?QRbDP37eiQLamDU%eC#>8DL$5J-TefVM+CeDBNZy22#?b
zHf4WYRJgGjr*r+xm>ISXc^&L(6P&?&nCW+S*j;VDvt*KoSx{PP21+>6S(eF4obO^p
z+O-`d3AL))oXfyn!4Fri$v|-feIUq!G&{ba*n39Vv|%Qgi{>*a{0?Q0xe0Ksy+Uf6
zB8Cs?6W(*e46>ZpPgi9>7gg*&p?saSx|F$G^vEr{oH;O(T$uGbP&Ap{qDsyTo_^3C
z>;gIg%;0(U_}n(!wtiY&wTo@4UU&ii<40PH!#=d3u{Q$jI|R0$6KWgx)qN0!fLXje
z+KOw@FMn<N*&rmG;g4+{m=4u9vA*QlHuh~(b(b^!?BKNDu9ev4yc-Yvc8v{Gig=@D
zju{ENrdQm^rTg{l@NelZW!{EWa_hS1QrC6VSU_F}jMm33{KAUXMC9_h%6b^Z{cESg
zrYJL5U$j1!BHrJXeO})0$NmMt`4QY4Ud5-Ei{X?^nRCUJt)QRIC;7_d!h6VB4eG4M
zjuj!7&KLfEakXlMjf#FR+)Jr1nCkJ11TY#sY=kTGyw>%`$Etjuf07htUfZaEG<H1Y
zs|4Gih5>Sod!4KYzE&4hZXk|g4wvPNFH}BbXO8mJ6|}4)GcBO~4C(DYL3D4J#v?l%
zQ$NO>O4WpIwIUe)O58ku$2h7?P6Qf2$FMo_Aue9TAH(iCFfwWs*8(&0(RZ(1sOD+(
z;gIWg-}yn~=BlzYdX$8D!Y3V~cC1UpY#hH#C7J><?sKe*Ri-{qM*_BaTiZa0Ngn$J
z=JMd&CtQ4!j!1$bzB6*-o^GxxM~&4bXm5%H8*<kd$wno8`1(~&i&~2KLN*X{AAMi?
zbk&LExpDR_r52!xzP*p``~Zp`zt1>*)J^hUv9{$)F%M3gYEtOYZ2aRg*&Rb^7-Fe;
zRH2`tZ-Y_cF?I640+r+DGoGB<a_yJ(iEUiYBD0+#{5o-Q_(7%;L_T(SBf8}H2YNoA
zc=S!pu8%g@+H-tCTQZI>B>>a89r&xjej&*2kWcfyAwCjwjfx5dw3gsmTU*0dAsTw%
z*jm84DOt=-Zi?9J)iqLNXv_huzs-dAR~qi{$fZtRTDn3nVzPY6?qx;ZgeonE2e9nS
zWI0s-RljVQg9s5<BcHS5?r%GPvsG;0=;fZ$Yk$ZyXFKu0z~6o`I&V5z%b)P0ByJ;~
zghJ$N#nKuDo|Ml%@`V61mOgZ=$D+0>nh;PXtiDdnd5^U^JhVA(Oh-qQ1YoxDtBV_M
z{+;=Ab5(j*8~W81nGwc71h9{)I9hN-a5J1e*=v_hm_9k0PL$pYk$%mtN_d#K*ABF_
ze7is(E&F|G#KslF(J9kL<!dM7fGLFl5E^vBKo1nrzQL!D(%ve9L2(gjG8=ER#?Qk@
zP*lIFtutQreCHCz9~ixaUQ!IW@N6Rih#F0RSJp3aC#kd4r40ESFRu6Re9s3UDR%{k
zpLA&JFVh2W@0~3mSGym`{%!DA8rZ)Cb}sh`08(+B+<>cmYSwaWR%9WVGF~~dk@y00
zJ!kq{thQk0;C%i4ws30VCu1M6rqcPyRx6|n>n{rzy1_juu0`T#vT@>G<O28M4T%Tr
zfa9zgqzLHefnBsGW>#|=vS1wnBx)pm&P#p#V~Fl2Yx2vA%=&^&&zj|NB$HM?KgQmr
zPby9WR39j0qK+C{K4_)r$Xbe7o4A^(wNb1KNZ(8(@YiQW4&#Kp1N3+{E!;S87T(@|
ztvvjslM%r`v-*THL~zP;LXn(`x5z>HsynHo@4fH5lRcmFF0zm)rIf?$088e-7uKc{
zJ1{j^tR9O?i=TnLadD3S#Knd^?*(BFRn~JFXkWfeEH#>K$NJ&-J{bctlrvAsssXDp
zpfMq%uxjP=Ej%fvuLWRj0@~m@A2=wX4Ak!!B<k6XHMOoD9S2=S)r_grK^zi`xW@w(
zdF)?W1pH`Ip|iHK9ysEHJdx(2P1GsPikxPF0~&cQ-lF$EpH-5BNC~Dy-KG5613({a
zxuvz00L}hEFG&x+oKq<?SH@m-$@txFrn^U(HfQ1vq090>XD|nF=69Ws(Geu8R1|B|
z1no7`XO2=$5EEd8Z?*TOxO55a*cg%{0Wj`d2)@??XpO;PIWM41!Fch&Io8T~8O>Gu
zR_Y}RCpW3L7!BUUW@`(3k#QTJGHIj4f*1Qnno<%e{wDHixJyIeA)!>K&%hZ&VlRQV
zhE8$WI)KZ#;EVB{2qVW=Z#3wsF7#Q0X@_XY1{EGoHnz$jK@0n$Otx2{+dtq|w$W9p
z=x&}WdJc2_P#kbY-@D4^nGup+>&b_|KT5}qjOc9aLWN5A@rg)>%-$VO>LIN#^<NKa
zfkU5qJo?e@nE1q2BS$qQ1~3sgh|-OLIXCJ{;iDrvsvI$ZpyrPVIRC{kIcWHg>w50(
zziB3Qz*w->R1AQrfZF|!_W1w9Nqh;oaVi1UDzozUC0SCO84~}u8Ug)V`{)0iga0m&
z26pc{$$_;y*?xBO`F@KO(((4v-YEFj@k-%((6y5;dScBmx-RYw$yLv&#`T3s;E{*-
z3O639Lu%yc`k$SJZhs`fgF-!ezN0U^jgKZ_&WZj#h)yUB{7&-<R^_+v>}>Mkv1!A@
zz+KFS($!=kGar%&Eka^F3XnQ?d7z_DDxZc-1ACG#()Ycl{k;^=v5}x^>8qnUUL+TC
zpmh9#%7#08E(`J`K5@Rp#w7Y=+IixahQQGbg>;m#{Yb|eVtQTUrLvIiKJfBC1bhJ#
zmD!no2?5E|Z*tiITqh;r1;)&FJ;%U>d6^vMt)RAnE=A+%mns$QsVc{;*h$ax?X7TD
z?@Ifg9yF>Feb~ot9N2IIVbkL6!DvY4wCR&J;{VD>q<1Axx-}Rf7YkQ76G@$NDCRq?
z&|faQ=tn#;!=Lz|C11B@amB~`s+<m&RxHpz=VxmOex@~}u-V=-C?P!un^Ye-vk!E3
z{0;Kn0-=H4j_h8Cr@e{a+PQjLDr9BK`-sbako)vWCj#YaiGDsHgwJNcU}J`A{mXdA
zBg;<T+FbfXV1aO4u{4H-LyZQxinQ%w+2+~3Z5u=;F|otUS}#Ve{msjZ!?6AkP@@1j
z$bL;O>iEpC4r&qq>8j**`s(is3Y)|gJBG+rMM_k6`@4EXrGfcAlVD=}=~PHJux-*8
zZ*5h1^_6wYULm+E+tGEk=Z5#o^~Cn<sW{O{M$|Hu(l{pKeNSz7DO)qv-@w*{_c^0x
z9;+!1dX?Ip@upY??g3SoCe?QFUh`I2EmEC+qVMr0u|P#ib^YQ8t9c8JDcDo{2C)Ic
z=(oX73<kf>3X%ZX)A)-}Y-MPh3aj1CA_t#b#9KbBgB~Wm@?}Ip)8lI1BzsnB_moju
zE@#X&>UW@yp)MW?-jW<vtMQ|-TZzbo&UPl+OY&R%>>Ipl5Pl<WcyGztrE=Si7<;DE
zpVxlO*+3=9q9$1}bt|kSaXTAupNcnKixffFQPX`BzO0EKJ>p>;ma)IR5%^4%#mcjD
zYga~;7j5-Kp%Ree1CvNAq&#On^nf`w&sJvSc7!AuE*Gch&EYU*W&f9hT|Qsq0L)ao
z5%Bk#3Bk)6jtJVY>WP0nQY5a##_g_*D9655kv&b%YXz0(q(&WRg0`NG%WedCH_L%A
zmhB<^w9=N_&MVRF^Y`>iDz)lZ;q2Pf=9lNxA`~>U$T>4#Ms$5!OR5*!PEtww&fZ<H
z;uTr}W_kJQc>m$T5zuZi!Qxsf!BuBZ=5M-?9GDa8BYwvRcr3Hu_w9_^#wWffkKEF{
zOIA>Xh7EtUb-+Ob{n3E%kER#1>VM2${wo^R?1zE>mWRM@ECT5F)ia?s<&K;+2Ik)m
z_q$vWyxZ{4Jf8Gj>{B>-Ur<a{iEWiOimm#9sA)73oqCfAtSmpaGe%BVaFS2wHuotG
z*Zaog?3+V~Y;dS87<vpe8ADB<bSdKx0*_)Cj^l@Ugwa4Y!|^}kDbS;=V$u;YiPfO}
zs2gz}n96Hu#SQl;<QjP&#7fgZa`d#W=uG=HOdL!ZE^L|}1a|ZlH8#Q9e1T9lPwLeT
ztUl0HwiElH09`vEGqR&S2Q*FVJMsIwa02MvL7M&lO$Ft@I+)&#?l@tVRLoxd=F)c>
O4-{Xh$`(H}3;rM6im(L$

literal 0
HcmV?d00001

diff --git a/docs/images/VS_Container_Debug_Select_Code_Type_Window.png b/docs/images/VS_Container_Debug_Select_Code_Type_Window.png
new file mode 100644
index 0000000000000000000000000000000000000000..3aebaf79e72fb92702f17089a2e7889127994f6d
GIT binary patch
literal 9962
zcmeHtc{JPI*Ka(n4wUwxrKq9RQgdsbQ!Q0P(3%>ADnbk~Q$s>2T5ZvqXKHE`X$di>
zsG7$hBnUMRG0#c3p5Obfb*FdTweJ1v{_*?c?C&~f?RC~ZXPy1o`}^7Zosoey3lldJ
z003aod7}9Y0ARqK4yz02PFJ3{e78RRFnB-Heh4V*y|HvUIqRqa(f|N{#4^)t8BgaI
zJ)VHQ0RT3ie+I)Ol>Zd~AQYmbsbTWUnlcd-XX;q9uo?B<srvfuD*`%<to`q-(zxOU
zbu~L8thm2&Z(MLL*8Fqds_>cG4!;Sb_WY~j%xF`6(EiSIErEr*h0eFaga-0&-uD1#
z8DYK*=BvCBdTj#lk$A#p<l0={M_eb;*D47XLF<LNb^BDh31zuqExF-{Ub+u)Ssz|#
z*q^Ms3jn;zN7I=Bp$Zp(fKdPcE~=*)0jj&l)b*~BQp<3h^U&9)UId7LM<~OYu(hn&
zA|O3A82)>~9s_PubjNMS(B>6zpQPw`;F$W-%NF;U-ygl`yM(R<;7I_fXoY@6z_A`%
zmpRna_efiHWV*q8Pr4)3r{A{DkMbEEJSSGwml$7V9kGZB%!w>6F1FuU9H<f_&rSA{
zPmcEohlcFyG~sm=`NLUZAgnIhc-eDf2XEMgGA?p8k9tV`>p`Qx{tG9i`vF_CQ}jIw
z$$^N0Y4{uFO;@=r7^DVJDFF;A^5Qzy6-8@rV-c%%Tl4AeM0H-|MmYbdKi9xomj*$*
zrMhmh+?Q7}f@4$)M=Pf+tFkn@2hZ?~nY*}r;~m`fLHIVrJ2~;H2P--vV))dYqpZ~f
z2XnfLOG+*o^fx=O2R~TC6z-!85u#t0CSJ{aly)7xrxbEr&r7Uu`U<OtwZldul-Ywt
zrD&K3!w<F2d>3PK^<iOop>_|FTmj8`Owcln`6AaDwBA5yJkw9A-x<`?_|}<n-_A8V
zOPD(}lSMs|u!@q)OqFr$<Z-Y6d-d)22i`6L+%fPTqdMREMa5~1#q-DME6o<~dly#6
zDx^K8e%3e3Dnqoiw2Y>JC$w#)E`rR-LrkI9Vt?*bLvNcz{e-Qk>q9&uccoDFmHKvS
z-`SqGwQkb~aN}$heqI|F5x5LwTt4X`VSzpSK-0Coy6fV8{2CBDCIhFN_yAqvqmBjN
zV3Ky13`2;14)b|~%?h>a<4|k=l(KJ33v;aRB?$$fvgu8fFf3?qwL^*3CuDKqOXX8Y
zBT1EqSE`l_AUoB3588*P-nV<a7g8?F{K(K(=)eT$j##lI|5y)yIJ>ii*La=BNJArc
zzvbwb?5y*j9JJ+3rQEZ9Xzj0PaB$SZe=I<-@&@gN6`$+mY}|-=F&cOC(d;h4=Ca>G
z3AiHcm^)JFZTMWIk7{WWZg<3Ts}hZnP!t>p+wV@5*&0S8<x<Rpf`a<pI}=3wii0hT
zoNs>J?uYrPoSZ(}b9l`ti0`mzxm{b#R0AvU)y9kOF|~$1mKGKkVU)pUt7JOS1<e>y
z(yL8yX$oU(!nDQmC!Z=aa>n`|6W9H=Z$g+L{BF)eeOk%9Yhr3#*Ok2TyE9c3p2r|1
z&213A_w<u_;f~`+yA+bb`gYB9Bu^N9qv<^VS?U;FKLP1Sl)ggYAAB&dJAlaF#{2f~
zj?COv)<@r8JRa&Zi(0CkMC?yAeaG~f#=i4j=w;l#p&tC|`=x^QmNe9{;ELDo=-`aW
z0*Z8_Om7g0pJCnT@a|I+#!d#hbP!hS-Y2zc$KJR&8Oy6;7I}&9M!l4lK}8XV0Q_~~
zdS$<O5{H=u6>t7(uT1Vqrs238ms-mOstd!{*Cy>9@xtEfIp3i<jMi*w75qSCJ%ue*
z*|!*x4AfsJm5az1vMFtds64~+&Lh)T-C`<|gl^&+xf^}W;2S!B&IP2+>?QHDg?qGa
zy^&|gwHfAHQ%i>EtR(Lp=Ic;Pd>Y{_y8GC&yl7VMK55^Sk*Q|iA-lUUpyrbN8;0xh
z6H%CRTwa8N6#BV?2k31W*Eml#C=<@^gz{=OWY)&s>xUz*Jz{<-QG$6fk{tOf(d6rf
z<gTlFiBjT2<}nZI?lppH>hH{|ey$XGP+j)Nk@4}RnKWi8U;0DA#~<z<RbPOCo?cUy
z9N)#8|8V?L+hF^3skYTE<gOK`X*cprXXY{gr8P~;lJ0x!nfKOb#I@vUn8+eIKCD20
zau!QerKm*pIJcP<cCcdi`+QNQpu~qkXDCc|s5wAHO~upYOzkAxmP4D+l?gpLrtd-K
z0~1ERJXFpaac;gh9B?ux6>@R1=v{AH0q89;KS;!<Vcep6#Hg7vvJ$!`->PGQ%kR@}
z0iyhhUgvj>Ky{Pl1w|od&&5n@;cMW6I^JoyC)YB|Oe{#J&xJni6>fopvX$xGr?PCk
zK0b*e@2;S}G;uDw0-)}%2Ez22V;57=975cDM3aK`N`Zk*%*d3Vi}$lv_%|FcEj*kl
znvXP@;cmT5OW?<^TJ%QGa&QE~<DWkvfF3E<-@Iv6Hs~uhFZ9`iPj?{?FFdjFC6}Km
zYDqpqq5chiiDAaCZl$0(-4^qm!0r2ECGFQl<YN6ek5&Tw(T^3*{lmotj$WCi-|>sI
z=B0!>_36zoKAB$>?xQxm2^>*I#N$CkF}1n0A#&T#{o$am$#mfILW<A!M=xN|Pfj3h
z`f~Wnl;@ng;U+$tuCKmd^Oubmna*=Km@GN1xAwq2f0~odz`z1zQB9L!sNQN^IKN{?
ze1odg2i$$L@d#Zcr|u>>j8->lIb(DwO^pFCnLB?Tu)#Y0e-Z}S_#(q?wbOuU{`HUn
zQ2*%Q|6Lewpji2XH(qBbdfqw+nr>!XBA~M`amzl5yv)x>V+7=2by#qx&Z;*Va)RKJ
zb55}G?vWeBg@hcE$j3tK4f|R3hx6&u_U%`=)B-WQJb=*2n?J^k!_kJ>>e2yQ_FPI{
z_E&<J^Z4mbMl1N^WeS$edMpGRtG6(7hyQ>y{M>|W(TB;&kTy4e9SeJJKZ|{Yqt)^b
zWcKr(_DwZ=9x2l<D7b-mV}VS*1Hp+*RK`Yw;i<vMjc2Y0F!rL619<)BZ`VaFSO{-f
z<pW+|l87P}3ra+}k@ODE*9@K*eVY52B64|H{kDwu=o%k|Y4w}r1V5yqQ7v~vZe`;a
zGBq%ybVyy+xc21x(nado#lx2^hUiU52z~cm6X)Qxh1k&M%nf%q8>$`xM_+|G&*T1{
zbI!L?8E<6l7yD(s?E;4<i5M521!Y8Fu-LBb6PjbHEbKFdU0JfO@r3=8RJuj@>gR6K
zM)&hR18i62u<gfNtBrawa;i6};hrB*`+AhHcd3QgNVmZx3Pg;kqB22G9Nf`_R<qX8
zNB0YCEupKQDvIZBTDlDgJ@@{c^>?>r_s+l^4Cp`Mqr&~GSF&!E7O=!rL%P;@Qr>RJ
zJv$1SR$g&Rci7!?DNwdB_NelnEdfh=SsJ$m&aQ@|yh12fmEy2#1BikdiMV%u4f;i^
zWZ<BI<tp<1SRq)@fmGG~d4kS^Ta7bF|BlYwU8K>V9VJz67paF9V`EEm&y{8tmsh;J
z2sa(Gz?*G`G@5IaOv#3)krRJ<F09KdvEC|3_1BuYig<=PF|$g1ifM6wqvdi)TVr3~
zLZ-iccgp=LF$lR4G51kn@`7`yQp|})76O((?%6gvRo3rKJ$@8((jv>nGcFMLFwMVS
zC|sSLk|kKN5R(+I5~Jg=+p_huhyongM@okG09PL|uP3O8Q9EKng3NkNmodr{?hfle
zJh%ET0|mUbvlBiVx+VzD9E16gFUrPYwb_S<e{&%gW(DjY>&xTGD5;7MA4zkX4&z(n
zzFk+XK#9Ythp8}OQb;c?AYz5xfTt1n2pS{3;+umWhY7>SYMvei?=f8DNKUNFJn`58
zAGUtGH4_%F^qt(P2x+T<rsk#33HQX$zCQoEZS~vYD?%schhsQ>$P7iD!$WNn%E@0y
z_Jusb$wTUxd(zf}<t-{<+U@oe<^fb?e>G(w?uWGBlR;#Rc-xIfR3wdm@46`FM#0Q4
z-td~XzGj^@S<$5foiv+j^@1DcBlbLr<<iCuKG2%f8Brvzw(VmtnPOmR_Fej?11D(}
zW#ib-4Y|LwX2=T^#m_2r&{T^5mPS3ZC-oYPA9&GHlvFZAjhkhL|CX66L%Dg0lLnQa
zK@npkIYI{a?P6r#_lV2k-F~xJTD9=7k5|mdwxt)K+=|Dq`72v=*88aK@!xBG@BHbE
zTgB|&Vk#EC&>nLv2%U5onPA$}NOyJVpG!?fc~$wYhO(k&l&E)%nvq?$h0NxIyy#Ki
zZgxnlUW&~!(l2R-?@_C`@O5Fzb^SOWT7HjV6lB?RO4M&crD6OHJx$0B{PP+c57NR|
zuQrC$cfLC{Wu02t-s?6`cCdUjpWRv?Hji;_8e+ku&RzUOb#W=Es<MD;i5A}x39x3L
z+XK6mBM6={OMb>@m<^e9b3ve5Rcf>w_E~F;zmm^xxn8Et59(p{jV=rsJW<o9I}BN|
z==RE^UR$g=1p{1X4k$aqIYikCw_Y@};G`r#?Ma1HQv2B6{6Z>S$tQc%_~m;?ew`s<
z10Gws^h&fWU1C=y?W;JJw<_m4rW4Zc@HBA+^earf)p-UR0W;%oWTp@<lpe`b5;8R+
z6bqk>P+UnuwsX&!*H_hlPzBu8zC`n`do3<I_<JEcs5PZCg<_V1%rUtylkD0=4zKGg
zBM0Y;S|oQBJ+9TQWm?0VksvC+p(Te$#3>%}+<Ot40Sr<9I=sX=wp(kRaE`o!#_@gl
zW)teaRGDNqGvCRp#BvaB-(LegY;}1w+uLC$O>oQ_y{qE48pn%x+&NTrd387R@4@|9
znXPS`lw)D-bWh>V*(v2#T$haU+PZq&((vVW;5<b8Zok^R#S(VCZEMD{TQ%lV(q?$i
zR^cxR!;FASpMT&VcMXJ`D2#pWl1InqttWJ_$Is760?Q@Ce|N^^@i>sCPF|v0H9y96
z>=Dx?7uu_rq>qQ~`~qdftFyLdy4CxWCloxXq9LmO=|12)t5}R%CzlkAcft)sA}G_I
zEjUKDt~q9|-{(?2xHDG0$>n{iL3C#QvU}NGxRSDgXIqZg^a0l=d7w<m?2Le0c0T>2
zTDiiCPW!y~ZEP>$WOLSmQS6MBA7jY07Ot(xCg|Xx4ahf6N97iQzF5c%y{KQSU0EHy
ztGRwf?cSYf0~McC8hxCtX8Vd-wDn^rMIryz2?u5?p&vb2H(9E9;ME!iS*ju+5UAXp
ztbT~kKE5q<FZ}qd%|%R&$l7C0ABjD0G``&1vd!V_6qCq7%Sg4!^nU&0PH|_x<flYr
z;XI*Y7P)`lTZW}l-3t7MAMjHJ)sqDPBnUQN22An(UyIBzpld_j?uU|z-Ktgfoh;g%
zRh<>WG$i%uea)o48xk@?!Q(NEfCuZJxRIBE0h)XhyD^kbENyRKtDSbg>h!1lpHN<5
zw1KKrAt#v{@>W91IPF{ebESs@CMxz!Rm49U_{UzAb55=v?5Z<qa6>TUI7YJo-IlvA
zHZq5B!hphC`xU7;P9h~#AFzCISlA&bmBpHMggn}Trec;kxN83}s+80naPYmk1Nilh
z1=#RAdDph?L&Lma`8KXE?)`~-BW*Ke@}^zXZWr@UAAddi``C62%f~{+bAX(nRsxN+
z!I8|xe+<bgJ}l|ZP*h!{_1Tpr@k>&*@h8FkrGH$If6uHX9^&Pn*rg!RWr;!MJzvDU
z9&LKGeUF(RbdnGnq;#)mRl3+Yt12J=H6}o{AC`csVmY|$R0aKbZ4xW@-_Rp<{p4Y!
zc++l-K}cc+q_nCiv9^10uZ$%rQ)Zphti3;IB(1WXy2a=Z&K$iwcF6FckAnvpXzn-?
z#ToX~d!kI^)sGqVR9r^g3-YzDt5sOlJKHVLfu36~<q@SKC4{%C#dMI{Q!@#%FJlG^
zSY08v-tP6M0i9Qmo)+%GI53K?F{L=to_`WH;K!=v@C)YsH@?BS8fGA(Yr40g9`w{W
z_QCJfT3Kl)FS{|kD`lkddVx!87>X$7)J)0bIWf+z$knl^)JHSt!1Z1=ADC-D?*)la
z832J%qZ@d%jD2bvxi^{Us{K1Vrk+PODzdDxI2&Q!E?W~&f4J@ZO*Tr7tyD?;-fnz&
zluVwJE&Z!RT$@C4;`@CaKO?qGGDbU}$nkR~2`w9e{E;y?q1L8P5HGb@6fT`PNOvGc
zGJZ;XO5A&nR+loQSc;1!JAM%oOY!^BeX*rwV*b=jXzJ5i#8}}1Xa0{GyUBOdh6K8Y
ze?!Kx!}UTyzjte7HZoS~+q(8F&xwCBZK*O|W1;tqdlzjz^-sk~XpZHzT?8&?Bl|Xc
z`JI`UW3DbNO=4Bc8^suT5_aMiloxc5Hdr5GlEi4+Kk(ss_nuGXv*ZA*32^Yn(6}|E
z?s3`zIsJ;s0NuJ12?))SlBex3uY%8<>vC~C>MAl*7emYgh5Tt<+g`IDP)obG&KQ9$
zoAv76Mm;up@^Jbe!gU1=p^nIuLXAqptiZ`VY-NFdsZ;&9Y7dIBv43>n?AL7)R+rnA
zp@cCAS>gEZ8R2Qyu}$auSp9ftsSw9?g%{|6`Hyx*zUYXuu@_h+x4LLB^n>SqFK0lp
z26q-)Y6zMKaq*u!`6&kkG-w9*^bO5=o$-ikpL%-BoP1aM*N(#L>lW(X3BmAsW8-eG
zw9d$~Pw6&3Xl94CV_Ct`>G{M`W&L=a^D>q1a^Wx1lyyCNoL}?eo~{Vql)?4zwj^}~
zJEp9_Q!7Tx%$tgJo0Xjz-0R%Iavkz^g>HuJB_~o8bM;ll)Th#T`6$vgD;wtjw6c58
zIetE$rQCK<x5Mo<h`3&`dLFRI`z&PIVK`pf8@G2Qw`sqfvyE8Br@3xWKbKRY%F8k3
z(eVA{SJ_@q!^iqPs)`zi4!5r`<fyie&>qGHdw!5LGfYxSY$;c0TC|~z9IHtmeBk6Z
z>u7{2yq~lTzu;!pQ!~H_pc!vOl?Fw16E2uhDl(f`xQC9sBB)PrM^{RxpKhO-N|wF|
z1OTFwiK`a@50q}v0D#GwlAbIU7pX&%9{^xgzC2fB6I!=AjXjz^fz|;4)mzTE{gAEZ
zSg7Iu#6s3e&>FWF<G0?qs|zAHfY}Fw({jG)l&b)M&qw%0+_jUS3fhYM`HrQ%n6_K3
z1Jk=9$JMlz+9Fqe06-FgeM62-147ByijMbnE_Y3c>QQ$-sq0~hYgVPZSe<NjtPbKE
zWgu^{Rv2yheJy~Lh-p}>UsdeY(<ax-Vr>p;CHxpI3XbI+>q*O?>@NG2LCNQj#~by@
zIB@B%m*wkCA9CxuFrdK{`^F}h+h%BKFP7-<S=hBxNK9#V`Bs7&b0P0b7e27Yz;bU`
zm^%bj`vf_jf1Tu7JH%Uims1LAt(;!$YrD?@{&R_3@iHv)H&b)YLkly1{g6%1PmadP
z1h7yJ6rFs>vRituB(6Qpii_Q>J?nkY?OGly(-qc^X3%@4^CF?vd2N#$Tf1BYl7ED$
zS+r}Q{4;4cgvE#y_$AZPWYO*z=oa&WP-Ii{u<xKrkdm`q;cx8M$D*L?bF*a^-(K@n
z8oyK6^^1vG)s`k8W@fJ2lh);Rits!;?Hi;GP(1V*&3|3E%t|6r&P8ACmOaxZQ3z$J
z)aU0oD@%9yW>6JSGAWNsO(y-i2K@N<P+aroig)^GhArYqobnu<0b?a*JuUs*(U?&D
zq?HK_0SmsbtrZ<SDsd&&Y0eigLVBwl(oAHesh&&E+?=aO85sV*l#gA(Qb7fU&0`A%
z-8d&$_7C2XG}v;_9%24DR;23X7nCP|{UzZWfZ9jcD001JS>?L4?15i>@G~TaDnTl`
zZYu5G5g4E>{&(e-<OsH&*o;ElF5DO;5^6c`5a|ZK6_hFPG5hz`lxwNnpIL*(#oZA1
zss?SLOSTm=9G{3UzF=ThQTYz;1>;sZEZ?0cIM@$#K%S`&-d)c8tI#lEHv0LRyp^iG
zb56y?ibGHV?9U8zRC)W|ZAz3;Vu^R!3z;7Dsof?W*`AT83CaMXnBEiE%`x^zzSW=_
zEV^HnVtD?6(&F9*kMf4#R*SpA#Yun31L<NjKUqdN#Ez+d_&y=7IbAG_JF4sIPcb)7
z3%S0l?I5pv;vO@FFtxiN{L1YN`{w9j-kxvD-7MK-g>d}K=xz*5x%Ew3QhuT0ewxiY
zjZbDj&y(hdE(xb_FMe+LlAe6OA@6q@hJP?Y`s8y#@NaOfp%yf~&!S3m-!ei!gHM4a
zbn+{y#l2-s!GX}V-sy6(!ko$4`14IoVHs8@Yr;aR62yBmzMuzYQONk(<H>R%=@_Og
z1A6f;^LOJ*cdMnpOvMVyrh26A^dl4}P#QMnVi^9g7v=7cG~zhQG&s@K+)AO7x!P9S
zcmQqaWE6im#XOqM1||F=i+g?5+KU7QHdU79xYy>x!i2taUlfCs?pE?vKIDbgdZizH
zz`(pTU9MYF<U~lREw0-$MA_@59ezn`EqBV1RY9da_k<aCiEh}^ynwL`rxL^J$0`4D
z)En%x^SZ`eRzsd24O~uwlDoxz1PsahJM&OhpLly3c^kU0o$F8c(K}$FgiJQBcpSOb
zA(GvlPH<!Xj7}h@BQ`LvKe?7Qo*UIKRIMfP46H99>B;TJ*Y)O&{E~#UZ*Po{zRapo
z<`Ynao1`3CKxeSf6BJj&Y`10&lD3Ud%`(5^i$1JT@V}btoY^okavzbcb;~>aYKN<(
z-*XR;6bdW{1Lli39M|luTo~)?tcRu(Lulq&pBGuADhg2W0<d*rNr}tnu{9Q{z*{B(
z-p4xELakAje6W1n=vHRK88>rVv12?J>Kph)U7&y)U#Zil;mq2<1tWX=&i2ks>`o|X
zI^8?R|73Zefni5qZT{2alX4&A6(>)*2g$4_y^ei*t5Y&zLRDq1Y<S{$Gw9iX1LwAf
zNR?!1Tw3SwS$?C(uTtEKoIpRXz8zbM47Ahc96ka7Akk4{eq3~e6mL$!rt^RXrvHL7
zGr&$zYTy&f0h_Iy1r2J4T@*TXKlvTIaA)*2v422Xm)#%hc#577NajDJ*L+{LlsUvV
zk&?bXgfcGob(yb&>m^IF9RCF{issukjY_sbg4a$N<Dn_zmPnR(DdgsR4VL>^$7>Gb
zeb53rAM`J}Y2vdYodJsw%Rk#EVdi^96|3@!=<#g9E`GjVvuwHNgNDfrfWIc#ki;QW
zli4Mfc1+<@gh|hif!de=Tin0!6|%E!DzwPqW-+=+`rOo)t<+Z~gO*5K%L^aZzOp1U
zCwlAk+NH}#s`PeV*HKUsv%(!U{AEB~zBv39xSDu243T7G*q;_~wT=$yHAC6tUv}zY
z87cN%0$xx<(D52S=PqUiUs2y}Qt!C6mwKA^+@ABqI{qg#vK2ods;0QfUvf6FSi!de
z#)|musW6aHNUiwR6MjUF+o*mjKA3AiVaKe)J{wd!_4G-rYEs*$J*$RN!>*${z3cjB
z`m%E5a5bR=h8%^v>1bt>Qv7`LfzZ!lUtUnO-UuPhQ=g(sj_P@*6x;Zt599sWaRtBP
zptE8Biaid#J;(7bz#7v1$S{+?fwheBTobr+S8M;>;!&KZBO-j^Y@sTG7Z6wE+AQTH
zIsUo->{mIgfJb!jqRX%<`{z^mGz(A;mJZ(V@lbfHKk=jB?WkuntT|dO^-9%5$7z&V
zwYxR$f@Cj{7go%>jAH~`efD_Tak0fQPXXs7<FMfaXNi6Ed4HVnJT)rSxzr%LdNN_#
z{uLrDoaGkcTHp)kUb)&^jG%%~M7z6AY!hO<sXWH`vw(b2^aft2t8Ewlq$sk;aEdjZ
zH{9sr5r^!}R~bj#;0jdvOvi>sTxl$9*+<LeC3pVOgYD{-a8C@()ICn8`lit6xgxW#
zl>=qLNdkaZIhM_aAvJU3HQrTXnaBZ1n^c<mg^|)pn46Jv{=;+;&dMhaenyGimVYKU
z*mC8>*?m^T7L;x#)Uf0A?bDym6lMx&z|~2A$7vWZaC{n@mPJ7Ij3;J#C$bHUowF@c
zUoC!_HM^TR-6W^I(EF5SzcW2EO$3k=2S1G9q{C!PO-&Pz5I~l8;q2gNy;*8va&mH2
z?ov6R()XHt<UEBAD}z8s=kGaXhsaxigj~MuZD?_0qjg$(`do7abCqEul77@tik&2i
zg%I`EmrI<$kb|_TJN;;n?j(t1UoJpDY4_{K8Nih8;(Z+DG)43OSBiG?pFHi~;@@}h
z?|1P3y&EifAMGr?-$Nw3Jg;kNJOjv~nn>BWk{zr@PW?JZ_{$jk|IS#!U%mDxl1OvE
z-m!Zf(*h1pO9E~-3GZK@Ip6u+wk1F0<haUEH70z^Y*A5wHg!#6V={0>g6savH<$R;
zt&a8zHuEx^-exNM>Jo{>+1iydJ@ErY)=ta&Z4A@r(Kl55^dnh$MNbRyA1UEp`4N++
zT?+Q6T_aV7k}+q1`Ml>d)_#gP_GPg!sU;|s_Q1TMZ2z(ThQA(<wgFOE=X8NH4+)#6
zd)g2^AN-FswYk|E2MuGxgR}vUQC6eAj&h_-ejdRVmSX$caxa7OxX%$-u_2Q+@Z!iy
zWMHPqUyv5+mD{AS5IWT0r6Fn6PY^5jz=J*kRyW4W)9vxi=CjRt`(x^h1FQ<|ACL+<
z+t`*qLOt^KV0(>T(G}za@IAS(b#<Z3@@q-Un^nmll9&01-wl=AUs$bSRp^dW8oXPl
z^7wHqRGo|_v?u&#{_I^Q-Dpv)<iB*a`SRWKQ9KU#$@31@7=ar=Z4LvV0J=I6_uIh>
zUl_5)B-c18xU}u7itUE6_Q*Ss3OgfX<~PQZLdT&)tM(caGOIZ8^;y)7Q!{E()OAEx
zNmfAxhj9p(Ny1PH_aE#xP{Wl5-9HQIp5#1RZ>K!fgHiuX7w>r)_pD^Dk%OGoo~pA>
z8)Jp;qz`FI{L-%j@Iv70^4SW}!B{KF9i<Dv9II8gB-h__DU$K!1@k^Amy-B1-kl4-
z8QpIq8_o8hMM_&Kltf$g?Zm3iS7g-yBUio9QV>#wxPv&jCKGwFJKeR%z1I#pfYMt_
zJl*cb*`D;+4txOTJ|;B%mO{;(rB>xCJmV!3cFVO_R8J?{{YkpW!duyMa@FSf@LCEP
zc9|G3X3i!5iT(7ZuS*S+kw$#!Gw0IeZHC_}QIhMwtTbxRCDxviUWlF)jqPOy+AP#&
zNaqrACZf_D+(*T^Gd32}|8mWlmxIONbP7{y?UdwwYyUY|$^-n0jCZ+$=vmX(zf_dl
z%-55Ci^zGgGmNS%E>NT8!BN@h0K`P_WFXX=tczmb2A`v+Ip{u>1G0au<8jdK0gW9x
zgzc&a42f%J9M2s<jIx#i=o?C2nxbN2Zk(N9W8?S_yecDpbAJ>!v<E#O^!%^Hu=NrN
z>+Z24-)WiKmooG7GA#T4sdHSqe(!-nhN5kqQQ2v;282t|BZt!2<~bFGnF-wpH~**9
zdo}RrPdARX=tvwH;i!*f;ek@;XB6+cx867(Jj^f&b9Yb9(~j*tZFrjfqs4mS^@Xfc
zceMO1+>%7yUw5beKGn53)%_Q1EgSULe_51P72G;u(1gyP>kW+1Iqgpa=x7;emOXqC
G_TK>5_x*?f

literal 0
HcmV?d00001

diff --git a/src/Certify.Providers/DNS/AcmeDns/AcmeDns/Plugin.DNS.AcmeDns.csproj b/src/Certify.Providers/DNS/AcmeDns/AcmeDns/Plugin.DNS.AcmeDns.csproj
index 59701609a..c549f5180 100644
--- a/src/Certify.Providers/DNS/AcmeDns/AcmeDns/Plugin.DNS.AcmeDns.csproj
+++ b/src/Certify.Providers/DNS/AcmeDns/AcmeDns/Plugin.DNS.AcmeDns.csproj
@@ -5,7 +5,6 @@
     <Platforms>AnyCPU</Platforms>
     <AssemblyName>Plugin.DNS.AcmeDns</AssemblyName>
   </PropertyGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\Certify.Models\Certify.Models.csproj" />
   </ItemGroup>
diff --git a/src/Certify.Providers/DNS/Aliyun/Plugin.DNS.Aliyun.csproj b/src/Certify.Providers/DNS/Aliyun/Plugin.DNS.Aliyun.csproj
index 7fcb8ae6a..f137b7df3 100644
--- a/src/Certify.Providers/DNS/Aliyun/Plugin.DNS.Aliyun.csproj
+++ b/src/Certify.Providers/DNS/Aliyun/Plugin.DNS.Aliyun.csproj
@@ -5,7 +5,6 @@
     <Platforms>AnyCPU</Platforms>
     <AssemblyName>Plugin.DNS.Aliyun</AssemblyName>
   </PropertyGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\..\Certify.Models\Certify.Models.csproj" />
   </ItemGroup>
diff --git a/src/Certify.Providers/DNS/Cloudflare/Plugin.DNS.Cloudflare.csproj b/src/Certify.Providers/DNS/Cloudflare/Plugin.DNS.Cloudflare.csproj
index 72d47ff8f..25862bddb 100644
--- a/src/Certify.Providers/DNS/Cloudflare/Plugin.DNS.Cloudflare.csproj
+++ b/src/Certify.Providers/DNS/Cloudflare/Plugin.DNS.Cloudflare.csproj
@@ -6,7 +6,7 @@
     <AssemblyName>Plugin.DNS.Cloudflare</AssemblyName>
   </PropertyGroup>
 
-  <ItemGroup>
+    <ItemGroup>
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 
diff --git a/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj b/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
index 57f33b801..c33de58bb 100644
--- a/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
+++ b/src/Certify.Providers/DNS/MSDNS/Plugin.DNS.MSDNS.csproj
@@ -6,7 +6,7 @@
     <AssemblyName>Plugin.DNS.MicrosoftDns</AssemblyName>
   </PropertyGroup>
 
-  <ItemGroup>
+    <ItemGroup>
     <PackageReference Include="Microsoft.Management.Infrastructure" Version="3.0.0">
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/src/Certify.Providers/DNS/SimpleDNSPlus/Plugin.DNS.SimpleDNSPlus.csproj b/src/Certify.Providers/DNS/SimpleDNSPlus/Plugin.DNS.SimpleDNSPlus.csproj
index 51cd4c601..9b8ea49a7 100644
--- a/src/Certify.Providers/DNS/SimpleDNSPlus/Plugin.DNS.SimpleDNSPlus.csproj
+++ b/src/Certify.Providers/DNS/SimpleDNSPlus/Plugin.DNS.SimpleDNSPlus.csproj
@@ -6,7 +6,7 @@
     <AssemblyName>Plugin.DNS.SimpleDNSPlus</AssemblyName>
   </PropertyGroup>
 
-  <ItemGroup>
+    <ItemGroup>
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index bd8ee3afc..e28907b12 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -4,7 +4,6 @@
         <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
         <Platforms>AnyCPU;x64</Platforms>
     </PropertyGroup>
-
     <ItemGroup>
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
         <PackageReference Include="System.IO" Version="4.3.0" />
diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index a9e5d7435..5bb5e56fb 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -32,6 +32,9 @@ public static class CertificateManager
         public const string DEFAULT_STORE_NAME = "My";
         public const string WEBHOSTING_STORE_NAME = "WebHosting";
         public const string DISALLOWED_STORE_NAME = "Disallowed";
+        private static readonly bool IsWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+        private static readonly bool IsLinux = RuntimeInformation.IsOSPlatform(OSPlatform.Linux);
+        private static readonly bool IsMac = RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
 
         public static X509Certificate2 GenerateSelfSignedCertificate(string domain, DateTimeOffset? dateFrom = null, DateTimeOffset? dateTo = null, string suffix = "[Certify]", string subject = null, string keyType = StandardKeyTypes.RSA256)
         {
@@ -269,6 +272,72 @@ public static Org.BouncyCastle.X509.X509Certificate ReadCertificateFromPem(strin
             return cert;
         }
 
+        private static X509Store GetStore(string storeName, bool useMachineStore = true)
+        {
+            if (IsWindows)
+            {
+                if (useMachineStore)
+                {
+                    return GetMachineStore(storeName);
+                }
+
+                return GetUserStore(storeName);
+            }
+            else if (IsLinux)
+            {
+                // See https://github.com/dotnet/runtime/blob/main/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.OpenSsl.cs#L142
+                return GetUserStore(storeName);
+            }
+            else if (IsMac)
+            {
+                // See https://github.com/dotnet/runtime/blob/main/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs#L108
+                if (!useMachineStore || (storeName == CA_STORE_NAME || storeName == WEBHOSTING_STORE_NAME))
+                {
+                    return GetUserStore(storeName);
+                }
+                else if (storeName == DEFAULT_STORE_NAME || storeName == ROOT_STORE_NAME || storeName == DISALLOWED_STORE_NAME)
+                {
+                    return GetMachineStore(storeName);
+                }
+
+                throw new CryptographicException($"Could not open X509Store {storeName} in LocalMachine on OSX");
+            }
+
+            throw new PlatformNotSupportedException($"Could not open X509Store for unsupported OS {RuntimeInformation.OSDescription}");
+        }
+
+        private static void OpenStoreForReadWrite(X509Store store, string storeName)
+        {
+            if (IsWindows)
+            {
+                store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+            }
+            else if (IsLinux)
+            {
+                // See https://github.com/dotnet/runtime/blob/main/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.OpenSsl.cs#L142
+                if (storeName == DEFAULT_STORE_NAME || storeName == WEBHOSTING_STORE_NAME)
+                {
+                    store.Open(OpenFlags.ReadWrite);
+                }
+                else
+                {
+                    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                }
+            }
+            else if (IsMac)
+            {
+                // See https://github.com/dotnet/runtime/blob/main/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs#L108
+                if (storeName == CA_STORE_NAME || storeName == WEBHOSTING_STORE_NAME)
+                {
+                    store.Open(OpenFlags.ReadWrite);
+                }
+                else
+                {
+                    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                }
+            }
+        }
+
         public static bool StoreCertificateFromPem(string pem, string storeName, bool useMachineStore = true)
         {
             try
@@ -277,9 +346,9 @@ public static bool StoreCertificateFromPem(string pem, string storeName, bool us
                 var cert = x509CertificateParser.ReadCertificate(System.Text.UTF8Encoding.UTF8.GetBytes(pem));
 
                 var certToStore = new X509Certificate2(DotNetUtilities.ToX509Certificate(cert));
-                using (var store = useMachineStore ? GetMachineStore(storeName) : GetUserStore(storeName))
+                using (var store = GetStore(storeName, useMachineStore))
                 {
-                    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                    OpenStoreForReadWrite(store, storeName);
                     store.Add(certToStore);
                     store.Close();
                     return true;
@@ -367,11 +436,11 @@ public static async Task<X509Certificate2> StoreCertificate(
             }
         }
 
-        public static List<X509Certificate2> GetCertificatesFromStore(string issuerName = null, string storeName = DEFAULT_STORE_NAME)
+        public static List<X509Certificate2> GetCertificatesFromStore(string issuerName = null, string storeName = DEFAULT_STORE_NAME, bool useMachineStore = true)
         {
             var list = new List<X509Certificate2>();
 
-            using (var store = GetMachineStore(storeName))
+            using (var store = GetStore(storeName, useMachineStore))
             {
                 store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
 
@@ -394,7 +463,7 @@ public static X509Certificate2 GetCertificateFromStore(string subjectName, strin
         {
             X509Certificate2 cert = null;
 
-            using (var store = GetMachineStore(storeName))
+            using (var store = GetStore(storeName))
             {
                 store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
 
@@ -420,7 +489,7 @@ public static X509Certificate2 GetCertificateByThumbprint(string thumbprint, str
 
             X509Certificate2 cert = null;
 
-            using (var store = useMachineStore ? GetMachineStore(storeName) : GetUserStore(storeName))
+            using (var store = GetStore(storeName, useMachineStore))
             {
                 store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
 
@@ -439,9 +508,9 @@ public static X509Certificate2 GetCertificateByThumbprint(string thumbprint, str
 
         public static X509Certificate2 StoreCertificate(X509Certificate2 certificate, string storeName = DEFAULT_STORE_NAME)
         {
-            using (var store = GetMachineStore(storeName))
+            using (var store = GetStore(storeName))
             {
-                store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                OpenStoreForReadWrite(store, storeName);
 
                 store.Add(certificate);
 
@@ -453,9 +522,9 @@ public static X509Certificate2 StoreCertificate(X509Certificate2 certificate, st
 
         public static void RemoveCertificate(X509Certificate2 certificate, string storeName = DEFAULT_STORE_NAME)
         {
-            using (var store = GetMachineStore(storeName))
+            using (var store = GetStore(storeName))
             {
-                store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                OpenStoreForReadWrite(store, storeName);
                 store.Remove(certificate);
                 store.Close();
             }
@@ -727,7 +796,7 @@ public static bool IsCertificateInStore(X509Certificate2 cert, string storeName
         {
             var certExists = false;
 
-            using (var store = GetMachineStore(storeName))
+            using (var store = GetStore(storeName))
             {
                 store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
 
@@ -772,9 +841,9 @@ public static List<string> PerformCertificateStoreCleanup(
                 }
 
                 // get all certificates
-                using (var store = GetMachineStore(storeName))
+                using (var store = GetStore(storeName))
                 {
-                    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                    OpenStoreForReadWrite(store, storeName);
 
                     var certsToRemove = new List<X509Certificate2>();
                     foreach (var c in store.Certificates)
@@ -866,9 +935,9 @@ public static bool DisableCertificateUsage(string thumbprint, string sourceStore
         {
             var disabled = false;
 
-            using (var store = useMachineStore ? GetMachineStore(sourceStore) : GetUserStore(sourceStore))
+            using (var store = GetStore(sourceStore, useMachineStore))
             {
-                store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                OpenStoreForReadWrite(store, sourceStore);
 
                 foreach (var c in store.Certificates)
                 {
@@ -887,9 +956,9 @@ public static bool DisableCertificateUsage(string thumbprint, string sourceStore
         public static bool MoveCertificate(string thumbprint, string sourceStore, string destStore, bool useMachineStore = true)
         {
             var certsToMove = new List<X509Certificate2>();
-            using (var store = useMachineStore ? GetMachineStore(sourceStore) : GetUserStore(sourceStore))
+            using (var store = GetStore(sourceStore, useMachineStore))
             {
-                store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                OpenStoreForReadWrite(store, sourceStore);
                 foreach (var c in store.Certificates)
                 {
                     if (c.Thumbprint == thumbprint)
@@ -908,9 +977,9 @@ public static bool MoveCertificate(string thumbprint, string sourceStore, string
 
             if (certsToMove.Any())
             {
-                using (var store = useMachineStore ? GetMachineStore(destStore) : GetUserStore(destStore))
+                using (var store = GetStore(destStore, useMachineStore))
                 {
-                    store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
+                    OpenStoreForReadWrite(store, destStore);
                     foreach (var c in certsToMove)
                     {
                         var foundCerts = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/.dockerignore b/src/Certify.Tests/Certify.Core.Tests.Unit/.dockerignore
new file mode 100644
index 000000000..3aae53927
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/.dockerignore
@@ -0,0 +1,32 @@
+# Include any files or directories that you don't want to be copied to your
+# container here (e.g., local build artifacts, temporary files, etc.).
+#
+# For more help, visit the .dockerignore file reference guide at
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+**/.DS_Store
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
index b492f8874..5e829ce2f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
@@ -360,19 +360,19 @@ public async Task MixedIPBindingChecks()
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"));
-            Assert.AreEqual(results[0].Title, "Certificate Storage");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Storage", results[0].Title);
 
             Assert.IsTrue(results[1].HasError, "This call to StoreAndDeploy() should have an error adding binding while deploying certificate in preview");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsTrue(results[2].HasError, "This call to StoreAndDeploy() should have an error adding binding while deploying certificate in preview");
-            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[2].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Add https binding |  | ***:443:test.com SNI** Failed to add/update binding. [IIS Site Id could not be determined]"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when not in preview")]
@@ -385,7 +385,6 @@ public async Task MixedIPBindingChecksNoPreview()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -406,30 +405,30 @@ public async Task MixedIPBindingChecksNoPreview()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled with blank certStoreName")]
@@ -442,7 +441,6 @@ public async Task MixedIPBindingChecksBlankCertStoreName()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -463,30 +461,30 @@ public async Task MixedIPBindingChecksBlankCertStoreName()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, "");
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, "");
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx file path")]
@@ -499,7 +497,6 @@ public async Task MixedIPBindingChecksBadPfxPath()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Asset\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -520,13 +517,13 @@ public async Task MixedIPBindingChecksBadPfxPath()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
+            await Assert.ThrowsExceptionAsync<System.IO.FileNotFoundException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath.Replace("Assets", "Asset"), pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx file")]
@@ -539,7 +536,7 @@ public async Task MixedIPBindingChecksBadPfxFile()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\badcert.pfx";
+            var badCertPath = Path.Combine(Environment.CurrentDirectory, "Assets", "badcert.pfx");
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -560,13 +557,13 @@ public async Task MixedIPBindingChecksBadPfxFile()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            await Assert.ThrowsExceptionAsync<ArgumentException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
+            await Assert.ThrowsExceptionAsync<ArgumentException>(async () => await deployment.StoreAndDeploy(mockTarget, testManagedCert, badCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME));
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad pfx password")]
@@ -579,7 +576,6 @@ public async Task MixedIPBindingChecksBadPfxPassword()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -600,30 +596,30 @@ public async Task MixedIPBindingChecksBadPfxPassword()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "badpass", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "badpass", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when given a bad cert store name")]
@@ -636,7 +632,6 @@ public async Task MixedIPBindingChecksBadCertStoreName()
                 new BindingInfo{ Host="www.test.com", IP="[fe80::3c4e:11b7:fe4f:c601%31]", Port=80, Protocol="http" }
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -657,19 +652,27 @@ public async Task MixedIPBindingChecksBadCertStoreName()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, "BadCertStoreName");
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, "BadCertStoreName");
 
-            Assert.AreEqual(results.Count, 1);
+            Assert.AreEqual(1, results.Count);
             Assert.IsTrue(results[0].HasError);
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The system cannot find the file specified."));
-            Assert.AreEqual(results[0].Title, "Certificate Storage Failed");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The system cannot find the file specified."), $"Unexpected description: '{results[0].Description}'");
+            }
+            else
+            {
+                Assert.IsTrue(results[0].Description.Contains("Error storing certificate. The specified X509 certificate store does not exist."), $"Unexpected description: '{results[0].Description}'");
+            }
+
+            Assert.AreEqual("Certificate Storage Failed", results[0].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when DeploymentBindingOption = DeploymentBindingOption.UpdateOnly")]
@@ -683,7 +686,6 @@ public async Task MixedIPBindingChecksRequestConfigUpdateOnly()
             };
 
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -705,19 +707,19 @@ public async Task MixedIPBindingChecksRequestConfigUpdateOnly()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
-            Assert.AreEqual(results.Count, 1);
+            Assert.AreEqual(1, results.Count);
             Assert.IsFalse(results[0].HasError);
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
         }
 
         [TestMethod, Description("Test if https IP bindings are handled")]
@@ -758,14 +760,14 @@ public async Task HttpsIPBindingChecks()
             Assert.IsTrue(results.Any());
             Assert.AreEqual(2, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"));
-            Assert.AreEqual(results[0].Title, "Certificate Storage");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Storage", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:80:test.com Non-SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:80:test.com Non-SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
         }
 
 #if NET462
@@ -783,7 +785,6 @@ public async Task MixedIPBindingChecksCertificateThumbprintHash()
             };
 
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -805,30 +806,30 @@ public async Task MixedIPBindingChecksCertificateThumbprintHash()
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
                 CertificateThumbprintHash = cert.Thumbprint,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when CertificatePreviousThumbprintHash is defined")]
@@ -846,7 +847,6 @@ public async Task MixedIPBindingChecksCertificatePreviousThumbprintHash()
             };
 
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -868,30 +868,30 @@ public async Task MixedIPBindingChecksCertificatePreviousThumbprintHash()
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
                 CertificatePreviousThumbprintHash = cert.Thumbprint,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.AddBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Add https binding |  | ***:443:test.com SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 #endif
 
@@ -903,7 +903,6 @@ public async Task FtpBindingChecksNoPreview()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -924,30 +923,30 @@ public async Task FtpBindingChecksNoPreview()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | ***:21:ftp.test.com **"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | ***:21:ftp.test.com **"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview with Certificate Request that defines a BindingIPAddress")]
@@ -958,7 +957,6 @@ public async Task FtpBindingChecksCertReqBindingIPAddr()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -980,30 +978,30 @@ public async Task FtpBindingChecksCertReqBindingIPAddr()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: {results[0].Description}");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | **127.0.0.1:21:ftp.test.com **"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: {results[1].Description}");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | **127.0.0.1:21:ftp.test.com **"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: {results[2].Description}");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview with Certificate Request that defines a BindingPort")]
@@ -1014,7 +1012,6 @@ public async Task FtpBindingChecksCertReqBindingPort()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 20, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1036,30 +1033,30 @@ public async Task FtpBindingChecksCertReqBindingPort()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[1].Description.Contains("Add ftp binding |  | ***:22:ftp.test.com **"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:20:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.AddBinding");
-            Assert.IsTrue(results[2].Description.Contains("Add ftp binding |  | ***:22:ftp.test.com **"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For FTP Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:20:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test update bindings are skipped when using a protocol other than http, https, or ftp")]
@@ -1069,7 +1066,6 @@ public async Task UpdateBindingSkippedUnsupportedProtocol()
                 new BindingInfo{ Host="smtp.test.com", IP="127.0.0.1", Port = 587, Protocol="smtp" },
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1090,20 +1086,20 @@ public async Task UpdateBindingSkippedUnsupportedProtocol()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(1, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
         }
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview")]
@@ -1114,7 +1110,6 @@ public async Task FtpBindingChecksUpdateExisting()
                 new BindingInfo{ Host="ftp.test.com", IP="127.0.0.1", Port = 21, Protocol="ftp", IsFtpSite=true },
             };
             var deployment = new BindingDeploymentManager();
-            var dummyCertPath = Environment.CurrentDirectory + "\\Assets\\dummycert.pfx";
             var testManagedCert = new ManagedCertificate
             {
                 Id = Guid.NewGuid().ToString(),
@@ -1135,40 +1130,40 @@ public async Task FtpBindingChecksUpdateExisting()
                         }
                 },
                 ItemType = ManagedCertificateType.SSL_ACME,
-                CertificatePath = dummyCertPath
+                CertificatePath = _dummyCertPath
             };
 
             var mockTarget = new MockBindingDeploymentTarget();
             mockTarget.AllBindings = bindings;
 
-            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(1, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             testManagedCert.RequestConfig.DeploymentSiteOption = DeploymentOption.AllSites;
-            results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, _dummyCertPath, pfxPwd: "", false, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
 
             Assert.IsTrue(results.Any());
             Assert.AreEqual(3, results.Count());
             Assert.IsFalse(results[0].HasError, "This call to StoreAndDeploy() should have no errors storing certificate");
-            Assert.AreEqual(results[0].Category, "CertificateStorage");
-            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"));
-            Assert.AreEqual(results[0].Title, "Certificate Stored");
+            Assert.AreEqual("CertificateStorage", results[0].Category);
+            Assert.IsTrue(results[0].Description.Contains("Certificate stored OK"), $"Unexpected description: '{results[0].Description}'");
+            Assert.AreEqual("Certificate Stored", results[0].Title);
 
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[1].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"));
-            Assert.AreEqual(results[1].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
+            Assert.IsTrue(results[1].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[1].Title);
 
             Assert.IsFalse(results[2].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
-            Assert.AreEqual(results[2].Category, "Deployment.UpdateBinding");
-            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | ***:21:ftp.test.com**"));
-            Assert.AreEqual(results[2].Title, "Install Certificate For Binding");
+            Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
+            Assert.IsTrue(results[2].Description.Contains("Update ftp binding |  | **127.0.0.1:21:ftp.test.com**"), $"Unexpected description: '{results[2].Description}'");
+            Assert.AreEqual("Install Certificate For Binding", results[2].Title);
         }
 
         [TestMethod, Description("Test that duplicate https bindings are not created when multiple non-port 443 same-hostname bindings exist")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 262d6e2de..5dc6ed89f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -81,6 +81,10 @@
     <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
     <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
   </PropertyGroup>
+  <PropertyGroup>
+    <Configuration Condition="'$(OS)|$(Configuration)' == 'UNIX|Debug'"></Configuration>
+    <DebugType>portable</DebugType>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <PlatformTarget>x64</PlatformTarget>
@@ -136,7 +140,6 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="DotNetEnv" Version="2.5.0" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.69" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
@@ -146,6 +149,7 @@
     <PackageReference Include="Polly" Version="8.2.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
+    <PackageReference Include="Testcontainers" Version="3.6.0" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
index 6f59667d3..1aa31f23d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
@@ -1,26 +1,312 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
+using System.Net.Http;
+using System.Runtime.InteropServices;
+using System.Text;
 using System.Threading.Tasks;
 using Certify.ACME.Anvil;
 using Certify.Management;
 using Certify.Models;
+using Certify.Providers.ACME.Anvil;
+using DotNet.Testcontainers.Builders;
+using DotNet.Testcontainers.Containers;
+using DotNet.Testcontainers.Volumes;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Newtonsoft.Json;
+using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
     [TestClass]
-    public class CertifyManagerAccountTests
+    public class CertifyManagerAccountTests : IDisposable
     {
         private readonly CertifyManager _certifyManager;
+        private readonly bool _isContainer = Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") == "true";
+        private readonly bool _isWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+        private readonly string _caDomain;
+        private readonly int _caPort;
+        private IContainer _caContainer;
+        private IVolume _stepVolume;
+        private CertificateAuthority _customCa;
+        private AccountDetails _customCaAccount;
+        private readonly Loggy _log;
 
         public CertifyManagerAccountTests()
         {
             _certifyManager = new CertifyManager();
             _certifyManager.Init().Wait();
-            var testCredentialsPath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests", ".env.test_accounts");
-            DotNetEnv.Env.Load(testCredentialsPath);
+            _log = new Loggy(new LoggerConfiguration().WriteTo.Debug().CreateLogger());
+
+            _caDomain = _isContainer ? "step-ca" : "localhost";
+            _caPort = 9000;
+
+            BootstrapStepCa().Wait();
+            CheckCustomCaIsRunning().Wait();
+            AddCustomCa().Wait();
+            AddNewAccount().Wait();
+        }
+
+        private async Task BootstrapStepCa()
+        {
+            string stepCaFingerprint;
+
+            // If running in a container
+            if (_isContainer)
+            {
+                // Step container volume path containing step-ca config based on OS
+                var configPath = _isWindows ? "C:\\step_share\\config\\defaults.json" : "/mnt/step_share/config/defaults.json";
+
+                // Wait till step-ca config file is written
+                while (!File.Exists(configPath)) { }
+
+                // Read step-ca fingerprint from config file
+                var stepCaConfigJson = JsonReader.ReadFile<StepCaConfig>(configPath);
+                stepCaFingerprint = stepCaConfigJson.fingerprint;
+            }
+            else
+            {
+                // Start new step-ca container
+                await StartStepCaContainer();
+
+                // Read step-ca fingerprint from config file
+                var stepCaConfigBytes = await _caContainer.ReadFileAsync("/home/step/config/defaults.json");
+                var stepCaConfigJson = JsonReader.ReadBytes<StepCaConfig>(stepCaConfigBytes);
+                stepCaFingerprint = stepCaConfigJson.fingerprint;
+            }
+
+            // Run bootstrap command
+            //var command = $"ca bootstrap -f --ca-url https://{_caDomain}:{_caPort} --fingerprint {stepCaFingerprint} --install";
+            var command = $"ca bootstrap -f --ca-url https://{_caDomain}:{_caPort} --fingerprint {stepCaFingerprint}";
+            RunCommand("step", command, "Bootstrap Step CA Script", 1000 * 30);
+        }
+
+        private async Task StartStepCaContainer()
+        {
+            try
+            {
+                // Create new volume for step-ca container
+                _stepVolume = new VolumeBuilder().WithName("step").Build();
+                await _stepVolume.CreateAsync();
+
+                // Create new step-ca container
+                _caContainer = new ContainerBuilder()
+                    .WithName("step-ca")
+                    // Set the image for the container to "smallstep/step-ca:latest".
+                    .WithImage("smallstep/step-ca:latest")
+                    .WithVolumeMount(_stepVolume, "/home/step")
+                    // Bind port 9000 of the container to port 9000 on the host.
+                    .WithPortBinding(_caPort)
+                    .WithEnvironment("DOCKER_STEPCA_INIT_NAME", "Smallstep")
+                    .WithEnvironment("DOCKER_STEPCA_INIT_DNS_NAMES", _caDomain)
+                    .WithEnvironment("DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT", "true")
+                    .WithEnvironment("DOCKER_STEPCA_INIT_ACME", "true")
+                    // Wait until the HTTPS endpoint of the container is available.
+                    .WithWaitStrategy(Wait.ForUnixContainer().UntilMessageIsLogged($"Serving HTTPS on :{_caPort} ..."))
+                    // Build the container configuration.
+                    .Build();
+
+                // Start step-ca container
+                await _caContainer.StartAsync();
+            }
+            catch (Exception)
+            {
+                throw;
+            }
+        }
+
+        private static class JsonReader
+        {
+            public static T ReadFile<T>(string filePath)
+            {
+                using (var streamReader = new StreamReader(File.Open(filePath, FileMode.Open)))
+                {
+                    using (var jsonTextReader = new JsonTextReader(streamReader))
+                    {
+                        var serializer = new JsonSerializer();
+                        return serializer.Deserialize<T>(jsonTextReader);
+                    }
+                }
+            }
+
+            public static T ReadBytes<T>(byte[] bytes)
+            {
+                using (var stringReader = new StringReader(Encoding.UTF8.GetString(bytes)))
+                {
+                    using (var jsonTextReader = new JsonTextReader(stringReader))
+                    {
+                        var serializer = new JsonSerializer();
+                        return serializer.Deserialize<T>(jsonTextReader);
+                    }
+                }
+            }
+        }
+
+        private class StepCaConfig
+        {
+            [JsonProperty(PropertyName = "ca-url")]
+            public string ca_url;
+            [JsonProperty(PropertyName = "ca-config")]
+            public string ca_config;
+            public string fingerprint;
+            public string root;
+        }
+
+        private void RunCommand(string program, string args, string description = null, int timeoutMS = 1000 * 5)
+        {
+            if (description == null) { description = string.Concat(program, " ", args); }
+            
+            var output = "";
+            var errorOutput = "";
+
+            var startInfo = new ProcessStartInfo()
+            {
+                FileName = program,
+                Arguments = args,
+                RedirectStandardInput = true,
+                RedirectStandardOutput = true,
+                RedirectStandardError = true,
+                UseShellExecute = false,
+                CreateNoWindow = true
+            };
+
+            var process = new Process() { StartInfo = startInfo };
+
+            process.OutputDataReceived += (obj, a) =>
+            {
+                if (!string.IsNullOrWhiteSpace(a.Data))
+                {
+                    _log.Information(a.Data);
+                    output += a.Data;
+                }
+            };
+
+            process.ErrorDataReceived += (obj, a) =>
+            {
+                if (!string.IsNullOrWhiteSpace(a.Data))
+                {
+                    _log.Error($"Error: {a.Data}");
+                    errorOutput += a.Data;
+                }
+            };
+
+            try
+            {
+                process.Start();
+
+                process.BeginOutputReadLine();
+                process.BeginErrorReadLine();
+
+                process.WaitForExit(timeoutMS);
+            }
+            catch (Exception exp)
+            {
+                _log.Error($"Error Running ${description}: " + exp.ToString());
+                throw;
+            }
+
+            _log.Information($"{description} Successful");
+        }
+
+        private async Task CheckCustomCaIsRunning()
+        {
+            var httpHandler = new HttpClientHandler();
+
+            httpHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) => true;
+
+            var loggingHandler = new LoggingHandler(httpHandler, _log);
+            var stepCaHttp = new HttpClient(loggingHandler);
+            var healthRes = await stepCaHttp.GetAsync($"https://{_caDomain}:{_caPort}/health");
+            var healthResStr = await healthRes.Content.ReadAsStringAsync();
+            Assert.AreEqual("{\"status\":\"ok\"}\n", (healthResStr));
+        }
+
+        private async Task AddCustomCa()
+        {
+            _customCa = new CertificateAuthority
+            {
+                Id = "step-ca",
+                Title = "Custom Step CA",
+                IsCustom = true,
+                IsEnabled = true,
+                APIType = CertAuthorityAPIType.ACME_V2.ToString(),
+                ProductionAPIEndpoint = $"https://{_caDomain}:{_caPort}/acme/acme/directory",
+                StagingAPIEndpoint = $"https://{_caDomain}:{_caPort}/acme/acme/directory",
+                RequiresEmailAddress = true,
+                AllowUntrustedTls = true,
+                SANLimit = 100,
+                StandardExpiryDays = 90,
+                SupportedFeatures = new List<string>
+                {
+                    CertAuthoritySupportedRequests.DOMAIN_SINGLE.ToString(),
+                    CertAuthoritySupportedRequests.DOMAIN_MULTIPLE_SAN.ToString(),
+                    CertAuthoritySupportedRequests.DOMAIN_WILDCARD.ToString()
+                },
+                SupportedKeyTypes = new List<string>{
+                    StandardKeyTypes.ECDSA256,
+                }
+            };
+            var updateCaRes = await _certifyManager.UpdateCertificateAuthority(_customCa);
+            Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {_customCa.Id} to be successful");
+        }
+
+        private async Task AddNewAccount()
+        {
+            if (_customCa?.Id != null)
+            {
+                var contactRegistration = new ContactRegistration
+                {
+                    AgreedToTermsAndConditions = true,
+                    CertificateAuthorityId = _customCa.Id,
+                    EmailAddress = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com",
+                    ImportedAccountKey = "",
+                    ImportedAccountURI = "",
+                    IsStaging = true
+                };
+
+                // Add account
+                var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+                Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegistration.EmailAddress}");
+                _customCaAccount = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegistration.EmailAddress);
+            }
+        }
+
+        public void Dispose() => Cleanup().Wait();
+
+        private async Task Cleanup()
+        {
+            if (_customCaAccount != null)
+            {
+                await _certifyManager.RemoveAccount(_customCaAccount.StorageKey, true);
+            }
+
+            if (_customCa != null)
+            {
+                await _certifyManager.RemoveCertificateAuthority(_customCa.Id);
+            }
+
+            if (!_isContainer)
+            {
+                await _caContainer.DisposeAsync();
+                await _stepVolume.DeleteAsync();
+                await _stepVolume.DisposeAsync();
+            }
+            
+            var stepConfigPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "config");
+            if (Directory.Exists(stepConfigPath))
+            {
+                Directory.Delete(stepConfigPath, true);
+            }
+
+            var stepCertsPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "certs");
+            if (Directory.Exists(stepCertsPath))
+            {
+                Directory.Delete(stepCertsPath, true);
+            }
+
+            _certifyManager?.Dispose();
         }
 
         [TestMethod, Description("Happy path test for using CertifyManager.GetAccountDetails()")]
@@ -52,10 +338,10 @@ public async Task TestCertifyManagerGetAccountDetailsAllowCacheFalse()
         public async Task TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId()
         {
             var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "letsencrypt.org" });
+            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = _customCa.Id });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
-            Assert.AreEqual("letsencrypt.org", caAccount.CertificateAuthorityId, $"Unexpected certificate authority id '{caAccount.CertificateAuthorityId}'");
+            Assert.AreEqual(_customCa.Id, caAccount.CertificateAuthorityId, $"Unexpected certificate authority id '{caAccount.CertificateAuthorityId}'");
         }
 
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when OverrideAccountDetails is defined in CertifyManager")]
@@ -68,7 +354,7 @@ public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetai
                 AccountURI = "",
                 Title = "Dev",
                 Email = "test@certifytheweb.com",
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 StorageKey = "dev",
                 IsStagingAccount = true,
             };
@@ -91,7 +377,7 @@ public async Task TestCertifyManagerGetAccountDetailsNoMatches()
             Assert.IsNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to be null");
         }
 
-        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when there is no matching account")]
+        [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when it is a resume order")]
         public async Task TestCertifyManagerGetAccountDetailsIsResumeOrder()
         {
             var testUrl = "test.com";
@@ -120,7 +406,7 @@ public async Task TestCertifyManagerAddAccount()
                 var contactRegistration = new ContactRegistration
                 {
                     AgreedToTermsAndConditions = true,
-                    CertificateAuthorityId = "letsencrypt.org",
+                    CertificateAuthorityId = _customCa.Id,
                     EmailAddress = contactRegEmail,
                     ImportedAccountKey = "",
                     ImportedAccountURI = "",
@@ -151,7 +437,7 @@ public async Task TestCertifyManagerRemoveAccount()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -179,7 +465,7 @@ public async Task TestCertifyManagerAddAccountDidNotAgree()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = false,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -225,10 +511,10 @@ public async Task TestCertifyManagerAddAccountMissingAccountKey()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
-                ImportedAccountURI = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/123403114",
+                ImportedAccountURI = _customCaAccount.AccountURI,
                 IsStaging = true
             };
 
@@ -248,9 +534,9 @@ public async Task TestCertifyManagerAddAccountMissingAccountUri()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
-                ImportedAccountKey = DotNetEnv.Env.GetString("RESTORE_KEY_PEM"),
+                ImportedAccountKey = _customCaAccount.AccountKey,
                 ImportedAccountURI = "",
                 IsStaging = true
             };
@@ -271,10 +557,10 @@ public async Task TestCertifyManagerAddAccountBadAccountKey()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "tHiSiSnOtApEm",
-                ImportedAccountURI = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_URI"),
+                ImportedAccountURI = _customCaAccount.AccountURI,
                 IsStaging = true
             };
 
@@ -289,30 +575,28 @@ public async Task TestCertifyManagerAddAccountBadAccountKey()
         [TestMethod, Description("Test for CertifyManager.AddAccount() when ImportedAccountKey and ImportedAccountURI are valid")]
         public async Task TestCertifyManagerAddAccountImport()
         {
+            // Remove account
+            var removeAccountRes = await _certifyManager.RemoveAccount(_customCaAccount.StorageKey);
+            Assert.IsTrue(removeAccountRes.IsSuccess, $"Expected account removal to be successful for {_customCaAccount.Email}");
+            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == _customCaAccount.Email);
+            Assert.IsNull(accountDetails, $"Did not expect an account for {_customCaAccount.Email} to be returned by CertifyManager.GetAccountRegistrations()");
+
             // Setup account registration info
-            //var contactRegEmail = "admin.98b9a6@test.com";
-            var contactRegEmail = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_EMAIL");
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
-                EmailAddress = contactRegEmail,
-                ImportedAccountKey = DotNetEnv.Env.GetString("RESTORE_KEY_PEM"),
-                ImportedAccountURI = DotNetEnv.Env.GetString("RESTORE_ACCOUNT_URI"),
+                CertificateAuthorityId = _customCa.Id,
+                EmailAddress = _customCaAccount.Email,
+                ImportedAccountKey = _customCaAccount.AccountKey,
+                ImportedAccountURI = _customCaAccount.AccountURI,
                 IsStaging = true
             };
 
             // Add account
             var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
-            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegEmail}");
-            var accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
-            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {contactRegEmail}");
-
-            // Remove account
-            var removeAccountRes = await _certifyManager.RemoveAccount(accountDetails.StorageKey);
-            Assert.IsTrue(removeAccountRes.IsSuccess, $"Expected account removal to be successful for {contactRegEmail}");
-            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == contactRegEmail);
-            Assert.IsNull(accountDetails, $"Did not expect an account for {contactRegEmail} to be returned by CertifyManager.GetAccountRegistrations()");
+            Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {_customCaAccount.Email}");
+            accountDetails = (await _certifyManager.GetAccountRegistrations()).Find(a => a.Email == _customCaAccount.Email);
+            Assert.IsNotNull(accountDetails, $"Expected one of the accounts returned by CertifyManager.GetAccountRegistrations() to be for {_customCaAccount.Email}");
         }
 
         [TestMethod, Description("Test for using CertifyManager.RemoveAccount() with a bad storage key")]
@@ -336,7 +620,7 @@ public async Task TestCertifyManagerGetAccountAndAcmeProvider()
                 var contactRegistration = new ContactRegistration
                 {
                     AgreedToTermsAndConditions = true,
-                    CertificateAuthorityId = "letsencrypt.org",
+                    CertificateAuthorityId = _customCa.Id,
                     EmailAddress = contactRegEmail,
                     ImportedAccountKey = "",
                     ImportedAccountURI = "",
@@ -383,7 +667,7 @@ public async Task TestCertifyManagerUpdateAccountContact()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -401,7 +685,7 @@ public async Task TestCertifyManagerUpdateAccountContact()
             var newContactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = newContactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -424,7 +708,7 @@ public async Task TestCertifyManagerUpdateAccountContactNoAgreement()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -442,7 +726,7 @@ public async Task TestCertifyManagerUpdateAccountContactNoAgreement()
             var newContactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = false,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = newContactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -468,7 +752,7 @@ public async Task TestCertifyManagerUpdateAccountContactBadKey()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -486,7 +770,7 @@ public async Task TestCertifyManagerUpdateAccountContactBadKey()
             var newContactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = newContactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -582,7 +866,7 @@ public async Task TestCertifyManagerChangeAccountKeyBadStorageKey()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -618,7 +902,7 @@ public async Task TestCertifyManagerChangeAccountKeyBadAccountKey()
             var contactRegistration = new ContactRegistration
             {
                 AgreedToTermsAndConditions = true,
-                CertificateAuthorityId = "letsencrypt.org",
+                CertificateAuthorityId = _customCa.Id,
                 EmailAddress = contactRegEmail,
                 ImportedAccountKey = "",
                 ImportedAccountURI = "",
@@ -801,7 +1085,7 @@ public async Task TestCertifyManagerRemoveCertificateAuthorityBadId()
             // Delete custom CA
             var deleteCaRes = await _certifyManager.RemoveCertificateAuthority(badId);
             Assert.IsFalse(deleteCaRes.IsSuccess, $"Expected Custom CA deletion for CA with ID {badId} to be unsuccessful");
-            Assert.AreEqual(deleteCaRes.Message, "An error occurred removing the indicated Custom CA from the Certificate Authorities list.", "Unexpected result message for CertifyManager.RemoveCertificateAuthority() failure");
+            Assert.AreEqual(deleteCaRes.Message, $"The certificate authority {badId} was not found in the list of custom CAs and could not be removed.", "Unexpected result message for CertifyManager.RemoveCertificateAuthority() failure");
         }
     }
 }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
new file mode 100644
index 000000000..86c5d8c65
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
@@ -0,0 +1,169 @@
+# Certify Core Unit Test Docker Images and Containers
+
+## Building Certify Core Unit Test Docker Images
+
+To build the Docker Images for the Certify Core Unit Tests, first navigate to `certify\src\Certify.Tests\Certify.Core.Tests.Unit` in a console window or Visual Studio's Developer Powershell Panel
+
+### Linux Images
+
+To build the Linux images, use the following Docker build commands (make sure Docker Desktop is switched to Linux containers):
+
+```
+// For .NET Core 8.0
+docker build ..\..\..\..\ -t certify-core-tests-unit-8_0-linux -f .\certify-core-tests-unit-8_0-linux.dockerfile
+```
+
+### Windows Images
+
+To build the Windows images, use the following Docker build commands (make sure Docker Desktop is switched to Windows containers):
+
+```
+// For .NET 4.6.2
+docker build ..\..\..\..\ -t certify-core-tests-unit-4_6_2-win -f .\certify-core-tests-unit-4_6_2-win.dockerfile -m 8GB
+
+// For .NET Core 8.0
+docker build ..\..\..\..\ -t certify-core-tests-unit-8_0-win -f .\certify-core-tests-unit-8_0-win.dockerfile -m 8GB
+
+// For the step-ca-win image
+docker build . -t step-ca-win -f .\step-ca-win.dockerfile
+```
+
+
+Since the context built for the Docker Daemon is quite large for the Certify images in Windows (depending on the size of your Certify workspace), you may need to run this in a Powershell terminal outside of Visual Studio with the IDE and other memory-heavy apps closed down (especailly if you have low RAM).
+
+
+## Running Certify Core Unit Test Containers with Docker Compose
+
+### Linux Test Runs
+
+To run the Linux Tests in Docker, use the following Docker Compose command:
+
+```
+docker compose -f linux_compose.yaml up -d
+```
+
+To stop the Linux Tests in Docker, use the following Docker Compose command:
+
+```
+docker compose -f linux_compose.yaml down -v
+```
+
+### Windows Test Runs
+
+To run the Windows Tests in Docker, use the following Docker Compose command:
+
+```
+// For .NET 4.6.2
+docker compose --profile 4_6_2 -f windows_compose.yaml up -d
+
+// For .NET Core 8.0
+docker compose --profile 8_0 -f windows_compose.yaml up -d
+```
+
+To stop the Windows Tests in Docker, use the following Docker Compose command:
+
+```
+// For .NET 4.6.2
+docker compose --profile 4_6_2 -f windows_compose.yaml down -v
+
+// For .NET Core 8.0
+docker compose --profile 8_0 -f windows_compose.yaml down -v
+```
+
+### Debugging Tests Running in Containers with Docker Compose in Visual Studio
+
+Within each test Docker Compose file are commented out lines for debugging subsections of the Certify Core Unit Test code base.
+
+To run an individual class of tests, uncomment the following section of the corresponding Docker Compose file, with the name of the test class you wish to run following `ClassName=`:
+
+```
+  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+```
+
+To run an individual test, uncomment the following section of the corresponding Docker Compose file, with 
+the name of the test you wish to run following `Name=`:
+
+```
+  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
+```
+
+To run tests using the Visual Studio debugger, first ensure that you have the `Containers` window visible (`View -> Other Windows -> Containers`)
+
+Then, uncomment the following section of the corresponding Docker Compose file you wish to run:
+```
+  environment:
+     VSTEST_HOST_DEBUG: 1
+```
+
+After starting the Docker Compose file with the `up` command, the container for the Unit Tests will show in the logs a message like this, showing the debug process to attach to (this may take a second while it waits for the health check of the Step-CA container):
+
+```
+Host debugging is enabled. Please attach debugger to testhost process to continue.
+Process Id: 2044, Name: testhost
+Waiting for debugger attach...
+Process Id: 2044, Name: testhost
+```
+
+To attach to the process, right-click on the Unit Test container in the Visual Studio Container window, and select `Attach To Process`. Visual Studio may download the Debug tool to your container if missing.
+
+Visual Studio will then bring up a new window showing the running Processes on the selected container. Double-click the Process with the matching ID number from the logging.
+
+![Screenshot of the Visual Studio Attach to Process Window](../../../docs/images/VS_Container_Debug_Attach_To_Process_Window.png)
+
+For Linux containers, you may additionally have to select the proper code type for debugging in the following window (Always choose `Managed (.NET Core for Unix)`):
+
+![Screenshot of the Visual Studio Select Code Type Window](../../../docs/images/VS_Container_Debug_Select_Code_Type_Window.png)
+
+The Visual Studio's debugger will then take a moment to attach. Once ready, you will need to click the `Continue` button to start test code execution.
+
+**Be sure to uncomment any debugging lines from the compose files before committing changes to the `certify` repo.**
+
+## Running Certify Core Unit Tests with a Base Docker Image (No Building)
+
+Since building a custom image can take time while doing local development, you can also use a the base images referenced in the Dockerfiles for this project to run your code on your machine in a container.
+
+To do this, first navigate to `certify\src\Certify.Tests\Certify.Core.Tests.Unit` in a console window or Visual Studio's Developer Powershell Panel.
+
+### Running Certify Core Unit Tests with a Linux Base Image
+
+**Note: CertifyManagerAccountTests tests will not work properly unless a Docker container for step-ca has been started with the hostname `step-ca`**
+
+To run all of the Certify Core Unit Tests in a Linux container, use the following command:
+
+```
+docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0
+```
+
+To run a specifi class of Certify Core Unit Tests in a Linux container, use the following command, substituting the Class Name of the tests after `--filter "ClassName=`:
+
+```
+docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter "ClassName=Certify.Core.Tests.Unit.DnsQueryTests"
+```
+
+To run a single Certify Core Unit Test in a Linux container, use the following command, substituting the Test Name of the tests after `--filter "Name=`:
+
+```
+docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter "Name=MixedIPBindingChecksNoPreview"
+```
+
+To run Certify Core Unit Tests with Debugging in a Linux container, use the following command, add `-e VSTEST_HOST_DEBUG=1` as a `docker run` parameter like so:
+
+```
+docker run --name core-tests-unit-8_0-linux --rm -it -e VSTEST_HOST_DEBUG=1 -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0"
+```
+
+### Running Certify Core Unit Tests with a Windows Base Image
+
+**Note: CertifyManagerAccountTests tests will not work properly unless a Docker container for step-ca-win has been started with the hostname `step-ca`**
+
+To run all of the Certify Core Unit Tests in a Windows container, use the following command:
+
+```
+// For .NET 4.6.2
+docker run --name core-tests-unit-4_6_2-win --rm -it -v ${pwd}\bin\Debug\net462:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net462
+
+// For .NET Core 8.0
+docker run --name core-tests-unit-8_0-win --rm -it -v ${pwd}\bin\Debug\net8.0:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net8.0
+```
+
+See the above Linux examples to see how to run tests selectively or with debugging enabled.
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
index cc5e74f9d..2d24d18c8 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Certify.Core.Management.Challenges;
 using Certify.Management;
@@ -19,7 +20,7 @@ public GetDnsProviderTests()
             var pluginManager = new PluginManager();
             pluginManager.LoadPlugins(new List<string> { PluginManager.PLUGINS_DNS_PROVIDERS });
             var TEST_PATH = "Tests\\credentials";
-            credentialsManager = new SQLiteCredentialStore(storageSubfolder: TEST_PATH);
+            credentialsManager = new SQLiteCredentialStore(RuntimeInformation.IsOSPlatform(OSPlatform.Windows), TEST_PATH);
             dnsHelper = new DnsChallengeHelper(credentialsManager);
         }
 
@@ -58,6 +59,9 @@ public async Task TestGetDnsProvidersEmptyProviderTypeId()
             Assert.AreEqual("DNS Challenge API Provider not set or could not load.", result.Result.Message);
             Assert.IsFalse(result.Result.IsSuccess);
             Assert.IsFalse(result.Result.IsWarning);
+
+            // Cleanup credentials
+            await credentialsManager.Delete(null, testCredential.StorageKey);
         }
 
         [TestMethod, Description("Test Getting DNS Provider with a bad CredentialId")]
@@ -82,6 +86,9 @@ public async Task TestGetDnsProvidersBadCredentialId()
             Assert.AreEqual("DNS Challenge API Credentials could not be decrypted or no longer exists. The original user must be used for decryption.", result.Result.Message);
             Assert.IsFalse(result.Result.IsSuccess);
             Assert.IsFalse(result.Result.IsWarning);
+
+            // Cleanup credentials
+            await credentialsManager.Delete(null, testCredential.StorageKey);
         }
 
         [TestMethod, Description("Test Getting DNS Provider")]
@@ -107,6 +114,9 @@ public async Task TestGetDnsProviders()
             Assert.IsTrue(result.Result.IsSuccess);
             Assert.IsFalse(result.Result.IsWarning);
             Assert.AreEqual(testCredential.ProviderType, result.Provider.ProviderId);
+
+            // Cleanup credentials
+            await credentialsManager.Delete(null, testCredential.StorageKey);
         }
 
         [TestMethod, Description("Test Getting Challenge API Providers")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
index a3283b9a4..226a37766 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
@@ -9,12 +9,25 @@ namespace Certify.Core.Tests.Unit
     [TestClass]
     public class LoggyTests
     {
-        private string logFilePath = "C:\\ProgramData\\certify\\Tests\\test.log";
+        private string testsDataPath;
+        private string logFilePath;
 
         [TestInitialize]
         public void TestInitialize()
         {
-            File.Delete(this.logFilePath);
+            testsDataPath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests");
+            logFilePath = Path.Combine(testsDataPath, "test.log");
+
+            if (!Directory.Exists(testsDataPath))
+            {
+                Directory.CreateDirectory(testsDataPath);
+
+            }
+
+            if (File.Exists(logFilePath))
+            {
+                File.Delete(this.logFilePath);
+            }
         }
 
         [TestCleanup]
@@ -56,10 +69,11 @@ public void TestLoggyErrorException()
 
             // Trigger an exception error and log it using Loggy.Error()
             var logMessage = "New Loggy Exception Error";
-            var exceptionError = "System.IO.FileNotFoundException: Could not find file 'C:\\ProgramData\\certify\\Tests\\test1.log'.";
+            var badFilePath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests", "test1.log");
+
+            var exceptionError = $"System.IO.FileNotFoundException: Could not find file '{badFilePath}'.";
             try
             {
-                var badFilePath = "C:\\ProgramData\\certify\\Tests\\test1.log";
                 var nullObject = File.ReadAllBytes(badFilePath);
             }
             catch (Exception e)
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
new file mode 100644
index 000000000..46c6672da
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
@@ -0,0 +1,29 @@
+FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS base
+WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+EXPOSE 9696
+
+# define build and copy required source files
+FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS build
+WORKDIR /src
+COPY ./certify/src ./certify/src
+COPY ./certify-plugins/src ./certify-plugins/src
+COPY ./certify-internal/src/Certify.Plugins ./certify-internal/src/Certify.Plugins
+COPY ./libs/anvil ./libs/anvil
+RUN dotnet build ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net462 -c Debug -o /app/build
+
+# build and publish (as Debug mode) to /app/publish
+FROM build AS publish
+COPY --from=build /app/build/x64/SQLite.Interop.dll /app/publish/x64/
+RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net462 -c Debug -o /app/publish
+RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net462 -c Debug -o /app/publish/Plugins
+COPY ./libs/Posh-ACME/Posh-ACME /app/publish/Scripts/DNS/PoshACME
+
+# copy build from /app/publish in sdk image to final image
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+
+# run the service, alternatively we could runs tests etc
+ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net462"]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile
new file mode 100644
index 000000000..5eb8e2c83
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile
@@ -0,0 +1,28 @@
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS base
+WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+EXPOSE 9696
+RUN wget https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.23.0/step-cli_0.23.0_amd64.deb && dpkg -i step-cli_0.23.0_amd64.deb
+
+# define build and copy required source files
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+WORKDIR /src
+COPY ./certify/src ./certify/src
+COPY ./certify-plugins/src ./certify-plugins/src
+COPY ./certify-internal/src/Certify.Plugins ./certify-internal/src/Certify.Plugins
+COPY ./libs/anvil ./libs/anvil
+
+# build and publish (as Release mode) to /app/publish
+FROM build AS publish
+RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net8.0 -c Debug -o /app/publish
+RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net8.0 -c Debug -o /app/publish/plugins
+COPY ./libs/Posh-ACME/Posh-ACME /app/publish/Scripts/DNS/PoshACME
+
+# copy build from /app/publish in sdk image to final image
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+
+# run the service, alternatively we could runs tests etc
+ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net8.0"]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
new file mode 100644
index 000000000..feacfe1bf
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
@@ -0,0 +1,31 @@
+FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS base
+WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+EXPOSE 9696
+RUN mkdir C:\temp && pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'" && tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files" && rmdir /s /q C:\temp
+USER ContainerAdministrator
+RUN setx /M PATH "%PATH%;C:\Program Files\step_0.24.4\bin"
+USER ContainerUser
+
+# define build and copy required source files
+FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS build
+WORKDIR /src
+COPY ./certify/src ./certify/src
+COPY ./certify-plugins/src ./certify-plugins/src
+COPY ./certify-internal/src/Certify.Plugins ./certify-internal/src/Certify.Plugins
+COPY ./libs/anvil ./libs/anvil
+
+# build and publish (as Debug mode) to /app/publish
+FROM build AS publish
+RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net8.0 -c Debug -o /app/publish
+RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net8.0 -c Debug -o /app/publish/plugins
+COPY ./libs/Posh-ACME/Posh-ACME /app/publish/Scripts/DNS/PoshACME
+
+# copy build from /app/publish in sdk image to final image
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+
+# run the service, alternatively we could runs tests etc
+ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net8.0"]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml b/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
new file mode 100644
index 000000000..d7274b88a
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
@@ -0,0 +1,37 @@
+name: certify-core-tests-unit-linux
+services:
+
+  certify-core-tests-unit-8_0:
+    image: certify-core-tests-unit-8_0-linux:latest
+    build: 
+      context: ../../../../
+      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile   
+    ports:
+      - 80:80
+      - 443:443
+      - 9696:9696
+    # environment:
+    #   VSTEST_HOST_DEBUG: 1
+    volumes:
+      - step:/mnt/step_share
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetails'"
+    depends_on:
+      step-ca:
+        condition: service_healthy
+
+  step-ca:
+    image: smallstep/step-ca:latest
+    hostname: step-ca
+    ports:
+      - 9000:9000
+    environment:
+      DOCKER_STEPCA_INIT_NAME: Smallstep
+      DOCKER_STEPCA_INIT_DNS_NAMES: localhost,step-ca
+      DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT: true
+      DOCKER_STEPCA_INIT_ACME: true
+    volumes:
+      - step:/home/step
+
+volumes:
+  step: {}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
new file mode 100644
index 000000000..c2a262060
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
@@ -0,0 +1,23 @@
+FOR /F "tokens=* USEBACKQ" %%F IN (`step path`) DO (
+  SET STEPPATH=%%F
+)
+
+pwsh -Command "$psw = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.tochararray() | Get-Random -Count 40 | Join-String;"^
+ "echo $psw;"^
+ "Out-File -FilePath "$Env:STEPPATH\password" -InputObject $psw;"^
+ "Out-File -FilePath "$Env:STEPPATH\provisioner_password" -InputObject $psw;"^
+ "Remove-Variable psw"
+
+step ca init --deployment-type standalone --name Smallstep --dns localhost --provisioner admin ^
+--password-file %STEPPATH%\password --provisioner-password-file %STEPPATH%\provisioner_password ^
+--address :9000 --remote-management --admin-subject step
+
+sdelete64 -accepteula -nobanner -q %STEPPATH%\provisioner_password
+
+move "%STEPPATH%\password" "%STEPPATH%\secrets\password"
+
+rmdir /s /q %STEPPATH%\db
+
+step ca provisioner add acme --type ACME
+
+step-ca --password-file %STEPPATH%\secrets\password %STEPPATH%\config\ca.json
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
new file mode 100644
index 000000000..37cba87d9
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
@@ -0,0 +1,21 @@
+FROM mcr.microsoft.com/dotnet/sdk:8.0-nanoserver-ltsc2022 AS base
+WORKDIR /app
+EXPOSE 9000
+RUN mkdir C:\temp 
+RUN pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'" && tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files"
+RUN pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2/step-ca_windows_0.24.2_amd64.zip' -Outfile 'C:\temp\step-ca_windows_0.24.2_amd64.zip'" && tar -oxzf C:\temp\step-ca_windows_0.24.2_amd64.zip -C "C:\Program Files"
+RUN mkdir "C:\Program Files\SDelete" && pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://download.sysinternals.com/files/SDelete.zip' -Outfile 'C:\temp\SDelete.zip'" && tar -oxzf C:\temp\SDelete.zip -C "C:\Program Files\SDelete"
+RUN rmdir /s /q C:\temp
+USER ContainerAdministrator
+RUN setx /M PATH "%PATH%;C:\Program Files\step_0.24.4\bin;C:\Program Files\step-ca_0.24.2;C:\Program Files\SDelete"
+USER ContainerUser
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS netapi
+
+FROM base AS final
+COPY ./step-ca-win-init.bat .
+COPY --from=netapi /Windows/System32/netapi32.dll /Windows/System32/netapi32.dll
+
+HEALTHCHECK CMD curl -Method GET -f http://localhost:9000/health || exit 1
+
+CMD step-ca-win-init.bat && cmd
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
new file mode 100644
index 000000000..80e4f500c
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
@@ -0,0 +1,57 @@
+name: certify-core-tests-unit-win
+services:
+
+  certify-core-tests-unit-8_0:
+    image: certify-core-tests-unit-8_0-win:latest
+    build: 
+      context: ../../../../
+      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
+    # environment:
+    #   VSTEST_HOST_DEBUG: 1
+    ports:
+      - 80:80
+      - 443:443
+      - 9696:9696
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
+    volumes:
+      - step:C:\step_share
+    profiles: ["8_0"]
+    depends_on:
+      step-ca:
+        condition: service_healthy
+
+  certify-core-tests-unit-4_6_2:
+    image: certify-core-tests-unit-4_6_2-win:latest
+    build: 
+      context: ../../../../
+      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
+    # environment:
+    #   VSTEST_HOST_DEBUG: 1
+    ports:
+      - 80:80
+      - 443:443
+      - 9696:9696
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net462 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net462 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
+    volumes:
+      - step:C:\step_share
+    profiles: ["4_6_2"]
+    depends_on:
+      step-ca:
+        condition: service_healthy
+  
+  step-ca:
+    image: step-ca-win:latest
+    build: 
+      context: .
+      dockerfile: ./step-ca-win.dockerfile   
+    hostname: step-ca
+    profiles: ["4_6_2", "8_0"]
+    ports:
+      - 9000:9000
+    volumes:
+      - step:C:\Users\ContainerUser\.step
+
+volumes:
+  step: {}

From e734e6f2462463cac7793163af235ac17b636855 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 11 Dec 2023 13:35:52 +0800
Subject: [PATCH 092/237] Package updates

---
 src/Certify.Models/Certify.Models.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 .../Certify.Server.Api.Public/Certify.Server.Api.Public.csproj  | 2 +-
 src/Certify.Service/App.config                                  | 2 +-
 src/Certify.Service/Certify.Service.csproj                      | 2 +-
 src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj  | 2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj                   | 2 +-
 .../Certify.Core.Tests.Integration.csproj                       | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj      | 2 +-
 .../Certify.Service.Tests.Integration.csproj                    | 2 +-
 .../Certify.UI.Tests.Integration.csproj                         | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index a918579d1..9839a6be6 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -22,7 +22,7 @@
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
 		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.7.0">
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.8.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 6cc8ed027..76b0fc8d9 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.2" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.16" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 9f25dd140..c394d382e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -13,7 +13,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="[1.19.6-Preview.1, 1.19.6]" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index ec7fc9391..c1a021fc2 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.56.0.0" newVersion="4.57.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.57.0.0" newVersion="4.58.1.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 25b0969b0..d92277c5a 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.57.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.58.1" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index e7fe84833..d64920bd5 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.3.9" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.0" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index e28907b12..a2d5d4dae 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -19,7 +19,7 @@
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.5.0" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.6.0" Condition="'$(TargetFramework)' == 'net8.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 0edf6955c..7f8024375 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -92,7 +92,7 @@
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 5dc6ed89f..4cdfda0e1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -141,7 +141,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index d155c9add..14c598d36 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -75,7 +75,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 618dabff8..2a5f58f27 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -71,7 +71,7 @@
     <ProjectReference Include="..\..\Certify.UI.Shared\Certify.UI.Shared.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />

From 633d8191111231c6d9237183b8fb3bbb025f0347 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Dec 2023 15:54:03 +0800
Subject: [PATCH 093/237] Core: implement queue for batch submission of status
 reports

---
 .../CertifyManager/CertifyManager.ManagedCertificates.cs         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 95585ace2..64070d176 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -8,6 +8,7 @@
 using Certify.Models.API;
 using Certify.Models.Providers;
 using Certify.Models.Reporting;
+using Certify.Models.Shared;
 
 namespace Certify.Management
 {

From 463c2ce0e24d16446e2da6f543be09d070aaf170 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Dec 2023 17:17:55 +0800
Subject: [PATCH 094/237] Update choco scripts

---
 scripts/chocolatey/tools/chocolateyinstall.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/chocolatey/tools/chocolateyinstall.ps1 b/scripts/chocolatey/tools/chocolateyinstall.ps1
index d15df1df8..fcbc5f1aa 100644
--- a/scripts/chocolatey/tools/chocolateyinstall.ps1
+++ b/scripts/chocolatey/tools/chocolateyinstall.ps1
@@ -1,4 +1,4 @@
-$ErrorActionPreference = 'Stop';
+$ErrorActionPreference = 'Stop';
 $toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
 $url64      = 'https://certifytheweb.s3.amazonaws.com/downloads/archive/CertifyTheWebSetup_V6.1.0.exe'
 

From 99ae4af47a8c3ede58b55d125e06eb393979270f Mon Sep 17 00:00:00 2001
From: Justin Nelson <jrnelson90@gmail.com>
Date: Wed, 13 Dec 2023 20:09:16 -0800
Subject: [PATCH 095/237] First attempt adding testing Github Actions for
 Certify.Core.Tests.Unit

Fix to the .NET Version number needed to download SDK

Changes for pulling dependencies, and splitting 8.0 into two workflows

Change ref type for plugins dependency branch

More changes to cloning dependencies in GitActions

Fix path for cloning certify-internal repo

Testing actions without internal repo clone

Fixing relative placement of cloning paths for dependency repos

Setting repos for "side by side" checkout

https://github.com/actions/checkout#checkout-multiple-repos-side-by-side

Fix paths on dotnet tool steps

Disable .NET 4.6.2 Test Workflow until cause of test stalls is fixed

Default pull step for cloning webprofusion/certify-plugins

Add step to setup Step CLI on Windows Test Runner

Add Github Actions step to pull step-ca docker image on Windows runner

Add Github Actions step to pull step-ca docker image on Linux runner

Fix Setup Step CLI GitHub Actions step for Windows runner

Fix Setup Step CLI GitHub Actions step for Linux runner

Refactor step-ca-win to be more like step-ca Linux image with env args

Changes to CertifyManagerAccountTests for Windows GitHub Actions runner

Fix to CertifyManagerAccountTests for Windows GitHub Actions runner

Fixes mounting Docker volume

Adding Step-CA and Step CLI dependencies to .NET 4.6.2 test GitHub flow

Fix to CertifyManagerAccountTests for Windows GitHub Actions runner

Debug Windows runner on GitHub for CertifyManagerAccountTests

Fixes for running CertifyManagerAccountTests in Windows GitHub Runner

Tweak to command for Setup Step CLI step in Windows GitHub Runner

More Fixes for missing LE Accounts expected by Unit Tests

Debug step for Step CLI setup in Windows GitHub Runner

More fixes to running tests in GitLab Runners

More debugging info for fixing GitLab Runners

More debugging info for Step CLI step in  GitLab Runners

Tweak for adding Step CLI to Windows GitLab Runner PATH

Another tweak for adding Step CLI to Windows GitLab Runner PATH

Path update for Step CLI in Windows GitLab Runner

More GitHub Runner Tweaks

Add to Windows GitHub Path using GITHUB_PATH

Finishing up adding Step CLI to PATH in Windows GitHub Runners

Testing adding code coverage report to GitHub Actions markup output

Update sticky pull request comment version in Linux GitHub Action

Try using EnricoMi/publish-unit-test-result-action GitHub action

Make coverage report without GitHub Action, using ReportGenerator CLI

Debug output files to Testresults folder from dotnet test

Further debugging of test results output files

Fix path for cobertura coverage file in report generation

Add Coverlet Collector Package at runtime of GitHub Action for coverage

Specify working directory when adding Coverlet Collector package

Add coverlet.collector through project dependencies rather than CLI

Changes to fix loading Coverlet Collector without running dotnet publish

Remove coverage directory debug step

Remove coverage directory debug step on Linux

Tweaks to fix PR GitHub Actions Test jobs for Certify

More tweaks to fix PR GitHub Actions Test jobs for Certify

Edit to generate HTML Test Results Artifact

Add .NET Core 3.1.x to GitHub Actions for Trx-To-HTML Tool

Generate HTML Test Results report with built-in Logger

Attempting to output CLI reports to Markdown in GITHUB_STEP_SUMMARY

Fix for generating Test Results Markdown

Tweaks to generating Markdown reports for Windows Runners

Change Markup Report Titles and Display Order

Add Folder parameter to Test Results Generation

Trying to suppress build warnings from being added to annotations

Trying out dorny/test-reporter action on Linux runner

Fix to dorny/test-reporter step for Linux GitHub Actions runner

Trying out Tyrrrz/GitHubActionsTestLogger on Linux Runner

Fix for trying out Tyrrrz/GitHubActionsTestLogger on Linux Runner

Another Fix for Tyrrrz/GitHubActionsTestLogger on Linux Runner

Debug GITHUB_WORKSPACE value for Tyrrrz/GitHubActionsTestLogger

Debug Tyrrrz/GitHubActionsTestLogger source link generation

More debugging Tyrrrz/GitHubActionsTestLogger source link generation

More debugging Tyrrrz/GitHubActionsTestLogger source link generation

Cleanup GitHub Action Workflow YAML for .NET Core 8.0 on Windows & Linux

Fix GitHub Action Workflow YAML for .NET Core 8.0 on Windows & Linux

Tweak to GitHub Action Workflow YAML for .NET Core 8.0 on Windows

Fix paths in dotnet test step for Windows .NET Core Action

Debug Windows .NET Core 8.0 Test Result Generation

Fix Windows .NET Core 8.0 Test Result Generation

Separate Test Run and Test Results step for Windows Runner .NET Core 8.0

Restore working directory info to Windows test run step

More YAML action updates for Linux and Windows .NET Core 8.0 runners

More tweaks to GitHub Actions for test runs on Windows and Linux

Fix to running tests in Linux GitHub Action

Fix to path to Coverlet on Linux test runner

Lint cleanup for ChallengeConfigMatchTests Certify Core Unit Tests

Refactors to speed up execution of CertifyManagerAccountTests Unit Tests

Test out using Linux Docker containers on Windows GitHub Action Runner

Debug Docker location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

Simplify Docker Info command output in CertifyManagerAccountTests

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

More debugging DockerCli.exe location in GitHub Actions Windows Runner

Restore using Windows Docker Image for Windows Runners in GitHub Actions

Test Caching NuGet Dependencies for Linux and Windows GitHub Actions

Remove blank Constructor methods to enable debugging in .NET 4.6.2

Fix Unit/Integration tests stalling in 4.6.2 when using CertifyManager

Re-enable Windows 4.6.2 Certify Core Unit Test GitHub Action Workflow

Fix to Windows .NET 4.6.2 test run GitHub Action Workflow

Disable Coverage Report for .NET 4.6.2 until issue can be determined

Fix Test Result generation for Windows .NET 4.6.2 runs

Fix for enabling Coverage Report on 4.6.2 Windows Test Runs

Another fix for enabling Coverage Report on 4.6.2 Windows Test Runs

Script fix for enabling Coverage Report on 4.6.2 Windows Test Runs

YAML fixes for caching NuGet dependencies

Fixes to Windows NuGet dependency caching

Disable archiving Test Artifacts on all GitHub Actions Test Jobs

More tweaks to NuGet Dependency caching in GitHub Actions

Simplify Code Coverage Generation for 4.6.2 runs

Simplify testing commands for GitHub Actions using .runsettings files

Further fixes to GitHub Actions report generation

Fix Linux Test Results Directory to match value from ${{ runner.os }}

Filter unused DataStore Plugins from Unit Test Reports with Coverlet

Add basic Unit Test for Certify.Service so it shows on 4.6.2 coverage

Expand tests for Certify.Service

Additional Certify.Service tests

Update 4_6_2_Core_Unit_Tests_Win.yaml

add conditions for plugin checkout to match current release and development branch names
Update 8_0_Core_Unit_Tests_Linux.yaml

Update conditional for plugin repo checkout
Update 8_0_Core_Unit_Tests_Win.yaml

Update conditional for plugin repo checkout
---
 .../workflows/4_6_2_Core_Unit_Tests_Win.yaml  | 114 +++++
 .../workflows/8_0_Core_Unit_Tests_Linux.yaml  | 114 +++++
 .../workflows/8_0_Core_Unit_Tests_Win.yaml    | 114 +++++
 .../CertifyManager/CertifyManager.cs          |  11 +-
 .../CertRequestTests.cs                       |   3 +-
 .../CertifyManagerServerTypeTests.cs          |   1 +
 .../CertifyManagerTests.cs                    |   5 +
 .../DeploymentPreviewTests.cs                 |   1 +
 .../DeploymentTaskTests.cs                    |   6 +
 .../RdapTests.cs                              |   6 -
 .../CAFailoverTests.cs                        |   4 +-
 .../Certify.Core.Tests.Unit.csproj            |  10 +
 .../CertifyManagerAccountTests.cs             | 249 ++++++----
 .../CertifyServiceTests.cs                    | 430 ++++++++++++++++++
 .../ChallengeConfigMatchTests.cs              |   2 -
 .../Certify.Core.Tests.Unit/MiscTests.cs      |   8 +-
 .../Certify.Core.Tests.Unit/RdapTests.cs      |   6 -
 .../step-ca-win-init.bat                      |  52 ++-
 .../step-ca-win.dockerfile                    |   2 +-
 .../unit-test-462.runsettings                 |  48 ++
 .../unit-test-8-0-linux.runsettings           |  36 ++
 .../unit-test-8-0.runsettings                 |  36 ++
 .../windows_compose.yaml                      |   5 +
 23 files changed, 1149 insertions(+), 114 deletions(-)
 create mode 100644 .github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
 create mode 100644 .github/workflows/8_0_Core_Unit_Tests_Linux.yaml
 create mode 100644 .github/workflows/8_0_Core_Unit_Tests_Win.yaml
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings

diff --git a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
new file mode 100644
index 000000000..eb7405068
--- /dev/null
+++ b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
@@ -0,0 +1,114 @@
+name: build and test .NET 4.6.2 Windows
+
+on:
+  push:
+  pull_request:
+    branches: [ release, development ]
+    paths:
+    - '**.cs'
+    - '**.csproj'
+
+env:
+  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+
+jobs:
+  build-and-test:
+    # if: ${{ ! always() }}
+    name: build-and-test-windows
+    runs-on: windows-latest
+    steps:
+    - name: Clone webprofusion/certify
+      uses: actions/checkout@master
+      with:
+        path: ./certify
+
+    - name: Clone webprofusion/anvil
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/anvil
+        ref: refs/heads/main
+        path: ./libs/anvil
+
+    - name: Clone webprofusion/certify-plugins (development branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_dev') || github.ref_name == 'development') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/development    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (release branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_rel') || github.ref_name == 'release') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/release    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (pull request)
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: ${{ github.base_ref }}    
+        path: ./certify-plugins
+
+    - name: Setup .NET Core
+      uses: actions/setup-dotnet@master
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+
+    - name: Setup Step CLI
+      run: |
+        Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'
+        tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files"
+        echo "C:\Program Files\step_0.24.4\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+    - name: Pull step-ca Docker Image
+      run: docker pull jrnelson90/step-ca-win
+
+    - name: Cache NuGet Dependencies    
+      uses: actions/cache@v3
+      with:
+        path: ~/.nuget/packages
+        # Look to see if there is a cache hit for the corresponding requirements file
+        key: ${{ runner.os }}-4.6.2-nuget-${{ hashFiles('./certify/src/Certify.Tests/Certify.Core.Tests.Unit/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-4.6.2-nuget
+
+    - name: Install Dependencies & Build Certify.Core.Tests.Unit
+      run: |
+        dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
+        dotnet add package GitHubActionsTestLogger
+        dotnet add package coverlet.collector
+        dotnet build -c Debug -f net462 --property WarningLevel=0 /clp:ErrorsOnly
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+
+    - name: Run Certify.Core.Tests.Unit Tests
+      run: |
+        $env:GITHUB_WORKSPACE="$env:GITHUB_WORKSPACE\certify"
+        $env:GITHUB_STEP_SUMMARY=".\TestResults-4_6_2-${{ runner.os }}\test-summary.md"
+        dotnet test --no-build -f net462 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+
+    - name: Generated Test Results Report
+      run: |
+        echo "# Test Results" | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8
+        (Get-Content -Path .\TestResults-4_6_2-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    - name: Generated Test Coverage Report
+      run: |
+        reportgenerator -reports:./TestResults-4_6_2-${{ runner.os }}/*/*.cobertura.xml -targetdir:./TestResults-4_6_2-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        Get-Content -Path ./TestResults-4_6_2-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    # - name: Upload dotnet test Artifacts
+    #   uses: actions/upload-artifact@master
+    #   with:
+    #     name: dotnet-results-${{ runner.os }}-${{ env.DOTNET_VERSION }}
+    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-4_6_2-${{ runner.os }}
+    #   # Use always() to always run this step to publish test results when there are test failures
+    #   if: ${{ always() }}
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml b/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
new file mode 100644
index 000000000..a55ee9b9a
--- /dev/null
+++ b/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
@@ -0,0 +1,114 @@
+name: build and test .NET Core 8.0 Linux
+
+on:
+  push:
+  pull_request:
+    branches: [ release, development ]
+    paths:
+    - '**.cs'
+    - '**.csproj'
+
+env:
+  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+
+jobs:
+  build-and-test:
+
+    name: build-and-test-linux
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone webprofusion/certify
+      uses: actions/checkout@master
+      with:
+        path: ./certify
+
+    - name: Clone webprofusion/anvil
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/anvil
+        ref: refs/heads/main
+        path: ./libs/anvil
+
+    - name: Clone webprofusion/certify-plugins (development branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_dev') || github.ref_name == 'development') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/development    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (release branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_rel') || github.ref_name == 'release') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/release    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (pull request)
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: ${{ github.base_ref }}    
+        path: ./certify-plugins
+
+    - name: Setup .NET Core
+      uses: actions/setup-dotnet@master
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+
+    - name: Setup Step CLI
+      run: |
+        wget https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.23.0/step-cli_0.23.0_amd64.deb
+        sudo dpkg -i step-cli_0.23.0_amd64.deb
+
+    - name: Pull step-ca Docker Image
+      run: docker pull smallstep/step-ca
+
+    - name: Cache NuGet Dependencies    
+      uses: actions/cache@v3
+      with:
+        path: ~/.nuget/packages
+        # Look to see if there is a cache hit for the corresponding requirements file
+        key: ${{ runner.os }}-${{ env.DOTNET_VERSION }}-nuget-${{ hashFiles('./certify/src/Certify.Tests/Certify.Core.Tests.Unit/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-${{ env.DOTNET_VERSION }}-nuget
+
+    - name: Install Dependencies & Build Certify.Core.Tests.Unit
+      run: |
+        dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
+        dotnet add package GitHubActionsTestLogger
+        dotnet add package coverlet.collector
+        dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+
+    - name: Run Certify.Core.Tests.Unit Tests
+      run: |
+        export GITHUB_WORKSPACE="$GITHUB_WORKSPACE/certify"
+        export GITHUB_STEP_SUMMARY="./TestResults-8_0-${{ runner.os }}/test-summary.md"
+        dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+
+    - name: Generate Test Results Report
+      run: |
+        echo "# Test Results" > $GITHUB_STEP_SUMMARY
+        sed -i 's/<details>/<details open>/g' ./TestResults-8_0-${{ runner.os }}/test-summary.md
+        cat ./TestResults-8_0-${{ runner.os }}/test-summary.md >> $GITHUB_STEP_SUMMARY
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    - name: Generated Test Coverage Report
+      run: |
+        reportgenerator -reports:./TestResults-8_0-${{ runner.os }}/*/coverage.cobertura.xml -targetdir:./TestResults-8_0-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        cat ./TestResults-8_0-${{ runner.os }}/SummaryGithub.md > $GITHUB_STEP_SUMMARY
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    # - name: Upload dotnet test Artifacts
+    #   uses: actions/upload-artifact@master
+    #   with:
+    #     name: dotnet-results-${{ runner.os }}-${{ env.DOTNET_VERSION }}
+    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-8_0-${{ runner.os }}
+    #   # Use always() to always run this step to publish test results when there are test failures
+    #   if: ${{ always() }}
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Win.yaml b/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
new file mode 100644
index 000000000..740d58ad1
--- /dev/null
+++ b/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
@@ -0,0 +1,114 @@
+name: build and test .NET Core 8.0 Windows
+
+on:
+  push:
+  pull_request:
+    branches: [ release, development ]
+    paths:
+    - '**.cs'
+    - '**.csproj'
+
+env:
+  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+
+jobs:
+  build-and-test:
+
+    name: build-and-test-windows
+    runs-on: windows-latest
+    steps:
+    - name: Clone webprofusion/certify
+      uses: actions/checkout@master
+      with:
+        path: ./certify
+
+    - name: Clone webprofusion/anvil
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/anvil
+        ref: refs/heads/main
+        path: ./libs/anvil
+
+    - name: Clone webprofusion/certify-plugins (development branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_dev') || github.ref_name == 'development') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/development    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (release branch push)
+      if: ${{ github.event_name == 'push' && (contains(github.ref_name, '_rel') || github.ref_name == 'release') }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: refs/heads/release    
+        path: ./certify-plugins
+
+    - name: Clone webprofusion/certify-plugins (pull request)
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: actions/checkout@master
+      with:
+        repository: webprofusion/certify-plugins
+        ref: ${{ github.base_ref }}    
+        path: ./certify-plugins
+
+    - name: Setup .NET Core
+      uses: actions/setup-dotnet@master
+      with:
+        dotnet-version: ${{ env.DOTNET_VERSION }}
+    
+    - name: Setup Step CLI
+      run: |
+        Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'
+        tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files"
+        echo "C:\Program Files\step_0.24.4\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+    - name: Pull step-ca Docker Image
+      run: docker pull jrnelson90/step-ca-win
+
+    - name: Cache NuGet Dependencies    
+      uses: actions/cache@v3
+      with:
+        path: ~/.nuget/packages
+        # Look to see if there is a cache hit for the corresponding requirements file
+        key: ${{ runner.os }}-${{ env.DOTNET_VERSION }}-nuget-${{ hashFiles('./certify/src/Certify.Tests/Certify.Core.Tests.Unit/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-${{ env.DOTNET_VERSION }}-nuget
+
+    - name: Install Dependencies & Build Certify.Core.Tests.Unit
+      run: |
+        dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
+        dotnet add package GitHubActionsTestLogger
+        dotnet add package coverlet.collector
+        dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+
+    - name: Run Certify.Core.Tests.Unit Tests
+      run: |
+        $env:GITHUB_WORKSPACE="$env:GITHUB_WORKSPACE\certify"
+        $env:GITHUB_STEP_SUMMARY=".\TestResults-8_0-${{ runner.os }}\test-summary.md"
+        dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+    
+    - name: Generate Test Results Report
+      run: |
+        echo "# Test Results" | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8
+        (Get-Content -Path .\TestResults-8_0-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    - name: Generated Test Coverage Report
+      run: |
+        reportgenerator -reports:./TestResults-8_0-${{ runner.os }}/*/coverage.cobertura.xml -targetdir:./TestResults-8_0-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        Get-Content -Path ./TestResults-8_0-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
+      working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
+      if: ${{ always() }}
+
+    # - name: Upload dotnet test Artifacts
+    #   uses: actions/upload-artifact@master
+    #   with:
+    #     name: dotnet-results-${{ runner.os }}-${{ env.DOTNET_VERSION }}
+    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-8_0-${{ runner.os }}
+    #   # Use always() to always run this step to publish test results when there are test failures
+    #   if: ${{ always() }}
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 1fd40af2f..8917da2e2 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -533,7 +533,16 @@ public async Task<bool> PerformRenewalTasks()
             return await Task.FromResult(true);
         }
 
-        public void Dispose() => ManagedCertificateLog.DisposeLoggers();
+        public void Dispose() => Cleanup();
+
+        private void Cleanup()
+        {
+            ManagedCertificateLog.DisposeLoggers();
+            if(_tc != null)
+            {
+                _tc.Dispose();
+            }
+        }
 
         /// <summary>
         /// Perform (or preview) an import of settings from another instance
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
index 230c91ddc..b68c6a6b0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
@@ -81,6 +81,7 @@ public async Task TeardownIIS()
         {
             await iisManager.DeleteSite(testSiteName);
             Assert.IsFalse(await iisManager.SiteExists(testSiteName));
+            certifyManager.Dispose();
         }
 
         [TestMethod, TestCategory("MegaTest")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
index cfa981f6b..8fcc9840e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerServerTypeTests.cs
@@ -46,6 +46,7 @@ public async Task TeardownIIS()
         {
             await _iisManager.DeleteSite(_testSiteName);
             Assert.IsFalse(await _iisManager.SiteExists(_testSiteName));
+            _certifyManager.Dispose();
         }
 
         [TestMethod, Description("Happy path test for using CertifyManager.GetPrimaryWebSites() for IIS")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
index 9f3f4c649..d5052a534 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
@@ -19,6 +19,11 @@ public CertifyManagerTests()
             _certifyManager.Init().Wait();
         }
 
+        [TestCleanup] public void Cleanup()
+        {
+            _certifyManager.Dispose();
+        }
+
         [TestMethod, Description("Happy path test for using CertifyManager.GetACMEProvider()")]
         public async Task TestCertifyManagerGetACMEProvider()
         {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
index 038c76688..2970281ff 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
@@ -74,6 +74,7 @@ public async Task TeardownIIS()
         {
             await iisManager.DeleteSite(testSiteName);
             Assert.IsFalse(await iisManager.SiteExists(testSiteName));
+            certifyManager.Dispose();
         }
 
         [TestMethod]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
index 3af000cd7..3022f1216 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
@@ -36,6 +36,12 @@ public DeploymentTaskTests()
             PrimaryTestDomain = ConfigSettings["Cloudflare_TestDomain"];
         }
 
+        [TestCleanup]   
+        public void Cleanup()
+        {
+            certifyManager?.Dispose();
+        }
+
         private DeploymentTaskConfig GetMockTaskConfig(
             string name,
             string msg = "Hello World",
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/RdapTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/RdapTests.cs
index 743806cf8..62292dba2 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/RdapTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/RdapTests.cs
@@ -8,12 +8,6 @@ namespace Certify.Core.Tests
     [TestClass]
     public class RdapTests
     {
-
-        public RdapTests()
-        {
-
-        }
-
         [TestMethod, Description("Test Rdap Query")]
         [DataTestMethod]
         [DataRow("example.com", "OK", null)]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
index c163e6d27..d6bbbabfd 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
@@ -203,7 +203,7 @@ public void TestBasicNoFallbacks()
             var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts.FindAll(a => a.IsStagingAccount == false), managedCertificate, defaultCAAccount);
 
             // assert result
-            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, "Default CA should be selected");
+            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, $"Default CA should be selected: returned CA {selectedAccount.CertificateAuthorityId}");
             Assert.IsFalse(selectedAccount.IsFailoverSelection, "Account should not be marked as a failover choice");
         }
 
@@ -231,7 +231,7 @@ public void TestBasicNextFallbackNull()
             var selectedAccount = RenewalManager.SelectCAWithFailover(caList, accounts, managedCertificate, defaultCAAccount);
 
             // assert result
-            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, "Default CA should be selected");
+            Assert.IsTrue(selectedAccount.CertificateAuthorityId == DEFAULTCA, $"Default CA should be selected: returned CA {selectedAccount.CertificateAuthorityId}");
             Assert.IsFalse(selectedAccount.IsFailoverSelection, "Account should not be marked as a failover choice");
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 4cdfda0e1..4800cb76e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -101,6 +101,15 @@
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net462'">
+    <RunSettingsFilePath>.\unit-test-462.runsettings</RunSettingsFilePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net8.0'">
+    <RunSettingsFilePath>.\unit-test-8-0.runsettings</RunSettingsFilePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='UNIX|net8.0'">
+    <RunSettingsFilePath>.\unit-test-8-0-linux.runsettings</RunSettingsFilePath>
+  </PropertyGroup>
   <ItemGroup>
     <None Remove="Assets\badcert.pfx" />
     <None Remove="Assets\dummycert.pfx" />
@@ -140,6 +149,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="MedallionShell" Version="1.6.2" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
index 1aa31f23d..44ca2ef33 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
@@ -6,6 +6,7 @@
 using System.Net.Http;
 using System.Runtime.InteropServices;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
 using Certify.ACME.Anvil;
 using Certify.Management;
@@ -21,35 +22,90 @@
 namespace Certify.Core.Tests.Unit
 {
     [TestClass]
-    public class CertifyManagerAccountTests : IDisposable
+    public class CertifyManagerAccountTests
     {
-        private readonly CertifyManager _certifyManager;
-        private readonly bool _isContainer = Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") == "true";
-        private readonly bool _isWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
-        private readonly string _caDomain;
-        private readonly int _caPort;
-        private IContainer _caContainer;
-        private IVolume _stepVolume;
+        private static readonly bool _isContainer = Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") == "true";
+        private static readonly bool _isWindows = RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+        private static readonly string _winRunnerTempDir = "C:\\Temp\\.step";
+        private static string _caDomain;
+        private static int _caPort;
+        private static IContainer _caContainer;
+        private static IVolume _stepVolume;
+        private static Loggy _log;
+        private CertifyManager _certifyManager;
         private CertificateAuthority _customCa;
         private AccountDetails _customCaAccount;
-        private readonly Loggy _log;
 
-        public CertifyManagerAccountTests()
+        [ClassInitialize]
+        public static async Task ClassInit(TestContext context)
         {
-            _certifyManager = new CertifyManager();
-            _certifyManager.Init().Wait();
             _log = new Loggy(new LoggerConfiguration().WriteTo.Debug().CreateLogger());
 
             _caDomain = _isContainer ? "step-ca" : "localhost";
             _caPort = 9000;
 
-            BootstrapStepCa().Wait();
-            CheckCustomCaIsRunning().Wait();
-            AddCustomCa().Wait();
-            AddNewAccount().Wait();
+            await BootstrapStepCa();
+            await CheckCustomCaIsRunning();
         }
 
-        private async Task BootstrapStepCa()
+        [TestInitialize]
+        public async Task TestInit()
+        {
+            _certifyManager = new CertifyManager();
+            _certifyManager.Init().Wait();
+
+            await AddCustomCa();
+            await AddNewCustomCaAccount();
+            await CheckForExistingLeAccount();
+        }
+
+        [TestCleanup]
+        public async Task Cleanup()
+        {
+            if (_customCaAccount != null)
+            {
+                await _certifyManager.RemoveAccount(_customCaAccount.StorageKey, true);
+            }
+
+            if (_customCa != null)
+            {
+                await _certifyManager.RemoveCertificateAuthority(_customCa.Id);
+            }
+
+            _certifyManager?.Dispose();
+        }
+
+        [ClassCleanup(ClassCleanupBehavior.EndOfClass)]
+        public static async Task ClassCleanup()
+        {
+            if (!_isContainer)
+            {
+                await _caContainer.DisposeAsync();
+                if (_stepVolume != null)
+                {
+                    await _stepVolume.DeleteAsync();
+                    await _stepVolume.DisposeAsync();
+                }
+                else
+                {
+                    Directory.Delete(_winRunnerTempDir, true);
+                }
+            }
+
+            var stepConfigPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "config");
+            if (Directory.Exists(stepConfigPath))
+            {
+                Directory.Delete(stepConfigPath, true);
+            }
+
+            var stepCertsPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "certs");
+            if (Directory.Exists(stepCertsPath))
+            {
+                Directory.Delete(stepCertsPath, true);
+            }
+        }
+
+        private static async Task BootstrapStepCa()
         {
             string stepCaFingerprint;
 
@@ -68,45 +124,81 @@ private async Task BootstrapStepCa()
             }
             else
             {
+                var dockerInfo = RunCommand("docker", "info --format \"{{ .OSType }}\"", "Get Docker Info");
+                var runningWindowsDockerEngine = dockerInfo.output.Contains("windows");
+
                 // Start new step-ca container
-                await StartStepCaContainer();
+                await StartStepCaContainer(runningWindowsDockerEngine);
 
                 // Read step-ca fingerprint from config file
-                var stepCaConfigBytes = await _caContainer.ReadFileAsync("/home/step/config/defaults.json");
-                var stepCaConfigJson = JsonReader.ReadBytes<StepCaConfig>(stepCaConfigBytes);
-                stepCaFingerprint = stepCaConfigJson.fingerprint;
+                if (_isWindows && runningWindowsDockerEngine)
+                {
+                    // Read step-ca fingerprint from config file
+                    var stepCaConfigJson = JsonReader.ReadFile<StepCaConfig>($"{_winRunnerTempDir}\\config\\defaults.json");
+                    stepCaFingerprint = stepCaConfigJson.fingerprint;
+                } else
+                {
+                    var stepCaConfigBytes = await _caContainer.ReadFileAsync("/home/step/config/defaults.json");
+                    var stepCaConfigJson = JsonReader.ReadBytes<StepCaConfig>(stepCaConfigBytes);
+                    stepCaFingerprint = stepCaConfigJson.fingerprint;
+                }
             }
 
             // Run bootstrap command
-            //var command = $"ca bootstrap -f --ca-url https://{_caDomain}:{_caPort} --fingerprint {stepCaFingerprint} --install";
-            var command = $"ca bootstrap -f --ca-url https://{_caDomain}:{_caPort} --fingerprint {stepCaFingerprint}";
-            RunCommand("step", command, "Bootstrap Step CA Script", 1000 * 30);
+            var args = $"ca bootstrap -f --ca-url https://{_caDomain}:{_caPort} --fingerprint {stepCaFingerprint}";
+            RunCommand("step", args, "Bootstrap Step CA Script", 1000 * 30);
         }
 
-        private async Task StartStepCaContainer()
+        private static async Task StartStepCaContainer(bool runningWindowsDockerEngine)
         {
             try
             {
-                // Create new volume for step-ca container
-                _stepVolume = new VolumeBuilder().WithName("step").Build();
-                await _stepVolume.CreateAsync();
-
-                // Create new step-ca container
-                _caContainer = new ContainerBuilder()
-                    .WithName("step-ca")
-                    // Set the image for the container to "smallstep/step-ca:latest".
-                    .WithImage("smallstep/step-ca:latest")
-                    .WithVolumeMount(_stepVolume, "/home/step")
-                    // Bind port 9000 of the container to port 9000 on the host.
-                    .WithPortBinding(_caPort)
-                    .WithEnvironment("DOCKER_STEPCA_INIT_NAME", "Smallstep")
-                    .WithEnvironment("DOCKER_STEPCA_INIT_DNS_NAMES", _caDomain)
-                    .WithEnvironment("DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT", "true")
-                    .WithEnvironment("DOCKER_STEPCA_INIT_ACME", "true")
-                    // Wait until the HTTPS endpoint of the container is available.
-                    .WithWaitStrategy(Wait.ForUnixContainer().UntilMessageIsLogged($"Serving HTTPS on :{_caPort} ..."))
-                    // Build the container configuration.
-                    .Build();
+                if (_isWindows && runningWindowsDockerEngine)
+                {
+                    if (!Directory.Exists(_winRunnerTempDir)) {
+                        Directory.CreateDirectory(_winRunnerTempDir);
+                    }
+
+                    // Create new step-ca container
+                    _caContainer = new ContainerBuilder()
+                        .WithName("step-ca")
+                        // Set the image for the container to "jrnelson90/step-ca-win:latest".
+                        .WithImage("jrnelson90/step-ca-win:latest")
+                        .WithBindMount(_winRunnerTempDir, "C:\\Users\\ContainerUser\\.step")
+                        // Bind port 9000 of the container to port 9000 on the host.
+                        .WithPortBinding(_caPort)
+                        .WithEnvironment("DOCKER_STEPCA_INIT_NAME", "Smallstep")
+                        .WithEnvironment("DOCKER_STEPCA_INIT_DNS_NAMES", _caDomain)
+                        .WithEnvironment("DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT", "true")
+                        .WithEnvironment("DOCKER_STEPCA_INIT_ACME", "true")
+                        // Wait until the HTTPS endpoint of the container is available.
+                        .WithWaitStrategy(Wait.ForUnixContainer().UntilMessageIsLogged($"Serving HTTPS on :{_caPort} ..."))
+                        // Build the container configuration.
+                        .Build();
+                } 
+                else
+                {
+                    // Create new volume for step-ca container
+                    _stepVolume = new VolumeBuilder().WithName("step").Build();
+                    await _stepVolume.CreateAsync();
+
+                    // Create new step-ca container
+                    _caContainer = new ContainerBuilder()
+                        .WithName("step-ca")
+                        // Set the image for the container to "smallstep/step-ca:latest".
+                        .WithImage("smallstep/step-ca:latest")
+                        .WithVolumeMount(_stepVolume, "/home/step")
+                        // Bind port 9000 of the container to port 9000 on the host.
+                        .WithPortBinding(_caPort)
+                        .WithEnvironment("DOCKER_STEPCA_INIT_NAME", "Smallstep")
+                        .WithEnvironment("DOCKER_STEPCA_INIT_DNS_NAMES", _caDomain)
+                        .WithEnvironment("DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT", "true")
+                        .WithEnvironment("DOCKER_STEPCA_INIT_ACME", "true")
+                        // Wait until the HTTPS endpoint of the container is available.
+                        .WithWaitStrategy(Wait.ForUnixContainer().UntilMessageIsLogged($"Serving HTTPS on :{_caPort} ..."))
+                        // Build the container configuration.
+                        .Build();
+                }
 
                 // Start step-ca container
                 await _caContainer.StartAsync();
@@ -154,7 +246,7 @@ private class StepCaConfig
             public string root;
         }
 
-        private void RunCommand(string program, string args, string description = null, int timeoutMS = 1000 * 5)
+        private static CommandOutput RunCommand(string program, string args, string description = null, int timeoutMS = Timeout.Infinite)
         {
             if (description == null) { description = string.Concat(program, " ", args); }
             
@@ -165,7 +257,6 @@ private void RunCommand(string program, string args, string description = null,
             {
                 FileName = program,
                 Arguments = args,
-                RedirectStandardInput = true,
                 RedirectStandardOutput = true,
                 RedirectStandardError = true,
                 UseShellExecute = false,
@@ -199,7 +290,7 @@ private void RunCommand(string program, string args, string description = null,
                 process.BeginOutputReadLine();
                 process.BeginErrorReadLine();
 
-                process.WaitForExit(timeoutMS);
+                process.WaitForExit(timeoutMS); 
             }
             catch (Exception exp)
             {
@@ -207,10 +298,19 @@ private void RunCommand(string program, string args, string description = null,
                 throw;
             }
 
-            _log.Information($"{description} Successful");
+            _log.Information($"{description} is Finished");
+
+            return new CommandOutput { errorOutput = errorOutput, output = output, exitCode = process.ExitCode };
+        }
+
+        private struct CommandOutput
+        {
+            public string errorOutput { get; set; }
+            public string output { get; set; }
+            public int exitCode { get; set; }
         }
 
-        private async Task CheckCustomCaIsRunning()
+        private static async Task CheckCustomCaIsRunning()
         {
             var httpHandler = new HttpClientHandler();
 
@@ -244,7 +344,8 @@ private async Task AddCustomCa()
                     CertAuthoritySupportedRequests.DOMAIN_MULTIPLE_SAN.ToString(),
                     CertAuthoritySupportedRequests.DOMAIN_WILDCARD.ToString()
                 },
-                SupportedKeyTypes = new List<string>{
+                SupportedKeyTypes = new List<string>
+                {
                     StandardKeyTypes.ECDSA256,
                 }
             };
@@ -252,7 +353,7 @@ private async Task AddCustomCa()
             Assert.IsTrue(updateCaRes.IsSuccess, $"Expected Custom CA creation for CA with ID {_customCa.Id} to be successful");
         }
 
-        private async Task AddNewAccount()
+        private async Task AddNewCustomCaAccount()
         {
             if (_customCa?.Id != null)
             {
@@ -273,40 +374,24 @@ private async Task AddNewAccount()
             }
         }
 
-        public void Dispose() => Cleanup().Wait();
-
-        private async Task Cleanup()
+        private async Task CheckForExistingLeAccount()
         {
-            if (_customCaAccount != null)
-            {
-                await _certifyManager.RemoveAccount(_customCaAccount.StorageKey, true);
-            }
-
-            if (_customCa != null)
-            {
-                await _certifyManager.RemoveCertificateAuthority(_customCa.Id);
-            }
-
-            if (!_isContainer)
-            {
-                await _caContainer.DisposeAsync();
-                await _stepVolume.DeleteAsync();
-                await _stepVolume.DisposeAsync();
-            }
-            
-            var stepConfigPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "config");
-            if (Directory.Exists(stepConfigPath))
+            if ((await _certifyManager.GetAccountRegistrations()).Find(a => a.CertificateAuthorityId == "letsencrypt.org") == null)
             {
-                Directory.Delete(stepConfigPath, true);
-            }
+                var contactRegistration = new ContactRegistration
+                {
+                    AgreedToTermsAndConditions = true,
+                    CertificateAuthorityId = "letsencrypt.org",
+                    EmailAddress = "admin." + Guid.NewGuid().ToString().Substring(0, 6) + "@test.com",
+                    ImportedAccountKey = "",
+                    ImportedAccountURI = "",
+                    IsStaging = true
+                };
 
-            var stepCertsPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".step", "certs");
-            if (Directory.Exists(stepCertsPath))
-            {
-                Directory.Delete(stepCertsPath, true);
+                // Add account
+                var addAccountRes = await _certifyManager.AddAccount(contactRegistration);
+                Assert.IsTrue(addAccountRes.IsSuccess, $"Expected account creation to be successful for {contactRegistration.EmailAddress}");
             }
-
-            _certifyManager?.Dispose();
         }
 
         [TestMethod, Description("Happy path test for using CertifyManager.GetAccountDetails()")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs
new file mode 100644
index 000000000..92a342980
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs
@@ -0,0 +1,430 @@
+using Certify.Models;
+using Certify.Models.Config;
+using Certify.Shared;
+using Medallion.Shell;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+
+namespace Certify.Core.Tests.Unit
+{
+#if NET462
+    [TestClass]
+    public class CertifyServiceTests
+    {
+        private HttpClient _httpClient;
+        private string serviceUri;
+
+        public CertifyServiceTests() {
+            var serviceConfig = SharedUtils.ServiceConfigManager.GetAppServiceConfig();
+            serviceUri = $"{(serviceConfig.UseHTTPS ? "https" : "http")}://{serviceConfig.Host}:{serviceConfig.Port}";
+            var httpHandler = new HttpClientHandler { UseDefaultCredentials = true };
+            _httpClient = new HttpClient(httpHandler);
+            _httpClient.DefaultRequestHeaders.Add("User-Agent", "Certify/App");
+            _httpClient.BaseAddress = new Uri(serviceUri+"/api/");
+        }
+
+        private async Task <Command> StartCertifyService(string args = "")
+        {
+            Command certifyService;
+            if (args == "")
+            {
+                certifyService = Command.Run(".\\Certify.Service.exe");
+                await Task.Delay(2000);
+            }
+            else
+            {
+                certifyService = Command.Run(".\\Certify.Service.exe", args);
+            }
+
+            return certifyService;
+        }
+
+        private async Task<CommandResult> StopCertifyService(Command certifyService)
+        {
+            await certifyService.TrySignalAsync(CommandSignal.ControlC);
+
+            var cmdResult = await certifyService.Task;
+
+            Assert.AreEqual(cmdResult.ExitCode, 0, "Unexpected exit code");
+
+            return cmdResult;
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe does not start with args from CLI")]
+        public async Task TestProgramMainFailsWithArgsCli()
+        {
+            var certifyService = await StartCertifyService("args");
+
+            var cmdResult = await certifyService.Task;
+
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("Topshelf.HostFactory Error: 0 : An exception occurred creating the host, Topshelf.HostConfigurationException: The service was not properly configured:"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("Topshelf.HostFactory Error: 0 : The service terminated abnormally, Topshelf.HostConfigurationException: The service was not properly configured:"));
+
+            Assert.AreEqual(cmdResult.ExitCode, 1067, "Unexpected exit code");
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe starts from CLI with no args")]
+        public async Task TestProgramMainStartsCli()
+        {
+            var certifyService = await StartCertifyService();
+
+            var cmdResult = await StopCertifyService(certifyService);
+
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("[Success] Name Certify.Service"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("[Success] DisplayName Certify Certificate Manager Service (Instance: Debug)"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("[Success] Description Certify Certificate Manager Service"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("[Success] InstanceName Debug"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("[Success] ServiceName Certify.Service$Debug"));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("The Certify.Service$Debug service is now running, press Control+C to exit."));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("Control+C detected, attempting to stop service."));
+            Assert.IsTrue(cmdResult.StandardOutput.Contains("The Certify.Service$Debug service has stopped."));
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/system/appversion")]
+        public async Task TestCertifyServiceAppVersionRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var versionRawRes = await _httpClient.GetAsync("system/appversion");
+                var versionResStr = await versionRawRes.Content.ReadAsStringAsync();
+                var versionRes = JsonConvert.DeserializeObject<string>(versionResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, versionRawRes.StatusCode, $"Unexpected status code from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                StringAssert.Matches(versionRes, new Regex(@"^(\d+\.)?(\d+\.)?(\d+\.)?(\*|\d+)$"), $"Unexpected response from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri} : {versionResStr}");                
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid respose on route GET /api/system/updatecheck")]
+        public async Task TestCertifyServiceUpdateCheckRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var updatesRawRes = await _httpClient.GetAsync("system/updatecheck");
+                var updateRawResStr = await updatesRawRes.Content.ReadAsStringAsync();
+                var updateRes = JsonConvert.DeserializeObject<UpdateCheck>(updateRawResStr);
+                
+                Assert.AreEqual(HttpStatusCode.OK, updatesRawRes.StatusCode, $"Unexpected status code from GET {updatesRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsFalse(updateRes.MustUpdate);
+                Assert.IsFalse(updateRes.IsNewerVersion);
+                Assert.AreEqual(updateRes.InstalledVersion.ToString(), updateRes.Version.ToString());
+                Assert.AreEqual("", updateRes.UpdateFilePath);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/system/diagnostics")]
+        public async Task TestCertifyServiceDiagnosticsRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var diagnosticsRawRes = await _httpClient.GetAsync("system/diagnostics");
+                var diagnosticsRawResStr = await diagnosticsRawRes.Content.ReadAsStringAsync();
+                var diagnosticsRes = JsonConvert.DeserializeObject<List<ActionResult>>(diagnosticsRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, diagnosticsRawRes.StatusCode, $"Unexpected status code from GET {diagnosticsRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.AreEqual(4, diagnosticsRes.Count);
+
+                Assert.AreEqual("Created test temp file OK.", diagnosticsRes[0].Message);
+                Assert.IsTrue(diagnosticsRes[0].IsSuccess);
+                Assert.IsFalse(diagnosticsRes[0].IsWarning);
+                Assert.AreEqual(null, diagnosticsRes[0].Result);
+
+                Assert.AreEqual($"Drive {Environment.GetEnvironmentVariable("SystemDrive")} has more than 512MB of disk space free.", diagnosticsRes[1].Message);
+                Assert.IsTrue(diagnosticsRes[1].IsSuccess);
+                Assert.IsFalse(diagnosticsRes[1].IsWarning);
+                Assert.AreEqual(null, diagnosticsRes[1].Result);
+
+                Assert.AreEqual("System time is correct.", diagnosticsRes[2].Message);
+                Assert.IsTrue(diagnosticsRes[2].IsSuccess);
+                Assert.IsFalse(diagnosticsRes[2].IsWarning);
+                Assert.AreEqual(null, diagnosticsRes[2].Result);
+
+                Assert.AreEqual("PowerShell 5.0 or higher is available.", diagnosticsRes[3].Message);
+                Assert.IsTrue(diagnosticsRes[3].IsSuccess);
+                Assert.IsFalse(diagnosticsRes[3].IsWarning);
+                Assert.AreEqual(null, diagnosticsRes[3].Result);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/system/datastores/providers")]
+        public async Task TestCertifyServiceDatastoreProvidersRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreProvidersRawRes = await _httpClient.GetAsync("system/datastores/providers");
+                var datastoreProvidersRawResStr = await datastoreProvidersRawRes.Content.ReadAsStringAsync();
+                var datastoreProvidersRes = JsonConvert.DeserializeObject<List<ProviderDefinition>>(datastoreProvidersRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreProvidersRawRes.StatusCode, $"Unexpected status code from GET {datastoreProvidersRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/system/datastores/")]
+        public async Task TestCertifyServiceDatastoresRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route POST /api/system/datastores/test")]
+        public async Task TestCertifyServiceDatastoresTestRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+
+                var datastoreTestRawRes = await _httpClient.PostAsJsonAsync("system/datastores/test", datastoreRes[0]);
+                var datastoreTestRawResStr = await datastoreTestRawRes.Content.ReadAsStringAsync();
+                var datastoreTestRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreTestRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreTestRawRes.StatusCode, $"Unexpected status code from POST {datastoreTestRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreTestRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route POST /api/system/datastores/update")]
+        public async Task TestCertifyServiceDatastoresUpdateRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+
+                var datastoreUpdateRawRes = await _httpClient.PostAsJsonAsync("system/datastores/update", datastoreRes[0]);
+                var datastoreUpdateRawResStr = await datastoreUpdateRawRes.Content.ReadAsStringAsync();
+                var datastoreUpdateRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreUpdateRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreUpdateRawRes.StatusCode, $"Unexpected status code from POST {datastoreUpdateRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreUpdateRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route POST /api/system/datastores/setdefault/{dataStoreId}")]
+        public async Task TestCertifyServiceDatastoresSetDefaultRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+
+                var datastoreSetDefaultRawRes = await _httpClient.PostAsync($"system/datastores/setdefault/{datastoreRes[0].Id}", new StringContent(""));
+                var datastoreSetDefaultRawResStr = await datastoreSetDefaultRawRes.Content.ReadAsStringAsync();
+                var datastoreSetDefaultRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreSetDefaultRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreSetDefaultRawRes.StatusCode, $"Unexpected status code from POST {datastoreSetDefaultRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreSetDefaultRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route POST /api/system/datastores/delete")]
+        [Ignore]
+        public async Task TestCertifyServiceDatastoresDeleteRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+
+                var datastoreDeleteRawRes = await _httpClient.PostAsync("system/datastores/delete", new StringContent(datastoreRes[0].Id));
+                var datastoreDeleteRawResStr = await datastoreDeleteRawRes.Content.ReadAsStringAsync();
+                var datastoreDeleteRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreDeleteRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreDeleteRawRes.StatusCode, $"Unexpected status code from POST {datastoreDeleteRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreDeleteRes.Count >= 1);
+
+                var datastoreUpdateRawRes = await _httpClient.PostAsJsonAsync("system/datastores/update", datastoreRes[0]);
+                var datastoreUpdateRawResStr = await datastoreUpdateRawRes.Content.ReadAsStringAsync();
+                var datastoreUpdateRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreUpdateRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreUpdateRawRes.StatusCode, $"Unexpected status code from POST {datastoreUpdateRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreUpdateRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route POST /api/system/datastores/copy/{sourceId}/{destId}")]
+        [Ignore]
+        public async Task TestCertifyServiceDatastoresCopyRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                var datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                var datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 1);
+
+                var newDataStoreId = "default-copy";
+                var datastoreCopyRawRes = await _httpClient.PostAsync($"system/datastores/copy/{datastoreRes[0].Id}/{newDataStoreId}", new StringContent(""));
+                var datastoreCopyRawResStr = await datastoreCopyRawRes.Content.ReadAsStringAsync();
+                var datastoreCopyRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreCopyRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreCopyRawRes.StatusCode, $"Unexpected status code from POST {datastoreCopyRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreCopyRes.Count >= 1);
+
+                datastoreRawRes = await _httpClient.GetAsync("system/datastores/");
+                datastoreRawResStr = await datastoreRawRes.Content.ReadAsStringAsync();
+                datastoreRes = JsonConvert.DeserializeObject<List<DataStoreConnection>>(datastoreRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreRawRes.StatusCode, $"Unexpected status code from GET {datastoreRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreRes.Count >= 2);
+
+                var datastoreDeleteRawRes = await _httpClient.PostAsJsonAsync<string>("system/datastores/delete", newDataStoreId);
+                var datastoreDeleteRawResStr = await datastoreDeleteRawRes.Content.ReadAsStringAsync();
+                var datastoreDeleteRes = JsonConvert.DeserializeObject<List<ActionStep>>(datastoreDeleteRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, datastoreDeleteRawRes.StatusCode, $"Unexpected status code from POST {datastoreDeleteRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(datastoreDeleteRes.Count >= 1);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/server/isavailable/{serverType}")]
+        public async Task TestCertifyServiceServerIsavailableRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var isAvailableRawRes = await _httpClient.GetAsync($"server/isavailable/{StandardServerTypes.IIS}");
+                var isAvailableRawResStr = await isAvailableRawRes.Content.ReadAsStringAsync();
+                var isAvailableRes = JsonConvert.DeserializeObject<bool>(isAvailableRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, isAvailableRawRes.StatusCode, $"Unexpected status code from GET {isAvailableRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                Assert.IsTrue(isAvailableRes);
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/server/sitelist/{serverType}")]
+        public async Task TestCertifyServiceServerSitelistRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var sitelistRawRes = await _httpClient.GetAsync($"server/sitelist/{StandardServerTypes.IIS}");
+                var sitelistRawResStr = await sitelistRawRes.Content.ReadAsStringAsync();
+                var sitelistRes = JsonConvert.DeserializeObject<List<SiteInfo>>(sitelistRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, sitelistRawRes.StatusCode, $"Unexpected status code from GET {sitelistRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+
+        [TestMethod, Description("Validate that Certify.Service.exe returns a valid response on route GET /api/server/version/{serverType}")]
+        public async Task TestCertifyServiceServerVersionRoute()
+        {
+            var certifyService = await StartCertifyService();
+
+            try
+            {
+                var versionRawRes = await _httpClient.GetAsync($"server/version/{StandardServerTypes.IIS}");
+                var versionRawResStr = await versionRawRes.Content.ReadAsStringAsync();
+                var versionRes = JsonConvert.DeserializeObject<string>(versionRawResStr);
+
+                Assert.AreEqual(HttpStatusCode.OK, versionRawRes.StatusCode, $"Unexpected status code from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri}");
+                StringAssert.Matches(versionRes, new Regex(@"^(\d+\.)?(\*|\d+)$"), $"Unexpected response from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri} : {versionRawResStr}");
+            }
+            finally
+            {
+                await StopCertifyService(certifyService);
+            }
+        }
+    }
+#endif
+}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
index 2053786f1..7ef2d122a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
@@ -144,8 +144,6 @@ public void ChallengeDelegationRuleTests()
         [TestMethod, Description("Ensure correct challenge config selected when rule is blank")]
         public void ChallengeDelegationRuleBlankRule()
         {
-            // wildcard rule tests [any subdomain source, any subdomain target]
-            var testRule = "*.test.com:*.auth.test.co.uk";
             var result = Management.Challenges.DnsChallengeHelper.ApplyChallengeDelegationRule("test.com", "_acme-challenge.test.com", null);
             Assert.AreEqual("_acme-challenge.test.com", result);
         }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
index c382954f3..abdee2668 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Threading.Tasks;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -8,12 +8,6 @@ namespace Certify.Core.Tests.Unit
     [TestClass]
     public class MiscTests
     {
-
-        public MiscTests()
-        {
-
-        }
-
         [TestMethod, Description("Test null/blank coalesce of string")]
         public void TestNullOrBlankCoalesce()
         {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs
index 6e4d50931..cb6c25d63 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs
@@ -7,12 +7,6 @@ namespace Certify.Core.Tests.Unit
     [TestClass]
     public class RdapTests
     {
-
-        public RdapTests()
-        {
-
-        }
-
         [TestMethod, Description("Test domain TLD check")]
         [DataTestMethod]
         [DataRow("example.com", "com")]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
index c2a262060..56fde2918 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-init.bat
@@ -1,23 +1,63 @@
-FOR /F "tokens=* USEBACKQ" %%F IN (`step path`) DO (
+FOR /F "tokens=* USEBACKQ" %%F IN (`step path`) DO (
   SET STEPPATH=%%F
 )
 
+IF EXIST %STEPPATH%\config\ca.json (
+    step-ca --password-file %STEPPATH%\secrets\password %STEPPATH%\config\ca.json
+    EXIT 0
+)
+
+IF "%DOCKER_STEPCA_INIT_NAME%"=="" (
+    echo "there is no ca.json config file; please run step ca init, or provide config parameters via DOCKER_STEPCA_INIT_ vars"
+    EXIT 1
+)
+
+IF "%DOCKER_STEPCA_INIT_DNS_NAMES%"=="" (
+    echo "there is no ca.json config file; please run step ca init, or provide config parameters via DOCKER_STEPCA_INIT_ vars"
+    EXIT 1
+)
+
+IF "%DOCKER_STEPCA_INIT_PROVISIONER_NAME%"=="" SET DOCKER_STEPCA_INIT_PROVISIONER_NAME=admin
+IF "%DOCKER_STEPCA_INIT_ADMIN_SUBJECT%"=="" SET DOCKER_STEPCA_INIT_ADMIN_SUBJECT=step
+IF "%DOCKER_STEPCA_INIT_ADDRESS%"=="" SET DOCKER_STEPCA_INIT_ADDRESS=:9000
+
+IF NOT "%DOCKER_STEPCA_INIT_PASSWORD%"=="" (
+pwsh -Command "Out-File -FilePath "$Env:STEPPATH\password" -InputObject "$Env:DOCKER_STEPCA_INIT_PASSWORD";"^
+ "Out-File -FilePath "$Env:STEPPATH\provisioner_password" -InputObject "$Env:DOCKER_STEPCA_INIT_PASSWORD";"
+) ELSE IF NOT "%DOCKER_STEPCA_INIT_PASSWORD_FILE%"=="" (
+pwsh -Command "Out-File -FilePath "$Env:STEPPATH\password" -InputObject "$Env:DOCKER_STEPCA_INIT_PASSWORD_FILE";"^
+ "Out-File -FilePath "$Env:STEPPATH\provisioner_password" -InputObject "$Env:DOCKER_STEPCA_INIT_PASSWORD_FILE";"
+) ELSE (
 pwsh -Command "$psw = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.tochararray() | Get-Random -Count 40 | Join-String;"^
- "echo $psw;"^
  "Out-File -FilePath "$Env:STEPPATH\password" -InputObject $psw;"^
  "Out-File -FilePath "$Env:STEPPATH\provisioner_password" -InputObject $psw;"^
  "Remove-Variable psw"
+)
+
+setlocal
+
+SET INIT_ARGS=--deployment-type standalone --name %DOCKER_STEPCA_INIT_NAME% --dns %DOCKER_STEPCA_INIT_DNS_NAMES% --provisioner %DOCKER_STEPCA_INIT_PROVISIONER_NAME% --password-file %STEPPATH%\password --provisioner-password-file %STEPPATH%\provisioner_password --address %DOCKER_STEPCA_INIT_ADDRESS%
+
+IF "%DOCKER_STEPCA_INIT_SSH%"=="true" SET INIT_ARGS=%INIT_ARGS% -ssh
+IF "%DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT%"=="true" SET INIT_ARGS=%INIT_ARGS% --remote-management --admin-subject %DOCKER_STEPCA_INIT_ADMIN_SUBJECT%
+
+step ca init %INIT_ARGS%
+SET /p psw=<%STEPPATH%\provisioner_password
+echo "👉 Your CA administrative password is: %psw%"
+echo "🤫 This will only be displayed once."
+
+endlocal
 
-step ca init --deployment-type standalone --name Smallstep --dns localhost --provisioner admin ^
---password-file %STEPPATH%\password --provisioner-password-file %STEPPATH%\provisioner_password ^
---address :9000 --remote-management --admin-subject step
+SET HEALTH_URL=https://%DOCKER_STEPCA_INIT_DNS_NAMES%%DOCKER_STEPCA_INIT_ADDRESS%/health
 
 sdelete64 -accepteula -nobanner -q %STEPPATH%\provisioner_password
 
 move "%STEPPATH%\password" "%STEPPATH%\secrets\password"
 
+:: Current error with running this program in Windows Docker Container causes issue reading DB first time, so they must be deleted to be recreated
 rmdir /s /q %STEPPATH%\db
 
-step ca provisioner add acme --type ACME
+:: Current error with running this program in Windows Docker Container causes ACME not to be set with --acme
+IF "%DOCKER_STEPCA_INIT_ACME%"=="true" step ca provisioner add acme --type ACME
 
 step-ca --password-file %STEPPATH%\secrets\password %STEPPATH%\config\ca.json
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
index 37cba87d9..e653a1724 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
@@ -16,6 +16,6 @@ FROM base AS final
 COPY ./step-ca-win-init.bat .
 COPY --from=netapi /Windows/System32/netapi32.dll /Windows/System32/netapi32.dll
 
-HEALTHCHECK CMD curl -Method GET -f http://localhost:9000/health || exit 1
+HEALTHCHECK CMD curl -Method GET -f %HEALTH_URL% || exit 1
 
 CMD step-ca-win-init.bat && cmd
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings
new file mode 100644
index 000000000..9e1f06a10
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- File name extension must be .runsettings -->
+<RunSettings>
+  <!-- Configurations that affect the Test Framework -->
+  <RunConfiguration>
+    <TestAdaptersPaths>%SystemDrive%\%HOMEPATH%\.nuget\packages\microsoft.codecoverage\17.8.0\build\netstandard2.0</TestAdaptersPaths>
+    <TargetFrameworkVersion>net462</TargetFrameworkVersion>
+    <ResultsDirectory>.\TestResults-4_6_2-windows</ResultsDirectory>
+    <CollectSourceInformation>true</CollectSourceInformation>
+  </RunConfiguration>
+  <!-- Configurations for data collectors -->
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="Code Coverage" uri="datacollector://Microsoft/CodeCoverage/2.0" assemblyQualifiedName="Microsoft.VisualStudio.Coverage.DynamicCoverageDataCollector, Microsoft.VisualStudio.TraceCollector, Version=11.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+        <Configuration>
+          <Format>Cobertura</Format>
+          <CodeCoverage>
+            <!-- Match assembly file paths: -->
+            <ModulePaths>
+              <Include>
+                <ModulePath>.*Certify.*$</ModulePath>
+                <ModulePath>.*Plugin.Datastore.SQLite.dll$</ModulePath>
+              </Include>
+              <Exclude>
+                <ModulePath>.*Certify.Core.Tests.Unit.dll$</ModulePath>
+                <ModulePath>.*Moq.dll$</ModulePath>
+              </Exclude>
+            </ModulePaths>
+            <!--<EnableStaticManagedInstrumentation>True</EnableStaticManagedInstrumentation>
+            <EnableStaticNativeInstrumentationRestore>True</EnableStaticNativeInstrumentationRestore>-->
+            <EnableDynamicManagedInstrumentation>True</EnableDynamicManagedInstrumentation>
+          </CodeCoverage>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+  <!-- Configuration for loggers -->
+  <LoggerRunSettings>
+    <Loggers>
+      <Logger friendlyName="console" enabled="True">
+        <Configuration>
+          <Verbosity>normal</Verbosity>
+        </Configuration>
+      </Logger>
+      <Logger friendlyName="trx" enabled="True" />
+    </Loggers>
+  </LoggerRunSettings>
+</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
new file mode 100644
index 000000000..1ffd818a7
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- File name extension must be .runsettings -->
+<RunSettings>
+  <!-- Configurations that affect the Test Framework -->
+  <RunConfiguration>
+    <TestAdaptersPaths>$HOME/.nuget/packages/coverlet.collector/6.0.0/build/netstandard1.0;$HOME/.nuget/packages/coverlet.msbuild/6.0.0/build</TestAdaptersPaths>
+    <TargetFrameworkVersion>net8.0</TargetFrameworkVersion>
+    <ResultsDirectory>./TestResults-8_0-Linux</ResultsDirectory>
+    <CollectSourceInformation>true</CollectSourceInformation>
+  </RunConfiguration>
+  <!-- Configurations for data collectors -->
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="XPlat code coverage" uri="datacollector://Microsoft/CoverletCodeCoverage/1.0">
+        <Configuration>
+          <Format>cobertura</Format>
+          <!-- [Assembly-Filter]Type-Filter -->
+          <Include>[Certify.*]*,[Plugin.Datastore.SQLite]*</Include>
+          <!-- [Assembly-Filter]Type-Filter -->
+          <IncludeTestAssembly>false</IncludeTestAssembly>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+  <!-- Configuration for loggers -->
+  <LoggerRunSettings>
+    <Loggers>
+      <Logger friendlyName="console" enabled="True">
+        <Configuration>
+          <Verbosity>normal</Verbosity>
+        </Configuration>
+      </Logger>
+      <Logger friendlyName="trx" enabled="True" />
+    </Loggers>
+  </LoggerRunSettings>
+</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings
new file mode 100644
index 000000000..1f1211437
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- File name extension must be .runsettings -->
+<RunSettings>
+  <!-- Configurations that affect the Test Framework -->
+  <RunConfiguration>
+    <TestAdaptersPaths>%SystemDrive%\%HOMEPATH%\.nuget\packages\coverlet.collector\6.0.0\build\netstandard1.0;%SystemDrive%\%HOMEPATH%\.nuget\packages\coverlet.msbuild\6.0.0\build</TestAdaptersPaths>
+    <TargetFrameworkVersion>net8.0</TargetFrameworkVersion>
+    <ResultsDirectory>.\TestResults-8_0-windows</ResultsDirectory>
+    <CollectSourceInformation>true</CollectSourceInformation>
+  </RunConfiguration>
+  <!-- Configurations for data collectors -->
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="XPlat code coverage" uri="datacollector://Microsoft/CoverletCodeCoverage/1.0">
+        <Configuration>
+          <Format>cobertura</Format>
+          <!-- [Assembly-Filter]Type-Filter -->
+          <Include>[Certify.*]*,[Plugin.Datastore.SQLite]*</Include>
+          <!-- [Assembly-Filter]Type-Filter -->
+          <IncludeTestAssembly>false</IncludeTestAssembly>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+  <!-- Configuration for loggers -->
+  <LoggerRunSettings>
+    <Loggers>
+      <Logger friendlyName="console" enabled="True">
+        <Configuration>
+          <Verbosity>normal</Verbosity>
+        </Configuration>
+      </Logger>
+      <Logger friendlyName="trx" enabled="True" />
+    </Loggers>
+  </LoggerRunSettings>
+</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
index 80e4f500c..8dd660ff5 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
@@ -50,6 +50,11 @@ services:
     profiles: ["4_6_2", "8_0"]
     ports:
       - 9000:9000
+    environment:
+      DOCKER_STEPCA_INIT_NAME: Smallstep
+      DOCKER_STEPCA_INIT_DNS_NAMES: localhost
+      DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT: true
+      DOCKER_STEPCA_INIT_ACME: true
     volumes:
       - step:C:\Users\ContainerUser\.step
 

From 38481cfca0a99acae5c13e7d4fa56b9d59169ebd Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 15 Dec 2023 17:06:27 +0800
Subject: [PATCH 096/237] API: simplify access to health endpoint for debugging
 etc

---
 .../Certify.Server.Api.Public/Controllers/v1/SystemController.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index efdef9c32..09d69d291 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -46,6 +46,7 @@ public async Task<IActionResult> GetSystemVersion()
         /// <returns></returns>
         [HttpGet]
         [Route("health")]
+        [Route("/health")]
         public async Task<IActionResult> GetHealth()
         {
             var serviceAvailable = false;

From 12d17be553fd4a7811676da1f38a5af98e187f9c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 15 Dec 2023 17:06:52 +0800
Subject: [PATCH 097/237] API: update service host/port from ENV depending on
 context

---
 src/Certify.Server/Certify.Server.Api.Public/Startup.cs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 0ef5e6eba..4df5446ae 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -119,8 +119,9 @@ public void ConfigureServices(IServiceCollection services)
             var configManager = new ServiceConfigManager();
             var serviceConfig = configManager.GetServiceConfig();
 
-            var serviceHostEnv = Environment.GetEnvironmentVariable("CERTIFY_SERVER_HOST");
-            var servicePortEnv = Environment.GetEnvironmentVariable("CERTIFY_SERVER_PORT");
+            // Optionally load service host/port from environment variables. ENV_CERTIFY_SERVICE_ is kubernetes and CERTIFY_SERVICE_HOST is docker-compose
+            var serviceHostEnv = Environment.GetEnvironmentVariable("ENV_CERTIFY_SERVICE_HOST") ?? Environment.GetEnvironmentVariable("CERTIFY_SERVICE_HOST");
+            var servicePortEnv = Environment.GetEnvironmentVariable("ENV_CERTIFY_SERVICE_PORT") ?? Environment.GetEnvironmentVariable("CERTIFY_SERVICE_PORT");
 
             if (!string.IsNullOrEmpty(serviceHostEnv))
             {

From 47ed9502c45f15a017948af2f13736ef0b0c40f9 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Dec 2023 11:45:09 +0800
Subject: [PATCH 098/237] Fix and test validation for mixed wildcards with
 subdomain like names

---
 .../Validation/CertificateEditorService.cs    |   4 +-
 .../Tests/CertificateEditorServiceTests.cs    | 264 ++++++++++++++++++
 2 files changed, 266 insertions(+), 2 deletions(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs

diff --git a/src/Certify.Models/Shared/Validation/CertificateEditorService.cs b/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
index 6fc89b84a..56e33f67d 100644
--- a/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
+++ b/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using Certify.Locales;
@@ -358,7 +358,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
 
                     if (identifiers.Any(d => d.Value.StartsWith("*.", StringComparison.OrdinalIgnoreCase)))
                     {
-                        foreach (var wildcard in identifiers.Where(d => d.IdentifierType == CertIdentifierType.Dns && d.Value.StartsWith("*.", StringComparison.OrdinalIgnoreCase)))
+                        foreach (var wildcard in identifiers.Where(d => d.IdentifierType == CertIdentifierType.Dns && d.Value.StartsWith("*.",StringComparison.OrdinalIgnoreCase)))
                         {
                             var rootDomain = wildcard.Value.Replace("*.", "");
                             // add list of identifiers where label count exceeds root domain label count
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
new file mode 100644
index 000000000..4ea03b1d1
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
@@ -0,0 +1,264 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Models;
+using Certify.Models.Providers;
+using Certify.Models.Shared.Validation;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Moq;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class CertificateEditorServiceTests
+    {
+
+        [TestMethod, Description("Test primary domain required")]
+        public void TestPrimaryDomainRequired()
+        {
+
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=false, IsSelected=true },
+                    new DomainOption { Domain = "www.test.com", IsPrimaryDomain=false, IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                      }
+                  }
+                }
+            };
+
+            // skip auto config to that primary domain is not auto selected
+            var validationResult = CertificateEditorService.Validate(item, null, null, false);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.PRIMARY_IDENTIFIER_REQUIRED.ToString(), validationResult.ErrorCode);
+        }
+
+        [TestMethod, Description("Test primary domain too many")]
+        public void TestPrimaryDomainTooMany()
+        {
+
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "www.test.com", IsPrimaryDomain=true, IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.PRIMARY_IDENTIFIER_TOOMANY.ToString(), validationResult.ErrorCode);
+        }
+
+        [TestMethod, Description("Test mixed wildcard label validation")]
+        public void TestMixedWildcardLabels()
+        {
+
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "www.test.com", IsPrimaryDomain=false,IsSelected=true },
+                    new DomainOption { Domain = "*.test.com", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_DNS
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.MIXED_WILDCARD_WITH_LABELS.ToString(), validationResult.ErrorCode);
+        }
+
+        [TestMethod, Description("Test mixed wildcard subdomain-like name allowed")]
+        public void TestMixedWildcardSubdomainLabels()
+        {
+            // in this example *.test.com and *.vs-test.com should be allowed as they are distinct
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "vs-test.com", IsPrimaryDomain=false, IsSelected=true },
+                    new DomainOption { Domain = "*.test.com", IsPrimaryDomain=false,IsSelected=true },
+                    new DomainOption { Domain = "*.vs-test.com", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_DNS,
+                          ChallengeProvider = "DNS01.API.Route53"
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsTrue(validationResult.IsValid);
+
+        }
+
+        [TestMethod, Description("Test mixed wildcard subdomain-like with invalid subdomain label")]
+        public void TestMixedWildcardSubdomainWithInvalidLabels()
+        {
+            // in this example *.test.com and *.vs-test.com should be allowed as they are distinct
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "vs-test.com", IsPrimaryDomain=false, IsSelected=true },
+                    new DomainOption { Domain = "*.test.com", IsPrimaryDomain=false,IsSelected=true },
+                    new DomainOption { Domain = "*.vs-test.com", IsPrimaryDomain=false,IsSelected=true },
+                    new DomainOption { Domain = "www.vs-test.com", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_DNS,
+                          ChallengeProvider = "DNS01.API.Route53"
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.MIXED_WILDCARD_WITH_LABELS.ToString(), validationResult.ErrorCode);
+
+        }
+
+        [TestMethod, Description("Test mixed wildcard invalid challenge type")]
+        public void TestMixedWildcardInvalidChallenge()
+        {
+
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "test.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "www.test.com", IsPrimaryDomain=false,IsSelected=true },
+                    new DomainOption { Domain = "*.test.com", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.CHALLENGE_TYPE_INVALID.ToString(), validationResult.ErrorCode);
+        }
+
+        [TestMethod, Description("Test max CN length")]
+        public void TestMaxCNLength()
+        {
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "TherearemanyvariationsofpassagesofLoremIpsumavailablebutthemajorityhavesufferedalterationinsomeformbyinjectedhumourorrandomisedwordswhichdontlookevenslightlybelievable.com", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "www.test.com", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.CN_LIMIT.ToString(), validationResult.ErrorCode);
+        }
+
+        [TestMethod, Description("Test with invalid local hostname")]
+        public void TestInvalidHostname()
+        {
+            var item = new ManagedCertificate
+            {
+                DomainOptions = new System.Collections.ObjectModel.ObservableCollection<DomainOption>
+                {
+                    new DomainOption { Domain = "intranet.local", IsPrimaryDomain=true, IsSelected=true },
+                    new DomainOption { Domain = "exchange01", IsPrimaryDomain=false,IsSelected=true }
+                },
+                RequestConfig = new CertRequestConfig
+                {
+                    Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
+                  {
+                      new CertRequestChallengeConfig
+                      {
+                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                      }
+                  }
+                }
+            };
+
+            var validationResult = CertificateEditorService.Validate(item, null, null, true);
+
+            Assert.IsNotNull(validationResult);
+            Assert.IsFalse(validationResult.IsValid);
+            Assert.AreEqual(ValidationErrorCodes.INVALID_HOSTNAME.ToString(), validationResult.ErrorCode);
+        }
+    }
+}

From 190c18d2fc52752a29e0006bc788747f7a34ca5f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Dec 2023 11:45:43 +0800
Subject: [PATCH 099/237] Move unit test source into subfolder, fix running
 tests from VS

---
 .../Certify.Core.Tests.Unit.csproj            | 19 +++++--------------
 .../{ => Tests}/AccessControlTests.cs         |  0
 .../{ => Tests}/AccountKeyTests.cs            |  0
 .../{ => Tests}/BindingMatchTests.cs          |  0
 .../{ => Tests}/CAFailoverTests.cs            |  0
 .../{ => Tests}/CertifyManagerAccountTests.cs |  0
 .../{ => Tests}/CertifyServiceTests.cs        |  0
 .../{ => Tests}/ChallengeConfigMatchTests.cs  |  0
 .../{ => Tests}/ConnectionCheckTests.cs       |  0
 .../{ => Tests}/DnsQueryTests.cs              |  0
 .../{ => Tests}/DomainZoneMatchTests.cs       |  0
 .../{ => Tests}/GetDnsProviderTests.cs        |  0
 .../{ => Tests}/LoggyTests.cs                 |  0
 .../{ => Tests}/MiscTests.cs                  |  0
 .../{ => Tests}/RdapTests.cs                  |  0
 .../{ => Tests}/RenewalRequiredTests.cs       |  0
 .../{ => Tests}/UpdateCheckTest.cs            |  0
 17 files changed, 5 insertions(+), 14 deletions(-)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/AccessControlTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/AccountKeyTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/BindingMatchTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/CAFailoverTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/CertifyManagerAccountTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/CertifyServiceTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/ChallengeConfigMatchTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/ConnectionCheckTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/DnsQueryTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/DomainZoneMatchTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/GetDnsProviderTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/LoggyTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/MiscTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/RdapTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/RenewalRequiredTests.cs (100%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{ => Tests}/UpdateCheckTest.cs (100%)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 4800cb76e..bf556a61c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -102,26 +102,16 @@
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net462'">
-    <RunSettingsFilePath>.\unit-test-462.runsettings</RunSettingsFilePath>
+    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-462.runsettings</RunSettingsFilePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net8.0'">
-    <RunSettingsFilePath>.\unit-test-8-0.runsettings</RunSettingsFilePath>
+    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-8-0.runsettings</RunSettingsFilePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='UNIX|net8.0'">
-    <RunSettingsFilePath>.\unit-test-8-0-linux.runsettings</RunSettingsFilePath>
+    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-8-0-linux.runsettings</RunSettingsFilePath>
   </PropertyGroup>
+
   <ItemGroup>
-    <None Remove="Assets\badcert.pfx" />
-    <None Remove="Assets\dummycert.pfx" />
-    <None Remove="Assets\Powershell\Simple.ps1" />
-  </ItemGroup>
-  <ItemGroup>
-    <Content Include="Assets\badcert.pfx">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </Content>
-    <Content Include="Assets\dummycert.pfx">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </Content>
     <Content Include="Assets\Powershell\Simple.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>
@@ -170,4 +160,5 @@
   <ItemGroup>
     <Folder Include="Properties\" />
   </ItemGroup>
+
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/AccessControlTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/AccountKeyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccountKeyTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/AccountKeyTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccountKeyTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/BindingMatchTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CAFailoverTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/CAFailoverTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CAFailoverTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/CertifyManagerAccountTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/CertifyServiceTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ChallengeConfigMatchTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/ChallengeConfigMatchTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ChallengeConfigMatchTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/ConnectionCheckTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/ConnectionCheckTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/DnsQueryTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/DnsQueryTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DomainZoneMatchTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/DomainZoneMatchTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DomainZoneMatchTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/GetDnsProviderTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/LoggyTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/MiscTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/RdapTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/RdapTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/RdapTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/RenewalRequiredTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/RenewalRequiredTests.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/RenewalRequiredTests.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/RenewalRequiredTests.cs
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/UpdateCheckTest.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs
similarity index 100%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/UpdateCheckTest.cs
rename to src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs

From 5ed1e2d4f367fa269fe127f4ae16684909839b6a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Dec 2023 16:29:33 +0800
Subject: [PATCH 100/237] API: consolidate ports for various launch profiles

---
 .../Properties/launchSettings.json            | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index 4529b8901..3e4e64087 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -2,41 +2,42 @@
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
-      "launchUrl": "docs",
+      "launchUrl": "https://localhost:44361/docs",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
+        "CERTIFY_SERVICE_HOST": "localhost",
+        "CERTIFY_SERVICE_PORT": "9695"
       }
     },
     "Certify.Server.Api.Public": {
       "commandName": "Project",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "CERTIFY_SERVER_HOST": "127.0.0.2",
-        "CERTIFY_SERVER_PORT": "9695"
+        "CERTIFY_SERVICE_HOST": "127.0.0.2",
+        "CERTIFY_SERVICE_PORT": "9695"
       },
       "applicationUrl": "https://localhost:44361;http://localhost:44360"
     },
     "WSL": {
       "commandName": "WSL2",
-      "launchUrl": "https://localhost:5001",
+      "launchUrl": "https://localhost:44361/docs",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
-        "CERTIFY_SERVER_HOST": "localhost",
-        "CERTIFY_SERVER_PORT": "9695"
-      },
-      "distributionName": ""
+        "CERTIFY_SERVICE_HOST": "localhost",
+        "CERTIFY_SERVICE_PORT": "9695"
+      }
     },
     "Docker": {
       "commandName": "Docker",
       "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/docs",
       "environmentVariables": {
-        "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
-        "CERTIFY_SERVER_HOST": "localhost",
-        "CERTIFY_SERVER_PORT": "9695"
+        "ASPNETCORE_URLS": "https://0.0.0.0:44361;http://0.0.0.0:44360",
+        "CERTIFY_SERVICE_HOST": "localhost",
+        "CERTIFY_SERVICE_PORT": "9695"
       },
-      "publishAllPorts": true,
-      "useSSL": true
+      "httpPort": 44360,
+      "sslPort": 44361
     }
   },
   "iisSettings": {

From 7fb65a42d3228aedf476326711d4e8d55ae0bb1e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Dec 2023 16:51:18 +0800
Subject: [PATCH 101/237] Service Worker: consolidate ports for launch profiles

---
 .../Properties/launchSettings.json            | 27 ++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
index 6ab245a4f..487cd482b 100644
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
@@ -4,14 +4,18 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:54688",
-      "sslPort": 44346
+      "applicationUrl": "http://localhost:9695"
     }
   },
+ 
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
+      "launchUrl": "http://localhost:9695/docs",
+      "iisExpress": {
+        "applicationUrl": "http://localhost:9695"
+      },
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
@@ -21,26 +25,25 @@
       "launchBrowser": true,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
-      },
-      "applicationUrl": "https://localhost:5001;http://localhost:5000"
+      }
     },
     "Docker": {
       "commandName": "Docker",
-      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/api/system/appversion",
+      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/docs",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_URLS": "http://0.0.0.0:9695"
       },
-      "publishAllPorts": true      
+      "publishAllPorts": true,
+      "httpPort": 9695
     },
     "WSL": {
       "commandName": "WSL2",
       "launchBrowser": true,
-      "launchUrl": "https://localhost:5001/api/system/appversion",
+      "launchUrl": "http://localhost:9695/docs",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "https://localhost:5001;http://localhost:5000"
-      },
-      "distributionName": ""
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
     }
   }
 }

From e7aaaccfa4bb131051e3482caf896c2df3c6919b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 19 Dec 2023 15:37:00 +0800
Subject: [PATCH 102/237] Cleanup

---
 src/Certify.Client/CertifyApiClient.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 6d904e026..bb06dfbd9 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -10,7 +10,6 @@
 using Certify.Models.API;
 using Certify.Models.Config;
 using Certify.Models.Config.AccessControl;
-using Certify.Models.Config.Migration;
 using Certify.Models.Reporting;
 using Certify.Models.Utils;
 using Certify.Shared;

From 78a72ff23bd13db85e707d1c767b86246e283416 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 19 Dec 2023 15:44:35 +0800
Subject: [PATCH 103/237] Package updates

---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 76b0fc8d9..dc44d9be6 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.16" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.21" />
   </ItemGroup>
 
   <ItemGroup>

From 2579caf8ab37dd19ac0cc4cf4a95f8bf7e9db035 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 20 Dec 2023 17:05:28 +0800
Subject: [PATCH 104/237] Cleanup

---
 src/Certify.Core/Management/CertifyManager/CertifyManager.cs  | 3 +--
 .../Certify.Server.Api.Public.csproj                          | 3 +++
 .../Certify.Server.Api.Public/appsettings.Development.json    | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 8917da2e2..7b5dbd4de 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -345,8 +345,7 @@ private void InitLogging(Shared.ServiceConfig serverConfig)
             _serviceLog = new Loggy(
                 new LoggerConfiguration()
                .MinimumLevel.ControlledBy(_loggingLevelSwitch)
-               .WriteTo.Debug()
-               .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
+               .WriteTo.File(Path.Combine(EnvironmentUtil.GetAppDataFolder("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
                .CreateLogger()
                );
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index c394d382e..df15f2b92 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -9,6 +9,9 @@
     <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
     <GenerateDocumentationFile>True</GenerateDocumentationFile>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <Optimize>False</Optimize>
+  </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/appsettings.Development.json b/src/Certify.Server/Certify.Server.Api.Public/appsettings.Development.json
index 90dc7b136..589bf6c0d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/appsettings.Development.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/appsettings.Development.json
@@ -3,7 +3,9 @@
     "LogLevel": {
       "Default": "Debug",
       "Microsoft": "Debug",
-      "Microsoft.Hosting.Lifetime": "Debug"
+      "Microsoft.Hosting.Lifetime": "Debug",
+      "Microsoft.AspNetCore.SignalR": "Debug",
+      "Microsoft.AspNetCore.Http.Connections": "Debug"
     }
   }
 }

From e4eb13c9e46ee7d32f442adc5705c76f70c1899c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 21 Dec 2023 17:11:32 +0800
Subject: [PATCH 105/237] API: update connection handling to backend service

---
 .../Certify.Server.Api.Public/Startup.cs      | 37 +++++++++++++++----
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 4df5446ae..f3dae0e94 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -133,17 +133,38 @@ public void ConfigureServices(IServiceCollection services)
                 serviceConfig.Port = tryServicePort;
             }
 
-            var defaultConnectionConfig = new Shared.ServerConnection(serviceConfig);
+            var backendServiceConnectionConfig = new Shared.ServerConnection(serviceConfig);
+
+            backendServiceConnectionConfig.Authentication = "jwt";
+            backendServiceConnectionConfig.ServerMode = "v2";
+
             System.Diagnostics.Debug.WriteLine($"Public API: connecting to background service {serviceConfig:Host}:{serviceConfig.Port}");
 
-            var connections = ServerConnectionManager.GetServerConnections(null, defaultConnectionConfig);
-            var serverConnection = connections.FirstOrDefault(c => c.IsDefault == true);
-#if DEBUG
-            serverConnection = defaultConnectionConfig;
-#endif
-            var internalServiceClient = new Client.CertifyServiceClient(configManager, serverConnection);
+            var internalServiceClient = new Client.CertifyServiceClient(configManager, backendServiceConnectionConfig);
+
+            var attempts = 3;
+            while (attempts > 0)
+            {
+                try
+                {
+                    internalServiceClient.ConnectStatusStreamAsync().Wait();
+                    break;
+                }
+                catch
+                {
+                    attempts--;
+
+                    if (attempts == 0)
+                    {
+                        throw;
+                    }
+                    else
+                    {
+                        Task.Delay(2000).Wait(); // wait for service to start
+                    }
+                }
+            }
 
-            internalServiceClient.ConnectStatusStreamAsync();
             internalServiceClient.OnMessageFromService += InternalServiceClient_OnMessageFromService;
             internalServiceClient.OnRequestProgressStateUpdated += InternalServiceClient_OnRequestProgressStateUpdated;
             internalServiceClient.OnManagedCertificateUpdated += InternalServiceClient_OnManagedCertificateUpdated;

From 475e761edcd9f39b595ecd6e726a11d4dd819b86 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 21 Dec 2023 17:12:12 +0800
Subject: [PATCH 106/237] Service worker: fix package version exception

---
 .../Certify.Server.Core/Certify.Server.Core.csproj               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 24c804572..2d8319d72 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -7,6 +7,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
     <PackageReference Include="Polly" Version="8.2.0" />
     <PackageReference Include="Serilog" Version="3.1.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />

From 10690061e953b56b8bf20123a0ef75c66835123c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 21 Dec 2023 17:22:42 +0800
Subject: [PATCH 107/237] API: all controllers should be partial classes for
 extension with source gen

---
 .../Controllers/internal/ChallengeProviderController.cs       | 2 +-
 .../Controllers/internal/DeploymentTaskController.cs          | 2 +-
 .../Controllers/internal/PreviewController.cs                 | 2 +-
 .../Controllers/internal/TargetController.cs                  | 2 +-
 .../Controllers/v1/AuthController.cs                          | 2 +-
 .../Controllers/v1/CertificateController.cs                   | 2 +-
 .../Controllers/v1/ValidationController.cs                    | 4 ++--
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
index 0b17a5579..f0623000b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class ChallengeProviderController : ControllerBase
+    public partial class ChallengeProviderController : ControllerBase
     {
 
         private readonly ILogger<ChallengeProviderController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
index c9798e017..f6689980a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class DeploymentTaskController : ControllerBase
+    public partial class DeploymentTaskController : ControllerBase
     {
 
         private readonly ILogger<DeploymentTaskController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index f035d576e..5ba7728c9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class PreviewController : ControllerBase
+    public partial class PreviewController : ControllerBase
     {
 
         private readonly ILogger<PreviewController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
index 0d469e433..895fbcb26 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public class TargetController : ControllerBase
+    public partial class TargetController : ControllerBase
     {
 
         private readonly ILogger<TargetController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index c667da260..e51c31c73 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -12,7 +12,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public class AuthController : ControllerBase
+    public partial class AuthController : ControllerBase
     {
         private readonly ILogger<AuthController> _logger;
         private readonly ICertifyInternalApiClient _client;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 182f407c0..759c1e3de 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -12,7 +12,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public class CertificateController : ControllerBase
+    public partial class CertificateController : ControllerBase
     {
 
         private readonly ILogger<CertificateController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
index 9f7212972..71b4127bc 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public class ValidationController : ControllerBase
+    public partial class ValidationController : ControllerBase
     {
 
         private readonly ILogger<ValidationController> _logger;
@@ -29,7 +29,7 @@ public ValidationController(ILogger<ValidationController> logger, ICertifyIntern
         }
 
         /// <summary>
-        /// get current challenge info fo a given type/key
+        /// get current challenge info for a given type/key
         /// </summary>
         /// <param name="type"></param>
         /// <param name="key"></param>

From 070a63b93902706123bc99135c0511bdaef32bba Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 21 Dec 2023 17:48:18 +0800
Subject: [PATCH 108/237] Package updates

Package updates
---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj       | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj                | 4 ++--
 src/Certify.UI/Certify.UI.csproj                              | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index dc44d9be6..172a6a417 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.300.21" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.301.7" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 26de95501..aabbfb6c2 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -9,7 +9,7 @@
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.36.0" />
     <PackageReference Include="Azure.Identity" Version="1.10.4" />
-    <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
+    <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.0" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
 
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 1dfec6cde..35e9e1d33 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -32,12 +32,12 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="ControlzEx" Version="6.0.0" />
+		<PackageReference Include="ControlzEx" Version="7.0.0-alpha0018" />
 		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
 		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>
-		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0457" />
+		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0476" />
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 6f6198df1..25bab82ec 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -158,7 +158,7 @@
       <Version>4.7.0.9</Version>
     </PackageReference>
     <PackageReference Include="MahApps.Metro">
-      <Version>3.0.0-alpha0457</Version>
+      <Version>3.0.0-alpha0476</Version>
     </PackageReference>
     <PackageReference Include="Markdig.Wpf">
       <Version>0.5.0.1</Version>

From 1befa4792b409d7b324321ef3ff93d7bea758b9f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 8 Jan 2024 16:21:18 +0800
Subject: [PATCH 109/237] Cleanup

---
 src/Certify.Client/ICertifyClient.cs          |  4 +--
 .../Validation/CertificateEditorService.cs    |  2 +-
 .../Controllers/AccessController.cs           |  6 +----
 .../Controllers/AccountsController.cs         |  4 +--
 .../Controllers/ControllerBase.cs             |  3 +--
 .../Controllers/CredentialsController.cs      |  3 ---
 .../ManagedCertificateController.cs           |  4 ---
 .../Controllers/ServerController.cs           |  4 +--
 .../Controllers/SystemController.cs           |  4 +--
 .../Certify.Server.Core/StatusHub.cs          |  4 +--
 .../CertifyManagerTests.cs                    |  3 ++-
 .../DeploymentTaskTests.cs                    |  2 +-
 .../Tests/CertificateEditorServiceTests.cs    |  6 +----
 .../Tests/CertifyManagerAccountTests.cs       | 20 ++++++++-------
 .../Tests/CertifyServiceTests.cs              | 25 ++++++++++---------
 15 files changed, 37 insertions(+), 57 deletions(-)

diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index e4f913811..f8bd95f1b 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -25,8 +25,8 @@ public partial interface ICertifyInternalApiClient
         Task<List<Models.Config.ActionResult>> PerformServiceDiagnostics();
         Task<List<Models.Config.ActionResult>> PerformManagedCertMaintenance(string id = null);
 
-       // Task<ImportExportPackage> PerformExport(ExportRequest exportRequest);
-      //  Task<List<ActionStep>> PerformImport(ImportRequest importRequest);
+        // Task<ImportExportPackage> PerformExport(ExportRequest exportRequest);
+        //  Task<List<ActionStep>> PerformImport(ImportRequest importRequest);
 
         Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId);
         Task<List<ProviderDefinition>> GetDataStoreProviders();
diff --git a/src/Certify.Models/Shared/Validation/CertificateEditorService.cs b/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
index 56e33f67d..7c5c1df70 100644
--- a/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
+++ b/src/Certify.Models/Shared/Validation/CertificateEditorService.cs
@@ -358,7 +358,7 @@ public static ValidationResult Validate(ManagedCertificate item, SiteInfo? selec
 
                     if (identifiers.Any(d => d.Value.StartsWith("*.", StringComparison.OrdinalIgnoreCase)))
                     {
-                        foreach (var wildcard in identifiers.Where(d => d.IdentifierType == CertIdentifierType.Dns && d.Value.StartsWith("*.",StringComparison.OrdinalIgnoreCase)))
+                        foreach (var wildcard in identifiers.Where(d => d.IdentifierType == CertIdentifierType.Dns && d.Value.StartsWith("*.", StringComparison.OrdinalIgnoreCase)))
                         {
                             var rootDomain = wildcard.Value.Replace("*.", "");
                             // add list of identifiers where label count exceeds root domain label count
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index 758956746..a6882a580 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Certify.Core.Management.Access;
+using Certify.Core.Management.Access;
 using Certify.Management;
 using Certify.Models.Config.AccessControl;
 using Microsoft.AspNetCore.Mvc;
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccountsController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccountsController.cs
index f3e339d73..8f0251706 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccountsController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccountsController.cs
@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Management;
+using Certify.Management;
 using Certify.Models;
 using Microsoft.AspNetCore.Mvc;
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ControllerBase.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ControllerBase.cs
index eeee5fd89..333eff4a6 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ControllerBase.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ControllerBase.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Diagnostics;
+using System.Diagnostics;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/CredentialsController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/CredentialsController.cs
index 5f490c263..90e53068c 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/CredentialsController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/CredentialsController.cs
@@ -1,6 +1,3 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-
 using Certify.Management;
 using Certify.Models.Config;
 using Microsoft.AspNetCore.Mvc;
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index d59f09c6b..657ed53ed 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -1,7 +1,3 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using Certify.Config;
 using Certify.Management;
 using Certify.Models;
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ServerController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ServerController.cs
index 5e7fce563..493f06868 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ServerController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ServerController.cs
@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Management;
+using Certify.Management;
 using Certify.Models;
 using Microsoft.AspNetCore.Mvc;
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
index 91917727a..b0e165664 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/SystemController.cs
@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Management;
+using Certify.Management;
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Config.Migration;
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/StatusHub.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/StatusHub.cs
index 1e94ce57d..27a780fc8 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/StatusHub.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/StatusHub.cs
@@ -1,6 +1,4 @@
-using System;
-using System.Diagnostics;
-using System.Threading.Tasks;
+using System.Diagnostics;
 using Certify.Models;
 using Certify.Providers;
 using Microsoft.AspNetCore.SignalR;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
index d5052a534..14f661f6c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertifyManagerTests.cs
@@ -19,7 +19,8 @@ public CertifyManagerTests()
             _certifyManager.Init().Wait();
         }
 
-        [TestCleanup] public void Cleanup()
+        [TestCleanup]
+        public void Cleanup()
         {
             _certifyManager.Dispose();
         }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
index 3022f1216..c6f2bdd50 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
@@ -36,7 +36,7 @@ public DeploymentTaskTests()
             PrimaryTestDomain = ConfigSettings["Cloudflare_TestDomain"];
         }
 
-        [TestCleanup]   
+        [TestCleanup]
         public void Cleanup()
         {
             certifyManager?.Dispose();
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
index 4ea03b1d1..795d566c1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
@@ -1,10 +1,6 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Models;
-using Certify.Models.Providers;
+using Certify.Models;
 using Certify.Models.Shared.Validation;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Moq;
 
 namespace Certify.Core.Tests.Unit
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index 44ca2ef33..f9fd0a4f2 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -136,7 +136,8 @@ private static async Task BootstrapStepCa()
                     // Read step-ca fingerprint from config file
                     var stepCaConfigJson = JsonReader.ReadFile<StepCaConfig>($"{_winRunnerTempDir}\\config\\defaults.json");
                     stepCaFingerprint = stepCaConfigJson.fingerprint;
-                } else
+                }
+                else
                 {
                     var stepCaConfigBytes = await _caContainer.ReadFileAsync("/home/step/config/defaults.json");
                     var stepCaConfigJson = JsonReader.ReadBytes<StepCaConfig>(stepCaConfigBytes);
@@ -155,7 +156,8 @@ private static async Task StartStepCaContainer(bool runningWindowsDockerEngine)
             {
                 if (_isWindows && runningWindowsDockerEngine)
                 {
-                    if (!Directory.Exists(_winRunnerTempDir)) {
+                    if (!Directory.Exists(_winRunnerTempDir))
+                    {
                         Directory.CreateDirectory(_winRunnerTempDir);
                     }
 
@@ -175,7 +177,7 @@ private static async Task StartStepCaContainer(bool runningWindowsDockerEngine)
                         .WithWaitStrategy(Wait.ForUnixContainer().UntilMessageIsLogged($"Serving HTTPS on :{_caPort} ..."))
                         // Build the container configuration.
                         .Build();
-                } 
+                }
                 else
                 {
                     // Create new volume for step-ca container
@@ -239,17 +241,17 @@ public static T ReadBytes<T>(byte[] bytes)
         private class StepCaConfig
         {
             [JsonProperty(PropertyName = "ca-url")]
-            public string ca_url;
+            public string ca_url = string.Empty;
             [JsonProperty(PropertyName = "ca-config")]
-            public string ca_config;
-            public string fingerprint;
-            public string root;
+            public string ca_config = string.Empty;
+            public string fingerprint = string.Empty;
+            public string root = string.Empty;
         }
 
         private static CommandOutput RunCommand(string program, string args, string description = null, int timeoutMS = Timeout.Infinite)
         {
             if (description == null) { description = string.Concat(program, " ", args); }
-            
+
             var output = "";
             var errorOutput = "";
 
@@ -290,7 +292,7 @@ private static CommandOutput RunCommand(string program, string args, string desc
                 process.BeginOutputReadLine();
                 process.BeginErrorReadLine();
 
-                process.WaitForExit(timeoutMS); 
+                process.WaitForExit(timeoutMS);
             }
             catch (Exception exp)
             {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
index 92a342980..e87eb8db7 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
@@ -1,15 +1,15 @@
-using Certify.Models;
-using Certify.Models.Config;
-using Certify.Shared;
-using Medallion.Shell;
-using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Newtonsoft.Json;
-using System;
+using System;
 using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
+using Certify.Models;
+using Certify.Models.Config;
+using Certify.Shared;
+using Medallion.Shell;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Newtonsoft.Json;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -20,16 +20,17 @@ public class CertifyServiceTests
         private HttpClient _httpClient;
         private string serviceUri;
 
-        public CertifyServiceTests() {
+        public CertifyServiceTests()
+        {
             var serviceConfig = SharedUtils.ServiceConfigManager.GetAppServiceConfig();
             serviceUri = $"{(serviceConfig.UseHTTPS ? "https" : "http")}://{serviceConfig.Host}:{serviceConfig.Port}";
             var httpHandler = new HttpClientHandler { UseDefaultCredentials = true };
             _httpClient = new HttpClient(httpHandler);
             _httpClient.DefaultRequestHeaders.Add("User-Agent", "Certify/App");
-            _httpClient.BaseAddress = new Uri(serviceUri+"/api/");
+            _httpClient.BaseAddress = new Uri(serviceUri + "/api/");
         }
 
-        private async Task <Command> StartCertifyService(string args = "")
+        private async Task<Command> StartCertifyService(string args = "")
         {
             Command certifyService;
             if (args == "")
@@ -98,7 +99,7 @@ public async Task TestCertifyServiceAppVersionRoute()
                 var versionRes = JsonConvert.DeserializeObject<string>(versionResStr);
 
                 Assert.AreEqual(HttpStatusCode.OK, versionRawRes.StatusCode, $"Unexpected status code from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri}");
-                StringAssert.Matches(versionRes, new Regex(@"^(\d+\.)?(\d+\.)?(\d+\.)?(\*|\d+)$"), $"Unexpected response from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri} : {versionResStr}");                
+                StringAssert.Matches(versionRes, new Regex(@"^(\d+\.)?(\d+\.)?(\d+\.)?(\*|\d+)$"), $"Unexpected response from GET {versionRawRes.RequestMessage.RequestUri.AbsoluteUri} : {versionResStr}");
             }
             finally
             {
@@ -116,7 +117,7 @@ public async Task TestCertifyServiceUpdateCheckRoute()
                 var updatesRawRes = await _httpClient.GetAsync("system/updatecheck");
                 var updateRawResStr = await updatesRawRes.Content.ReadAsStringAsync();
                 var updateRes = JsonConvert.DeserializeObject<UpdateCheck>(updateRawResStr);
-                
+
                 Assert.AreEqual(HttpStatusCode.OK, updatesRawRes.StatusCode, $"Unexpected status code from GET {updatesRawRes.RequestMessage.RequestUri.AbsoluteUri}");
                 Assert.IsFalse(updateRes.MustUpdate);
                 Assert.IsFalse(updateRes.IsNewerVersion);

From 3085f8862514c37f1221086c86d1ef9355b6a2bc Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 8 Jan 2024 17:05:43 +0800
Subject: [PATCH 110/237] Cleanup

---
 src/Certify.Core/Management/CertifyManager/CertifyManager.cs   | 2 +-
 .../Controllers/v1/SystemController.cs                         | 3 +--
 .../Certify.Server.Core}/appsettings.Development.json          | 0
 .../Certify.Server.Core}/appsettings.json                      | 0
 4 files changed, 2 insertions(+), 3 deletions(-)
 rename src/Certify.Server/{Certify.Service.Worker/Certify.Service.Worker => Certify.Server.Core/Certify.Server.Core}/appsettings.Development.json (100%)
 rename src/Certify.Server/{Certify.Service.Worker/Certify.Service.Worker => Certify.Server.Core/Certify.Server.Core}/appsettings.json (100%)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 7b5dbd4de..505aecd3a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -537,7 +537,7 @@ public async Task<bool> PerformRenewalTasks()
         private void Cleanup()
         {
             ManagedCertificateLog.DisposeLoggers();
-            if(_tc != null)
+            if (_tc != null)
             {
                 _tc.Dispose();
             }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 09d69d291..8f5ea4adf 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,4 +1,4 @@
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Server.Api.Public.Controllers
@@ -46,7 +46,6 @@ public async Task<IActionResult> GetSystemVersion()
         /// <returns></returns>
         [HttpGet]
         [Route("health")]
-        [Route("/health")]
         public async Task<IActionResult> GetHealth()
         {
             var serviceAvailable = false;
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/appsettings.Development.json
similarity index 100%
rename from src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.Development.json
rename to src/Certify.Server/Certify.Server.Core/Certify.Server.Core/appsettings.Development.json
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/appsettings.json
similarity index 100%
rename from src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/appsettings.json
rename to src/Certify.Server/Certify.Server.Core/Certify.Server.Core/appsettings.json

From 96ae461f2b5ae74ea56266c3de708f3c81a0c367 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 8 Jan 2024 17:07:21 +0800
Subject: [PATCH 111/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                     | 2 +-
 src/Certify.Core/Certify.Core.csproj                         | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj              | 2 +-
 .../Certify.Server.Api.Public.csproj                         | 4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj           | 5 ++++-
 .../Certify.Core.Tests.Integration.csproj                    | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj   | 2 +-
 .../Certify.Service.Tests.Integration.csproj                 | 2 +-
 8 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index d05161e55..ab9d2fd2c 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 815d2c69b..c3badb08b 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Polly" Version="8.2.1" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 172a6a417..b1a86b1b9 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.301.7" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.301.8" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index df15f2b92..3ab93a8fa 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
@@ -15,7 +15,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="[1.19.6-Preview.1, 1.19.6]" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 2d8319d72..7c6eb1f8e 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -4,12 +4,15 @@
     <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
     <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     <Platforms>AnyCPU</Platforms>
+        <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-    <PackageReference Include="Polly" Version="8.2.0" />
+        <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="Serilog" Version="3.1.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.0" />
+        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 7f8024375..0dd1e195e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -96,7 +96,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Polly" Version="8.2.1" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index bf556a61c..0fc71d252 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -146,7 +146,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="Testcontainers" Version="3.6.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 14c598d36..bde2a31f4 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -80,7 +80,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="Polly" Version="8.2.0" />
+    <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>

From 376b27c1986b86e11fa51e8a26983f44a6ac72f4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 8 Jan 2024 17:11:10 +0800
Subject: [PATCH 112/237] Implement Aspire in dev and remove
 Certify.Service.Worker

---
 .../Certify.Aspire.AppHost.csproj             |  20 +++
 .../Certify.Aspire.AppHost/Program.cs         |   7 +
 .../Properties/launchSettings.json            |  16 ++
 .../appsettings.Development.json              |   8 +
 .../Certify.Aspire.AppHost/appsettings.json   |   9 +
 .../Certify.Aspire.ServiceDefaults.csproj     |  24 +++
 .../Extensions.cs                             | 119 +++++++++++++
 src/Certify.Client/CertifyServiceClient.cs    |   5 +
 .../APITestBase.cs                            |  32 +++-
 .../Certify.Server.Api.Public.Tests.csproj    |   2 +-
 .../Certify.Server.Api.Public.csproj          |   7 +-
 .../Certify.Server.Api.Public/Program.cs      |  24 ++-
 .../Certify.Server.Api.Public/Startup.cs      |  84 +++++----
 .../Certify.Server.Core.csproj                |  50 +++---
 .../Certify.Server.Core/Program.cs            |  30 ++--
 .../Properties/launchSettings.json            |  47 ++++-
 .../Certify.Server.Core/Startup.cs            |  33 ++--
 .../Certify.Service.Worker/.dockerignore      |  25 ---
 .../Certify.Service.Worker.sln                |  25 ---
 .../Certify.Service.Worker.csproj             |  23 ---
 .../Certify.Service.Worker/Dockerfile         |  29 ----
 .../Certify.Service.Worker/Program.cs         | 162 ------------------
 .../Properties/launchSettings.json            |  49 ------
 .../Certify.Service.Worker/Startup.cs         |  12 --
 .../Certify.Service.Worker/Worker.cs          |  50 ------
 .../certifytheweb.service                     |  14 --
 .../Certify.Service.Worker/readme.md          |  81 ---------
 27 files changed, 423 insertions(+), 564 deletions(-)
 create mode 100644 src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
 create mode 100644 src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
 create mode 100644 src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
 create mode 100644 src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.Development.json
 create mode 100644 src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.json
 create mode 100644 src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
 create mode 100644 src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/.dockerignore
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker.sln
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Startup.cs
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/certifytheweb.service
 delete mode 100644 src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
new file mode 100644
index 000000000..11f3a87c3
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsAspireHost>true</IsAspireHost>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Aspire.Hosting" Version="8.0.0-preview.2.23619.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Certify.Server\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj" />
+    <ProjectReference Include="..\..\Certify.Server\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
new file mode 100644
index 000000000..e88c0aac4
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
@@ -0,0 +1,7 @@
+var builder = DistributedApplication.CreateBuilder(args);
+
+builder.AddProject<Projects.Certify_Server_Core>("certify.server.core");
+
+builder.AddProject<Projects.Certify_Server_Api_Public>("certify.server.api.public");
+
+builder.Build().Run();
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json b/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
new file mode 100644
index 000000000..31b555470
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
@@ -0,0 +1,16 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:15155",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "DOTNET_ENVIRONMENT": "Development",
+        "DOTNET_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:16075"
+      }
+    }
+  }
+}
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.Development.json b/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.Development.json
new file mode 100644
index 000000000..0c208ae91
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.Development.json
@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.json b/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.json
new file mode 100644
index 000000000..31c092aa4
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/appsettings.json
@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning",
+      "Aspire.Hosting.Dcp": "Warning"
+    }
+  }
+}
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
new file mode 100644
index 000000000..dcf9ca505
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Library</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsAspireSharedProject>true</IsAspireSharedProject>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.2.23619.3" />
+    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.6.0-beta.3" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.7.0" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
new file mode 100644
index 000000000..d2f1d578c
--- /dev/null
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
@@ -0,0 +1,119 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Diagnostics.HealthChecks;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Diagnostics.HealthChecks;
+using Microsoft.Extensions.Logging;
+using OpenTelemetry.Logs;
+using OpenTelemetry.Metrics;
+using OpenTelemetry.Trace;
+
+namespace Microsoft.Extensions.Hosting;
+
+public static class Extensions
+{
+    public static IHostApplicationBuilder AddServiceDefaults(this IHostApplicationBuilder builder)
+    {
+        builder.ConfigureOpenTelemetry();
+
+        builder.AddDefaultHealthChecks();
+
+        builder.Services.AddServiceDiscovery();
+
+        builder.Services.ConfigureHttpClientDefaults(http =>
+        {
+            // Turn on resilience by default
+            http.AddStandardResilienceHandler();
+
+            // Turn on service discovery by default
+            http.UseServiceDiscovery();
+        });
+
+        return builder;
+    }
+
+    public static IHostApplicationBuilder ConfigureOpenTelemetry(this IHostApplicationBuilder builder)
+    {
+        builder.Logging.AddOpenTelemetry(logging =>
+        {
+            logging.IncludeFormattedMessage = true;
+            logging.IncludeScopes = true;
+        });
+
+        builder.Services.AddOpenTelemetry()
+            .WithMetrics(metrics =>
+            {
+                metrics.AddRuntimeInstrumentation()
+                       .AddBuiltInMeters();
+            })
+            .WithTracing(tracing =>
+            {
+                if (builder.Environment.IsDevelopment())
+                {
+                    // We want to view all traces in development
+                    tracing.SetSampler(new AlwaysOnSampler());
+                }
+
+                tracing.AddAspNetCoreInstrumentation()
+                       .AddGrpcClientInstrumentation()
+                       .AddHttpClientInstrumentation();
+            });
+
+        builder.AddOpenTelemetryExporters();
+
+        return builder;
+    }
+
+    private static IHostApplicationBuilder AddOpenTelemetryExporters(this IHostApplicationBuilder builder)
+    {
+        var useOtlpExporter = !string.IsNullOrWhiteSpace(builder.Configuration["OTEL_EXPORTER_OTLP_ENDPOINT"]);
+
+        if (useOtlpExporter)
+        {
+            builder.Services.Configure<OpenTelemetryLoggerOptions>(logging => logging.AddOtlpExporter());
+            builder.Services.ConfigureOpenTelemetryMeterProvider(metrics => metrics.AddOtlpExporter());
+            builder.Services.ConfigureOpenTelemetryTracerProvider(tracing => tracing.AddOtlpExporter());
+        }
+
+        // Uncomment the following lines to enable the Prometheus exporter (requires the OpenTelemetry.Exporter.Prometheus.AspNetCore package)
+        // builder.Services.AddOpenTelemetry()
+        //    .WithMetrics(metrics => metrics.AddPrometheusExporter());
+
+        // Uncomment the following lines to enable the Azure Monitor exporter (requires the Azure.Monitor.OpenTelemetry.Exporter package)
+        // builder.Services.AddOpenTelemetry()
+        //    .UseAzureMonitor();
+
+        return builder;
+    }
+
+    public static IHostApplicationBuilder AddDefaultHealthChecks(this IHostApplicationBuilder builder)
+    {
+        builder.Services.AddHealthChecks()
+            // Add a default liveness check to ensure app is responsive
+            .AddCheck("self", () => HealthCheckResult.Healthy(), ["live"]);
+
+        return builder;
+    }
+
+    public static WebApplication MapDefaultEndpoints(this WebApplication app)
+    {
+        // Uncomment the following line to enable the Prometheus endpoint (requires the OpenTelemetry.Exporter.Prometheus.AspNetCore package)
+        // app.MapPrometheusScrapingEndpoint();
+
+        // All health checks must pass for app to be considered ready to accept traffic after starting
+        app.MapHealthChecks("/health");
+
+        // Only health checks tagged with the "live" tag must pass for app to be considered alive
+        app.MapHealthChecks("/alive", new HealthCheckOptions
+        {
+            Predicate = r => r.Tags.Contains("live")
+        });
+
+        return app;
+    }
+
+    private static MeterProviderBuilder AddBuiltInMeters(this MeterProviderBuilder meterProviderBuilder) =>
+        meterProviderBuilder.AddMeter(
+            "Microsoft.AspNetCore.Hosting",
+            "Microsoft.AspNetCore.Server.Kestrel",
+            "System.Net.Http");
+}
diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index 0760be343..d09128a3e 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -156,5 +156,10 @@ public ServerConnection GetConnectionInfo()
         {
             return _connectionConfig;
         }
+
+        public string GetStatusHubUri()
+        {
+            return _statusHubUri;
+        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index 586e0c34b..8fb166e7c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -1,9 +1,11 @@
 using System;
+using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Certify.Models.API;
 using Certify.Server.Api.Public.Controllers;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
@@ -31,7 +33,7 @@ public class APITestBase
         public static void Init(TestContext context)
         {
 
-            // setup public API service and backend service worker API
+            // setup public API service and backend service
 
             var config = new ConfigurationBuilder()
                 .SetBasePath(AppContext.BaseDirectory)
@@ -60,7 +62,33 @@ public static void Init(TestContext context)
             _clientWithAnonymousAccess = _server.CreateClient();
             _clientWithAuthorizedAccess = _server.CreateClient();
 
-            Worker.Program.CreateHostBuilder(new string[] { }).Build().StartAsync();
+           // CreateCoreServer();
+        }
+
+        private static void CreateCoreServer()
+        {
+            // configure and start a custom instance of the core server for the public API to talk to
+            var builder = WebApplication.CreateBuilder();
+
+            var coreServerStartup = new Certify.Server.Core.Startup(builder.Configuration);
+            
+            if (File.Exists(Path.Join(AppContext.BaseDirectory, "appsettings.worker.test.json")))
+            {
+                builder.Configuration.AddJsonFile("appsettings.worker.test.json");
+                builder.Configuration.AddUserSecrets(typeof(APITestBase).Assembly); // for worker pfx details
+            }
+
+            builder.Logging.ClearProviders();
+            builder.Logging.AddConsole();
+
+            coreServerStartup.ConfigureServices(builder.Services);
+
+            var coreServerApp = builder.Build();
+            
+            coreServerStartup.Configure(coreServerApp, builder.Environment);
+
+            coreServerApp.StartAsync();
+
         }
 
         public async Task PerformAuth()
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 6854064ce..ac9c3fbc3 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -37,7 +37,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj" />
-    <ProjectReference Include="..\Certify.Service.Worker\Certify.Service.Worker\Certify.Service.Worker.csproj" />
+    <ProjectReference Include="..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 3ab93a8fa..f9ead6e91 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
@@ -11,6 +11,10 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <Optimize>False</Optimize>
+    <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+    <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
   </PropertyGroup>
 
   <ItemGroup>
@@ -22,6 +26,7 @@
     <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
+    <ProjectReference Include="..\..\Certify.Aspire\Certify.Aspire.ServiceDefaults\Certify.Aspire.ServiceDefaults.csproj" />
   </ItemGroup>
 
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Program.cs b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
index 7ff00a0c1..0780c2333 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Program.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
@@ -1,22 +1,36 @@
-
-using Certify.Server.API;
+using Certify.Server.API;
 
 var builder = WebApplication.CreateBuilder(args);
 
 #if ASPIRE
-    builder.AddServiceDefaults();
+builder.AddServiceDefaults();
 #endif
 
 var startup = new Startup(builder.Configuration);
 
-startup.ConfigureServices(builder.Services);
+var results = startup.ConfigureServicesWithResults(builder.Services);
 
 var app = builder.Build();
 
+// log any relevant startup messages encountered during configure services
+foreach (var result in results)
+{
+    if (result.IsSuccess)
+    {
+        app.Logger.LogInformation($"Startup: {result.Message}");
+    }
+    else
+    {
+        app.Logger.LogError($"Startup: {result.Message}");
+    }
+}
+
 #if ASPIRE
-    app.MapDefaultEndpoints();
+app.MapDefaultEndpoints();
 #endif
 
 startup.Configure(app, builder.Environment);
 
+app.Lifetime.ApplicationStarted.Register(async () => await startup.SetupStatusHubConnection(app));
+
 app.Run();
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index f3dae0e94..675df3c9a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,10 +1,12 @@
-using System.Reflection;
+using System.Reflection;
+using Certify.Client;
+using Certify.Models.Config;
 using Certify.Server.Api.Public.Middleware;
-using Certify.Shared.Core.Management;
 using Certify.SharedUtils;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
 using Microsoft.OpenApi.Models;
+using Polly;
 
 namespace Certify.Server.API
 {
@@ -29,12 +31,18 @@ public Startup(IConfiguration configuration)
         /// </summary>
         public IConfiguration Configuration { get; }
 
+        public void ConfigureServices(IServiceCollection services)
+        {
+            _ = ConfigureServicesWithResults(services);
+        }
+
         /// <summary>
         /// Configure services for use by the API
         /// </summary>
         /// <param name="services"></param>
-        public void ConfigureServices(IServiceCollection services)
+        public List<ActionResult> ConfigureServicesWithResults(IServiceCollection services)
         {
+            var results = new List<ActionResult>();
 
             services
                 .AddTokenAuthentication(Configuration)
@@ -142,45 +150,23 @@ public void ConfigureServices(IServiceCollection services)
 
             var internalServiceClient = new Client.CertifyServiceClient(configManager, backendServiceConnectionConfig);
 
-            var attempts = 3;
-            while (attempts > 0)
-            {
-                try
-                {
-                    internalServiceClient.ConnectStatusStreamAsync().Wait();
-                    break;
-                }
-                catch
-                {
-                    attempts--;
-
-                    if (attempts == 0)
-                    {
-                        throw;
-                    }
-                    else
-                    {
-                        Task.Delay(2000).Wait(); // wait for service to start
-                    }
-                }
-            }
-
             internalServiceClient.OnMessageFromService += InternalServiceClient_OnMessageFromService;
             internalServiceClient.OnRequestProgressStateUpdated += InternalServiceClient_OnRequestProgressStateUpdated;
             internalServiceClient.OnManagedCertificateUpdated += InternalServiceClient_OnManagedCertificateUpdated;
 
             services.AddSingleton(typeof(Certify.Client.ICertifyInternalApiClient), internalServiceClient);
+
+            return results;
         }
 
         /// <summary>
         /// Configure the http request pipeline
         /// </summary>
-        /// <param name="app"></param>
-        /// <param name="env"></param>
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
 
-            var statusHubContext = app.ApplicationServices.GetService(typeof(IHubContext<StatusHub>)) as IHubContext<StatusHub>;
+            var statusHubContext = app.ApplicationServices.GetRequiredService<IHubContext<StatusHub>>();
+
             if (statusHubContext == null)
             {
                 throw new Exception("Status Hub not registered");
@@ -202,8 +188,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                 p.AllowAnyOrigin()
                 .AllowAnyMethod()
                 .AllowAnyHeader();
-                //.AllowCredentials();
-
             });
 
             app.UseAuthentication();
@@ -230,6 +214,44 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 #endif
         }
 
+        public async Task SetupStatusHubConnection(WebApplication app)
+        {
+            var internalServiceClient = app.Services.GetRequiredService<ICertifyInternalApiClient>() as CertifyServiceClient;
+
+            if (internalServiceClient == null)
+            {
+                app.Logger.LogError($"Unable to resolve internal service client. Cannot connect status stream.");
+                return;
+            }
+            else
+            {
+
+                var attempts = 3;
+                var connected = false;
+                while (attempts > 0 && !connected)
+                {
+                    try
+                    {
+                        await internalServiceClient.ConnectStatusStreamAsync();
+                        connected = true;
+                    }
+                    catch
+                    {
+                        attempts--;
+
+                        if (attempts == 0)
+                        {
+                            app.Logger.LogError($"Unable to connect to service SignalR stream at {internalServiceClient?.GetStatusHubUri()}.");
+                        }
+                        else
+                        {
+                            Task.Delay(2000).Wait(); // wait for service to start
+                        }
+                    }
+                }
+            }
+        }
+
         private StatusHubReporting _statusReporting;
 
         private void InternalServiceClient_OnManagedCertificateUpdated(Models.ManagedCertificate obj)
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 7c6eb1f8e..d5def1de3 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,30 +1,32 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
-    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <Platforms>AnyCPU</Platforms>
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
+        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+        <Platforms>AnyCPU</Platforms>
         <ImplicitUsings>enable</ImplicitUsings>
-  </PropertyGroup>
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
+    </PropertyGroup>
+    <ItemGroup>
+        <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
+        <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.2.1" />
-    <PackageReference Include="Serilog" Version="3.1.1" />
+        <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.0" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Core\Certify.Core.csproj" />
-    <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Models\Certify.Models.csproj" />
-    <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
+        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
+    </ItemGroup>
+    <ItemGroup>
+        <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Core\Certify.Core.csproj" />
+        <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Models\Certify.Models.csproj" />
+        <ProjectReference Include="..\..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
+        <ProjectReference Include="..\..\..\Certify.Aspire\Certify.Aspire.ServiceDefaults\Certify.Aspire.ServiceDefaults.csproj" />
+        <ProjectReference Include="..\..\..\Certify.Shared.Extensions\Certify.Shared.Extensions.csproj" />
+    </ItemGroup>
+    <ItemGroup>
+        <Folder Include="Properties\" />
+    </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
index 3342ced90..b8586329d 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
@@ -1,20 +1,14 @@
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Hosting;
+
+var builder = WebApplication.CreateBuilder(args);
 
-namespace Certify.Server.Core
-{
-    public class Program
-    {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
+builder.AddServiceDefaults();
 
-        public static IHostBuilder CreateHostBuilder(string[] args) =>
-            Host.CreateDefaultBuilder(args)
-                .ConfigureWebHostDefaults(webBuilder =>
-                {
-                    webBuilder.UseStartup<Startup>();
-                });
-    }
-}
+var startup = new Certify.Server.Core.Startup(builder.Configuration);
+
+startup.ConfigureServices(builder.Services);
+
+var app = builder.Build();
+
+startup.Configure(app, builder.Environment);
+
+app.Run();
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
index 2db09550c..397156ba7 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
@@ -1,8 +1,51 @@
 {
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:9695"
+    }
+  },
+
   "profiles": {
+
     "Certify.Server.Core": {
       "commandName": "Project",
-      "applicationUrl": "http://localhost:9695"
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_URLS": "http://localhost:9695"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:9695/docs",
+      "iisExpress": {
+        "applicationUrl": "http://localhost:9695"
+      },
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "Docker": {
+      "commandName": "Docker",
+      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/docs",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_URLS": "http://0.0.0.0:9695"
+      },
+      "publishAllPorts": true,
+      "httpPort": 9695
+    },
+    "WSL": {
+      "commandName": "WSL2",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:9695/docs",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
index 072480bc2..f619b52da 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
@@ -1,10 +1,6 @@
-using System.Collections.Generic;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
+using Certify.Management;
+using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Hosting;
 using Microsoft.OpenApi.Models;
 
 namespace Certify.Server.Core
@@ -27,6 +23,11 @@ public void ConfigureServices(IServiceCollection services)
                 .AddSignalR()
                 .AddMessagePackProtocol();
 
+            services.AddResponseCompression(opts =>
+            {
+                opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(new[] { "application/octet-stream", "application/json" });
+            });
+
             services.AddCors(options =>
             {
                 options.AddDefaultPolicy(
@@ -39,6 +40,8 @@ public void ConfigureServices(IServiceCollection services)
             });
 
 #if DEBUG
+            services.AddEndpointsApiExplorer();
+
             // Register the Swagger generator, defining 1 or more Swagger documents
             // https://docs.microsoft.com/en-us/aspnet/core/tutorials/getting-started-with-swashbuckle?view=aspnetcore-3.1&tabs=visual-studio
             services.AddSwaggerGen(c =>
@@ -81,7 +84,6 @@ public void ConfigureServices(IServiceCollection services)
 #endif
 
             // inject instance of certify manager
-
             var certifyManager = new Management.CertifyManager();
             certifyManager.Init().Wait();
 
@@ -100,8 +102,21 @@ public void ConfigureServices(IServiceCollection services)
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
-        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IHubContext<Service.StatusHub> statusHubContext, Management.ICertifyManager certifyManager)
+        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
+            var statusHubContext = app.ApplicationServices.GetRequiredService<IHubContext<Service.StatusHub>>();
+            if (statusHubContext == null)
+            {
+                throw new Exception("Status Hub not registered");
+            }
+
+            var certifyManager = app.ApplicationServices.GetRequiredService(typeof(ICertifyManager)) as CertifyManager;
+
+            if (certifyManager == null)
+            {
+                throw new Exception("Certify Manager not registered");
+            }
+
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
@@ -122,7 +137,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IHubCont
             // set status report context provider
             certifyManager.SetStatusReporting(new Service.StatusHubReporting(statusHubContext));
 
-            //
             var useHttps = bool.Parse(Configuration["API:Service:UseHttps"]);
 
             if (useHttps)
@@ -140,7 +154,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IHubCont
             {
                 endpoints.MapHub<Service.StatusHub>("/api/status");
                 endpoints.MapControllers();
-
             });
 
         }
diff --git a/src/Certify.Server/Certify.Service.Worker/.dockerignore b/src/Certify.Server/Certify.Service.Worker/.dockerignore
deleted file mode 100644
index 3729ff0cd..000000000
--- a/src/Certify.Server/Certify.Service.Worker/.dockerignore
+++ /dev/null
@@ -1,25 +0,0 @@
-**/.classpath
-**/.dockerignore
-**/.env
-**/.git
-**/.gitignore
-**/.project
-**/.settings
-**/.toolstarget
-**/.vs
-**/.vscode
-**/*.*proj.user
-**/*.dbmdl
-**/*.jfm
-**/azds.yaml
-**/bin
-**/charts
-**/docker-compose*
-**/Dockerfile*
-**/node_modules
-**/npm-debug.log
-**/obj
-**/secrets.dev.yaml
-**/values.dev.yaml
-LICENSE
-README.md
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker.sln b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker.sln
deleted file mode 100644
index 76482fa41..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker.sln
+++ /dev/null
@@ -1,25 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30114.128
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Certify.Service.Worker", "Certify.Service.Worker\Certify.Service.Worker.csproj", "{7EA8644D-580D-49CD-BD5B-CFDA23A20EC2}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{7EA8644D-580D-49CD-BD5B-CFDA23A20EC2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{7EA8644D-580D-49CD-BD5B-CFDA23A20EC2}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{7EA8644D-580D-49CD-BD5B-CFDA23A20EC2}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{7EA8644D-580D-49CD-BD5B-CFDA23A20EC2}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {CFDF0060-BB3D-49C8-8A8D-9F0813953142}
-	EndGlobalSection
-EndGlobal
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
deleted file mode 100644
index 98a7f08a9..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj
+++ /dev/null
@@ -1,23 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <UserSecretsId>dotnet-Certify.Service.Worker-347A036F-C1EA-4D32-A163-DCB38C3CA53E</UserSecretsId>
-    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <DockerfileRunArguments>-v certifydata:/usr/share/Certify</DockerfileRunArguments>
-    <DockerfileContext>..\..\..</DockerfileContext>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <DebugType>portable</DebugType>
-    <DebugSymbols>true</DebugSymbols>
-  </PropertyGroup>
-  <ItemGroup>
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.5" />
-    <PackageReference Include="Polly" Version="8.2.0" />
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
-  </ItemGroup>
-</Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
deleted file mode 100644
index 78f967792..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
-
-FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
-
-# grant write to store settings path before switching to app user
-RUN mkdir /usr/share/certify && chown -R app:app /usr/share/certify 
-
-USER app
-WORKDIR /app
-EXPOSE 8080
-EXPOSE 8081
-
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
-ARG BUILD_CONFIGURATION=Release
-WORKDIR /src
-COPY ["Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Certify.Service.Worker.csproj", "Certify.Server/Certify.Service.Worker/Certify.Service.Worker/"]
-RUN dotnet restore "./Certify.Server/Certify.Service.Worker/Certify.Service.Worker/./Certify.Service.Worker.csproj"
-COPY . .
-WORKDIR "/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker"
-RUN dotnet build "./Certify.Service.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/build
-
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
-RUN dotnet publish "./Certify.Service.Worker.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
-
-FROM base AS final
-WORKDIR /app
-COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "Certify.Service.Worker.dll"]
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
deleted file mode 100644
index b1169602b..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Program.cs
+++ /dev/null
@@ -1,162 +0,0 @@
-using System;
-using System.IO;
-using System.Net;
-using System.Reflection;
-using System.Runtime.InteropServices;
-using System.Security.Cryptography.X509Certificates;
-using Certify.Server.Core;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Server.Kestrel.Https;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
-
-namespace Certify.Service.Worker
-{
-    public class Program
-    {
-        public static void Main(string[] args)
-        {
-            CreateHostBuilder(args).Build().Run();
-        }
-
-        public static IHostBuilder CreateHostBuilder(string[] args)
-        {
-
-            var builder = Host.CreateDefaultBuilder(args)
-                 .ConfigureAppConfiguration((context, builder) =>
-                 {
-                     // when running within an integration test optionally load test config
-                     if (File.Exists(Path.Join(AppContext.BaseDirectory, "appsettings.worker.test.json")))
-                     {
-                         builder.AddJsonFile("appsettings.worker.test.json");
-                         builder.AddUserSecrets(typeof(Program).GetTypeInfo().Assembly); // for worker pfx details)
-                     }
-                 })
-                 .ConfigureLogging(logging =>
-                 {
-                     logging.ClearProviders();
-                     logging.AddConsole();
-
-                 });
-
-            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-            {
-                builder.UseSystemd();
-            }
-
-            builder.ConfigureServices((hostContext, services) =>
-            {
-                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-                {
-                    services.AddWindowsService(options =>
-                        options.ServiceName = "Certify Certificate Manager Background Service"
-
-                       );
-                }
-
-                services.AddHostedService<Worker>();
-            })
-            .ConfigureWebHostDefaults(webBuilder =>
-            {
-                webBuilder.ConfigureKestrel(serverOptions =>
-                {
-                    if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-                    {
-                        serverOptions.UseSystemd();
-                    }
-
-                    // configure https listener, cert path and pwd can come either from an environment variable, usersecrets or appsettings.
-                    // configuration precedence is secrets first, https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0#default
-                    var configuration = (IConfiguration)serverOptions.ApplicationServices.GetService(typeof(IConfiguration));
-
-                    var useHttps = bool.Parse(configuration["API:Service:UseHttps"]);
-
-                    // default IP to localhost then specify from configuration
-                    var ipSelection = configuration["API:Service:BindingIP"];
-                    var ipBinding = IPAddress.Loopback;
-
-                    if (ipSelection != null)
-                    {
-                        if (ipSelection.ToLower() == "loopback")
-                        {
-                            ipBinding = IPAddress.Loopback;
-                        }
-                        else if (ipSelection.ToLower() == "any")
-                        {
-                            ipBinding = IPAddress.Any;
-                        }
-                        else
-                        {
-                            ipBinding = IPAddress.Parse(ipSelection);
-                        }
-                    }
-
-                    if (useHttps)
-                    {
-
-                        var certPassword = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Password");
-                        var certPath = Environment.GetEnvironmentVariable("ASPNETCORE_Kestrel__Certificates__Development__Path");
-
-                        // if not yet defined load config from usersecrets (development env only) or appsettings
-                        if (certPassword == null)
-                        {
-                            certPassword = configuration["Kestrel:Certificates:Default:Password"];
-                        }
-
-                        if (certPath == null)
-                        {
-                            certPath = configuration["Kestrel:Certificates:Default:Path"];
-                        }
-
-                        try
-                        {
-                            var certificate = new X509Certificate2(certPath, certPassword);
-
-                            // if password is wrong at this stage the attempts to use the cert will results in SSL Protocol Error
-
-                            var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions()
-                            {
-                                ClientCertificateMode = ClientCertificateMode.NoCertificate,
-                                SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13,
-                                ServerCertificate = certificate,
-                            };
-
-                            var httpsPort = Convert.ToInt32(configuration["API:Service:HttpsPort"]);
-
-                            serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpsPort), listenOptions =>
-                            {
-                                listenOptions.UseHttps(httpsConnectionAdapterOptions);
-                            });
-
-                        }
-                        catch (Exception exp)
-                        {
-                            // TODO: there is no logger yet, need to report this failure to main log once the log exists
-                            System.Diagnostics.Debug.WriteLine("Failed to load PFX certificate for application. Check service certificate config." + exp.ToString());
-                        }
-                    }
-                    else
-                    {
-                        var httpPort = Convert.ToInt32(configuration["API:Service:HttpPort"]);
-
-                        serverOptions.Listen(new System.Net.IPEndPoint(ipBinding, httpPort), listenOptions =>
-                        {
-                        });
-                    }
-                });
-
-                webBuilder.ConfigureLogging(logging =>
-                  {
-                      logging.AddFilter("Microsoft.AspNetCore.SignalR", LogLevel.Debug);
-                      logging.AddFilter("Microsoft.AspNetCore.Http.Connections", LogLevel.Debug);
-                  });
-
-                webBuilder.UseStartup<Startup>();
-            });
-
-            return builder;
-        }
-    }
-}
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
deleted file mode 100644
index 487cd482b..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Properties/launchSettings.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  "$schema": "http://json.schemastore.org/launchsettings.json",
-  "iisSettings": {
-    "windowsAuthentication": false,
-    "anonymousAuthentication": true,
-    "iisExpress": {
-      "applicationUrl": "http://localhost:9695"
-    }
-  },
- 
-  "profiles": {
-    "IIS Express": {
-      "commandName": "IISExpress",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:9695/docs",
-      "iisExpress": {
-        "applicationUrl": "http://localhost:9695"
-      },
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    },
-    "Certify.Service.Worker": {
-      "commandName": "Project",
-      "launchBrowser": true,
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    },
-    "Docker": {
-      "commandName": "Docker",
-      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/docs",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://0.0.0.0:9695"
-      },
-      "publishAllPorts": true,
-      "httpPort": 9695
-    },
-    "WSL": {
-      "commandName": "WSL2",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:9695/docs",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    }
-  }
-}
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Startup.cs b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Startup.cs
deleted file mode 100644
index ef965344c..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Startup.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-using Microsoft.Extensions.Configuration;
-
-namespace Certify.Server.Worker
-{
-    public class Startup : Certify.Server.Core.Startup
-    {
-        public Startup(IConfiguration configuration) : base(configuration)
-        {
-            // base startup performs most of the configuration in this instance
-        }
-    }
-}
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
deleted file mode 100644
index 4f05e30ab..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/Worker.cs
+++ /dev/null
@@ -1,50 +0,0 @@
-using System;
-using System.Threading;
-using System.Threading.Tasks;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
-
-namespace Certify.Service.Worker
-{
-    public class Worker : BackgroundService
-    {
-        private readonly ILogger<Worker> _logger;
-
-        public Worker(ILogger<Worker> logger)
-        {
-            _logger = logger;
-        }
-
-        protected override async Task ExecuteAsync(CancellationToken stoppingToken)
-        {
-            // https://learn.microsoft.com/en-us/dotnet/core/extensions/windows-service?pivots=dotnet-7-0
-            try
-            {
-                while (!stoppingToken.IsCancellationRequested)
-                {
-                    _logger.LogInformation("Certify Service Worker heartbeat: {time}", DateTimeOffset.Now);
-                    await Task.Delay(1000 * 60 * 60, stoppingToken);
-                }
-            }
-            catch (TaskCanceledException)
-            {
-                // When the stopping token is canceled, for example, a call made from services.msc,
-                // we shouldn't exit with a non-zero exit code. In other words, this is expected...
-            }
-            catch (Exception ex)
-            {
-                _logger.LogError(ex, "{Message}", ex.Message);
-
-                // Terminates this process and returns an exit code to the operating system.
-                // This is required to avoid the 'BackgroundServiceExceptionBehavior', which
-                // performs one of two scenarios:
-                // 1. When set to "Ignore": will do nothing at all, errors cause zombie services.
-                // 2. When set to "StopHost": will cleanly stop the host, and log errors.
-                //
-                // In order for the Windows Service Management system to leverage configured
-                // recovery options, we need to terminate the process with a non-zero exit code.
-                Environment.Exit(1);
-            }
-        }
-    }
-}
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/certifytheweb.service b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/certifytheweb.service
deleted file mode 100644
index 600d8d9f9..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/certifytheweb.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Certify The Web API Worker
-
-[Service]
-Type=notify
-ExecStart=/usr/sbin/certifytheweb
-WorkingDirectory=/opt/certifytheweb
-Restart=always
-
-# Restart every day
-RuntimeMaxSec=604800
-
-[Install]
-WantedBy=multi-user.target
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md b/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
deleted file mode 100644
index aa95fc5c0..000000000
--- a/src/Certify.Server/Certify.Service.Worker/Certify.Service.Worker/readme.md
+++ /dev/null
@@ -1,81 +0,0 @@
-Certify Service Worker (Cross Platform)
------------------
-
-# Architecture
-- Certify.Server.Core, running as a hosted internal API app within a Worker (Certify.Service.Worker). This is a re-implementation of the original service usedby the desktop UI.
-- Certify.Server.Api.Public, running as a API for public consumption, wrapping calls to the core internal API
-
-The advantage of this structure is that the public API can be exposed to the network for Web UI access, without client machines talking directly to the core service. The public API can run as the least prvilelged service user, while the core service may require elevated privileges depending on how it is used.
-
-
-Development workflow
-
-
-
-Running Manually:
-
-dotnet ./Certify.Service.Worker.dll
-
-API will listen on http://localhost:32768 and https://localhost:44360
-HTTPS certificate setup is configured in Program.cs
-Initial setup should use invalid pfx for https, with valid PFX to be acquired from own API. API status should flag https cert status for UI to report.
-
-WSL debug
----------
-- set DebugType to portable in build.props to enable debugging
-- in debug service will run from host pc with a mnt
-- database and log are in /usr/share/certify from Environment.SpecialFolder.CommonApplicationData
-
-
-Linux Install
-------------
-
-`apt-get certifytheweb`
-
-`sudo mkdir /opt/certifytheweb`
-
-Systemd
------------
-```
-[Unit]
-Description=Certify The Web
-
-[Service]
-ExecStart=dotnet /opt/certifytheweb/certify.service
-WorkingDirectory=/opt/certifytheweb/
-User=certifytheweb
-Restart=on-failure
-SyslogIdentifier=certifytheweb
-PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target
-```
-
-Windows Service
------------------
-
-` sc create "Certify Certificate Manager [dotnet]" binpath="C:\Work\GIT\certify_dev\certify\src\Certify.Server\Certify.Service.Worker\Certify.Service.Worker\bin\Debug\net8.0\Certify.Service.Worker.exe"`
-
-
-Publishing:
-
--
-
-Windows:
-
-dotnet publish -c Release -r win-x64 --self-contained true
-
-Linux:
-
-dotnet publish -c Release -r linux-x64 --self-contained true
-
-Single File:
-
-dotnet publish -c Release -r win-x64 --self-contained true -p:PublishSingleFile=true
-
-
-Docker
----------
-Requires a dockerfile to define how to build the images. certify-manager/docker for more dockerfile examples
-Requries Microsoft.VisualStudio.Azure.Containers.Tools.Targets NuGet package installed in the project to hook up docker integration.

From b89e35d25fb1abb10b510be3e4dfc39c311afa3b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 8 Jan 2024 17:27:07 +0800
Subject: [PATCH 113/237] API: move example client from web UI

---
 .../Certify.API.Public.cs                     | 3655 +++++++++++++++++
 .../Certify.Server.Api.Public.Client.csproj   |   21 +
 .../nswag.json                                |  117 +
 .../readme.md                                 |    5 +
 4 files changed, 3798 insertions(+)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Client/readme.md

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
new file mode 100644
index 000000000..47ec8f528
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -0,0 +1,3655 @@
+//----------------------
+// <auto-generated>
+//     Generated using the NSwag toolchain v14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
+// </auto-generated>
+//----------------------
+
+using Certify.Models;
+using Certify.Models.Reporting;
+using Certify.Models.Config;
+using Certify.Models.API;
+using Certify.Models.Providers;
+using Certify.Models.Config.AccessControl;
+using Certify.Models.Config.Migration;
+
+#pragma warning disable 108 // Disable "CS0108 '{derivedDto}.ToJson()' hides inherited member '{dtoBase}.ToJson()'. Use the new keyword if hiding was intended."
+#pragma warning disable 114 // Disable "CS0114 '{derivedDto}.RaisePropertyChanged(String)' hides inherited member 'dtoBase.RaisePropertyChanged(String)'. To make the current member override that implementation, add the override keyword. Otherwise add the new keyword."
+#pragma warning disable 472 // Disable "CS0472 The result of the expression is always 'false' since a value of type 'Int32' is never equal to 'null' of type 'Int32?'
+#pragma warning disable 612 // Disable "CS0612 '...' is obsolete"
+#pragma warning disable 1573 // Disable "CS1573 Parameter '...' has no matching param tag in the XML comment for ...
+#pragma warning disable 1591 // Disable "CS1591 Missing XML comment for publicly visible type or member ..."
+#pragma warning disable 8073 // Disable "CS8073 The result of the expression is always 'false' since a value of type 'T' is never equal to 'null' of type 'T?'"
+#pragma warning disable 3016 // Disable "CS3016 Arrays as attribute arguments is not CLS-compliant"
+#pragma warning disable 8603 // Disable "CS8603 Possible null reference return"
+#pragma warning disable 8604 // Disable "CS8604 Possible null reference argument for parameter"
+
+namespace Certify.API.Public
+{
+    using System = global::System;
+
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    public partial class Client 
+    {
+    #pragma warning disable 8618 // Set by constructor via BaseUrl property
+        private string _baseUrl;
+    #pragma restore disable 8618 // Set by constructor via BaseUrl property
+        private System.Net.Http.HttpClient _httpClient;
+        private static System.Lazy<Newtonsoft.Json.JsonSerializerSettings> _settings = new System.Lazy<Newtonsoft.Json.JsonSerializerSettings>(CreateSerializerSettings, true);
+
+        public Client(string baseUrl, System.Net.Http.HttpClient httpClient)
+        {
+            BaseUrl = baseUrl;
+            _httpClient = httpClient;
+        }
+
+        private static Newtonsoft.Json.JsonSerializerSettings CreateSerializerSettings()
+        {
+            var settings = new Newtonsoft.Json.JsonSerializerSettings();
+            UpdateJsonSerializerSettings(settings);
+            return settings;
+        }
+
+        public string BaseUrl
+        {
+            get { return _baseUrl; }
+            set
+            {
+                _baseUrl = value;
+                if (!string.IsNullOrEmpty(_baseUrl) && !_baseUrl.EndsWith("/"))
+                    _baseUrl += '/';
+            }
+        }
+
+        protected Newtonsoft.Json.JsonSerializerSettings JsonSerializerSettings { get { return _settings.Value; } }
+
+        static partial void UpdateJsonSerializerSettings(Newtonsoft.Json.JsonSerializerSettings settings);
+
+        partial void PrepareRequest(System.Net.Http.HttpClient client, System.Net.Http.HttpRequestMessage request, string url);
+        partial void PrepareRequest(System.Net.Http.HttpClient client, System.Net.Http.HttpRequestMessage request, System.Text.StringBuilder urlBuilder);
+        partial void ProcessResponse(System.Net.Http.HttpClient client, System.Net.Http.HttpResponseMessage response);
+
+        /// <summary>
+        /// Get list of Assigned Roles for a given security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AssignedRole>> GetSecurityPrincipleAssignedRolesAsync(string id)
+        {
+            return GetSecurityPrincipleAssignedRolesAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of Assigned Roles for a given security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AssignedRole>> GetSecurityPrincipleAssignedRolesAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            if (id == null)
+                throw new System.ArgumentNullException("id");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple/{id}/assignedroles"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/assignedroles");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<AssignedRole>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of available security Roles [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<Role>> GetAccessRolesAsync()
+        {
+            return GetAccessRolesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of available security Roles [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<Role>> GetAccessRolesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/roles"
+                    urlBuilder_.Append("internal/v1/access/roles");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<Role>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of available security principles [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SecurityPrinciple>> GetSecurityPrinciplesAsync()
+        {
+            return GetSecurityPrinciplesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of available security principles [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SecurityPrinciple>> GetSecurityPrinciplesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciples"
+                    urlBuilder_.Append("internal/v1/access/securityprinciples");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<SecurityPrinciple>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Operations to check current auth status for the given presented authentication tokens
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task CheckAuthStatusAsync()
+        {
+            return CheckAuthStatusAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Operations to check current auth status for the given presented authentication tokens
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task CheckAuthStatusAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/auth/status"
+                    urlBuilder_.Append("api/v1/auth/status");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            return;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Perform login using username and password
+        /// </summary>
+        /// <param name="body">Login credentials</param>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRequest body)
+        {
+            return LoginAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Perform login using username and password
+        /// </summary>
+        /// <param name="body">Login credentials</param>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRequest body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/auth/login"
+                    urlBuilder_.Append("api/v1/auth/login");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<AuthResponse>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Refresh users current auth token
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<AuthResponse> RefreshAsync(string refreshToken)
+        {
+            return RefreshAsync(refreshToken, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Refresh users current auth token
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<AuthResponse> RefreshAsync(string refreshToken, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/auth/refresh"
+                    urlBuilder_.Append("api/v1/auth/refresh");
+            urlBuilder_.Append('?');
+            if (refreshToken != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("refreshToken")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(refreshToken, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<AuthResponse>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Download the latest certificate for the given managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task DownloadAsync(string managedCertId, string format, string mode)
+        {
+            return DownloadAsync(managedCertId, format, mode, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Download the latest certificate for the given managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task DownloadAsync(string managedCertId, string format, string mode, System.Threading.CancellationToken cancellationToken)
+        {
+            if (managedCertId == null)
+                throw new System.ArgumentNullException("managedCertId");
+
+            if (format == null)
+                throw new System.ArgumentNullException("format");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/{managedCertId}/download/{format}"
+                    urlBuilder_.Append("api/v1/certificate/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/download/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(format, System.Globalization.CultureInfo.InvariantCulture)));
+            urlBuilder_.Append('?');
+            if (mode != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("mode")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(mode, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            return;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Download text log for the given managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines)
+        {
+            return DownloadLogAsync(managedCertId, maxLines, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Download text log for the given managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines, System.Threading.CancellationToken cancellationToken)
+        {
+            if (managedCertId == null)
+                throw new System.ArgumentNullException("managedCertId");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/{managedCertId}/log"
+                    urlBuilder_.Append("api/v1/certificate/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/log");
+            urlBuilder_.Append('?');
+            if (maxLines != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("maxLines")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(maxLines, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<LogResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get all managed certificates matching criteria
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetManagedCertificatesAsync(string keyword, int? page, int? pageSize)
+        {
+            return GetManagedCertificatesAsync(keyword, page, pageSize, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get all managed certificates matching criteria
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetManagedCertificatesAsync(string keyword, int? page, int? pageSize, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate"
+                    urlBuilder_.Append("api/v1/certificate");
+            urlBuilder_.Append('?');
+            if (keyword != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            if (page != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("page")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(page, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            if (pageSize != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("pageSize")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(pageSize, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificateSummaryResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get summary counts of all managed certs
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword)
+        {
+            return GetManagedCertificateSummaryAsync(keyword, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get summary counts of all managed certs
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/summary"
+                    urlBuilder_.Append("api/v1/certificate/summary");
+            urlBuilder_.Append('?');
+            if (keyword != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<Summary>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Gets the full settings for a specific managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string managedCertId)
+        {
+            return GetManagedCertificateDetailsAsync(managedCertId, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Gets the full settings for a specific managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string managedCertId, System.Threading.CancellationToken cancellationToken)
+        {
+            if (managedCertId == null)
+                throw new System.ArgumentNullException("managedCertId");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/settings/{managedCertId}"
+                    urlBuilder_.Append("api/v1/certificate/settings/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Add/update the full settings for a specific managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(ManagedCertificate body)
+        {
+            return UpdateManagedCertificateDetailsAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Add/update the full settings for a specific managed certificate
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/settings/update"
+                    urlBuilder_.Append("api/v1/certificate/settings/update");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id)
+        {
+            return BeginOrderAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/order"
+                    urlBuilder_.Append("api/v1/certificate/order");
+            urlBuilder_.Append('?');
+            if (id != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Begin the managed certificate request/renewal process a set of managed certificates
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body)
+        {
+            return PerformRenewalAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Begin the managed certificate request/renewal process a set of managed certificates
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/renew"
+                    urlBuilder_.Append("api/v1/certificate/renew");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Perform default tests for the given configuration
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body)
+        {
+            return PerformConfigurationTestAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Perform default tests for the given configuration
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/test"
+                    urlBuilder_.Append("api/v1/certificate/test");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<StatusMessage>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id)
+        {
+            return RemoveManagedCertificateAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            if (id == null)
+                throw new System.ArgumentNullException("id");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/certificate/certificate/{id}"
+                    urlBuilder_.Append("api/v1/certificate/certificate/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<bool>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of known certificate authorities
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<CertificateAuthority>> GetCertificateAuthoritiesAsync()
+        {
+            return GetCertificateAuthoritiesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of known certificate authorities
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<CertificateAuthority>> GetCertificateAuthoritiesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority"
+                    urlBuilder_.Append("internal/v1/certificateauthority");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<CertificateAuthority>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get All Acme Accounts [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AccountDetails>> GetAcmeAccountsAsync()
+        {
+            return GetAcmeAccountsAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get All Acme Accounts [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AccountDetails>> GetAcmeAccountsAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority/accounts"
+                    urlBuilder_.Append("internal/v1/certificateauthority/accounts");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<AccountDetails>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Add New Acme Account [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsync(ContactRegistration body)
+        {
+            return AddAcmeAccountAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Add New Acme Account [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsync(ContactRegistration body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority/account"
+                    urlBuilder_.Append("internal/v1/certificateauthority/account");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Add New Certificate Authority [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> AddCertificateAuthorityAsync(CertificateAuthority body)
+        {
+            return AddCertificateAuthorityAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Add New Certificate Authority [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> AddCertificateAuthorityAsync(CertificateAuthority body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority/authority"
+                    urlBuilder_.Append("internal/v1/certificateauthority/authority");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Remove Certificate Authority [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> RemoveCertificateAuthorityAsync(string id)
+        {
+            return RemoveCertificateAuthorityAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Remove Certificate Authority [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> RemoveCertificateAuthorityAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            if (id == null)
+                throw new System.ArgumentNullException("id");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority/authority/{id}"
+                    urlBuilder_.Append("internal/v1/certificateauthority/authority/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Remove ACME Account [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccountAsync(string storageKey, bool deactivate)
+        {
+            return RemoveAcmeAccountAsync(storageKey, deactivate, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Remove ACME Account [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccountAsync(string storageKey, bool deactivate, System.Threading.CancellationToken cancellationToken)
+        {
+            if (storageKey == null)
+                throw new System.ArgumentNullException("storageKey");
+
+            if (deactivate == null)
+                throw new System.ArgumentNullException("deactivate");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/certificateauthority/accounts/{storageKey}/{deactivate}"
+                    urlBuilder_.Append("internal/v1/certificateauthority/accounts/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(storageKey, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append('/');
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(deactivate, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of supported challenge providers
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ChallengeProviderDefinition>> GetChallengeProvidersAsync()
+        {
+            return GetChallengeProvidersAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of supported challenge providers
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ChallengeProviderDefinition>> GetChallengeProvidersAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/challengeprovider"
+                    urlBuilder_.Append("internal/v1/challengeprovider");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<ChallengeProviderDefinition>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Fetch list of DNS zones for a given DNS provider and credential
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DnsZone>> GetDnsZonesAsync(string providerTypeId, string credentialsId)
+        {
+            return GetDnsZonesAsync(providerTypeId, credentialsId, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Fetch list of DNS zones for a given DNS provider and credential
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DnsZone>> GetDnsZonesAsync(string providerTypeId, string credentialsId, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/challengeprovider/dnszones"
+                    urlBuilder_.Append("internal/v1/challengeprovider/dnszones");
+            urlBuilder_.Append('?');
+            if (providerTypeId != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("providerTypeId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(providerTypeId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            if (credentialsId != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("credentialsId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(credentialsId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<DnsZone>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get List of supported deployment tasks
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DeploymentProviderDefinition>> GetDeploymentProvidersAsync()
+        {
+            return GetDeploymentProvidersAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get List of supported deployment tasks
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DeploymentProviderDefinition>> GetDeploymentProvidersAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/deploymenttask/providers"
+                    urlBuilder_.Append("internal/v1/deploymenttask/providers");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<DeploymentProviderDefinition>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get preview of steps for certificate order and deployment
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> GetPreviewAsync(ManagedCertificate body)
+        {
+            return GetPreviewAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get preview of steps for certificate order and deployment
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> GetPreviewAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/preview"
+                    urlBuilder_.Append("internal/v1/preview");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<ActionStep>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get List of stored credentials
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StoredCredential>> GetStoredCredentialsAsync()
+        {
+            return GetStoredCredentialsAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get List of stored credentials
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StoredCredential>> GetStoredCredentialsAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/storedcredential"
+                    urlBuilder_.Append("internal/v1/storedcredential");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<StoredCredential>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Add/Update a stored credential
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<StoredCredential> UpdateStoredCredentialAsync(StoredCredential body)
+        {
+            return UpdateStoredCredentialAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Add/Update a stored credential
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<StoredCredential> UpdateStoredCredentialAsync(StoredCredential body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/storedcredential"
+                    urlBuilder_.Append("internal/v1/storedcredential");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<StoredCredential>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Remove Stored Credential [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> RemoveStoredCredentialAsync(string storageKey)
+        {
+            return RemoveStoredCredentialAsync(storageKey, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Remove Stored Credential [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> RemoveStoredCredentialAsync(string storageKey, System.Threading.CancellationToken cancellationToken)
+        {
+            if (storageKey == null)
+                throw new System.ArgumentNullException("storageKey");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/storedcredential/storedcredential/{storageKey}"
+                    urlBuilder_.Append("internal/v1/storedcredential/storedcredential/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(storageKey, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get the server software version
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task GetSystemVersionAsync()
+        {
+            return GetSystemVersionAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get the server software version
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task GetSystemVersionAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/system/version"
+                    urlBuilder_.Append("api/v1/system/version");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            return;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Check API is responding and can connect to background service
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task GetHealthAsync()
+        {
+            return GetHealthAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Check API is responding and can connect to background service
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task GetHealthAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/system/health"
+                    urlBuilder_.Append("api/v1/system/health");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            return;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Check API is responding and can connect to background service
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task GetHealth2Async()
+        {
+            return GetHealth2Async(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Check API is responding and can connect to background service
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task GetHealth2Async(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "health"
+                    urlBuilder_.Append("health");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            return;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Perform an export of all settings [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body)
+        {
+            return PerformExportAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Perform an export of all settings [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/system/system/migration/export"
+                    urlBuilder_.Append("api/v1/system/system/migration/export");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ImportExportPackage>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Perform an import of all settings [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body)
+        {
+            return PerformImportAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Perform an import of all settings [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/system/system/migration/import"
+                    urlBuilder_.Append("api/v1/system/system/migration/import");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<ActionStep>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert. May return many items (e.g. thousands of sites)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SiteInfo>> GetTargetServiceItemsAsync(string serverType)
+        {
+            return GetTargetServiceItemsAsync(serverType, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert. May return many items (e.g. thousands of sites)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SiteInfo>> GetTargetServiceItemsAsync(string serverType, System.Threading.CancellationToken cancellationToken)
+        {
+            if (serverType == null)
+                throw new System.ArgumentNullException("serverType");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/target/{serverType}/items"
+                    urlBuilder_.Append("internal/v1/target/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/items");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<SiteInfo>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Return details of single target server item (e.g. 1 site)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemAsync(string serverType, string itemId)
+        {
+            return GetTargetServiceItemAsync(serverType, itemId, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Return details of single target server item (e.g. 1 site)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemAsync(string serverType, string itemId, System.Threading.CancellationToken cancellationToken)
+        {
+            if (serverType == null)
+                throw new System.ArgumentNullException("serverType");
+
+            if (itemId == null)
+                throw new System.ArgumentNullException("itemId");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/target/{serverType}/item/{itemId}"
+                    urlBuilder_.Append("internal/v1/target/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/item/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(itemId, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<SiteInfo>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DomainOption>> GetTargetServiceItemIdentifiersAsync(string serverType, string itemId)
+        {
+            return GetTargetServiceItemIdentifiersAsync(serverType, itemId, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DomainOption>> GetTargetServiceItemIdentifiersAsync(string serverType, string itemId, System.Threading.CancellationToken cancellationToken)
+        {
+            if (serverType == null)
+                throw new System.ArgumentNullException("serverType");
+
+            if (itemId == null)
+                throw new System.ArgumentNullException("itemId");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/target/{serverType}/item/{itemId}/identifiers"
+                    urlBuilder_.Append("internal/v1/target/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/item/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(itemId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/identifiers");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<DomainOption>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Get list of target services this server supports (e.g. IIS etc)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<string>> GetTargetServiceTypesAsync()
+        {
+            return GetTargetServiceTypesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of target services this server supports (e.g. IIS etc)
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<string>> GetTargetServiceTypesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/target/services"
+                    urlBuilder_.Append("internal/v1/target/services");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<string>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// get current challenge info fo a given type/key
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SimpleAuthorizationChallengeItem>> GetValidationChallengesAsync(string type, string key)
+        {
+            return GetValidationChallengesAsync(type, key, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// get current challenge info fo a given type/key
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SimpleAuthorizationChallengeItem>> GetValidationChallengesAsync(string type, string key, System.Threading.CancellationToken cancellationToken)
+        {
+            if (type == null)
+                throw new System.ArgumentNullException("type");
+
+            if (key == null)
+                throw new System.ArgumentNullException("key");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "api/v1/validation/{type}/{key}"
+                    urlBuilder_.Append("api/v1/validation/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(type, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append('/');
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(key, System.Globalization.CultureInfo.InvariantCulture)));
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<SimpleAuthorizationChallengeItem>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        protected struct ObjectResponseResult<T>
+        {
+            public ObjectResponseResult(T responseObject, string responseText)
+            {
+                this.Object = responseObject;
+                this.Text = responseText;
+            }
+
+            public T Object { get; }
+
+            public string Text { get; }
+        }
+
+        public bool ReadResponseAsString { get; set; }
+
+        protected virtual async System.Threading.Tasks.Task<ObjectResponseResult<T>> ReadObjectResponseAsync<T>(System.Net.Http.HttpResponseMessage response, System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> headers, System.Threading.CancellationToken cancellationToken)
+        {
+            if (response == null || response.Content == null)
+            {
+                return new ObjectResponseResult<T>(default(T), string.Empty);
+            }
+
+            if (ReadResponseAsString)
+            {
+                var responseText = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
+                try
+                {
+                    var typedBody = Newtonsoft.Json.JsonConvert.DeserializeObject<T>(responseText, JsonSerializerSettings);
+                    return new ObjectResponseResult<T>(typedBody, responseText);
+                }
+                catch (Newtonsoft.Json.JsonException exception)
+                {
+                    var message = "Could not deserialize the response body string as " + typeof(T).FullName + ".";
+                    throw new ApiException(message, (int)response.StatusCode, responseText, headers, exception);
+                }
+            }
+            else
+            {
+                try
+                {
+                    using (var responseStream = await response.Content.ReadAsStreamAsync().ConfigureAwait(false))
+                    using (var streamReader = new System.IO.StreamReader(responseStream))
+                    using (var jsonTextReader = new Newtonsoft.Json.JsonTextReader(streamReader))
+                    {
+                        var serializer = Newtonsoft.Json.JsonSerializer.Create(JsonSerializerSettings);
+                        var typedBody = serializer.Deserialize<T>(jsonTextReader);
+                        return new ObjectResponseResult<T>(typedBody, string.Empty);
+                    }
+                }
+                catch (Newtonsoft.Json.JsonException exception)
+                {
+                    var message = "Could not deserialize the response body stream as " + typeof(T).FullName + ".";
+                    throw new ApiException(message, (int)response.StatusCode, string.Empty, headers, exception);
+                }
+            }
+        }
+
+        private string ConvertToString(object value, System.Globalization.CultureInfo cultureInfo)
+        {
+            if (value == null)
+            {
+                return "";
+            }
+
+            if (value is System.Enum)
+            {
+                var name = System.Enum.GetName(value.GetType(), value);
+                if (name != null)
+                {
+                    var field = System.Reflection.IntrospectionExtensions.GetTypeInfo(value.GetType()).GetDeclaredField(name);
+                    if (field != null)
+                    {
+                        var attribute = System.Reflection.CustomAttributeExtensions.GetCustomAttribute(field, typeof(System.Runtime.Serialization.EnumMemberAttribute)) 
+                            as System.Runtime.Serialization.EnumMemberAttribute;
+                        if (attribute != null)
+                        {
+                            return attribute.Value != null ? attribute.Value : name;
+                        }
+                    }
+
+                    var converted = System.Convert.ToString(System.Convert.ChangeType(value, System.Enum.GetUnderlyingType(value.GetType()), cultureInfo));
+                    return converted == null ? string.Empty : converted;
+                }
+            }
+            else if (value is bool) 
+            {
+                return System.Convert.ToString((bool)value, cultureInfo).ToLowerInvariant();
+            }
+            else if (value is byte[])
+            {
+                return System.Convert.ToBase64String((byte[]) value);
+            }
+            else if (value is string[])
+            {
+                return string.Join(",", (string[])value);
+            }
+            else if (value.GetType().IsArray)
+            {
+                var valueArray = (System.Array)value;
+                var valueTextArray = new string[valueArray.Length];
+                for (var i = 0; i < valueArray.Length; i++)
+                {
+                    valueTextArray[i] = ConvertToString(valueArray.GetValue(i), cultureInfo);
+                }
+                return string.Join(",", valueTextArray);
+            }
+
+            var result = System.Convert.ToString(value, cultureInfo);
+            return result == null ? "" : result;
+        }
+    }
+
+    
+
+
+
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    public partial class ApiException : System.Exception
+    {
+        public int StatusCode { get; private set; }
+
+        public string Response { get; private set; }
+
+        public System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> Headers { get; private set; }
+
+        public ApiException(string message, int statusCode, string response, System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> headers, System.Exception innerException)
+            : base(message + "\n\nStatus: " + statusCode + "\nResponse: \n" + ((response == null) ? "(null)" : response.Substring(0, response.Length >= 512 ? 512 : response.Length)), innerException)
+        {
+            StatusCode = statusCode;
+            Response = response;
+            Headers = headers;
+        }
+
+        public override string ToString()
+        {
+            return string.Format("HTTP Response: \n\n{0}\n\n{1}", Response, base.ToString());
+        }
+    }
+
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    public partial class ApiException<TResult> : ApiException
+    {
+        public TResult Result { get; private set; }
+
+        public ApiException(string message, int statusCode, string response, System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> headers, TResult result, System.Exception innerException)
+            : base(message, statusCode, response, headers, innerException)
+        {
+            Result = result;
+        }
+    }
+
+}
+
+#pragma warning restore  108
+#pragma warning restore  114
+#pragma warning restore  472
+#pragma warning restore  612
+#pragma warning restore 1573
+#pragma warning restore 1591
+#pragma warning restore 8073
+#pragma warning restore 3016
+#pragma warning restore 8603
+#pragma warning restore 8604
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
new file mode 100644
index 000000000..0d959f125
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="nswag.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <ExcludeFromSingleFile>true</ExcludeFromSingleFile>
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+    </Content>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Certify.Models\Certify.Models.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
new file mode 100644
index 000000000..e3d853588
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
@@ -0,0 +1,117 @@
+{
+  "runtime": "Net70",
+  "defaultVariables": null,
+  "documentGenerator": {
+    "fromDocument": {
+      "url": "https://localhost:44361/swagger/v1/swagger.json",
+      "output": null,
+      "newLineBehavior": "Auto"
+    }
+  },
+  "codeGenerators": {
+    "openApiToCSharpClient": {
+      "clientBaseClass": null,
+      "configurationClass": null,
+      "generateClientClasses": true,
+      "suppressClientClassesOutput": false,
+      "generateClientInterfaces": false,
+      "suppressClientInterfacesOutput": false,
+      "clientBaseInterface": null,
+      "injectHttpClient": true,
+      "disposeHttpClient": true,
+      "protectedMethods": [],
+      "generateExceptionClasses": true,
+      "exceptionClass": "ApiException",
+      "wrapDtoExceptions": true,
+      "useHttpClientCreationMethod": false,
+      "httpClientType": "System.Net.Http.HttpClient",
+      "useHttpRequestMessageCreationMethod": false,
+      "useBaseUrl": true,
+      "generateBaseUrlProperty": true,
+      "generateSyncMethods": false,
+      "generatePrepareRequestAndProcessResponseAsAsyncMethods": false,
+      "exposeJsonSerializerSettings": false,
+      "clientClassAccessModifier": "public",
+      "typeAccessModifier": "public",
+      "propertySetterAccessModifier": "",
+      "generateNativeRecords": false,
+      "generateContractsOutput": false,
+      "contractsNamespace": null,
+      "contractsOutputFilePath": null,
+      "parameterDateTimeFormat": "s",
+      "parameterDateFormat": "yyyy-MM-dd",
+      "generateUpdateJsonSerializerSettingsMethod": true,
+      "useRequestAndResponseSerializationSettings": false,
+      "serializeTypeInformation": false,
+      "queryNullValue": "",
+      "className": "{controller}Client",
+      "operationGenerationMode": "SingleClientFromOperationId",
+      "additionalNamespaceUsages": [
+        "Certify.Models",
+        "Certify.Models.Reporting",
+        "Certify.Models.Config",
+        "Certify.Models.API",
+        "Certify.Models.Providers",
+        "Certify.Models.Config.AccessControl",
+        "Certify.Models.Config.Migration"
+      ],
+      "additionalContractNamespaceUsages": [],
+      "generateOptionalParameters": false,
+      "generateJsonMethods": false,
+      "enforceFlagEnums": false,
+      "parameterArrayType": "System.Collections.Generic.IEnumerable",
+      "parameterDictionaryType": "System.Collections.Generic.IDictionary",
+      "responseArrayType": "System.Collections.Generic.ICollection",
+      "responseDictionaryType": "System.Collections.Generic.IDictionary",
+      "wrapResponses": false,
+      "wrapResponseMethods": [],
+      "generateResponseClasses": true,
+      "responseClass": "SwaggerResponse",
+      "namespace": "Certify.API.Public",
+      "requiredPropertiesMustBeDefined": true,
+      "dateType": "System.DateTimeOffset",
+      "jsonConverters": null,
+      "anyType": "object",
+      "dateTimeType": "System.DateTimeOffset",
+      "timeType": "System.TimeSpan",
+      "timeSpanType": "System.TimeSpan",
+      "arrayType": "System.Collections.Generic.ICollection",
+      "arrayInstanceType": "System.Collections.ObjectModel.Collection",
+      "dictionaryType": "System.Collections.Generic.IDictionary",
+      "dictionaryInstanceType": "System.Collections.Generic.Dictionary",
+      "arrayBaseType": "System.Collections.ObjectModel.Collection",
+      "dictionaryBaseType": "System.Collections.Generic.Dictionary",
+      "classStyle": "Poco",
+      "jsonLibrary": "NewtonsoftJson",
+      "generateDefaultValues": true,
+      "generateDataAnnotations": true,
+      "excludedTypeNames": [
+        "ManagedCertificate",
+        "BindingInfo",
+        "DomainOption",
+        "SiteInfo",
+        "ActionStep",
+        "CertRequestChallengeConfig",
+        "DeploymentProviderDefinition",
+        "ChallengeProviderDefinition"
+      ],
+      "excludedParameterNames": [],
+      "handleReferences": false,
+      "generateImmutableArrayProperties": false,
+      "generateImmutableDictionaryProperties": false,
+      "jsonSerializerSettingsTransformationMethod": null,
+      "inlineNamedArrays": false,
+      "inlineNamedDictionaries": false,
+      "inlineNamedTuples": true,
+      "inlineNamedAny": false,
+      "generateDtoTypes": false,
+      "generateOptionalPropertiesAsNullable": false,
+      "generateNullableReferenceTypes": false,
+      "templateDirectory": null,
+      "serviceHost": null,
+      "serviceSchemes": null,
+      "output": "Certify.API.Public.cs",
+      "newLineBehavior": "Auto"
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/readme.md b/src/Certify.Server/Certify.Server.Api.Public.Client/readme.md
new file mode 100644
index 000000000..9385e0f1f
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/readme.md
@@ -0,0 +1,5 @@
+# Certify.Server.Api.Public.Client
+
+This is a an example C# client for the public API of Certify Server. The Client is currently generated using NSwagStudio (start public API in debug then run the tool to generate the updated client).
+
+This client can optionally be used by API tests and is used by the Blazor WASM UI.

From 6d968ad507ea0479f58c6e146a26b0bc65c516ba Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 15 Jan 2024 13:55:05 +0800
Subject: [PATCH 114/237] Package updates

---
 .../Certify.Aspire.ServiceDefaults.csproj                 | 2 +-
 src/Certify.Client/Certify.Client.csproj                  | 6 +++---
 src/Certify.Models/Certify.Models.csproj                  | 4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj           | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj   | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                | 3 ++-
 .../Certify.Server.Api.Public.csproj                      | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj        | 8 ++++----
 src/Certify.Service/App.config                            | 2 +-
 .../Certify.Shared.Extensions.csproj                      | 2 +-
 .../Certify.Core.Tests.Unit.csproj                        | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj            | 2 +-
 12 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index dcf9ca505..9f3857e22 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.1.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.2.23619.3" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index ab9d2fd2c..5c6e9143f 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.2.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 9839a6be6..698d5f42e 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.2.0" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.8.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="8.0.0" />
+		<PackageReference Include="System.Text.Json" Version="8.0.1" />
 	</ItemGroup>
 	<ItemGroup>
 	  <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index b1a86b1b9..70d4119e1 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.301.8" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.3" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index aabbfb6c2..fb43b336d 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.36.0" />
+    <PackageReference Include="Azure.Core" Version="1.37.0" />
     <PackageReference Include="Azure.Identity" Version="1.10.4" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.0" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index ac9c3fbc3..864cf5cbe 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
@@ -36,6 +36,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Certify.Server.Api.Public.Client\Certify.Server.Api.Public.Client.csproj" />
     <ProjectReference Include="..\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj" />
     <ProjectReference Include="..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index f9ead6e91..0fd764c92 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,7 +18,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.1" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index d5def1de3..a0d19b7ec 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.2.1" />
         <PackageReference Include="Serilog" Version="3.1.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.1" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.0" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index c1a021fc2..559510f55 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.35.0.0" newVersion="1.36.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.36.0.0" newVersion="1.37.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index d64920bd5..3ad2e3071 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.0" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.1" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 0fc71d252..1c9f74d96 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -149,7 +149,7 @@
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageReference Include="Testcontainers" Version="3.6.0" />
+    <PackageReference Include="Testcontainers" Version="3.7.0" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 35e9e1d33..0762fb164 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="3.1.1" />
-		<PackageReference Include="System.Text.Json" Version="8.0.0" />
+		<PackageReference Include="System.Text.Json" Version="8.0.1" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>

From 3817aaf7d7cac025a70b50470e4ad5ab3708896f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 15 Jan 2024 13:59:29 +0800
Subject: [PATCH 115/237] UI: update license action text for clarity

---
 .../Controls/AboutControl.xaml                | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/Certify.UI.Shared/Controls/AboutControl.xaml b/src/Certify.UI.Shared/Controls/AboutControl.xaml
index df6c73b89..72bd281b4 100644
--- a/src/Certify.UI.Shared/Controls/AboutControl.xaml
+++ b/src/Certify.UI.Shared/Controls/AboutControl.xaml
@@ -81,24 +81,16 @@
                 Click="UpdateCheck_Click"
                 Content="{x:Static res:SR.AboutControl_CheckForUpdateButton}"
                 DockPanel.Dock="Top" />
-            <Button
-                x:Name="Register"
-                Width="150"
-                Margin="0,0,0,8"
-                HorizontalAlignment="Right"
-                VerticalAlignment="Top"
-                Click="Button_Click"
-                Content="{x:Static res:SR.AboutControl_Register}"
-                DockPanel.Dock="Top" />
+
 
             <Button
                 x:Name="ValidateKey"
                 Width="150"
-                Margin="0,0,0,8"
+                Margin="0,24,0,8"
                 HorizontalAlignment="Right"
                 VerticalAlignment="Top"
                 Click="Button_ApplyRegistrationKey"
-                Content="{x:Static res:SR.AboutControl_EnterKey}"
+                Content="Add License Key.."
                 DockPanel.Dock="Top" />
 
             <Button
@@ -108,7 +100,7 @@
                 HorizontalAlignment="Right"
                 VerticalAlignment="Top"
                 Click="DeactivateInstall_Click"
-                Content="Deactivate Install"
+                Content="Remove License Key.."
                 DockPanel.Dock="Top" />
 
             <Button
@@ -120,7 +112,15 @@
                 Click="Help_Click"
                 Content="{x:Static res:SR.AboutControl_Support}"
                 DockPanel.Dock="Top" />
-
+            <Button
+                x:Name="Register"
+                Width="150"
+                Margin="0,0,0,8"
+                HorizontalAlignment="Right"
+                VerticalAlignment="Top"
+                Click="Button_Click"
+                Content="{x:Static res:SR.AboutControl_Register}"
+                DockPanel.Dock="Top" />
 
         </DockPanel>
 

From dd671ed0f9d64df0cd1f122c13cedee5461b684c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 16 Jan 2024 14:02:49 +0800
Subject: [PATCH 116/237] Update implementation of public API tests, fix
 download and version tests

---
 .../Certify.API.Public.cs                     | 167 ++++++++----------
 .../APITestBase.cs                            | 108 +++++------
 .../AuthTests.cs                              |  55 ++----
 .../CertificateTests.cs                       |  61 ++++---
 .../Certify.Server.Api.Public.Tests.csproj    |  70 +++-----
 .../SystemTests.cs                            |  12 +-
 .../Controllers/v1/CertificateController.cs   |   4 +-
 .../Controllers/v1/SystemController.cs        |   7 +-
 .../Certify.Server.Api.Public/Startup.cs      |  19 +-
 .../Certify.Server.Core.csproj                |   3 +
 .../Certify.Server.Core/Program.cs            |   5 +
 .../Certify.Server.Core/Startup.cs            |  21 ++-
 12 files changed, 253 insertions(+), 279 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 47ec8f528..3abb3f06c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1,6 +1,6 @@
 //----------------------
 // <auto-generated>
-//     Generated using the NSwag toolchain v14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
+//     Generated using the NSwag toolchain v14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
 // </auto-generated>
 //----------------------
 
@@ -22,17 +22,18 @@
 #pragma warning disable 3016 // Disable "CS3016 Arrays as attribute arguments is not CLS-compliant"
 #pragma warning disable 8603 // Disable "CS8603 Possible null reference return"
 #pragma warning disable 8604 // Disable "CS8604 Possible null reference argument for parameter"
+#pragma warning disable 8625 // Disable "CS8625 Cannot convert null literal to non-nullable reference type"
 
 namespace Certify.API.Public
 {
     using System = global::System;
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class Client 
     {
     #pragma warning disable 8618 // Set by constructor via BaseUrl property
         private string _baseUrl;
-    #pragma restore disable 8618 // Set by constructor via BaseUrl property
+    #pragma warning restore 8618 // Set by constructor via BaseUrl property
         private System.Net.Http.HttpClient _httpClient;
         private static System.Lazy<Newtonsoft.Json.JsonSerializerSettings> _settings = new System.Lazy<Newtonsoft.Json.JsonSerializerSettings>(CreateSerializerSettings, true);
 
@@ -589,7 +590,7 @@ public virtual async System.Threading.Tasks.Task<AuthResponse> RefreshAsync(stri
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task DownloadAsync(string managedCertId, string format, string mode)
+        public virtual System.Threading.Tasks.Task<FileResponse> DownloadAsync(string managedCertId, string format, string mode)
         {
             return DownloadAsync(managedCertId, format, mode, System.Threading.CancellationToken.None);
         }
@@ -600,7 +601,7 @@ public virtual System.Threading.Tasks.Task DownloadAsync(string managedCertId, s
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task DownloadAsync(string managedCertId, string format, string mode, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<FileResponse> DownloadAsync(string managedCertId, string format, string mode, System.Threading.CancellationToken cancellationToken)
         {
             if (managedCertId == null)
                 throw new System.ArgumentNullException("managedCertId");
@@ -615,6 +616,7 @@ public virtual async System.Threading.Tasks.Task DownloadAsync(string managedCer
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
                     request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
@@ -653,9 +655,12 @@ public virtual async System.Threading.Tasks.Task DownloadAsync(string managedCer
                         ProcessResponse(client_, response_);
 
                         var status_ = (int)response_.StatusCode;
-                        if (status_ == 200)
+                        if (status_ == 200 || status_ == 206)
                         {
-                            return;
+                            var responseStream_ = response_.Content == null ? System.IO.Stream.Null : await response_.Content.ReadAsStreamAsync().ConfigureAwait(false);
+                            var fileResponse_ = new FileResponse(status_, headers_, responseStream_, null, response_);
+                            disposeClient_ = false; disposeResponse_ = false; // response and client are disposed by FileResponse
+                            return fileResponse_;
                         }
                         else
                         {
@@ -2632,7 +2637,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveStoredCrede
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task GetSystemVersionAsync()
+        public virtual System.Threading.Tasks.Task<Version> GetSystemVersionAsync()
         {
             return GetSystemVersionAsync(System.Threading.CancellationToken.None);
         }
@@ -2643,7 +2648,7 @@ public virtual System.Threading.Tasks.Task GetSystemVersionAsync()
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task GetSystemVersionAsync(System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<Version> GetSystemVersionAsync(System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -2652,6 +2657,7 @@ public virtual async System.Threading.Tasks.Task GetSystemVersionAsync(System.Th
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
                     request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
@@ -2683,7 +2689,12 @@ public virtual async System.Threading.Tasks.Task GetSystemVersionAsync(System.Th
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            return;
+                            var objectResponse_ = await ReadObjectResponseAsync<Version>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
                         }
                         else
                         {
@@ -2710,7 +2721,7 @@ public virtual async System.Threading.Tasks.Task GetSystemVersionAsync(System.Th
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task GetHealthAsync()
+        public virtual System.Threading.Tasks.Task<object> GetHealthAsync()
         {
             return GetHealthAsync(System.Threading.CancellationToken.None);
         }
@@ -2721,7 +2732,7 @@ public virtual System.Threading.Tasks.Task GetHealthAsync()
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task GetHealthAsync(System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<object> GetHealthAsync(System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -2730,6 +2741,7 @@ public virtual async System.Threading.Tasks.Task GetHealthAsync(System.Threading
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
                     request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
@@ -2761,85 +2773,12 @@ public virtual async System.Threading.Tasks.Task GetHealthAsync(System.Threading
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            return;
-                        }
-                        else
-                        {
-                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
-                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
-                        }
-                    }
-                    finally
-                    {
-                        if (disposeResponse_)
-                            response_.Dispose();
-                    }
-                }
-            }
-            finally
-            {
-                if (disposeClient_)
-                    client_.Dispose();
-            }
-        }
-
-        /// <summary>
-        /// Check API is responding and can connect to background service
-        /// </summary>
-        /// <returns>Success</returns>
-        /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task GetHealth2Async()
-        {
-            return GetHealth2Async(System.Threading.CancellationToken.None);
-        }
-
-        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
-        /// <summary>
-        /// Check API is responding and can connect to background service
-        /// </summary>
-        /// <returns>Success</returns>
-        /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task GetHealth2Async(System.Threading.CancellationToken cancellationToken)
-        {
-            var client_ = _httpClient;
-            var disposeClient_ = false;
-            try
-            {
-                using (var request_ = new System.Net.Http.HttpRequestMessage())
-                {
-                    request_.Method = new System.Net.Http.HttpMethod("GET");
-
-                    var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
-                    // Operation Path: "health"
-                    urlBuilder_.Append("health");
-
-                    PrepareRequest(client_, request_, urlBuilder_);
-
-                    var url_ = urlBuilder_.ToString();
-                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
-
-                    PrepareRequest(client_, request_, url_);
-
-                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
-                    var disposeResponse_ = true;
-                    try
-                    {
-                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
-                        foreach (var item_ in response_.Headers)
-                            headers_[item_.Key] = item_.Value;
-                        if (response_.Content != null && response_.Content.Headers != null)
-                        {
-                            foreach (var item_ in response_.Content.Headers)
-                                headers_[item_.Key] = item_.Value;
-                        }
-
-                        ProcessResponse(client_, response_);
-
-                        var status_ = (int)response_.StatusCode;
-                        if (status_ == 200)
-                        {
-                            return;
+                            var objectResponse_ = await ReadObjectResponseAsync<object>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
                         }
                         else
                         {
@@ -3398,7 +3337,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         }
 
         /// <summary>
-        /// get current challenge info fo a given type/key
+        /// get current challenge info for a given type/key
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
@@ -3409,7 +3348,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// get current challenge info fo a given type/key
+        /// get current challenge info for a given type/key
         /// </summary>
         /// <returns>Success</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
@@ -3604,9 +3543,44 @@ private string ConvertToString(object value, System.Globalization.CultureInfo cu
 
     
 
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    public partial class FileResponse : System.IDisposable
+    {
+        private System.IDisposable _client;
+        private System.IDisposable _response;
+
+        public int StatusCode { get; private set; }
+
+        public System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> Headers { get; private set; }
+
+        public System.IO.Stream Stream { get; private set; }
+
+        public bool IsPartial
+        {
+            get { return StatusCode == 206; }
+        }
+
+        public FileResponse(int statusCode, System.Collections.Generic.IReadOnlyDictionary<string, System.Collections.Generic.IEnumerable<string>> headers, System.IO.Stream stream, System.IDisposable client, System.IDisposable response)
+        {
+            StatusCode = statusCode;
+            Headers = headers;
+            Stream = stream;
+            _client = client;
+            _response = response;
+        }
+
+        public void Dispose()
+        {
+            Stream.Dispose();
+            if (_response != null)
+                _response.Dispose();
+            if (_client != null)
+                _client.Dispose();
+        }
+    }
 
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException : System.Exception
     {
         public int StatusCode { get; private set; }
@@ -3629,7 +3603,7 @@ public override string ToString()
         }
     }
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.0.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException<TResult> : ApiException
     {
         public TResult Result { get; private set; }
@@ -3652,4 +3626,5 @@ public ApiException(string message, int statusCode, string response, System.Coll
 #pragma warning restore 8073
 #pragma warning restore 3016
 #pragma warning restore 8603
-#pragma warning restore 8604
\ No newline at end of file
+#pragma warning restore 8604
+#pragma warning restore 8625
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index 8fb166e7c..fc469204e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -7,10 +8,12 @@
 using Certify.Server.Api.Public.Controllers;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
+using Microsoft.VisualStudio.TestPlatform.CoreUtilities.Helpers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 namespace Certify.Service.Api.Tests
@@ -18,10 +21,13 @@ namespace Certify.Service.Api.Tests
     [TestClass]
     public class APITestBase
     {
-        internal static HttpClient _clientWithAnonymousAccess;
-        internal static HttpClient _clientWithAuthorizedAccess;
+        internal static Certify.API.Public.Client _clientWithAnonymousAccess;
+        internal static HttpClient _httpClientWithAnonymousAccess;
 
-        internal static TestServer _server;
+        internal static Certify.API.Public.Client _clientWithAuthorizedAccess;
+        internal static HttpClient _httpClientWithAuthorizedAccess;
+
+        internal static TestServer _apiServer;
 
         internal static System.Text.Json.JsonSerializerOptions _defaultJsonSerializerOptions = new System.Text.Json.JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
@@ -30,84 +36,84 @@ public class APITestBase
         internal string _refreshToken;
 
         [AssemblyInitialize]
-        public static void Init(TestContext context)
+        public static void AssemblyInit(TestContext context)
         {
-
             // setup public API service and backend service
 
-            var config = new ConfigurationBuilder()
-                .SetBasePath(AppContext.BaseDirectory)
-                .AddJsonFile("appsettings.json", optional: true)
-                .AddEnvironmentVariables()
-                .Build();
 
-            var services = new ServiceCollection()
-                .AddLogging()
-                .BuildServiceProvider();
+            // tell backend service to uses specific host/ports if not already set
+            if (Environment.GetEnvironmentVariable("CERTIFY_SERVICE_HOST") == null)
+            {
+                Environment.SetEnvironmentVariable("CERTIFY_SERVICE_HOST", "127.0.0.1");
+            }
 
-            var factory = services.GetService<ILoggerFactory>();
+            if (Environment.GetEnvironmentVariable("CERTIFY_SERVICE_PORT") == null)
+            {
+                Environment.SetEnvironmentVariable("CERTIFY_SERVICE_PORT", "5000");
+            }
 
-            var logger = factory.CreateLogger<SystemController>();
+            // create a test server for the public API, setup authorized and unauthorized clients
 
-            _server = new TestServer(
+            _apiServer = new TestServer(
                 new WebHostBuilder()
                  .ConfigureAppConfiguration((context, builder) =>
                  {
-                     builder
-                     .AddJsonFile("appsettings.api.public.test.json");
+                     builder.AddJsonFile("appsettings.api.public.test.json");
+                     
                  })
                 .UseStartup<Server.API.Startup>()
                 );
+            
+            _httpClientWithAnonymousAccess = _apiServer.CreateClient();
+            _clientWithAnonymousAccess = new API.Public.Client(_apiServer.BaseAddress.ToString(), _httpClientWithAnonymousAccess);
 
-            _clientWithAnonymousAccess = _server.CreateClient();
-            _clientWithAuthorizedAccess = _server.CreateClient();
+            _httpClientWithAuthorizedAccess = _apiServer.CreateClient();
+            _clientWithAuthorizedAccess = new API.Public.Client(_apiServer.BaseAddress.ToString(), _httpClientWithAuthorizedAccess);
 
-           // CreateCoreServer();
+            CreateCoreServer();
         }
 
-        private static void CreateCoreServer()
+        [AssemblyCleanup]
+        public static void AssemblyCleanup()
         {
-            // configure and start a custom instance of the core server for the public API to talk to
-            var builder = WebApplication.CreateBuilder();
+            _serverProcess.CloseMainWindow();
+            _serverProcess.Close();
+            _serverProcess.Dispose();
+        }
 
-            var coreServerStartup = new Certify.Server.Core.Startup(builder.Configuration);
-            
-            if (File.Exists(Path.Join(AppContext.BaseDirectory, "appsettings.worker.test.json")))
+        static Process? _serverProcess = null;
+        private static void CreateCoreServer()
+        {
+            if (_serverProcess == null)
             {
-                builder.Configuration.AddJsonFile("appsettings.worker.test.json");
-                builder.Configuration.AddUserSecrets(typeof(APITestBase).Assembly); // for worker pfx details
+                var serverProcessInfo = new ProcessStartInfo()
+                {
+                    RedirectStandardInput = false,
+                    RedirectStandardOutput = true,
+                    RedirectStandardError = true,
+                    UseShellExecute = false,
+                    CreateNoWindow = true,
+                    FileName = "Certify.Server.Core.exe",
+                    Verb = "RunAs",
+                };
+
+                _serverProcess = Process.Start(serverProcessInfo);
             }
-
-            builder.Logging.ClearProviders();
-            builder.Logging.AddConsole();
-
-            coreServerStartup.ConfigureServices(builder.Services);
-
-            var coreServerApp = builder.Build();
-            
-            coreServerStartup.Configure(coreServerApp, builder.Environment);
-
-            coreServerApp.StartAsync();
-
         }
 
         public async Task PerformAuth()
         {
-            if (!_clientWithAuthorizedAccess.DefaultRequestHeaders.Any(h => h.Key == "Authorization"))
+            if (!_httpClientWithAuthorizedAccess.DefaultRequestHeaders.Any(h => h.Key == "Authorization"))
             {
-                var login = new { username = "test", password = "test" };
+                var login = new AuthRequest { Username = "test", Password = "test" };
 
-                var payload = new StringContent(System.Text.Json.JsonSerializer.Serialize(login), System.Text.UnicodeEncoding.UTF8, "application/json");
+                var result = await _clientWithAuthorizedAccess.LoginAsync(login);
 
-                var response = await _clientWithAuthorizedAccess.PostAsync(_apiBaseUri + "/auth/login", payload);
-                if (response.IsSuccessStatusCode)
+                if (result.AccessToken != null)
                 {
-                    var responseString = await response.Content.ReadAsStringAsync();
-                    var authResponse = System.Text.Json.JsonSerializer.Deserialize<AuthResponse>(responseString, _defaultJsonSerializerOptions);
-
-                    _refreshToken = authResponse.RefreshToken;
+                    _refreshToken = result.RefreshToken;
 
-                    _clientWithAuthorizedAccess.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", authResponse.AccessToken);
+                    _httpClientWithAuthorizedAccess.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken);
                 }
             }
         }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
index 3972f20c9..01233a3de 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
@@ -1,5 +1,6 @@
 using System.Net.Http;
 using System.Threading.Tasks;
+using Certify.API.Public;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
@@ -11,48 +12,28 @@ public class AuthTests : APITestBase
         [TestMethod]
         public async Task GetAuthStatus_UnauthorizedTest()
         {
-            // Act
-            var response = await _clientWithAnonymousAccess.GetAsync(_apiBaseUri + "/auth/status");
-
-            // Assert
-            Assert.IsFalse(response.IsSuccessStatusCode, "Auth status should not be success");
-
-            Assert.AreEqual(System.Net.HttpStatusCode.Unauthorized, response.StatusCode, "Auth status should be Unauthorized");
+            await Assert.ThrowsExceptionAsync<ApiException>(async () => await _clientWithAnonymousAccess.CheckAuthStatusAsync());
         }
 
         [TestMethod]
         public async Task GetAuthStatus_AuthorizedTest()
         {
-            // Act
             await PerformAuth();
 
-            var response = await _clientWithAuthorizedAccess.GetAsync(_apiBaseUri + "/auth/status");
-
-            // Assert
-            Assert.IsTrue(response.IsSuccessStatusCode, "Auth Status check should respond with success");
-
-            var responseString = await response.Content.ReadAsStringAsync();
-
-            Assert.AreEqual(System.Net.HttpStatusCode.OK, response.StatusCode, "Auth status code should respond with OK");
+            try
+            {
+                await _clientWithAuthorizedAccess.CheckAuthStatusAsync();
+            }
+            catch (ApiException exp)
+            {
+                Assert.Fail($"Auth status check should not throw exception: {exp.Message}");
+            }
         }
 
         [TestMethod]
         public async Task GetAuthRefreshToken_UnauthorizedTest()
         {
-            // Act
-
-            var payload = new StringContent(
-                System.Text.Json.JsonSerializer.Serialize(new { refreshToken = _refreshToken }),
-                System.Text.Encoding.UTF8,
-                "application/json"
-                );
-
-            var response = await _clientWithAnonymousAccess.PostAsync(_apiBaseUri + "/auth/refresh", payload);
-
-            // Assert
-            Assert.IsFalse(response.IsSuccessStatusCode, "Auth refresh should not be success");
-
-            Assert.AreEqual(System.Net.HttpStatusCode.Unauthorized, response.StatusCode, "Auth refresh should be Unauthorized");
+            await Assert.ThrowsExceptionAsync<ApiException>(async () => await _clientWithAnonymousAccess.RefreshAsync("auth123"));
         }
 
         [TestMethod]
@@ -61,20 +42,10 @@ public async Task GetAuthRefreshToken_AuthorizedTest()
             // Act
             await PerformAuth();
 
-            var payload = new StringContent(
-               System.Text.Json.JsonSerializer.Serialize(new { refreshToken = _refreshToken }),
-               System.Text.Encoding.UTF8,
-               "application/json"
-               );
-
-            var response = await _clientWithAuthorizedAccess.PostAsync(_apiBaseUri + "/auth/refresh", payload);
+            var response = await _clientWithAuthorizedAccess.RefreshAsync(_refreshToken);
 
             // Assert
-            Assert.IsTrue(response.IsSuccessStatusCode, "Auth refresh should respond with success");
-            Assert.AreEqual(System.Net.HttpStatusCode.OK, response.StatusCode, "Auth refresh should respond with OK");
-
-            var responseString = await response.Content.ReadAsStringAsync();
-            var authResponse = System.Text.Json.JsonSerializer.Deserialize<AuthResponse>(responseString, _defaultJsonSerializerOptions);
+            Assert.IsNotNull(response.AccessToken, "Auth refresh should respond with success");
 
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
index 498a8abc2..51754b32c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
@@ -1,9 +1,13 @@
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
+using Certify.API.Public;
+using Certify.Models;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Org.BouncyCastle.Utilities;
 
 namespace Certify.Service.Api.Tests
 {
@@ -13,13 +17,8 @@ public class CertificateTests : APITestBase
         [TestMethod]
         public async Task GetCertificates_UnauthorizedTest()
         {
-            // Act
-            var response = await _clientWithAnonymousAccess.GetAsync(_apiBaseUri + "/certificate");
-
-            // Assert
-            Assert.IsFalse(response.IsSuccessStatusCode);
+            await Assert.ThrowsExceptionAsync<ApiException>(async () => await _clientWithAnonymousAccess.GetManagedCertificatesAsync("", 0, 10));
 
-            Assert.AreEqual(System.Net.HttpStatusCode.Unauthorized, response.StatusCode);
         }
 
         [TestMethod]
@@ -28,19 +27,14 @@ public async Task GetCertificates_AuthorizedTest()
             // Act
             await PerformAuth();
 
-            var response = await _clientWithAuthorizedAccess.GetAsync(_apiBaseUri + "/certificate");
-            var responseString = await response.Content.ReadAsStringAsync();
+            var response = await _clientWithAuthorizedAccess.GetManagedCertificatesAsync("", 0, 10);
 
             // Assert
-            Assert.IsTrue(response.IsSuccessStatusCode);
-
-            Assert.AreEqual(System.Net.HttpStatusCode.OK, response.StatusCode);
-
-            var managedCerts = System.Text.Json.JsonSerializer.Deserialize<List<ManagedCertificateSummary>>(responseString, _defaultJsonSerializerOptions);
+            Assert.IsTrue(response.TotalResults > 0);
 
-            Assert.IsNotNull(managedCerts);
+            Assert.IsNotNull(response.Results);
 
-            Assert.IsNotNull(managedCerts[0].Id);
+            Assert.IsNotNull(response.Results.First().Id);
         }
 
         [TestMethod]
@@ -49,29 +43,34 @@ public async Task GetCertificateDownload_AuthorizedTest()
             // Act
             await PerformAuth();
 
-            var response = await _clientWithAuthorizedAccess.GetAsync(_apiBaseUri + "/certificate");
+            var response = await _clientWithAuthorizedAccess.GetManagedCertificatesAsync("", 0, 10);
 
-            Assert.IsTrue(response.IsSuccessStatusCode, "Certificate query should be successful");
+            Assert.IsTrue(response.TotalResults > 0, "Certificate query should be successful");
 
-            var responseString = await response.Content.ReadAsStringAsync();
-            var managedCerts = System.Text.Json.JsonSerializer.Deserialize<List<ManagedCertificateSummary>>(responseString, _defaultJsonSerializerOptions);
-
-            var itemWithCert = managedCerts.First(c => c.DateRenewed != null);
+            var itemWithCert = response.Results.Last(c => c.HasCertificate && c.Identifiers.Any(d=>d.IdentifierType== CertIdentifierType.Dns));
 
             // get cert /certificate/{managedCertId}/download/{format?}
 
-            var certDownloadResponse = await _clientWithAuthorizedAccess.GetAsync(_apiBaseUri + "/certificate/" + itemWithCert.Id + "/download/");
+           var file =  await _clientWithAuthorizedAccess.DownloadAsync(itemWithCert.Id, "pfx","fullchain");
 
             // Assert
-            Assert.IsTrue(certDownloadResponse.IsSuccessStatusCode);
-
-            var certResponseBytes = await certDownloadResponse.Content.ReadAsByteArrayAsync();
-
-            var cert = new X509Certificate2(certResponseBytes);
-
-            Assert.IsTrue(cert.HasPrivateKey, "Downloaded PFX has private key");
-
-            Assert.AreEqual(cert.Subject, "CN=" + itemWithCert.PrimaryIdentifier.Value, "Primary domain of cert should match primary domain of managed item");
+            using (var memoryStream = new MemoryStream())
+            {
+                file.Stream.CopyTo(memoryStream);
+                var certResponseBytes = memoryStream.ToArray();
+
+                try
+                {
+                    var cert = new X509Certificate2(certResponseBytes);
+
+                    Assert.IsTrue(cert.HasPrivateKey, "Downloaded PFX has private key");
+
+                    Assert.AreEqual(cert.Subject, "CN=" + itemWithCert.PrimaryIdentifier.Value, "Primary domain of cert should match primary domain of managed item");
+                } catch (System.Security.Cryptography.CryptographicException)
+                {
+                    // pfx has a password set
+                }
+            }
         }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 864cf5cbe..d4b3e9bc7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -1,44 +1,30 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-
-    <IsPackable>false</IsPackable>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <None Remove="appsettings.api.public.test.json" />
-    <None Remove="appsettings.worker.test.json" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Content Include="appsettings.api.public.test.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-      <ExcludeFromSingleFile>true</ExcludeFromSingleFile>
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-    <Content Include="appsettings.worker.test.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-      <ExcludeFromSingleFile>true</ExcludeFromSingleFile>
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
-    <PackageReference Include="coverlet.collector" Version="6.0.0">
-      <PrivateAssets>all</PrivateAssets>
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-    </PackageReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\Certify.Server.Api.Public.Client\Certify.Server.Api.Public.Client.csproj" />
-    <ProjectReference Include="..\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj" />
-    <ProjectReference Include="..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
-  </ItemGroup>
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+
+        <IsPackable>false</IsPackable>
+
+    </PropertyGroup>
+
+
+
+    <ItemGroup>
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+        <PackageReference Include="coverlet.collector" Version="6.0.0">
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+    </ItemGroup>
+
+    <ItemGroup>
+        <ProjectReference Include="..\Certify.Server.Api.Public.Client\Certify.Server.Api.Public.Client.csproj" />
+        <ProjectReference Include="..\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj" />
+        <ProjectReference Include="..\Certify.Server.Core\Certify.Server.Core\Certify.Server.Core.csproj" />
+    </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
index 2d9772503..00bc12ede 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
@@ -10,15 +10,13 @@ public class SystemTests : APITestBase
         [TestMethod]
         public async Task GetSystemVersionTest()
         {
+            await PerformAuth();
 
-            // Act
-            var response = await _clientWithAnonymousAccess.GetAsync("/api/v1/system/version");
-            response.EnsureSuccessStatusCode();
-            var responseString = await response.Content.ReadAsStringAsync();
-
+            var responseVersion = await _clientWithAuthorizedAccess.GetSystemVersionAsync();
+           
             // Assert
-            var expectedVersion = typeof(Certify.Models.AppVersion).GetTypeInfo().Assembly.GetName().Version.ToString();
-            Assert.AreEqual(expectedVersion, responseString);
+            var expectedVersion = typeof(Certify.Models.AppVersion).GetTypeInfo().Assembly.GetName().Version;
+            Assert.AreEqual(expectedVersion, responseVersion);
 
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 759c1e3de..1974fb214 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -40,7 +40,9 @@ public CertificateController(ILogger<CertificateController> logger, ICertifyInte
         [HttpGet]
         [Route("{managedCertId}/download/{format?}")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        public async Task<IActionResult> Download(string managedCertId, string format, string mode)
+        
+        [ProducesResponseType(typeof(FileContentResult), 200)]
+        public async Task<IActionResult> Download(string managedCertId, string format, string? mode = null)
         {
             if (format == null)
             {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 8f5ea4adf..5fced44fd 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -1,4 +1,4 @@
-using Certify.Client;
+using Certify.Client;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Server.Api.Public.Controllers
@@ -32,12 +32,12 @@ public SystemController(ILogger<SystemController> logger, ICertifyInternalApiCli
         /// <returns></returns>
         [HttpGet]
         [Route("version")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Version))]
         public async Task<IActionResult> GetSystemVersion()
         {
-
             var versionInfo = await _client.GetAppVersion();
 
-            return new OkObjectResult(versionInfo);
+            return new OkObjectResult(Version.Parse(versionInfo));
         }
 
         /// <summary>
@@ -46,6 +46,7 @@ public async Task<IActionResult> GetSystemVersion()
         /// <returns></returns>
         [HttpGet]
         [Route("health")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(object))]
         public async Task<IActionResult> GetHealth()
         {
             var serviceAvailable = false;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 675df3c9a..56e3f4817 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,10 +1,12 @@
-using System.Reflection;
+using System.Reflection;
 using Certify.Client;
 using Certify.Models.Config;
 using Certify.Server.Api.Public.Middleware;
 using Certify.SharedUtils;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
+using Microsoft.Extensions.Options;
 using Microsoft.OpenApi.Models;
 using Polly;
 
@@ -40,9 +42,9 @@ public void ConfigureServices(IServiceCollection services)
         /// Configure services for use by the API
         /// </summary>
         /// <param name="services"></param>
-        public List<ActionResult> ConfigureServicesWithResults(IServiceCollection services)
+        public List<Models.Config.ActionResult> ConfigureServicesWithResults(IServiceCollection services)
         {
-            var results = new List<ActionResult>();
+            var results = new List<Models.Config.ActionResult>();
 
             services
                 .AddTokenAuthentication(Configuration)
@@ -121,6 +123,15 @@ public List<ActionResult> ConfigureServicesWithResults(IServiceCollection servic
                 var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
                 c.IncludeXmlComments(xmlPath);
 
+                c.MapType<FileContentResult>(() =>
+                {
+                    return new Microsoft.OpenApi.Models.OpenApiSchema
+                    {
+                        Type = "string",
+                        Format = "binary",
+                    };
+                });
+
             });
 #endif
             // connect to certify service 
@@ -146,7 +157,7 @@ public List<ActionResult> ConfigureServicesWithResults(IServiceCollection servic
             backendServiceConnectionConfig.Authentication = "jwt";
             backendServiceConnectionConfig.ServerMode = "v2";
 
-            System.Diagnostics.Debug.WriteLine($"Public API: connecting to background service {serviceConfig:Host}:{serviceConfig.Port}");
+            System.Diagnostics.Debug.WriteLine($"Public API: connecting to background service {serviceConfig.Host}:{serviceConfig.Port}");
 
             var internalServiceClient = new Client.CertifyServiceClient(configManager, backendServiceConnectionConfig);
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index a0d19b7ec..176fa7e38 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -29,4 +29,7 @@
     <ItemGroup>
         <Folder Include="Properties\" />
     </ItemGroup>
+    <ItemGroup>
+        <InternalsVisibleTo Include="Certify.Server.Api.Public.Tests" />
+    </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
index b8586329d..82ffc5063 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
@@ -12,3 +12,8 @@
 startup.Configure(app, builder.Environment);
 
 app.Run();
+
+/// <summary>
+/// Declare program as partial for reference in tests: https://learn.microsoft.com/en-us/aspnet/core/test/integration-tests?view=aspnetcore-8.0
+/// </summary>
+public partial class Program { }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
index f619b52da..692e23be1 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
@@ -1,4 +1,5 @@
-using Certify.Management;
+using System.Text;
+using Certify.Management;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
 using Microsoft.OpenApi.Models;
@@ -154,8 +155,24 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             {
                 endpoints.MapHub<Service.StatusHub>("/api/status");
                 endpoints.MapControllers();
-            });
 
+#if DEBUG
+                endpoints.MapGet("/debug/routes", (IEnumerable<EndpointDataSource> endpointSources) =>
+                {
+                    var sb = new StringBuilder();
+                    var endpoints = endpointSources.SelectMany(es => es.Endpoints);
+                    foreach (var endpoint in endpoints)
+                    {
+                        if (endpoint is RouteEndpoint routeEndpoint)
+                        {
+                            sb.AppendLine($"{routeEndpoint.DisplayName} {routeEndpoint.RoutePattern.RawText}");
+                        }
+                    }
+
+                    return sb.ToString();
+                });
+#endif
+            });
         }
     }
 }

From 68b5ad2dc8592825c8efd33d443974244dcab25a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 1 Feb 2024 17:29:58 +0800
Subject: [PATCH 117/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                      | 2 +-
 src/Certify.Models/Certify.Models.csproj                      | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                    | 4 ++--
 src/Certify.Service/Certify.Service.csproj                    | 2 +-
 .../Certify.Core.Tests.Integration.csproj                     | 4 ++--
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj    | 4 ++--
 .../Certify.Service.Tests.Integration.csproj                  | 4 ++--
 .../Certify.UI.Tests.Integration.csproj                       | 4 ++--
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 5c6e9143f..b5709ac68 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.2.0" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 698d5f42e..05e517d02 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.2.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.0" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.8.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 70d4119e1..aaf4c29c7 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.3" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.10" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index d4b3e9bc7..d653b65d0 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -13,8 +13,8 @@
         <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
         <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
         <PackageReference Include="coverlet.collector" Version="6.0.0">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index d92277c5a..7502b7828 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.58.1" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.59.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 0dd1e195e..d6707e1fa 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -93,8 +93,8 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.2.1" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 1c9f74d96..10cefad7d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -144,8 +144,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index bde2a31f4..d5d1439a4 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -78,8 +78,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 2a5f58f27..d667c800e 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -74,8 +74,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
   </ItemGroup>
 
   <ItemGroup>

From 8a42c0dcda8e9e4f172cf2cbe84edead7ce8dee0 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 1 Feb 2024 17:32:30 +0800
Subject: [PATCH 118/237] Security principle and access control updates

---
 .../Management/Access/AccessControl.cs        | 106 +++++-
 .../Management/Access/IAccessControl.cs       |   7 +-
 .../CertifyManager/CertifyManager.cs          |  67 ++++
 src/Certify.Models/API/AuthRequest.cs         |  42 ++-
 src/Certify.Models/Config/AccessControl.cs    |   2 +
 .../Certify.API.Public.cs                     | 354 ++++++++++++++++++
 .../APITestBase.cs                            |   7 +-
 .../AccessTests.cs                            |  67 ++++
 .../Controllers/v1/AuthController.cs          |  77 ++--
 .../Controllers/AccessController.cs           | 118 +++---
 .../Controllers/AuthController.cs             |  55 +++
 .../Controllers/AuthController.cs             |  75 ----
 .../DataStores/AccessControlDataStoreTests.cs |   7 +-
 .../Tests/AccessControlTests.cs               | 217 +++++------
 14 files changed, 906 insertions(+), 295 deletions(-)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
 create mode 100644 src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
 delete mode 100644 src/Certify.Service/Controllers/AuthController.cs

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index f73d9baa1..8fe49bbea 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -2,10 +2,15 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography;
+using System.Text;
+using System.Text.Unicode;
 using System.Threading.Tasks;
+using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
 using Certify.Models.Providers;
 using Certify.Providers;
+using Org.BouncyCastle.Tls;
+using static System.Net.WebRequestMethods;
 
 namespace Certify.Core.Management.Access
 {
@@ -21,6 +26,23 @@ public AccessControl(ILog log, IAccessControlStore store)
             _log = log;
         }
 
+        /// <summary>
+        /// Check if the system has been initialized with a security principle
+        /// </summary>
+        /// <returns></returns>
+        public async Task<bool> IsInitialized()
+        {
+            var list = await GetSecurityPrinciples("system");
+            if (list.Count != 0)
+            {
+                return true;
+            }
+            else
+            {
+                return false;
+            }
+        }
+
         public async Task<List<Role>> GetSystemRoles()
         {
             return await Task.FromResult(new List<Role>
@@ -116,7 +138,28 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
 
         public async Task<SecurityPrinciple> GetSecurityPrinciple(string contextUserId, string id)
         {
-            return await _store.Get<SecurityPrinciple>(nameof(SecurityPrinciple), id);
+            try
+            {
+                return await _store.Get<SecurityPrinciple>(nameof(SecurityPrinciple), id);
+            }
+            catch (Exception exp)
+            {
+                _log.Error(exp, $"User {contextUserId} attempted to retrieve security principle [{id}] but was not successful");
+
+                return default;
+            }
+        }
+
+        public async Task<SecurityPrinciple> GetSecurityPrincipleByUsername(string contextUserId, string username)
+        {
+            if (string.IsNullOrWhiteSpace(username))
+            {
+                return default;
+            }
+
+            var list = await GetSecurityPrinciples(contextUserId);
+
+            return list?.SingleOrDefault(sp => sp.Username?.ToLowerInvariant() == username.ToLowerInvariant());
         }
 
         public async Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier)
@@ -217,21 +260,21 @@ public async Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy r
             return true;
         }
 
-        public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, string id, string oldpassword, string newpassword)
+        public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordUpdate passwordUpdate)
         {
-            if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            if (passwordUpdate.SecurityPrincipleId != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning("User {contextUserId} attempted to use updated password for [{id}] without being in required role.", contextUserId, id);
+                _log?.Warning("User {contextUserId} attempted to use updated password for [{id}] without being in required role.", contextUserId, passwordUpdate.SecurityPrincipleId);
                 return false;
             }
 
             var updated = false;
 
-            var principle = await GetSecurityPrinciple(contextUserId, id);
+            var principle = await GetSecurityPrinciple(contextUserId, passwordUpdate.SecurityPrincipleId);
 
-            if (IsPasswordValid(oldpassword, principle.Password))
+            if (IsPasswordValid(passwordUpdate.Password, principle.Password))
             {
-                principle.Password = HashPassword(newpassword);
+                principle.Password = HashPassword(passwordUpdate.NewPassword);
                 updated = await UpdateSecurityPrinciple(contextUserId, principle);
             }
             else
@@ -254,6 +297,11 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, st
 
         public bool IsPasswordValid(string password, string currentHash)
         {
+            if (string.IsNullOrWhiteSpace(currentHash) && string.IsNullOrWhiteSpace(password))
+            {
+                return true;
+            }
+
             var components = currentHash.Split('.');
 
             // hash provided password with same salt to compare result
@@ -309,7 +357,6 @@ public async Task AddAction(ResourceAction action)
 
         public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id)
         {
-
             if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
                 _log?.Warning("User {contextUserId} attempted to read assigned role for [{id}] without being in required role.", contextUserId, id);
@@ -320,5 +367,48 @@ public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, str
 
             return assignedRoles.Where(r => r.SecurityPrincipleId == id).ToList();
         }
+
+        public async Task<SecurityPrincipleCheckResponse> CheckSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordCheck passwordCheck)
+        {
+            var principle = string.IsNullOrWhiteSpace(passwordCheck.SecurityPrincipleId) ?
+                                await GetSecurityPrincipleByUsername(contextUserId, passwordCheck.Username) :
+                                await GetSecurityPrinciple(contextUserId, passwordCheck.SecurityPrincipleId);
+
+            if (principle != null && IsPasswordValid(passwordCheck.Password, principle.Password))
+            {
+                principle.AvatarUrl = string.IsNullOrWhiteSpace(principle.Email) ? "https://gravatar.com/avatar/00000000000000000000000000000000" : $"https://gravatar.com/avatar/{GetSHA256Hash(principle.Email.Trim().ToLower())}";
+                return new SecurityPrincipleCheckResponse { IsSuccess = true, SecurityPrinciple = principle };
+            }
+            else
+            {
+                if (principle == null)
+                {
+                    return new SecurityPrincipleCheckResponse { IsSuccess = false, Message = "Invalid security principle" };
+                }
+                else
+                {
+                    return new SecurityPrincipleCheckResponse { IsSuccess = false, Message = "Invalid password" };
+                }
+            }
+        }
+
+        public string GetSHA256Hash(string val)
+        {
+            using (var sha256Hash = SHA256.Create())
+            {
+                byte[] data = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(val));
+                var sBuilder = new StringBuilder();
+
+                // Loop through each byte of the hashed data
+                // and format each one as a hexadecimal string.
+                for (int i = 0; i < data.Length; i++)
+                {
+                    sBuilder.Append(data[i].ToString("x2"));
+                }
+
+                // Return the hexadecimal string.
+                return sBuilder.ToString();
+            }
+        }
     }
 }
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
index b5a4b8c2a..26e12e5f9 100644
--- a/src/Certify.Core/Management/Access/IAccessControl.cs
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
 
 namespace Certify.Core.Management.Access
@@ -21,12 +22,12 @@ public interface IAccessControl
         Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
         Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id);
         Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle);
-        Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, string id, string oldpassword, string newpassword);
+        Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordUpdate passwordUpdate);
+        Task<SecurityPrincipleCheckResponse> CheckSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordCheck passwordCheck);
 
         Task AddRole(Role role);
         Task AddAssignedRole(AssignedRole assignedRole);
         Task AddAction(ResourceAction action);
-
-
+        Task<bool> IsInitialized();
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 505aecd3a..d3b3bc8a0 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -11,6 +11,7 @@
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
 using Certify.Models;
+using Certify.Models.Config.AccessControl;
 using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
@@ -192,6 +193,72 @@ public async Task Init()
         }
 
             await UpgradeSettings();
+
+            var accessControl = await GetCurrentAccessControl();
+
+            if (await accessControl.IsInitialized() == false)
+            {
+                BootstrapTestAdminUserAndRoles(accessControl).Wait();
+            }
+        }
+
+        private static async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
+        {
+
+            var adminSp = new SecurityPrinciple
+            {
+                Id = "admin_01",
+                Email = "admin@test.com",
+                Description = "Primary test admin",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "admin",
+                Password = "admin",
+                Provider = StandardProviders.INTERNAL
+            };
+
+            await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
+
+            var actions = Policies.GetStandardResourceActions();
+
+            foreach (var action in actions)
+            {
+                await access.AddAction(action);
+            }
+
+            // setup policies with actions
+
+            var policies = Policies.GetStandardPolicies();
+
+            // add policies to store
+            foreach (var r in policies)
+            {
+                _ = await access.AddResourcePolicy(adminSp.Id, r, bypassIntegrityCheck: true);
+            }
+
+            // setup roles with policies
+            var roles = await access.GetSystemRoles();
+
+            foreach (var r in roles)
+            {
+                // add roles and policy assignments to store
+                await access.AddRole(r);
+            }
+
+            // assign security principles to roles
+            var assignedRoles = new List<AssignedRole> {
+                 // administrator
+                 new AssignedRole{
+                     Id= Guid.NewGuid().ToString(),
+                     RoleId=StandardRoles.Administrator.Id,
+                     SecurityPrincipleId=adminSp.Id
+                 }
+            };
+
+            foreach (var r in assignedRoles)
+            {
+                // add roles and policy assignments to store
+                await access.AddAssignedRole(r);
+            }
         }
 
         /// <summary>
diff --git a/src/Certify.Models/API/AuthRequest.cs b/src/Certify.Models/API/AuthRequest.cs
index f04c1c8fa..5f65580bb 100644
--- a/src/Certify.Models/API/AuthRequest.cs
+++ b/src/Certify.Models/API/AuthRequest.cs
@@ -1,4 +1,6 @@
-namespace Certify.Models.API
+using Certify.Models.Config.AccessControl;
+
+namespace Certify.Models.API
 {
     /// <summary>
     /// Required info to begin auth
@@ -37,5 +39,43 @@ public class AuthResponse
         /// Refresh token string
         /// </summary>
         public string RefreshToken { get; set; } = string.Empty;
+
+        public Models.Config.AccessControl.SecurityPrinciple? SecurityPrinciple { get; set; }
+    }
+
+    public class SecurityPrinciplePasswordCheck
+    {
+        public string SecurityPrincipleId { get; set; } = string.Empty;
+        public string Username { get; set; } = string.Empty;
+        public string Password { get; set; } = string.Empty;
+
+        public SecurityPrinciplePasswordCheck() { }
+        public SecurityPrinciplePasswordCheck(string securityPrincipleId, string password)
+        {
+            SecurityPrincipleId = securityPrincipleId;
+            Password = password;
+        }
+    }
+
+    public class SecurityPrincipleCheckResponse
+    {
+        public bool IsSuccess { get; set; }
+        public string Message { get; set; } = string.Empty;
+        public SecurityPrinciple SecurityPrinciple { get; set; }
+    }
+
+    public class SecurityPrinciplePasswordUpdate
+    {
+        public string SecurityPrincipleId { get; set; } = string.Empty;
+        public string Password { get; set; } = string.Empty;
+        public string NewPassword { get; set; } = string.Empty;
+
+        public SecurityPrinciplePasswordUpdate() { }
+        public SecurityPrinciplePasswordUpdate(string securityPrincipleId, string password, string newPassword)
+        {
+            SecurityPrincipleId = securityPrincipleId;
+            Password = password;
+            NewPassword = newPassword;
+        }
     }
 }
diff --git a/src/Certify.Models/Config/AccessControl.cs b/src/Certify.Models/Config/AccessControl.cs
index 4a8a4830d..ee52869ca 100644
--- a/src/Certify.Models/Config/AccessControl.cs
+++ b/src/Certify.Models/Config/AccessControl.cs
@@ -38,6 +38,8 @@ public class SecurityPrinciple : AccessStoreItem
         public SecurityPrincipleType? PrincipleType { get; set; }
 
         public string? AuthKey { get; set; }
+
+        public string AvatarUrl { get; set; } = string.Empty;
     }
 
     public class Role : AccessStoreItem
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 3abb3f06c..8d73daaa4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -326,6 +326,360 @@ public string BaseUrl
             }
         }
 
+        /// <summary>
+        /// Check password valid for security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<SecurityPrincipleCheckResponse> ValidateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordCheck body)
+        {
+            return ValidateSecurityPrinciplePasswordAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Check password valid for security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<SecurityPrincipleCheckResponse> ValidateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordCheck body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/validate"
+                    urlBuilder_.Append("internal/v1/access/validate");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<SecurityPrincipleCheckResponse>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Update password for security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordUpdate body)
+        {
+            return UpdateSecurityPrinciplePasswordAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Update password for security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordUpdate body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/updatepassword"
+                    urlBuilder_.Append("internal/v1/access/updatepassword");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Add new security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> AddSecurityPrincipleAsync(SecurityPrinciple body)
+        {
+            return AddSecurityPrincipleAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Add new security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> AddSecurityPrincipleAsync(SecurityPrinciple body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <summary>
+        /// Delete security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> DeleteSecurityPrincipleAsync(string id)
+        {
+            return DeleteSecurityPrincipleAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Delete security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> DeleteSecurityPrincipleAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple");
+            urlBuilder_.Append('?');
+            if (id != null)
+            {
+                urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+            }
+            urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Operations to check current auth status for the given presented authentication tokens
         /// </summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index fc469204e..7d4a25c43 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -40,7 +40,6 @@ public static void AssemblyInit(TestContext context)
         {
             // setup public API service and backend service
 
-
             // tell backend service to uses specific host/ports if not already set
             if (Environment.GetEnvironmentVariable("CERTIFY_SERVICE_HOST") == null)
             {
@@ -88,13 +87,9 @@ private static void CreateCoreServer()
             {
                 var serverProcessInfo = new ProcessStartInfo()
                 {
-                    RedirectStandardInput = false,
-                    RedirectStandardOutput = true,
-                    RedirectStandardError = true,
                     UseShellExecute = false,
                     CreateNoWindow = true,
-                    FileName = "Certify.Server.Core.exe",
-                    Verb = "RunAs",
+                    FileName = "Certify.Server.Core.exe"
                 };
 
                 _serverProcess = Process.Start(serverProcessInfo);
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
new file mode 100644
index 000000000..1979d62af
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
@@ -0,0 +1,67 @@
+using System.Net.Http;
+using System.Threading.Tasks;
+using Certify.API.Public;
+using Certify.Models.API;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Service.Api.Tests
+{
+    [TestClass]
+    public class AccessTests : APITestBase
+    {
+
+        [TestMethod]
+        public async Task AddDeleteSecurityPrinciple()
+        {
+            // Act
+            await PerformAuth();
+
+            var sp = new Models.Config.AccessControl.SecurityPrinciple
+            {
+                Id = "apitest_user",
+                Password = "test"
+            };
+
+            var add = await _clientWithAuthorizedAccess.AddSecurityPrincipleAsync(sp);
+
+            Assert.IsTrue(add.IsSuccess);
+
+            var delete = await _clientWithAuthorizedAccess.DeleteSecurityPrincipleAsync(sp.Id);
+
+            Assert.IsTrue(delete.IsSuccess);
+        }
+
+        [TestMethod]
+        public async Task AddUpdateDeleteSecurityPrinciple()
+        {
+            // Act
+            await PerformAuth();
+
+            var sp = new Models.Config.AccessControl.SecurityPrinciple
+            {
+                Id = "apitest_user",
+                Password = "test"
+            };
+
+            var add = await _clientWithAuthorizedAccess.AddSecurityPrincipleAsync(sp);
+
+            Assert.IsTrue(add.IsSuccess);
+
+            var validation = await _clientWithAuthorizedAccess.ValidateSecurityPrinciplePasswordAsync(new SecurityPrinciplePasswordCheck(sp.Id, sp.Password));
+
+            Assert.IsTrue(validation.IsSuccess);
+
+            var update = await _clientWithAuthorizedAccess.UpdateSecurityPrinciplePasswordAsync(new SecurityPrinciplePasswordUpdate(sp.Id, sp.Password, "newpwd"));
+
+            Assert.IsTrue(update.IsSuccess);
+
+            var updateValidation = await _clientWithAuthorizedAccess.ValidateSecurityPrinciplePasswordAsync(new SecurityPrinciplePasswordCheck(sp.Id, "newpwd"));
+
+            Assert.IsTrue(updateValidation.IsSuccess);
+
+            var delete = await _clientWithAuthorizedAccess.DeleteSecurityPrincipleAsync(sp.Id);
+
+            Assert.IsTrue(delete.IsSuccess);
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index e51c31c73..a6f0213a9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -1,6 +1,7 @@
 using System.Net.Http.Headers;
 using Certify.Client;
 using Certify.Models.API;
+using Certify.Models.Config.AccessControl;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -50,21 +51,34 @@ public async Task<IActionResult> CheckAuthStatus()
         /// <returns>Response contains access token and refresh token for API operations.</returns>
         [HttpPost]
         [Route("login")]
-        public AuthResponse Login(AuthRequest login)
+        [ProducesResponseType(typeof(AuthResponse), 200)]
+        public async Task<IActionResult> Login(AuthRequest login)
         {
-            // TODO: check users login, if valid issue new JWT access token and refresh token based on their identity
-            // Refresh token should be stored or hashed for later use
+            // check users login, if valid issue new JWT access token and refresh token based on their identity
+            var validation = await _client.ValidateSecurityPrinciplePassword(new SecurityPrinciplePasswordCheck() { Username = login.Username, Password = login.Password });
 
-            var jwt = new Api.Public.Services.JwtService(_config);
-
-            var authResponse = new AuthResponse
+            if (validation.IsSuccess)
             {
-                Detail = "OK",
-                AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"])),
-                RefreshToken = jwt.GenerateRefreshToken()
-            };
+                // TODO: get user details from API and return as part of response instead of returning as json
+
+                var jwt = new Api.Public.Services.JwtService(_config);
+
+                var authResponse = new AuthResponse
+                {
+                    Detail = "OK",
+                    AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"])),
+                    RefreshToken = jwt.GenerateRefreshToken(),
+                    SecurityPrinciple = validation.SecurityPrinciple
+                };
+
+                // TODO: Refresh token should be stored or hashed for later use
 
-            return authResponse;
+                return Ok(authResponse);
+            }
+            else
+            {
+                return Unauthorized();
+            }
         }
 
         /// <summary>
@@ -75,34 +89,39 @@ public AuthResponse Login(AuthRequest login)
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [HttpPost]
         [Route("refresh")]
-        public AuthResponse Refresh(string refreshToken)
+        [ProducesResponseType(typeof(AuthResponse), 200)]
+        public IActionResult Refresh(string refreshToken)
         {
             // validate token and issue new one
             var jwt = new Api.Public.Services.JwtService(_config);
 
             var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter;
-            var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
-            var username = claimsIdentity.Name;
 
-            // var savedRefreshToken = GetRefreshToken(username); //retrieve the refresh token from a data store
-            // if (savedRefreshToken != refreshToken)
-            // throw new SecurityTokenException("Invalid refresh token");
+            try
+            {
+                var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
+                var username = claimsIdentity.Name;
+
+                var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"]));
+                var newRefreshToken = jwt.GenerateRefreshToken();
 
-            var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"]));
-            var newRefreshToken = jwt.GenerateRefreshToken();
+                // invalidate old refresh token and store new one
+                // DeleteRefreshToken(username, refreshToken);
+                // SaveRefreshToken(username, newRefreshToken);
 
-            // invalidate old refresh token and store new one
-            // DeleteRefreshToken(username, refreshToken);
-            // SaveRefreshToken(username, newRefreshToken);
+                var authResponse = new AuthResponse
+                {
+                    Detail = "OK",
+                    AccessToken = newJwtToken,
+                    RefreshToken = newRefreshToken
+                };
 
-            var authResponse = new AuthResponse
+                return Ok(authResponse);
+            }
+            catch
             {
-                Detail = "OK",
-                AccessToken = newJwtToken,
-                RefreshToken = newRefreshToken
-            };
-
-            return authResponse;
+                return Unauthorized();
+            }
         }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index a6882a580..a5bb6f78e 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,6 +1,8 @@
 using Certify.Core.Management.Access;
 using Certify.Management;
+using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Service.Controllers
@@ -10,6 +12,13 @@ namespace Certify.Service.Controllers
     public class AccessController : ControllerBase
     {
         private ICertifyManager _certifyManager;
+        private IDataProtectionProvider _dataProtectionProvider;
+
+        public AccessController(ICertifyManager certifyManager, IDataProtectionProvider dataProtectionProvider)
+        {
+            _certifyManager = certifyManager;
+            _dataProtectionProvider = dataProtectionProvider;
+        }
 
         private string GetContextUserId()
         {
@@ -26,72 +35,32 @@ private string GetContextUserId()
             return contextUserId;
         }
 
-        public AccessController(ICertifyManager certifyManager)
-        {
-            _certifyManager = certifyManager;
-        }
-
-#if DEBUG
-        private async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
+        [HttpPost, Route("securityprinciple")]
+        public async Task<Models.Config.ActionResult> AddSecurityPrinciple([FromBody] SecurityPrinciple principle)
         {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var addResultOk = await accessControl.AddSecurityPrinciple(GetContextUserId(), principle);
 
-            var adminSp = new SecurityPrinciple
+            return new Models.Config.ActionResult
             {
-                Id = "admin_01",
-                Email = "admin@test.com",
-                Description = "Primary test admin",
-                PrincipleType = SecurityPrincipleType.User,
-                Username = "admin",
-                Provider = StandardProviders.INTERNAL
+                IsSuccess = addResultOk,
+                Message = addResultOk ? "Added" : "Failed to add"
             };
+        }
 
-            await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
-
-            var actions = Policies.GetStandardResourceActions();
-
-            foreach (var action in actions)
-            {
-                await access.AddAction(action);
-            }
-
-            // setup policies with actions
-
-            var policies = Policies.GetStandardPolicies();
-
-            // add policies to store
-            foreach (var r in policies)
-            {
-                _ = await access.AddResourcePolicy(adminSp.Id, r, bypassIntegrityCheck: true);
-            }
-
-            // setup roles with policies
-            var roles = await access.GetSystemRoles();
+        [HttpDelete, Route("securityprinciple/{id}")]
+        public async Task<Models.Config.ActionResult> DeleteSecurityPrinciple(string id)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var resultOk = await accessControl.DeleteSecurityPrinciple(GetContextUserId(), id);
 
-            foreach (var r in roles)
+            return new Models.Config.ActionResult
             {
-                // add roles and policy assignments to store
-                await access.AddRole(r);
-            }
-
-            // assign security principles to roles
-            var assignedRoles = new List<AssignedRole> {
-                 // administrator
-                 new AssignedRole{
-                     Id= Guid.NewGuid().ToString(),
-                     RoleId=StandardRoles.Administrator.Id,
-                     SecurityPrincipleId=adminSp.Id
-                 }
+                IsSuccess = resultOk,
+                Message = resultOk ? "Deleted" : "Failed to delete security principle"
             };
-
-            foreach (var r in assignedRoles)
-            {
-                // add roles and policy assignments to store
-                await access.AddAssignedRole(r);
-            }
         }
 
-#endif
-
         [HttpGet, Route("securityprinciples")]
         public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
         {
@@ -99,14 +68,6 @@ public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
 
             var results = await accessControl.GetSecurityPrinciples(GetContextUserId());
 
-#if DEBUG
-            // bootstrap the default user
-            if (!results.Any())
-            {
-                await BootstrapTestAdminUserAndRoles(accessControl);
-                results = await accessControl.GetSecurityPrinciples(GetContextUserId());
-            }
-#endif
             foreach (var r in results)
             {
                 r.AuthKey = "<sanitized>";
@@ -135,10 +96,35 @@ public async Task<List<AssignedRole>> GetSecurityPrincipleAssignedRoles(string i
         }
 
         [HttpPost, Route("updatepassword")]
-        public async Task<bool> UpdatePassword(string id, string oldpassword, string newpassword)
+        public async Task<Models.Config.ActionResult> UpdatePassword([FromBody] SecurityPrinciplePasswordUpdate passwordUpdate)
         {
             var accessControl = await _certifyManager.GetCurrentAccessControl();
-            return await accessControl.UpdateSecurityPrinciplePassword(GetContextUserId(), id: id, oldpassword: oldpassword, newpassword: newpassword);
+            var result = await accessControl.UpdateSecurityPrinciplePassword(GetContextUserId(), passwordUpdate);
+
+            return new Models.Config.ActionResult
+            {
+                IsSuccess = result,
+                Message = result ? "Updated" : "Failed to update"
+            };
+        }
+
+        [HttpPost, Route("validate")]
+        public async Task<SecurityPrincipleCheckResponse> Validate([FromBody] SecurityPrinciplePasswordCheck passwordCheck)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var result =  await accessControl.CheckSecurityPrinciplePassword(GetContextUserId(), passwordCheck);
+
+            return result;
+        }
+
+        [HttpPost, Route("serviceauth")]
+        public async Task<Models.Config.ActionResult> ValidateServiceAuth()
+        {
+            var protector = _dataProtectionProvider.CreateProtector("serviceauth");
+
+            protector.Unprotect(Request.Headers["X-Service-Auth"]);
+
+            return new Models.Config.ActionResult();
         }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
new file mode 100644
index 000000000..75f412124
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
@@ -0,0 +1,55 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.BearerToken;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http.HttpResults;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Certify.Service.Controllers
+{
+    [Authorize]
+    public class AuthController : Controller
+    {
+
+        [HttpPost, Route("token")]
+        [AllowAnonymous]
+        public async Task<IActionResult> AcquireToken(string authJwt)
+        {
+            var result = await HttpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+
+            if (!result.Succeeded)
+            {
+                return Unauthorized();
+            }
+
+            var claims = new Claim[]
+            {
+                new Claim(ClaimTypes.Sid, "service-client"),
+            };
+
+            var identity = new ClaimsIdentity(claims: claims, authenticationType: BearerTokenDefaults.AuthenticationScheme);
+            var servicePrinciple = new ClaimsPrincipal(identity: identity);
+
+            
+
+            // consume a service token request and return a long lived JWT token
+            var response = new AccessTokenResponse
+            {
+                AccessToken = "",
+                ExpiresIn = 3600,
+                RefreshToken = "",
+            };  
+           return Ok(response);
+        }
+
+        [HttpPost, Route("refresh")]
+        public async Task<string> Refresh(string token)
+        {
+            // validate refresh token, issue new JWT token
+
+            var jwt = "";
+            return await Task.FromResult(jwt);
+        }
+    }
+}
diff --git a/src/Certify.Service/Controllers/AuthController.cs b/src/Certify.Service/Controllers/AuthController.cs
deleted file mode 100644
index a7bb733c9..000000000
--- a/src/Certify.Service/Controllers/AuthController.cs
+++ /dev/null
@@ -1,75 +0,0 @@
-using System;
-using System.Threading.Tasks;
-using System.Web.Http;
-using Certify.Management;
-
-namespace Certify.Service.Controllers
-{
-    [RoutePrefix("api/auth")]
-    public class AuthController : ControllerBase
-    {
-        public class AuthModel
-        {
-            public string Key { get; set; }
-            public string Username { get; set; }
-            public string Password { get; set; }
-        }
-
-        private ICertifyManager _certifyManager = null;
-
-        public AuthController(ICertifyManager manager)
-        {
-            _certifyManager = manager;
-        }
-#if !RELEASE //feature not production ready
-        [HttpGet, Route("windows")]
-        public async Task<string> GetWindowsAuthKey()
-        {
-
-            // user is using windows authentication, return an initial secret auth token. TODO: user must be able to invalidate existing auth key
-            var encryptedBytes = System.Security.Cryptography.ProtectedData.Protect(
-                    System.Text.Encoding.UTF8.GetBytes(ActionContext.RequestContext.Principal.Identity.Name),
-                    System.Text.Encoding.UTF8.GetBytes("authtoken"), System.Security.Cryptography.DataProtectionScope.LocalMachine
-                    );
-
-            var secret = Convert.ToBase64String(encryptedBytes);
-
-            var userIdPlusSecret = ActionContext.RequestContext.Principal.Identity.Name + ":" + secret;
-
-            // return auth secret as Base64 string suitable for Basic Authorization https://en.wikipedia.org/wiki/Basic_access_authentication
-            return await Task.FromResult(Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(userIdPlusSecret)));
-
-        }
-
-        [HttpPost, Route("token")]
-        [AllowAnonymous]
-        public async Task<IHttpActionResult> AcquireToken(AuthModel model)
-        {
-            DebugLog();
-
-            // TODO: validate authkey and return new JWT
-
-            if (model.Key == "windows123")
-            {
-                var jwt = GenerateJwt("certifyuser", GetAuthSecretKey());
-                return await Task.FromResult(Ok(jwt));
-            }
-            else
-            {
-                return await Task.FromResult(Unauthorized());
-            }
-        }
-
-        [HttpPost, Route("refresh")]
-        public async Task<string> Refresh()
-        {
-            DebugLog();
-
-            // TODO: validate refresh token and return new JWT
-
-            var jwt = GenerateJwt("certifyuser", GetAuthSecretKey());
-            return await Task.FromResult(jwt);
-        }
-#endif
-    }
-}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
index dc9b5492c..ac87d6b38 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -172,7 +172,12 @@ public async Task TestStoreGeneralAccessControl(string storeType)
 
                 Assert.IsTrue(access.IsPasswordValid("oldpassword", consumerSp.Password));
 
-                var updated = await access.UpdateSecurityPrinciplePassword(adminSp.Id, consumerSp.Id, "oldpassword", "newpassword");
+                var updated = await access.UpdateSecurityPrinciplePassword(adminSp.Id, new Models.API.SecurityPrinciplePasswordUpdate
+                {
+                    SecurityPrincipleId = consumerSp.Id,
+                    Password = "oldpassword",
+                    NewPassword = "newpassword"
+                });
 
                 Assert.IsTrue(updated, "SP password should have been updated OK");
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index b4bf9786f..efc078186 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -96,66 +96,51 @@ public class TestAssignedRoles
 
     public class TestSecurityPrinciples
     {
-        public static SecurityPrinciple TestAdmin()
-        {
-            return new SecurityPrinciple
-            {
-                Id = "[test]",
-                Username = "test administrator",
-                Description = "Example test administrator used as context user during test",
-                Email = "test_admin@test.com",
-                Password = "ABCDEFG",
-                PrincipleType = SecurityPrincipleType.User
-            };
-        }
-        public static SecurityPrinciple Admin()
-        {
-            return new SecurityPrinciple
-            {
-                Id = "admin_01",
-                Username = "admin",
-                Description = "Administrator account",
-                Email = "info@test.com",
-                Password = "ABCDEFG",
-                PrincipleType = SecurityPrincipleType.User,
-            };
-        }
-        public static SecurityPrinciple DomainOwner()
-        {
-            return new SecurityPrinciple
-            {
-                Id = "domain_owner_01",
-                Username = "demo_owner",
-                Description = "Example domain owner",
-                Email = "domains@test.com",
-                Password = "ABCDEFG",
-                PrincipleType = SecurityPrincipleType.User,
-            };
-        }
-        public static SecurityPrinciple DevopsUser()
-        {
-            return new SecurityPrinciple
-            {
-                Id = "devops_user_01",
-                Username = "devops_01",
-                Description = "Example devops user",
-                Email = "devops01@test.com",
-                Password = "ABCDEFG",
-                PrincipleType = SecurityPrincipleType.User,
-            };
-        }
-        public static SecurityPrinciple DevopsAppDomainConsumer()
-        {
-            return new SecurityPrinciple
-            {
-                Id = "devops_app_01",
-                Username = "devapp_01",
-                Description = "Example devops app domain consumer",
-                Email = "dev_app01@test.com",
-                Password = "ABCDEFG",
-                PrincipleType = SecurityPrincipleType.User,
-            };
-        }
+        public static SecurityPrinciple TestAdmin => new SecurityPrinciple
+        {
+            Id = "[test]",
+            Username = "test administrator",
+            Description = "Example test administrator used as context user during test",
+            Email = "test_admin@test.com",
+            Password = "ABCDEFG",
+            PrincipleType = SecurityPrincipleType.User
+        };
+        public static SecurityPrinciple Admin => new SecurityPrinciple
+        {
+            Id = "admin_01",
+            Username = "admin",
+            Description = "Administrator account",
+            Email = "info@test.com",
+            Password = "ABCDEFG",
+            PrincipleType = SecurityPrincipleType.User,
+        };
+        public static SecurityPrinciple DomainOwner => new SecurityPrinciple
+        {
+            Id = "domain_owner_01",
+            Username = "demo_owner",
+            Description = "Example domain owner",
+            Email = "domains@test.com",
+            Password = "ABCDEFG",
+            PrincipleType = SecurityPrincipleType.User,
+        };
+        public static SecurityPrinciple DevopsUser => new SecurityPrinciple
+        {
+            Id = "devops_user_01",
+            Username = "devops_01",
+            Description = "Example devops user",
+            Email = "devops01@test.com",
+            Password = "ABCDEFG",
+            PrincipleType = SecurityPrincipleType.User,
+        };
+        public static SecurityPrinciple DevopsAppDomainConsumer => new SecurityPrinciple
+        {
+            Id = "devops_app_01",
+            Username = "devapp_01",
+            Description = "Example devops app domain consumer",
+            Email = "dev_app01@test.com",
+            Password = "ABCDEFG",
+            PrincipleType = SecurityPrincipleType.User,
+        };
     }
 
     [TestClass]
@@ -175,10 +160,10 @@ public void TestInitialize()
         }
 
         [TestMethod]
-        public async Task TestAccessControlAddGetSecurityPrinciples()
+        public async Task TestAddGetSecurityPrinciples()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Get stored security principles
@@ -194,20 +179,20 @@ public async Task TestAccessControlAddGetSecurityPrinciples()
         }
 
         [TestMethod]
-        public async Task TestAccessControlGetSecurityPrinciplesNoRoles()
+        public async Task TestGetSecurityPrinciplesNoRoles()
         {
             // Add test security principles
-            var securityPrincipleAdded = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.TestAdmin());
+            var securityPrincipleAdded = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.TestAdmin);
 
             // Get stored security principles
             Assert.IsFalse(securityPrincipleAdded, $"Expected AddSecurityPrinciple() to be unsuccessful without roles defined for {contextUserId}");
         }
 
         [TestMethod]
-        public async Task TestAccessControlAddGetSecurityPrinciple()
+        public async Task TestAddGetSecurityPrinciple()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             foreach (var securityPrinciple in adminSecurityPrinciples)
@@ -222,10 +207,10 @@ public async Task TestAccessControlAddGetSecurityPrinciple()
         }
 
         [TestMethod]
-        public async Task TestAccessControlAddGetAssignedRoles()
+        public async Task TestAddGetAssignedRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -255,10 +240,10 @@ public async Task TestAccessControlAddGetAssignedRoles()
         }
 
         [TestMethod]
-        public async Task TestAccessControlGetAssignedRolesNoRoles()
+        public async Task TestGetAssignedRolesNoRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Validate AssignedRole list returned by AccessControl.GetAssignedRoles()
@@ -268,10 +253,10 @@ public async Task TestAccessControlGetAssignedRolesNoRoles()
         }
 
         [TestMethod]
-        public async Task TestAccessControlAddResourcePolicyNoRoles()
+        public async Task TestAddResourcePolicyNoRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -287,10 +272,10 @@ public async Task TestAccessControlAddResourcePolicyNoRoles()
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrinciple()
+        public async Task TestUpdateSecurityPrinciple()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -314,7 +299,7 @@ public async Task TestAccessControlUpdateSecurityPrinciple()
             Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
 
             // Update security principle in AccessControl with a new principle object of the same Id, but different email
-            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin;
             newSecurityPrinciple.Email = "new_test_email@test.com";
             var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
             Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to succeed");
@@ -326,10 +311,10 @@ public async Task TestAccessControlUpdateSecurityPrinciple()
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrincipleNoRoles()
+        public async Task TestUpdateSecurityPrincipleNoRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
@@ -337,17 +322,17 @@ public async Task TestAccessControlUpdateSecurityPrincipleNoRoles()
             Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
 
             // Update security principle in AccessControl with a new principle object of the same Id, but different email, with roles undefined
-            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin;
             newSecurityPrinciple.Email = "new_test_email@test.com";
             var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
             Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to be unsuccessful without roles defined");
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrincipleBadUpdate()
+        public async Task TestUpdateSecurityPrincipleBadUpdate()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -371,7 +356,7 @@ public async Task TestAccessControlUpdateSecurityPrincipleBadUpdate()
             Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
 
             // Update security principle in AccessControl with a new principle object with a bad Id name and different email
-            var newSecurityPrinciple = TestSecurityPrinciples.Admin();
+            var newSecurityPrinciple = TestSecurityPrinciples.Admin;
             newSecurityPrinciple.Email = "new_test_email@test.com";
             newSecurityPrinciple.Id = "missing_username";
             var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
@@ -379,10 +364,10 @@ public async Task TestAccessControlUpdateSecurityPrincipleBadUpdate()
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrinciplePassword()
+        public async Task TestUpdateSecurityPrinciplePassword()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             var firstPassword = adminSecurityPrinciples[0].Password;
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
@@ -409,7 +394,7 @@ public async Task TestAccessControlUpdateSecurityPrinciplePassword()
 
             // Update security principle in AccessControl with a new password
             var newPassword = "GFEDCBA";
-            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword, newPassword);
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, new Models.API.SecurityPrinciplePasswordUpdate(adminSecurityPrinciples[0].Id, firstPassword, newPassword));
             Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to succeed");
 
             // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after update
@@ -420,16 +405,16 @@ public async Task TestAccessControlUpdateSecurityPrinciplePassword()
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrinciplePasswordNoRoles()
+        public async Task TestUpdateSecurityPrinciplePasswordNoRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             var firstPassword = adminSecurityPrinciples[0].Password;
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Update security principle in AccessControl with a new password
             var newPassword = "GFEDCBA";
-            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword, newPassword);
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, new Models.API.SecurityPrinciplePasswordUpdate(adminSecurityPrinciples[0].Id, firstPassword, newPassword));
             Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to fail without roles");
 
             // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after failed update
@@ -439,10 +424,10 @@ public async Task TestAccessControlUpdateSecurityPrinciplePasswordNoRoles()
         }
 
         [TestMethod]
-        public async Task TestAccessControlUpdateSecurityPrinciplePasswordBadPassword()
+        public async Task TestUpdateSecurityPrinciplePasswordBadPassword()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             var firstPassword = adminSecurityPrinciples[0].Password;
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
@@ -464,7 +449,7 @@ public async Task TestAccessControlUpdateSecurityPrinciplePasswordBadPassword()
 
             // Update security principle in AccessControl with a new password, but wrong original password
             var newPassword = "GFEDCBA";
-            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, adminSecurityPrinciples[0].Id, firstPassword.ToLower(), newPassword);
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciplePassword(contextUserId, new Models.API.SecurityPrinciplePasswordUpdate(adminSecurityPrinciples[0].Id, firstPassword.ToLower(), newPassword));
             Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle password update for {adminSecurityPrinciples[0].Id} to fail with wrong password");
 
             // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after failed update
@@ -474,10 +459,10 @@ public async Task TestAccessControlUpdateSecurityPrinciplePasswordBadPassword()
         }
 
         [TestMethod]
-        public async Task TestAccessControlDeleteSecurityPrinciple()
+        public async Task TestDeleteSecurityPrinciple()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -511,10 +496,10 @@ public async Task TestAccessControlDeleteSecurityPrinciple()
         }
 
         [TestMethod]
-        public async Task TestAccessControlDeleteSecurityPrincipleNoRoles()
+        public async Task TestDeleteSecurityPrincipleNoRoles()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Validate SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before delete is not null
@@ -532,10 +517,10 @@ public async Task TestAccessControlDeleteSecurityPrincipleNoRoles()
         }
 
         [TestMethod]
-        public async Task TestAccessControlDeleteSecurityPrincipleSelfDeletion()
+        public async Task TestDeleteSecurityPrincipleSelfDeletion()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -569,10 +554,10 @@ public async Task TestAccessControlDeleteSecurityPrincipleSelfDeletion()
         }
 
         [TestMethod]
-        public async Task TestAccessControlDeleteSecurityPrincipleBadId()
+        public async Task TestDeleteSecurityPrincipleBadId()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -606,10 +591,10 @@ public async Task TestAccessControlDeleteSecurityPrincipleBadId()
         }
 
         [TestMethod]
-        public async Task TestAccessControlIsPrincipleInRole()
+        public async Task TestIsPrincipleInRole()
         {
             // Add test security principles
-            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin(), TestSecurityPrinciples.TestAdmin() };
+            var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -642,10 +627,10 @@ public async Task TestAccessControlIsPrincipleInRole()
         }
 
         [TestMethod]
-        public async Task TestAccessControlDomainAuth()
+        public async Task TestDomainAuth()
         {
             // Add test devops user security principle
-            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
             await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
@@ -671,10 +656,10 @@ public async Task TestAccessControlDomainAuth()
         }
 
         [TestMethod]
-        public async Task TestAccessControlWildcardDomainAuth()
+        public async Task TestWildcardDomainAuth()
         {
             // Add test devops user security principle
-            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
             await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
@@ -704,10 +689,10 @@ public async Task TestAccessControlWildcardDomainAuth()
         }
 
         [TestMethod]
-        public async Task TestAccessControlRandomUserAuth()
+        public async Task TestRandomUserAuth()
         {
             // Add test devops user security principle
-            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser(), bypassIntegrityCheck: true);
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
             await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
@@ -727,5 +712,25 @@ public async Task TestAccessControlRandomUserAuth()
             var isAuthorised = await access.IsAuthorised(contextUserId, "randomuser", StandardRoles.CertificateConsumer.Id, ResourceTypes.Domain, "certificate_download", "random.microsoft.com");
             Assert.IsFalse(isAuthorised, "Unknown user should not be a cert consumer for this subdomain via wildcard");
         }
+
+        [TestMethod]
+        public async Task TestSecurityPrinciplePwdValid()
+        {
+            // Add test devops user security principle
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
+            var check = await access.CheckSecurityPrinciplePassword(contextUserId, new Models.API.SecurityPrinciplePasswordCheck(TestSecurityPrinciples.DevopsUser.Id, TestSecurityPrinciples.DevopsUser.Password));
+
+            Assert.IsTrue(check.IsSuccess, "Password should be valid");
+        }
+
+        [TestMethod]
+        public async Task TestSecurityPrinciplePwdInvalid()
+        {
+            // Add test devops user security principle
+            _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
+            var check = await access.CheckSecurityPrinciplePassword(contextUserId, new Models.API.SecurityPrinciplePasswordCheck(TestSecurityPrinciples.DevopsUser.Id, "INVALID_PWD"));
+
+            Assert.IsFalse(check.IsSuccess, "Password should not be valid");
+        }
     }
 }

From 157f5386191224750654c4328852a2123aca9187 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 1 Feb 2024 17:33:06 +0800
Subject: [PATCH 119/237] Package updates

---
 src/Certify.Service/App.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 559510f55..398a3c579 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.57.0.0" newVersion="4.58.1.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.58.1.0" newVersion="4.59.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>

From 355500a8e128aed6a81a8f4b4d661c632eeff79d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 2 Feb 2024 18:02:10 +0800
Subject: [PATCH 120/237] Add/Update security principles

---
 .../Management/Access/AccessControl.cs        | 30 ++++++-
 .../Certify.API.Public.cs                     | 88 +++++++++++++++++++
 .../Controllers/v1/SystemController.cs        |  8 +-
 .../Controllers/AccessController.cs           | 13 +++
 4 files changed, 133 insertions(+), 6 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 8fe49bbea..96e2e9a04 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -66,10 +66,23 @@ public async Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinc
                 return false;
             }
 
+            var existing = await GetSecurityPrinciple(contextUserId, principle.Id);
+            if (existing != null)
+            {
+                _log?.Warning($"User {contextUserId} attempted to use AddSecurityPrinciple [{principle?.Id}] which already exists.");
+                return false;
+            }
+
             if (!string.IsNullOrWhiteSpace(principle.Password))
             {
                 principle.Password = HashPassword(principle.Password);
             }
+            else
+            {
+                principle.Password = HashPassword(Guid.NewGuid().ToString());
+            }
+
+            principle.AvatarUrl = GetAvatarUrlForPrinciple(principle);
 
             await _store.Add<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
 
@@ -77,6 +90,11 @@ public async Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinc
             return true;
         }
 
+        public string GetAvatarUrlForPrinciple(SecurityPrinciple principle)
+        {
+            return string.IsNullOrWhiteSpace(principle.Email) ? "https://gravatar.com/avatar/00000000000000000000000000000000" : $"https://gravatar.com/avatar/{GetSHA256Hash(principle.Email.Trim().ToLower())}";
+        }
+
         public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle)
         {
 
@@ -88,7 +106,14 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
 
             try
             {
-                var updated = _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
+                var updateSp = await _store.Get<SecurityPrinciple>(nameof(SecurityPrinciple), principle.Id);
+                updateSp.Email = principle.Email;
+                updateSp.Description = principle.Description;
+                updateSp.Title = principle.Title;
+
+                updateSp.AvatarUrl = GetAvatarUrlForPrinciple(principle);
+
+                var updated = _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), updateSp);
             }
             catch
             {
@@ -375,8 +400,7 @@ await GetSecurityPrincipleByUsername(contextUserId, passwordCheck.Username) :
                                 await GetSecurityPrinciple(contextUserId, passwordCheck.SecurityPrincipleId);
 
             if (principle != null && IsPasswordValid(passwordCheck.Password, principle.Password))
-            {
-                principle.AvatarUrl = string.IsNullOrWhiteSpace(principle.Email) ? "https://gravatar.com/avatar/00000000000000000000000000000000" : $"https://gravatar.com/avatar/{GetSHA256Hash(principle.Email.Trim().ToLower())}";
+            {               
                 return new SecurityPrincipleCheckResponse { IsSuccess = true, SecurityPrinciple = principle };
             }
             else
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 8d73daaa4..000986ec3 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -680,6 +680,94 @@ public virtual async System.Threading.Tasks.Task<ActionResult> DeleteSecurityPri
             }
         }
 
+        /// <summary>
+        /// Update existing security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAsync(SecurityPrinciple body)
+        {
+            return UpdateSecurityPrincipleAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Update existing security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAsync(SecurityPrinciple body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple/update"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple/update");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Operations to check current auth status for the given presented authentication tokens
         /// </summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 5fced44fd..b87dc90c2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -58,9 +58,11 @@ public async Task<IActionResult> GetHealth()
             }
             catch { }
 
-            var env = Environment.GetEnvironmentVariables();
-
-            var health = new { API = "OK", Service = versionInfo, ServiceAvailable = serviceAvailable, env = env };
+#if DEBUG
+            var health = new { API = "OK", Service = versionInfo, ServiceAvailable = serviceAvailable, env = Environment.GetEnvironmentVariables() };
+#else
+            var health = new { API = "OK", Service = versionInfo, ServiceAvailable = serviceAvailable};
+#endif
 
             return new OkObjectResult(health);
         }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index a5bb6f78e..a15ac5417 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -48,6 +48,19 @@ private string GetContextUserId()
             };
         }
 
+        [HttpPost, Route("securityprinciple/update")]
+        public async Task<Models.Config.ActionResult> UpdateSecurityPrinciple([FromBody] SecurityPrinciple principle)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var addResultOk = await accessControl.UpdateSecurityPrinciple(GetContextUserId(), principle);
+
+            return new Models.Config.ActionResult
+            {
+                IsSuccess = addResultOk,
+                Message = addResultOk ? "Updated" : "Failed to update"
+            };
+        }
+
         [HttpDelete, Route("securityprinciple/{id}")]
         public async Task<Models.Config.ActionResult> DeleteSecurityPrinciple(string id)
         {

From ca50be0f55e60b43e3c8a3692f46b6c0dd9d765b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 5 Feb 2024 16:37:05 +0800
Subject: [PATCH 121/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                        | 2 +-
 src/Certify.Models/Certify.Models.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index b5709ac68..f16b6abed 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.0" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.2.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 05e517d02..b4ef8f946 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.8.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index aaf4c29c7..6f75e2295 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.10" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.13" />
   </ItemGroup>
 
   <ItemGroup>

From 5c306aebb89d2442207073e9e83bc08ada35f19d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 6 Feb 2024 17:56:56 +0800
Subject: [PATCH 122/237] API: Implement update assigned roles

---
 .../Management/Access/AccessControl.cs        |  32 ++
 .../Management/Access/IAccessControl.cs       |   1 +
 src/Certify.Models/Config/AccessControl.cs    |   8 +-
 .../Certify.API.Public.cs                     | 310 +++++++++++-------
 .../Controllers/AccessController.cs           |  13 +
 5 files changed, 253 insertions(+), 111 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 96e2e9a04..12b48db8f 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -6,6 +6,7 @@
 using System.Text.Unicode;
 using System.Threading.Tasks;
 using Certify.Models.API;
+using Certify.Models.Config;
 using Certify.Models.Config.AccessControl;
 using Certify.Models.Providers;
 using Certify.Providers;
@@ -393,6 +394,37 @@ public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, str
             return assignedRoles.Where(r => r.SecurityPrincipleId == id).ToList();
         }
 
+        public async Task<bool> UpdateAssignedRoles(string contextUserId, SecurityPrincipleAssignedRoleUpdate update)
+        {
+            if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            {
+                _log?.Warning("User {contextUserId} attempted to update assigned role for [{id}] without being in required role.", contextUserId, update.SecurityPrincipleId);
+                return false;
+            }
+
+            // remove items from assigned roles
+            var existing = await GetAssignedRoles(contextUserId, update.SecurityPrincipleId);
+            foreach (var deleted in update.RemovedAssignedRoles)
+            {
+                var e = existing.FirstOrDefault(r => r.RoleId == deleted.RoleId);
+                if (e!=null){
+                    await _store.Delete<AssignedRole>(nameof(AssignedRole), e.Id);
+                }
+            }
+
+            // add items to assigned roles
+            existing = await GetAssignedRoles(contextUserId, update.SecurityPrincipleId);
+            foreach (var added in update.AddedAssignedRoles)
+            {
+                if (!existing.Exists(r => r.RoleId == added.RoleId))
+                {
+                    await _store.Add<AssignedRole>(nameof(AssignedRole), added);
+                }
+            }
+
+            return true;
+        }
+
         public async Task<SecurityPrincipleCheckResponse> CheckSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordCheck passwordCheck)
         {
             var principle = string.IsNullOrWhiteSpace(passwordCheck.SecurityPrincipleId) ?
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
index 26e12e5f9..cb8b22ca7 100644
--- a/src/Certify.Core/Management/Access/IAccessControl.cs
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -22,6 +22,7 @@ public interface IAccessControl
         Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
         Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id);
         Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle);
+        Task<bool> UpdateAssignedRoles(string contextUserId, SecurityPrincipleAssignedRoleUpdate update);
         Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordUpdate passwordUpdate);
         Task<SecurityPrincipleCheckResponse> CheckSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordCheck passwordCheck);
 
diff --git a/src/Certify.Models/Config/AccessControl.cs b/src/Certify.Models/Config/AccessControl.cs
index ee52869ca..3f820c91e 100644
--- a/src/Certify.Models/Config/AccessControl.cs
+++ b/src/Certify.Models/Config/AccessControl.cs
@@ -73,7 +73,7 @@ public class AssignedRole : AccessStoreItem
         /// </summary>
         public string? SecurityPrincipleId { get; set; }
 
-        public List<Resource> IncludedResources { get; set; }
+        public List<Resource>? IncludedResources { get; set; }
     }
 
     /// <summary>
@@ -125,4 +125,10 @@ public ResourceAction(string id, string title, string resourceType)
 
         public string? ResourceType { get; set; }
     }
+    public class SecurityPrincipleAssignedRoleUpdate
+    {
+        public string SecurityPrincipleId { get; set; } = String.Empty;
+        public List<AssignedRole> AddedAssignedRoles { get; set; } = new List<AssignedRole>();
+        public List<AssignedRole> RemovedAssignedRoles { get; set; } = new List<AssignedRole>();
+    }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 000986ec3..2a659c600 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1,6 +1,6 @@
 //----------------------
 // <auto-generated>
-//     Generated using the NSwag toolchain v14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
+//     Generated using the NSwag toolchain v14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
 // </auto-generated>
 //----------------------
 
@@ -28,12 +28,13 @@ namespace Certify.API.Public
 {
     using System = global::System;
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class Client 
     {
-    #pragma warning disable 8618 // Set by constructor via BaseUrl property
+        #pragma warning disable 8618
         private string _baseUrl;
-    #pragma warning restore 8618 // Set by constructor via BaseUrl property
+        #pragma warning restore 8618
+
         private System.Net.Http.HttpClient _httpClient;
         private static System.Lazy<Newtonsoft.Json.JsonSerializerSettings> _settings = new System.Lazy<Newtonsoft.Json.JsonSerializerSettings>(CreateSerializerSettings, true);
 
@@ -53,6 +54,7 @@ private static Newtonsoft.Json.JsonSerializerSettings CreateSerializerSettings()
         public string BaseUrl
         {
             get { return _baseUrl; }
+            [System.Diagnostics.CodeAnalysis.MemberNotNull(nameof(_baseUrl))]
             set
             {
                 _baseUrl = value;
@@ -100,7 +102,7 @@ public string BaseUrl
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/securityprinciple/{id}/assignedroles"
                     urlBuilder_.Append("internal/v1/access/securityprinciple/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
@@ -186,7 +188,7 @@ public string BaseUrl
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/roles"
                     urlBuilder_.Append("internal/v1/access/roles");
 
@@ -270,7 +272,7 @@ public string BaseUrl
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/securityprinciples"
                     urlBuilder_.Append("internal/v1/access/securityprinciples");
 
@@ -358,7 +360,7 @@ public virtual async System.Threading.Tasks.Task<SecurityPrincipleCheckResponse>
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/validate"
                     urlBuilder_.Append("internal/v1/access/validate");
 
@@ -446,7 +448,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/updatepassword"
                     urlBuilder_.Append("internal/v1/access/updatepassword");
 
@@ -534,7 +536,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddSecurityPrinci
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/securityprinciple"
                     urlBuilder_.Append("internal/v1/access/securityprinciple");
 
@@ -618,15 +620,15 @@ public virtual async System.Threading.Tasks.Task<ActionResult> DeleteSecurityPri
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/securityprinciple"
                     urlBuilder_.Append("internal/v1/access/securityprinciple");
-            urlBuilder_.Append('?');
-            if (id != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (id != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -712,7 +714,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/access/securityprinciple/update"
                     urlBuilder_.Append("internal/v1/access/securityprinciple/update");
 
@@ -768,6 +770,94 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
             }
         }
 
+        /// <summary>
+        /// Update assigned roles for a security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAssignedRolesAsync(SecurityPrincipleAssignedRoleUpdate body)
+        {
+            return UpdateSecurityPrincipleAssignedRolesAsync(body, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Update assigned roles for a security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAssignedRolesAsync(SecurityPrincipleAssignedRoleUpdate body, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple/roles/update"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple/roles/update");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Operations to check current auth status for the given presented authentication tokens
         /// </summary>
@@ -795,7 +885,7 @@ public virtual async System.Threading.Tasks.Task CheckAuthStatusAsync(System.Thr
                     request_.Method = new System.Net.Http.HttpMethod("GET");
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/auth/status"
                     urlBuilder_.Append("api/v1/auth/status");
 
@@ -880,7 +970,7 @@ public virtual async System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRe
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/auth/login"
                     urlBuilder_.Append("api/v1/auth/login");
 
@@ -965,15 +1055,15 @@ public virtual async System.Threading.Tasks.Task<AuthResponse> RefreshAsync(stri
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/auth/refresh"
                     urlBuilder_.Append("api/v1/auth/refresh");
-            urlBuilder_.Append('?');
-            if (refreshToken != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("refreshToken")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(refreshToken, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (refreshToken != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("refreshToken")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(refreshToken, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1061,18 +1151,18 @@ public virtual async System.Threading.Tasks.Task<FileResponse> DownloadAsync(str
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/{managedCertId}/download/{format}"
                     urlBuilder_.Append("api/v1/certificate/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
                     urlBuilder_.Append("/download/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(format, System.Globalization.CultureInfo.InvariantCulture)));
-            urlBuilder_.Append('?');
-            if (mode != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("mode")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(mode, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (mode != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("mode")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(mode, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1155,17 +1245,17 @@ public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(str
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/{managedCertId}/log"
                     urlBuilder_.Append("api/v1/certificate/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
                     urlBuilder_.Append("/log");
-            urlBuilder_.Append('?');
-            if (maxLines != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("maxLines")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(maxLines, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (maxLines != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("maxLines")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(maxLines, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1247,23 +1337,23 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate"
                     urlBuilder_.Append("api/v1/certificate");
-            urlBuilder_.Append('?');
-            if (keyword != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            if (page != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("page")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(page, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            if (pageSize != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("pageSize")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(pageSize, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (keyword != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    if (page != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("page")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(page, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    if (pageSize != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("pageSize")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(pageSize, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1346,15 +1436,15 @@ public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateS
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/summary"
                     urlBuilder_.Append("api/v1/certificate/summary");
-            urlBuilder_.Append('?');
-            if (keyword != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (keyword != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1439,7 +1529,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedC
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/settings/{managedCertId}"
                     urlBuilder_.Append("api/v1/certificate/settings/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
@@ -1528,7 +1618,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/settings/update"
                     urlBuilder_.Append("api/v1/certificate/settings/update");
 
@@ -1613,15 +1703,15 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/order"
                     urlBuilder_.Append("api/v1/certificate/order");
-            urlBuilder_.Append('?');
-            if (id != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (id != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1707,7 +1797,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/renew"
                     urlBuilder_.Append("api/v1/certificate/renew");
 
@@ -1795,7 +1885,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/test"
                     urlBuilder_.Append("api/v1/certificate/test");
 
@@ -1882,7 +1972,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/certificate/{id}"
                     urlBuilder_.Append("api/v1/certificate/certificate/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
@@ -1967,7 +2057,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority"
                     urlBuilder_.Append("internal/v1/certificateauthority");
 
@@ -2051,7 +2141,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority/accounts"
                     urlBuilder_.Append("internal/v1/certificateauthority/accounts");
 
@@ -2139,7 +2229,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsy
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority/account"
                     urlBuilder_.Append("internal/v1/certificateauthority/account");
 
@@ -2227,7 +2317,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddCertificateAut
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority/authority"
                     urlBuilder_.Append("internal/v1/certificateauthority/authority");
 
@@ -2314,7 +2404,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveCertificate
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority/authority/{id}"
                     urlBuilder_.Append("internal/v1/certificateauthority/authority/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
@@ -2405,7 +2495,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/certificateauthority/accounts/{storageKey}/{deactivate}"
                     urlBuilder_.Append("internal/v1/certificateauthority/accounts/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(storageKey, System.Globalization.CultureInfo.InvariantCulture)));
@@ -2492,7 +2582,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/challengeprovider"
                     urlBuilder_.Append("internal/v1/challengeprovider");
 
@@ -2576,19 +2666,19 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/challengeprovider/dnszones"
                     urlBuilder_.Append("internal/v1/challengeprovider/dnszones");
-            urlBuilder_.Append('?');
-            if (providerTypeId != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("providerTypeId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(providerTypeId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            if (credentialsId != null)
-            {
-                urlBuilder_.Append(System.Uri.EscapeDataString("credentialsId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(credentialsId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-            }
-            urlBuilder_.Length--;
+                    urlBuilder_.Append('?');
+                    if (providerTypeId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("providerTypeId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(providerTypeId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    if (credentialsId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("credentialsId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(credentialsId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -2670,7 +2760,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/deploymenttask/providers"
                     urlBuilder_.Append("internal/v1/deploymenttask/providers");
 
@@ -2758,7 +2848,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/preview"
                     urlBuilder_.Append("internal/v1/preview");
 
@@ -2842,7 +2932,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/storedcredential"
                     urlBuilder_.Append("internal/v1/storedcredential");
 
@@ -2930,7 +3020,7 @@ public virtual async System.Threading.Tasks.Task<StoredCredential> UpdateStoredC
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/storedcredential"
                     urlBuilder_.Append("internal/v1/storedcredential");
 
@@ -3017,7 +3107,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveStoredCrede
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/storedcredential/storedcredential/{storageKey}"
                     urlBuilder_.Append("internal/v1/storedcredential/storedcredential/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(storageKey, System.Globalization.CultureInfo.InvariantCulture)));
@@ -3102,7 +3192,7 @@ public virtual async System.Threading.Tasks.Task<Version> GetSystemVersionAsync(
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/system/version"
                     urlBuilder_.Append("api/v1/system/version");
 
@@ -3186,7 +3276,7 @@ public virtual async System.Threading.Tasks.Task<object> GetHealthAsync(System.T
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/system/health"
                     urlBuilder_.Append("api/v1/system/health");
 
@@ -3274,7 +3364,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/system/system/migration/export"
                     urlBuilder_.Append("api/v1/system/system/migration/export");
 
@@ -3362,7 +3452,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/system/system/migration/import"
                     urlBuilder_.Append("api/v1/system/system/migration/import");
 
@@ -3449,7 +3539,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/target/{serverType}/items"
                     urlBuilder_.Append("internal/v1/target/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
@@ -3541,7 +3631,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/target/{serverType}/item/{itemId}"
                     urlBuilder_.Append("internal/v1/target/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
@@ -3634,7 +3724,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/target/{serverType}/item/{itemId}/identifiers"
                     urlBuilder_.Append("internal/v1/target/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(serverType, System.Globalization.CultureInfo.InvariantCulture)));
@@ -3722,7 +3812,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "internal/v1/target/services"
                     urlBuilder_.Append("internal/v1/target/services");
 
@@ -3812,7 +3902,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
-                    if (!string.IsNullOrEmpty(BaseUrl)) urlBuilder_.Append(BaseUrl);
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/validation/{type}/{key}"
                     urlBuilder_.Append("api/v1/validation/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(type, System.Globalization.CultureInfo.InvariantCulture)));
@@ -3985,7 +4075,7 @@ private string ConvertToString(object value, System.Globalization.CultureInfo cu
 
     
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class FileResponse : System.IDisposable
     {
         private System.IDisposable _client;
@@ -4022,7 +4112,7 @@ public void Dispose()
     }
 
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException : System.Exception
     {
         public int StatusCode { get; private set; }
@@ -4045,7 +4135,7 @@ public override string ToString()
         }
     }
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.1.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException<TResult> : ApiException
     {
         public TResult Result { get; private set; }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index a15ac5417..c939b41d7 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -61,6 +61,19 @@ private string GetContextUserId()
             };
         }
 
+        [HttpPost, Route("securityprinciple/roles/update")]
+        public async Task<Models.Config.ActionResult> UpdateSecurityPrincipleAssignedRoles([FromBody] SecurityPrincipleAssignedRoleUpdate update)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var resultOk = await accessControl.UpdateAssignedRoles(GetContextUserId(), update);
+
+            return new Models.Config.ActionResult
+            {
+                IsSuccess = resultOk,
+                Message = resultOk ? "Updated" : "Failed to update"
+            };
+        }
+
         [HttpDelete, Route("securityprinciple/{id}")]
         public async Task<Models.Config.ActionResult> DeleteSecurityPrinciple(string id)
         {

From c14ec8f16887f69293fe1f9d8586c13ee33bccbb Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 10:59:17 +0800
Subject: [PATCH 123/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj               |  2 +-
 src/Certify.Core.Service.sln                           | 10 ----------
 src/Certify.Core/Certify.Core.csproj                   |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj             |  2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj     |  2 +-
 .../Certify.Core.Tests.Integration.csproj              |  4 ++--
 .../Certify.Core.Tests.Unit.csproj                     |  4 ++--
 .../Certify.Service.Tests.Integration.csproj           |  4 ++--
 .../Certify.UI.Tests.Integration.csproj                |  2 +-
 9 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index f16b6abed..e706c7b60 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.2.1" />
+    <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core.Service.sln b/src/Certify.Core.Service.sln
index 6af14c6ef..410c05d24 100644
--- a/src/Certify.Core.Service.sln
+++ b/src/Certify.Core.Service.sln
@@ -69,8 +69,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Providers.ACME.Anvi
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.ACME.Anvil", "..\..\libs\anvil\src\Certify.ACME.Anvil\Certify.ACME.Anvil.csproj", "{443202E1-B6E5-4625-BC3E-B3CB54CF4055}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Service.Worker", "Certify.Server\Certify.Service.Worker\Certify.Service.Worker\Certify.Service.Worker.csproj", "{D786EFD1-7402-43F0-B74F-504DB7C25FF6}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Certify.Server.Api.Public", "Certify.Server\Certify.Server.Api.Public\Certify.Server.Api.Public.csproj", "{2DB50C13-7535-4D01-8EA5-1839F1472D7B}"
 EndProject
 Global
@@ -281,14 +279,6 @@ Global
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|Any CPU.Build.0 = Release|Any CPU
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|x64.ActiveCfg = Release|Any CPU
 		{443202E1-B6E5-4625-BC3E-B3CB54CF4055}.Release|x64.Build.0 = Release|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Debug|x64.Build.0 = Debug|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.ActiveCfg = Release|Any CPU
-		{D786EFD1-7402-43F0-B74F-504DB7C25FF6}.Release|x64.Build.0 = Release|Any CPU
 		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{2DB50C13-7535-4D01-8EA5-1839F1472D7B}.Debug|x64.ActiveCfg = Debug|Any CPU
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index c3badb08b..d170b8882 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.2.1" />
+    <PackageReference Include="Polly" Version="8.3.0" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index d653b65d0..8b1b7011b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -12,7 +12,7 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
         <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
         <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
         <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
         <PackageReference Include="coverlet.collector" Version="6.0.0">
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 176fa7e38..595e7b14f 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,7 +9,7 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-        <PackageReference Include="Polly" Version="8.2.1" />
+        <PackageReference Include="Polly" Version="8.3.0" />
         <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.1" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index d6707e1fa..aa0cc3371 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -88,7 +88,7 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
@@ -96,7 +96,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.2.1" />
+    <PackageReference Include="Polly" Version="8.3.0" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 10cefad7d..c4a746e23 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -143,10 +143,10 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
-    <PackageReference Include="Polly" Version="8.2.1" />
+    <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="Testcontainers" Version="3.7.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index d5d1439a4..6cecb4f74 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -77,10 +77,10 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
-    <PackageReference Include="Polly" Version="8.2.1" />
+    <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index d667c800e..8e0d6ea3f 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -73,7 +73,7 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
   </ItemGroup>

From 18abf6fcfbe774998f432ce7e0983b44d9af7275 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 12:38:31 +0800
Subject: [PATCH 124/237] Tasks: perform validation in preview mode

---
 .../Management/DeploymentTasks/DeploymentTask.cs      | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs b/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
index 474dc6d6f..44b0a2b00 100644
--- a/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
+++ b/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using Certify.Config;
@@ -46,7 +47,15 @@ public async Task<List<ActionResult>> Execute(
                     }
                     else
                     {
-                        return new List<ActionResult> { new ActionResult { IsSuccess = true, Message = "Task is review mode only. Not action performed." } };
+                        var validation = await TaskProvider.Validate(execParams);
+                        if (validation == null || !validation.Any(r => r.IsSuccess == false))
+                        {
+                            return new List<ActionResult> { new ActionResult { IsSuccess = true, Message = "Task is valid and ready to execute." } };
+                        }
+                        else
+                        {
+                            return validation;
+                        }
                     }
                 }
                 catch (Exception exp)

From a7a0d211e569c0e3f60f7bdbf219dd64bf462fd7 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 12:41:37 +0800
Subject: [PATCH 125/237] API: add user auth context passed through to service
 during calls

---
 src/Certify.CLI/CertifyCLI.Backup.cs          |   5 +-
 src/Certify.Client/CertifyApiClient.cs        | 345 ++++++++++--------
 src/Certify.Client/ICertifyClient.cs          | 109 +++---
 .../Controllers/internal/AccessController.cs  |   2 +-
 .../Controllers/internal/ApiControllerBase.cs |  48 +++
 .../CertificateAuthorityController.cs         |   2 +-
 .../internal/ChallengeProviderController.cs   |   2 +-
 .../internal/DeploymentTaskController.cs      |   2 +-
 .../Controllers/internal/PreviewController.cs |   2 +-
 .../internal/StoredCredentialController.cs    |   2 +-
 .../Controllers/internal/TargetController.cs  |   2 +-
 .../Controllers/v1/AuthController.cs          |   9 +-
 .../Controllers/v1/CertificateController.cs   |  24 +-
 .../Controllers/v1/SystemController.cs        |   2 +-
 .../Controllers/v1/ValidationController.cs    |   2 +-
 .../Middleware/AuthenticationExtension.cs     |   1 +
 .../Controllers/AccessController.cs           |   9 +-
 .../ServiceAuthTests.cs                       |  12 +-
 .../ViewModelTests.cs                         |   9 +-
 .../AppViewModel/AppViewModel.Settings.cs     |  12 +-
 20 files changed, 339 insertions(+), 262 deletions(-)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs

diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index bdba39de3..695a47215 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -2,6 +2,7 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
+using Certify.Client;
 using Certify.Models.Config.Migration;
 using Newtonsoft.Json;
 
@@ -26,7 +27,7 @@ public async Task PerformBackupExport(string[] args)
 
             var exportRequest = new ExportRequest { IsPreviewMode = false, Settings = new ExportSettings { EncryptionSecret = secret, ExportAllStoredCredentials = true } };
 
-            var export = await _certifyClient.PerformExport(exportRequest);
+            var export = await _certifyClient.PerformExport(exportRequest, null);
 
             System.IO.File.WriteAllText(filename, JsonConvert.SerializeObject(export));
 
@@ -64,7 +65,7 @@ public async Task PerformBackupImport(string[] args)
                 return;
             }
 
-            var importSteps = await _certifyClient.PerformImport(importRequest);
+            var importSteps = await _certifyClient.PerformImport(importRequest, null);
 
             foreach (var s in importSteps)
             {
diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index bb06dfbd9..9ded60dd1 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -54,6 +54,12 @@ protected override Task<HttpResponseMessage> SendAsync(
                 );
     }
 
+    public class AuthContext
+    {
+        public string Username { get; set; }
+        public string Token { get; set; }
+    }
+
     // This version of the client communicates with the Certify.Service instance on the local machine
     public partial class CertifyApiClient : ICertifyInternalApiClient
     {
@@ -134,19 +140,33 @@ public void SetConnectionAuthMode(string mode)
             CreateHttpClient();
         }
 
-        private async Task<string> FetchAsync(string endpoint)
+        private void SetAuthContextForRequest(HttpRequestMessage request, AuthContext authContext)
+        {
+            if (authContext != null)
+            {
+                request.Headers.Add("X-Context-User-Id", authContext.Username);
+            }
+        }
+
+        private async Task<string> FetchAsync(string endpoint, AuthContext authContext)
         {
             try
             {
-                var response = await _client.GetAsync(_baseUri + endpoint);
-                if (response.IsSuccessStatusCode)
-                {
-                    return await response.Content.ReadAsStringAsync();
-                }
-                else
+                using (var request = new HttpRequestMessage(HttpMethod.Get, new Uri(_baseUri + endpoint)))
                 {
-                    var error = await response.Content.ReadAsStringAsync();
-                    throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error} ");
+                    SetAuthContextForRequest(request, authContext);
+
+                    var response = await _client.SendAsync(request);
+
+                    if (response.IsSuccessStatusCode)
+                    {
+                        return await response.Content.ReadAsStringAsync();
+                    }
+                    else
+                    {
+                        var error = await response.Content.ReadAsStringAsync();
+                        throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error} ");
+                    }
                 }
             }
             catch (HttpRequestException exp)
@@ -160,7 +180,7 @@ public class ServerErrorMsg
             public string Message;
         }
 
-        private async Task<HttpResponseMessage> PostAsync(string endpoint, object data)
+        private async Task<HttpResponseMessage> PostAsync(string endpoint, object data, AuthContext authContext)
         {
             if (data != null)
             {
@@ -169,30 +189,37 @@ private async Task<HttpResponseMessage> PostAsync(string endpoint, object data)
                 try
                 {
 
-                    var response = await _client.PostAsync(_baseUri + endpoint, content);
-                    if (response.IsSuccessStatusCode)
+                    using (var request = new HttpRequestMessage(HttpMethod.Post, new Uri(_baseUri + endpoint)))
                     {
-                        return response;
-                    }
-                    else
-                    {
-                        var error = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
+                        SetAuthContextForRequest(request, authContext);
+
+                        request.Content = content;
 
-                        if (response.StatusCode == HttpStatusCode.Unauthorized)
+                        var response = await _client.SendAsync(request);
+                        if (response.IsSuccessStatusCode)
                         {
-                            throw new ServiceCommsException($"API Access Denied: {endpoint}: {error}");
+                            return response;
                         }
                         else
                         {
+                            var error = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
 
-                            if (response.StatusCode == HttpStatusCode.InternalServerError && error.Contains("\"message\""))
+                            if (response.StatusCode == HttpStatusCode.Unauthorized)
                             {
-                                var err = JsonConvert.DeserializeObject<ServerErrorMsg>(error);
-                                throw new ServiceCommsException($"Internal Service Error: {endpoint}: {err.Message}");
+                                throw new ServiceCommsException($"API Access Denied: {endpoint}: {error}");
                             }
                             else
                             {
-                                throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
+
+                                if (response.StatusCode == HttpStatusCode.InternalServerError && error.Contains("\"message\""))
+                                {
+                                    var err = JsonConvert.DeserializeObject<ServerErrorMsg>(error);
+                                    throw new ServiceCommsException($"Internal Service Error: {endpoint}: {err.Message}");
+                                }
+                                else
+                                {
+                                    throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
+                                }
                             }
                         }
                     }
@@ -217,29 +244,35 @@ private async Task<HttpResponseMessage> PostAsync(string endpoint, object data)
             }
         }
 
-        private async Task<HttpResponseMessage> DeleteAsync(string endpoint)
+        private async Task<HttpResponseMessage> DeleteAsync(string endpoint, AuthContext authContext)
         {
-            var response = await _client.DeleteAsync(_baseUri + endpoint);
-            if (response.IsSuccessStatusCode)
-            {
-                return response;
-            }
-            else
+            using (var request = new HttpRequestMessage(HttpMethod.Delete, new Uri(_baseUri + endpoint)))
             {
-                var error = await response.Content.ReadAsStringAsync();
-                throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
+                SetAuthContextForRequest(request, authContext);
+
+                var response = await _client.SendAsync(request);
+
+                if (response.IsSuccessStatusCode)
+                {
+                    return response;
+                }
+                else
+                {
+                    var error = await response.Content.ReadAsStringAsync();
+                    throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
+                }
             }
         }
 
         #region System
 
-        public async Task<string> GetAppVersion() => await FetchAsync("system/appversion");
+        public async Task<string> GetAppVersion(AuthContext authContext = null) => await FetchAsync("system/appversion", authContext);
 
-        public async Task<UpdateCheck> CheckForUpdates()
+        public async Task<UpdateCheck> CheckForUpdates(AuthContext authContext = null)
         {
             try
             {
-                var result = await FetchAsync("system/updatecheck");
+                var result = await FetchAsync("system/updatecheck", authContext);
                 return JsonConvert.DeserializeObject<UpdateCheck>(result);
             }
             catch (Exception)
@@ -249,97 +282,89 @@ public async Task<UpdateCheck> CheckForUpdates()
             }
         }
 
-        public async Task<List<ActionResult>> PerformServiceDiagnostics()
+        public async Task<List<ActionResult>> PerformServiceDiagnostics(AuthContext authContext = null)
         {
-            var result = await FetchAsync("system/diagnostics");
+            var result = await FetchAsync("system/diagnostics", authContext);
             return JsonConvert.DeserializeObject<List<ActionResult>>(result);
         }
 
-        /*public async Task<ImportExportPackage> PerformExport(ExportRequest exportRequest)
+        public async Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId, AuthContext authContext = null)
         {
-            var result = await PostAsync("system/migration/export", exportRequest);
-            return JsonConvert.DeserializeObject<ImportExportPackage>(await result.Content.ReadAsStringAsync());
-        }
-
-        public async Task<List<ActionStep>> PerformImport(ImportRequest importRequest)
-        {
-            var result = await PostAsync("system/migration/import", importRequest);
-            return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
-        }*/
-        public async Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId)
-        {
-            var result = await PostAsync($"system/datastores/setdefault/{dataStoreId}", null);
+            var result = await PostAsync($"system/datastores/setdefault/{dataStoreId}", null, authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
         }
-        public async Task<List<ProviderDefinition>> GetDataStoreProviders()
+
+        public async Task<List<ProviderDefinition>> GetDataStoreProviders(AuthContext authContext = null)
         {
-            var result = await FetchAsync("system/datastores/providers");
+            var result = await FetchAsync("system/datastores/providers", authContext);
             return JsonConvert.DeserializeObject<List<ProviderDefinition>>(result);
         }
-        public async Task<List<DataStoreConnection>> GetDataStoreConnections()
+        
+        public async Task<List<DataStoreConnection>> GetDataStoreConnections(AuthContext authContext = null)
         {
-            var result = await FetchAsync("system/datastores/");
+            var result = await FetchAsync("system/datastores/", authContext);
             return JsonConvert.DeserializeObject<List<DataStoreConnection>>(result);
         }
-        public async Task<List<ActionStep>> CopyDataStore(string sourceId, string targetId)
+        
+        public async Task<List<ActionStep>> CopyDataStore(string sourceId, string targetId, AuthContext authContext = null)
         {
-            var result = await PostAsync($"system/datastores/copy/{sourceId}/{targetId}", null);
+            var result = await PostAsync($"system/datastores/copy/{sourceId}/{targetId}", null, authContext: authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<List<ActionStep>> UpdateDataStoreConnection(DataStoreConnection dataStoreConnection)
+        public async Task<List<ActionStep>> UpdateDataStoreConnection(DataStoreConnection dataStoreConnection, AuthContext authContext = null)
         {
-            var result = await PostAsync($"system/datastores/update", dataStoreConnection);
+            var result = await PostAsync($"system/datastores/update", dataStoreConnection, authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<List<ActionStep>> TestDataStoreConnection(DataStoreConnection dataStoreConnection)
+        public async Task<List<ActionStep>> TestDataStoreConnection(DataStoreConnection dataStoreConnection, AuthContext authContext = null)
         {
-            var result = await PostAsync($"system/datastores/test", dataStoreConnection);
+            var result = await PostAsync($"system/datastores/test", dataStoreConnection, authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await result.Content.ReadAsStringAsync());
         }
         #endregion System
 
         #region Server
 
-        public async Task<bool> IsServerAvailable(StandardServerTypes serverType)
+        public async Task<bool> IsServerAvailable(StandardServerTypes serverType, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"server/isavailable/{serverType}");
+            var result = await FetchAsync($"server/isavailable/{serverType}", authContext);
             return bool.Parse(result);
         }
 
-        public async Task<List<SiteInfo>> GetServerSiteList(StandardServerTypes serverType, string itemId = null)
+        public async Task<List<SiteInfo>> GetServerSiteList(StandardServerTypes serverType, string itemId = null, AuthContext authContext = null)
         {
             if (string.IsNullOrEmpty(itemId))
             {
-                var result = await FetchAsync($"server/sitelist/{serverType}");
+                var result = await FetchAsync($"server/sitelist/{serverType}", authContext);
                 return JsonConvert.DeserializeObject<List<SiteInfo>>(result);
             }
             else
             {
-                var result = await FetchAsync($"server/sitelist/{serverType}/{itemId}");
+                var result = await FetchAsync($"server/sitelist/{serverType}/{itemId}", authContext);
                 return JsonConvert.DeserializeObject<List<SiteInfo>>(result);
             }
         }
 
-        public async Task<System.Version> GetServerVersion(StandardServerTypes serverType)
+        public async Task<System.Version> GetServerVersion(StandardServerTypes serverType, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"server/version/{serverType}");
+            var result = await FetchAsync($"server/version/{serverType}", authContext);
 
             var versionString = JsonConvert.DeserializeObject<string>(result, new Newtonsoft.Json.Converters.VersionConverter());
             var version = Version.Parse(versionString);
             return version;
         }
 
-        public async Task<List<DomainOption>> GetServerSiteDomains(StandardServerTypes serverType, string serverSiteId)
+        public async Task<List<DomainOption>> GetServerSiteDomains(StandardServerTypes serverType, string serverSiteId, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"server/sitedomains/{serverType}/{serverSiteId}");
+            var result = await FetchAsync($"server/sitedomains/{serverType}/{serverSiteId}", authContext);
             return JsonConvert.DeserializeObject<List<DomainOption>>(result);
         }
 
-        public async Task<List<ActionStep>> RunConfigurationDiagnostics(StandardServerTypes serverType, string serverSiteId)
+        public async Task<List<ActionStep>> RunConfigurationDiagnostics(StandardServerTypes serverType, string serverSiteId, AuthContext authContext = null)
         {
-            var results = await FetchAsync($"server/diagnostics/{serverType}/{serverSiteId}");
+            var results = await FetchAsync($"server/diagnostics/{serverType}/{serverSiteId}", authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(results);
         }
 
@@ -347,15 +372,15 @@ public async Task<List<ActionStep>> RunConfigurationDiagnostics(StandardServerTy
 
         #region Preferences
 
-        public async Task<Preferences> GetPreferences()
+        public async Task<Preferences> GetPreferences(AuthContext authContext = null)
         {
-            var result = await FetchAsync("preferences/");
+            var result = await FetchAsync("preferences/", authContext);
             return JsonConvert.DeserializeObject<Preferences>(result);
         }
 
-        public async Task<bool> SetPreferences(Preferences preferences)
+        public async Task<bool> SetPreferences(Preferences preferences, AuthContext authContext = null)
         {
-            _ = await PostAsync("preferences/", preferences);
+            _ = await PostAsync("preferences/", preferences, authContext);
             return true;
         }
 
@@ -363,9 +388,9 @@ public async Task<bool> SetPreferences(Preferences preferences)
 
         #region Managed Certificates
 
-        public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter)
+        public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter, AuthContext authContext = null)
         {
-            var response = await PostAsync("managedcertificates/search/", filter);
+            var response = await PostAsync("managedcertificates/search/", filter, authContext);
             var serializer = new JsonSerializer();
 
             using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
@@ -386,9 +411,9 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
         /// </summary>
         /// <param name="filter"></param>
         /// <returns></returns>
-        public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter)
+        public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter, AuthContext authContext = null)
         {
-            var response = await PostAsync("managedcertificates/results/", filter);
+            var response = await PostAsync("managedcertificates/results/", filter, authContext);
             var serializer = new JsonSerializer();
 
             using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
@@ -399,9 +424,9 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchRes
             }
         }
 
-        public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
+        public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null)
         {
-            var response = await PostAsync("managedcertificates/summary/", filter);
+            var response = await PostAsync("managedcertificates/summary/", filter, authContext);
             var serializer = new JsonSerializer();
 
             using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
@@ -412,9 +437,9 @@ public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter
             }
         }
 
-        public async Task<ManagedCertificate> GetManagedCertificate(string managedItemId)
+        public async Task<ManagedCertificate> GetManagedCertificate(string managedItemId, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"managedcertificates/{managedItemId}");
+            var result = await FetchAsync($"managedcertificates/{managedItemId}", authContext);
             var site = JsonConvert.DeserializeObject<ManagedCertificate>(result);
             if (site != null)
             {
@@ -424,28 +449,28 @@ public async Task<ManagedCertificate> GetManagedCertificate(string managedItemId
             return site;
         }
 
-        public async Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site)
+        public async Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site, AuthContext authContext = null)
         {
-            var response = await PostAsync("managedcertificates/update", site);
+            var response = await PostAsync("managedcertificates/update", site, authContext);
             var json = await response.Content.ReadAsStringAsync();
             return JsonConvert.DeserializeObject<ManagedCertificate>(json);
         }
 
-        public async Task<bool> DeleteManagedCertificate(string managedItemId)
+        public async Task<bool> DeleteManagedCertificate(string managedItemId, AuthContext authContext = null)
         {
-            var response = await DeleteAsync($"managedcertificates/delete/{managedItemId}");
+            var response = await DeleteAsync($"managedcertificates/delete/{managedItemId}", authContext);
             return JsonConvert.DeserializeObject<bool>(await response.Content.ReadAsStringAsync());
         }
 
-        public async Task<StatusMessage> RevokeManageSiteCertificate(string managedItemId)
+        public async Task<StatusMessage> RevokeManageSiteCertificate(string managedItemId, AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/revoke/{managedItemId}");
+            var response = await FetchAsync($"managedcertificates/revoke/{managedItemId}", authContext);
             return JsonConvert.DeserializeObject<StatusMessage>(response);
         }
 
-        public async Task<List<CertificateRequestResult>> BeginAutoRenewal(RenewalSettings settings)
+        public async Task<List<CertificateRequestResult>> BeginAutoRenewal(RenewalSettings settings, AuthContext authContext)
         {
-            var response = await PostAsync("managedcertificates/autorenew", settings);
+            var response = await PostAsync("managedcertificates/autorenew", settings, authContext);
             var serializer = new JsonSerializer();
             using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
             using (var reader = new JsonTextReader(sr))
@@ -455,11 +480,11 @@ public async Task<List<CertificateRequestResult>> BeginAutoRenewal(RenewalSettin
             }
         }
 
-        public async Task<CertificateRequestResult> BeginCertificateRequest(string managedItemId, bool resumePaused, bool isInteractive)
+        public async Task<CertificateRequestResult> BeginCertificateRequest(string managedItemId, bool resumePaused, bool isInteractive, AuthContext authContext = null)
         {
             try
             {
-                var response = await FetchAsync($"managedcertificates/renewcert/{managedItemId}/{resumePaused}/{isInteractive}");
+                var response = await FetchAsync($"managedcertificates/renewcert/{managedItemId}/{resumePaused}/{isInteractive}", authContext);
                 return JsonConvert.DeserializeObject<CertificateRequestResult>(response);
             }
             catch (Exception exp)
@@ -473,82 +498,82 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
             }
         }
 
-        public async Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site)
+        public async Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site, AuthContext authContext = null)
         {
-            var response = await PostAsync($"managedcertificates/testconfig", site);
+            var response = await PostAsync($"managedcertificates/testconfig", site, authContext);
             return JsonConvert.DeserializeObject<List<StatusMessage>>(await response.Content.ReadAsStringAsync());
         }
-        public async Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate site)
+        public async Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate site, AuthContext authContext = null)
         {
-            var response = await PostAsync($"managedcertificates/challengecleanup", site);
+            var response = await PostAsync($"managedcertificates/challengecleanup", site, authContext);
             return JsonConvert.DeserializeObject<List<StatusMessage>>(await response.Content.ReadAsStringAsync());
         }
-        public async Task<List<Models.Providers.DnsZone>> GetDnsProviderZones(string providerTypeId, string credentialsId)
+        public async Task<List<Models.Providers.DnsZone>> GetDnsProviderZones(string providerTypeId, string credentialsId, AuthContext authContext = null)
         {
-            var json = await FetchAsync($"managedcertificates/dnszones/{providerTypeId}/{credentialsId}");
+            var json = await FetchAsync($"managedcertificates/dnszones/{providerTypeId}/{credentialsId}", authContext);
             return JsonConvert.DeserializeObject<List<Models.Providers.DnsZone>>(json);
         }
 
-        public async Task<List<ActionStep>> PreviewActions(ManagedCertificate site)
+        public async Task<List<ActionStep>> PreviewActions(ManagedCertificate site, AuthContext authContext = null)
         {
-            var response = await PostAsync($"managedcertificates/preview", site);
+            var response = await PostAsync($"managedcertificates/preview", site, authContext);
             return JsonConvert.DeserializeObject<List<ActionStep>>(await response.Content.ReadAsStringAsync());
         }
 
-        public async Task<List<CertificateRequestResult>> RedeployManagedCertificates(bool isPreviewOnly, bool includeDeploymentTasks)
+        public async Task<List<CertificateRequestResult>> RedeployManagedCertificates(bool isPreviewOnly, bool includeDeploymentTasks, AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/redeploy/{isPreviewOnly}/{includeDeploymentTasks}");
+            var response = await FetchAsync($"managedcertificates/redeploy/{isPreviewOnly}/{includeDeploymentTasks}", authContext);
             return JsonConvert.DeserializeObject<List<CertificateRequestResult>>(response);
         }
 
-        public async Task<CertificateRequestResult> ReapplyCertificateBindings(string managedItemId, bool isPreviewOnly, bool includeDeploymentTasks)
+        public async Task<CertificateRequestResult> ReapplyCertificateBindings(string managedItemId, bool isPreviewOnly, bool includeDeploymentTasks, AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/reapply/{managedItemId}/{isPreviewOnly}/{includeDeploymentTasks}");
+            var response = await FetchAsync($"managedcertificates/reapply/{managedItemId}/{isPreviewOnly}/{includeDeploymentTasks}", authContext);
             return JsonConvert.DeserializeObject<CertificateRequestResult>(response);
         }
 
-        public async Task<CertificateRequestResult> RefetchCertificate(string managedItemId)
+        public async Task<CertificateRequestResult> RefetchCertificate(string managedItemId, AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/fetch/{managedItemId}/{false}");
+            var response = await FetchAsync($"managedcertificates/fetch/{managedItemId}/{false}", authContext);
             return JsonConvert.DeserializeObject<CertificateRequestResult>(response);
         }
 
-        public async Task<List<ChallengeProviderDefinition>> GetChallengeAPIList()
+        public async Task<List<ChallengeProviderDefinition>> GetChallengeAPIList(AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/challengeapis/");
+            var response = await FetchAsync($"managedcertificates/challengeapis/", authContext);
             return JsonConvert.DeserializeObject<List<ChallengeProviderDefinition>>(response);
         }
 
-        public async Task<List<SimpleAuthorizationChallengeItem>> GetCurrentChallenges(string type, string key)
+        public async Task<List<SimpleAuthorizationChallengeItem>> GetCurrentChallenges(string type, string key, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"managedcertificates/currentchallenges/{type}/{key}");
+            var result = await FetchAsync($"managedcertificates/currentchallenges/{type}/{key}", authContext);
             return JsonConvert.DeserializeObject<List<SimpleAuthorizationChallengeItem>>(result);
         }
 
-        public async Task<List<DeploymentProviderDefinition>> GetDeploymentProviderList()
+        public async Task<List<DeploymentProviderDefinition>> GetDeploymentProviderList(AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/deploymentproviders/");
+            var response = await FetchAsync($"managedcertificates/deploymentproviders/", authContext);
             return JsonConvert.DeserializeObject<List<DeploymentProviderDefinition>>(response);
         }
 
-        public async Task<DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, Config.DeploymentTaskConfig config)
+        public async Task<DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, Config.DeploymentTaskConfig config, AuthContext authContext)
         {
-            var response = await PostAsync($"managedcertificates/deploymentprovider/{id}", config);
+            var response = await PostAsync($"managedcertificates/deploymentprovider/{id}", config, authContext);
             return JsonConvert.DeserializeObject<DeploymentProviderDefinition>(await response.Content.ReadAsStringAsync());
         }
 
-        public async Task<List<ActionStep>> PerformDeployment(string managedCertificateId, string taskId, bool isPreviewOnly, bool forceTaskExecute)
+        public async Task<List<ActionStep>> PerformDeployment(string managedCertificateId, string taskId, bool isPreviewOnly, bool forceTaskExecute, AuthContext authContext)
         {
             if (!forceTaskExecute)
             {
                 if (string.IsNullOrEmpty(taskId))
                 {
-                    var response = await FetchAsync($"managedcertificates/performdeployment/{isPreviewOnly}/{managedCertificateId}");
+                    var response = await FetchAsync($"managedcertificates/performdeployment/{isPreviewOnly}/{managedCertificateId}", authContext);
                     return JsonConvert.DeserializeObject<List<ActionStep>>(response);
                 }
                 else
                 {
-                    var response = await FetchAsync($"managedcertificates/performdeployment/{isPreviewOnly}/{managedCertificateId}/{taskId}");
+                    var response = await FetchAsync($"managedcertificates/performdeployment/{isPreviewOnly}/{managedCertificateId}/{taskId}", authContext);
                     return JsonConvert.DeserializeObject<List<ActionStep>>(response);
                 }
             }
@@ -556,32 +581,32 @@ public async Task<List<ActionStep>> PerformDeployment(string managedCertificateI
             {
                 if (string.IsNullOrEmpty(taskId))
                 {
-                    var response = await FetchAsync($"managedcertificates/performforceddeployment/{isPreviewOnly}/{managedCertificateId}");
+                    var response = await FetchAsync($"managedcertificates/performforceddeployment/{isPreviewOnly}/{managedCertificateId}", authContext);
                     return JsonConvert.DeserializeObject<List<ActionStep>>(response);
                 }
                 else
                 {
-                    var response = await FetchAsync($"managedcertificates/performforceddeployment/{isPreviewOnly}/{managedCertificateId}/{taskId}");
+                    var response = await FetchAsync($"managedcertificates/performforceddeployment/{isPreviewOnly}/{managedCertificateId}/{taskId}", authContext);
                     return JsonConvert.DeserializeObject<List<ActionStep>>(response);
                 }
             }
         }
 
-        public async Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValidationInfo info)
+        public async Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValidationInfo info, AuthContext authContext = null)
         {
-            var result = await PostAsync($"managedcertificates/validatedeploymenttask", info);
+            var result = await PostAsync($"managedcertificates/validatedeploymenttask", info, authContext);
             return JsonConvert.DeserializeObject<List<ActionResult>>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<LogItem[]> GetItemLog(string id, int limit)
+        public async Task<LogItem[]> GetItemLog(string id, int limit, AuthContext authContext = null)
         {
-            var response = await FetchAsync($"managedcertificates/log/{id}/{limit}");
+            var response = await FetchAsync($"managedcertificates/log/{id}/{limit}", authContext);
             return JsonConvert.DeserializeObject<LogItem[]>(response);
         }
 
-        public async Task<List<ActionResult>> PerformManagedCertMaintenance(string id = null)
+        public async Task<List<ActionResult>> PerformManagedCertMaintenance(string id = null, AuthContext authContext = null)
         {
-            var result = await FetchAsync($"managedcertificates/maintenance/{id}");
+            var result = await FetchAsync($"managedcertificates/maintenance/{id}", authContext);
             return JsonConvert.DeserializeObject<List<ActionResult>>(result);
         }
 
@@ -589,50 +614,50 @@ public async Task<List<ActionResult>> PerformManagedCertMaintenance(string id =
 
         #region Accounts
 
-        public async Task<List<CertificateAuthority>> GetCertificateAuthorities()
+        public async Task<List<CertificateAuthority>> GetCertificateAuthorities(AuthContext authContext = null)
         {
-            var result = await FetchAsync("accounts/authorities");
+            var result = await FetchAsync("accounts/authorities", authContext);
             return JsonConvert.DeserializeObject<List<CertificateAuthority>>(result);
         }
-        public async Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca)
+        public async Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca, AuthContext authContext =null)
         {
-            var result = await PostAsync("accounts/authorities", ca);
+            var result = await PostAsync("accounts/authorities", ca, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<ActionResult> DeleteCertificateAuthority(string id)
+        public async Task<ActionResult> DeleteCertificateAuthority(string id, AuthContext authContext = null)
         {
-            var result = await DeleteAsync("accounts/authorities/" + id);
+            var result = await DeleteAsync("accounts/authorities/" + id, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<List<AccountDetails>> GetAccounts()
+        public async Task<List<AccountDetails>> GetAccounts(AuthContext authContext = null)
         {
-            var result = await FetchAsync("accounts");
+            var result = await FetchAsync("accounts", authContext);
             return JsonConvert.DeserializeObject<List<AccountDetails>>(result);
         }
 
-        public async Task<ActionResult> AddAccount(ContactRegistration contact)
+        public async Task<ActionResult> AddAccount(ContactRegistration contact, AuthContext authContext = null)
         {
-            var result = await PostAsync("accounts", contact);
+            var result = await PostAsync("accounts", contact, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<ActionResult> UpdateAccountContact(ContactRegistration contact)
+        public async Task<ActionResult> UpdateAccountContact(ContactRegistration contact, AuthContext authContext = null)
         {
-            var result = await PostAsync($"accounts/update/{contact.StorageKey}", contact);
+            var result = await PostAsync($"accounts/update/{contact.StorageKey}", contact, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<ActionResult> RemoveAccount(string storageKey, bool deactivate)
+        public async Task<ActionResult> RemoveAccount(string storageKey, bool deactivate, AuthContext authContext = null)
         {
-            var result = await DeleteAsync($"accounts/remove/{storageKey}/{deactivate}");
+            var result = await DeleteAsync($"accounts/remove/{storageKey}/{deactivate}", authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM)
+        public async Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM, AuthContext authContext = null)
         {
-            var result = await PostAsync($"accounts/changekey/{storageKey}", new { newKeyPem = newKeyPEM });
+            var result = await PostAsync($"accounts/changekey/{storageKey}", new { newKeyPem = newKeyPEM }, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
@@ -640,42 +665,42 @@ public async Task<ActionResult> ChangeAccountKey(string storageKey, string newKe
 
         #region Credentials
 
-        public async Task<List<StoredCredential>> GetCredentials()
+        public async Task<List<StoredCredential>> GetCredentials(AuthContext authContext = null)
         {
-            var result = await FetchAsync("credentials");
+            var result = await FetchAsync("credentials", authContext);
             return JsonConvert.DeserializeObject<List<StoredCredential>>(result);
         }
 
-        public async Task<StoredCredential> UpdateCredentials(StoredCredential credential)
+        public async Task<StoredCredential> UpdateCredentials(StoredCredential credential, AuthContext authContext = null)
         {
-            var result = await PostAsync("credentials", credential);
+            var result = await PostAsync("credentials", credential, authContext);
             return JsonConvert.DeserializeObject<StoredCredential>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<bool> DeleteCredential(string credentialKey)
+        public async Task<bool> DeleteCredential(string credentialKey, AuthContext authContext = null)
         {
-            var result = await DeleteAsync($"credentials/{credentialKey}");
+            var result = await DeleteAsync($"credentials/{credentialKey}", authContext);
             return JsonConvert.DeserializeObject<bool>(await result.Content.ReadAsStringAsync());
         }
 
-        public async Task<ActionResult> TestCredentials(string credentialKey)
+        public async Task<ActionResult> TestCredentials(string credentialKey, AuthContext authContext = null)
         {
-            var result = await PostAsync($"credentials/{credentialKey}/test", new { });
+            var result = await PostAsync($"credentials/{credentialKey}/test", new { }, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
         }
 
         #endregion
 
         #region Auth
-        public async Task<string> GetAuthKeyWindows()
+        public async Task<string> GetAuthKeyWindows(AuthContext authContext)
         {
-            var result = await FetchAsync("auth/windows");
+            var result = await FetchAsync("auth/windows", authContext);
             return JsonConvert.DeserializeObject<string>(result);
         }
 
-        public async Task<string> GetAccessToken(string key)
+        public async Task<string> GetAccessToken(string key, AuthContext authContext)
         {
-            var result = await PostAsync("auth/token", new { Key = key });
+            var result = await PostAsync("auth/token", new { Key = key }, authContext);
             _accessToken = JsonConvert.DeserializeObject<string>(await result.Content.ReadAsStringAsync());
 
             if (!string.IsNullOrEmpty(_accessToken))
@@ -686,9 +711,9 @@ public async Task<string> GetAccessToken(string key)
             return _accessToken;
         }
 
-        public async Task<string> GetAccessToken(string username, string password)
+        public async Task<string> GetAccessToken(string username, string password, AuthContext authContext = null)
         {
-            var result = await PostAsync("auth/token", new { Username = username, Password = password });
+            var result = await PostAsync("auth/token", new { Username = username, Password = password }, authContext);
             _accessToken = JsonConvert.DeserializeObject<string>(await result.Content.ReadAsStringAsync());
 
             if (!string.IsNullOrEmpty(_accessToken))
@@ -699,9 +724,9 @@ public async Task<string> GetAccessToken(string username, string password)
             return _accessToken;
         }
 
-        public async Task<string> RefreshAccessToken()
+        public async Task<string> RefreshAccessToken(AuthContext authContext)
         {
-            var result = await PostAsync("auth/refresh", new { Token = _accessToken });
+            var result = await PostAsync("auth/refresh", new { Token = _accessToken }, authContext);
             _accessToken = JsonConvert.DeserializeObject<string>(await result.Content.ReadAsStringAsync());
 
             if (!string.IsNullOrEmpty(_accessToken))
@@ -712,9 +737,9 @@ public async Task<string> RefreshAccessToken()
             return _refreshToken;
         }
 
-        public async Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples()
+        public async Task<List<SecurityPrinciple>> GetAccessSecurityPrinciples(AuthContext authContext)
         {
-            var result = await FetchAsync("access/securityprinciples");
+            var result = await FetchAsync("access/securityprinciples", authContext);
             return JsonToObject<List<SecurityPrinciple>>(result);
         }
 
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index f8bd95f1b..e546d0f2d 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -18,115 +18,111 @@ public partial interface ICertifyInternalApiClient
 
         #region System
 
-        Task<string> GetAppVersion();
+        Task<string> GetAppVersion(AuthContext authContext = null);
 
-        Task<UpdateCheck> CheckForUpdates();
+        Task<UpdateCheck> CheckForUpdates(AuthContext authContext = null);
 
-        Task<List<Models.Config.ActionResult>> PerformServiceDiagnostics();
-        Task<List<Models.Config.ActionResult>> PerformManagedCertMaintenance(string id = null);
+        Task<List<Models.Config.ActionResult>> PerformServiceDiagnostics(AuthContext authContext = null);
+        Task<List<Models.Config.ActionResult>> PerformManagedCertMaintenance(string id = null, AuthContext authContext = null);
 
-        // Task<ImportExportPackage> PerformExport(ExportRequest exportRequest);
-        //  Task<List<ActionStep>> PerformImport(ImportRequest importRequest);
-
-        Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId);
-        Task<List<ProviderDefinition>> GetDataStoreProviders();
-        Task<List<DataStoreConnection>> GetDataStoreConnections();
-        Task<List<ActionStep>> CopyDataStore(string sourceId, string targetId);
-        Task<List<ActionStep>> UpdateDataStoreConnection(DataStoreConnection dataStoreConnection);
-        Task<List<ActionStep>> TestDataStoreConnection(DataStoreConnection dataStoreConnection);
+        Task<List<ActionStep>> SetDefaultDataStore(string dataStoreId, AuthContext authContext = null);
+        Task<List<ProviderDefinition>> GetDataStoreProviders(AuthContext authContext = null);
+        Task<List<DataStoreConnection>> GetDataStoreConnections(AuthContext authContext = null);
+        Task<List<ActionStep>> CopyDataStore(string sourceId, string targetId, AuthContext authContext = null);
+        Task<List<ActionStep>> UpdateDataStoreConnection(DataStoreConnection dataStoreConnection, AuthContext authContext = null);
+        Task<List<ActionStep>> TestDataStoreConnection(DataStoreConnection dataStoreConnection, AuthContext authContext = null);
 
         #endregion System
 
         #region Server
+        Task<bool> IsServerAvailable(StandardServerTypes serverType, AuthContext authContext = null);
 
-        Task<bool> IsServerAvailable(StandardServerTypes serverType);
-
-        Task<List<SiteInfo>> GetServerSiteList(StandardServerTypes serverType, string itemId = null);
+        Task<List<SiteInfo>> GetServerSiteList(StandardServerTypes serverType, string itemId = null, AuthContext authContext = null);
 
-        Task<Version> GetServerVersion(StandardServerTypes serverType);
+        Task<Version> GetServerVersion(StandardServerTypes serverType, AuthContext authContext = null);
 
-        Task<List<DomainOption>> GetServerSiteDomains(StandardServerTypes serverType, string serverSiteId);
+        Task<List<DomainOption>> GetServerSiteDomains(StandardServerTypes serverType, string serverSiteId, AuthContext authContext = null);
 
-        Task<List<ActionStep>> RunConfigurationDiagnostics(StandardServerTypes serverType, string serverSiteId);
+        Task<List<ActionStep>> RunConfigurationDiagnostics(StandardServerTypes serverType, string serverSiteId, AuthContext authContext = null);
 
-        Task<List<SimpleAuthorizationChallengeItem>> GetCurrentChallenges(string type, string key);
+        Task<List<SimpleAuthorizationChallengeItem>> GetCurrentChallenges(string type, string key, AuthContext authContext = null);
 
         #endregion Server
 
         #region Preferences
 
-        Task<Preferences> GetPreferences();
+        Task<Preferences> GetPreferences(AuthContext authContext = null);
 
-        Task<bool> SetPreferences(Preferences preferences);
+        Task<bool> SetPreferences(Preferences preferences, AuthContext authContext = null);
 
         #endregion Preferences
 
         #region Credentials
 
-        Task<List<StoredCredential>> GetCredentials();
+        Task<List<StoredCredential>> GetCredentials(AuthContext authContext = null);
 
-        Task<StoredCredential> UpdateCredentials(StoredCredential credential);
+        Task<StoredCredential> UpdateCredentials(StoredCredential credential, AuthContext authContext = null);
 
-        Task<bool> DeleteCredential(string credentialKey);
+        Task<bool> DeleteCredential(string credentialKey, AuthContext authContext = null);
 
-        Task<ActionResult> TestCredentials(string credentialKey);
+        Task<ActionResult> TestCredentials(string credentialKey, AuthContext authContext = null);
 
         #endregion Credentials
 
         #region Managed Certificates
 
-        Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter);
-        Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter);
-        Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter);
+        Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter, AuthContext authContext = null);
+        Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter, AuthContext authContext = null);
+        Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null);
 
-        Task<ManagedCertificate> GetManagedCertificate(string managedItemId);
+        Task<ManagedCertificate> GetManagedCertificate(string managedItemId, AuthContext authContext = null);
 
-        Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site);
+        Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site, AuthContext authContext = null);
 
-        Task<bool> DeleteManagedCertificate(string managedItemId);
+        Task<bool> DeleteManagedCertificate(string managedItemId, AuthContext authContext = null);
 
-        Task<StatusMessage> RevokeManageSiteCertificate(string managedItemId);
+        Task<StatusMessage> RevokeManageSiteCertificate(string managedItemId, AuthContext authContext = null);
 
-        Task<List<CertificateRequestResult>> BeginAutoRenewal(RenewalSettings settings);
+        Task<List<CertificateRequestResult>> BeginAutoRenewal(RenewalSettings settings, AuthContext authContext = null);
 
-        Task<List<CertificateRequestResult>> RedeployManagedCertificates(bool isPreviewOnly, bool includeDeploymentTasks);
+        Task<List<CertificateRequestResult>> RedeployManagedCertificates(bool isPreviewOnly, bool includeDeploymentTasks, AuthContext authContext = null);
 
-        Task<CertificateRequestResult> ReapplyCertificateBindings(string managedItemId, bool isPreviewOnly, bool includeDeploymentTasks);
+        Task<CertificateRequestResult> ReapplyCertificateBindings(string managedItemId, bool isPreviewOnly, bool includeDeploymentTasks, AuthContext authContext = null);
 
-        Task<CertificateRequestResult> RefetchCertificate(string managedItemId);
+        Task<CertificateRequestResult> RefetchCertificate(string managedItemId, AuthContext authContext = null);
 
-        Task<CertificateRequestResult> BeginCertificateRequest(string managedItemId, bool resumePaused, bool isInteractive);
+        Task<CertificateRequestResult> BeginCertificateRequest(string managedItemId, bool resumePaused, bool isInteractive, AuthContext authContext = null);
 
-        Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site);
-        Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate site);
+        Task<List<StatusMessage>> TestChallengeConfiguration(ManagedCertificate site, AuthContext authContext = null);
+        Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate site, AuthContext authContext = null);
 
-        Task<List<Models.Providers.DnsZone>> GetDnsProviderZones(string providerTypeId, string credentialsId);
+        Task<List<Models.Providers.DnsZone>> GetDnsProviderZones(string providerTypeId, string credentialsId, AuthContext authContext = null);
 
-        Task<List<ActionStep>> PreviewActions(ManagedCertificate site);
+        Task<List<ActionStep>> PreviewActions(ManagedCertificate site, AuthContext authContext = null);
 
-        Task<List<ChallengeProviderDefinition>> GetChallengeAPIList();
+        Task<List<ChallengeProviderDefinition>> GetChallengeAPIList(AuthContext authContext = null);
 
-        Task<List<DeploymentProviderDefinition>> GetDeploymentProviderList();
+        Task<List<DeploymentProviderDefinition>> GetDeploymentProviderList(AuthContext authContext = null);
 
-        Task<DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, Config.DeploymentTaskConfig config);
+        Task<DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, Config.DeploymentTaskConfig config, AuthContext authContext = null);
 
-        Task<List<ActionStep>> PerformDeployment(string managedCertificateId, string taskId, bool isPreviewOnly, bool forceTaskExecute);
+        Task<List<ActionStep>> PerformDeployment(string managedCertificateId, string taskId, bool isPreviewOnly, bool forceTaskExecute, AuthContext authContext = null);
 
-        Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValidationInfo info);
+        Task<List<ActionResult>> ValidateDeploymentTask(DeploymentTaskValidationInfo info, AuthContext authContext = null);
 
-        Task<Models.API.LogItem[]> GetItemLog(string id, int limit);
+        Task<Models.API.LogItem[]> GetItemLog(string id, int limit, AuthContext authContext = null);
 
         #endregion Managed Certificates
 
         #region Accounts
-        Task<List<CertificateAuthority>> GetCertificateAuthorities();
-        Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca);
-        Task<ActionResult> DeleteCertificateAuthority(string id);
-        Task<List<AccountDetails>> GetAccounts();
-        Task<ActionResult> AddAccount(ContactRegistration contact);
-        Task<ActionResult> UpdateAccountContact(ContactRegistration contact);
-        Task<ActionResult> RemoveAccount(string storageKey, bool deactivate);
-        Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM = null);
+        Task<List<CertificateAuthority>> GetCertificateAuthorities(AuthContext authContext = null);
+        Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca, AuthContext authContext = null);
+        Task<ActionResult> DeleteCertificateAuthority(string id, AuthContext authContext = null);
+        Task<List<AccountDetails>> GetAccounts(AuthContext authContext = null);
+        Task<ActionResult> AddAccount(ContactRegistration contact, AuthContext authContext = null);
+        Task<ActionResult> UpdateAccountContact(ContactRegistration contact, AuthContext authContext = null);
+        Task<ActionResult> RemoveAccount(string storageKey, bool deactivate, AuthContext authContext = null);
+        Task<ActionResult> ChangeAccountKey(string storageKey, string newKeyPEM = null, AuthContext authContext = null);
 
         #endregion Accounts
 
@@ -137,7 +133,6 @@ public partial interface ICertifyInternalApiClient
     /// </summary>
     public interface ICertifyClient : ICertifyInternalApiClient
     {
-
         event Action<string, string> OnMessageFromService;
 
         event Action<RequestProgressState> OnRequestProgressStateUpdated;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
index fd92b18e4..91feadc4d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/AccessController.cs
@@ -8,7 +8,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [Route("internal/v1/[controller]")]
     [ApiController]
-    public partial class AccessController : ControllerBase
+    public partial class AccessController : ApiControllerBase
     {
         private readonly ILogger<CertificateAuthorityController> _logger;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
new file mode 100644
index 000000000..4b46ef317
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
@@ -0,0 +1,48 @@
+using System.Net.Http.Headers;
+using Certify.Client;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Certify.Server.Api.Public.Controllers
+{
+    /// <summary>
+    /// Base class for public api controllers
+    /// </summary>
+    public partial class ApiControllerBase : ControllerBase
+    {
+        /// <summary>
+        /// Get the corresponding auth context to pass to the backend service
+        /// </summary>
+        /// <param name="httpContext"></param>
+        /// <returns></returns>
+        internal AuthContext CurrentAuthContext
+        {
+            get
+            {
+                var _config = HttpContext.RequestServices.GetRequiredService<IConfiguration>();
+                var jwt = new Api.Public.Services.JwtService(_config);
+
+                var authHeader = Request.Headers["Authorization"];
+                if (string.IsNullOrWhiteSpace(authHeader))
+                {
+                    return null;
+                }
+
+                var authToken = AuthenticationHeaderValue.Parse(authHeader).Parameter;
+
+                try
+                {
+                    var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
+                    var username = claimsIdentity.Name;
+
+                    var authContext = new AuthContext { Token = authToken, Username = username };
+
+                    return authContext;
+                }
+                catch (Exception)
+                {
+                    return null;
+                }
+            }
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
index 733fb2204..42964187c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/CertificateAuthorityController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class CertificateAuthorityController : ControllerBase
+    public partial class CertificateAuthorityController : ApiControllerBase
     {
 
         private readonly ILogger<CertificateAuthorityController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
index f0623000b..5b8002ab9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ChallengeProviderController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class ChallengeProviderController : ControllerBase
+    public partial class ChallengeProviderController : ApiControllerBase
     {
 
         private readonly ILogger<ChallengeProviderController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
index f6689980a..c26c79d6d 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/DeploymentTaskController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class DeploymentTaskController : ControllerBase
+    public partial class DeploymentTaskController : ApiControllerBase
     {
 
         private readonly ILogger<DeploymentTaskController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index 5ba7728c9..412d787e9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class PreviewController : ControllerBase
+    public partial class PreviewController : ApiControllerBase
     {
 
         private readonly ILogger<PreviewController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
index c22fe5c57..54f31f8c7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/StoredCredentialController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class StoredCredentialController : ControllerBase
+    public partial class StoredCredentialController : ApiControllerBase
     {
 
         private readonly ILogger<StoredCredentialController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
index 895fbcb26..3f1d8148e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/TargetController.cs
@@ -11,7 +11,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("internal/v1/[controller]")]
-    public partial class TargetController : ControllerBase
+    public partial class TargetController : ApiControllerBase
     {
 
         private readonly ILogger<TargetController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index a6f0213a9..f71fb8a79 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -13,7 +13,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public partial class AuthController : ControllerBase
+    public partial class AuthController : ApiControllerBase
     {
         private readonly ILogger<AuthController> _logger;
         private readonly ICertifyInternalApiClient _client;
@@ -54,8 +54,9 @@ public async Task<IActionResult> CheckAuthStatus()
         [ProducesResponseType(typeof(AuthResponse), 200)]
         public async Task<IActionResult> Login(AuthRequest login)
         {
+
             // check users login, if valid issue new JWT access token and refresh token based on their identity
-            var validation = await _client.ValidateSecurityPrinciplePassword(new SecurityPrinciplePasswordCheck() { Username = login.Username, Password = login.Password });
+            var validation = await _client.ValidateSecurityPrinciplePassword(new SecurityPrinciplePasswordCheck() { Username = login.Username, Password = login.Password }, CurrentAuthContext);
 
             if (validation.IsSuccess)
             {
@@ -68,9 +69,11 @@ public async Task<IActionResult> Login(AuthRequest login)
                     Detail = "OK",
                     AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"])),
                     RefreshToken = jwt.GenerateRefreshToken(),
-                    SecurityPrinciple = validation.SecurityPrinciple
+                    SecurityPrinciple = validation.SecurityPrinciple,
+                    RoleStatus = await _client.GetSecurityPrincipleRoleStatus(validation.SecurityPrinciple.Id, CurrentAuthContext)
                 };
 
+                
                 // TODO: Refresh token should be stored or hashed for later use
 
                 return Ok(authResponse);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 1974fb214..91bfe91b2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -12,7 +12,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public partial class CertificateController : ControllerBase
+    public partial class CertificateController : ApiControllerBase
     {
 
         private readonly ILogger<CertificateController> _logger;
@@ -55,9 +55,9 @@ public async Task<IActionResult> Download(string managedCertId, string format, s
             }
 
             // TODO: certify manager to do all the cert conversion work, server may be on another machine
-            var managedCert = await _client.GetManagedCertificate(managedCertId);
+            var managedCert = await _client.GetManagedCertificate(managedCertId, CurrentAuthContext);
 
-            if (managedCert == null)
+            if (managedCert?.CertificatePath == null)
             {
                 return new NotFoundResult();
             }
@@ -80,7 +80,7 @@ public async Task<IActionResult> Download(string managedCertId, string format, s
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(LogResult))]
         public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines = 1000)
         {
-            var managedCert = await _client.GetManagedCertificate(managedCertId);
+            var managedCert = await _client.GetManagedCertificate(managedCertId, CurrentAuthContext);
 
             if (managedCert == null)
             {
@@ -92,7 +92,7 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
                 maxLines = 1000;
             }
 
-            var log = await _client.GetItemLog(managedCertId, maxLines);
+            var log = await _client.GetItemLog(managedCertId, maxLines, CurrentAuthContext);
 
             return new OkObjectResult(new LogResult { Items = log });
         }
@@ -115,7 +115,7 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
                     Keyword = keyword,
                     PageIndex = page,
                     PageSize = pageSize
-                });
+                }, CurrentAuthContext);
 
             var list = managedCertResult.Results.Select(i => new ManagedCertificateSummary
             {
@@ -157,7 +157,7 @@ public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
                 new Models.ManagedCertificateFilter
                 {
                     Keyword = keyword
-                });
+                }, CurrentAuthContext);
 
             return new OkObjectResult(summary);
         }
@@ -174,7 +174,7 @@ public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
         public async Task<IActionResult> GetManagedCertificateDetails(string managedCertId)
         {
 
-            var managedCert = await _client.GetManagedCertificate(managedCertId);
+            var managedCert = await _client.GetManagedCertificate(managedCertId, CurrentAuthContext);
 
             return new OkObjectResult(managedCert);
         }
@@ -191,7 +191,7 @@ public async Task<IActionResult> GetManagedCertificateDetails(string managedCert
         public async Task<IActionResult> UpdateManagedCertificateDetails(Models.ManagedCertificate managedCertificate)
         {
 
-            var result = await _client.UpdateManagedCertificate(managedCertificate);
+            var result = await _client.UpdateManagedCertificate(managedCertificate, CurrentAuthContext);
             if (result != null)
             {
                 return new OkObjectResult(result);
@@ -214,7 +214,7 @@ public async Task<IActionResult> UpdateManagedCertificateDetails(Models.ManagedC
         public async Task<IActionResult> BeginOrder(string id)
         {
 
-            var result = await _client.BeginCertificateRequest(id, true, false);
+            var result = await _client.BeginCertificateRequest(id, true, false, CurrentAuthContext);
             if (result != null)
             {
                 return new OkObjectResult(result);
@@ -237,7 +237,7 @@ public async Task<IActionResult> BeginOrder(string id)
         public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         {
 
-            var results = await _client.BeginAutoRenewal(settings);
+            var results = await _client.BeginAutoRenewal(settings, CurrentAuthContext);
             if (results != null)
             {
                 return new OkObjectResult(results);
@@ -260,7 +260,7 @@ public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         public async Task<IActionResult> PerformConfigurationTest(Models.ManagedCertificate item)
         {
 
-            var results = await _client.TestChallengeConfiguration(item);
+            var results = await _client.TestChallengeConfiguration(item, CurrentAuthContext);
             if (results != null)
             {
                 return new OkObjectResult(results);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index b87dc90c2..11488d3eb 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -8,7 +8,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public partial class SystemController : ControllerBase
+    public partial class SystemController : ApiControllerBase
     {
 
         private readonly ILogger<SystemController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
index 71b4127bc..fa1aabf02 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/ValidationController.cs
@@ -10,7 +10,7 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     [ApiController]
     [Route("api/v1/[controller]")]
-    public partial class ValidationController : ControllerBase
+    public partial class ValidationController : ApiControllerBase
     {
 
         private readonly ILogger<ValidationController> _logger;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
index 990ee518f..459f2d2e1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
@@ -45,6 +45,7 @@ public static IServiceCollection AddTokenAuthentication(this IServiceCollection
                 };
             });
 
+            
             return services;
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index c939b41d7..2f7f9264c 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,4 +1,4 @@
-using Certify.Core.Management.Access;
+using Certify.Core.Management.Access;
 using Certify.Management;
 using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
@@ -25,13 +25,6 @@ private string GetContextUserId()
             // TODO: sign passed value provided by public API using public APIs access token
             var contextUserId = Request.Headers["X-Context-User-Id"];
 
-#if DEBUG
-            if (string.IsNullOrEmpty(contextUserId))
-            {
-                // TODO: our context user has to at least come from a valid JWT claim
-                contextUserId = "admin_01";
-            }
-#endif
             return contextUserId;
         }
 
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/ServiceAuthTests.cs b/src/Certify.Tests/Certify.Service.Tests.Integration/ServiceAuthTests.cs
index 8380a8096..8880b2258 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/ServiceAuthTests.cs
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/ServiceAuthTests.cs
@@ -10,8 +10,10 @@ public class ServiceAuthTests : ServiceTestBase
         [TestMethod]
         public async Task TestAuthFlow()
         {
+            AuthContext authContext = null;
+
             // use windows auth to acquire initial auth key
-            var authKey = await _client.GetAuthKeyWindows();
+            var authKey = await _client.GetAuthKeyWindows(authContext);
             Assert.IsNotNull(authKey);
 
             // attempt request without jwt auth being set yet
@@ -20,21 +22,21 @@ public async Task TestAuthFlow()
             // check should throw exception
             await Assert.ThrowsExceptionAsync<ServiceCommsException>(async () =>
             {
-                var noAuthResult = await _client.GetManagedCertificates(new Models.ManagedCertificateFilter { });
+                var noAuthResult = await _client.GetManagedCertificates(new Models.ManagedCertificateFilter { }, authContext);
                 Assert.IsNull(noAuthResult);
             });
 
             // use auth key to get JWT
 
-            var jwt = await _client.GetAccessToken(authKey);
+            var jwt = await _client.GetAccessToken(authKey, authContext);
             Assert.IsNotNull(jwt);
 
             // attempt request with JWT set
-            var authedResult = await _client.GetManagedCertificates(new Models.ManagedCertificateFilter { });
+            var authedResult = await _client.GetManagedCertificates(new Models.ManagedCertificateFilter { }, authContext);
             Assert.IsNotNull(authedResult);
 
             // refresh JWT
-            var refreshedToken = await _client.RefreshAccessToken();
+            var refreshedToken = await _client.RefreshAccessToken(authContext);
             Assert.IsNotNull(jwt);
         }
 
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
index 5c2ff6794..840e3f074 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
@@ -19,11 +19,12 @@ public async Task TestViewModelSetup()
         {
             var mockClient = new Mock<ICertifyClient>();
 
-            mockClient.Setup(c => c.GetPreferences()).Returns(
+            AuthContext authContext = null;
+            mockClient.Setup(c => c.GetPreferences(authContext)).Returns(
                 Task.FromResult(new Models.Preferences { })
                 );
 
-            mockClient.Setup(c => c.GetManagedCertificates(It.IsAny<Models.ManagedCertificateFilter>()))
+            mockClient.Setup(c => c.GetManagedCertificates(It.IsAny<Models.ManagedCertificateFilter>(), authContext))
                 .Returns(
                 Task.FromResult(new List<ManagedCertificate> {
                     new ManagedCertificate{
@@ -33,7 +34,7 @@ public async Task TestViewModelSetup()
                 })
                 );
 
-            mockClient.Setup(c => c.GetAccounts())
+            mockClient.Setup(c => c.GetAccounts(authContext))
                 .Returns(
                 Task.FromResult(
                     new List<AccountDetails> {
@@ -45,7 +46,7 @@ public async Task TestViewModelSetup()
                     })
                 );
 
-            mockClient.Setup(c => c.GetCredentials())
+            mockClient.Setup(c => c.GetCredentials(authContext))
               .Returns(
               Task.FromResult(new List<StoredCredential> { })
               );
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
index a6ff83306..66f0d9790 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.Settings.cs
@@ -4,6 +4,7 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using Certify.Client;
 using Certify.Models;
 using Certify.Models.Config.Migration;
 using Certify.UI.Settings;
@@ -162,6 +163,13 @@ public virtual async Task LoadSettingsAsync()
 
         }
 
+        public AuthContext DefaultAuthContext
+        {
+            get
+            {
+                return null;
+            }
+        }
         /// <summary>
         /// Perform full export of app configuration
         /// </summary>
@@ -171,7 +179,7 @@ public virtual async Task LoadSettingsAsync()
         /// <returns></returns>
         public async Task<ImportExportPackage> GetSettingsExport(ManagedCertificateFilter filter, ExportSettings settings, bool isPreview)
         {
-            var pkg = await _certifyClient.PerformExport(new ExportRequest { Filter = filter, Settings = settings, IsPreviewMode = isPreview });
+            var pkg = await _certifyClient.PerformExport(new ExportRequest { Filter = filter, Settings = settings, IsPreviewMode = isPreview }, DefaultAuthContext);
             return pkg;
         }
 
@@ -184,7 +192,7 @@ public async Task<ImportExportPackage> GetSettingsExport(ManagedCertificateFilte
         /// <returns></returns>
         public async Task<List<ActionStep>> PerformSettingsImport(ImportExportPackage package, ImportSettings settings, bool isPreviewMode)
         {
-            var results = await _certifyClient.PerformImport(new ImportRequest { Package = package, Settings = settings, IsPreviewMode = isPreviewMode });
+            var results = await _certifyClient.PerformImport(new ImportRequest { Package = package, Settings = settings, IsPreviewMode = isPreviewMode }, DefaultAuthContext);
             return results.ToList();
         }
     }

From 9530e26e3f99e8ae30ef0e45b32773f4e2d12391 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 12:43:29 +0800
Subject: [PATCH 126/237] Access: add user role status query on login

---
 .../Management/Access/AccessControl.cs        | 69 +++++++++++---
 .../Management/Access/IAccessControl.cs       |  1 +
 src/Certify.Models/API/AuthRequest.cs         |  5 +-
 src/Certify.Models/Config/AccessControl.cs    | 10 ++-
 .../Certify.API.Public.cs                     | 89 +++++++++++++++++++
 .../Controllers/AccessController.cs           | 12 ++-
 6 files changed, 171 insertions(+), 15 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 12b48db8f..32c874ead 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -27,6 +27,20 @@ public AccessControl(ILog log, IAccessControlStore store)
             _log = log;
         }
 
+        public async Task AuditWarning(string template, params object[] propertyvalues)
+        {
+            _log.Warning(template, propertyvalues);
+        }
+
+        public async Task AuditError(string template, params object[] propertyvalues)
+        {
+            _log.Error(template, propertyvalues);
+        }
+
+        public async Task AuditInformation(string template, params object[] propertyvalues)
+        {
+            _log.Error(template, propertyvalues);
+        }
         /// <summary>
         /// Check if the system has been initialized with a security principle
         /// </summary>
@@ -63,14 +77,14 @@ public async Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinc
         {
             if (!bypassIntegrityCheck && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning($"User {contextUserId} attempted to use AddSecurityPrinciple [{principle?.Id}] without being in required role.");
+                await AuditWarning("User {contextUserId} attempted to use AddSecurityPrinciple [{principleId}] without being in required role.", contextUserId, principle?.Id);
                 return false;
             }
 
             var existing = await GetSecurityPrinciple(contextUserId, principle.Id);
             if (existing != null)
             {
-                _log?.Warning($"User {contextUserId} attempted to use AddSecurityPrinciple [{principle?.Id}] which already exists.");
+                await AuditWarning("User {contextUserId} attempted to use AddSecurityPrinciple [{principleId}] which already exists.", contextUserId, principle?.Id);
                 return false;
             }
 
@@ -87,7 +101,7 @@ public async Task<bool> AddSecurityPrinciple(string contextUserId, SecurityPrinc
 
             await _store.Add<SecurityPrinciple>(nameof(SecurityPrinciple), principle);
 
-            _log?.Information($"User {contextUserId} added security principle [{principle?.Id}] {principle?.Username}");
+            await AuditInformation("User {contextUserId} added security principle [{principleId}] {username}", contextUserId, principle?.Id, principle?.Username);
             return true;
         }
 
@@ -101,7 +115,7 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
 
             if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}] without being in required role.");
+                await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}] without being in required role.");
                 return false;
             }
 
@@ -118,7 +132,7 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
             }
             catch
             {
-                _log?.Warning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}], but was not successful");
+                await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}], but was not successful");
                 return false;
             }
 
@@ -136,7 +150,7 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
         {
             if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning($"User {contextUserId} attempted to use DeleteSecurityPrinciple [{id}] without being in required role.");
+                await AuditWarning($"User {contextUserId} attempted to use DeleteSecurityPrinciple [{id}] without being in required role.");
                 return false;
             }
 
@@ -152,7 +166,7 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
 
             if (deleted != true)
             {
-                _log?.Warning($"User {contextUserId} attempted to delete security principle [{id}] {existing?.Username}, but was not successful");
+                await AuditWarning($"User {contextUserId} attempted to delete security principle [{id}] {existing?.Username}, but was not successful");
                 return false;
             }
             // TODO: remove assigned roles
@@ -193,6 +207,8 @@ public async Task<bool> IsAuthorised(string contextUserId, string principleId, s
             // to determine is a principle has access to perform a particular action
             // for each group the principle is part of
 
+            // TODO: cache results for performance
+
             var allAssignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
 
             var spAssigned = allAssignedRoles.Where(a => a.SecurityPrincipleId == principleId);
@@ -276,7 +292,7 @@ public async Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy r
         {
             if (!bypassIntegrityCheck && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning($"User {contextUserId} attempted to use AddResourcePolicy [{resourceProfile.Id}] without being in required role.");
+                await AuditWarning($"User {contextUserId} attempted to use AddResourcePolicy [{resourceProfile.Id}] without being in required role.");
                 return false;
             }
 
@@ -290,7 +306,7 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, Se
         {
             if (passwordUpdate.SecurityPrincipleId != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning("User {contextUserId} attempted to use updated password for [{id}] without being in required role.", contextUserId, passwordUpdate.SecurityPrincipleId);
+                await AuditWarning("User {contextUserId} attempted to use updated password for [{id}] without being in required role.", contextUserId, passwordUpdate.SecurityPrincipleId);
                 return false;
             }
 
@@ -315,7 +331,7 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, Se
             else
             {
 
-                _log?.Warning("User {contextUserId} failed to update password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
+                await AuditWarning("User {contextUserId} failed to update password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
             }
 
             return updated;
@@ -385,7 +401,7 @@ public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, str
         {
             if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning("User {contextUserId} attempted to read assigned role for [{id}] without being in required role.", contextUserId, id);
+                await AuditWarning("User {contextUserId} attempted to read assigned role for [{id}] without being in required role.", contextUserId, id);
                 return new List<AssignedRole>();
             }
 
@@ -394,11 +410,40 @@ public async Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, str
             return assignedRoles.Where(r => r.SecurityPrincipleId == id).ToList();
         }
 
+        public async Task<RoleStatus> GetSecurityPrincipleRoleStatus(string contextUserId, string id)
+        {
+            if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            {
+                await AuditWarning("User {contextUserId} attempted to read role status role for [{id}] without being in required role.", contextUserId, id);
+                
+            }
+
+            var allAssignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
+            var allRoles = await _store.GetItems<Role>(nameof(Role));
+            var allPolicies = await _store.GetItems<ResourcePolicy>(nameof(ResourcePolicy));
+            var allActions = await _store.GetItems<ResourceAction>(nameof(ResourceAction));
+
+            var spAssignedRoles = allAssignedRoles.Where(a => a.SecurityPrincipleId == id);
+            var spRoles = allRoles.Where(r => spAssignedRoles.Any(t => t.RoleId == r.Id));
+            var spPolicies = allPolicies.Where(r => spRoles.Any(p => p.Policies.Contains(r.Id)));
+            var spActions = allActions.Where(r => spPolicies.Any(p => p.ResourceActions.Contains(r.Id)));
+
+            var roleStatus = new RoleStatus
+            {
+                AssignedRoles = spAssignedRoles,
+                Roles = spRoles,
+                Policies = spPolicies,
+                Action = spActions
+            };
+
+            return roleStatus;
+        }
+
         public async Task<bool> UpdateAssignedRoles(string contextUserId, SecurityPrincipleAssignedRoleUpdate update)
         {
             if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                _log?.Warning("User {contextUserId} attempted to update assigned role for [{id}] without being in required role.", contextUserId, update.SecurityPrincipleId);
+                await AuditWarning("User {contextUserId} attempted to update assigned role for [{id}] without being in required role.", contextUserId, update.SecurityPrincipleId);
                 return false;
             }
 
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
index cb8b22ca7..a4c8a7e71 100644
--- a/src/Certify.Core/Management/Access/IAccessControl.cs
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -21,6 +21,7 @@ public interface IAccessControl
         Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier);
         Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
         Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id);
+        Task<RoleStatus> GetSecurityPrincipleRoleStatus(string contextUserId, string id);
         Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPrinciple principle);
         Task<bool> UpdateAssignedRoles(string contextUserId, SecurityPrincipleAssignedRoleUpdate update);
         Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, SecurityPrinciplePasswordUpdate passwordUpdate);
diff --git a/src/Certify.Models/API/AuthRequest.cs b/src/Certify.Models/API/AuthRequest.cs
index 5f65580bb..12487ad57 100644
--- a/src/Certify.Models/API/AuthRequest.cs
+++ b/src/Certify.Models/API/AuthRequest.cs
@@ -1,4 +1,5 @@
-using Certify.Models.Config.AccessControl;
+using System.Collections.Generic;
+using Certify.Models.Config.AccessControl;
 
 namespace Certify.Models.API
 {
@@ -41,6 +42,8 @@ public class AuthResponse
         public string RefreshToken { get; set; } = string.Empty;
 
         public Models.Config.AccessControl.SecurityPrinciple? SecurityPrinciple { get; set; }
+
+        public RoleStatus? RoleStatus { get; set; }
     }
 
     public class SecurityPrinciplePasswordCheck
diff --git a/src/Certify.Models/Config/AccessControl.cs b/src/Certify.Models/Config/AccessControl.cs
index 3f820c91e..689797a7f 100644
--- a/src/Certify.Models/Config/AccessControl.cs
+++ b/src/Certify.Models/Config/AccessControl.cs
@@ -127,8 +127,16 @@ public ResourceAction(string id, string title, string resourceType)
     }
     public class SecurityPrincipleAssignedRoleUpdate
     {
-        public string SecurityPrincipleId { get; set; } = String.Empty;
+        public string SecurityPrincipleId { get; set; } = string.Empty;
         public List<AssignedRole> AddedAssignedRoles { get; set; } = new List<AssignedRole>();
         public List<AssignedRole> RemovedAssignedRoles { get; set; } = new List<AssignedRole>();
     }
+
+    public class RoleStatus
+    {
+        public IEnumerable<AssignedRole> AssignedRoles { get; set; } = new List<AssignedRole>();
+        public IEnumerable<Role> Roles { get; set; } = new List<Role>();
+        public IEnumerable<ResourcePolicy> Policies { get; set; } = new List<ResourcePolicy>();
+        public IEnumerable<ResourceAction> Action { get; set; } = new List<ResourceAction>();
+    }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 2a659c600..3ddc9ec30 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -160,6 +160,95 @@ public string BaseUrl
             }
         }
 
+        /// <summary>
+        /// Get list of Assigned Roles etc for a given security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipleRoleStatusAsync(string id)
+        {
+            return GetSecurityPrincipleRoleStatusAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get list of Assigned Roles etc for a given security principle [Generated by Certify.SourceGenerators]
+        /// </summary>
+        /// <returns>Success</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipleRoleStatusAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            if (id == null)
+                throw new System.ArgumentNullException("id");
+
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "internal/v1/access/securityprinciple/{id}/rolestatus"
+                    urlBuilder_.Append("internal/v1/access/securityprinciple/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/rolestatus");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<RoleStatus>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Get list of available security Roles [Generated by Certify.SourceGenerators]
         /// </summary>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index 2f7f9264c..199b50e95 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,4 +1,4 @@
-using Certify.Core.Management.Access;
+using Certify.Core.Management.Access;
 using Certify.Management;
 using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
@@ -114,6 +114,16 @@ public async Task<List<AssignedRole>> GetSecurityPrincipleAssignedRoles(string i
             return results;
         }
 
+        [HttpGet, Route("securityprinciple/{id}/rolestatus")]
+        public async Task<RoleStatus> GetSecurityPrincipleRoleStatus(string id)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+
+            var result = await accessControl.GetSecurityPrincipleRoleStatus(GetContextUserId(), id);
+
+            return result;
+        }
+
         [HttpPost, Route("updatepassword")]
         public async Task<Models.Config.ActionResult> UpdatePassword([FromBody] SecurityPrinciplePasswordUpdate passwordUpdate)
         {

From eebdfaf670067c18c5d9e5a17b5a9973be752311 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 12:44:59 +0800
Subject: [PATCH 127/237] WIP: resource action standard naming

---
 src/Certify.Models/Config/AccessControlConfig.cs | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Models/Config/AccessControlConfig.cs b/src/Certify.Models/Config/AccessControlConfig.cs
index ffa269302..02a717c7b 100644
--- a/src/Certify.Models/Config/AccessControlConfig.cs
+++ b/src/Certify.Models/Config/AccessControlConfig.cs
@@ -63,13 +63,20 @@ public class ResourceTypes
         public static string CertificateAuthority { get; } = "ca";
     }
 
+    public static class StandardResourceActions
+    {
+        public const string CertificateDownload = "certificate_download";
+        public const string ManagedItemAdd = "manageditem_add";
+        public const string ManagedItemList = "manageditem_list";
+    }
+
     public static class Policies
     {
         public static List<ResourceAction> GetStandardResourceActions()
         {
             return new List<ResourceAction> {
 
-                new ResourceAction("certificate_download", "Certificate Download", ResourceTypes.Certificate),
+                new ResourceAction(StandardResourceActions.CertificateDownload, "Certificate Download", ResourceTypes.Certificate),
 
                 new ResourceAction("storedcredential_add", "Add New Stored Credential", ResourceTypes.StoredCredential),
                 new ResourceAction("storedcredential_update", "Update Stored Credential", ResourceTypes.StoredCredential),
@@ -83,6 +90,7 @@ public static List<ResourceAction> GetStandardResourceActions()
 
                 new ResourceAction("manageditem_requester", "Request New Managed Items", ResourceTypes.ManagedItem),
                 new ResourceAction("manageditem_add", "Add Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction("manageditem_list", "List Managed Items", ResourceTypes.ManagedItem),
                 new ResourceAction("manageditem_update", "Update Managed Items", ResourceTypes.ManagedItem),
                 new ResourceAction("manageditem_delete", "Delete Managed Items", ResourceTypes.ManagedItem),
                 new ResourceAction("manageditem_test", "Test Managed Item Renewal Checks", ResourceTypes.ManagedItem),
@@ -98,7 +106,8 @@ public static List<ResourcePolicy> GetStandardPolicies()
             return new List<ResourcePolicy> {
                 new ResourcePolicy{ Id="managed_item_admin", Title="Managed Item Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
-                        "manageditem_add",
+                        StandardResourceActions.ManagedItemList,
+                        StandardResourceActions.ManagedItemAdd,
                         "manageditem_update",
                         "manageditem_delete",
                         "manageditem_test",
@@ -118,7 +127,7 @@ public static List<ResourcePolicy> GetStandardPolicies()
                 },
                 new ResourcePolicy{ Id="certificate_consumer", Title="Consume Certificates", SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
-                        "certificate_download",
+                        StandardResourceActions.CertificateDownload,
                         "certificate_key_download"
                     }
                 },

From 589fd226020639d4f1c128b9d1bc6a08cc9a18fd Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 13:35:53 +0800
Subject: [PATCH 128/237] Cleanup

---
 src/Certify.Core/Management/Access/AccessControl.cs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 32c874ead..81f82018a 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -128,7 +128,7 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
 
                 updateSp.AvatarUrl = GetAvatarUrlForPrinciple(principle);
 
-                var updated = _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), updateSp);
+                await _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), updateSp);
             }
             catch
             {
@@ -317,7 +317,7 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, Se
             if (IsPasswordValid(passwordUpdate.Password, principle.Password))
             {
                 principle.Password = HashPassword(passwordUpdate.NewPassword);
-                updated = await UpdateSecurityPrinciple(contextUserId, principle);
+                await UpdateSecurityPrinciple(contextUserId, principle);
             }
             else
             {
@@ -497,12 +497,12 @@ public string GetSHA256Hash(string val)
         {
             using (var sha256Hash = SHA256.Create())
             {
-                byte[] data = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(val));
+                var data = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(val));
                 var sBuilder = new StringBuilder();
 
                 // Loop through each byte of the hashed data
                 // and format each one as a hexadecimal string.
-                for (int i = 0; i < data.Length; i++)
+                for (var i = 0; i < data.Length; i++)
                 {
                     sBuilder.Append(data[i].ToString("x2"));
                 }

From b2a4cb1ea9bade339dd9d38b6f891121bb080319 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 13:36:28 +0800
Subject: [PATCH 129/237] Tests: fix access control test referencing mutated
 in-memory value

---
 .../Tests/AccessControlTests.cs               | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index efc078186..1fd6deb70 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -8,6 +8,7 @@
 using Certify.Models.Config.AccessControl;
 using Certify.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Newtonsoft.Json;
 using Serilog;
 
 namespace Certify.Core.Tests.Unit
@@ -276,6 +277,7 @@ public async Task TestUpdateSecurityPrinciple()
         {
             // Add test security principles
             var adminSecurityPrinciples = new List<SecurityPrinciple> { TestSecurityPrinciples.Admin, TestSecurityPrinciples.TestAdmin };
+
             adminSecurityPrinciples.ForEach(async p => await access.AddSecurityPrinciple(contextUserId, p, bypassIntegrityCheck: true));
 
             // Setup security principle actions
@@ -294,20 +296,29 @@ public async Task TestUpdateSecurityPrinciple()
             var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
             assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
 
+            // clone the test security principles to avoid reference issues as we are using an in-memory store
+            adminSecurityPrinciples = JsonConvert.DeserializeObject<List<SecurityPrinciple>>(JsonConvert.SerializeObject(adminSecurityPrinciples));
+
             // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
             var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
             Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
 
             // Update security principle in AccessControl with a new principle object of the same Id, but different email
-            var newSecurityPrinciple = TestSecurityPrinciples.Admin;
-            newSecurityPrinciple.Email = "new_test_email@test.com";
-            var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
-            Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to succeed");
+            var updateSecurityPrinciple = new SecurityPrinciple
+            {
+                Id = TestSecurityPrinciples.Admin.Id,
+                Username = TestSecurityPrinciples.Admin.Username,
+                Description = TestSecurityPrinciples.Admin.Description,
+                Email = "new_test_email@test.com"
+            };
+
+            var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, updateSecurityPrinciple);
+            Assert.IsTrue(securityPrincipleUpdated, $"Expected security principle update for {updateSecurityPrinciple.Id} to succeed");
 
             // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after update
-            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, newSecurityPrinciple.Id);
+            storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, updateSecurityPrinciple.Id);
             Assert.AreNotEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to not match previous Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
-            Assert.AreEqual(storedSecurityPrinciple.Email, newSecurityPrinciple.Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match updated Email '{newSecurityPrinciple.Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
+            Assert.AreEqual(storedSecurityPrinciple.Email, updateSecurityPrinciple.Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match updated Email '{updateSecurityPrinciple.Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
         }
 
         [TestMethod]

From 2aff665660bd140fd94b2a74c98606e3928aa803 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 13:36:54 +0800
Subject: [PATCH 130/237] Test: update check assert not null result

---
 .../Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs            | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs
index 5cc91ed9b..efc82bd71 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/UpdateCheckTest.cs
@@ -22,6 +22,8 @@ public void TestUpdateCheck()
 
             result = updateChecker.CheckForUpdates("6.1.1").Result;
 
+            Assert.IsNotNull(result, "Update check result should not be null");
+
             // current version is newer than update version
             Assert.IsFalse(result.IsNewerVersion);
             Assert.IsFalse(result.MustUpdate, "No mandatory update required");

From 524f2f159617e671aeae6c84fed5aa3cb3c15150 Mon Sep 17 00:00:00 2001
From: Fritz Otlinghaus <fritz.otlinghaus@helsinki-systems.de>
Date: Wed, 31 Jan 2024 10:29:26 +0100
Subject: [PATCH 131/237] Add hosting.de as posh acme option

---
 src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs b/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
index d343b2ff2..8c3b00765 100644
--- a/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
+++ b/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;

From 106eb9eadf6698f430d67353d0a00562b3f3b39b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 8 Feb 2024 17:39:35 +0800
Subject: [PATCH 132/237] Renewal: Port  fix for recurring renewal attempts
 which should be on hold

---
 src/Certify.Models/Config/ManagedCertificate.cs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index 9dbd35627..f602ae767 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -785,10 +785,9 @@ public static bool IsDomainOrWildcardMatch(List<string> dnsNames, string? hostna
                         {
                             targetRenewalPercentage = selectedRenewalInterval;
 
-                    var targetRenewalMinutesAfterCertStart = certLifetime.Value.TotalMinutes * (targetRenewalPercentage / 100);
-                    var targetRenewalDate = s.DateStart != null ? s.DateStart.Value.AddMinutes(targetRenewalMinutesAfterCertStart) : s.DateRenewed.Value;
-                    nextRenewalAttemptDate = targetRenewalDate;
-
+                            if (targetRenewalPercentage > 100) { targetRenewalPercentage = 100; }
+                        }
+                        
                         var targetRenewalMinutesAfterCertStart = certLifetime.Value.TotalMinutes * (targetRenewalPercentage / 100);
                         var targetRenewalDate = s.DateStart != null ? s.DateStart.Value.AddMinutes(targetRenewalMinutesAfterCertStart) : s.DateRenewed.Value;
                         nextRenewalAttemptDate = targetRenewalDate;

From b112b74e2651d64ef44d77423673f0f15ab40bda Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 9 Feb 2024 18:15:51 +0800
Subject: [PATCH 133/237] UI/service: SignalR breaks if BCL Async version wrong

---
 src/Certify.Client/CertifyServiceClient.cs | 2 +-
 src/Certify.Service/Certify.Service.csproj | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index d09128a3e..714b3a8d9 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -58,7 +58,7 @@ public async Task ConnectStatusStreamAsync()
                 _legacyConnection.Closed += OnConnectionClosed;
 
 #if DEBUG
-                var logPath = Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "hubconnection.log");
+                var logPath = Path.Combine(EnvironmentUtil.GetAppDataFolder("logs"), "hubconnection.log");
                 var writer = new StreamWriter(logPath);
                 writer.AutoFlush = true;
                 _legacyConnection.TraceLevel = TraceLevels.All;
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 7502b7828..da0635f5d 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -55,6 +55,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
         <PackageReference Include="Microsoft.Identity.Client" Version="4.59.0" />
+        <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Diagnostics" Version="4.2.2" />

From 2514ae254fe37701648773f3788354dfc390316d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 15 Feb 2024 14:12:26 +0800
Subject: [PATCH 134/237] Move API method source generators into main repo

---
 src/Certify.Client/Certify.Client.csproj      |   2 +-
 .../Certify.Server.Api.Public.csproj          |   4 +-
 src/Certify.SourceGenerators/ApiMethods.cs    | 225 +++++++++++++++++
 .../Certify.SourceGenerators.csproj           |  20 ++
 .../Properties/launchSettings.json            |   1 +
 .../PublicAPISourceGenerator.cs               | 238 ++++++++++++++++++
 6 files changed, 487 insertions(+), 3 deletions(-)
 create mode 100644 src/Certify.SourceGenerators/ApiMethods.cs
 create mode 100644 src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
 create mode 100644 src/Certify.SourceGenerators/Properties/launchSettings.json
 create mode 100644 src/Certify.SourceGenerators/PublicAPISourceGenerator.cs

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index e706c7b60..ca1a1f5c1 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -25,9 +25,9 @@
   </ItemGroup>
   
   <ItemGroup>
-    <ProjectReference Include="..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
     <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
+    <ProjectReference Include="..\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false"/>
 
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 0fd764c92..721796c11 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
     <Nullable>enable</Nullable>
@@ -23,7 +23,7 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\..\..\..\certify-manager\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
+    <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
     <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
     <ProjectReference Include="..\..\Certify.Aspire\Certify.Aspire.ServiceDefaults\Certify.Aspire.ServiceDefaults.csproj" />
diff --git a/src/Certify.SourceGenerators/ApiMethods.cs b/src/Certify.SourceGenerators/ApiMethods.cs
new file mode 100644
index 000000000..d83836397
--- /dev/null
+++ b/src/Certify.SourceGenerators/ApiMethods.cs
@@ -0,0 +1,225 @@
+using SourceGenerator;
+using System.Collections.Generic;
+
+namespace Certify.SourceGenerators
+{
+    internal class ApiMethods
+    {
+        public static List<GeneratedAPI> GetApiDefinitions()
+        {
+            // declaring an API definition here is then used by the source generators to:
+            // - create the public API endpoint
+            // - map the call from the public API to the background service API in the service API Client (interface and implementation)
+            // - to then generate the public API clients, run nswag when the public API is running.
+
+            return new List<GeneratedAPI> {
+  
+                    new GeneratedAPI {
+
+                        OperationName = "GetSecurityPrincipleAssignedRoles",
+                        OperationMethod = "HttpGet",
+                        Comment = "Get list of Assigned Roles for a given security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple/{id}/assignedroles",
+                        ServiceAPIRoute = "access/securityprinciple/{id}/assignedroles",
+                        ReturnType = "ICollection<AssignedRole>",
+                        Params =new Dictionary<string, string>{{"id","string"}}
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "GetSecurityPrincipleRoleStatus",
+                        OperationMethod = "HttpGet",
+                        Comment = "Get list of Assigned Roles etc for a given security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple/{id}/rolestatus",
+                        ServiceAPIRoute = "access/securityprinciple/{id}/rolestatus",
+                        ReturnType = "RoleStatus",
+                        Params =new Dictionary<string, string>{{"id","string"}}
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "GetAccessRoles",
+                        OperationMethod = "HttpGet",
+                        Comment = "Get list of available security Roles",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "roles",
+                        ServiceAPIRoute = "access/roles",
+                        ReturnType = "ICollection<Role>"
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "GetSecurityPrinciples",
+                        OperationMethod = "HttpGet",
+                        Comment = "Get list of available security principles",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciples",
+                        ServiceAPIRoute = "access/securityprinciples",
+                        ReturnType = "ICollection<SecurityPrinciple>"
+                    },
+                    new GeneratedAPI {
+                        OperationName = "ValidateSecurityPrinciplePassword",
+                        OperationMethod = "HttpPost",
+                        Comment = "Check password valid for security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "validate",
+                        ServiceAPIRoute = "access/validate",
+                        ReturnType = "Certify.Models.API.SecurityPrincipleCheckResponse",
+                        Params = new Dictionary<string, string>{{"passwordCheck", "Certify.Models.API.SecurityPrinciplePasswordCheck" } }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "UpdateSecurityPrinciplePassword",
+                        OperationMethod = "HttpPost",
+                        Comment = "Update password for security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "updatepassword",
+                        ServiceAPIRoute = "access/updatepassword",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params = new Dictionary<string, string>{{"passwordUpdate", "Certify.Models.API.SecurityPrinciplePasswordUpdate" } }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "AddSecurityPrinciple",
+                        OperationMethod = "HttpPost",
+                        Comment = "Add new security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple",
+                        ServiceAPIRoute = "access/securityprinciple",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params = new Dictionary<string, string>{{"principle", "Certify.Models.Config.AccessControl.SecurityPrinciple" } }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "UpdateSecurityPrinciple",
+                        OperationMethod = "HttpPost",
+                        Comment = "Update existing security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple/update",
+                        ServiceAPIRoute = "access/securityprinciple/update",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params = new Dictionary<string, string>{ 
+                            { "principle", "Certify.Models.Config.AccessControl.SecurityPrinciple" } 
+                        }
+                    },
+                      new GeneratedAPI {
+
+                        OperationName = "UpdateSecurityPrincipleAssignedRoles",
+                        OperationMethod = "HttpPost",
+                        Comment = "Update assigned roles for a security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple/roles/update",
+                        ServiceAPIRoute = "access/securityprinciple/roles/update",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params = new Dictionary<string, string>{
+                            { "update", "Certify.Models.Config.AccessControl.SecurityPrincipleAssignedRoleUpdate" }
+                        }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "DeleteSecurityPrinciple",
+                        OperationMethod = "HttpDelete",
+                        Comment = "Delete security principle",
+                        PublicAPIController = "Access",
+                        PublicAPIRoute = "securityprinciple",
+                        ServiceAPIRoute = "access/securityprinciple/{id}",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params = new Dictionary<string, string>{{"id","string"}}
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "GetAcmeAccounts",
+                        OperationMethod = "HttpGet",
+                        Comment = "Get All Acme Accounts",
+                        PublicAPIController = "CertificateAuthority",
+                        PublicAPIRoute = "accounts",
+                        ServiceAPIRoute = "accounts",
+                        ReturnType = "ICollection<Models.AccountDetails>"
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "AddAcmeAccount",
+                        OperationMethod = "HttpPost",
+                        Comment = "Add New Acme Account",
+                        PublicAPIController = "CertificateAuthority",
+                        PublicAPIRoute = "account",
+                        ServiceAPIRoute = "accounts",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params =new Dictionary<string, string>{{"registration", "Certify.Models.ContactRegistration" } }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "AddCertificateAuthority",
+                        OperationMethod = "HttpPost",
+                        Comment = "Add New Certificate Authority",
+                        PublicAPIController = "CertificateAuthority",
+                        PublicAPIRoute = "authority",
+                        ServiceAPIRoute = "accounts/authorities",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params =new Dictionary<string, string>{{ "certificateAuthority", "Certify.Models.CertificateAuthority" } }
+                    },
+                     new GeneratedAPI {
+
+                        OperationName = "RemoveManagedCertificate",
+                        OperationMethod = "HttpDelete",
+                        Comment = "Remove Managed Certificate",
+                        PublicAPIController = "Certificate",
+                        PublicAPIRoute = "certificate/{id}",
+                        ServiceAPIRoute = "managedcertificates/delete/{id}",
+                        ReturnType = "bool",
+                        Params =new Dictionary<string, string>{{ "id", "string" } }
+                    },
+                    new GeneratedAPI {
+
+                        OperationName = "RemoveCertificateAuthority",
+                        OperationMethod = "HttpDelete",
+                        Comment = "Remove Certificate Authority",
+                        PublicAPIController = "CertificateAuthority",
+                        PublicAPIRoute = "authority/{id}",
+                        ServiceAPIRoute = "accounts/authorities/{id}",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params =new Dictionary<string, string>{{ "id", "string" } }
+                    },
+                    new GeneratedAPI {
+                        OperationName = "RemoveAcmeAccount",
+                        OperationMethod = "HttpDelete",
+                        Comment = "Remove ACME Account",
+                        PublicAPIController = "CertificateAuthority",
+                        PublicAPIRoute = "accounts/{storageKey}/{deactivate}",
+                        ServiceAPIRoute = "accounts/remove/{storageKey}/{deactivate}",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params =new Dictionary<string, string>{{ "storageKey", "string" }, { "deactivate", "bool" } }
+                    },
+                    new GeneratedAPI {
+                        OperationName = "RemoveStoredCredential",
+                        OperationMethod = "HttpDelete",
+                        Comment = "Remove Stored Credential",
+                        PublicAPIController = "StoredCredential",
+                        PublicAPIRoute = "storedcredential/{storageKey}",
+                        ServiceAPIRoute = "credentials",
+                        ReturnType = "Models.Config.ActionResult",
+                        Params =new Dictionary<string, string>{{ "storageKey", "string" } }
+                    },
+                    new GeneratedAPI {
+                        OperationName = "PerformExport",
+                        OperationMethod = "HttpPost",
+                        Comment = "Perform an export of all settings",
+                        PublicAPIController = "System",
+                        PublicAPIRoute = "system/migration/export",
+                        ServiceAPIRoute = "system/migration/export",
+                        ReturnType = "Models.Config.Migration.ImportExportPackage",
+                        Params =new Dictionary<string, string>{{ "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } }
+                    },
+                     new GeneratedAPI {
+                        OperationName = "PerformImport",
+                        OperationMethod = "HttpPost",
+                        Comment = "Perform an import of all settings",
+                        PublicAPIController = "System",
+                        PublicAPIRoute = "system/migration/import",
+                        ServiceAPIRoute = "system/migration/import",
+                        ReturnType = "ICollection<ActionStep>",
+                        Params =new Dictionary<string, string>{{ "importRequest", "Certify.Models.Config.Migration.ImportRequest" } }
+                    }
+                };
+        }
+    }
+}
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
new file mode 100644
index 000000000..133497c48
--- /dev/null
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+	  <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.8.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Folder Include="templates\" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\certify\src\Certify.Models\Certify.Models.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Certify.SourceGenerators/Properties/launchSettings.json b/src/Certify.SourceGenerators/Properties/launchSettings.json
new file mode 100644
index 000000000..9e26dfeeb
--- /dev/null
+++ b/src/Certify.SourceGenerators/Properties/launchSettings.json
@@ -0,0 +1 @@
+{}
\ No newline at end of file
diff --git a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
new file mode 100644
index 000000000..84b361621
--- /dev/null
+++ b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
@@ -0,0 +1,238 @@
+using Certify.SourceGenerators;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.Text;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Text;
+
+namespace SourceGenerator
+{
+    public class GeneratedAPI
+    {
+        public string OperationName { get; set; } = string.Empty;
+        public string OperationMethod { get; set; } = string.Empty;
+        public string Comment { get; set; } = string.Empty;
+        public string PublicAPIController { get; set; } = string.Empty;
+
+        public string PublicAPIRoute { get; set; } = string.Empty;
+        public string ServiceAPIRoute { get; set; } = string.Empty;
+        public string ReturnType { get; set; } = string.Empty;
+        public Dictionary<string, string> Params { get; set; } = new Dictionary<string, string>();
+    }
+    [Generator]
+    public class PublicAPISourceGenerator : ISourceGenerator
+    {
+        public void Execute(GeneratorExecutionContext context)
+        {
+
+            // get list of items we want to generate for our API glue
+            var list = ApiMethods.GetApiDefinitions();
+
+            Debug.WriteLine(context.Compilation.AssemblyName);
+
+            foreach (var config in list)
+            {
+                var paramSet = config.Params.ToList();
+                paramSet.Add(new KeyValuePair<string, string>("authContext", "AuthContext"));
+                var apiParamDecl = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Value} {p.Key}")) : "";
+                var apiParamDeclWithoutAuthContext = config.Params.Any() ? string.Join(", ", config.Params.Select(p => $"{p.Value} {p.Key}")) : "";
+
+                var apiParamCall = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Key}")): "";
+                var apiParamCallWithoutAuthContext = config.Params.Any() ? string.Join(", ", config.Params.Select(p => $"{p.Key}")) : "";
+
+                if (context.Compilation.AssemblyName.EndsWith("Api.Public"))
+                {
+                    context.AddSource($"{config.PublicAPIController}Controller.{config.OperationName}.g.cs", SourceText.From($@"
+
+using Certify.Client;
+using Certify.Server.Api.Public.Controllers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Certify.Models;
+using Certify.Models.Config.AccessControl;
+
+
+            namespace Certify.Server.Api.Public.Controllers
+            {{
+                public partial class {config.PublicAPIController}Controller
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    [{config.OperationMethod}]
+                    [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+                    [ProducesResponseType(StatusCodes.Status200OK, Type = typeof({config.ReturnType}))]
+                    [Route(""""""{config.PublicAPIRoute}"""""")]
+                    public async Task<IActionResult> {config.OperationName}({apiParamDeclWithoutAuthContext})
+                    {{
+                        var result = await _client.{config.OperationName}({apiParamCall.Replace("authContext","CurrentAuthContext")});
+                        return new OkObjectResult(result);
+                    }}
+                }}
+            }}", Encoding.UTF8));
+
+                }
+
+                if (context.Compilation.AssemblyName.EndsWith("Certify.Client"))
+                {
+
+                    if (config.OperationMethod == "HttpGet")
+                    {
+                        context.AddSource($"{config.PublicAPIController}.{config.OperationName}.ICertifyInternalApiClient.g.cs", SourceText.From($@"
+using Certify.Models;
+using Certify.Models.Config.AccessControl;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+            namespace Certify.Client
+            {{
+                public partial interface ICertifyInternalApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    Task<{config.ReturnType}> {config.OperationName}({apiParamDecl});
+                    
+                }}
+
+                public partial class CertifyApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    public async Task<{config.ReturnType}> {config.OperationName}({apiParamDecl})
+                    {{
+                        var result = await FetchAsync($""{config.ServiceAPIRoute}"", authContext);
+                        return JsonToObject<{config.ReturnType}>(result);
+                    }}
+                    
+                }}
+            }}", Encoding.UTF8));
+                    }
+
+
+                    if (config.OperationMethod == "HttpPost")
+                    {
+                        context.AddSource($"{config.PublicAPIController}.{config.OperationName}.ICertifyInternalApiClient.g.cs", SourceText.From($@"
+using Certify.Models;
+using Certify.Models.Config.AccessControl;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+            namespace Certify.Client
+            {{
+                public partial interface ICertifyInternalApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    Task<{config.ReturnType}> {config.OperationName}({apiParamDecl});
+                    
+                }}
+
+
+                public partial class CertifyApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    public async Task<{config.ReturnType}> {config.OperationName}({apiParamDecl})
+                    {{
+                        var result = await PostAsync($""{config.ServiceAPIRoute}"", {apiParamCall});
+                        return JsonToObject<{config.ReturnType}>(await result.Content.ReadAsStringAsync());
+                    }}
+                    
+                }}
+            }}", Encoding.UTF8));
+                    }
+
+
+                    if (config.OperationMethod == "HttpDelete")
+                    {
+                        context.AddSource($"{config.PublicAPIController}.{config.OperationName}.ICertifyInternalApiClient.g.cs", SourceText.From($@"
+using Certify.Models;
+using Certify.Models.Config.AccessControl;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+            namespace Certify.Client
+            {{
+                public partial interface ICertifyInternalApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    Task<{config.ReturnType}> {config.OperationName}({apiParamDecl});
+                    
+                }}
+
+
+                public partial class CertifyApiClient
+                {{
+                    /// <summary>
+                    /// {config.Comment} [Generated by Certify.SourceGenerators]
+                    /// </summary>
+                    /// <returns></returns>
+                    public async Task<{config.ReturnType}> {config.OperationName}({apiParamDecl})
+                    {{
+                    
+                        var route = $""{config.ServiceAPIRoute}"";
+
+                        var result = await DeleteAsync(route, authContext);
+                        return JsonToObject<{config.ReturnType}>(await result.Content.ReadAsStringAsync());
+
+                    }}
+                    
+                }}
+            }}", Encoding.UTF8));
+                    }
+                }
+
+                if (context.Compilation.AssemblyName.EndsWith("Certify.UI.Blazor"))
+                {
+                    context.AddSource($"AppModel.{config.OperationName}.g.cs", SourceText.From($@"
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Certify.Models;
+using Certify.Models.Config.AccessControl;
+
+            namespace Certify.UI.Client.Core
+    {{
+        public partial class AppModel
+        {{
+            public async Task<{config.ReturnType}> {config.OperationName}({apiParamDeclWithoutAuthContext})
+            {{
+                return await _api.{config.OperationName}Async({apiParamCallWithoutAuthContext});
+            }}
+        }}
+    }}", Encoding.UTF8));
+                }
+
+            }
+        }
+
+        public void Initialize(GeneratorInitializationContext context)
+        {
+#if DEBUG
+            // uncomment this to launch a debug session which code generation runs
+            // then add a watch on 
+            if (!Debugger.IsAttached)
+            {
+                // Debugger.Launch();
+            }
+#endif
+        }
+    }
+}
\ No newline at end of file

From f30db54f0b2f50f2c5bfb677a564836b7d620bf3 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 15 Feb 2024 14:14:04 +0800
Subject: [PATCH 135/237] Cleanup warnings

---
 .../Controllers/internal/ApiControllerBase.cs        |  1 -
 .../Controllers/v1/AuthController.cs                 | 11 ++++++++---
 .../Certify.Server.Api.Public/StatusHub.cs           |  2 +-
 src/Certify.UI.Desktop/App.xaml                      | 12 ++++--------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
index 4b46ef317..a83816503 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
@@ -12,7 +12,6 @@ public partial class ApiControllerBase : ControllerBase
         /// <summary>
         /// Get the corresponding auth context to pass to the backend service
         /// </summary>
-        /// <param name="httpContext"></param>
         /// <returns></returns>
         internal AuthContext CurrentAuthContext
         {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index f71fb8a79..b66ccbc98 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -67,13 +67,13 @@ public async Task<IActionResult> Login(AuthRequest login)
                 var authResponse = new AuthResponse
                 {
                     Detail = "OK",
-                    AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"])),
+                    AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20")),
                     RefreshToken = jwt.GenerateRefreshToken(),
                     SecurityPrinciple = validation.SecurityPrinciple,
                     RoleStatus = await _client.GetSecurityPrincipleRoleStatus(validation.SecurityPrinciple.Id, CurrentAuthContext)
                 };
 
-                
+
                 // TODO: Refresh token should be stored or hashed for later use
 
                 return Ok(authResponse);
@@ -105,7 +105,12 @@ public IActionResult Refresh(string refreshToken)
                 var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
                 var username = claimsIdentity.Name;
 
-                var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"]));
+                if (username == null)
+                {
+                    return Unauthorized();
+                }
+
+                var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20"));
                 var newRefreshToken = jwt.GenerateRefreshToken();
 
                 // invalidate old refresh token and store new one
diff --git a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs b/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
index 2c2ad987a..28a405764 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
@@ -85,7 +85,7 @@ public override Task OnConnectedAsync()
         /// </summary>
         /// <param name="exception"></param>
         /// <returns></returns>
-        public override Task OnDisconnectedAsync(Exception exception)
+        public override Task OnDisconnectedAsync(Exception? exception)
         {
             Debug.WriteLine("StatusHub: Client disconnected from status stream..");
             return base.OnDisconnectedAsync(exception);
diff --git a/src/Certify.UI.Desktop/App.xaml b/src/Certify.UI.Desktop/App.xaml
index a0a6511ac..644a1a01f 100644
--- a/src/Certify.UI.Desktop/App.xaml
+++ b/src/Certify.UI.Desktop/App.xaml
@@ -10,13 +10,10 @@
             <ResourceDictionary.MergedDictionaries>
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Controls.xaml" />
                 <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Fonts.xaml" />
-                <ResourceDictionary
-                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
-                <ResourceDictionary
-                    Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Light.Green.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/MahApps.Metro;component/Styles/Themes/Dark.Green.xaml" />
 
-                <ResourceDictionary
-                    Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
+                <ResourceDictionary Source="pack://application:,,,/ToastNotifications.Messages;component/Themes/Default.xaml" />
             </ResourceDictionary.MergedDictionaries>
             <!--  Heading  -->
             <Style x:Key="Subheading" TargetType="TextBlock">
@@ -54,8 +51,7 @@
 
             <!--  brush color overrides (tab items and disabled buttons)  -->
             <SolidColorBrush x:Key="MahApps.Brushes.Gray" Color="{DynamicResource MahApps.Colors.SystemChromeHigh}" />
-            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled"
-                             Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
+            <SolidColorBrush x:Key="MahApps.Brushes.Control.Disabled" Color="{DynamicResource MahApps.Colors.SystemAltLow}" />
 
             <Style TargetType="controls:NumericUpDown">
                 <Setter Property="BorderBrush" Value="{DynamicResource MahApps.Brushes.SystemControlForegroundBaseLow}" />

From 21e6f4e2f919ff253e3920d51180f9bdfa9c49fa Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 16 Feb 2024 12:34:13 +0800
Subject: [PATCH 136/237] Aspire: update references

---
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj  | 2 +-
 src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs      | 4 ++--
 .../Certify.Aspire.ServiceDefaults.csproj                 | 8 ++++----
 .../Certify.Server.Core/Certify.Server.Core/Program.cs    | 4 +++-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index 11f3a87c3..efcce1c59 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting" Version="8.0.0-preview.2.23619.3" />
+    <PackageReference Include="Aspire.Hosting" Version="8.0.0-preview.3.24105.21" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
index e88c0aac4..332ac2a00 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
@@ -1,7 +1,7 @@
 var builder = DistributedApplication.CreateBuilder(args);
 
-builder.AddProject<Projects.Certify_Server_Core>("certify.server.core");
-
 builder.AddProject<Projects.Certify_Server_Api_Public>("certify.server.api.public");
 
+builder.AddProject<Projects.Certify_Server_Core>("certify.server.core");
+
 builder.Build().Run();
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 9f3857e22..5f9293c51 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,13 +11,13 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.1.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.2.23619.3" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.2.0" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.3.24105.21" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.7.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.6.0-beta.3" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.7.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.7.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.7.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
index 82ffc5063..b92f598d3 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Program.cs
@@ -1,4 +1,4 @@
-
+
 var builder = WebApplication.CreateBuilder(args);
 
 builder.AddServiceDefaults();
@@ -9,6 +9,8 @@
 
 var app = builder.Build();
 
+app.MapDefaultEndpoints();
+
 startup.Configure(app, builder.Environment);
 
 app.Run();

From 49efe5e43cc1f0169f7a39694cfbfc79b53e6dfb Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 16 Feb 2024 12:35:08 +0800
Subject: [PATCH 137/237] Remove nuget package builds

---
 src/Certify.Locales/Certify.Locales.csproj | 2 +-
 src/Certify.Models/Certify.Models.csproj   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Locales/Certify.Locales.csproj b/src/Certify.Locales/Certify.Locales.csproj
index c0c1ff290..de366e975 100644
--- a/src/Certify.Locales/Certify.Locales.csproj
+++ b/src/Certify.Locales/Certify.Locales.csproj
@@ -2,7 +2,7 @@
     <PropertyGroup>
         <TargetFramework>netstandard2.0</TargetFramework>
         <Platforms>AnyCPU</Platforms>
-        <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+        <GeneratePackageOnBuild>False</GeneratePackageOnBuild>
         <Description>Certify Certificate Manager UI Resources</Description>
     </PropertyGroup>
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index b4ef8f946..f002f1588 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -5,7 +5,7 @@
 		<Platforms>AnyCPU</Platforms>
 		<LangVersion>10.0</LangVersion>
 		<Nullable>enable</Nullable>
-		<GeneratePackageOnBuild>True</GeneratePackageOnBuild>
+		<GeneratePackageOnBuild>False</GeneratePackageOnBuild>
 		<Description>Certify Certificate Manager API Models</Description>
 		<EnforceCodeStyleInBuild>True</EnforceCodeStyleInBuild>
 		<EnableNETAnalyzers>True</EnableNETAnalyzers>
@@ -32,6 +32,7 @@
 		</PackageReference>
 		<PackageReference Include="System.Text.Json" Version="8.0.1" />
 	</ItemGroup>
+
 	<ItemGroup>
 	  <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
 	</ItemGroup>

From e6a91c7c595373eda3f6343a3fb4a556be5daa78 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 16 Feb 2024 12:37:48 +0800
Subject: [PATCH 138/237] Cleanup type and platform warnings

---
 src/Certify.Models/API/AuthRequest.cs                      | 2 +-
 src/Certify.Models/Config/AccessControl.cs                 | 2 +-
 src/Certify.Models/Config/CertRequestConfig.cs             | 4 +++-
 .../Certify.Core.Tests.Integration/CertRequestTests.cs     | 7 +++++--
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Models/API/AuthRequest.cs b/src/Certify.Models/API/AuthRequest.cs
index 12487ad57..7ff20600f 100644
--- a/src/Certify.Models/API/AuthRequest.cs
+++ b/src/Certify.Models/API/AuthRequest.cs
@@ -64,7 +64,7 @@ public class SecurityPrincipleCheckResponse
     {
         public bool IsSuccess { get; set; }
         public string Message { get; set; } = string.Empty;
-        public SecurityPrinciple SecurityPrinciple { get; set; }
+        public SecurityPrinciple? SecurityPrinciple { get; set; }
     }
 
     public class SecurityPrinciplePasswordUpdate
diff --git a/src/Certify.Models/Config/AccessControl.cs b/src/Certify.Models/Config/AccessControl.cs
index 689797a7f..fd6fcbbc8 100644
--- a/src/Certify.Models/Config/AccessControl.cs
+++ b/src/Certify.Models/Config/AccessControl.cs
@@ -45,7 +45,7 @@ public class SecurityPrinciple : AccessStoreItem
     public class Role : AccessStoreItem
     {
         public List<string> Policies { get; set; } = new List<string>();
-        public Role(string id, string title, string description, List<string> policies = null)
+        public Role(string id, string title, string description, List<string>? policies = null)
         {
             Id = id;
             Title = title;
diff --git a/src/Certify.Models/Config/CertRequestConfig.cs b/src/Certify.Models/Config/CertRequestConfig.cs
index 0efb3360f..85b86fcaf 100644
--- a/src/Certify.Models/Config/CertRequestConfig.cs
+++ b/src/Certify.Models/Config/CertRequestConfig.cs
@@ -340,6 +340,8 @@ internal List<string> GetCertificateDomains()
 
             return allDomains.Distinct().ToList();
         }
+       
+        private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
         private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
@@ -370,7 +372,7 @@ public List<CertIdentifierItem> GetCertificateIdentifiers()
                     var atc = jwt.Claims.FirstOrDefault(c => c.Type == "atc");
                     if (atc != null)
                     {
-                        var parsedAtc = System.Text.Json.JsonSerializer.Deserialize<AtcClaim>(atc.Value, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+                        var parsedAtc = System.Text.Json.JsonSerializer.Deserialize<AtcClaim>(atc.Value, _defaultJsonSerializerOptions);
                         if (parsedAtc != null)
                         {
                             identifiers.Add(new CertIdentifierItem { IdentifierType = CertIdentifierType.TnAuthList, Value = parsedAtc.TkValue });
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
index b68c6a6b0..de9418e12 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
@@ -15,6 +15,8 @@
 
 namespace Certify.Core.Tests
 {
+
+#pragma warning disable CS0618 // Type or member is obsolete
     [TestClass]
     /// <summary>
     /// Integration tests for CertifyManager
@@ -612,7 +614,7 @@ public async Task TestChallengeRequestDNSWildcard()
         }
 
         [TestMethod]
-        public async Task TestRequestTnAuthCSR()
+        public void TestRequestTnAuthCSR()
         {
             var pemKey = ConfigSettings["TestAuthTokenPrivateKey"];
 
@@ -695,7 +697,7 @@ public async Task TestRequestTnAuthList()
             var managedCertificates = await certifyManager.GetManagedCertificates(new ManagedCertificateFilter { Id = dummyManagedCertificate.Id });
             var managedCertificate = managedCertificates.FirstOrDefault(m => m.Id == dummyManagedCertificate.Id);
 
-            //emsure we have a new managed site
+            //ensure we have a new managed site
             Assert.IsNotNull(managedCertificate);
 
             //have cert file details
@@ -721,4 +723,5 @@ public async Task TestRequestTnAuthList()
             CertificateManager.RemoveCertificate(certInfo);
         }
     }
+#pragma warning restore CS0618 // Type or member is obsolete
 }

From a42b541883ad4dda5b34f4cd631b9adf58df1f70 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 16 Feb 2024 12:40:27 +0800
Subject: [PATCH 139/237] Credentials: use default data protection scope and
 cleanup platform specific

---
 .../Management/CredentialsManagerBase.cs      | 30 ++++++++++++++-----
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Shared/Management/CredentialsManagerBase.cs b/src/Certify.Shared/Management/CredentialsManagerBase.cs
index b2626fe1d..85a9f4a05 100644
--- a/src/Certify.Shared/Management/CredentialsManagerBase.cs
+++ b/src/Certify.Shared/Management/CredentialsManagerBase.cs
@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
@@ -61,7 +63,7 @@ public virtual async Task<Dictionary<string, string>> GetUnlockedCredentialsDict
         public string Protect(
                 string clearText,
                 string optionalEntropy = null,
-                DataProtectionScope scope = DataProtectionScope.CurrentUser)
+                DataProtectionScope? scope = null)
         {
             // https://www.thomaslevesque.com/2013/05/21/an-easy-and-secure-way-to-store-a-password-using-data-protection-api/
 
@@ -70,18 +72,27 @@ public string Protect(
                 return null;
             }
 
-            if (_useWindowsNativeFeatures)
+            if (_useWindowsNativeFeatures && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
+                if (scope == null)
+                {
+                    scope = DataProtectionScope.CurrentUser;
+                }
 
                 var clearBytes = Encoding.UTF8.GetBytes(clearText);
                 var entropyBytes = string.IsNullOrEmpty(optionalEntropy)
                     ? null
                     : Encoding.UTF8.GetBytes(optionalEntropy);
-                var encryptedBytes = ProtectedData.Protect(clearBytes, entropyBytes, scope);
+                var encryptedBytes = ProtectedData.Protect(clearBytes, entropyBytes, (DataProtectionScope)scope);
                 return Convert.ToBase64String(encryptedBytes);
             }
             else
             {
+#if RELEASE
+                Trace.Assert(true, "Using dummy encryption, not suitable for production use.");
+#endif
+                Trace.WriteLine("Using dummy encryption, not suitable for production use.");
+
                 // TODO: dummy implementation, require alternative implementation for non-windows
                 return Convert.ToBase64String(Encoding.UTF8.GetBytes(clearText).Reverse().ToArray());
             }
@@ -97,7 +108,7 @@ public string Protect(
         public string Unprotect(
             string encryptedText,
             string optionalEntropy = null,
-            DataProtectionScope scope = DataProtectionScope.CurrentUser)
+            DataProtectionScope? scope = null)
         {
             // https://www.thomaslevesque.com/2013/05/21/an-easy-and-secure-way-to-store-a-password-using-data-protection-api/
 
@@ -106,18 +117,23 @@ public string Unprotect(
                 throw new ArgumentNullException("encryptedText");
             }
 
-            if (_useWindowsNativeFeatures)
+            if (_useWindowsNativeFeatures && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
+                if (scope == null)
+                {
+                    scope = DataProtectionScope.CurrentUser;
+                }
+
                 var encryptedBytes = Convert.FromBase64String(encryptedText);
                 var entropyBytes = string.IsNullOrEmpty(optionalEntropy)
                     ? null
                     : Encoding.UTF8.GetBytes(optionalEntropy);
-                var clearBytes = ProtectedData.Unprotect(encryptedBytes, entropyBytes, scope);
+                var clearBytes = ProtectedData.Unprotect(encryptedBytes, entropyBytes, (DataProtectionScope)scope);
                 return Encoding.UTF8.GetString(clearBytes);
             }
             else
             {
-
+                Debug.WriteLine("Using dummy encryption, not suitable for production use.");
                 // TODO: dummy implementation, implement alternative implementation for non-windows
                 var bytes = Convert.FromBase64String(encryptedText);
                 return Encoding.UTF8.GetString(bytes.Reverse().ToArray());

From d7228d5bfd4bd238d90d100fc469146fec455fca Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 16 Feb 2024 16:27:22 +0800
Subject: [PATCH 140/237] Core: add data protector service

---
 .../Certify.Server.Core/Certify.Server.Core/Startup.cs      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
index 692e23be1..b757fdebc 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
@@ -1,4 +1,4 @@
-using System.Text;
+using System.Text;
 using Certify.Management;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
@@ -24,6 +24,10 @@ public void ConfigureServices(IServiceCollection services)
                 .AddSignalR()
                 .AddMessagePackProtocol();
 
+            services.AddDataProtection(a =>
+            {
+                a.ApplicationDiscriminator = "certify";
+            });
             services.AddResponseCompression(opts =>
             {
                 opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(new[] { "application/octet-stream", "application/json" });

From ffdcd8ef0d1a28e01a6b2cb0ede38d7b98be2fd5 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 10:50:18 +0800
Subject: [PATCH 141/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                  | 6 +++---
 src/Certify.Models/Certify.Models.csproj                  | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj           | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                | 8 ++++----
 .../Certify.Server.Api.Public.csproj                      | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj        | 8 ++++----
 .../Certify.Core.Tests.Integration.csproj                 | 4 ++--
 .../Certify.Core.Tests.Unit.csproj                        | 4 ++--
 .../Certify.Service.Tests.Integration.csproj              | 4 ++--
 .../Certify.UI.Tests.Integration.csproj                   | 4 ++--
 src/Certify.UI.Shared/Certify.UI.Shared.csproj            | 2 +-
 11 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index ca1a1f5c1..f22304360 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,8 +16,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.2" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.3.0" />
@@ -27,7 +27,7 @@
   <ItemGroup>
     <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
     <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
-    <ProjectReference Include="..\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false"/>
+    <ProjectReference Include="..\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
 
   </ItemGroup>
 
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index f002f1588..830d231bf 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="8.0.1" />
+		<PackageReference Include="System.Text.Json" Version="8.0.2" />
 	</ItemGroup>
 
 	<ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 6f75e2295..407235a22 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.13" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.19" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 8b1b7011b..cd54615d4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,11 +10,11 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.1" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.2" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
         <PackageReference Include="coverlet.collector" Version="6.0.0">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 721796c11..476f45799 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,7 +18,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.2" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 595e7b14f..17ee8ba35 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.3.0" />
         <PackageReference Include="Serilog" Version="3.1.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.2" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.1" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.1" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.2" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index aa0cc3371..38c786d95 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -93,8 +93,8 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.3.0" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index c4a746e23..8c708643e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -144,8 +144,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
     <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 6cecb4f74..7e1622998 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -78,8 +78,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
     <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 8e0d6ea3f..732450002 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -74,8 +74,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 0762fb164..e2f92851f 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="3.1.1" />
-		<PackageReference Include="System.Text.Json" Version="8.0.1" />
+		<PackageReference Include="System.Text.Json" Version="8.0.2" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>

From bd358fd356507f890995ea54bf90f3b99d4309f5 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 11:58:58 +0800
Subject: [PATCH 142/237] Tests: Fix access control object mutation during test

---
 .../Management/Access/AccessControl.cs        | 14 ++++++++++++--
 .../Tests/AccessControlTests.cs               | 19 +++++++++++++------
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 81f82018a..dab87622c 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -316,8 +316,18 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, Se
 
             if (IsPasswordValid(passwordUpdate.Password, principle.Password))
             {
-                principle.Password = HashPassword(passwordUpdate.NewPassword);
-                await UpdateSecurityPrinciple(contextUserId, principle);
+                try
+                {
+                    var updateSp = await _store.Get<SecurityPrinciple>(nameof(SecurityPrinciple), principle.Id);
+                    updateSp.Password = HashPassword(passwordUpdate.NewPassword);
+                    await _store.Update<SecurityPrinciple>(nameof(SecurityPrinciple), updateSp);
+                    updated = true;
+                }
+                catch
+                {
+                    await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple password [{principle?.Id}], but was not successful");
+                    return false;
+                }
             }
             else
             {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index 1fd6deb70..1f486f180 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -20,7 +20,10 @@ public class MemoryObjectStore : IAccessControlStore
         public Task Add<T>(string itemType, AccessStoreItem item)
         {
             item.ItemType = itemType;
-            return Task.FromResult(_store.TryAdd(item.Id, item));
+            
+            // clone the item to avoid reference issue mutating the same object, as we are using an in-memory store
+            var clonedItem = JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(item)) as AccessStoreItem;
+            return Task.FromResult(_store.TryAdd(clonedItem.Id, clonedItem));
         }
 
         public Task<bool> Delete<T>(string itemType, string id)
@@ -47,12 +50,15 @@ public Task Add<T>(string itemType, T item)
         {
             var o = item as AccessStoreItem;
             o.ItemType = itemType;
-            return Task.FromResult(_store.TryAdd(o.Id, o));
+
+            var clonedItem = JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(o)) as AccessStoreItem;
+            return Task.FromResult(_store.TryAdd(clonedItem.Id, clonedItem));
         }
 
         public Task Update<T>(string itemType, T item)
         {
-            var o = item as AccessStoreItem;
+            var o =  JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(item)) as AccessStoreItem;
+
             _store.TryGetValue(o.Id, out var value);
             var c = Task.FromResult((T)Convert.ChangeType(value, typeof(T))).Result as AccessStoreItem;
             var r = Task.FromResult(_store.TryUpdate(o.Id, o, c));
@@ -296,9 +302,6 @@ public async Task TestUpdateSecurityPrinciple()
             var assignedRoles = new List<AssignedRole> { TestAssignedRoles.Admin, TestAssignedRoles.TestAdmin };
             assignedRoles.ForEach(async r => await access.AddAssignedRole(r));
 
-            // clone the test security principles to avoid reference issues as we are using an in-memory store
-            adminSecurityPrinciples = JsonConvert.DeserializeObject<List<SecurityPrinciple>>(JsonConvert.SerializeObject(adminSecurityPrinciples));
-
             // Validate email of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() before update
             var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
             Assert.AreEqual(storedSecurityPrinciple.Email, adminSecurityPrinciples[0].Email, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Email '{adminSecurityPrinciples[0].Email}' of SecurityPrinciple passed into AddSecurityPrinciple()");
@@ -335,6 +338,7 @@ public async Task TestUpdateSecurityPrincipleNoRoles()
             // Update security principle in AccessControl with a new principle object of the same Id, but different email, with roles undefined
             var newSecurityPrinciple = TestSecurityPrinciples.Admin;
             newSecurityPrinciple.Email = "new_test_email@test.com";
+
             var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
             Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to be unsuccessful without roles defined");
         }
@@ -371,6 +375,7 @@ public async Task TestUpdateSecurityPrincipleBadUpdate()
             newSecurityPrinciple.Email = "new_test_email@test.com";
             newSecurityPrinciple.Id = "missing_username";
             var securityPrincipleUpdated = await access.UpdateSecurityPrinciple(contextUserId, newSecurityPrinciple);
+
             Assert.IsFalse(securityPrincipleUpdated, $"Expected security principle update for {newSecurityPrinciple.Id} to be unsuccessful with bad update data (Id does not already exist in store)");
         }
 
@@ -411,6 +416,7 @@ public async Task TestUpdateSecurityPrinciplePassword()
             // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after update
             storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
             var newPasswordHashed = access.HashPassword(newPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+
             Assert.AreNotEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to not match previous Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
             Assert.AreEqual(storedSecurityPrinciple.Password, newPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match updated Password '{newPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
         }
@@ -431,6 +437,7 @@ public async Task TestUpdateSecurityPrinciplePasswordNoRoles()
             // Validate password of SecurityPrinciple object returned by AccessControl.GetSecurityPrinciple() after failed update
             var storedSecurityPrinciple = await access.GetSecurityPrinciple(contextUserId, adminSecurityPrinciples[0].Id);
             var firstPasswordHashed = access.HashPassword(firstPassword, storedSecurityPrinciple.Password.Split('.')[1]);
+
             Assert.AreEqual(storedSecurityPrinciple.Password, firstPasswordHashed, $"Expected SecurityPrinciple returned by GetSecurityPrinciple() to match Password '{firstPasswordHashed}' of SecurityPrinciple passed into AddSecurityPrinciple()");
         }
 

From b7a592eb74b915798b46a7d81d35bb2dfc4b2c59 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 12:24:55 +0800
Subject: [PATCH 143/237] Test: clean up unused configuration

---
 .../Tests/CertifyManagerAccountTests.cs       | 22 +++++++------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index f9fd0a4f2..df0f82234 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -399,8 +399,7 @@ private async Task CheckForExistingLeAccount()
         [TestMethod, Description("Happy path test for using CertifyManager.GetAccountDetails()")]
         public async Task TestCertifyManagerGetAccountDetails()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
         }
@@ -415,8 +414,7 @@ public async Task TestCertifyManagerGetAccountDetailsNullItem()
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when allowCache is false")]
         public async Task TestCertifyManagerGetAccountDetailsAllowCacheFalse()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, false);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
         }
@@ -424,8 +422,7 @@ public async Task TestCertifyManagerGetAccountDetailsAllowCacheFalse()
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when CertificateAuthorityId is defined in passed ManagedCertificate")]
         public async Task TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = _customCa.Id });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true, CertificateAuthorityId = _customCa.Id });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
             Assert.AreEqual(_customCa.Id, caAccount.CertificateAuthorityId, $"Unexpected certificate authority id '{caAccount.CertificateAuthorityId}'");
@@ -434,7 +431,7 @@ public async Task TestCertifyManagerGetAccountDetailsDefinedCertificateAuthority
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when OverrideAccountDetails is defined in CertifyManager")]
         public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetails()
         {
-            var testUrl = "test.com";
+
             var account = new AccountDetails
             {
                 AccountKey = "",
@@ -447,7 +444,7 @@ public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetai
             };
             _certifyManager.OverrideAccountDetails = account;
 
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
             Assert.AreEqual("test@certifytheweb.com", caAccount.Email);
@@ -458,8 +455,7 @@ public async Task TestCertifyManagerGetAccountDetailsDefinedOverrideAccountDetai
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when there is no matching account")]
         public async Task TestCertifyManagerGetAccountDetailsNoMatches()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "sectigo-ev" });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true, CertificateAuthorityId = "sectigo-ev" });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert);
             Assert.IsNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to be null");
         }
@@ -467,8 +463,7 @@ public async Task TestCertifyManagerGetAccountDetailsNoMatches()
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when it is a resume order")]
         public async Task TestCertifyManagerGetAccountDetailsIsResumeOrder()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true, CertificateAuthorityId = "letsencrypt.org", LastAttemptedCA = "zerossl.com" });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true, CertificateAuthorityId = "letsencrypt.org", LastAttemptedCA = "zerossl.com" });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, true, false, true);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
         }
@@ -476,8 +471,7 @@ public async Task TestCertifyManagerGetAccountDetailsIsResumeOrder()
         [TestMethod, Description("Test for using CertifyManager.GetAccountDetails() when allowFailover is true")]
         public async Task TestCertifyManagerGetAccountDetailsAllowFailover()
         {
-            var testUrl = "test.com";
-            var dummyManagedCert = (new ManagedCertificate { CurrentOrderUri = testUrl, UseStagingMode = true });
+            var dummyManagedCert = (new ManagedCertificate { UseStagingMode = true });
             var caAccount = await _certifyManager.GetAccountDetails(dummyManagedCert, true, true);
             Assert.IsNotNull(caAccount, "Expected result of CertifyManager.GetAccountDetails() to not be null");
         }

From b43bca45d5ba91818d5267c5bf6bd24591b76667 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 13:37:04 +0800
Subject: [PATCH 144/237] Update self signed cert generation/storage and tests

---
 .../Management/CertificateManager.cs          |  2 +-
 .../Tests/BindingMatchTests.cs                |  6 ++-
 .../Tests/MiscTests.cs                        | 41 ++++++++++++++++++-
 3 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index 5bb5e56fb..13bcc8b3c 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
index 5e829ce2f..ce4be89b3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
@@ -770,7 +770,6 @@ public async Task HttpsIPBindingChecks()
             Assert.AreEqual("Install Certificate For Binding", results[1].Title);
         }
 
-#if NET462
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when CertificateThumbprintHash is defined")]
         public async Task MixedIPBindingChecksCertificateThumbprintHash()
         {
@@ -830,6 +829,8 @@ public async Task MixedIPBindingChecksCertificateThumbprintHash()
             Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
             Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
             Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+
+            CertificateManager.RemoveCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
         }
 
         [TestMethod, Description("Test if mixed ipv4+ipv6 bindings are handled when CertificatePreviousThumbprintHash is defined")]
@@ -892,8 +893,9 @@ public async Task MixedIPBindingChecksCertificatePreviousThumbprintHash()
             Assert.AreEqual("Deployment.UpdateBinding", results[2].Category);
             Assert.IsTrue(results[2].Description.Contains("Update https binding |  | **\\*:443:test.com SNI**"), $"Unexpected description: '{results[2].Description}'");
             Assert.AreEqual("Install Certificate For Binding", results[2].Title);
+
+            CertificateManager.RemoveCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
         }
-#endif
 
         [TestMethod, Description("Test if ftp bindings are handled when not in preview")]
         public async Task FtpBindingChecksNoPreview()
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index abdee2668..57f24d680 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -1,5 +1,6 @@
-using System;
+using System;
 using System.Threading.Tasks;
+using Certify.Management;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
@@ -61,6 +62,44 @@ public async Task TestNtp()
                 Assert.Fail("NTP Time Difference Failed");
             }
         }
+
+        [TestMethod, Description("Test self signed cert")]
+        public void TestSelfSignedCertCreate()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+        }
+
+        [TestMethod, Description("Test self signed cert storage")]
+        public void TestSelfSignedCertCreateAndStore()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+
+            CertificateManager.StoreCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            CertificateManager.RemoveCertificate(storedCert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+        }
+
+        [TestMethod, Description("Test localhost cert")]
+        public void TestSelfSignedLocalhostCertCreateAndStore()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+
+            CertificateManager.StoreCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            CertificateManager.RemoveCertificate(storedCert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
+        }
 #if NET7_0_OR_GREATER
         [TestMethod, Description("Test ARI CertID encoding example")]
         public void TestARICertIDEncoding()

From 3385e6527c8739566111f44cf8f1a8a174d57040 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 16:26:20 +0800
Subject: [PATCH 145/237] Update cert operation tests for private key path
 checks

---
 .../Management/CertificateManager.cs          |  4 +
 .../Tests/CertificateOperationTests.cs        | 93 +++++++++++++++++++
 .../Tests/MiscTests.cs                        |  1 -
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs

diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index 13bcc8b3c..6016c6ca8 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -20,6 +20,7 @@
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.Security;
+
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.X509;
 
@@ -748,6 +749,9 @@ private static string GetWindowsPrivateKeyLocation(string keyFileName)
             {
                 return machineKeyPath;
             }
+            
+            // if EC key may be under /keys
+            machineKeyPath = Path.Combine(appDataPath, "Microsoft", "Crypto", "Keys");
 
             // if EC/CNG key may be under /keys
             machineKeyPath = Path.Combine(new string[] { appDataPath, "Microsoft", "Crypto", "Keys" });
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
new file mode 100644
index 000000000..676f68b80
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
@@ -0,0 +1,93 @@
+using System;
+using Certify.Management;
+using Certify.Models;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class CertificateOperationTests
+    {
+        [TestMethod, Description("Test self signed cert")]
+        public void TestSelfSignedCertCreate()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+        }
+
+        [TestMethod, Description("Test self signed cert storage")]
+        public void TestSelfSignedCertCreateAndStore()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+
+            CertificateManager.StoreCertificate(cert, CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
+        }
+
+        [TestMethod, Description("Test localhost cert")]
+        public void TestSelfSignedLocalhostCertCreateAndStore()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)");
+            Assert.IsNotNull(cert);
+
+            CertificateManager.StoreCertificate(cert, CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
+        }
+
+        [TestMethod, Description("Test get cert RSA private key file path")]
+        public void TestGetRSAPrivateKeyPath()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: StandardKeyTypes.RSA256);
+
+            CertificateManager.StoreCertificate(cert, CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            try
+            {
+                var path = CertificateManager.GetCertificatePrivateKeyPath(storedCert);
+                Assert.IsNotNull(path);
+            }
+            finally
+            {
+                CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
+            }
+        }
+
+        [TestMethod, Description("Test get cert ECDSA private key file path")]
+        public void TestGetECDSAPrivateKeyPath()
+        {
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: StandardKeyTypes.ECDSA256);
+
+            CertificateManager.StoreCertificate(cert, CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            try
+            {
+                var path = CertificateManager.GetCertificatePrivateKeyPath(storedCert);
+                Assert.IsNotNull(path);
+            }
+            finally
+            {
+                CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
+            }
+        }
+    }
+}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index 57f24d680..6d1a6e8f9 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Threading.Tasks;
-using Certify.Management;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 

From 06c51b8f2f98d55bb2c8a990b300ed59566ba433 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 19 Feb 2024 16:46:19 +0800
Subject: [PATCH 146/237] Remove deprecated use of CertID for OCSP etc

---
 src/Certify.CLI/Certify.CLI.csproj        | 4 ++++
 src/Certify.Shared/Utils/PKI/CertUtils.cs | 3 ++-
 src/Certify.Shared/Utils/PKI/OcspUtils.cs | 5 ++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/Certify.CLI/Certify.CLI.csproj b/src/Certify.CLI/Certify.CLI.csproj
index 9228a8a5a..85b8c0f86 100644
--- a/src/Certify.CLI/Certify.CLI.csproj
+++ b/src/Certify.CLI/Certify.CLI.csproj
@@ -79,4 +79,8 @@
     <None Include="App.config" />
     <None Include="app.manifest" />
   </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
+  </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Shared/Utils/PKI/CertUtils.cs b/src/Certify.Shared/Utils/PKI/CertUtils.cs
index 02dd3e936..2925ce886 100644
--- a/src/Certify.Shared/Utils/PKI/CertUtils.cs
+++ b/src/Certify.Shared/Utils/PKI/CertUtils.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
@@ -6,6 +6,7 @@
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.OpenSsl;
 using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Security;
 using Org.BouncyCastle.X509;
 
 namespace Certify.Shared.Core.Utils.PKI
diff --git a/src/Certify.Shared/Utils/PKI/OcspUtils.cs b/src/Certify.Shared/Utils/PKI/OcspUtils.cs
index d47bba76f..1f006d838 100644
--- a/src/Certify.Shared/Utils/PKI/OcspUtils.cs
+++ b/src/Certify.Shared/Utils/PKI/OcspUtils.cs
@@ -1,12 +1,15 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net;
 using System.Net.Http;
+using System.Text;
 using System.Threading.Tasks;
 using Certify.Models.Certify.Models;
 using Certify.Models.Providers;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Ocsp;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Ocsp;

From 4c6c7a23b488f1928afc0e0f5b1008ab1b5f5afd Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 11:19:17 +0800
Subject: [PATCH 147/237] Access control: standard roles, policies, resource
 actions, cleanup

---
 .../Management/Access/AccessControl.cs        |  11 +-
 .../Management/Access/IAccessControl.cs       |   4 +-
 .../CertifyManager.Maintenance.cs             |  83 ++++++++
 .../CertifyManager/CertifyManager.cs          |  69 +------
 .../Config/AccessControlConfig.cs             | 180 +++++++++++++-----
 .../Controllers/AccessController.cs           |   2 +-
 .../DataStores/AccessControlDataStoreTests.cs |   6 +-
 .../Tests/AccessControlTests.cs               |  26 +--
 8 files changed, 235 insertions(+), 146 deletions(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index dab87622c..4f36c6d07 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -58,14 +58,9 @@ public async Task<bool> IsInitialized()
             }
         }
 
-        public async Task<List<Role>> GetSystemRoles()
+        public async Task<List<Role>> GetRoles()
         {
-            return await Task.FromResult(new List<Role>
-            {
-                StandardRoles.Administrator,
-                StandardRoles.IdentifierController,
-                StandardRoles.CertificateConsumer
-            });
+            return await _store.GetItems<Role>(nameof(Role));
         }
 
         public async Task<List<SecurityPrinciple>> GetSecurityPrinciples(string contextUserId)
@@ -402,7 +397,7 @@ public async Task AddAssignedRole(AssignedRole r)
             await _store.Add(nameof(AssignedRole), r);
         }
 
-        public async Task AddAction(ResourceAction action)
+        public async Task AddResourceAction(ResourceAction action)
         {
             await _store.Add(nameof(ResourceAction), action);
         }
diff --git a/src/Certify.Core/Management/Access/IAccessControl.cs b/src/Certify.Core/Management/Access/IAccessControl.cs
index a4c8a7e71..8e9a8b8c9 100644
--- a/src/Certify.Core/Management/Access/IAccessControl.cs
+++ b/src/Certify.Core/Management/Access/IAccessControl.cs
@@ -17,7 +17,7 @@ public interface IAccessControl
         /// Get the list of standard roles built-in to the system
         /// </summary>
         /// <returns></returns>
-        Task<List<Role>> GetSystemRoles();
+        Task<List<Role>> GetRoles();
         Task<bool> IsAuthorised(string contextUserId, string principleId, string roleId, string resourceType, string actionId, string identifier);
         Task<bool> IsPrincipleInRole(string contextUserId, string id, string roleId);
         Task<List<AssignedRole>> GetAssignedRoles(string contextUserId, string id);
@@ -29,7 +29,7 @@ public interface IAccessControl
 
         Task AddRole(Role role);
         Task AddAssignedRole(AssignedRole assignedRole);
-        Task AddAction(ResourceAction action);
+        Task AddResourceAction(ResourceAction action);
         Task<bool> IsInitialized();
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index 2ba2845ef..da02f4e6c 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -5,8 +5,10 @@
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using Certify.Core.Management.Access;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.AccessControl;
 using Certify.Models.Shared;
 
 namespace Certify.Management
@@ -59,6 +61,87 @@ private async Task UpgradeSettings()
                 CoreAppSettings.Current.CurrentServiceVersion = systemVersion;
                 SettingsManager.SaveAppSettings();
             }
+
+            var accessControl = await GetCurrentAccessControl();
+
+            if (await accessControl.IsInitialized() == false)
+            {
+                await BootstrapTestAdminUserAndRoles(accessControl);
+            }
+            else
+            {
+                await UpdateStandardRoles(accessControl);
+            }
+        }
+
+        private static async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
+        {
+            // setup roles with policies
+            await UpdateStandardRoles(access);
+
+            var adminSp = new SecurityPrinciple
+            {
+                Id = "admin_01",
+                Description = "Primary default admin",
+                PrincipleType = SecurityPrincipleType.User,
+                Username = "admin",
+                Password = "admin",
+                Provider = StandardIdentityProviders.INTERNAL
+            };
+            
+            await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
+         
+            // assign security principles to roles
+            var assignedRoles = new List<AssignedRole> {
+                 // administrator
+                 new AssignedRole{
+                     Id= Guid.NewGuid().ToString(),
+                     RoleId=StandardRoles.Administrator.Id,
+                     SecurityPrincipleId=adminSp.Id
+                 }
+            };
+
+            foreach (var r in assignedRoles)
+            {
+                // add roles and policy assignments to store
+                await access.AddAssignedRole(r);
+            }
+        }
+
+        /// <summary>
+        /// Add/update standard system roles, policies and resource actions
+        /// </summary>
+        /// <param name="access"></param>
+        /// <returns></returns>
+        private static async Task UpdateStandardRoles(IAccessControl access)
+        {
+            // setup roles with policies
+
+            var actions = Policies.GetStandardResourceActions();
+
+            foreach (var action in actions)
+            {
+                await access.AddResourceAction(action);
+            }
+
+            // setup policies with actions
+
+            var policies = Policies.GetStandardPolicies();
+
+            // add policies to store
+            foreach (var r in policies)
+            {
+                _ = await access.AddResourcePolicy(null, r, bypassIntegrityCheck: true);
+            }
+
+            // setup roles with policies
+            var roles = Policies.GetStandardRoles();
+
+            foreach (var r in roles)
+            {
+                // add roles and policy assignments to store
+                await access.AddRole(r);
+            }
         }
 
         /// <summary>
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index d3b3bc8a0..f8b38cfdc 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -189,76 +189,9 @@ public async Task Init()
 
             SetupJobs();
 
-            _serviceLog?.Information("Certify Manager Started");
-        }
-
             await UpgradeSettings();
 
-            var accessControl = await GetCurrentAccessControl();
-
-            if (await accessControl.IsInitialized() == false)
-            {
-                BootstrapTestAdminUserAndRoles(accessControl).Wait();
-            }
-        }
-
-        private static async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
-        {
-
-            var adminSp = new SecurityPrinciple
-            {
-                Id = "admin_01",
-                Email = "admin@test.com",
-                Description = "Primary test admin",
-                PrincipleType = SecurityPrincipleType.User,
-                Username = "admin",
-                Password = "admin",
-                Provider = StandardProviders.INTERNAL
-            };
-
-            await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
-
-            var actions = Policies.GetStandardResourceActions();
-
-            foreach (var action in actions)
-            {
-                await access.AddAction(action);
-            }
-
-            // setup policies with actions
-
-            var policies = Policies.GetStandardPolicies();
-
-            // add policies to store
-            foreach (var r in policies)
-            {
-                _ = await access.AddResourcePolicy(adminSp.Id, r, bypassIntegrityCheck: true);
-            }
-
-            // setup roles with policies
-            var roles = await access.GetSystemRoles();
-
-            foreach (var r in roles)
-            {
-                // add roles and policy assignments to store
-                await access.AddRole(r);
-            }
-
-            // assign security principles to roles
-            var assignedRoles = new List<AssignedRole> {
-                 // administrator
-                 new AssignedRole{
-                     Id= Guid.NewGuid().ToString(),
-                     RoleId=StandardRoles.Administrator.Id,
-                     SecurityPrincipleId=adminSp.Id
-                 }
-            };
-
-            foreach (var r in assignedRoles)
-            {
-                // add roles and policy assignments to store
-                await access.AddAssignedRole(r);
-            }
+            _serviceLog?.Information("Certify Manager Started");
         }
 
         /// <summary>
diff --git a/src/Certify.Models/Config/AccessControlConfig.cs b/src/Certify.Models/Config/AccessControlConfig.cs
index 02a717c7b..a1d119a50 100644
--- a/src/Certify.Models/Config/AccessControlConfig.cs
+++ b/src/Certify.Models/Config/AccessControlConfig.cs
@@ -17,20 +17,25 @@ public enum SecurityPermissionType
 
     public class StandardRoles
     {
+        public static Role Administrator { get; } = new Role("sysadmin", "Administrator", "Certify Server Administrator",
+            policies: new List<string> {
+                     StandardPolicies.ManagedItemAdmin,
+                     StandardPolicies.StoredCredentialAdmin,
+                     StandardPolicies.AccessAdmin
+                    });
 
-        public static Role Administrator { get; } = new Role("sysadmin", "Administrator", "Certify Server Administrator", policies: new List<string> {
-                     "managed_item_admin",
-                     "access_admin",
-                     "storedcredential_admin"
+        public static Role CertificateManager { get; } = new Role("cert_manager", "Certificate Manager", "Can manage and administer all certificates",
+            policies: new List<string> {
+                     StandardPolicies.ManagedItemAdmin,
+                     StandardPolicies.StoredCredentialAdmin
                     });
-        public static Role CertificateManager { get; } = new Role("cert_manager", "Certificate Manager", "Can manage and administer all certificates");
-        public static Role CertificateConsumer { get; } = new Role("cert_consumer", "Certificate Consumer", "User of a given certificate", policies: new List<string> { "certificate_consumer" });
-        public static Role StoredCredentialConsumer { get; } = new Role("storedcredential_consumer", "Stored Credential Fetch Consumer", "Can fetch a decrypted stored credential", policies: new List<string> { "storedcredential_fetch" });
-        public static Role IdentifierController { get; } = new Role("identifier_controller", "Subject Identifier Controller", "Controls certificate access for a given domain/identifier");
-        public static Role IdentifierRequestor { get; } = new Role("identifier_requestor", "Subject Identifier Requestor", "Can request new certs for subdomains/subresources on a given domain/identifier ");
+
+        public static Role CertificateConsumer { get; } = new Role("cert_consumer", "Certificate Consumer", "User of a given certificate", policies: new List<string> { StandardPolicies.CertificateConsumer });
+
+        public static Role StoredCredentialConsumer { get; } = new Role("storedcredential_consumer", "Stored Credential Fetch Consumer", "Can fetch a decrypted stored credential", policies: new List<string> { StandardPolicies.StoredCredentialConsumer });
     }
 
-    public class StandardProviders
+    public class StandardIdentityProviders
     {
         /// <summary>
         /// Identity is stored in the app/service database
@@ -56,6 +61,7 @@ public class StandardProviders
     public class ResourceTypes
     {
         public static string System { get; } = "system";
+        public static string SecurityPrinciple { get; } = "securityprinciple";
         public static string Domain { get; } = "domain";
         public static string ManagedItem { get; } = "manageditem";
         public static string Certificate { get; } = "certificate";
@@ -66,81 +72,153 @@ public class ResourceTypes
     public static class StandardResourceActions
     {
         public const string CertificateDownload = "certificate_download";
+        public const string CertificateKeyDownload = "certificate_key_download";
+
+        public const string ManagedItemRequester = "manageditem_requester";
         public const string ManagedItemAdd = "manageditem_add";
         public const string ManagedItemList = "manageditem_list";
+        public const string ManagedItemUpdate = "manageditem_update";
+        public const string ManagedItemDelete = "manageditem_delete";
+        public const string ManagedItemTest = "manageditem_test";
+        public const string ManagedItemRenew = "manageditem_renew";
+        public const string ManagedItemTaskAdd = "manageditem_task_add";
+        public const string ManagedItemTaskUpdate = "manageditem_task_update";
+        public const string ManagedItemTaskDelete = "manageditem_task_delete";
+        public const string ManagedItemLogView = "manageditem_log_view";
+
+        public const string StoredCredentialAdd = "storedcredential_add";
+        public const string StoredCredentialUpdate = "storedcredential_update";
+        public const string StoredCredentialDelete = "storedcredential_delete";
+        public const string StoredCredentialList = "storedcredential_list";
+        public const string StoredCredentialDownload = "storedcredential_consumer";
+
+        public const string SecurityPrincipleList = "securityprinciple_list";
+        public const string SecurityPrincipleAdd = "securityprinciple_add";
+        public const string SecurityPrincipleUpdate = "securityprinciple_update";
+        public const string SecurityPrincipleDelete = "securityprinciple_delete";
+        public const string SecurityPrinciplePasswordUpdate = "securityprinciple_password_update";
+
+    }
+
+    public class StandardPolicies
+    {
+        public const string AccessAdmin = "access_admin";
+        public const string ManagedItemAdmin = "managed_item_admin";
+        public const string CertificateConsumer = "certificate_consumer";
+        public const string StoredCredentialAdmin = "storedcredential_admin";
+        public const string StoredCredentialConsumer = "storedcredential_consumer";
     }
 
     public static class Policies
     {
+        public static List<Role> GetStandardRoles()
+        {
+            return new List<Role>
+            {
+                StandardRoles.Administrator,
+                StandardRoles.CertificateManager,
+                StandardRoles.CertificateConsumer,
+                StandardRoles.StoredCredentialConsumer
+            };
+        }
+
         public static List<ResourceAction> GetStandardResourceActions()
         {
             return new List<ResourceAction> {
 
                 new ResourceAction(StandardResourceActions.CertificateDownload, "Certificate Download", ResourceTypes.Certificate),
+                new ResourceAction(StandardResourceActions.CertificateKeyDownload, "Certificate Private Key Download", ResourceTypes.Certificate),
+
+                new ResourceAction(StandardResourceActions.StoredCredentialAdd, "Add New Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction(StandardResourceActions.StoredCredentialUpdate, "Update Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction(StandardResourceActions.StoredCredentialDelete, "Delete Stored Credential", ResourceTypes.StoredCredential),
+                new ResourceAction(StandardResourceActions.StoredCredentialList, "List Stored Credentials", ResourceTypes.StoredCredential),
+                new ResourceAction(StandardResourceActions.StoredCredentialDownload, "Fetch Decrypted Stored Credential", ResourceTypes.StoredCredential),
+
+                new ResourceAction(StandardResourceActions.SecurityPrincipleList, "List Security Principles", ResourceTypes.SecurityPrinciple),
+                new ResourceAction(StandardResourceActions.SecurityPrincipleAdd, "Add New Security Principle", ResourceTypes.SecurityPrinciple),
+                new ResourceAction(StandardResourceActions.SecurityPrincipleUpdate,"Update Security Principles", ResourceTypes.SecurityPrinciple),
+                new ResourceAction(StandardResourceActions.SecurityPrinciplePasswordUpdate, "Update Security Principle Passwords", ResourceTypes.SecurityPrinciple),
+                new ResourceAction(StandardResourceActions.SecurityPrincipleDelete, "Delete Security Principle", ResourceTypes.SecurityPrinciple),
+
+                new ResourceAction(StandardResourceActions.ManagedItemRequester, "Request New Managed Items", ResourceTypes.ManagedItem),
+
+                new ResourceAction(StandardResourceActions.ManagedItemList, "List Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemAdd, "Add Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemUpdate, "Update Managed Items", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemDelete, "Delete Managed Items", ResourceTypes.ManagedItem),
+
+                new ResourceAction(StandardResourceActions.ManagedItemTest, "Test Managed Item Renewal Checks", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemRenew, "Request/Renew Managed Items", ResourceTypes.ManagedItem),
+
+                new ResourceAction(StandardResourceActions.ManagedItemTaskAdd, "Add Managed Item Tasks", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemTaskUpdate, "Update Managed Item Tasks", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemTaskDelete, "Delete Managed Item Tasks", ResourceTypes.ManagedItem),
 
-                new ResourceAction("storedcredential_add", "Add New Stored Credential", ResourceTypes.StoredCredential),
-                new ResourceAction("storedcredential_update", "Update Stored Credential", ResourceTypes.StoredCredential),
-                new ResourceAction("storedcredential_delete", "Delete Stored Credential", ResourceTypes.StoredCredential),
-                new ResourceAction("storedcredential_fetch", "Fetch Decrypted Stored Credential", ResourceTypes.StoredCredential),
-
-                new ResourceAction("securityprinciple_add", "Add New Security Principle", ResourceTypes.System),
-                new ResourceAction("securityprinciple_update", "UPdate Security Principles", ResourceTypes.System),
-                new ResourceAction("securityprinciple_changepassword", "Update Security Principle Passwords", ResourceTypes.System),
-                new ResourceAction("securityprinciple_delete", "Delete Security Principle", ResourceTypes.System),
-
-                new ResourceAction("manageditem_requester", "Request New Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_add", "Add Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_list", "List Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_update", "Update Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_delete", "Delete Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_test", "Test Managed Item Renewal Checks", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_renew", "Request/Renew Managed Items", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_updatetasks", "Add or Update Managed Item Tasks", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_updatescript", "Add or Update Managed Item Deployment Scripts", ResourceTypes.ManagedItem),
-                new ResourceAction("manageditem_log", "View/Download Managed Item Log", ResourceTypes.ManagedItem),
+                new ResourceAction(StandardResourceActions.ManagedItemLogView, "View/Download Managed Item Log", ResourceTypes.ManagedItem),
             };
         }
 
         public static List<ResourcePolicy> GetStandardPolicies()
         {
             return new List<ResourcePolicy> {
-                new ResourcePolicy{ Id="managed_item_admin", Title="Managed Item Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                new ResourcePolicy{
+                    Id=StandardPolicies.ManagedItemAdmin,
+                    Title="Managed Item Administration",
+                    SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
                         StandardResourceActions.ManagedItemList,
                         StandardResourceActions.ManagedItemAdd,
-                        "manageditem_update",
-                        "manageditem_delete",
-                        "manageditem_test",
-                        "manageditem_renew",
-                        "manageditem_updatetasks",
-                        "manageditem_updatescript",
-                        "manageditem_log",
+                        StandardResourceActions.ManagedItemUpdate,
+                        StandardResourceActions.ManagedItemDelete,
+                        StandardResourceActions.ManagedItemTest,
+                        StandardResourceActions.ManagedItemRenew,
+                        StandardResourceActions.ManagedItemTaskAdd,
+                        StandardResourceActions.ManagedItemTaskUpdate,
+                        StandardResourceActions.ManagedItemTaskDelete,
+                        StandardResourceActions.ManagedItemLogView
                     }
                 },
-                new ResourcePolicy{ Id="access_admin", Title="Access Control Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                new ResourcePolicy{
+                    Id=StandardPolicies.AccessAdmin,
+                    Title="Access Control Administration",
+                    SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
-                        "securityprinciple_add",
-                        "securityprinciple_update",
-                        "securityprinciple_changepassword",
-                        "securityprinciple_delete"
+                       StandardResourceActions.SecurityPrincipleList,
+                       StandardResourceActions.SecurityPrincipleAdd,
+                       StandardResourceActions.SecurityPrincipleUpdate,
+                       StandardResourceActions.SecurityPrincipleDelete,
+                       StandardResourceActions.SecurityPrinciplePasswordUpdate
                     }
                 },
-                new ResourcePolicy{ Id="certificate_consumer", Title="Consume Certificates", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                new ResourcePolicy{
+                    Id=StandardPolicies.CertificateConsumer,
+                    Title="Consume Certificates",
+                    SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
                         StandardResourceActions.CertificateDownload,
-                        "certificate_key_download"
+                        StandardResourceActions.CertificateKeyDownload
                     }
                 },
-                new ResourcePolicy{ Id="storedcredential_admin", Title="Stored Credential Administration", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                new ResourcePolicy{
+                    Id=StandardPolicies.StoredCredentialAdmin,
+                    Title="Stored Credential Administration",
+                    SecurityPermissionType= SecurityPermissionType.ALLOW,
                     ResourceActions= new List<string>{
-                        "storedcredential_add",
-                        "storedcredential_update",
-                        "storedcredential_delete"
+                       StandardResourceActions.StoredCredentialList,
+                       StandardResourceActions.StoredCredentialAdd,
+                       StandardResourceActions.StoredCredentialUpdate,
+                       StandardResourceActions.StoredCredentialDelete
                     }
                 },
-                new ResourcePolicy{ Id="storedcredential_fetch", Title="Stored Credential Fetch", Description="Provides access to fetch a decrypted stored credential.", SecurityPermissionType= SecurityPermissionType.ALLOW,
+                new ResourcePolicy{
+                    Id=StandardPolicies.StoredCredentialConsumer,
+                    Title="Stored Credential Consumer",
+                    Description="Provides access to fetch a decrypted stored credential.",
+                    SecurityPermissionType= SecurityPermissionType.ALLOW,
+                    IsResourceSpecific=true,
                     ResourceActions= new List<string>{
-                        "storedcredential_fetch"
+                       StandardResourceActions.StoredCredentialDownload
                     }
                 }
             };
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index 199b50e95..b03458b3c 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -100,7 +100,7 @@ public async Task<List<SecurityPrinciple>> GetSecurityPrinciples()
         public async Task<List<Role>> GetRoles()
         {
             var accessControl = await _certifyManager.GetCurrentAccessControl();
-            var roles = await accessControl.GetSystemRoles();
+            var roles = await accessControl.GetRoles();
             return roles;
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
index ac87d6b38..7ab12909f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -67,7 +67,7 @@ public async Task TestStoreSecurityPrinciple(string storeType)
                 Email = "test@test.com",
                 PrincipleType = SecurityPrincipleType.User,
                 Username = "test",
-                Provider = StandardProviders.INTERNAL
+                Provider = StandardIdentityProviders.INTERNAL
             };
 
             try
@@ -140,7 +140,7 @@ public async Task TestStoreGeneralAccessControl(string storeType)
                 Description = "Primary test admin",
                 PrincipleType = SecurityPrincipleType.User,
                 Username = "admin01",
-                Provider = StandardProviders.INTERNAL
+                Provider = StandardIdentityProviders.INTERNAL
             };
 
             var consumerSp = new SecurityPrinciple
@@ -151,7 +151,7 @@ public async Task TestStoreGeneralAccessControl(string storeType)
                 PrincipleType = SecurityPrincipleType.User,
                 Username = "dev01",
                 Password = "oldpassword",
-                Provider = StandardProviders.INTERNAL
+                Provider = StandardIdentityProviders.INTERNAL
             };
 
             try
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index 1f486f180..06c41c07c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -222,7 +222,7 @@ public async Task TestAddGetAssignedRoles()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -268,7 +268,7 @@ public async Task TestAddResourcePolicyNoRoles()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -288,7 +288,7 @@ public async Task TestUpdateSecurityPrinciple()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -352,7 +352,7 @@ public async Task TestUpdateSecurityPrincipleBadUpdate()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -389,7 +389,7 @@ public async Task TestUpdateSecurityPrinciplePassword()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -451,7 +451,7 @@ public async Task TestUpdateSecurityPrinciplePasswordBadPassword()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -485,7 +485,7 @@ public async Task TestDeleteSecurityPrinciple()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -543,7 +543,7 @@ public async Task TestDeleteSecurityPrincipleSelfDeletion()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -580,7 +580,7 @@ public async Task TestDeleteSecurityPrincipleBadId()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -617,7 +617,7 @@ public async Task TestIsPrincipleInRole()
 
             // Setup security principle actions
             var actions = Policies.GetStandardResourceActions().FindAll(a => a.ResourceType == ResourceTypes.System);
-            actions.ForEach(async a => await access.AddAction(a));
+            actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
@@ -651,7 +651,7 @@ public async Task TestDomainAuth()
             _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
-            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
@@ -680,7 +680,7 @@ public async Task TestWildcardDomainAuth()
             _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
-            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
@@ -713,7 +713,7 @@ public async Task TestRandomUserAuth()
             _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
-            await access.AddAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
 
             // Setup policy with actions and add policy to store
             var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");

From 4dbb2facb3b989ab114576e5b9f6df8c2bf8a070 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 12:41:05 +0800
Subject: [PATCH 148/237] Access control: fix tests

---
 .../Tests/AccessControlTests.cs               | 66 ++++++++++---------
 1 file changed, 35 insertions(+), 31 deletions(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index 06c41c07c..1f6028af4 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -74,17 +74,20 @@ public Task Update<T>(string itemType, T item)
     public class TestAssignedRoles
     {
         public static AssignedRole TestAdmin { get; } = new AssignedRole
-        { // test administrator
+        { 
+            // test administrator
             RoleId = StandardRoles.Administrator.Id,
             SecurityPrincipleId = "[test]"
         };
         public static AssignedRole Admin { get; } = new AssignedRole
-        { // administrator
+        { 
+            // administrator
             RoleId = StandardRoles.Administrator.Id,
             SecurityPrincipleId = "admin_01"
         };
         public static AssignedRole DevopsUserDomainConsumer { get; } = new AssignedRole
-        { // devops user in consumer role for a specific domain
+        { 
+            // devops user in consumer role for a specific domain
             RoleId = StandardRoles.CertificateConsumer.Id,
             SecurityPrincipleId = "devops_user_01",
             IncludedResources = new List<Resource>{
@@ -92,7 +95,8 @@ public class TestAssignedRoles
             }
         };
         public static AssignedRole DevopsUserWildcardDomainConsumer { get; } = new AssignedRole
-        { // devops user in consumer role for a wildcard domain
+        { 
+            // devops user in consumer role for a wildcard domain
             RoleId = StandardRoles.CertificateConsumer.Id,
             SecurityPrincipleId = "devops_user_01",
             IncludedResources = new List<Resource>{
@@ -225,11 +229,11 @@ public async Task TestAddGetAssignedRoles()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -271,7 +275,7 @@ public async Task TestAddResourcePolicyNoRoles()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             var addedResourcePolicy = await access.AddResourcePolicy(contextUserId, policy);
 
             // Validate that AddResourcePolicy() failed when no roles are defined
@@ -291,11 +295,11 @@ public async Task TestUpdateSecurityPrinciple()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -355,11 +359,11 @@ public async Task TestUpdateSecurityPrincipleBadUpdate()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -392,11 +396,11 @@ public async Task TestUpdateSecurityPrinciplePassword()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -454,11 +458,11 @@ public async Task TestUpdateSecurityPrinciplePasswordBadPassword()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -488,11 +492,11 @@ public async Task TestDeleteSecurityPrinciple()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -546,11 +550,11 @@ public async Task TestDeleteSecurityPrincipleSelfDeletion()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -583,11 +587,11 @@ public async Task TestDeleteSecurityPrincipleBadId()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -620,11 +624,11 @@ public async Task TestIsPrincipleInRole()
             actions.ForEach(async a => await access.AddResourceAction(a));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "access_admin");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.AccessAdmin);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.Administrator.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.Administrator.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -654,11 +658,11 @@ public async Task TestDomainAuth()
             await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.CertificateConsumer);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -680,14 +684,14 @@ public async Task TestWildcardDomainAuth()
             _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
-            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == StandardResourceActions.CertificateDownload));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.CertificateConsumer);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store
@@ -713,14 +717,14 @@ public async Task TestRandomUserAuth()
             _ = await access.AddSecurityPrinciple(contextUserId, TestSecurityPrinciples.DevopsUser, bypassIntegrityCheck: true);
 
             // Setup security principle actions
-            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == "certificate_download"));
+            await access.AddResourceAction(Policies.GetStandardResourceActions().Find(r => r.Id == StandardResourceActions.CertificateDownload));
 
             // Setup policy with actions and add policy to store
-            var policy = Policies.GetStandardPolicies().Find(p => p.Id == "certificate_consumer");
+            var policy = Policies.GetStandardPolicies().Find(p => p.Id == StandardPolicies.CertificateConsumer);
             _ = await access.AddResourcePolicy(contextUserId, policy, bypassIntegrityCheck: true);
 
             // Setup and add roles and policy assignments to store
-            var role = (await access.GetSystemRoles()).Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
+            var role = Policies.GetStandardRoles().Find(r => r.Id == StandardRoles.CertificateConsumer.Id);
             await access.AddRole(role);
 
             // Assign security principles to roles and add roles and policy assignments to store

From 0fdceac5183f5b3e91359f3f3159ab828b77fc31 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 12:41:24 +0800
Subject: [PATCH 149/237] Package updates

---
 .../Certify.Server.Api.Public.Tests.csproj                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index cd54615d4..5e9b221cf 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -15,7 +15,7 @@
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
         <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
         <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
-        <PackageReference Include="coverlet.collector" Version="6.0.0">
+        <PackageReference Include="coverlet.collector" Version="6.0.1">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>

From db0a8f4a78f3607c35fd2f5dac3d551f373e49e3 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 12:42:24 +0800
Subject: [PATCH 150/237] DNS: Add PowerDNS provider viA Posh-ACME

---
 src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs b/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
index 8c3b00765..d343b2ff2 100644
--- a/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
+++ b/src/Certify.Shared.Extensions/Providers/DnsProviderPoshACME.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;

From 554a97f5b0a9d3191ab1c055f4a963a1f0dbabd5 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 12:51:16 +0800
Subject: [PATCH 151/237] Test: skip key path tests on non-windows

---
 .../Tests/CertificateOperationTests.cs               | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
index 676f68b80..b9db078fe 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
@@ -1,4 +1,6 @@
 using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -49,6 +51,11 @@ public void TestSelfSignedLocalhostCertCreateAndStore()
         [TestMethod, Description("Test get cert RSA private key file path")]
         public void TestGetRSAPrivateKeyPath()
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Debug.WriteLine("Test only valid on Windows, skipping");
+                return;
+            }
 
             var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: StandardKeyTypes.RSA256);
 
@@ -71,6 +78,11 @@ public void TestGetRSAPrivateKeyPath()
         [TestMethod, Description("Test get cert ECDSA private key file path")]
         public void TestGetECDSAPrivateKeyPath()
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Debug.WriteLine("Test only valid on Windows, skipping");
+                return;
+            }
 
             var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: StandardKeyTypes.ECDSA256);
 

From 085e186467efa2270251cc45b9339f523d5fb1bf Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 12:54:26 +0800
Subject: [PATCH 152/237] Cleanup

---
 .../Controllers/v1/AuthController.cs                         | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index b66ccbc98..24f0aa2f4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -1,4 +1,4 @@
-using System.Net.Http.Headers;
+using System.Net.Http.Headers;
 using Certify.Client;
 using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
@@ -73,7 +73,6 @@ public async Task<IActionResult> Login(AuthRequest login)
                     RoleStatus = await _client.GetSecurityPrincipleRoleStatus(validation.SecurityPrinciple.Id, CurrentAuthContext)
                 };
 
-
                 // TODO: Refresh token should be stored or hashed for later use
 
                 return Ok(authResponse);
@@ -93,7 +92,7 @@ public async Task<IActionResult> Login(AuthRequest login)
         [HttpPost]
         [Route("refresh")]
         [ProducesResponseType(typeof(AuthResponse), 200)]
-        public IActionResult Refresh(string refreshToken)
+        public async Task<IActionResult> Refresh(string refreshToken)
         {
             // validate token and issue new one
             var jwt = new Api.Public.Services.JwtService(_config);

From c0ff7fc5e7989afc99e5270787d46fc4439ba8d8 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 13:02:06 +0800
Subject: [PATCH 153/237] Powershell: only attempt credentials on Windows
 currently

---
 .../Utils/PowerShellManager.cs                | 98 +++++++++++--------
 1 file changed, 56 insertions(+), 42 deletions(-)

diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index 9c0693e33..8d68f2d21 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -83,23 +83,29 @@ public static async Task<ActionResult> RunScript(
                         {
                             shell.Runspace = runspace;
 
-                            if (credentials != null && credentials.Any())
+                            // running PowerShell under credentials currently only supported for windows
+                            var credentialsProvidedButNotSupported = false;
+
+                            if (credentials?.Any() == true && !RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                            {
+                                // TODO: warn credentials not supported on this platform
+                                credentialsProvidedButNotSupported = true;
+                            }
+
+                            if (credentials?.Any() == true && credentialsProvidedButNotSupported == false)
                             {
                                 // run as windows user
                                 UserCredentials windowsCredentials = null;
 
-                                if (credentials != null && credentials.Count > 0)
+                                try
                                 {
-                                    try
-                                    {
-                                        windowsCredentials = GetWindowsCredentials(credentials);
-                                    }
-                                    catch
-                                    {
-                                        var err = "Command with Windows Credentials requires username and password.";
+                                    windowsCredentials = GetWindowsCredentials(credentials);
+                                }
+                                catch
+                                {
+                                    var err = "Command with Windows Credentials requires username and password.";
 
-                                        return new ActionResult(err, false);
-                                    }
+                                    return new ActionResult(err, false);
                                 }
 
                                 // logon type affects the range of abilities the impersonated user has
@@ -261,48 +267,56 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
             // launch process with user credentials set
             if (credentials != null && credentials.ContainsKey("username") && credentials.ContainsKey("password"))
             {
-                var username = credentials["username"];
-                var pwd = credentials["password"];
-
-                credentials.TryGetValue("domain", out var domain);
-
-                if (domain == null && !username.Contains(".\\") && !username.Contains("@"))
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                 {
-                    domain = ".";
-                }
-
-                scriptProcessInfo.UserName = username;
-                scriptProcessInfo.Domain = domain;
 
-                var sPwd = new SecureString();
-                foreach (var c in pwd)
-                {
-                    sPwd.AppendChar(c);
-                }
+                    var username = credentials["username"];
+                    var pwd = credentials["password"];
 
-                sPwd.MakeReadOnly();
+                    credentials.TryGetValue("domain", out var domain);
 
-                scriptProcessInfo.Password = sPwd;
+                    if (domain == null && !username.Contains(".\\") && !username.Contains("@"))
+                    {
+                        domain = ".";
+                    }
 
-                if (resultsJsonTempPath != null)
-                {
-                    //allow this user to read the results file
-                    var fileInfo = new FileInfo(resultsJsonTempPath);
-                    var accessControl = fileInfo.GetAccessControl();
-                    var fullUser = domain == "." ? username : $"{domain}\\{username}";
-                    accessControl.AddAccessRule(new FileSystemAccessRule(fullUser, FileSystemRights.Read, AccessControlType.Allow));
+                    scriptProcessInfo.UserName = username;
+                    scriptProcessInfo.Domain = domain;
 
-                    try
+                    var sPwd = new SecureString();
+                    foreach (var c in pwd)
                     {
-                        fileInfo.SetAccessControl(accessControl);
+                        sPwd.AppendChar(c);
                     }
-                    catch
+
+                    sPwd.MakeReadOnly();
+
+                    scriptProcessInfo.Password = sPwd;
+
+                    if (resultsJsonTempPath != null)
                     {
-                        _log.AppendLine("Running Powershell As New Process: Could not apply access control to allow this user to read the temp results file");
+                        //allow this user to read the results file
+                        var fileInfo = new FileInfo(resultsJsonTempPath);
+                        var accessControl = fileInfo.GetAccessControl();
+                        var fullUser = domain == "." ? username : $"{domain}\\{username}";
+                        accessControl.AddAccessRule(new FileSystemAccessRule(fullUser, FileSystemRights.Read, AccessControlType.Allow));
+
+                        try
+                        {
+                            fileInfo.SetAccessControl(accessControl);
+                        }
+                        catch
+                        {
+                            _log.AppendLine("Running PowerShell As New Process: Could not apply access control to allow this user to read the temp results file");
+                        }
                     }
-                }
 
-                _log.AppendLine($"Launching Process {commandExe} as User: {domain}\\{username}");
+                    _log.AppendLine($"Launching Process {commandExe} as User: {domain}\\{username}");
+                }
+                else
+                {
+                    _log.AppendLine($"Running PowerShell As New Process: Running as specific user credentials are not supported on this platform.");
+                }
             }
 
             try

From d76cd6224a0c3b9b4ee8d834f4168f528c5df919 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 21 Feb 2024 16:36:15 +0800
Subject: [PATCH 154/237] API: use user_id as jwt claim, enable caching

---
 src/Certify.Client/CertifyApiClient.cs        |  4 +--
 .../Controllers/internal/ApiControllerBase.cs | 34 ++++++++++++++-----
 .../Controllers/v1/AuthController.cs          | 31 +++++++++++------
 .../Services/JwtService.cs                    |  7 ++--
 .../Certify.Server.Api.Public/Startup.cs      |  1 +
 5 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 9ded60dd1..4370aa3fb 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -56,7 +56,7 @@ protected override Task<HttpResponseMessage> SendAsync(
 
     public class AuthContext
     {
-        public string Username { get; set; }
+        public string UserId { get; set; }
         public string Token { get; set; }
     }
 
@@ -144,7 +144,7 @@ private void SetAuthContextForRequest(HttpRequestMessage request, AuthContext au
         {
             if (authContext != null)
             {
-                request.Headers.Add("X-Context-User-Id", authContext.Username);
+                request.Headers.Add("X-Context-User-Id", authContext.UserId);
             }
         }
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
index a83816503..e6f366e25 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/ApiControllerBase.cs
@@ -1,6 +1,8 @@
 using System.Net.Http.Headers;
+using System.Security.Claims;
 using Certify.Client;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Caching.Memory;
 
 namespace Certify.Server.Api.Public.Controllers
 {
@@ -9,32 +11,48 @@ namespace Certify.Server.Api.Public.Controllers
     /// </summary>
     public partial class ApiControllerBase : ControllerBase
     {
+
         /// <summary>
         /// Get the corresponding auth context to pass to the backend service
         /// </summary>
         /// <returns></returns>
-        internal AuthContext CurrentAuthContext
+        internal AuthContext? CurrentAuthContext
         {
             get
             {
-                var _config = HttpContext.RequestServices.GetRequiredService<IConfiguration>();
-                var jwt = new Api.Public.Services.JwtService(_config);
-
                 var authHeader = Request.Headers["Authorization"];
                 if (string.IsNullOrWhiteSpace(authHeader))
                 {
                     return null;
                 }
 
-                var authToken = AuthenticationHeaderValue.Parse(authHeader).Parameter;
+                var authToken = AuthenticationHeaderValue.Parse(authHeader!).Parameter;
+
+                if (string.IsNullOrWhiteSpace(authToken))
+                {
+                    return null;
+                }
+
+                var _cache = HttpContext.RequestServices.GetRequiredService<IMemoryCache>();
+
+                if (_cache.TryGetValue(authToken, out AuthContext? cachedAuthContext))
+                {
+                    if (cachedAuthContext != null)
+                    {
+                        return cachedAuthContext;
+                    }
+                }
 
                 try
                 {
-                    var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
-                    var username = claimsIdentity.Name;
+                    var _config = HttpContext.RequestServices.GetRequiredService<IConfiguration>();
+                    var jwt = new Api.Public.Services.JwtService(_config);
+                    var claimsIdentity = jwt.ClaimsIdentityFromTokenAsync(authToken, false).Result;
+                    var userId = claimsIdentity.FindFirst(ClaimTypes.Sid)?.Value;
 
-                    var authContext = new AuthContext { Token = authToken, Username = username };
+                    var authContext = new AuthContext { Token = authToken, UserId = userId };
 
+                    _cache.Set(authToken, authContext, TimeSpan.FromMinutes(20));
                     return authContext;
                 }
                 catch (Exception)
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index 24f0aa2f4..197150ce7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -1,4 +1,5 @@
-using System.Net.Http.Headers;
+using System.Net.Http.Headers;
+using System.Security.Claims;
 using Certify.Client;
 using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
@@ -67,7 +68,7 @@ public async Task<IActionResult> Login(AuthRequest login)
                 var authResponse = new AuthResponse
                 {
                     Detail = "OK",
-                    AccessToken = jwt.GenerateSecurityToken(login.Username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20")),
+                    AccessToken = jwt.GenerateSecurityToken(validation.SecurityPrinciple.Id, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20")),
                     RefreshToken = jwt.GenerateRefreshToken(),
                     SecurityPrinciple = validation.SecurityPrinciple,
                     RoleStatus = await _client.GetSecurityPrincipleRoleStatus(validation.SecurityPrinciple.Id, CurrentAuthContext)
@@ -94,33 +95,43 @@ public async Task<IActionResult> Login(AuthRequest login)
         [ProducesResponseType(typeof(AuthResponse), 200)]
         public async Task<IActionResult> Refresh(string refreshToken)
         {
-            // validate token and issue new one
-            var jwt = new Api.Public.Services.JwtService(_config);
-
             var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter;
 
+            if (string.IsNullOrEmpty(authToken))
+            {
+                return Unauthorized();
+            }
+
             try
             {
-                var claimsIdentity = jwt.ClaimsIdentityFromToken(authToken, false);
-                var username = claimsIdentity.Name;
+                // validate token and issue new one
+                var jwt = new Api.Public.Services.JwtService(_config);
 
-                if (username == null)
+                var claimsIdentity = await jwt.ClaimsIdentityFromTokenAsync(authToken, false);
+                var userId = claimsIdentity.FindFirst(ClaimTypes.Sid)?.Value;
+
+                if (userId == null)
                 {
                     return Unauthorized();
                 }
 
-                var newJwtToken = jwt.GenerateSecurityToken(username, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20"));
+                var newJwtToken = jwt.GenerateSecurityToken(userId, double.Parse(_config["JwtSettings:authTokenExpirationInMinutes"] ?? "20"));
                 var newRefreshToken = jwt.GenerateRefreshToken();
 
                 // invalidate old refresh token and store new one
                 // DeleteRefreshToken(username, refreshToken);
                 // SaveRefreshToken(username, newRefreshToken);
 
+                var spList = await _client.GetSecurityPrinciples(CurrentAuthContext);
+                var sp = spList.Single(s => s.Id == userId);
+
                 var authResponse = new AuthResponse
                 {
                     Detail = "OK",
                     AccessToken = newJwtToken,
-                    RefreshToken = newRefreshToken
+                    RefreshToken = newRefreshToken,
+                    SecurityPrinciple = sp,
+                    RoleStatus = await _client.GetSecurityPrincipleRoleStatus(userId, CurrentAuthContext)
                 };
 
                 return Ok(authResponse);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
index 529013fec..a5890b171 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
@@ -58,8 +58,7 @@ public string GenerateSecurityToken(string identifier, double? expiryMinutes)
             {
                 Subject = new ClaimsIdentity(new[]
                 {
-                    new Claim(ClaimTypes.Name, identifier),
-                    new Claim(ClaimTypes.NameIdentifier, identifier)
+                    new Claim(ClaimTypes.Sid, identifier)
                 }),
                 Issuer = _issuer,
                 Expires = expiryMinutes != null ? DateTime.UtcNow.AddHours((double)expiryMinutes) : DateTime.UtcNow.AddDays(double.Parse(_expDate)), //token expiry could be role specific - e.g. 1 yr vs 1 month
@@ -75,7 +74,7 @@ public string GenerateSecurityToken(string identifier, double? expiryMinutes)
         /// <param name="validateTokenLifetime"></param>
         /// <returns></returns>
         /// <exception cref="SecurityTokenException"></exception>
-        public ClaimsIdentity ClaimsIdentityFromToken(string token, bool validateTokenLifetime)
+        public async Task<ClaimsIdentity> ClaimsIdentityFromTokenAsync(string token, bool validateTokenLifetime)
         {
             var key = Encoding.UTF8.GetBytes(_secret);
 
@@ -91,7 +90,7 @@ public ClaimsIdentity ClaimsIdentityFromToken(string token, bool validateTokenLi
 
             var tokenHandler = new JsonWebTokenHandler();
 
-            var result = tokenHandler.ValidateToken(token, tokenValidationParameters);
+            var result = await tokenHandler.ValidateTokenAsync(token, tokenValidationParameters);
             if (result.IsValid)
             {
                 return result.ClaimsIdentity;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 56e3f4817..770bfdf39 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -47,6 +47,7 @@ public void ConfigureServices(IServiceCollection services)
             var results = new List<Models.Config.ActionResult>();
 
             services
+                .AddMemoryCache()
                 .AddTokenAuthentication(Configuration)
                 .AddAuthorization()
                 .AddControllers()

From 8cb5c4dbd18bca9393d43e68a6c41e23b361eb42 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 22 Feb 2024 17:40:34 +0800
Subject: [PATCH 155/237] Standardise app data folder path creation/retrieval

---
 src/Certify.Models/Certify.Models.csproj                 | 1 +
 src/Certify.Models/Util/EnvironmentUtil.cs               | 2 +-
 src/Certify.Shared/Management/PluginManager.cs           | 2 +-
 src/Certify.Shared/Management/ServerConnectionManager.cs | 2 +-
 src/Certify.Shared/Utils/ManagedCertificateLog.cs        | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 830d231bf..6f155ea09 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -31,6 +31,7 @@
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
 		<PackageReference Include="System.Text.Json" Version="8.0.2" />
+		<PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
 	</ItemGroup>
 
 	<ItemGroup>
diff --git a/src/Certify.Models/Util/EnvironmentUtil.cs b/src/Certify.Models/Util/EnvironmentUtil.cs
index 98ab3ea62..ae9d3479c 100644
--- a/src/Certify.Models/Util/EnvironmentUtil.cs
+++ b/src/Certify.Models/Util/EnvironmentUtil.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 
diff --git a/src/Certify.Shared/Management/PluginManager.cs b/src/Certify.Shared/Management/PluginManager.cs
index 478934884..e53ca133d 100644
--- a/src/Certify.Shared/Management/PluginManager.cs
+++ b/src/Certify.Shared/Management/PluginManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
diff --git a/src/Certify.Shared/Management/ServerConnectionManager.cs b/src/Certify.Shared/Management/ServerConnectionManager.cs
index 9d7f95936..801564166 100644
--- a/src/Certify.Shared/Management/ServerConnectionManager.cs
+++ b/src/Certify.Shared/Management/ServerConnectionManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
diff --git a/src/Certify.Shared/Utils/ManagedCertificateLog.cs b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
index e6052b9cd..dfcdf7ebe 100644
--- a/src/Certify.Shared/Utils/ManagedCertificateLog.cs
+++ b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.IO;
 using Certify.Models.Providers;

From 5e4e303f3cc6c4341f2eef31c47f6780a4395093 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 12:31:50 +0800
Subject: [PATCH 156/237] Update common app data path creation

---
 src/Certify.Client/CertifyServiceClient.cs                    | 2 +-
 src/Certify.Core/Management/CertifyManager/CertifyManager.cs  | 2 +-
 src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index 714b3a8d9..d09128a3e 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -58,7 +58,7 @@ public async Task ConnectStatusStreamAsync()
                 _legacyConnection.Closed += OnConnectionClosed;
 
 #if DEBUG
-                var logPath = Path.Combine(EnvironmentUtil.GetAppDataFolder("logs"), "hubconnection.log");
+                var logPath = Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "hubconnection.log");
                 var writer = new StreamWriter(logPath);
                 writer.AutoFlush = true;
                 _legacyConnection.TraceLevel = TraceLevels.All;
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index f8b38cfdc..8dde17907 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -345,7 +345,7 @@ private void InitLogging(Shared.ServiceConfig serverConfig)
             _serviceLog = new Loggy(
                 new LoggerConfiguration()
                .MinimumLevel.ControlledBy(_loggingLevelSwitch)
-               .WriteTo.File(Path.Combine(EnvironmentUtil.GetAppDataFolder("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
+               .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
                .CreateLogger()
                );
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
index 226a37766..bb773bd74 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
@@ -15,7 +15,7 @@ public class LoggyTests
         [TestInitialize]
         public void TestInitialize()
         {
-            testsDataPath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests");
+            testsDataPath = Path.Combine(EnvironmentUtil.CreateAppDataPath(), "Tests");
             logFilePath = Path.Combine(testsDataPath, "test.log");
 
             if (!Directory.Exists(testsDataPath))
@@ -69,7 +69,7 @@ public void TestLoggyErrorException()
 
             // Trigger an exception error and log it using Loggy.Error()
             var logMessage = "New Loggy Exception Error";
-            var badFilePath = Path.Combine(EnvironmentUtil.GetAppDataFolder(), "Tests", "test1.log");
+            var badFilePath = Path.Combine(EnvironmentUtil.CreateAppDataPath(), "Tests", "test1.log");
 
             var exceptionError = $"System.IO.FileNotFoundException: Could not find file '{badFilePath}'.";
             try

From 34095c5178d719155d3d90660e5a76fa9e6a6edc Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 12:32:32 +0800
Subject: [PATCH 157/237] Core: apply default app data ACL on create

---
 src/Certify.Models/Util/EnvironmentUtil.cs | 80 +++++++++++++++++++---
 1 file changed, 72 insertions(+), 8 deletions(-)

diff --git a/src/Certify.Models/Util/EnvironmentUtil.cs b/src/Certify.Models/Util/EnvironmentUtil.cs
index ae9d3479c..a6ab6087d 100644
--- a/src/Certify.Models/Util/EnvironmentUtil.cs
+++ b/src/Certify.Models/Util/EnvironmentUtil.cs
@@ -6,7 +6,75 @@ namespace Certify.Models
 {
     public class EnvironmentUtil
     {
-        public static string CreateAppDataPath(string? subFolder = null)
+
+        private static void ApplyRestrictedACL(DirectoryInfo dir)
+        {
+            // disable default inheritance for the existing path ACL
+            var acl = dir.GetAccessControl();
+            acl.SetAccessRuleProtection(true, true);
+            dir.SetAccessControl(acl);
+
+            // removing any existing ACL entries for users group
+            acl = dir.GetAccessControl();
+            var currentRules = acl.GetAccessRules(true, true, typeof(SecurityIdentifier));
+
+            var allUsersSid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
+
+            var processUserSid = WindowsIdentity.GetCurrent().User;
+
+            foreach (FileSystemAccessRule rule in currentRules)
+            {
+                if (rule.IdentityReference == allUsersSid || rule.IdentityReference == processUserSid)
+                {
+                    acl.RemoveAccessRuleAll(rule);
+                }
+            }
+
+            // add full control for the current (process) user 
+            var currentUserRights = new FileSystemAccessRule(processUserSid, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow);
+            acl.AddAccessRule(currentUserRights);
+
+            // add full control for administrators
+            var adminSid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
+            var adminRights = new FileSystemAccessRule(adminSid, FileSystemRights.FullControl, AccessControlType.Allow);
+            acl.AddAccessRule(adminRights);
+
+            // add full control for system
+            var systemUserSid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
+            var systemUserRights = new FileSystemAccessRule(systemUserSid, FileSystemRights.FullControl, AccessControlType.Allow);
+            acl.AddAccessRule(systemUserRights);
+
+            dir.SetAccessControl(acl);
+        }
+
+        /// <summary>
+        /// if path already exists no changes are made, otherwise directory is created and ACL applied
+        /// </summary>
+        /// <param name="path"></param>
+        private static void CreateAndApplyRestrictedACL(string path)
+        {
+            if (!Directory.Exists(path))
+            {
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                {
+                    // create folder with permissions limited to Administrators and the current process user
+
+                    var dir = Directory.CreateDirectory(path);
+                    ApplyRestrictedACL(dir);
+                }
+                else
+                {
+                    Directory.CreateDirectory(path);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Ensure the app data path exists and has the required permissions
+        /// </summary>
+        /// <param name="subDirectory">optional subfolder to include</param>
+        /// <returns>full app data with with optional subdirectory</returns>
+        public static string CreateAppDataPath(string? subDirectory = null)
         {
             var parts = new List<string>()
             {
@@ -15,15 +83,11 @@ public static string CreateAppDataPath(string? subFolder = null)
             };
 
             var path = Path.Combine(parts.ToArray());
+            CreateAndApplyRestrictedACL(path);
 
-            if (!Directory.Exists(path))
-            {
-                Directory.CreateDirectory(path);
-            }
-
-            if (subFolder != null)
+            if (subDirectory != null)
             {
-                parts.Add(subFolder);
+                parts.Add(subDirectory);
                 path = Path.Combine(parts.ToArray());
 
                 if (!Directory.Exists(path))

From c35a4c14d82d400950da43e6f699e9af8f24ca7e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 13:57:15 +0800
Subject: [PATCH 158/237] Fix tests 462

---
 .../workflows/4_6_2_Core_Unit_Tests_Win.yaml  |  9 ++--
 .../workflows/8_0_Core_Unit_Tests_Linux.yaml  | 11 ++---
 .../workflows/8_0_Core_Unit_Tests_Win.yaml    |  9 ++--
 .../Certify.Core.Tests.Unit.csproj            | 15 +++---
 .../Tests/CertifyManagerAccountTests.cs       |  4 +-
 .../unit-test-8-0-linux.runsettings           | 36 ---------------
 .../unit-test-8-0.runsettings                 | 36 ---------------
 .../unit-test-linux.runsettings               | 46 +++++++++++++++++++
 ...-462.runsettings => unit-test.runsettings} |  8 ++--
 9 files changed, 70 insertions(+), 104 deletions(-)
 delete mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
 delete mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-linux.runsettings
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{unit-test-462.runsettings => unit-test.runsettings} (81%)

diff --git a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
index eb7405068..8b3de816b 100644
--- a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
+++ b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
@@ -80,28 +80,27 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
-        dotnet add package coverlet.collector
         dotnet build -c Debug -f net462 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
       run: |
         $env:GITHUB_WORKSPACE="$env:GITHUB_WORKSPACE\certify"
-        $env:GITHUB_STEP_SUMMARY=".\TestResults-4_6_2-${{ runner.os }}\test-summary.md"
+        $env:GITHUB_STEP_SUMMARY=".\TestResults-${{ runner.os }}\test-summary.md"
         dotnet test --no-build -f net462 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Generated Test Results Report
       run: |
         echo "# Test Results" | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8
-        (Get-Content -Path .\TestResults-4_6_2-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
+        (Get-Content -Path .\TestResults-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
     - name: Generated Test Coverage Report
       run: |
-        reportgenerator -reports:./TestResults-4_6_2-${{ runner.os }}/*/*.cobertura.xml -targetdir:./TestResults-4_6_2-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
-        Get-Content -Path ./TestResults-4_6_2-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
+        reportgenerator -reports:./TestResults-${{ runner.os }}/*/*.cobertura.xml -targetdir:./TestResults-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        Get-Content -Path ./TestResults-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml b/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
index a55ee9b9a..2d0f7d2cd 100644
--- a/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
+++ b/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
@@ -79,29 +79,28 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
-        dotnet add package coverlet.collector
         dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
       run: |
         export GITHUB_WORKSPACE="$GITHUB_WORKSPACE/certify"
-        export GITHUB_STEP_SUMMARY="./TestResults-8_0-${{ runner.os }}/test-summary.md"
+        export GITHUB_STEP_SUMMARY="./TestResults-${{ runner.os }}/test-summary.md"
         dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Generate Test Results Report
       run: |
         echo "# Test Results" > $GITHUB_STEP_SUMMARY
-        sed -i 's/<details>/<details open>/g' ./TestResults-8_0-${{ runner.os }}/test-summary.md
-        cat ./TestResults-8_0-${{ runner.os }}/test-summary.md >> $GITHUB_STEP_SUMMARY
+        sed -i 's/<details>/<details open>/g' ./TestResults-${{ runner.os }}/test-summary.md
+        cat ./TestResults-${{ runner.os }}/test-summary.md >> $GITHUB_STEP_SUMMARY
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
     - name: Generated Test Coverage Report
       run: |
-        reportgenerator -reports:./TestResults-8_0-${{ runner.os }}/*/coverage.cobertura.xml -targetdir:./TestResults-8_0-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
-        cat ./TestResults-8_0-${{ runner.os }}/SummaryGithub.md > $GITHUB_STEP_SUMMARY
+        reportgenerator -reports:./TestResults-${{ runner.os }}/*/*.cobertura.xml -targetdir:./TestResults-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        cat ./TestResults-${{ runner.os }}/SummaryGithub.md > $GITHUB_STEP_SUMMARY
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Win.yaml b/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
index 740d58ad1..2e7607240 100644
--- a/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
+++ b/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
@@ -80,28 +80,27 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
-        dotnet add package coverlet.collector
         dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
       run: |
         $env:GITHUB_WORKSPACE="$env:GITHUB_WORKSPACE\certify"
-        $env:GITHUB_STEP_SUMMARY=".\TestResults-8_0-${{ runner.os }}\test-summary.md"
+        $env:GITHUB_STEP_SUMMARY=".\TestResults-${{ runner.os }}\test-summary.md"
         dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
     
     - name: Generate Test Results Report
       run: |
         echo "# Test Results" | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8
-        (Get-Content -Path .\TestResults-8_0-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
+        (Get-Content -Path .\TestResults-${{ runner.os }}\test-summary.md).Replace('<details>', '<details open>') | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 -Append
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
     - name: Generated Test Coverage Report
       run: |
-        reportgenerator -reports:./TestResults-8_0-${{ runner.os }}/*/coverage.cobertura.xml -targetdir:./TestResults-8_0-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
-        Get-Content -Path ./TestResults-8_0-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
+        reportgenerator -reports:./TestResults-${{ runner.os }}/*/*.cobertura.xml -targetdir:./TestResults-${{ runner.os }} -reporttypes:MarkdownSummaryGithub "-title:Test Coverage"
+        Get-Content -Path ./TestResults-${{ runner.os }}/SummaryGithub.md | Out-File -FilePath $env:GITHUB_STEP_SUMMARY
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
       if: ${{ always() }}
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 8c708643e..c7fc9a3b3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -101,16 +101,12 @@
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net462'">
-    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-462.runsettings</RunSettingsFilePath>
+  <PropertyGroup Condition="'$(OS)'=='WINDOWS_NT'">
+    <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test.runsettings</RunSettingsFilePath>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='WINDOWS_NT|net8.0'">
-    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-8-0.runsettings</RunSettingsFilePath>
+  <PropertyGroup Condition="'$(OS)'=='UNIX'">
+    <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test-linux.runsettings</RunSettingsFilePath>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(OS)|$(TargetFramework)'=='UNIX|net8.0'">
-    <RunSettingsFilePath>$(MSBuildProjectDirectory)/unit-test-8-0-linux.runsettings</RunSettingsFilePath>
-  </PropertyGroup>
-
   <ItemGroup>
     <Content Include="Assets\Powershell\Simple.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
@@ -149,6 +145,7 @@
     <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
+    <PackageReference Include="System.Text.Json" Version="8.0.2" />
     <PackageReference Include="Testcontainers" Version="3.7.0" />
   </ItemGroup>
   <ItemGroup>
@@ -161,4 +158,4 @@
     <Folder Include="Properties\" />
   </ItemGroup>
 
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index df0f82234..4782fb528 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -164,8 +164,8 @@ private static async Task StartStepCaContainer(bool runningWindowsDockerEngine)
                     // Create new step-ca container
                     _caContainer = new ContainerBuilder()
                         .WithName("step-ca")
-                        // Set the image for the container to "jrnelson90/step-ca-win:latest".
-                        .WithImage("jrnelson90/step-ca-win:latest")
+                        // Set the image for the container to "webprofusion/step-ca-win:latest".
+                        .WithImage("webprofusion/step-ca-win:latest")
                         .WithBindMount(_winRunnerTempDir, "C:\\Users\\ContainerUser\\.step")
                         // Bind port 9000 of the container to port 9000 on the host.
                         .WithPortBinding(_caPort)
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
deleted file mode 100644
index 1ffd818a7..000000000
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0-linux.runsettings
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- File name extension must be .runsettings -->
-<RunSettings>
-  <!-- Configurations that affect the Test Framework -->
-  <RunConfiguration>
-    <TestAdaptersPaths>$HOME/.nuget/packages/coverlet.collector/6.0.0/build/netstandard1.0;$HOME/.nuget/packages/coverlet.msbuild/6.0.0/build</TestAdaptersPaths>
-    <TargetFrameworkVersion>net8.0</TargetFrameworkVersion>
-    <ResultsDirectory>./TestResults-8_0-Linux</ResultsDirectory>
-    <CollectSourceInformation>true</CollectSourceInformation>
-  </RunConfiguration>
-  <!-- Configurations for data collectors -->
-  <DataCollectionRunSettings>
-    <DataCollectors>
-      <DataCollector friendlyName="XPlat code coverage" uri="datacollector://Microsoft/CoverletCodeCoverage/1.0">
-        <Configuration>
-          <Format>cobertura</Format>
-          <!-- [Assembly-Filter]Type-Filter -->
-          <Include>[Certify.*]*,[Plugin.Datastore.SQLite]*</Include>
-          <!-- [Assembly-Filter]Type-Filter -->
-          <IncludeTestAssembly>false</IncludeTestAssembly>
-        </Configuration>
-      </DataCollector>
-    </DataCollectors>
-  </DataCollectionRunSettings>
-  <!-- Configuration for loggers -->
-  <LoggerRunSettings>
-    <Loggers>
-      <Logger friendlyName="console" enabled="True">
-        <Configuration>
-          <Verbosity>normal</Verbosity>
-        </Configuration>
-      </Logger>
-      <Logger friendlyName="trx" enabled="True" />
-    </Loggers>
-  </LoggerRunSettings>
-</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings
deleted file mode 100644
index 1f1211437..000000000
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-8-0.runsettings
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- File name extension must be .runsettings -->
-<RunSettings>
-  <!-- Configurations that affect the Test Framework -->
-  <RunConfiguration>
-    <TestAdaptersPaths>%SystemDrive%\%HOMEPATH%\.nuget\packages\coverlet.collector\6.0.0\build\netstandard1.0;%SystemDrive%\%HOMEPATH%\.nuget\packages\coverlet.msbuild\6.0.0\build</TestAdaptersPaths>
-    <TargetFrameworkVersion>net8.0</TargetFrameworkVersion>
-    <ResultsDirectory>.\TestResults-8_0-windows</ResultsDirectory>
-    <CollectSourceInformation>true</CollectSourceInformation>
-  </RunConfiguration>
-  <!-- Configurations for data collectors -->
-  <DataCollectionRunSettings>
-    <DataCollectors>
-      <DataCollector friendlyName="XPlat code coverage" uri="datacollector://Microsoft/CoverletCodeCoverage/1.0">
-        <Configuration>
-          <Format>cobertura</Format>
-          <!-- [Assembly-Filter]Type-Filter -->
-          <Include>[Certify.*]*,[Plugin.Datastore.SQLite]*</Include>
-          <!-- [Assembly-Filter]Type-Filter -->
-          <IncludeTestAssembly>false</IncludeTestAssembly>
-        </Configuration>
-      </DataCollector>
-    </DataCollectors>
-  </DataCollectionRunSettings>
-  <!-- Configuration for loggers -->
-  <LoggerRunSettings>
-    <Loggers>
-      <Logger friendlyName="console" enabled="True">
-        <Configuration>
-          <Verbosity>normal</Verbosity>
-        </Configuration>
-      </Logger>
-      <Logger friendlyName="trx" enabled="True" />
-    </Loggers>
-  </LoggerRunSettings>
-</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-linux.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-linux.runsettings
new file mode 100644
index 000000000..0499b1c82
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-linux.runsettings
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- File name extension must be .runsettings -->
+<RunSettings>
+  <!-- Configurations that affect the Test Framework -->
+  <RunConfiguration>
+    <TestAdaptersPaths>$HOME/.nuget/packages/microsoft.codecoveraged/17.8.0/build/netstandard2.0</TestAdaptersPaths>
+    <ResultsDirectory>./TestResults-Linux</ResultsDirectory>
+    <CollectSourceInformation>true</CollectSourceInformation>
+  </RunConfiguration>
+  <!-- Configurations for data collectors -->
+  <DataCollectionRunSettings>
+    <DataCollectors>
+      <DataCollector friendlyName="Code Coverage" uri="datacollector://Microsoft/CodeCoverage/2.0" assemblyQualifiedName="Microsoft.VisualStudio.Coverage.DynamicCoverageDataCollector, Microsoft.VisualStudio.TraceCollector, Version=11.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+        <Configuration>
+          <Format>Cobertura</Format>
+          <CodeCoverage>
+            <!-- Match assembly file paths: -->
+            <ModulePaths>
+              <Include>
+                <ModulePath>.*Certify.*$</ModulePath>
+                <ModulePath>.*Plugin.Datastore.*$</ModulePath>
+              </Include>
+              <Exclude>
+                <ModulePath>.*Certify.Core.Tests.Unit.dll$</ModulePath>
+                <ModulePath>.*Moq.dll$</ModulePath>
+                <ModulePath>.*Microsoft.*$</ModulePath>
+              </Exclude>
+            </ModulePaths>
+            <EnableDynamicManagedInstrumentation>True</EnableDynamicManagedInstrumentation>
+          </CodeCoverage>
+        </Configuration>
+      </DataCollector>
+    </DataCollectors>
+  </DataCollectionRunSettings>
+  <!-- Configuration for loggers -->
+  <LoggerRunSettings>
+    <Loggers>
+      <Logger friendlyName="console" enabled="True">
+        <Configuration>
+          <Verbosity>normal</Verbosity>
+        </Configuration>
+      </Logger>
+      <Logger friendlyName="trx" enabled="True" />
+    </Loggers>
+  </LoggerRunSettings>
+</RunSettings>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test.runsettings
similarity index 81%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings
rename to src/Certify.Tests/Certify.Core.Tests.Unit/unit-test.runsettings
index 9e1f06a10..72ea904e6 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test-462.runsettings
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/unit-test.runsettings
@@ -4,8 +4,7 @@
   <!-- Configurations that affect the Test Framework -->
   <RunConfiguration>
     <TestAdaptersPaths>%SystemDrive%\%HOMEPATH%\.nuget\packages\microsoft.codecoverage\17.8.0\build\netstandard2.0</TestAdaptersPaths>
-    <TargetFrameworkVersion>net462</TargetFrameworkVersion>
-    <ResultsDirectory>.\TestResults-4_6_2-windows</ResultsDirectory>
+    <ResultsDirectory>.\TestResults-windows</ResultsDirectory>
     <CollectSourceInformation>true</CollectSourceInformation>
   </RunConfiguration>
   <!-- Configurations for data collectors -->
@@ -19,15 +18,14 @@
             <ModulePaths>
               <Include>
                 <ModulePath>.*Certify.*$</ModulePath>
-                <ModulePath>.*Plugin.Datastore.SQLite.dll$</ModulePath>
+                <ModulePath>.*Plugin.Datastore.*$</ModulePath>
               </Include>
               <Exclude>
                 <ModulePath>.*Certify.Core.Tests.Unit.dll$</ModulePath>
                 <ModulePath>.*Moq.dll$</ModulePath>
+                <ModulePath>.*Microsoft.*$</ModulePath>
               </Exclude>
             </ModulePaths>
-            <!--<EnableStaticManagedInstrumentation>True</EnableStaticManagedInstrumentation>
-            <EnableStaticNativeInstrumentationRestore>True</EnableStaticNativeInstrumentationRestore>-->
             <EnableDynamicManagedInstrumentation>True</EnableDynamicManagedInstrumentation>
           </CodeCoverage>
         </Configuration>

From ad5ec646a096f2595b13844a732e76f2a26ca80a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 13:57:35 +0800
Subject: [PATCH 159/237] Fix log level for access control

---
 src/Certify.Core/Management/Access/AccessControl.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 4f36c6d07..6b1e2a0c4 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -39,7 +39,7 @@ public async Task AuditError(string template, params object[] propertyvalues)
 
         public async Task AuditInformation(string template, params object[] propertyvalues)
         {
-            _log.Error(template, propertyvalues);
+            _log.Information(template, propertyvalues);
         }
         /// <summary>
         /// Check if the system has been initialized with a security principle

From 760357aa670b2e5670a8338b60024cebae2d52ee Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 15:29:38 +0800
Subject: [PATCH 160/237] Fix tests

---
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index c7fc9a3b3..ca72bd9b8 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -144,6 +144,7 @@
     <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
     <PackageReference Include="Polly" Version="8.3.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+    <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="System.Text.Json" Version="8.0.2" />
     <PackageReference Include="Testcontainers" Version="3.7.0" />

From 70d5124da4a49e3bd25a9751e9f711add2b9c32d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 26 Feb 2024 18:01:40 +0800
Subject: [PATCH 161/237] Docker: update step-ca to use less layers in build

---
 .../Certify.Core.Tests.Unit/step-ca-win-build.bat        | 5 +++++
 .../Certify.Core.Tests.Unit/step-ca-win.dockerfile       | 9 ++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-build.bat

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-build.bat b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-build.bat
new file mode 100644
index 000000000..3e792a7a2
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win-build.bat
@@ -0,0 +1,5 @@
+ mkdir C:\temp
+pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'" && tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files"
+pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2/step-ca_windows_0.24.2_amd64.zip' -Outfile 'C:\temp\step-ca_windows_0.24.2_amd64.zip'" && tar -oxzf C:\temp\step-ca_windows_0.24.2_amd64.zip -C "C:\Program Files"
+mkdir "C:\Program Files\SDelete" && pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://download.sysinternals.com/files/SDelete.zip' -Outfile 'C:\temp\SDelete.zip'" && tar -oxzf C:\temp\SDelete.zip -C "C:\Program Files\SDelete"
+rmdir /s /q C:\temp
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
index e653a1724..a69d6aea7 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/step-ca-win.dockerfile
@@ -1,11 +1,9 @@
 FROM mcr.microsoft.com/dotnet/sdk:8.0-nanoserver-ltsc2022 AS base
 WORKDIR /app
 EXPOSE 9000
-RUN mkdir C:\temp 
-RUN pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.24.4/step_windows_0.24.4_amd64.zip' -Outfile 'C:\temp\step_windows_0.24.4_amd64.zip'" && tar -oxzf C:\temp\step_windows_0.24.4_amd64.zip -C "C:\Program Files"
-RUN pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2/step-ca_windows_0.24.2_amd64.zip' -Outfile 'C:\temp\step-ca_windows_0.24.2_amd64.zip'" && tar -oxzf C:\temp\step-ca_windows_0.24.2_amd64.zip -C "C:\Program Files"
-RUN mkdir "C:\Program Files\SDelete" && pwsh -Command "Invoke-WebRequest -Method 'GET' -uri 'https://download.sysinternals.com/files/SDelete.zip' -Outfile 'C:\temp\SDelete.zip'" && tar -oxzf C:\temp\SDelete.zip -C "C:\Program Files\SDelete"
-RUN rmdir /s /q C:\temp
+COPY ./step-ca-win-build.bat .
+RUN step-ca-win-build.bat
+
 USER ContainerAdministrator
 RUN setx /M PATH "%PATH%;C:\Program Files\step_0.24.4\bin;C:\Program Files\step-ca_0.24.2;C:\Program Files\SDelete"
 USER ContainerUser
@@ -13,6 +11,7 @@ USER ContainerUser
 FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS netapi
 
 FROM base AS final
+
 COPY ./step-ca-win-init.bat .
 COPY --from=netapi /Windows/System32/netapi32.dll /Windows/System32/netapi32.dll
 

From 3063cf3cd59ff63c028264e3269229d4f8cb291b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 28 Feb 2024 18:01:07 +0800
Subject: [PATCH 162/237] Cleanup

---
 src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
index 86c5d8c65..26cfae975 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
@@ -134,7 +134,7 @@ To run all of the Certify Core Unit Tests in a Linux container, use the followin
 docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0
 ```
 
-To run a specifi class of Certify Core Unit Tests in a Linux container, use the following command, substituting the Class Name of the tests after `--filter "ClassName=`:
+To run a specific class of Certify Core Unit Tests in a Linux container, use the following command, substituting the Class Name of the tests after `--filter "ClassName=`:
 
 ```
 docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter "ClassName=Certify.Core.Tests.Unit.DnsQueryTests"

From 9929ef70ed66692704238a0a2d3a554be2f0d85a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 28 Feb 2024 18:02:13 +0800
Subject: [PATCH 163/237] Tests: implement key acl tests

---
 src/Certify.Shared/Certify.Shared.Core.csproj |  1 +
 .../Management/CertificateManager.cs          |  4 +-
 .../Tests/CertificateOperationTests.cs        | 53 +++++++++++++++++++
 3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index a2d5d4dae..d14668afb 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -17,6 +17,7 @@
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
+        <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
         <PackageReference Include="Arsoft.Tools.Net" Version="3.6.0" Condition="'$(TargetFramework)' == 'net8.0'" />
diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index 6016c6ca8..daefca8a9 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -749,8 +749,8 @@ private static string GetWindowsPrivateKeyLocation(string keyFileName)
             {
                 return machineKeyPath;
             }
-            
-            // if EC key may be under /keys
+
+            // if EC/CNG key may be under /keys
             machineKeyPath = Path.Combine(appDataPath, "Microsoft", "Crypto", "Keys");
 
             // if EC/CNG key may be under /keys
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
index b9db078fe..9e3af1522 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
@@ -4,6 +4,7 @@
 using Certify.Management;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -101,5 +102,57 @@ public void TestGetECDSAPrivateKeyPath()
                 CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
             }
         }
+
+        [TestMethod, Description("Test private key set ACL")]
+        [DataTestMethod]
+        [DataRow("NT AUTHORITY\\LOCAL SERVICE", StandardKeyTypes.RSA256, "read", true, "RSA Key Type, Read")]
+        [DataRow("NT AUTHORITY\\LOCAL SERVICE", StandardKeyTypes.RSA256, "fullcontrol", true, "RSA Key Type, Full Control")]
+        [DataRow("NT AUTHORITY\\LOCAL SERVICE", StandardKeyTypes.ECDSA256, "read", true, "ECDSA Key Type, Read")]
+        [DataRow("NT AUTHORITY\\LOCAL SERVICE", StandardKeyTypes.ECDSA256, "fullcontrol", true, "ECDSA Key Type, Full Control")]
+        [DataRow("NT AUTHORITY\\MadeUpUser", StandardKeyTypes.ECDSA256, "fullcontrol", false, "ECDSA Key Type, Full Control, Invalid User")]
+        public void TestSetACLOnPrivateKey(string account, string keyType, string fileSystemRights, bool isUserValid, string testDescription)
+        {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Debug.WriteLine("Test only valid on Windows, skipping");
+                return;
+            }
+
+            var logCfg = new LoggerConfiguration()
+              .MinimumLevel.Debug()
+              .WriteTo.Debug()
+              .CreateLogger();
+
+            var log = new Loggy(logCfg);
+
+            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: keyType);
+
+            CertificateManager.StoreCertificate(cert, CertificateManager.DEFAULT_STORE_NAME);
+
+            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, CertificateManager.DEFAULT_STORE_NAME);
+            Assert.IsNotNull(storedCert);
+
+            try
+            {
+
+                var success = CertificateManager.GrantUserAccessToCertificatePrivateKey(storedCert, account, fileSystemRights: fileSystemRights, log);
+
+                if (isUserValid)
+                {
+                    Assert.IsTrue(success, "Updating the ACL for the private key should succeed");
+
+                    var hasAccess = CertificateManager.HasUserAccessToCertificatePrivateKey(storedCert, account, fileSystemRights: fileSystemRights, log);
+                    Assert.IsTrue(hasAccess, "User should have the required access on the private key");
+                }
+                else
+                {
+                    Assert.IsFalse(success, "Updating the ACL for the private key should fail due to invalid user specified");
+                }
+            }
+            finally
+            {
+                CertificateManager.RemoveCertificate(storedCert, CertificateManager.DEFAULT_STORE_NAME);
+            }
+        }
     }
 }

From 490a0e8c69cfdb6648b980cdb091ef68ec79ab69 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Mar 2024 11:46:48 +0800
Subject: [PATCH 164/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                    | 4 ++--
 src/Certify.Core/Certify.Core.csproj                        | 2 +-
 src/Certify.Models/Certify.Models.csproj                    | 4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj             | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj     | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                  | 4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj          | 2 +-
 src/Certify.Service/App.config                              | 2 +-
 .../Certify.SourceGenerators.csproj                         | 2 +-
 .../Certify.Core.Tests.Integration.csproj                   | 6 +++---
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj  | 6 +++---
 .../Certify.Service.Tests.Integration.csproj                | 6 +++---
 .../Certify.UI.Tests.Integration.csproj                     | 4 ++--
 13 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index f22304360..3c5f8cd18 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,9 +18,9 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.2" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.3.0" />
+    <PackageReference Include="Polly" Version="8.3.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index d170b8882..ebf6531e6 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.3.0" />
+    <PackageReference Include="Polly" Version="8.3.1" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 6f155ea09..f0ac858d2 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,8 +21,8 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.8.0">
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.0" />
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.9.2">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 407235a22..6c6dd64b7 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.19" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.22" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index fb43b336d..9edeb51b2 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.37.0" />
+    <PackageReference Include="Azure.Core" Version="1.38.0" />
     <PackageReference Include="Azure.Identity" Version="1.10.4" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.0" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 5e9b221cf..c080a2a75 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -13,8 +13,8 @@
         <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.2" />
         <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.2" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
         <PackageReference Include="coverlet.collector" Version="6.0.1">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 17ee8ba35..da632e39a 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,7 +9,7 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-        <PackageReference Include="Polly" Version="8.3.0" />
+        <PackageReference Include="Polly" Version="8.3.1" />
         <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.2" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 398a3c579..0eb1ce73a 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.36.0.0" newVersion="1.37.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.37.0.0" newVersion="1.38.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index 133497c48..d1db803cc 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.8.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.9.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 38c786d95..4b6b7c30d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -93,10 +93,10 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.3.0" />
+    <PackageReference Include="Polly" Version="8.3.1" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index ca72bd9b8..0cc1693a3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -140,9 +140,9 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
-    <PackageReference Include="Polly" Version="8.3.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="Polly" Version="8.3.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 7e1622998..2a5f8e793 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -78,9 +78,9 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
-    <PackageReference Include="Polly" Version="8.3.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="Polly" Version="8.3.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 732450002..64f37600c 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -74,8 +74,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
   </ItemGroup>
 
   <ItemGroup>

From f209947a7e9cadb102f5b71b17d09b66b14a3e6c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 12 Mar 2024 11:47:24 +0800
Subject: [PATCH 165/237] Renewal targets: skip if item not found

---
 src/Certify.Core/Management/RenewalManager.cs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Certify.Core/Management/RenewalManager.cs b/src/Certify.Core/Management/RenewalManager.cs
index 32a4c92c2..1da39dcc0 100644
--- a/src/Certify.Core/Management/RenewalManager.cs
+++ b/src/Certify.Core/Management/RenewalManager.cs
@@ -70,7 +70,17 @@ public static async Task<List<CertificateRequestResult>> PerformRenewAll(
 
                 foreach (var id in settings.TargetManagedCertificates)
                 {
-                    targetCerts.Add(await itemManager.GetById(id));
+                    var item = await itemManager.GetById(id);
+                    if (item != null)
+                    {
+                        targetCerts.Add(item);
+                    }
+                }
+
+                if (!targetCerts.Any())
+                {
+                    serviceLog?.Error("No matching target managed certificates found for renewal.");
+                    return new List<CertificateRequestResult>();
                 }
 
                 managedCertificateBatch = targetCerts;

From 321eccf5a0613d87245aeca126d71694b5243531 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Mar 2024 14:16:33 +0800
Subject: [PATCH 166/237] Package updates

---
 .../Certify.Aspire.ServiceDefaults.csproj                 | 2 +-
 src/Certify.Client/Certify.Client.csproj                  | 6 +++---
 src/Certify.Models/Certify.Models.csproj                  | 4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj           | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                | 6 +++---
 .../Certify.Server.Api.Public.csproj                      | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj        | 8 ++++----
 .../Certify.Core.Tests.Unit.csproj                        | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj            | 2 +-
 9 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 5f9293c51..7d18fc1e8 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.2.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.3.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.3.24105.21" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 3c5f8cd18..51772827a 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.2" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.2" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.3" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.3.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index f0ac858d2..c7746a0ec 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.1" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.9.2">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="8.0.2" />
+		<PackageReference Include="System.Text.Json" Version="8.0.3" />
 		<PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
 	</ItemGroup>
 
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 6c6dd64b7..1876708b6 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.22" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.25" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index c080a2a75..f55667142 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,12 +10,12 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.2" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.3" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
         <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
         <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
-        <PackageReference Include="coverlet.collector" Version="6.0.1">
+        <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 476f45799..4464d5dc7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,7 +18,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.3" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index da632e39a..4f73e15ed 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.3.1" />
         <PackageReference Include="Serilog" Version="3.1.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.3" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.2" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.2" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.2" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.3" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 0cc1693a3..f109a934c 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -146,7 +146,7 @@
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageReference Include="System.Text.Json" Version="8.0.2" />
+    <PackageReference Include="System.Text.Json" Version="8.0.3" />
     <PackageReference Include="Testcontainers" Version="3.7.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index e2f92851f..76dbe37d2 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
 		<PackageReference Include="Serilog" Version="3.1.1" />
-		<PackageReference Include="System.Text.Json" Version="8.0.2" />
+		<PackageReference Include="System.Text.Json" Version="8.0.3" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>

From bf8c158b7c7dff3f517450209d2db03fce89582b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 18 Mar 2024 14:30:08 +0800
Subject: [PATCH 167/237] Cleanup

---
 src/Certify.CLI/CertifyCLI.Backup.cs                 |  1 -
 src/Certify.Client/CertifyApiClient.cs               |  6 +++---
 src/Certify.Core/Management/Access/AccessControl.cs  | 11 ++++-------
 .../CertifyManager/CertifyManager.Maintenance.cs     |  4 ++--
 .../Management/CertifyManager/CertifyManager.cs      |  1 -
 src/Certify.Models/API/AuthRequest.cs                |  3 +--
 src/Certify.Models/Config/CertRequestConfig.cs       |  2 +-
 src/Certify.Models/Config/ManagedCertificate.cs      |  2 +-
 .../Certify.Server.Api.Public.Tests/APITestBase.cs   | 11 ++---------
 .../Certify.Server.Api.Public.Tests/AccessTests.cs   |  4 +---
 .../Certify.Server.Api.Public.Tests/AuthTests.cs     |  4 +---
 .../CertificateTests.cs                              | 12 +++++-------
 .../Certify.Server.Api.Public.Tests/SystemTests.cs   |  2 +-
 .../Controllers/v1/AuthController.cs                 |  1 -
 .../Controllers/v1/CertificateController.cs          |  2 +-
 .../Middleware/AuthenticationExtension.cs            |  2 +-
 .../Certify.Server.Api.Public/Startup.cs             |  3 ---
 .../Controllers/AccessController.cs                  |  5 ++---
 .../Controllers/AuthController.cs                    |  7 +++----
 src/Certify.Shared/Utils/PKI/CertUtils.cs            |  1 -
 src/Certify.Shared/Utils/PKI/OcspUtils.cs            |  3 ---
 src/Certify.SourceGenerators/ApiMethods.cs           | 10 +++++-----
 .../PublicAPISourceGenerator.cs                      | 12 ++++++------
 .../DataStores/AccessControlDataStoreTests.cs        |  2 --
 .../Tests/AccessControlTests.cs                      | 12 ++++++------
 25 files changed, 46 insertions(+), 77 deletions(-)

diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index 695a47215..3d81c8574 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -2,7 +2,6 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
-using Certify.Client;
 using Certify.Models.Config.Migration;
 using Newtonsoft.Json;
 
diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index 4370aa3fb..effd34f4e 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -299,13 +299,13 @@ public async Task<List<ProviderDefinition>> GetDataStoreProviders(AuthContext au
             var result = await FetchAsync("system/datastores/providers", authContext);
             return JsonConvert.DeserializeObject<List<ProviderDefinition>>(result);
         }
-        
+
         public async Task<List<DataStoreConnection>> GetDataStoreConnections(AuthContext authContext = null)
         {
             var result = await FetchAsync("system/datastores/", authContext);
             return JsonConvert.DeserializeObject<List<DataStoreConnection>>(result);
         }
-        
+
         public async Task<List<ActionStep>> CopyDataStore(string sourceId, string targetId, AuthContext authContext = null)
         {
             var result = await PostAsync($"system/datastores/copy/{sourceId}/{targetId}", null, authContext: authContext);
@@ -619,7 +619,7 @@ public async Task<List<CertificateAuthority>> GetCertificateAuthorities(AuthCont
             var result = await FetchAsync("accounts/authorities", authContext);
             return JsonConvert.DeserializeObject<List<CertificateAuthority>>(result);
         }
-        public async Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca, AuthContext authContext =null)
+        public async Task<ActionResult> UpdateCertificateAuthority(CertificateAuthority ca, AuthContext authContext = null)
         {
             var result = await PostAsync("accounts/authorities", ca, authContext);
             return JsonConvert.DeserializeObject<ActionResult>(await result.Content.ReadAsStringAsync());
diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 6b1e2a0c4..3d3ba5728 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -3,15 +3,11 @@
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
-using System.Text.Unicode;
 using System.Threading.Tasks;
 using Certify.Models.API;
-using Certify.Models.Config;
 using Certify.Models.Config.AccessControl;
 using Certify.Models.Providers;
 using Certify.Providers;
-using Org.BouncyCastle.Tls;
-using static System.Net.WebRequestMethods;
 
 namespace Certify.Core.Management.Access
 {
@@ -420,7 +416,7 @@ public async Task<RoleStatus> GetSecurityPrincipleRoleStatus(string contextUserI
             if (id != contextUserId && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
                 await AuditWarning("User {contextUserId} attempted to read role status role for [{id}] without being in required role.", contextUserId, id);
-                
+
             }
 
             var allAssignedRoles = await _store.GetItems<AssignedRole>(nameof(AssignedRole));
@@ -457,7 +453,8 @@ public async Task<bool> UpdateAssignedRoles(string contextUserId, SecurityPrinci
             foreach (var deleted in update.RemovedAssignedRoles)
             {
                 var e = existing.FirstOrDefault(r => r.RoleId == deleted.RoleId);
-                if (e!=null){
+                if (e != null)
+                {
                     await _store.Delete<AssignedRole>(nameof(AssignedRole), e.Id);
                 }
             }
@@ -482,7 +479,7 @@ await GetSecurityPrincipleByUsername(contextUserId, passwordCheck.Username) :
                                 await GetSecurityPrinciple(contextUserId, passwordCheck.SecurityPrincipleId);
 
             if (principle != null && IsPasswordValid(passwordCheck.Password, principle.Password))
-            {               
+            {
                 return new SecurityPrincipleCheckResponse { IsSuccess = true, SecurityPrinciple = principle };
             }
             else
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index da02f4e6c..273aea2c9 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -88,9 +88,9 @@ private static async Task BootstrapTestAdminUserAndRoles(IAccessControl access)
                 Password = "admin",
                 Provider = StandardIdentityProviders.INTERNAL
             };
-            
+
             await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
-         
+
             // assign security principles to roles
             var assignedRoles = new List<AssignedRole> {
                  // administrator
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 8dde17907..23ae7e314 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -11,7 +11,6 @@
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
 using Certify.Models;
-using Certify.Models.Config.AccessControl;
 using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
diff --git a/src/Certify.Models/API/AuthRequest.cs b/src/Certify.Models/API/AuthRequest.cs
index 7ff20600f..d5ad8eeac 100644
--- a/src/Certify.Models/API/AuthRequest.cs
+++ b/src/Certify.Models/API/AuthRequest.cs
@@ -1,5 +1,4 @@
-using System.Collections.Generic;
-using Certify.Models.Config.AccessControl;
+using Certify.Models.Config.AccessControl;
 
 namespace Certify.Models.API
 {
diff --git a/src/Certify.Models/Config/CertRequestConfig.cs b/src/Certify.Models/Config/CertRequestConfig.cs
index 85b86fcaf..8492dc4cc 100644
--- a/src/Certify.Models/Config/CertRequestConfig.cs
+++ b/src/Certify.Models/Config/CertRequestConfig.cs
@@ -340,7 +340,7 @@ internal List<string> GetCertificateDomains()
 
             return allDomains.Distinct().ToList();
         }
-       
+
         private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
         private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index f602ae767..dc0336dd9 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -787,7 +787,7 @@ public static bool IsDomainOrWildcardMatch(List<string> dnsNames, string? hostna
 
                             if (targetRenewalPercentage > 100) { targetRenewalPercentage = 100; }
                         }
-                        
+
                         var targetRenewalMinutesAfterCertStart = certLifetime.Value.TotalMinutes * (targetRenewalPercentage / 100);
                         var targetRenewalDate = s.DateStart != null ? s.DateStart.Value.AddMinutes(targetRenewalMinutesAfterCertStart) : s.DateRenewed.Value;
                         nextRenewalAttemptDate = targetRenewalDate;
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index 7d4a25c43..912f39cac 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -1,19 +1,12 @@
 using System;
 using System.Diagnostics;
-using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Certify.Models.API;
-using Certify.Server.Api.Public.Controllers;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
-using Microsoft.VisualStudio.TestPlatform.CoreUtilities.Helpers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 namespace Certify.Service.Api.Tests
@@ -58,11 +51,11 @@ public static void AssemblyInit(TestContext context)
                  .ConfigureAppConfiguration((context, builder) =>
                  {
                      builder.AddJsonFile("appsettings.api.public.test.json");
-                     
+
                  })
                 .UseStartup<Server.API.Startup>()
                 );
-            
+
             _httpClientWithAnonymousAccess = _apiServer.CreateClient();
             _clientWithAnonymousAccess = new API.Public.Client(_apiServer.BaseAddress.ToString(), _httpClientWithAnonymousAccess);
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
index 1979d62af..791e6d2ec 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/AccessTests.cs
@@ -1,6 +1,4 @@
-using System.Net.Http;
-using System.Threading.Tasks;
-using Certify.API.Public;
+using System.Threading.Tasks;
 using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
index 01233a3de..4295aaddf 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/AuthTests.cs
@@ -1,7 +1,5 @@
-using System.Net.Http;
-using System.Threading.Tasks;
+using System.Threading.Tasks;
 using Certify.API.Public;
-using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 namespace Certify.Service.Api.Tests
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
index 51754b32c..4d280731e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/CertificateTests.cs
@@ -1,13 +1,10 @@
-using System.Collections.Generic;
-using System.IO;
+using System.IO;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Certify.API.Public;
 using Certify.Models;
-using Certify.Models.API;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Org.BouncyCastle.Utilities;
 
 namespace Certify.Service.Api.Tests
 {
@@ -47,11 +44,11 @@ public async Task GetCertificateDownload_AuthorizedTest()
 
             Assert.IsTrue(response.TotalResults > 0, "Certificate query should be successful");
 
-            var itemWithCert = response.Results.Last(c => c.HasCertificate && c.Identifiers.Any(d=>d.IdentifierType== CertIdentifierType.Dns));
+            var itemWithCert = response.Results.Last(c => c.HasCertificate && c.Identifiers.Any(d => d.IdentifierType == CertIdentifierType.Dns));
 
             // get cert /certificate/{managedCertId}/download/{format?}
 
-           var file =  await _clientWithAuthorizedAccess.DownloadAsync(itemWithCert.Id, "pfx","fullchain");
+            var file = await _clientWithAuthorizedAccess.DownloadAsync(itemWithCert.Id, "pfx", "fullchain");
 
             // Assert
             using (var memoryStream = new MemoryStream())
@@ -66,7 +63,8 @@ public async Task GetCertificateDownload_AuthorizedTest()
                     Assert.IsTrue(cert.HasPrivateKey, "Downloaded PFX has private key");
 
                     Assert.AreEqual(cert.Subject, "CN=" + itemWithCert.PrimaryIdentifier.Value, "Primary domain of cert should match primary domain of managed item");
-                } catch (System.Security.Cryptography.CryptographicException)
+                }
+                catch (System.Security.Cryptography.CryptographicException)
                 {
                     // pfx has a password set
                 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
index 00bc12ede..b0a5b4944 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
@@ -13,7 +13,7 @@ public async Task GetSystemVersionTest()
             await PerformAuth();
 
             var responseVersion = await _clientWithAuthorizedAccess.GetSystemVersionAsync();
-           
+
             // Assert
             var expectedVersion = typeof(Certify.Models.AppVersion).GetTypeInfo().Assembly.GetName().Version;
             Assert.AreEqual(expectedVersion, responseVersion);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index 197150ce7..bd0e9ded2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -2,7 +2,6 @@
 using System.Security.Claims;
 using Certify.Client;
 using Certify.Models.API;
-using Certify.Models.Config.AccessControl;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 91bfe91b2..e08f5020e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -40,7 +40,7 @@ public CertificateController(ILogger<CertificateController> logger, ICertifyInte
         [HttpGet]
         [Route("{managedCertId}/download/{format?}")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        
+
         [ProducesResponseType(typeof(FileContentResult), 200)]
         public async Task<IActionResult> Download(string managedCertId, string format, string? mode = null)
         {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
index 459f2d2e1..5f4a1b781 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Middleware/AuthenticationExtension.cs
@@ -45,7 +45,7 @@ public static IServiceCollection AddTokenAuthentication(this IServiceCollection
                 };
             });
 
-            
+
             return services;
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 770bfdf39..64888566c 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,14 +1,11 @@
 using System.Reflection;
 using Certify.Client;
-using Certify.Models.Config;
 using Certify.Server.Api.Public.Middleware;
 using Certify.SharedUtils;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
-using Microsoft.Extensions.Options;
 using Microsoft.OpenApi.Models;
-using Polly;
 
 namespace Certify.Server.API
 {
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
index b03458b3c..fbdba67a4 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs
@@ -1,5 +1,4 @@
-using Certify.Core.Management.Access;
-using Certify.Management;
+using Certify.Management;
 using Certify.Models.API;
 using Certify.Models.Config.AccessControl;
 using Microsoft.AspNetCore.DataProtection;
@@ -141,7 +140,7 @@ public async Task<RoleStatus> GetSecurityPrincipleRoleStatus(string id)
         public async Task<SecurityPrincipleCheckResponse> Validate([FromBody] SecurityPrinciplePasswordCheck passwordCheck)
         {
             var accessControl = await _certifyManager.GetCurrentAccessControl();
-            var result =  await accessControl.CheckSecurityPrinciplePassword(GetContextUserId(), passwordCheck);
+            var result = await accessControl.CheckSecurityPrinciplePassword(GetContextUserId(), passwordCheck);
 
             return result;
         }
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
index 75f412124..a0f1da225 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
@@ -3,7 +3,6 @@
 using Microsoft.AspNetCore.Authentication.BearerToken;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Service.Controllers
@@ -31,7 +30,7 @@ public async Task<IActionResult> AcquireToken(string authJwt)
             var identity = new ClaimsIdentity(claims: claims, authenticationType: BearerTokenDefaults.AuthenticationScheme);
             var servicePrinciple = new ClaimsPrincipal(identity: identity);
 
-            
+
 
             // consume a service token request and return a long lived JWT token
             var response = new AccessTokenResponse
@@ -39,8 +38,8 @@ public async Task<IActionResult> AcquireToken(string authJwt)
                 AccessToken = "",
                 ExpiresIn = 3600,
                 RefreshToken = "",
-            };  
-           return Ok(response);
+            };
+            return Ok(response);
         }
 
         [HttpPost, Route("refresh")]
diff --git a/src/Certify.Shared/Utils/PKI/CertUtils.cs b/src/Certify.Shared/Utils/PKI/CertUtils.cs
index 2925ce886..94fffbabb 100644
--- a/src/Certify.Shared/Utils/PKI/CertUtils.cs
+++ b/src/Certify.Shared/Utils/PKI/CertUtils.cs
@@ -6,7 +6,6 @@
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.OpenSsl;
 using Org.BouncyCastle.Pkcs;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.X509;
 
 namespace Certify.Shared.Core.Utils.PKI
diff --git a/src/Certify.Shared/Utils/PKI/OcspUtils.cs b/src/Certify.Shared/Utils/PKI/OcspUtils.cs
index 1f006d838..afaa561c5 100644
--- a/src/Certify.Shared/Utils/PKI/OcspUtils.cs
+++ b/src/Certify.Shared/Utils/PKI/OcspUtils.cs
@@ -1,15 +1,12 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net;
 using System.Net.Http;
-using System.Text;
 using System.Threading.Tasks;
 using Certify.Models.Certify.Models;
 using Certify.Models.Providers;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Ocsp;
-using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Ocsp;
diff --git a/src/Certify.SourceGenerators/ApiMethods.cs b/src/Certify.SourceGenerators/ApiMethods.cs
index d83836397..d57ac7d0d 100644
--- a/src/Certify.SourceGenerators/ApiMethods.cs
+++ b/src/Certify.SourceGenerators/ApiMethods.cs
@@ -1,5 +1,5 @@
-using SourceGenerator;
-using System.Collections.Generic;
+using System.Collections.Generic;
+using SourceGenerator;
 
 namespace Certify.SourceGenerators
 {
@@ -13,7 +13,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
             // - to then generate the public API clients, run nswag when the public API is running.
 
             return new List<GeneratedAPI> {
-  
+
                     new GeneratedAPI {
 
                         OperationName = "GetSecurityPrincipleAssignedRoles",
@@ -97,8 +97,8 @@ public static List<GeneratedAPI> GetApiDefinitions()
                         PublicAPIRoute = "securityprinciple/update",
                         ServiceAPIRoute = "access/securityprinciple/update",
                         ReturnType = "Models.Config.ActionResult",
-                        Params = new Dictionary<string, string>{ 
-                            { "principle", "Certify.Models.Config.AccessControl.SecurityPrinciple" } 
+                        Params = new Dictionary<string, string>{
+                            { "principle", "Certify.Models.Config.AccessControl.SecurityPrinciple" }
                         }
                     },
                       new GeneratedAPI {
diff --git a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
index 84b361621..3793d50d4 100644
--- a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
+++ b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
@@ -1,10 +1,10 @@
-using Certify.SourceGenerators;
-using Microsoft.CodeAnalysis;
-using Microsoft.CodeAnalysis.Text;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
 using System.Text;
+using Certify.SourceGenerators;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.Text;
 
 namespace SourceGenerator
 {
@@ -38,7 +38,7 @@ public void Execute(GeneratorExecutionContext context)
                 var apiParamDecl = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Value} {p.Key}")) : "";
                 var apiParamDeclWithoutAuthContext = config.Params.Any() ? string.Join(", ", config.Params.Select(p => $"{p.Value} {p.Key}")) : "";
 
-                var apiParamCall = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Key}")): "";
+                var apiParamCall = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Key}")) : "";
                 var apiParamCallWithoutAuthContext = config.Params.Any() ? string.Join(", ", config.Params.Select(p => $"{p.Key}")) : "";
 
                 if (context.Compilation.AssemblyName.EndsWith("Api.Public"))
@@ -72,7 +72,7 @@ public partial class {config.PublicAPIController}Controller
                     [Route(""""""{config.PublicAPIRoute}"""""")]
                     public async Task<IActionResult> {config.OperationName}({apiParamDeclWithoutAuthContext})
                     {{
-                        var result = await _client.{config.OperationName}({apiParamCall.Replace("authContext","CurrentAuthContext")});
+                        var result = await _client.{config.OperationName}({apiParamCall.Replace("authContext", "CurrentAuthContext")});
                         return new OkObjectResult(result);
                     }}
                 }}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
index 7ab12909f..da5b799fd 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -3,8 +3,6 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Certify.Core.Management.Access;
-using Certify.Datastore.Postgres;
-using Certify.Datastore.SQLServer;
 using Certify.Management;
 using Certify.Models.Config.AccessControl;
 using Certify.Providers;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index 1f6028af4..14f33ff0e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -20,7 +20,7 @@ public class MemoryObjectStore : IAccessControlStore
         public Task Add<T>(string itemType, AccessStoreItem item)
         {
             item.ItemType = itemType;
-            
+
             // clone the item to avoid reference issue mutating the same object, as we are using an in-memory store
             var clonedItem = JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(item)) as AccessStoreItem;
             return Task.FromResult(_store.TryAdd(clonedItem.Id, clonedItem));
@@ -57,7 +57,7 @@ public Task Add<T>(string itemType, T item)
 
         public Task Update<T>(string itemType, T item)
         {
-            var o =  JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(item)) as AccessStoreItem;
+            var o = JsonConvert.DeserializeObject<T>(JsonConvert.SerializeObject(item)) as AccessStoreItem;
 
             _store.TryGetValue(o.Id, out var value);
             var c = Task.FromResult((T)Convert.ChangeType(value, typeof(T))).Result as AccessStoreItem;
@@ -74,19 +74,19 @@ public Task Update<T>(string itemType, T item)
     public class TestAssignedRoles
     {
         public static AssignedRole TestAdmin { get; } = new AssignedRole
-        { 
+        {
             // test administrator
             RoleId = StandardRoles.Administrator.Id,
             SecurityPrincipleId = "[test]"
         };
         public static AssignedRole Admin { get; } = new AssignedRole
-        { 
+        {
             // administrator
             RoleId = StandardRoles.Administrator.Id,
             SecurityPrincipleId = "admin_01"
         };
         public static AssignedRole DevopsUserDomainConsumer { get; } = new AssignedRole
-        { 
+        {
             // devops user in consumer role for a specific domain
             RoleId = StandardRoles.CertificateConsumer.Id,
             SecurityPrincipleId = "devops_user_01",
@@ -95,7 +95,7 @@ public class TestAssignedRoles
             }
         };
         public static AssignedRole DevopsUserWildcardDomainConsumer { get; } = new AssignedRole
-        { 
+        {
             // devops user in consumer role for a wildcard domain
             RoleId = StandardRoles.CertificateConsumer.Id,
             SecurityPrincipleId = "devops_user_01",

From 1019989a69f35ae199909aaf15e7f82ec10c8d09 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 26 Mar 2024 10:42:26 +0800
Subject: [PATCH 168/237] UI: skip cache update for external items, skip
 validation if item not selected

---
 .../ViewModelTests.cs                         | 55 ++-----------------
 1 file changed, 6 insertions(+), 49 deletions(-)

diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
index 840e3f074..72290a528 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
@@ -14,55 +14,6 @@ namespace Certify.UI.Tests.Integration
     [TestClass]
     public class ViewModelTest
     {
-        [TestMethod, Ignore]
-        public async Task TestViewModelSetup()
-        {
-            var mockClient = new Mock<ICertifyClient>();
-
-            AuthContext authContext = null;
-            mockClient.Setup(c => c.GetPreferences(authContext)).Returns(
-                Task.FromResult(new Models.Preferences { })
-                );
-
-            mockClient.Setup(c => c.GetManagedCertificates(It.IsAny<Models.ManagedCertificateFilter>(), authContext))
-                .Returns(
-                Task.FromResult(new List<ManagedCertificate> {
-                    new ManagedCertificate{
-                         Id= Guid.NewGuid().ToString(),
-                         Name="Test  Managed Certificate"
-                    }
-                })
-                );
-
-            mockClient.Setup(c => c.GetAccounts(authContext))
-                .Returns(
-                Task.FromResult(
-                    new List<AccountDetails> {
-                        new AccountDetails {
-                            Email = "test@example.com",
-                            IsStagingAccount = true,
-                            CertificateAuthorityId = StandardCertAuthorities.LETS_ENCRYPT
-                        }
-                    })
-                );
-
-            mockClient.Setup(c => c.GetCredentials(authContext))
-              .Returns(
-              Task.FromResult(new List<StoredCredential> { })
-              );
-
-            var appModel = new AppViewModel(mockClient.Object);
-
-            await appModel.LoadSettingsAsync();
-
-            Assert.IsTrue(appModel.ManagedCertificates.Count > 0, "Should have managed sites");
-
-            Assert.IsTrue(appModel.HasRegisteredContacts, "Should have a registered contact");
-
-            await appModel.RefreshStoredCredentialsList();
-
-            appModel.RenewAll(new RenewalSettings { });
-        }
 
         [TestMethod]
         public void TestManagedCertViewModelValidationWithDomains()
@@ -232,6 +183,12 @@ public void TestManagedCertViewModelValidationWithDomains()
             Assert.IsFalse(result.IsValid, result.Message);
             Assert.AreEqual(ValidationErrorCodes.SAN_LIMIT.ToString(), result.ErrorCode);
 
+            model.SelectedItem = null;
+            result = model.Validate(applyAutoConfiguration: true);
+
+            Assert.IsFalse(result.IsValid, result.Message);
+            Assert.AreEqual(ValidationErrorCodes.ITEM_NOT_FOUND.ToString(), result.ErrorCode);
+
         }
 
         [TestMethod]

From 7e087e6bc1262f1e8a6bdb19e3826e0b0eb53654 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 26 Mar 2024 10:43:11 +0800
Subject: [PATCH 169/237] Package updates

---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 1876708b6..732c3a2d2 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.25" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.27" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index f109a934c..ce115fcd4 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -147,7 +147,7 @@
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="System.Text.Json" Version="8.0.3" />
-    <PackageReference Include="Testcontainers" Version="3.7.0" />
+    <PackageReference Include="Testcontainers" Version="3.8.0" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />

From 403ce22b20b66140f712588f8daca75ba099061d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 26 Mar 2024 10:46:07 +0800
Subject: [PATCH 170/237] Update build props

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 8c52450e0..b47498fba 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -4,7 +4,7 @@
     <AssemblyVersion>6.1.0</AssemblyVersion>
     <Authors>Webprofusion Pty Ltd</Authors>
     <Company>Webprofusion Pty Ltd</Company>
-    <Product>Certify The Web - Certify SSL Manager</Product>
+    <Product>Certify The Web - Certify Certificate Manager</Product>
     <PackageProjectUrl>https://certifytheweb.com</PackageProjectUrl>
     <RepositoryUrl>https://github.com/webprofusion/certify</RepositoryUrl>
     <Deterministic>false</Deterministic>

From 0aaf5a9aa0438818a099db7f3baaeb90b4918d11 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 26 Mar 2024 11:03:47 +0800
Subject: [PATCH 171/237] WIP: include external items in results

---
 .../CertifyManager.ManagedCertificates.cs     | 67 +++++++++++++------
 1 file changed, 46 insertions(+), 21 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 64070d176..0d04da7be 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -29,30 +29,43 @@ public partial class CertifyManager
         public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter)
         {
             var list = await _itemManager.Find(filter);
-
             if (filter?.IncludeExternal == true)
             {
-                if (_pluginManager?.CertificateManagerProviders?.Any() == true)
+                var external = GetExternallyManagedCertificates(filter);
+                if (external != null)
                 {
-                    // TODO: cache providers/results
-                    // check if we have any external sources of managed certificates
-                    foreach (var p in _pluginManager.CertificateManagerProviders)
+                    list.AddRange(await external);
+                }
+            }
+
+            return list;
+        }
+
+        private async Task<List<ManagedCertificate>> GetExternallyManagedCertificates(ManagedCertificateFilter filter)
+        {
+            var externalList = new List<ManagedCertificate>();
+            if (_pluginManager?.CertificateManagerProviders?.Any() == true)
+            {
+                // TODO: cache providers/results
+
+                // check if we have any external sources of managed certificates
+                foreach (var p in _pluginManager.CertificateManagerProviders)
+                {
+                    if (p != null)
                     {
-                        if (p != null)
+                        var pluginType = p.GetType();
+                        var providers = p.GetProviders(pluginType);
+
+                        foreach (var cp in providers)
                         {
-                            var pluginType = p.GetType();
-                            var providers = p.GetProviders(pluginType);
-                            foreach (var cp in providers)
+                            if (cp?.IsEnabled == true)
                             {
                                 try
                                 {
-                                    if (cp.IsEnabled)
-                                    {
-                                        var certManager = p.GetProvider(pluginType, cp.Id);
-                                        var certs = await certManager.GetManagedCertificates(filter);
+                                    var certManager = p.GetProvider(pluginType, cp.Id);
+                                    var certs = await certManager.GetManagedCertificates(filter);
 
-                                        list.AddRange(certs);
-                                    }
+                                    externalList.AddRange(certs);
                                 }
                                 catch (Exception ex)
                                 {
@@ -60,15 +73,15 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
                                 }
                             }
                         }
-                        else
-                        {
-                            _serviceLog?.Error($"Failed to create one or more certificate manager plugins");
-                        }
+                    }
+                    else
+                    {
+                        _serviceLog?.Error($"Failed to create one or more certificate manager plugins");
                     }
                 }
             }
 
-            return list;
+            return externalList;
         }
 
         /// <summary>
@@ -80,7 +93,19 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
         {
             var result = new ManagedCertificateSearchResult();
 
-            result.Results = await _itemManager.Find(filter);
+            var list = await _itemManager.Find(filter);
+            result.Results = list;
+
+            if (filter?.IncludeExternal == true)
+            {
+                // TODO: overall set still has to be paged and sorted
+                var external = GetExternallyManagedCertificates(filter);
+                if (external != null)
+                {
+                    list.AddRange(await external);
+                    result.Results = list;
+                }
+            }
 
             if (filter.PageSize > 0)
             {

From 5eb2c18d79b2ef1d09656269de8127b1a6818147 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 18 Apr 2024 12:36:42 +0800
Subject: [PATCH 172/237] Package updates

---
 .../Certify.Aspire.AppHost.csproj                |  2 +-
 .../Certify.Aspire.AppHost/Program.cs            |  4 ++--
 .../Properties/launchSettings.json               |  7 ++++---
 .../Certify.Aspire.ServiceDefaults.csproj        | 16 ++++++++--------
 .../Certify.Aspire.ServiceDefaults/Extensions.cs |  2 +-
 src/Certify.Client/Certify.Client.csproj         |  6 +++---
 src/Certify.Models/Certify.Models.csproj         |  2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj  |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj            |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj       |  8 ++++----
 .../Properties/launchSettings.json               | 12 ++++++++++++
 .../Certify.Server.Api.Public.csproj             |  4 ++--
 .../Certify.Server.Core.csproj                   | 10 +++++-----
 src/Certify.Service/App.config                   |  2 +-
 src/Certify.Service/Certify.Service.csproj       |  4 ++--
 .../Certify.Shared.Extensions.csproj             |  2 +-
 .../Certify.Core.Tests.Integration.csproj        |  6 +++---
 .../Certify.Core.Tests.Unit.csproj               |  6 +++---
 .../Certify.Service.Tests.Integration.csproj     |  6 +++---
 .../Certify.UI.Tests.Integration.csproj          |  4 ++--
 src/Certify.UI/Certify.UI.csproj                 |  2 +-
 21 files changed, 61 insertions(+), 48 deletions(-)
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public.Tests/Properties/launchSettings.json

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index efcce1c59..812ab09e6 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting" Version="8.0.0-preview.3.24105.21" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.5.24201.12" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
index 332ac2a00..d12b890cc 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Program.cs
@@ -1,7 +1,7 @@
 var builder = DistributedApplication.CreateBuilder(args);
 
-builder.AddProject<Projects.Certify_Server_Api_Public>("certify.server.api.public");
+builder.AddProject<Projects.Certify_Server_Api_Public>("certifyserverapi");
 
-builder.AddProject<Projects.Certify_Server_Core>("certify.server.core");
+builder.AddProject<Projects.Certify_Server_Core>("certifyservercore");
 
 builder.Build().Run();
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json b/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
index 31b555470..1c4e230f3 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Properties/launchSettings.json
@@ -1,15 +1,16 @@
 {
   "$schema": "http://json.schemastore.org/launchsettings.json",
   "profiles": {
-    "http": {
+    "https": {
       "commandName": "Project",
       "dotnetRunMessages": true,
       "launchBrowser": true,
-      "applicationUrl": "http://localhost:15155",
+      "applicationUrl": "https://localhost:15155",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "DOTNET_ENVIRONMENT": "Development",
-        "DOTNET_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:16075"
+        "DOTNET_DASHBOARD_OTLP_ENDPOINT_URL": "https://localhost:16075",
+        "DOTNET_RESOURCE_SERVICE_ENDPOINT_URL": "https://localhost:22109"
       }
     }
   }
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 7d18fc1e8..9757a6488 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,14 +11,14 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.3.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.3.24105.21" />
-    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.7.0" />
-    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.7.0" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.7.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.6.0-beta.3" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.7.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.7.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.4.0" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.5.24201.12" />
+    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.0" />
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.8.0" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
index d2f1d578c..7249ebecb 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Extensions.cs
@@ -25,7 +25,7 @@ public static IHostApplicationBuilder AddServiceDefaults(this IHostApplicationBu
             http.AddStandardResilienceHandler();
 
             // Turn on service discovery by default
-            http.UseServiceDiscovery();
+            http.AddServiceDiscovery();
         });
 
         return builder;
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 51772827a..9d798b0f6 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.3" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.4" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.3.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index c7746a0ec..558e807e1 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.4.1" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.9.2">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 732c3a2d2..efa37eb1b 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.27" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.41" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 9edeb51b2..c4eedcc52 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.38.0" />
-    <PackageReference Include="Azure.Identity" Version="1.10.4" />
+    <PackageReference Include="Azure.Identity" Version="1.11.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.0" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index f55667142..e6788a104 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,11 +10,11 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.3" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.4" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.4" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public.Tests/Properties/launchSettings.json
new file mode 100644
index 000000000..83c4de950
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Properties/launchSettings.json
@@ -0,0 +1,12 @@
+{
+  "profiles": {
+    "Certify.Server.Api.Public.Tests": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:9578;http://localhost:9579"
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 4464d5dc7..87b5dc2f8 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,8 +18,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.3" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.4" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 4f73e15ed..ff8735aaa 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.3.1" />
         <PackageReference Include="Serilog" Version="3.1.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.3" />
-        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.4" />
+        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.3" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.3" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.4" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.4" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.4" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 0eb1ce73a..b6d0bebcd 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -33,7 +33,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.58.1.0" newVersion="4.59.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.60.2.0" newVersion="4.60.2.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index da0635f5d..12bf9087f 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.59.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.60.2" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
@@ -68,7 +68,7 @@
         <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
-        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
         <PackageReference Include="System.ServiceProcess.ServiceController" Version="8.0.0" />
         <PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
         <PackageReference Include="System.ValueTuple" Version="4.5.0" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 3ad2e3071..df9bb960c 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.1" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.2" Condition="'$(TargetFramework)' == 'net8.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 4b6b7c30d..f892aafec 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -93,8 +93,8 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.3.1" />
 
@@ -103,7 +103,7 @@
     <PackageReference Include="System.Collections.Concurrent" Version="4.3.0" />
     <PackageReference Include="System.Console" Version="4.3.1" />
     <PackageReference Include="System.Diagnostics.Debug" Version="4.3.0" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Diagnostics.Tools" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
     <PackageReference Include="System.Diagnostics.Tracing" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index ce115fcd4..0e19cdd43 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -140,10 +140,10 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
     <PackageReference Include="Polly" Version="8.3.1" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="System.Text.Json" Version="8.0.3" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 2a5f8e793..8afcec76b 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -78,10 +78,10 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
     <PackageReference Include="Polly" Version="8.3.1" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>
     <Folder Include="Properties\" />
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 64f37600c..f79bd1348 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -74,8 +74,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.2.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.2.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 25bab82ec..ef3d077d7 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -180,7 +180,7 @@
       <Version>3.1.1</Version>
     </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
-      <Version>8.0.0</Version>
+      <Version>8.0.1</Version>
     </PackageReference>
     <PackageReference Include="System.Net.Http">
       <Version>4.3.4</Version>

From 65c432fac81480086cc46eaf878770982ba1bfdc Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 18 Apr 2024 12:40:26 +0800
Subject: [PATCH 173/237] API client: configure await to allow for WPF
 dispatcher on async loads

---
 src/Certify.Client/CertifyApiClient.cs | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index effd34f4e..cab5a151e 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -156,15 +156,15 @@ private async Task<string> FetchAsync(string endpoint, AuthContext authContext)
                 {
                     SetAuthContextForRequest(request, authContext);
 
-                    var response = await _client.SendAsync(request);
+                    var response = await _client.SendAsync(request).ConfigureAwait(false);
 
                     if (response.IsSuccessStatusCode)
                     {
-                        return await response.Content.ReadAsStringAsync();
+                        return await response.Content.ReadAsStringAsync().ConfigureAwait(false);
                     }
                     else
                     {
-                        var error = await response.Content.ReadAsStringAsync();
+                        var error = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
                         throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error} ");
                     }
                 }
@@ -195,7 +195,7 @@ private async Task<HttpResponseMessage> PostAsync(string endpoint, object data,
 
                         request.Content = content;
 
-                        var response = await _client.SendAsync(request);
+                        var response = await _client.SendAsync(request).ConfigureAwait(false);
                         if (response.IsSuccessStatusCode)
                         {
                             return response;
@@ -231,14 +231,14 @@ private async Task<HttpResponseMessage> PostAsync(string endpoint, object data,
             }
             else
             {
-                var response = await _client.PostAsync(_baseUri + endpoint, new StringContent(""));
+                var response = await _client.PostAsync(_baseUri + endpoint, new StringContent("")).ConfigureAwait(false);
                 if (response.IsSuccessStatusCode)
                 {
                     return response;
                 }
                 else
                 {
-                    var error = await response.Content.ReadAsStringAsync();
+                    var error = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
                     throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
                 }
             }
@@ -250,7 +250,7 @@ private async Task<HttpResponseMessage> DeleteAsync(string endpoint, AuthContext
             {
                 SetAuthContextForRequest(request, authContext);
 
-                var response = await _client.SendAsync(request);
+                var response = await _client.SendAsync(request).ConfigureAwait(false);
 
                 if (response.IsSuccessStatusCode)
                 {
@@ -258,7 +258,7 @@ private async Task<HttpResponseMessage> DeleteAsync(string endpoint, AuthContext
                 }
                 else
                 {
-                    var error = await response.Content.ReadAsStringAsync();
+                    var error = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
                     throw new ServiceCommsException($"Internal Service Error: {endpoint}: {error}");
                 }
             }
@@ -413,10 +413,10 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
         /// <returns></returns>
         public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter, AuthContext authContext = null)
         {
-            var response = await PostAsync("managedcertificates/results/", filter, authContext);
+            var response = await PostAsync("managedcertificates/results/", filter, authContext).ConfigureAwait(false);
             var serializer = new JsonSerializer();
 
-            using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
+            using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync().ConfigureAwait(false)))
             using (var reader = new JsonTextReader(sr))
             {
                 var result = serializer.Deserialize<ManagedCertificateSearchResult>(reader);

From bb6ed77209ecc2d552aada19c5db33d11b1dfe07 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 1 May 2024 17:17:47 +0800
Subject: [PATCH 174/237] Anvil: chain build - fallback to skipping chain build
 if no issuers known

Anvil: add logging directly to item log if chain build errors occur
---
 src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs b/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
index 4cf57956c..fd324c042 100644
--- a/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
+++ b/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Globalization;

From 430e55f7548c1d011a48c6c1954cda9db67ccb5e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 1 May 2024 17:18:27 +0800
Subject: [PATCH 175/237] ARI: update CertID computation. Remove older draft of
 Update method

---
 .../CertifyManager.Maintenance.cs             |  2 +-
 .../Tests/MiscTests.cs                        | 48 ++-----------------
 2 files changed, 6 insertions(+), 44 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index 273aea2c9..4747b69f3 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index 6d1a6e8f9..ee1145101 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -61,57 +61,19 @@ public async Task TestNtp()
                 Assert.Fail("NTP Time Difference Failed");
             }
         }
-
-        [TestMethod, Description("Test self signed cert")]
-        public void TestSelfSignedCertCreate()
-        {
-
-            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
-            Assert.IsNotNull(cert);
-        }
-
-        [TestMethod, Description("Test self signed cert storage")]
-        public void TestSelfSignedCertCreateAndStore()
-        {
-
-            var cert = CertificateManager.GenerateSelfSignedCertificate("test.com", new DateTime(1934, 01, 01), new DateTime(1934, 03, 01), suffix: "[Certify](test)");
-            Assert.IsNotNull(cert);
-
-            CertificateManager.StoreCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-
-            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-            Assert.IsNotNull(storedCert);
-
-            CertificateManager.RemoveCertificate(storedCert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-        }
-
-        [TestMethod, Description("Test localhost cert")]
-        public void TestSelfSignedLocalhostCertCreateAndStore()
-        {
-
-            var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)");
-            Assert.IsNotNull(cert);
-
-            CertificateManager.StoreCertificate(cert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-
-            var storedCert = CertificateManager.GetCertificateByThumbprint(cert.Thumbprint, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-            Assert.IsNotNull(storedCert);
-
-            CertificateManager.RemoveCertificate(storedCert, Certify.Management.CertificateManager.DEFAULT_STORE_NAME);
-        }
 #if NET7_0_OR_GREATER
         [TestMethod, Description("Test ARI CertID encoding example")]
         public void TestARICertIDEncoding()
         {
             // https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients
-            var certAKIbytes = Convert.FromHexString("69:88:5B:6B:87:46:40:41:E1:B3:7B:84:7B:A0:AE:2C:DE:01:C8:D4".Replace(":", ""));
-            var certSerialBytes = Convert.FromHexString("00:87:65:43:21".Replace(":", ""));
+            var certAKIbytes = Convert.FromHexString("69:88:5B:6B:87:46:40:41:E1:B3:7B:84:7B:A0:AE:2C:DE:01:C8:D4".Replace(":",""));
+            var certSerialBytes= Convert.FromHexString("00:87:65:43:21".Replace(":",""));
 
-            var certId = Certify.Management.Util.ToUrlSafeBase64String(certAKIbytes)
-                + "."
+            var certId = Certify.Management.Util.ToUrlSafeBase64String(certAKIbytes) 
+                + "." 
                 + Certify.Management.Util.ToUrlSafeBase64String(certSerialBytes);
 
-            Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
+           Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
         }
 #endif
     }

From 0e7ecc81a87adbf49475719992ad37b88d5f2e45 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 2 May 2024 10:27:37 +0800
Subject: [PATCH 176/237] Fix ported change

---
 src/Certify.CLI/CertifyCLI.Backup.cs                |  4 ++--
 .../Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1      | 13 +------------
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index 3d81c8574..bdba39de3 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -26,7 +26,7 @@ public async Task PerformBackupExport(string[] args)
 
             var exportRequest = new ExportRequest { IsPreviewMode = false, Settings = new ExportSettings { EncryptionSecret = secret, ExportAllStoredCredentials = true } };
 
-            var export = await _certifyClient.PerformExport(exportRequest, null);
+            var export = await _certifyClient.PerformExport(exportRequest);
 
             System.IO.File.WriteAllText(filename, JsonConvert.SerializeObject(export));
 
@@ -64,7 +64,7 @@ public async Task PerformBackupImport(string[] args)
                 return;
             }
 
-            var importSteps = await _certifyClient.PerformImport(importRequest, null);
+            var importSteps = await _certifyClient.PerformImport(importRequest);
 
             foreach (var s in importSteps)
             {
diff --git a/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1 b/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
index 5d22f1410..2bbd11170 100644
--- a/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
+++ b/src/Certify.Shared.Extensions/Scripts/DNS/PoshACME/Posh-ACME-Wrapper.ps1
@@ -15,18 +15,7 @@ try {
 # iwr https://tls13.1d.pw # TLS 1.3 test
 
 # Load Assembly without using Add-Type to avoid locking assembly dll
-$bcPath = "$($PoshACMERoot)/../../../BouncyCastle.Cryptography.dll"
-If (Test-Path -Path $bcPath -PathType Leaf -ne $true)
-{
-    $bcPath =   "$($PoshACMERoot)\lib\BC.Crypto.1.8.8.2-netstandard2.0.dll"
-
-    If (Test-Path -Path $bcPath -PathType Leaf -ne $true){
-        Write-Error "Unable to find BouncyCastle dll at $bcPath"
-        Exit 1
-    }
-}
-
-$assemblyBytes = [System.IO.File]::ReadAllBytes($bcPath)
+$assemblyBytes = [System.IO.File]::ReadAllBytes("$($PoshACMERoot)\..\..\..\BouncyCastle.Cryptography.dll")
 [System.Reflection.Assembly]::Load($assemblyBytes) | out-null
 
 # Dot source the files (in the same manner as Posh-ACME would)

From caa3a76cd2c0bad2a2fd1189a6176d81dd8d4059 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sun, 5 May 2024 16:03:46 +0800
Subject: [PATCH 177/237] Package updates and fix build

---
 .../Certify.Aspire.ServiceDefaults.csproj           |  4 ++--
 src/Certify.CLI/CertifyCLI.Backup.cs                |  5 +++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj     |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj               |  6 +++---
 src/Certify.Service/App.config                      | 13 +++++++------
 src/Certify.Service/Certify.Service.csproj          |  2 +-
 6 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 9757a6488..5d6a2359a 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -13,8 +13,8 @@
 
     <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.4.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.5.24201.12" />
-    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.0" />
-    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.0" />
+    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index bdba39de3..49896c5a7 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -2,6 +2,7 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
+using Certify.Client;
 using Certify.Models.Config.Migration;
 using Newtonsoft.Json;
 
@@ -26,7 +27,7 @@ public async Task PerformBackupExport(string[] args)
 
             var exportRequest = new ExportRequest { IsPreviewMode = false, Settings = new ExportSettings { EncryptionSecret = secret, ExportAllStoredCredentials = true } };
 
-            var export = await _certifyClient.PerformExport(exportRequest);
+            var export = await _certifyClient.PerformExport(exportRequest, authContext: null);
 
             System.IO.File.WriteAllText(filename, JsonConvert.SerializeObject(export));
 
@@ -64,7 +65,7 @@ public async Task PerformBackupImport(string[] args)
                 return;
             }
 
-            var importSteps = await _certifyClient.PerformImport(importRequest);
+            var importSteps = await _certifyClient.PerformImport(importRequest, authContext: null);
 
             foreach (var s in importSteps)
             {
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index efa37eb1b..d729e2423 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.41" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.53" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index c4eedcc52..9df5c1e65 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,9 +7,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.38.0" />
-    <PackageReference Include="Azure.Identity" Version="1.11.0" />
-    <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.0" />
+    <PackageReference Include="Azure.Core" Version="1.39.0" />
+    <PackageReference Include="Azure.Identity" Version="1.11.2" />
+    <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
 
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index b6d0bebcd..80870aa7e 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -8,32 +8,33 @@
       <!-- System.Text.Encodings.Web : Azure.Security.KeyVault.Certificates.ImportCertificateOptions tries to load old version -->
       <dependentAssembly>
         <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="8.0.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
       </dependentAssembly>
 
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.37.0.0" newVersion="1.38.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.39.0.0" newVersion="1.39.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
       <!-- application insights also references v5.0, so we overide that here and also reference 7.x in the service and the plugins.all -->
-      <dependentAssembly>
+    <!--  <dependentAssembly>
         <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-7.0.0.2" newVersion="8.0.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-8.0.1.0" newVersion="8.0.1.0"/>
       </dependentAssembly>
+      -->
 
       <!-- Azure resource manager references an old version of Microsoft.Bcl.AsyncInterfaces-->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="8.0.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
       </dependentAssembly>
 
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.60.2.0" newVersion="4.60.2.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.60.3.0" newVersion="4.60.3.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 12bf9087f..11d87938d 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.60.2" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />

From e6483c99e8c0801aa2ccfce81cb74b008962e3ed Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 6 May 2024 18:32:24 +0800
Subject: [PATCH 178/237] Package updates

---
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj      | 2 +-
 .../Certify.Aspire.ServiceDefaults.csproj                     | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj                | 4 ++--
 src/Certify.UI/Certify.UI.csproj                              | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index 812ab09e6..6c6688eef 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.5.24201.12" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.6.24214.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 5d6a2359a..47c59db69 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -12,7 +12,7 @@
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
     <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.4.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.5.24201.12" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.6.24214.1" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 76dbe37d2..7148182ad 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -32,12 +32,12 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="ControlzEx" Version="7.0.0-alpha0018" />
+		<PackageReference Include="ControlzEx" Version="7.0.0-alpha0104" />
 		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
 		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>
-		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0476" />
+		<PackageReference Include="MahApps.Metro" Version="3.0.0-alpha0492" />
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index ef3d077d7..7b06303a9 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -158,7 +158,7 @@
       <Version>4.7.0.9</Version>
     </PackageReference>
     <PackageReference Include="MahApps.Metro">
-      <Version>3.0.0-alpha0476</Version>
+      <Version>3.0.0-alpha0492</Version>
     </PackageReference>
     <PackageReference Include="Markdig.Wpf">
       <Version>0.5.0.1</Version>

From 9b73604fba867acc6d955b71bfb1df14b507cc17 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 8 May 2024 17:06:54 +0800
Subject: [PATCH 179/237] Data store cleanup and simplify

---
 .../Management/Access/AccessControl.cs        | 40 ++++++++------
 .../CertifyManager.DataStores.cs              |  4 +-
 .../CertifyManager/CertifyManager.cs          |  4 +-
 .../Providers/ICredentialsManager.cs          |  2 +-
 ...tialsManagerBase.cs => CredentialsUtil.cs} | 32 ++---------
 .../CertRequestTests.cs                       | 55 +++++++++++--------
 .../DNS/DnsAPITest.AWSRoute53.cs              |  1 +
 .../DNS/DnsAPITest.Azure.cs                   |  1 +
 .../DNS/DnsAPITest.Cloudflare.cs              |  1 +
 .../DataStores/AccessControlDataStoreTests.cs | 38 ++++++-------
 .../DataStores/ManagedItemDataStoreTests.cs   |  2 +-
 .../StoredCredentialsDataStoreTests.cs        |  3 +-
 .../MigrationManagerTests.cs                  |  4 +-
 .../Tests/GetDnsProviderTests.cs              |  3 +-
 14 files changed, 94 insertions(+), 96 deletions(-)
 rename src/Certify.Shared/Management/{CredentialsManagerBase.cs => CredentialsUtil.cs} (78%)

diff --git a/src/Certify.Core/Management/Access/AccessControl.cs b/src/Certify.Core/Management/Access/AccessControl.cs
index 3d3ba5728..5610ccc25 100644
--- a/src/Certify.Core/Management/Access/AccessControl.cs
+++ b/src/Certify.Core/Management/Access/AccessControl.cs
@@ -25,18 +25,19 @@ public AccessControl(ILog log, IAccessControlStore store)
 
         public async Task AuditWarning(string template, params object[] propertyvalues)
         {
-            _log.Warning(template, propertyvalues);
+            _log?.Warning(template, propertyvalues);
         }
 
         public async Task AuditError(string template, params object[] propertyvalues)
         {
-            _log.Error(template, propertyvalues);
+            _log?.Error(template, propertyvalues);
         }
 
         public async Task AuditInformation(string template, params object[] propertyvalues)
         {
-            _log.Information(template, propertyvalues);
+            _log?.Information(template, propertyvalues);
         }
+
         /// <summary>
         /// Check if the system has been initialized with a security principle
         /// </summary>
@@ -106,7 +107,7 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
 
             if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}] without being in required role.");
+                await AuditWarning("User {contextUserId} attempted to use UpdateSecurityPrinciple [{principleId}] without being in required role.", contextUserId, principle?.Id);
                 return false;
             }
 
@@ -123,11 +124,11 @@ public async Task<bool> UpdateSecurityPrinciple(string contextUserId, SecurityPr
             }
             catch
             {
-                await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple [{principle?.Id}], but was not successful");
+                await AuditWarning("User {contextUserId} attempted to use UpdateSecurityPrinciple [{principleId}], but was not successful", contextUserId, principle?.Id);
                 return false;
             }
 
-            _log?.Information($"User {contextUserId} updated security principle [{principle?.Id}] {principle?.Username}");
+            await AuditInformation("User {contextUserId} updated security principle [{principleId}] {principleUsername}", contextUserId, principle?.Id, principle?.Username);
             return true;
         }
 
@@ -141,13 +142,13 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
         {
             if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                await AuditWarning($"User {contextUserId} attempted to use DeleteSecurityPrinciple [{id}] without being in required role.");
+                await AuditWarning("User {contextUserId} attempted to use DeleteSecurityPrinciple [{id}] without being in required role.", contextUserId, id);
                 return false;
             }
 
             if (!allowSelfDelete && id == contextUserId)
             {
-                _log?.Information($"User {contextUserId} tried to delete themselves.");
+                await AuditWarning("User {contextUserId} tried to delete themselves.", contextUserId);
                 return false;
             }
 
@@ -157,12 +158,17 @@ public async Task<bool> DeleteSecurityPrinciple(string contextUserId, string id,
 
             if (deleted != true)
             {
-                await AuditWarning($"User {contextUserId} attempted to delete security principle [{id}] {existing?.Username}, but was not successful");
+                await AuditWarning("User {contextUserId} attempted to delete security principle [{id}] {existingUsername}, but was not successful", contextUserId, id, existing?.Username);
                 return false;
             }
-            // TODO: remove assigned roles
 
-            _log?.Information($"User {contextUserId} deleted security principle [{id}] {existing?.Username}");
+            var assignedRoles = await GetAssignedRoles(contextUserId, id);
+            foreach (var a in assignedRoles)
+            {
+                await _store.Delete<AssignedRole>(nameof(AssignedRole), a.Id);
+            }
+
+            await AuditInformation("User {contextUserId} deleted security principle [{id}] {existingUsername}", contextUserId, id, existing?.Username);
 
             return true;
         }
@@ -175,7 +181,7 @@ public async Task<SecurityPrinciple> GetSecurityPrinciple(string contextUserId,
             }
             catch (Exception exp)
             {
-                _log.Error(exp, $"User {contextUserId} attempted to retrieve security principle [{id}] but was not successful");
+                await AuditError("User {contextUserId} attempted to retrieve security principle [{id}] but was not successful : {exp}", contextUserId, id, exp);
 
                 return default;
             }
@@ -283,13 +289,13 @@ public async Task<bool> AddResourcePolicy(string contextUserId, ResourcePolicy r
         {
             if (!bypassIntegrityCheck && !await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
             {
-                await AuditWarning($"User {contextUserId} attempted to use AddResourcePolicy [{resourceProfile.Id}] without being in required role.");
+                await AuditWarning("User {contextUserId} attempted to use AddResourcePolicy [{resourceProfileId}] without being in required role.", contextUserId, resourceProfile?.Id);
                 return false;
             }
 
             await _store.Add(nameof(ResourcePolicy), resourceProfile);
 
-            _log?.Information($"User {contextUserId} added resource policy [{resourceProfile.Id}]");
+            await AuditInformation("User {contextUserId} added resource policy [{resourceProfile.Id}]", contextUserId, resourceProfile?.Id);
             return true;
         }
 
@@ -316,18 +322,18 @@ public async Task<bool> UpdateSecurityPrinciplePassword(string contextUserId, Se
                 }
                 catch
                 {
-                    await AuditWarning($"User {contextUserId} attempted to use UpdateSecurityPrinciple password [{principle?.Id}], but was not successful");
+                    await AuditWarning("User {contextUserId} attempted to use UpdateSecurityPrinciple password [{principleId}], but was not successful", contextUserId, principle?.Id);
                     return false;
                 }
             }
             else
             {
-                _log?.Information("Previous password did not match while updating security principle password", contextUserId, principle.Username, principle.Id);
+                await AuditInformation("Previous password did not match while updating security principle password", contextUserId, principle.Username, principle.Id);
             }
 
             if (updated)
             {
-                _log?.Information("User {contextUserId} updated password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
+                await AuditInformation("User {contextUserId} updated password for [{username} - {id}]", contextUserId, principle.Username, principle.Id);
             }
             else
             {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
index fd0f30faa..c9fc8044c 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
@@ -80,11 +80,11 @@ private async Task<ICredentialsManager> GetCredentialManagerProvider(DataStoreCo
                         {
                             if (provider.ProviderCategoryId == "sqlite" && string.IsNullOrEmpty(dataStore.ConnectionConfig))
                             {
-                                pr.Init("credentials", _useWindowsNativeFeatures, _serviceLog);
+                                pr.Init(string.Empty, _serviceLog);
                             }
                             else
                             {
-                                pr.Init(dataStore.ConnectionConfig, _useWindowsNativeFeatures, _serviceLog);
+                                pr.Init(dataStore.ConnectionConfig, _serviceLog);
                             }
 
                             if (!await pr.IsInitialised())
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 23ae7e314..a1d8151de 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -272,7 +272,7 @@ private async Task InitDataStore()
                     {
                         // default sqlite storage
                         _itemManager = new SQLiteManagedItemStore("", _serviceLog);
-                        _credentialsManager = new SQLiteCredentialStore(_useWindowsNativeFeatures, storageSubfolder: "credentials");
+                        _credentialsManager = new SQLiteCredentialStore("", _serviceLog);
                     }
                     else
                     {
@@ -300,7 +300,7 @@ private async Task InitDataStore()
                 else
                 {
                     _itemManager = new SQLiteManagedItemStore("", _serviceLog);
-                    _credentialsManager = new SQLiteCredentialStore(_useWindowsNativeFeatures, storageSubfolder: "credentials");
+                    _credentialsManager = new SQLiteCredentialStore("", _serviceLog);
                 }
 
                 // attempt to create and delete a test item
diff --git a/src/Certify.Models/Providers/ICredentialsManager.cs b/src/Certify.Models/Providers/ICredentialsManager.cs
index 2669d2fd7..fd3917649 100644
--- a/src/Certify.Models/Providers/ICredentialsManager.cs
+++ b/src/Certify.Models/Providers/ICredentialsManager.cs
@@ -9,7 +9,7 @@ namespace Certify.Management
 {
     public interface ICredentialsManager
     {
-        bool Init(string connectionString, bool useWindowsNativeFeatures, ILog log);
+        bool Init(string connectionString, ILog log);
         Task<bool> IsInitialised();
 
         Task<bool> Delete(IManagedItemStore itemStore, string storageKey);
diff --git a/src/Certify.Shared/Management/CredentialsManagerBase.cs b/src/Certify.Shared/Management/CredentialsUtil.cs
similarity index 78%
rename from src/Certify.Shared/Management/CredentialsManagerBase.cs
rename to src/Certify.Shared/Management/CredentialsUtil.cs
index 85a9f4a05..0ea0cba41 100644
--- a/src/Certify.Shared/Management/CredentialsManagerBase.cs
+++ b/src/Certify.Shared/Management/CredentialsUtil.cs
@@ -11,17 +11,9 @@
 
 namespace Certify.Management
 {
-    public class CredentialsManagerBase
+    public static class CredentialsUtil
     {
-
-        protected bool _useWindowsNativeFeatures = true;
-
-        public CredentialsManagerBase(bool useWindowsNativeFeatures = true)
-        {
-            _useWindowsNativeFeatures = useWindowsNativeFeatures;
-        }
-
-        public async Task<bool> IsCredentialInUse(IManagedItemStore itemStore, string storageKey)
+        public static async Task<bool> IsCredentialInUse(IManagedItemStore itemStore, string storageKey)
         {
             if (itemStore == null)
             {
@@ -41,18 +33,6 @@ public async Task<bool> IsCredentialInUse(IManagedItemStore itemStore, string st
             }
         }
 
-#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
-        public virtual async Task<StoredCredential> GetCredential(string storageKey)
-        {
-            throw new NotImplementedException();
-        }
-
-        public virtual async Task<Dictionary<string, string>> GetUnlockedCredentialsDictionary(string storageKey)
-        {
-            throw new NotImplementedException();
-        }
-#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
-
         /// <summary>
         /// Get protected version of a secret 
         /// </summary>
@@ -60,7 +40,7 @@ public virtual async Task<Dictionary<string, string>> GetUnlockedCredentialsDict
         /// <param name="optionalEntropy"></param>
         /// <param name="scope"></param>
         /// <returns></returns>
-        public string Protect(
+        public static string Protect(
                 string clearText,
                 string optionalEntropy = null,
                 DataProtectionScope? scope = null)
@@ -72,7 +52,7 @@ public string Protect(
                 return null;
             }
 
-            if (_useWindowsNativeFeatures && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
                 if (scope == null)
                 {
@@ -105,7 +85,7 @@ public string Protect(
         /// <param name="optionalEntropy"></param>
         /// <param name="scope"></param>
         /// <returns></returns>
-        public string Unprotect(
+        public static string Unprotect(
             string encryptedText,
             string optionalEntropy = null,
             DataProtectionScope? scope = null)
@@ -117,7 +97,7 @@ public string Unprotect(
                 throw new ArgumentNullException("encryptedText");
             }
 
-            if (_useWindowsNativeFeatures && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
                 if (scope == null)
                 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
index de9418e12..f50639dce 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
@@ -690,37 +690,48 @@ public async Task TestRequestTnAuthList()
 
             var result = await certifyManager.PerformCertificateRequest(_log, dummyManagedCertificate);
 
-            //ensure cert request was successful
-            Assert.IsTrue(result.IsSuccess, "Certificate Request Not Completed");
+            X509Certificate2 certInfo = null;
 
-            //check details of cert, subject alternative name should include domain and expiry must be great than 89 days in the future
-            var managedCertificates = await certifyManager.GetManagedCertificates(new ManagedCertificateFilter { Id = dummyManagedCertificate.Id });
-            var managedCertificate = managedCertificates.FirstOrDefault(m => m.Id == dummyManagedCertificate.Id);
+            try
+            {
+                //ensure cert request was successful
+                Assert.IsTrue(result.IsSuccess, "Certificate Request Not Completed");
 
-            //ensure we have a new managed site
-            Assert.IsNotNull(managedCertificate);
+                //check details of cert, subject alternative name should include domain and expiry must be great than 89 days in the future
+                var managedCertificates = await certifyManager.GetManagedCertificates(new ManagedCertificateFilter { Id = dummyManagedCertificate.Id });
+                var managedCertificate = managedCertificates.FirstOrDefault(m => m.Id == dummyManagedCertificate.Id);
 
-            //have cert file details
-            Assert.IsNotNull(managedCertificate.CertificatePath);
+                //ensure we have a new managed site
+                Assert.IsNotNull(managedCertificate);
 
-            var fileExists = System.IO.File.Exists(managedCertificate.CertificatePath);
-            Assert.IsTrue(fileExists);
+                //have cert file details
+                Assert.IsNotNull(managedCertificate.CertificatePath);
 
-            //check cert is correct
-            var certInfo = CertificateManager.LoadCertificate(managedCertificate.CertificatePath);
-            Assert.IsNotNull(certInfo);
+                var fileExists = System.IO.File.Exists(managedCertificate.CertificatePath);
+                Assert.IsTrue(fileExists);
 
-            var isRecentlyCreated = Math.Abs((DateTimeOffset.UtcNow - certInfo.NotBefore).TotalDays) < 2;
-            Assert.IsTrue(isRecentlyCreated);
+                //check cert is correct
+                certInfo = CertificateManager.LoadCertificate(managedCertificate.CertificatePath);
+                Assert.IsNotNull(certInfo);
 
-            var expiresInFuture = (certInfo.NotAfter - DateTimeOffset.UtcNow).TotalDays >= 89;
-            Assert.IsTrue(expiresInFuture);
+                var isRecentlyCreated = Math.Abs((DateTimeOffset.UtcNow - certInfo.NotBefore).TotalDays) < 2;
+                Assert.IsTrue(isRecentlyCreated);
 
-            // remove managed site
-            await certifyManager.DeleteManagedCertificate(managedCertificate.Id);
+                var expiresInFuture = (certInfo.NotAfter - DateTimeOffset.UtcNow).TotalDays >= 89;
+                Assert.IsTrue(expiresInFuture);
+            }
+            finally
+            {
 
-            // cleanup certificate
-            CertificateManager.RemoveCertificate(certInfo);
+                // remove managed site
+                await certifyManager.DeleteManagedCertificate(dummyManagedCertificate.Id);
+
+                // cleanup certificate
+                if (certInfo != null)
+                {
+                    CertificateManager.RemoveCertificate(certInfo);
+                }
+            }
         }
     }
 #pragma warning restore CS0618 // Type or member is obsolete
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
index 7d3fc8b7f..b3d5e8e84 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Threading.Tasks;
+using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
index 86d5669e6..35fae6cfa 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Threading.Tasks;
+using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
index dd3351d24..be16e5eec 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Threading.Tasks;
+using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
index da5b799fd..64eceacfe 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -3,6 +3,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Certify.Core.Management.Access;
+using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models.Config.AccessControl;
 using Certify.Providers;
@@ -14,7 +15,7 @@ namespace Certify.Core.Tests.DataStores
     public class AccessControlDataStoreTests
     {
         private string _storeType = "sqlite";
-        private const string TEST_PATH = "Tests\\credentials";
+        private const string TEST_PATH = "Tests";
 
         public static IEnumerable<object[]> TestDataStores
         {
@@ -31,6 +32,8 @@ public static IEnumerable<object[]> TestDataStores
 
         private IAccessControlStore GetStore(string storeType = null)
         {
+            IAccessControlStore store = null;
+
             if (storeType == null)
             {
                 storeType = _storeType;
@@ -38,7 +41,7 @@ private IAccessControlStore GetStore(string storeType = null)
 
             if (storeType == "sqlite")
             {
-                return new SQLiteAccessControlStore(storageSubfolder: TEST_PATH);
+                store = new SQLiteAccessControlStore(storageSubfolder: TEST_PATH);
             }
             /* else if (storeType == "postgres")
              {
@@ -52,6 +55,8 @@ private IAccessControlStore GetStore(string storeType = null)
             {
                 throw new ArgumentOutOfRangeException(nameof(storeType), "Unsupported store type " + storeType);
             }
+
+            return store;
         }
 
         [TestMethod]
@@ -154,36 +159,27 @@ public async Task TestStoreGeneralAccessControl(string storeType)
 
             try
             {
+                var list = await access.GetSecurityPrinciples(adminSp.Id);
+
                 // add first admin security principle, bypass role check as there is no user to check yet
 
                 await access.AddSecurityPrinciple(adminSp.Id, adminSp, bypassIntegrityCheck: true);
 
-                // add second security principle, enforcing role checks for calling user
-                await access.AddSecurityPrinciple(adminSp.Id, consumerSp);
-
-                var list = await access.GetSecurityPrinciples(adminSp.Id);
-
-                Assert.IsTrue(list.Any());
+                await access.AddAssignedRole(new AssignedRole { Id = new Guid().ToString(), SecurityPrincipleId = adminSp.Id, RoleId = StandardRoles.Administrator.Id });
 
-                // get updated sp so that password is hashed for comparison check
-                consumerSp = await access.GetSecurityPrinciple(adminSp.Id, consumerSp.Id);
+                // add second security principle, bypass role check as this is just a data store test
+                var added = await access.AddSecurityPrinciple(adminSp.Id, consumerSp, bypassIntegrityCheck: true);
 
-                Assert.IsTrue(access.IsPasswordValid("oldpassword", consumerSp.Password));
+                Assert.IsTrue(added, "Should be able to add a security principle");
 
-                var updated = await access.UpdateSecurityPrinciplePassword(adminSp.Id, new Models.API.SecurityPrinciplePasswordUpdate
-                {
-                    SecurityPrincipleId = consumerSp.Id,
-                    Password = "oldpassword",
-                    NewPassword = "newpassword"
-                });
+                list = await access.GetSecurityPrinciples(adminSp.Id);
 
-                Assert.IsTrue(updated, "SP password should have been updated OK");
+                Assert.IsTrue(list.Any(), "Should have security principles in store");
 
+                // get updated sp so that password is hashed for comparison check
                 consumerSp = await access.GetSecurityPrinciple(adminSp.Id, consumerSp.Id);
 
-                Assert.IsFalse(access.IsPasswordValid("oldpassword", consumerSp.Password), "Old password should no longer be valid");
-
-                Assert.IsTrue(access.IsPasswordValid("newpassword", consumerSp.Password), "New password should be valid");
+                Assert.IsTrue(access.IsPasswordValid("oldpassword", consumerSp.Password));
             }
             finally
             {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
index 7e71f821a..39ed09e60 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/ManagedItemDataStoreTests.cs
@@ -46,7 +46,7 @@ private IManagedItemStore GetManagedItemStore(string storeType = null)
 
             if (storeType == "sqlite")
             {
-                return new SQLiteManagedItemStore(TEST_PATH, highPerformanceMode: true);
+                return new SQLiteManagedItemStore(TEST_PATH);
             }
             else if (storeType == "postgres")
             {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
index ad8884431..a59b53f7a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/StoredCredentialsDataStoreTests.cs
@@ -3,6 +3,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Certify.Datastore.Postgres;
+using Certify.Datastore.SQLite;
 using Certify.Datastore.SQLServer;
 using Certify.Management;
 using Certify.Models.Config;
@@ -14,7 +15,7 @@ namespace Certify.Core.Tests.DataStores
     public class StoredCredentialsDataStoreTests
     {
         private string _storeType = "postgres";
-        private const string TEST_PATH = "Tests\\credentials";
+        private const string TEST_PATH = "Tests";
 
         public static IEnumerable<object[]> TestDataStores
         {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
index f31e480c2..e96117505 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/MigrationManagerTests.cs
@@ -18,14 +18,14 @@ private IManagedItemStore GetManagedItemStore()
         {
 
             var itemManager = new SQLiteManagedItemStore();
-            itemManager.Init("", null);
+            itemManager.Init(string.Empty, null);
             return itemManager;
         }
 
         private ICredentialsManager GetCredentialsStore()
         {
             var itemManager = new SQLiteCredentialStore();
-            itemManager.Init("", useWindowsNativeFeatures: true, null);
+            itemManager.Init(string.Empty, null);
             return itemManager;
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
index 2d24d18c8..171b5fd99 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
@@ -3,6 +3,7 @@
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Certify.Core.Management.Challenges;
+using Certify.Datastore.SQLite;
 using Certify.Management;
 using Certify.Models.Config;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -20,7 +21,7 @@ public GetDnsProviderTests()
             var pluginManager = new PluginManager();
             pluginManager.LoadPlugins(new List<string> { PluginManager.PLUGINS_DNS_PROVIDERS });
             var TEST_PATH = "Tests\\credentials";
-            credentialsManager = new SQLiteCredentialStore(RuntimeInformation.IsOSPlatform(OSPlatform.Windows), TEST_PATH);
+            credentialsManager = new SQLiteCredentialStore(TEST_PATH);
             dnsHelper = new DnsChallengeHelper(credentialsManager);
         }
 

From 877bd3e2a66e9d5ff1f4a333e3c2d2d5b2ae6e87 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 8 May 2024 17:07:05 +0800
Subject: [PATCH 180/237] Cleanup

---
 .../ManagedCertificateController.cs           | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 5680ab0bb..353a0d025 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -100,29 +100,6 @@ public async Task<List<StatusMessage>> TestChallengeResponse(ManagedCertificate
             }
         }
 
-        [HttpPost, Route("challengecleanup")]
-        public async Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificate managedCertificate)
-        {
-            DebugLog();
-
-            var progressState = new RequestProgressState(RequestState.Running, "Performing Challenge Cleanup..", managedCertificate);
-
-            var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
-
-            // perform challenge response test, log to string list and return in result
-            var logList = new List<string>();
-            using (var log = new LoggerConfiguration()
-
-                     .WriteTo.Sink(new ProgressLogSink(progressIndicator, managedCertificate, _certifyManager))
-                     .CreateLogger())
-            {
-                var theLog = new Loggy(log);
-                var results = await _certifyManager.PerformChallengeCleanup(theLog, managedCertificate, progress: progressIndicator);
-
-                return results;
-            }
-        }
-
         [HttpPost, Route("preview")]
         public async Task<List<ActionStep>> PreviewActions(ManagedCertificate site)
         {

From f41ace0c3ea4fbced25393109d3cc17a9aa51b0b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 8 May 2024 17:31:11 +0800
Subject: [PATCH 181/237] Package updates

Package updates
---
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj      | 2 +-
 .../Certify.Aspire.ServiceDefaults.csproj                     | 2 +-
 src/Certify.Client/Certify.Client.csproj                      | 4 ++--
 src/Certify.Core/Certify.Core.csproj                          | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj            | 2 +-
 src/Certify.Service/App.config                                | 2 +-
 src/Certify.Service/Certify.Service.csproj                    | 2 +-
 .../Certify.Core.Tests.Integration.csproj                     | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj    | 2 +-
 .../Certify.Service.Tests.Integration.csproj                  | 2 +-
 11 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index 6c6688eef..a48da7b91 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.6.24214.1" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.7.24251.11" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 47c59db69..6d3a82614 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -12,7 +12,7 @@
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
     <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.4.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.6.24214.1" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.7.24251.11" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 9d798b0f6..4857ed377 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
     <Platforms>AnyCPU</Platforms>
-    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <GeneratePackageOnBuild>False</GeneratePackageOnBuild>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.4" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.3.1" />
+    <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index ebf6531e6..cf1bfd6f4 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -83,7 +83,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.3.1" />
+    <PackageReference Include="Polly" Version="8.4.0" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index d729e2423..9ea555614 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.53" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.56" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index ff8735aaa..364578589 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,7 +9,7 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-        <PackageReference Include="Polly" Version="8.3.1" />
+        <PackageReference Include="Polly" Version="8.4.0" />
         <PackageReference Include="Serilog" Version="3.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.4" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 80870aa7e..69a44a551 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -34,7 +34,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.60.3.0" newVersion="4.60.3.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.61.0.0" newVersion="4.61.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 11d87938d..7b8201d9b 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.0" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index f892aafec..ee6d2ad61 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -96,7 +96,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.3.1" />
+    <PackageReference Include="Polly" Version="8.4.0" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 0e19cdd43..c47d65646 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -142,7 +142,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
-    <PackageReference Include="Polly" Version="8.3.1" />
+    <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 8afcec76b..7b0aa58d9 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -80,7 +80,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
     <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
-    <PackageReference Include="Polly" Version="8.3.1" />
+    <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>

From 694e7a8c1a017672806ff136b8502df2aeffcff6 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 13 May 2024 16:58:54 +0800
Subject: [PATCH 182/237] Cleanup for nullability and warnings

---
 .../API/ManagedCertificateSummary.cs          |  2 +-
 .../Config/ManagedCertificate.cs              |  2 +-
 src/Certify.Models/Util/EnvironmentUtil.cs    | 19 +++++++++-------
 .../APITestBase.cs                            |  2 +-
 .../Controllers/v1/AuthController.cs          |  4 ++--
 .../Controllers/v1/CertificateController.cs   |  6 ++---
 .../Services/JwtService.cs                    | 12 +++++-----
 .../Certify.Server.Api.Public/Startup.cs      | 22 ++++++++++++++++---
 .../Certify.UI.Desktop.csproj                 |  1 +
 .../Certify.UI.Shared.csproj                  |  1 +
 10 files changed, 46 insertions(+), 25 deletions(-)

diff --git a/src/Certify.Models/API/ManagedCertificateSummary.cs b/src/Certify.Models/API/ManagedCertificateSummary.cs
index 7c2c09b55..25e3f1d37 100644
--- a/src/Certify.Models/API/ManagedCertificateSummary.cs
+++ b/src/Certify.Models/API/ManagedCertificateSummary.cs
@@ -26,7 +26,7 @@ public class ManagedCertificateSummary
         /// <summary>
         /// Primary identifier (e.g. primary subject domain name)
         /// </summary>
-        public CertIdentifierItem PrimaryIdentifier { get; set; } = new CertIdentifierItem();
+        public CertIdentifierItem? PrimaryIdentifier { get; set; } = new CertIdentifierItem();
 
         /// <summary>
         /// Date request/renewal was last attempted (if any)
diff --git a/src/Certify.Models/Config/ManagedCertificate.cs b/src/Certify.Models/Config/ManagedCertificate.cs
index dc0336dd9..fda9d6f33 100644
--- a/src/Certify.Models/Config/ManagedCertificate.cs
+++ b/src/Certify.Models/Config/ManagedCertificate.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;
diff --git a/src/Certify.Models/Util/EnvironmentUtil.cs b/src/Certify.Models/Util/EnvironmentUtil.cs
index a6ab6087d..f563bc1d1 100644
--- a/src/Certify.Models/Util/EnvironmentUtil.cs
+++ b/src/Certify.Models/Util/EnvironmentUtil.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 
@@ -22,17 +22,20 @@ private static void ApplyRestrictedACL(DirectoryInfo dir)
 
             var processUserSid = WindowsIdentity.GetCurrent().User;
 
-            foreach (FileSystemAccessRule rule in currentRules)
+            if (processUserSid != null)
             {
-                if (rule.IdentityReference == allUsersSid || rule.IdentityReference == processUserSid)
+                foreach (FileSystemAccessRule rule in currentRules)
                 {
-                    acl.RemoveAccessRuleAll(rule);
+                    if (rule.IdentityReference == allUsersSid || rule.IdentityReference == processUserSid)
+                    {
+                        acl.RemoveAccessRuleAll(rule);
+                    }
                 }
-            }
 
-            // add full control for the current (process) user 
-            var currentUserRights = new FileSystemAccessRule(processUserSid, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow);
-            acl.AddAccessRule(currentUserRights);
+                // add full control for the current (process) user 
+                var currentUserRights = new FileSystemAccessRule(processUserSid, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow);
+                acl.AddAccessRule(currentUserRights);
+            }
 
             // add full control for administrators
             var adminSid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
index 912f39cac..71c863434 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/APITestBase.cs
@@ -73,7 +73,7 @@ public static void AssemblyCleanup()
             _serverProcess.Dispose();
         }
 
-        static Process? _serverProcess = null;
+        static Process _serverProcess = null;
         private static void CreateCoreServer()
         {
             if (_serverProcess == null)
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
index bd0e9ded2..60bceb3c1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/AuthController.cs
@@ -58,7 +58,7 @@ public async Task<IActionResult> Login(AuthRequest login)
             // check users login, if valid issue new JWT access token and refresh token based on their identity
             var validation = await _client.ValidateSecurityPrinciplePassword(new SecurityPrinciplePasswordCheck() { Username = login.Username, Password = login.Password }, CurrentAuthContext);
 
-            if (validation.IsSuccess)
+            if (validation.IsSuccess && validation.SecurityPrinciple != null)
             {
                 // TODO: get user details from API and return as part of response instead of returning as json
 
@@ -94,7 +94,7 @@ public async Task<IActionResult> Login(AuthRequest login)
         [ProducesResponseType(typeof(AuthResponse), 200)]
         public async Task<IActionResult> Refresh(string refreshToken)
         {
-            var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter;
+            var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]!).Parameter;
 
             if (string.IsNullOrEmpty(authToken))
             {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index e08f5020e..2e6bc7a58 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -119,13 +119,13 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
 
             var list = managedCertResult.Results.Select(i => new ManagedCertificateSummary
             {
-                Id = i.Id,
-                Title = i.Name,
+                Id = i.Id ?? "",
+                Title = i.Name ?? "",
                 PrimaryIdentifier = i.GetCertificateIdentifiers().FirstOrDefault(p => p.Value == i.RequestConfig.PrimaryDomain) ?? i.GetCertificateIdentifiers().FirstOrDefault(),
                 Identifiers = i.GetCertificateIdentifiers(),
                 DateRenewed = i.DateRenewed,
                 DateExpiry = i.DateExpiry,
-                Comments = i.Comments,
+                Comments = i.Comments ?? "",
                 Status = i.LastRenewalStatus?.ToString() ?? "",
                 HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
             }).OrderBy(a => a.Title);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
index a5890b171..26a76c046 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/JwtService.cs
@@ -14,9 +14,9 @@ namespace Certify.Server.Api.Public.Services
     /// </summary>
     public class JwtService
     {
-        private readonly string _secret;
-        private readonly string _issuer;
-        private readonly string _expDate;
+        private readonly string _secret = default!;
+        private readonly string _issuer = default!;
+        private readonly string _expDate = default!;
 
         /// <summary>
         /// Constructor
@@ -24,9 +24,9 @@ public class JwtService
         /// <param name="config"></param>
         public JwtService(IConfiguration config)
         {
-            _secret = config.GetSection("JwtSettings").GetSection("secret").Value;
-            _issuer = config.GetSection("JwtSettings").GetSection("issuer").Value;
-            _expDate = config.GetSection("JwtSettings").GetSection("expirationInDays").Value;
+            _secret = config.GetSection("JwtSettings").GetSection("secret").Value ?? "";
+            _issuer = config.GetSection("JwtSettings").GetSection("issuer").Value ?? "";
+            _expDate = config.GetSection("JwtSettings").GetSection("expirationInDays").Value ?? DateTimeOffset.Now.AddDays(1).ToString();
         }
 
         /// <summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 64888566c..0cc483914 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -30,6 +30,10 @@ public Startup(IConfiguration configuration)
         /// </summary>
         public IConfiguration Configuration { get; }
 
+        /// <summary>
+        /// Configure services
+        /// </summary>
+        /// <param name="services"></param>
         public void ConfigureServices(IServiceCollection services)
         {
             _ = ConfigureServicesWithResults(services);
@@ -223,6 +227,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 #endif
         }
 
+        /// <summary>
+        /// Connect to status stream of backend service
+        /// </summary>
+        /// <param name="app"></param>
+        /// <returns></returns>
         public async Task SetupStatusHubConnection(WebApplication app)
         {
             var internalServiceClient = app.Services.GetRequiredService<ICertifyInternalApiClient>() as CertifyServiceClient;
@@ -241,8 +250,11 @@ public async Task SetupStatusHubConnection(WebApplication app)
                 {
                     try
                     {
-                        await internalServiceClient.ConnectStatusStreamAsync();
-                        connected = true;
+                        if (internalServiceClient != null)
+                        {
+                            await internalServiceClient.ConnectStatusStreamAsync();
+                            connected = true;
+                        }
                     }
                     catch
                     {
@@ -261,18 +273,22 @@ public async Task SetupStatusHubConnection(WebApplication app)
             }
         }
 
-        private StatusHubReporting _statusReporting;
+        private StatusHubReporting _statusReporting = default!;
 
         private void InternalServiceClient_OnManagedCertificateUpdated(Models.ManagedCertificate obj)
         {
             System.Diagnostics.Debug.WriteLine("Public API: got ManagedCertUpdate msg to forward:" + obj.ToString());
 
+#pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
             _statusReporting.ReportManagedCertificateUpdated(obj);
+#pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
         }
         private void InternalServiceClient_OnRequestProgressStateUpdated(Models.RequestProgressState obj)
         {
             System.Diagnostics.Debug.WriteLine("Public API: got Progress Message to forward:" + obj.ToString());
+#pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
             _statusReporting.ReportRequestProgress(obj);
+#pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
         }
         private void InternalServiceClient_OnMessageFromService(string arg1, string arg2)
         {
diff --git a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
index c76fc4cea..d32a97052 100644
--- a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
+++ b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
@@ -9,6 +9,7 @@
         <StartupObject>Certify.UI.App</StartupObject>
         <Platforms>AnyCPU;</Platforms>
         <XamlDebuggingInformation>True</XamlDebuggingInformation>
+        <NoWarn>NU1701</NoWarn>
     </PropertyGroup>
 
     <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 7148182ad..3014bfac6 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -6,6 +6,7 @@
 		<UseWindowsForms>true</UseWindowsForms>
 		<!--assembly version specified here to allow WPF to load windows via startupUI without version dependency-->
 		<AssemblyVersion>6.0.0.*</AssemblyVersion>
+        <NoWarn>NU1701</NoWarn>
 	</PropertyGroup>
 
 	<ItemGroup Condition=" '$(TargetFramework)' == 'net462' ">

From cdd1aaec3096e1883e017dcfca752a45cb8b48a6 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sat, 18 May 2024 18:23:35 +0800
Subject: [PATCH 183/237] Package updates

Package updates

Package updates
---
 .../Certify.Aspire.AppHost.csproj                    |  2 +-
 .../Certify.Aspire.ServiceDefaults.csproj            |  6 +++---
 src/Certify.Client/Certify.Client.csproj             |  6 +++---
 src/Certify.Models/Certify.Models.csproj             |  4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj      |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj           | 12 ++++++------
 .../Certify.Server.Api.Public.csproj                 |  4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj   | 10 +++++-----
 src/Certify.Service/Certify.Service.csproj           |  2 +-
 .../Certify.Shared.Extensions.csproj                 |  4 ++--
 src/Certify.Shared/Certify.Shared.Core.csproj        |  2 +-
 .../Certify.Core.Tests.Unit.csproj                   |  6 +++---
 .../Certify.Service.Tests.Integration.csproj         |  6 +++---
 .../Certify.UI.Tests.Integration.csproj              |  8 ++++----
 src/Certify.UI.Shared/Certify.UI.Shared.csproj       |  6 +++---
 src/Certify.UI/Certify.UI.csproj                     |  2 +-
 17 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index a48da7b91..a8801f69a 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.0-preview.7.24251.11" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 6d3a82614..41a7c1343 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,14 +11,14 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.4.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.0-preview.7.24251.11" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.5.0" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.1" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.8.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.8.1" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 4857ed377..3b7c0f9e2 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.4" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.4" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 558e807e1..3d13af3c2 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -17,11 +17,11 @@
 		<PlatformTarget>AnyCPU</PlatformTarget>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="Fody" Version="6.8.0">
+		<PackageReference Include="Fody" Version="6.8.1">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.5.1" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.0" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.9.2">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 9ea555614..9b29dd184 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.56" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.66" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 9df5c1e65..47c0a473a 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Core" Version="1.39.0" />
-    <PackageReference Include="Azure.Identity" Version="1.11.2" />
+    <PackageReference Include="Azure.Identity" Version="1.11.3" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index e6788a104..d49b351a6 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
         <TargetFramework>net8.0</TargetFramework>
@@ -10,11 +10,11 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.4" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.4" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.6" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 87b5dc2f8..ec17a0ffd 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,9 +18,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 364578589..025861a08 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.0" />
         <PackageReference Include="Serilog" Version="3.1.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.4" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.4" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.4" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.4" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 7b8201d9b..f0bb865e2 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -54,7 +54,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.2" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index df9bb960c..708a31c98 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,8 +23,8 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.2" Condition="'$(TargetFramework)' == 'net8.0'" />
-        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' != 'net8.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.2" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
+        <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' == 'netstandard2.0'" />
     </ItemGroup>
 
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index d14668afb..b5426255a 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -20,7 +20,7 @@
         <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.6.0" Condition="'$(TargetFramework)' == 'net8.0'" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.6.0" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index c47d65646..1ac72eee0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -139,9 +139,9 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index 7b0aa58d9..f0328ceaa 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -77,9 +77,9 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index f79bd1348..fb579decf 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>net8.0-windows</TargetFramework>
     <Configurations>Debug;Release;</Configurations>
@@ -73,9 +73,9 @@
   <ItemGroup>
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 3014bfac6..06c0311ff 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
 		<TargetFrameworks>net462;net8.0-windows;</TargetFrameworks>
@@ -33,8 +33,8 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="ControlzEx" Version="7.0.0-alpha0104" />
-		<PackageReference Include="Fody" Version="6.8.0" PrivateAssets="All" />
+		<PackageReference Include="ControlzEx" Version="7.0.0-alpha0106" />
+		<PackageReference Include="Fody" Version="6.8.1" PrivateAssets="All" />
 		<PackageReference Include="FontAwesome.WPF" Version="4.7.0.9">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 7b06303a9..296b99535 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -150,7 +150,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Fody">
-      <Version>6.8.0</Version>
+      <Version>6.8.1</Version>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

From 4b2910a01ab74a58b8d6ebba2fd5759f41d61392 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 4 Jun 2024 17:17:55 +0800
Subject: [PATCH 184/237] Target AnyCPU and dotnet 9

---
 src/Certify.CLI/Certify.CLI.csproj            | 27 ++---------
 src/Certify.Core/Certify.Core.csproj          | 46 +++----------------
 .../Anvil/Certify.Providers.ACME.Anvil.csproj |  2 +-
 .../Certify.Server.Api.Public.Client.csproj   |  4 +-
 .../Certify.Server.Api.Public.Tests.csproj    |  2 +-
 .../Certify.Server.Api.Public.csproj          |  2 +-
 .../Certify.Server.Core.csproj                |  2 +-
 src/Certify.Service/Certify.Service.csproj    | 25 ++--------
 .../Certify.Shared.Extensions.csproj          |  2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj |  4 +-
 .../Certify.SourceGenerators.csproj           |  2 +-
 .../Certify.Core.Tests.Integration.csproj     | 31 +++----------
 .../Certify.Core.Tests.Unit.csproj            | 45 +++---------------
 .../Tests/DnsQueryTests.cs                    |  2 +-
 .../Certify.Service.Tests.Integration.csproj  | 26 ++---------
 .../Certify.UI.Tests.Integration.csproj       | 26 ++---------
 .../Certify.UI.Desktop.csproj                 | 39 ++++++----------
 .../Certify.UI.Shared.csproj                  |  4 +-
 src/Certify.UI/Certify.UI.csproj              | 20 +-------
 19 files changed, 67 insertions(+), 244 deletions(-)

diff --git a/src/Certify.CLI/Certify.CLI.csproj b/src/Certify.CLI/Certify.CLI.csproj
index 85b8c0f86..0656cf864 100644
--- a/src/Certify.CLI/Certify.CLI.csproj
+++ b/src/Certify.CLI/Certify.CLI.csproj
@@ -1,23 +1,13 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net462;net8.0</TargetFrameworks>
+    <TargetFrameworks>net462;net9.0</TargetFrameworks>
     <Configurations>Debug;Release;Debug;Release</Configurations>
     <AssemblyName>Certify</AssemblyName>
     <OutputType>Exe</OutputType>
-    <Platforms>AnyCPU;x64</Platforms>
+    <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <PlatformTarget>x64</PlatformTarget>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <CodeAnalysisRuleSet>..\CodeAnalysis.ruleset</CodeAnalysisRuleSet>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
     <Optimize>false</Optimize>
     <OutputPath>bin\Debug\</OutputPath>
     <DefineConstants>DEBUG;TRACE</DefineConstants>
@@ -35,15 +25,6 @@
     <WarningLevel>4</WarningLevel>
     <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index cf1bfd6f4..62e135730 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net462;net8.0</TargetFrameworks>
+    <TargetFrameworks>net462;net9.0</TargetFrameworks>
     <Configurations>Debug;Release;</Configurations>
     <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
@@ -11,16 +11,9 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
+
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
    
     <Optimize>true</Optimize>
@@ -28,35 +21,10 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
  
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-   
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-  
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\x64\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-   
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
+
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -73,13 +41,13 @@
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
diff --git a/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj b/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
index de8e5d824..e0b6e86e3 100644
--- a/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
+++ b/src/Certify.Providers/ACME/Anvil/Certify.Providers.ACME.Anvil.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
     <Platforms>AnyCPU</Platforms>
     <RootNamespace>Certify.Providers.Acme.Anvil</RootNamespace>
     <AssemblyName>Certify.Providers.Acme.Anvil</AssemblyName>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
index 0d959f125..9c3b2587f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
@@ -1,7 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index d49b351a6..8891f8bf8 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net9.0</TargetFramework>
 
         <IsPackable>false</IsPackable>
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index ec17a0ffd..43b9fd2a2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <InvariantGlobalization>true</InvariantGlobalization>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 025861a08..03a89a52d 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
         <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
         <Platforms>AnyCPU</Platforms>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index f0bb865e2..6b52850da 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -1,39 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
         <TargetFramework>net462</TargetFramework>
-        <RuntimeIdentifier>win-x64</RuntimeIdentifier>
         <Configurations>Debug;Release;</Configurations>
         <AssemblyName>Certify.Service</AssemblyName>
         <OutputType>Exe</OutputType>
         <ApplicationManifest>app.manifest</ApplicationManifest>
         <ApplicationIcon>icon.ico</ApplicationIcon>
-        <Platforms>x64;AnyCPU</Platforms>
+        <Platforms>AnyCPU</Platforms>
         <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     </PropertyGroup>
-    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-        <PlatformTarget>x64</PlatformTarget>
-        <DefineConstants>DEBUG;TRACE</DefineConstants>
-    </PropertyGroup>
-    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-        <PlatformTarget>x64</PlatformTarget>
-        <DefineConstants>DEBUG;TRACE</DefineConstants>
-    </PropertyGroup>
-
-    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-        <PlatformTarget>x64</PlatformTarget>
-    </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-        <PlatformTarget>x64</PlatformTarget>
-    </PropertyGroup>
-
-    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-        <PlatformTarget>x64</PlatformTarget>
-        <OutputPath>bin\Release\</OutputPath>
+        <PlatformTarget>AnyCPU</PlatformTarget>
+        <DefineConstants>DEBUG;TRACE</DefineConstants>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-        <PlatformTarget>x64</PlatformTarget>
+        <PlatformTarget>AnyCPU</PlatformTarget>
         <OutputPath>bin\Release\</OutputPath>
     </PropertyGroup>
     <ItemGroup>
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 708a31c98..da27ad228 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>net462;netstandard2.0;net8.0</TargetFrameworks>
+        <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
 
     </PropertyGroup>
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index b5426255a..26a275fc2 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -1,8 +1,8 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
-        <Platforms>AnyCPU;x64</Platforms>
+        <TargetFrameworks>netstandard2.0;net9.0;</TargetFrameworks>
+        <Platforms>AnyCPU</Platforms>
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index d1db803cc..f7b43186e 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index ee6d2ad61..33d155ce6 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net8.0;net462;</TargetFrameworks>
-    <Configurations>Debug;Release;Debug;Release</Configurations>
+    <TargetFrameworks>net9.0;net462;</TargetFrameworks>
+    <Configurations>Debug;Release;</Configurations>
     <RootNamespace>Certify.Core.Tests</RootNamespace>
     <AssemblyName>Certify.Core.Tests</AssemblyName>
   </PropertyGroup>
@@ -13,7 +13,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <DebugType>pdbonly</DebugType>
@@ -23,24 +23,7 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\x64\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-    <DebugType>pdbonly</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
+  
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -60,15 +43,15 @@
   </PropertyGroup>
   <Import Project="..\..\Certify.Plugins\Licensing\packages\MSTest.TestAdapter.1.1.18\build\net45\MSTest.TestAdapter.props" Condition="Exists('..\..\Certify.Plugins\Licensing\packages\MSTest.TestAdapter.1.1.18\build\net45\MSTest.TestAdapter.props')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 1ac72eee0..aa8acba62 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -1,7 +1,8 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net8.0;net462;</TargetFrameworks>
+    <TargetFrameworks>net462;net8.0;</TargetFrameworks>
     <Configurations>Debug;Release</Configurations>
+    <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -11,7 +12,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <DebugSymbols>true</DebugSymbols>
@@ -21,43 +22,9 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\x64\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-    <DebugType>pdbonly</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
+  
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -87,7 +54,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
index e5673dbde..e0b4a1c7d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
@@ -51,7 +51,7 @@ public async Task TestDNSTests()
             Assert.IsFalse(result.All(r => r.IsSuccess), "incorrectly configured DNSSEC record should fail dns check");
         }
 
-#if NET6_0_OR_GREATER
+#if NET9_0_OR_GREATER
         [TestMethod, Description("Check for a DNS TXT record")]
         public async Task TestDNS_CheckTXT()
         {
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index f0328ceaa..dad0e97eb 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -1,7 +1,8 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net9.0</TargetFrameworks>
     <Configurations>Debug;Release;</Configurations>
+    <Platforms>AnyCPU</Platforms>
 
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
@@ -12,7 +13,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
@@ -23,24 +24,7 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\x64\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-    <DebugType>pdbonly</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
+  
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -65,7 +49,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index fb579decf..ab14f1145 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -1,7 +1,8 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net8.0-windows</TargetFramework>
+    <TargetFrameworks>net9.0-windows</TargetFrameworks>
     <Configurations>Debug;Release;</Configurations>
+    <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -22,24 +23,7 @@
     <PlatformTarget>AnyCPU</PlatformTarget>
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\x64\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-    <DebugType>pdbonly</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-  </PropertyGroup>
+
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -61,7 +45,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <PlatformTarget>x64</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <ItemGroup>
diff --git a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
index d32a97052..684e2f372 100644
--- a/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
+++ b/src/Certify.UI.Desktop/Certify.UI.Desktop.csproj
@@ -1,25 +1,16 @@
 <Project Sdk="Microsoft.NET.Sdk">
-
-    <PropertyGroup>
-        <OutputType>WinExe</OutputType>
-        <TargetFramework>net8.0-windows</TargetFramework>
-        <UseWPF>true</UseWPF>
-        <UseWindowsForms>true</UseWindowsForms>
-        <ApplicationIcon>icon.ico</ApplicationIcon>
-        <StartupObject>Certify.UI.App</StartupObject>
-        <Platforms>AnyCPU;</Platforms>
-        <XamlDebuggingInformation>True</XamlDebuggingInformation>
-        <NoWarn>NU1701</NoWarn>
-    </PropertyGroup>
-
-    <ItemGroup>
-        <PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
-          <NoWarn>NU1701</NoWarn>
-        </PackageReference>
-    </ItemGroup>
-
-    <ItemGroup>
-        <ProjectReference Include="..\Certify.UI.Shared\Certify.UI.Shared.csproj" />
-    </ItemGroup>
-
-</Project>
+  <PropertyGroup>
+    <OutputType>WinExe</OutputType>
+    <TargetFramework>net9.0-windows</TargetFramework>
+    <UseWPF>true</UseWPF>
+    <UseWindowsForms>true</UseWindowsForms>
+    <ApplicationIcon>icon.ico</ApplicationIcon>
+    <StartupObject>Certify.UI.App</StartupObject>
+    <Platforms>AnyCPU</Platforms>
+    <XamlDebuggingInformation>True</XamlDebuggingInformation>
+    <NoWarn>NU1701</NoWarn>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Certify.UI.Shared\Certify.UI.Shared.csproj" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 06c0311ff..0754e791c 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -1,7 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFrameworks>net462;net8.0-windows;</TargetFrameworks>
+		<TargetFrameworks>net462;net9.0-windows;</TargetFrameworks>
 		<UseWPF>true</UseWPF>
 		<UseWindowsForms>true</UseWindowsForms>
 		<!--assembly version specified here to allow WPF to load windows via startupUI without version dependency-->
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 296b99535..9a3cb8984 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
@@ -61,24 +61,6 @@
   <PropertyGroup>
     <ApplicationManifest>app.manifest</ApplicationManifest>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <OutputPath>bin\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <Optimize>false</Optimize>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>..\CodeAnalysis.ruleset</CodeAnalysisRuleSet>
-    <Prefer32Bit>true</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <Optimize>true</Optimize>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-    <DebugType>full</DebugType>
-  </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Data" />

From a53ca2151be1bc8758efdb1bb776b6bd9a864f25 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 4 Jun 2024 17:19:02 +0800
Subject: [PATCH 185/237] Package updates

---
 .../Certify.Server.Core/Certify.Server.Core.csproj          | 2 +-
 src/Certify.Service/Certify.Service.csproj                  | 2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj               | 4 ++--
 .../Certify.Core.Tests.Integration.csproj                   | 6 +++---
 src/Certify.UI.Shared/Certify.UI.Shared.csproj              | 2 +-
 src/Certify.UI/Certify.UI.csproj                            | 4 ++--
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 03a89a52d..80432117f 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -10,7 +10,7 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.0" />
-        <PackageReference Include="Serilog" Version="3.1.1" />
+        <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 6b52850da..8712aa263 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -48,7 +48,7 @@
         <PackageReference Include="Microsoft.Owin.SelfHost" Version="4.2.2" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Owin" Version="1.0.0" />
-        <PackageReference Include="Serilog" Version="3.1.1" />
+        <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
         <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 26a275fc2..dddf3ebf5 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
         <TargetFrameworks>netstandard2.0;net9.0;</TargetFrameworks>
@@ -11,7 +11,7 @@
         <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
         <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-        <PackageReference Include="Serilog" Version="3.1.1" />
+        <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Serilog.Sinks.Debug" Version="2.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 33d155ce6..904c08af1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -71,13 +71,13 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.3.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.3.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
 
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 0754e791c..c9329f3cd 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
-		<PackageReference Include="Serilog" Version="3.1.1" />
+		<PackageReference Include="Serilog" Version="4.0.0" />
 		<PackageReference Include="System.Text.Json" Version="8.0.3" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index 9a3cb8984..db63cca5c 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
@@ -159,7 +159,7 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="Serilog">
-      <Version>3.1.1</Version>
+      <Version>4.0.0</Version>
     </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
       <Version>8.0.1</Version>

From 4f02b2f7988781e191ca35a38b992254951a5015 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 4 Jun 2024 17:32:42 +0800
Subject: [PATCH 186/237] Tasks: address compiler warning regarding argument
 order

---
 .../CertifyManager/CertifyManager.DeploymentTasks.cs        | 4 ++--
 .../Management/DeploymentTasks/DeploymentTask.cs            | 6 +++---
 src/Certify.Models/Providers/IDeploymentTaskProvider.cs     | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.DeploymentTasks.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.DeploymentTasks.cs
index 7d5f02c99..3024b5d97 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.DeploymentTasks.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.DeploymentTasks.cs
@@ -236,7 +236,7 @@ private async Task<List<ActionStep>> PerformTaskList(ILog log, bool isPreviewOnl
                     log?.Information($"Task [{task.TaskConfig.TaskName}] :: {taskTriggerReason}");
                     task.TaskConfig.DateLastExecuted = DateTimeOffset.UtcNow;
 
-                    taskResults = await task.Execute(log, _credentialsManager, result, CancellationToken.None, new DeploymentContext { PowershellExecutionPolicy = _serverConfig.PowershellExecutionPolicy }, isPreviewOnly: isPreviewOnly);
+                    taskResults = await task.Execute(log, _credentialsManager, result, new DeploymentContext { PowershellExecutionPolicy = _serverConfig.PowershellExecutionPolicy }, isPreviewOnly: isPreviewOnly, cancellationToken: CancellationToken.None);
 
                     if (!isPreviewOnly)
                     {
@@ -359,7 +359,7 @@ public async Task<List<ActionResult>> ValidateDeploymentTask(ManagedCertificate
 
             try
             {
-                var execParams = new DeploymentTaskExecutionParams(null, _credentialsManager, managedCertificate, taskConfig, credentials, true, provider?.GetDefinition(), CancellationToken.None, new DeploymentContext { PowershellExecutionPolicy = _serverConfig.PowershellExecutionPolicy });
+                var execParams = new DeploymentTaskExecutionParams(null, _credentialsManager, managedCertificate, taskConfig, credentials, true, provider?.GetDefinition(), new DeploymentContext { PowershellExecutionPolicy = _serverConfig.PowershellExecutionPolicy }, CancellationToken.None);
                 var validationResult = await provider.Validate(execParams);
                 return validationResult;
             }
diff --git a/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs b/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
index 44b0a2b00..fad888bf3 100644
--- a/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
+++ b/src/Certify.Core/Management/DeploymentTasks/DeploymentTask.cs
@@ -31,16 +31,16 @@ public async Task<List<ActionResult>> Execute(
             ILog log,
             ICredentialsManager credentialsManager,
             object subject,
-            CancellationToken cancellationToken,
             DeploymentContext deploymentContext,
-            bool isPreviewOnly = true
+            bool isPreviewOnly,
+            CancellationToken cancellationToken
             )
         {
             if (TaskProvider != null && TaskConfig != null)
             {
                 try
                 {
-                    var execParams = new DeploymentTaskExecutionParams(log, credentialsManager, subject, TaskConfig, _credentials, isPreviewOnly, null, cancellationToken, deploymentContext);
+                    var execParams = new DeploymentTaskExecutionParams(log, credentialsManager, subject, TaskConfig, _credentials, isPreviewOnly, null, deploymentContext, cancellationToken);
                     if (!isPreviewOnly)
                     {
                         return await TaskProvider.Execute(execParams);
diff --git a/src/Certify.Models/Providers/IDeploymentTaskProvider.cs b/src/Certify.Models/Providers/IDeploymentTaskProvider.cs
index ca6a97626..28d82d215 100644
--- a/src/Certify.Models/Providers/IDeploymentTaskProvider.cs
+++ b/src/Certify.Models/Providers/IDeploymentTaskProvider.cs
@@ -26,9 +26,9 @@ public DeploymentTaskExecutionParams(
             Dictionary<string, string> credentials,
             bool isPreviewOnly,
             DeploymentProviderDefinition definition,
-            CancellationToken cancellationToken,
             DeploymentContext context
-            )
+,
+            CancellationToken cancellationToken)
         {
             Log = log;
             CredentialsManager = credentialsManager;

From 6bb69e21b844118250fc47e90ee213c3b3656d4f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 4 Jun 2024 17:34:14 +0800
Subject: [PATCH 187/237] Cleanup

---
 .../Certify.Server.Core/Properties/launchSettings.json    | 8 ++++----
 src/Certify.Shared/Utils/NetworkUtils.cs                  | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
index 397156ba7..1d6db724e 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
@@ -4,7 +4,7 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:9695"
+      "applicationUrl": "http://127.0.0.2:9695"
     }
   },
 
@@ -15,15 +15,15 @@
       "launchBrowser": true,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:9695"
+        "ASPNETCORE_URLS": "http://127.0.0.2:9695"
       }
     },
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:9695/docs",
+      "launchUrl": "http://127.0.0.2:9695/docs",
       "iisExpress": {
-        "applicationUrl": "http://localhost:9695"
+        "applicationUrl": "http://127.0.0.2:9695"
       },
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
diff --git a/src/Certify.Shared/Utils/NetworkUtils.cs b/src/Certify.Shared/Utils/NetworkUtils.cs
index 271446f8a..aaa80a271 100644
--- a/src/Certify.Shared/Utils/NetworkUtils.cs
+++ b/src/Certify.Shared/Utils/NetworkUtils.cs
@@ -7,7 +7,7 @@
 using System.Net.Sockets;
 using System.Threading.Tasks;
 using Certify.Management;
-#if NET6_0_OR_GREATER
+#if NET8_0_OR_GREATER
 using ARSoft.Tools.Net;
 using ARSoft.Tools.Net.Dns;
 #endif
@@ -209,7 +209,7 @@ public async Task<bool> CheckURL(ILog log, string url, bool? useProxyAPI = null)
             }
         }
 
-#if NET6_0_OR_GREATER
+#if NET8_0_OR_GREATER
         public async Task<string> GetDNSRecordTXT(ILog log, string fullyQualifiedRecordName)
         {
 
@@ -266,7 +266,7 @@ public async Task<ActionResult> CheckServiceConnection(string hostname, int port
         public async Task<List<ActionResult>> CheckDNS(ILog log, string domain, bool? useProxyAPI = null, bool includeIPCheck = true)
         {
             var results = new List<ActionResult>();
-#if NET6_0_OR_GREATER
+#if NET8_0_OR_GREATER
             log.Information("CheckDNS: performing DNS checks. This option can be disabled in Settings if required.");
 
             if (string.IsNullOrEmpty(domain))

From 6080fb4c381d99d06d191eafcc123d4bd818e13e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 4 Jun 2024 17:35:00 +0800
Subject: [PATCH 188/237] Tests: update certid tests

---
 src/Certify.Shared/Utils/PKI/CertUtils.cs     |  2 +-
 .../Tests/MiscTests.cs                        | 38 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Shared/Utils/PKI/CertUtils.cs b/src/Certify.Shared/Utils/PKI/CertUtils.cs
index 94fffbabb..02dd3e936 100644
--- a/src/Certify.Shared/Utils/PKI/CertUtils.cs
+++ b/src/Certify.Shared/Utils/PKI/CertUtils.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index ee1145101..a04147925 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -1,7 +1,14 @@
-using System;
+using System;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
 using System.Threading.Tasks;
+using Certify.Management;
 using Certify.Models.API;
+using Certify.Shared.Core.Utils.PKI;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.X509;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -61,7 +68,8 @@ public async Task TestNtp()
                 Assert.Fail("NTP Time Difference Failed");
             }
         }
-#if NET7_0_OR_GREATER
+
+#if NET8_0_OR_GREATER
         [TestMethod, Description("Test ARI CertID encoding example")]
         public void TestARICertIDEncoding()
         {
@@ -75,6 +83,32 @@ public void TestARICertIDEncoding()
 
            Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
         }
+
+        [TestMethod, Description("Test ARI CertID encoding example 2")]
+        public void TestARICertIDEncodingWithTestCert()
+        {
+            // https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients
+
+            // https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#name-appendix-a-example-certific
+
+            var testCertPem = @"-----BEGIN CERTIFICATE-----
+MIIBQzCB66ADAgECAgUAh2VDITAKBggqhkjOPQQDAjAVMRMwEQYDVQQDEwpFeGFt
+cGxlIENBMCIYDzAwMDEwMTAxMDAwMDAwWhgPMDAwMTAxMDEwMDAwMDBaMBYxFDAS
+BgNVBAMTC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeBZu
+7cbpAYNXZLbbh8rNIzuOoqOOtmxA1v7cRm//AwyMwWxyHz4zfwmBhcSrf47NUAFf
+qzLQ2PPQxdTXREYEnKMjMCEwHwYDVR0jBBgwFoAUaYhba4dGQEHhs3uEe6CuLN4B
+yNQwCgYIKoZIzj0EAwIDRwAwRAIge09+S5TZAlw5tgtiVvuERV6cT4mfutXIlwTb
++FYN/8oCIClDsqBklhB9KAelFiYt9+6FDj3z4KGVelYM5MdsO3pK
+-----END CERTIFICATE-----
+
+";
+            var cert = new X509CertificateParser().ReadCertificate(ASCIIEncoding.ASCII.GetBytes(testCertPem));
+                                  
+            var certId= CertUtils.GetARICertIdBase64(cert);
+
+            Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
+        }
 #endif
+
     }
 }

From 3e720be0f6bb1afa233621d5ab976de22a049861 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 6 Jun 2024 17:38:03 +0800
Subject: [PATCH 189/237] Package update

Package updates
---
 .../Certify.Aspire.AppHost.csproj                  | 10 +++++++++-
 .../Certify.Aspire.ServiceDefaults.csproj          | 14 +++++++-------
 src/Certify.Client/Certify.Client.csproj           |  2 +-
 src/Certify.Core/Certify.Core.csproj               |  1 +
 src/Certify.Locales/Certify.Locales.csproj         |  2 +-
 src/Certify.Models/Certify.Models.csproj           |  6 +++---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj    |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj              |  4 ++--
 .../Certify.Server.Api.Public.csproj               |  2 +-
 src/Certify.Service/Certify.Service.csproj         |  2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj      |  4 ++--
 .../Certify.SourceGenerators.csproj                |  2 +-
 .../Certify.Core.Tests.Unit.csproj                 |  4 ++--
 13 files changed, 32 insertions(+), 23 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index a8801f69a..438a4201b 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -2,12 +2,20 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net8.0;</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsAspireHost>true</IsAspireHost>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="global.json" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <AdditionalFiles Include="global.json" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 41a7c1343..7abf131aa 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Library</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net8.0;</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsAspireSharedProject>true</IsAspireSharedProject>
@@ -11,14 +11,14 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.5.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.6.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.1" />
-    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.8.1" />
-    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
+    <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.8.1" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.9.0" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.9.0" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 3b7c0f9e2..7d0fb2159 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.0" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 62e135730..dc3c1321e 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -56,6 +56,7 @@
   
   <ItemGroup>
     <ProjectReference Include="..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
+    <ProjectReference Include="..\Certify.Client\Certify.Client.csproj" />
     <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
     <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
     <ProjectReference Include="..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
diff --git a/src/Certify.Locales/Certify.Locales.csproj b/src/Certify.Locales/Certify.Locales.csproj
index de366e975..9acc6809c 100644
--- a/src/Certify.Locales/Certify.Locales.csproj
+++ b/src/Certify.Locales/Certify.Locales.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
     <PropertyGroup>
-        <TargetFramework>netstandard2.0</TargetFramework>
+        <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
         <GeneratePackageOnBuild>False</GeneratePackageOnBuild>
         <Description>Certify Certificate Manager UI Resources</Description>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 3d13af3c2..0ea888a1c 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
 	<PropertyGroup>
-		<TargetFrameworks>netstandard2.0;net462</TargetFrameworks>
+		<TargetFrameworks>netstandard2.0;net462;net9.0</TargetFrameworks>
 		<RootNamespace>Certify</RootNamespace>
 		<Platforms>AnyCPU</Platforms>
 		<LangVersion>10.0</LangVersion>
@@ -21,8 +21,8 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.0" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.9.2">
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.1" />
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 9b29dd184..669c64235 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.66" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.72" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 47c0a473a..c873b3e00 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,8 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.39.0" />
-    <PackageReference Include="Azure.Identity" Version="1.11.3" />
+    <PackageReference Include="Azure.Core" Version="1.40.0" />
+    <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 43b9fd2a2..87bb81382 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
     <Nullable>enable</Nullable>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 8712aa263..f6c841f69 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -37,7 +37,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.2" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index dddf3ebf5..3bf4696b2 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -12,7 +12,7 @@
         <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Serilog" Version="4.0.0" />
-        <PackageReference Include="Serilog.Sinks.Debug" Version="2.0.0" />
+        <PackageReference Include="Serilog.Sinks.Debug" Version="3.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
@@ -20,7 +20,7 @@
         <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Encoding.Extensions" Version="4.3.0" />
-        <PackageReference Include="Arsoft.Tools.Net" Version="3.6.0" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
+        <PackageReference Include="Arsoft.Tools.Net" Version="3.6.1" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
 
     </ItemGroup>
 
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index f7b43186e..5b2a85997 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.9.2" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index aa8acba62..bae49fdec 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -98,7 +98,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
-    <PackageReference Include="coverlet.msbuild" Version="6.0.0">
+    <PackageReference Include="coverlet.msbuild" Version="6.0.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
@@ -114,7 +114,7 @@
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     <PackageReference Include="System.Text.Json" Version="8.0.3" />
-    <PackageReference Include="Testcontainers" Version="3.8.0" />
+    <PackageReference Include="Testcontainers" Version="3.9.0" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="System.Configuration" />

From cbb9d71a8ef94dee9772a8a89bb57ba7343118e4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 19 Jun 2024 17:47:13 +0800
Subject: [PATCH 190/237] Misc cleanup

---
 docs/testing.md                                             | 4 ++--
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj    | 6 +-----
 .../Certify.Server.Api.Public.Client/nswag.json             | 2 +-
 .../Certify.Server.Api.Public.Tests/SystemTests.cs          | 2 +-
 .../Controllers/v1/SystemController.cs                      | 2 +-
 .../Certify.Server.Core/Controllers/AuthController.cs       | 2 --
 .../Certify.Server.Core/Properties/launchSettings.json      | 6 +++---
 src/Certify.Shared/Management/CertificateManager.cs         | 2 +-
 .../Certify.Core.Tests.Integration/IntegrationTestBase.cs   | 4 ++--
 9 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/docs/testing.md b/docs/testing.md
index 0f1a666e9..5d97e74c7 100644
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -33,7 +33,7 @@ Testing Configuration
         "Cloudflare_ZoneId": "5265262gdd562s4x6xd64zxczxcv",
         "Cloudflare_TestDomain": "anothertest.com"
     }
-- In addition, the test domain for some tests can be set using the CERTIFYSSLDOMAIN environment variable.
-		
+- In addition, the test domain for some tests can be set using the CERTIFY_TESTDOMAIN environment variable.
+
 
 
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index 438a4201b..9dfb01097 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
@@ -12,10 +12,6 @@
     <None Remove="global.json" />
   </ItemGroup>
 
-  <ItemGroup>
-    <AdditionalFiles Include="global.json" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
index e3d853588..317296a56 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
@@ -1,5 +1,5 @@
 {
-  "runtime": "Net70",
+  "runtime": "Net80",
   "defaultVariables": null,
   "documentGenerator": {
     "fromDocument": {
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
index b0a5b4944..9a4a645ec 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/SystemTests.cs
@@ -16,7 +16,7 @@ public async Task GetSystemVersionTest()
 
             // Assert
             var expectedVersion = typeof(Certify.Models.AppVersion).GetTypeInfo().Assembly.GetName().Version;
-            Assert.AreEqual(expectedVersion, responseVersion);
+            Assert.AreEqual(expectedVersion.ToString(), responseVersion);
 
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
index 11488d3eb..427c36757 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/SystemController.cs
@@ -50,7 +50,7 @@ public async Task<IActionResult> GetSystemVersion()
         public async Task<IActionResult> GetHealth()
         {
             var serviceAvailable = false;
-            var versionInfo = "Not available. Cannot connect to service worker.";
+            var versionInfo = "Not available. Cannot connect to core service.";
             try
             {
                 versionInfo = await _client.GetAppVersion();
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
index a0f1da225..6a4cbe4d6 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AuthController.cs
@@ -30,8 +30,6 @@ public async Task<IActionResult> AcquireToken(string authJwt)
             var identity = new ClaimsIdentity(claims: claims, authenticationType: BearerTokenDefaults.AuthenticationScheme);
             var servicePrinciple = new ClaimsPrincipal(identity: identity);
 
-
-
             // consume a service token request and return a long lived JWT token
             var response = new AccessTokenResponse
             {
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
index 1d6db724e..84203e0a9 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Properties/launchSettings.json
@@ -12,7 +12,7 @@
 
     "Certify.Server.Core": {
       "commandName": "Project",
-      "launchBrowser": true,
+      "launchBrowser": false,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "ASPNETCORE_URLS": "http://127.0.0.2:9695"
@@ -20,7 +20,7 @@
     },
     "IIS Express": {
       "commandName": "IISExpress",
-      "launchBrowser": true,
+      "launchBrowser": false,
       "launchUrl": "http://127.0.0.2:9695/docs",
       "iisExpress": {
         "applicationUrl": "http://127.0.0.2:9695"
@@ -41,7 +41,7 @@
     },
     "WSL": {
       "commandName": "WSL2",
-      "launchBrowser": true,
+      "launchBrowser": false,
       "launchUrl": "http://localhost:9695/docs",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index daefca8a9..b19e4b2d6 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -751,7 +751,7 @@ private static string GetWindowsPrivateKeyLocation(string keyFileName)
             }
 
             // if EC/CNG key may be under /keys
-            machineKeyPath = Path.Combine(appDataPath, "Microsoft", "Crypto", "Keys");
+            machineKeyPath = Path.Combine(new string[] { appDataPath, "Microsoft", "Crypto", "Keys" });
 
             // if EC/CNG key may be under /keys
             machineKeyPath = Path.Combine(new string[] { appDataPath, "Microsoft", "Crypto", "Keys" });
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
index 2008ace16..82a0fd5bb 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
@@ -18,9 +18,9 @@ public class IntegrationTestBase
 
         public IntegrationTestBase()
         {
-            if (Environment.GetEnvironmentVariable("CERTIFYSSLDOMAIN") != null)
+            if (Environment.GetEnvironmentVariable("CERTIFY_TESTDOMAIN") != null)
             {
-                PrimaryTestDomain = Environment.GetEnvironmentVariable("CERTIFYSSLDOMAIN");
+                PrimaryTestDomain = Environment.GetEnvironmentVariable("CERTIFY_TESTDOMAIN");
             }
 
             /* ConfigSettings.Add("AWS_ZoneId", "example");

From 9f55eef4f1f1f905b9ebbf39d6b42749b93574ea Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 24 Jun 2024 18:48:48 +0800
Subject: [PATCH 191/237] Refactor methods in certify manager

---
 .../CertifyManager/CertifyManager.Account.cs  |  29 +++
 .../CertifyManager.CertificateRequest.cs      |   1 +
 .../CertifyManager.ImportExport.cs            |  28 ++-
 .../CertifyManager/CertifyManager.cs          | 176 +-----------------
 4 files changed, 56 insertions(+), 178 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index 1b3137c62..15ff3c5fd 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -669,5 +669,34 @@ public async Task<ActionResult> RemoveCertificateAuthority(string id)
                 return new ActionResult($"The certificate authority {id} was not found in the list of custom CAs and could not be removed.", false);
             }
         }
+
+        /// <summary>
+        /// Load cached set of ACME Certificate authorities
+        /// </summary>
+        private void LoadCertificateAuthorities()
+        {
+            _certificateAuthorities.Clear();
+
+            // load core CAs and custom CAs
+            foreach (var ca in CertificateAuthority.CoreCertificateAuthorities)
+            {
+                _certificateAuthorities.TryAdd(ca.Id, ca);
+            }
+
+            try
+            {
+                var customCAs = SettingsManager.GetCustomCertificateAuthorities();
+
+                foreach (var ca in customCAs)
+                {
+                    _certificateAuthorities.TryAdd(ca.Id, ca);
+                }
+            }
+            catch (Exception exp)
+            {
+                // failed to load custom CAs
+                _serviceLog?.Error(exp.Message);
+            }
+        }
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
index cb3eb504a..5d566a762 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
@@ -2,6 +2,7 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
+using System.Diagnostics;
 using System.Globalization;
 using System.IO;
 using System.Linq;
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
index 1ec24b5fa..5ff1ab638 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
@@ -1,9 +1,13 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Text;
 using System.Threading.Tasks;
-using Certify.Config.Migration;
+using Certify.API.Management;
+using Certify.Client;
 using Certify.Core.Management;
 using Certify.Models;
+using Certify.Models.Config.Migration;
 
 namespace Certify.Management
 {
@@ -25,20 +29,24 @@ public async Task<List<ActionStep>> PerformImport(ImportRequest importRequest)
             var hasError = false;
             if (!importResult.Any(i => i.HasError))
             {
-                var deploySteps = new List<ActionStep>();
-                foreach (var m in importRequest.Package.Content.ManagedCertificates)
+                if (importRequest.Settings.IncludeDeployment)
                 {
-                    var managedCert = await GetManagedCertificate(m.Id);
 
-                    if (managedCert != null && !string.IsNullOrEmpty(managedCert.CertificatePath))
+                    var deploySteps = new List<ActionStep>();
+                    foreach (var m in importRequest.Package.Content.ManagedCertificates)
                     {
-                        var deployResult = await DeployCertificate(managedCert, null, isPreviewOnly: importRequest.IsPreviewMode);
+                        var managedCert = await GetManagedCertificate(m.Id);
 
-                        deploySteps.Add(new ActionStep { Category = "Deployment", HasError = !deployResult.IsSuccess, Key = managedCert.Id, Description = deployResult.Message });
+                        if (managedCert != null && !string.IsNullOrEmpty(managedCert.CertificatePath))
+                        {
+                            var deployResult = await DeployCertificate(managedCert, null, isPreviewOnly: importRequest.IsPreviewMode);
+
+                            deploySteps.Add(new ActionStep { Category = "Deployment", HasError = !deployResult.IsSuccess, Key = managedCert.Id, Description = deployResult.Message });
+                        }
                     }
-                }
 
-                importResult.Add(new ActionStep { Title = "Deployment" + (importRequest.IsPreviewMode ? " [Preview]" : ""), Substeps = deploySteps });
+                    importResult.Add(new ActionStep { Title = "Deployment" + (importRequest.IsPreviewMode ? " [Preview]" : ""), Substeps = deploySteps });
+                }
             }
             else
             {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index a1d8151de..5239b8f59 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -96,6 +96,7 @@ public partial class CertifyManager : ICertifyManager, IDisposable
         /// </summary>
         private Shared.ServiceConfig _serverConfig;
 
+        private System.Timers.Timer _heartbeatTimer;
         private System.Timers.Timer _frequentTimer;
         private System.Timers.Timer _hourlyTimer;
         private System.Timers.Timer _dailyTimer;
@@ -192,12 +193,17 @@ public async Task Init()
 
             _serviceLog?.Information("Certify Manager Started");
         }
-
+       
         /// <summary>
         /// Setup the continuous job tasks for renewals and maintenance
         /// </summary>
         private void SetupJobs()
         {
+            // 30 second job timer (reporting etc)
+            _heartbeatTimer = new System.Timers.Timer(30 * 1000); // every 30 seconds
+            _heartbeatTimer.Elapsed += _heartbeatTimer_Elapsed;
+            _heartbeatTimer.Start();
+
             // 5 minute job timer (maintenance etc)
             _frequentTimer = new System.Timers.Timer(5 * 60 * 1000); // every 5 minutes
             _frequentTimer.Elapsed += _frequentTimer_Elapsed;
@@ -381,86 +387,7 @@ public void SetStatusReporting(IStatusReporting statusReporting)
         {
             _statusReporting = statusReporting;
         }
-        /// <summary>
-        /// used to set a specific account for testing, instead of loading from config
-        /// </summary>
-        public AccountDetails OverrideAccountDetails { get; set; }
-        /// <summary>
-        /// Get the ACME client applicable for the given managed certificate
-        /// </summary>
-        /// <param name="managedItem"></param>
-        /// <returns></returns>
-        public async Task<IACMEClientProvider> GetACMEProvider(ManagedCertificate managedItem, AccountDetails caAccount)
-        {
-            // determine account to use for the given managed cert
-
-            if (caAccount != null)
-            {
-                _certificateAuthorities.TryGetValue(caAccount?.CertificateAuthorityId, out var ca);
-
-                if (ca != null)
-                {
-                    var acmeBaseUrl = managedItem.UseStagingMode ? ca.StagingAPIEndpoint : ca.ProductionAPIEndpoint;
-
-                    return await GetACMEProvider(caAccount.StorageKey, acmeBaseUrl, caAccount, ca.AllowUntrustedTls);
-                }
-                else
-                {
-                    // Unknown acme CA. May have been removed from CA list.
-                    return null;
-                }
-            }
-            else
-            {
-                return null;
-            }
-        }
-
-        /// <summary>
-        /// Get the ACME client for the given storage key or create and add a new one
-        /// </summary>
-        /// <param name="storageKey"></param>
-        /// <param name="acmeApiEndpoint"></param>
-        /// <param name="account"></param>
-        /// <param name="allowUntrustedTls"></param>
-        /// <returns></returns>
-        private async Task<IACMEClientProvider> GetACMEProvider(string storageKey, string acmeApiEndpoint = null, AccountDetails account = null, bool allowUntrustedTls = false)
-        {
-            // get or init acme provider required for the given account
-            if (_acmeClientProviders.TryGetValue(storageKey, out var provider))
-            {
-                return provider;
-            }
-            else
-            {
-                var userAgent = Util.GetUserAgent();
-                var settingBaseFolder = EnvironmentUtil.CreateAppDataPath();
-                var providerPath = Path.Combine(settingBaseFolder, "certes_" + storageKey);
-
-                var newProvider = new AnvilACMEProvider(new AnvilACMEProviderSettings
-                {
-                    AcmeBaseUri = acmeApiEndpoint,
-                    ServiceSettingsBasePath = settingBaseFolder,
-                    LegacySettingsPath = providerPath,
-                    UserAgentName = userAgent,
-                    AllowUntrustedTls = allowUntrustedTls,
-                    DefaultACMERetryIntervalSeconds = CoreAppSettings.Current.DefaultACMERetryInterval,
-                    EnableIssuerCache = CoreAppSettings.Current.EnableIssuerCache
-                });
-
-                if (!_useWindowsNativeFeatures)
-                {
-                    newProvider.DefaultCertificateFormat = "pem";
-                }
-
-                await newProvider.InitProvider(_serviceLog, account);
-
-                _acmeClientProviders.TryAdd(storageKey, newProvider);
-
-                return newProvider;
-            }
-        }
-
+    
         /// <summary>
         /// Update progress tracking and send status report to client(s). optionally logging to service log
         /// </summary>
@@ -504,33 +431,6 @@ public void ReportProgress(IProgress<RequestProgressState> progress, RequestProg
             Message = msg
         }, _loggingLevelSwitch);
 
-        /// <summary>
-        /// When called, look for periodic maintenance tasks we can perform such as renewal
-        /// </summary>
-        /// <returns>  </returns>
-        public async Task<bool> PerformRenewalTasks()
-        {
-            try
-            {
-                Debug.WriteLine("Checking for renewal tasks..");
-
-                SettingsManager.LoadAppSettings();
-
-                // perform pending renewals
-                await PerformRenewAll(new RenewalSettings { });
-
-                // flush status report queue
-                await SendQueuedStatusReports();
-            }
-            catch (Exception exp)
-            {
-                _tc?.TrackException(exp);
-                return await Task.FromResult(false);
-            }
-
-            return await Task.FromResult(true);
-        }
-
         public void Dispose() => Cleanup();
 
         private void Cleanup()
@@ -542,66 +442,6 @@ private void Cleanup()
             }
         }
 
-        /// <summary>
-        /// Perform (or preview) an import of settings from another instance
-        /// </summary>
-        /// <param name="importRequest"></param>
-        /// <returns></returns>
-        public async Task<List<ActionStep>> PerformImport(ImportRequest importRequest)
-        {
-            var migrationManager = new MigrationManager(_itemManager, _credentialsManager, _serverProviders);
-
-            var importResult = await migrationManager.PerformImport(importRequest.Package, importRequest.Settings, importRequest.IsPreviewMode);
-
-            // store and apply certs if we have no errors
-
-            var hasError = false;
-            if (!importResult.Any(i => i.HasError))
-            {
-                if (importRequest.Settings.IncludeDeployment)
-                {
-
-                    var deploySteps = new List<ActionStep>();
-                    foreach (var m in importRequest.Package.Content.ManagedCertificates)
-                    {
-                        var managedCert = await GetManagedCertificate(m.Id);
-
-                        if (managedCert != null && !string.IsNullOrEmpty(managedCert.CertificatePath))
-                        {
-                            var deployResult = await DeployCertificate(managedCert, null, isPreviewOnly: importRequest.IsPreviewMode);
-
-                            deploySteps.Add(new ActionStep { Category = "Deployment", HasError = !deployResult.IsSuccess, Key = managedCert.Id, Description = deployResult.Message });
-                        }
-                    }
-
-                    importResult.Add(new ActionStep { Title = "Deployment" + (importRequest.IsPreviewMode ? " [Preview]" : ""), Substeps = deploySteps });
-                }
-            }
-            else
-            {
-                hasError = true;
-            }
-
-            _tc?.TrackEvent("Import" + (importRequest.IsPreviewMode ? "_Preview" : ""), new Dictionary<string, string> {
-                { "hasErrors", hasError.ToString() }
-            });
-
-            return importResult;
-        }
-
-        /// <summary>
-        /// Perform (or preview) and export of settings from this instance
-        /// </summary>
-        /// <param name="exportRequest"></param>
-        /// <returns></returns>
-        public async Task<ImportExportPackage> PerformExport(ExportRequest exportRequest)
-        {
-            _tc?.TrackEvent("Export" + (exportRequest.IsPreviewMode ? "_Preview" : ""));
-
-            var migrationManager = new MigrationManager(_itemManager, _credentialsManager, _serverProviders);
-            return await migrationManager.PerformExport(exportRequest.Filter, exportRequest.Settings, exportRequest.IsPreviewMode);
-        }
-
         /// <summary>
         /// Get the current service log (per line)
         /// </summary>

From 3843d618ec11b86c890606cccb66c5973c863e54 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 24 Jun 2024 18:49:30 +0800
Subject: [PATCH 192/237] Code generation proj fixes

---
 .../Certify.SourceGenerators.csproj           | 27 +++++++------------
 .../Properties/launchSettings.json            |  1 -
 .../PublicAPISourceGenerator.cs               |  6 +----
 3 files changed, 10 insertions(+), 24 deletions(-)
 delete mode 100644 src/Certify.SourceGenerators/Properties/launchSettings.json

diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index 5b2a85997..98f9c2a4a 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -1,20 +1,11 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
-	  <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="templates\" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\certify\src\Certify.Models\Certify.Models.csproj" />
-  </ItemGroup>
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>netstandard2.0</TargetFramework>
+    </PropertyGroup>
+    <ItemGroup>
+        <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" PrivateAssets="all" />
+        <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.4" PrivateAssets="all" />
+    </ItemGroup>
 
 </Project>
diff --git a/src/Certify.SourceGenerators/Properties/launchSettings.json b/src/Certify.SourceGenerators/Properties/launchSettings.json
deleted file mode 100644
index 9e26dfeeb..000000000
--- a/src/Certify.SourceGenerators/Properties/launchSettings.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
\ No newline at end of file
diff --git a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
index 3793d50d4..2b1e959d6 100644
--- a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
+++ b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
@@ -119,7 +119,6 @@ public partial class CertifyApiClient
             }}", Encoding.UTF8));
                     }
 
-
                     if (config.OperationMethod == "HttpPost")
                     {
                         context.AddSource($"{config.PublicAPIController}.{config.OperationName}.ICertifyInternalApiClient.g.cs", SourceText.From($@"
@@ -157,7 +156,6 @@ public partial class CertifyApiClient
             }}", Encoding.UTF8));
                     }
 
-
                     if (config.OperationMethod == "HttpDelete")
                     {
                         context.AddSource($"{config.PublicAPIController}.{config.OperationName}.ICertifyInternalApiClient.g.cs", SourceText.From($@"
@@ -219,10 +217,8 @@ public partial class AppModel
         }}
     }}", Encoding.UTF8));
                 }
-
             }
         }
-
         public void Initialize(GeneratorInitializationContext context)
         {
 #if DEBUG
@@ -235,4 +231,4 @@ public void Initialize(GeneratorInitializationContext context)
 #endif
         }
     }
-}
\ No newline at end of file
+}

From 314fd1fcefa45502fc409dd37da5e55f021c5712 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 24 Jun 2024 18:49:46 +0800
Subject: [PATCH 193/237] Validation: Require any identifier

---
 src/Certify.Locales/SR.Designer.cs | 2 +-
 src/Certify.Locales/SR.resx        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Locales/SR.Designer.cs b/src/Certify.Locales/SR.Designer.cs
index a54c4900b..299568919 100644
--- a/src/Certify.Locales/SR.Designer.cs
+++ b/src/Certify.Locales/SR.Designer.cs
@@ -1070,7 +1070,7 @@ public static string ManagedCertificateSettings_NameRequired {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to A Primary Domain must be included.
+        ///   Looks up a localized string similar to A Primary Domain/identifier must be included.
         /// </summary>
         public static string ManagedCertificateSettings_NeedPrimaryDomain {
             get {
diff --git a/src/Certify.Locales/SR.resx b/src/Certify.Locales/SR.resx
index e20402ad3..a309239e5 100644
--- a/src/Certify.Locales/SR.resx
+++ b/src/Certify.Locales/SR.resx
@@ -433,7 +433,7 @@
     <value>A name is required for this item.</value>
   </data>
   <data name="ManagedCertificateSettings_NeedPrimaryDomain" xml:space="preserve">
-    <value>A Primary Domain must be included</value>
+    <value>A Primary Domain/identifier must be included</value>
   </data>
   <data name="ManagedCertificateSettings_ChallengeNotAvailable" xml:space="preserve">
     <value>The {0} challenge is only available for IIS versions 8+.</value>

From a668b7ea133e066ccafb1d5c612065ea2416fad0 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 24 Jun 2024 18:51:13 +0800
Subject: [PATCH 194/237] Request Certificate: only show exception message, not
 full stack trace

---
 src/Certify.Client/CertifyApiClient.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index cab5a151e..c67cb3e58 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -492,7 +492,7 @@ public async Task<CertificateRequestResult> BeginCertificateRequest(string manag
                 return new CertificateRequestResult
                 {
                     IsSuccess = false,
-                    Message = exp.ToString(),
+                    Message = exp.Message.ToString(),
                     Result = exp
                 };
             }

From e058f6e265ee708b49dbc3eaa7d85b3bc541682d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 19 Jun 2024 17:51:07 +0800
Subject: [PATCH 195/237] WIP: multi instance hub

WIP: multi instance hub

Package updates

WIP: managed instances

WIP - multi instance

WIP: management hub - get and update remote items
---
 src/Certify.Client/Certify.Client.csproj      |   2 +-
 src/Certify.Client/CertifyServiceClient.cs    |   2 +-
 src/Certify.Client/ManagementServerClient.cs  | 107 +++++
 .../CertifyManager.ManagedCertificates.cs     |  35 +-
 .../CertifyManager.ManagementHub.cs           | 159 +++++++
 .../CertifyManager/CertifyManager.cs          |  23 +
 .../API/ManagedCertificateSummary.cs          |   2 +
 .../API/Management/ManagedInstanceInfo.cs     |  20 +
 .../API/Management/ManagementHubMessages.cs   |  91 ++++
 src/Certify.Models/Certify.Models.csproj      |   2 +-
 src/Certify.Models/Reporting/Summary.cs       |   1 +
 src/Certify.Models/Shared/ServiceConfig.cs    |   2 +
 src/Certify.Models/Util/EnvironmentUtil.cs    |   7 +-
 .../AWSRoute53/Plugin.DNS.AWSRoute53.csproj   |   2 +-
 .../Certify.API.Public.cs                     | 409 +++++++++++++-----
 .../nswag.json                                |   3 +-
 .../Certify.Server.Api.Public.csproj          |  56 +--
 .../Controllers/internal/HubController.cs     |  94 ++++
 .../Controllers/v1/CertificateController.cs   |  31 +-
 .../Certify.Server.Api.Public/Program.cs      |   2 +-
 .../Properties/launchSettings.json            |   2 +-
 .../Services/ManagementAPI.cs                 |  96 ++++
 .../Services/ManagementWorker.cs              |  81 ++++
 .../ManagementHub/InstanceManagementHub.cs    | 207 +++++++++
 .../InstanceManagementStateProvider.cs        | 185 ++++++++
 .../UserInterfaceStatusHub.cs}                |  20 +-
 .../Certify.Server.Api.Public/Startup.cs      |  23 +-
 .../Certify.Shared.Extensions.csproj          |   2 +-
 src/Certify.Shared/Certify.Shared.Core.csproj |   2 +-
 29 files changed, 1495 insertions(+), 173 deletions(-)
 create mode 100644 src/Certify.Client/ManagementServerClient.cs
 create mode 100644 src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
 create mode 100644 src/Certify.Models/API/Management/ManagedInstanceInfo.cs
 create mode 100644 src/Certify.Models/API/Management/ManagementHubMessages.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/Services/ManagementWorker.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
 create mode 100644 src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
 rename src/Certify.Server/Certify.Server.Api.Public/{StatusHub.cs => SignalR/UserInterfaceStatusHub.cs} (78%)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 7d0fb2159..237fe3764 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.1" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index d09128a3e..9ecc50078 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -64,7 +64,7 @@ public async Task ConnectStatusStreamAsync()
                 _legacyConnection.TraceLevel = TraceLevels.All;
                 _legacyConnection.TraceWriter = writer;
 #endif
-
+                
                 await _legacyConnection.Start();
 
             }
diff --git a/src/Certify.Client/ManagementServerClient.cs b/src/Certify.Client/ManagementServerClient.cs
new file mode 100644
index 000000000..bafea046f
--- /dev/null
+++ b/src/Certify.Client/ManagementServerClient.cs
@@ -0,0 +1,107 @@
+using System;
+using System.Threading.Tasks;
+using Certify.API.Management;
+using Certify.Models;
+using Microsoft.AspNetCore.SignalR.Client;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Certify.Client
+{
+    /// <summary>
+    /// Implements hub communication with a central management server
+    /// </summary>
+    public class ManagementServerClient
+    {
+
+        public event Action OnConnectionReconnecting;
+
+        public event Action OnConnectionReconnected;
+
+        public event Action OnConnectionClosed;
+
+        public event Func<ManagedInstanceItems> OnGetInstanceItems;
+        public event Func<InstanceCommandRequest, Task<InstanceCommandResult>> OnGetCommandResult;
+
+        private HubConnection _connection;
+
+        private string _hubUri = "";
+
+        private ManagedInstanceInfo _instanceInfo;
+
+        public ManagementServerClient(string hubUri, ManagedInstanceInfo instanceInfo)
+        {
+            _hubUri = $"{hubUri}";
+            _instanceInfo = instanceInfo;
+        }
+
+        public bool IsConnected()
+        {
+            if (_connection == null || _connection?.State == HubConnectionState.Disconnected)
+            {
+                return false;
+            }
+
+            return true;
+        }
+
+        public async Task ConnectAsync()
+        {
+            var allowUntrusted = true;
+
+            _connection = new HubConnectionBuilder()
+
+            .WithUrl(_hubUri, opts =>
+            {
+                opts.HttpMessageHandlerFactory = (message) =>
+                {
+                    if (message is System.Net.Http.HttpClientHandler clientHandler)
+                    {
+                        if (allowUntrusted)
+                        {
+                            // allow invalid/untrusted tls cert
+                            clientHandler.ServerCertificateCustomValidationCallback +=
+                                (sender, certificate, chain, sslPolicyErrors) => true;
+                        }
+                    }
+
+                    return message;
+                };
+            })
+            .WithAutomaticReconnect()
+            .AddMessagePackProtocol()
+            .Build();
+
+            _connection.On(ManagementHubMessages.SendCommandRequest, (Action<InstanceCommandRequest>)((s) =>
+            {
+                PerformRequestedCommand(s);
+            }));
+
+            await _connection.StartAsync();
+
+            _connection.Closed += async (error) =>
+            {
+                await Task.Delay(new Random().Next(0, 5) * 1000);
+                await _connection.StartAsync();
+            };
+
+        }
+
+        private void PerformRequestedCommand(InstanceCommandRequest s)
+        {
+            System.Diagnostics.Debug.WriteLine($"Got command from management server {s}");
+
+            if (s.CommandType == ManagementHubCommands.GetInstanceInfo)
+            {
+                // send this clients instance ID back to the hub to identify it in the connection: should send a shared secret before this to confirm this client knows and is not impersonating another instance
+                var result = new InstanceCommandResult { CommandId = s.CommandId, Value = System.Text.Json.JsonSerializer.Serialize(_instanceInfo) };
+                result.ObjectValue = _instanceInfo;
+                _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, result);
+            }
+            else { 
+                var task = OnGetCommandResult?.Invoke(s);
+
+                _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, task.Result).Wait();
+            }
+        }
+    }
+}
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 0d04da7be..7c378bc2a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -1,8 +1,9 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
+using System.Management.Automation;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.API;
@@ -14,12 +15,29 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
+        public string InstanceId
+        {
+            get
+            {
+                return CoreAppSettings.Current.InstanceId;
+            }
+        }
+
         /// <summary>
         /// Get managed certificate details by ID
         /// </summary>
         /// <param name="id"></param>
         /// <returns></returns>
-        public async Task<ManagedCertificate> GetManagedCertificate(string id) => await _itemManager.GetById(id);
+        public async Task<ManagedCertificate> GetManagedCertificate(string id)
+        {
+            var item = await _itemManager.GetById(id);
+            if (item != null)
+            {
+                item.InstanceId = InstanceId;
+            }
+
+            return item;
+        }
 
         /// <summary>
         /// Get list of managed certificates based on then given filter criteria
@@ -29,6 +47,7 @@ public partial class CertifyManager
         public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter)
         {
             var list = await _itemManager.Find(filter);
+
             if (filter?.IncludeExternal == true)
             {
                 var external = GetExternallyManagedCertificates(filter);
@@ -38,6 +57,8 @@ public async Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertif
                 }
             }
 
+            list.ForEach(i => i.InstanceId = InstanceId);
+
             return list;
         }
 
@@ -94,15 +115,20 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             var result = new ManagedCertificateSearchResult();
 
             var list = await _itemManager.Find(filter);
+
+            list.ForEach(i => i.InstanceId = InstanceId);
+
             result.Results = list;
 
             if (filter?.IncludeExternal == true)
             {
                 // TODO: overall set still has to be paged and sorted
                 var external = GetExternallyManagedCertificates(filter);
+
                 if (external != null)
                 {
                     list.AddRange(await external);
+                    list.ForEach(i => i.InstanceId = InstanceId);
                     result.Results = list;
                 }
             }
@@ -122,6 +148,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             var ms = await _itemManager.Find(filter);
 
             var summary = new Summary();
+            summary.InstanceId = InstanceId;
             summary.Total = ms.Count;
             summary.Healthy = ms.Count(c => c.Health == ManagedCertificateHealth.OK);
             summary.Error = ms.Count(c => c.Health == ManagedCertificateHealth.Error);
@@ -150,6 +177,8 @@ public async Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificat
             // store managed cert in database store
             managedCert = await _itemManager.Update(managedCert);
 
+            managedCert.InstanceId = InstanceId;
+
             // report request state to status hub clients
             _statusReporting?.ReportManagedCertificateUpdated(managedCert);
 
@@ -242,7 +271,7 @@ private async Task ReportManagedCertificateStatus(ManagedCertificate managedCert
 
             var report = new Models.Shared.RenewalStatusReport
             {
-                InstanceId = CoreAppSettings.Current.InstanceId,
+                InstanceId = this.InstanceId,
                 MachineName = Environment.MachineName,
                 PrimaryContactEmail = (await GetAccountDetails(managedCertificate, allowFailover: false))?.Email,
                 ManagedSite = reportedCert,
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
new file mode 100644
index 000000000..d9d9688c6
--- /dev/null
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -0,0 +1,159 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Certify.API.Management;
+using Certify.Client;
+using Certify.Models;
+using Certify.Models.Shared.Validation;
+using System.Text.Json;
+
+namespace Certify.Management
+{
+    public partial class CertifyManager
+    {
+        private ManagementServerClient _managementServerClient;
+        private string _managementServerConnectionId = string.Empty;
+
+        private async Task StartManagementHubConnection(string hubUri)
+        {
+
+            _serviceLog.Debug("Attempting connection to management hub {hubUri}", hubUri);
+
+            var instanceInfo = new ManagedInstanceInfo
+            {
+                InstanceId = $"{this.InstanceId}",
+                Title = Environment.MachineName
+            };
+
+            if (_managementServerClient != null)
+            {
+                _managementServerClient.OnGetCommandResult -= _managementServerClient_OnGetCommandResult;
+                _managementServerClient.OnConnectionReconnecting -= _managementServerClient_OnConnectionReconnecting;
+            }
+
+            _managementServerClient = new ManagementServerClient(hubUri, instanceInfo);
+
+            try
+            {
+                await _managementServerClient.ConnectAsync();
+
+                _managementServerClient.OnGetCommandResult += _managementServerClient_OnGetCommandResult;
+                _managementServerClient.OnConnectionReconnecting += _managementServerClient_OnConnectionReconnecting;
+            }
+            catch (Exception ex)
+            {
+                _serviceLog.Error(ex, "Failed to create connection to management hub {hubUri}", hubUri);
+
+                _managementServerClient = null;
+            }
+        }
+
+        private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandResult(InstanceCommandRequest arg)
+        {
+            object val = null;
+
+            if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItem)
+            {
+                // Get a single managed item by id
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+                val = await GetManagedCertificate(managedCertIdArg.Value);
+            }
+            else if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItems)
+            {
+                // Get all managed items
+                var items = await GetManagedCertificates(new ManagedCertificateFilter { });
+                val = new ManagedInstanceItems { InstanceId = InstanceId, Items = items };
+            }
+            else if (arg.CommandType == ManagementHubCommands.UpdateInstanceManagedItem)
+            {
+                // update a single managed item 
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
+                var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
+                val = await UpdateManagedCertificate(managedCertObj);
+            }
+
+            var result = new InstanceCommandResult { CommandId = arg.CommandId, Value = JsonSerializer.Serialize(val) };
+
+            result.ObjectValue = val;
+
+            return result;
+        }
+
+        private void _managementServerClient_OnConnectionReconnecting()
+        {
+            _serviceLog.Warning("Reconnecting to Management.");
+        }
+
+        private void GenerateDemoItems()
+        {
+            var numItems = new Random().Next(10, 50);
+            for (var i = 0; i < numItems; i++)
+            {
+
+                var item = new ManagedCertificate
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    Name = GenerateName(),
+                    RequestConfig = new CertRequestConfig
+                    {
+                        Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig> { new CertRequestChallengeConfig { ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP } }
+                    }
+                };
+
+                item.DomainOptions.Add(new DomainOption { Domain = $"{item.Name}.dev.projectbids.co.uk", IsManualEntry = true, IsPrimaryDomain = true, IsSelected = true, Type = CertIdentifierType.Dns });
+                item.RequestConfig.PrimaryDomain = item.DomainOptions[0].Domain;
+                item.RequestConfig.SubjectAlternativeNames = new string[] { item.DomainOptions[0].Domain };
+
+                var validation = CertificateEditorService.Validate(item, null, null, applyAutoConfiguration: true);
+                if (validation.IsValid)
+                {
+                    UpdateManagedCertificate(item);
+                }
+                else
+                {
+                    // generated invalid test item
+                    System.Diagnostics.Debug.WriteLine(validation.Message);
+                }
+            }
+        }
+
+        private string GenerateName()
+        {
+            // generate test item names using verb,animal
+            var subjects = new string[] {
+                "Lion",
+                "Tiger",
+                "Leopard",
+                "Cheetah",
+                "Elephant",
+                "Giraffe",
+                "Rhinoceros",
+                "Gorilla"
+            };
+            var adjectives = new string[] {
+                "active",
+                "adaptable",
+                "alert",
+                "clever" ,
+                "comfortable" ,
+                "conscientious",
+                "considerate",
+                "courageous" ,
+                "decisive",
+                "determined" ,
+                "diligent" ,
+                "energetic",
+                "entertaining",
+                "enthusiastic" ,
+                "fabulous"
+            };
+
+            var rnd = new Random();
+
+            return $"{adjectives[rnd.Next(0, adjectives.Length - 1)]}-{subjects[rnd.Next(0, subjects.Length - 1)]}".ToLower();
+        }
+    }
+}
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 5239b8f59..535947f8c 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -6,6 +6,8 @@
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
+using Certify.API.Management;
+using Certify.Client;
 using Certify.Core.Management;
 using Certify.Core.Management.Access;
 using Certify.Core.Management.Challenges;
@@ -192,6 +194,13 @@ public async Task Init()
             await UpgradeSettings();
 
             _serviceLog?.Information("Certify Manager Started");
+
+#if DEBUG
+            if (Environment.GetEnvironmentVariable("CERTIFY_GENERATE_DEMO_ITEMS") == "true")
+            {
+                GenerateDemoItems();
+            }
+#endif
         }
        
         /// <summary>
@@ -239,6 +248,20 @@ private async void _hourlyTimer_Elapsed(object sender, System.Timers.ElapsedEven
             }
         }
 
+        private async void _heartbeatTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
+        {
+            // connect/reconnect to management hub if enabled
+            if (_managementServerClient == null || !_managementServerClient.IsConnected())
+            {
+                var mgmtHubUri = Environment.GetEnvironmentVariable("CERTIFY_MANAGEMENT_HUB") ?? _serverConfig.ManagementServerHubUri;
+
+                if (!string.IsNullOrWhiteSpace(mgmtHubUri))
+                {
+                    await StartManagementHubConnection(mgmtHubUri);
+                }
+            }
+        }
+
         private async void _frequentTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
         {
             await PerformRenewalTasks();
diff --git a/src/Certify.Models/API/ManagedCertificateSummary.cs b/src/Certify.Models/API/ManagedCertificateSummary.cs
index 25e3f1d37..01a5b65e9 100644
--- a/src/Certify.Models/API/ManagedCertificateSummary.cs
+++ b/src/Certify.Models/API/ManagedCertificateSummary.cs
@@ -8,6 +8,8 @@ namespace Certify.Models.API
     /// </summary>
     public class ManagedCertificateSummary
     {
+        public string? InstanceId { get; set; } = string.Empty;
+        public string? InstanceTitle { get; set; } = string.Empty;
         /// <summary>
         /// Id for this managed item
         /// </summary>
diff --git a/src/Certify.Models/API/Management/ManagedInstanceInfo.cs b/src/Certify.Models/API/Management/ManagedInstanceInfo.cs
new file mode 100644
index 000000000..d0c1ef84f
--- /dev/null
+++ b/src/Certify.Models/API/Management/ManagedInstanceInfo.cs
@@ -0,0 +1,20 @@
+using System;
+using System.Collections.Generic;
+using Certify.Models;
+
+namespace Certify.API.Management
+{
+    public class ManagedInstanceInfo
+    {
+        public string InstanceId { get; set; } = string.Empty;
+        public string Title { get; set; } = string.Empty;
+        public List<string> Tags { get; set; } = new List<string>();
+        public DateTimeOffset LastReported { get; set; }
+    }
+
+    public class ManagedInstanceItems
+    {
+        public string InstanceId { get; set; } = string.Empty;
+        public List<ManagedCertificate> Items { get; set; } = new List<ManagedCertificate>();
+    }
+}
diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
new file mode 100644
index 000000000..e47a5cde0
--- /dev/null
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -0,0 +1,91 @@
+using System;
+using System.Collections.Generic;
+
+namespace Certify.API.Management
+{
+    public class ManagementHubMessages
+    {
+        public const string SendCommandRequest = "SendCommandRequest";
+        public const string ReceiveCommandResult = "ReceiveCommandResult";
+        public const string GetCommandResult = "GetCommandResult";
+    }
+
+    public class ManagementHubCommands
+    {
+        public const string GetInstanceInfo = "GetInstanceInfo";
+        public const string GetInstanceManagedItems = "GetInstanceManagedItems";
+        public const string GetInstanceManagedItem = "GetInstanceManagedItem";
+        public const string UpdateInstanceManagedItem = "UpdateInstanceManagedItem";
+    }
+
+    /// <summary>
+    /// A command that can be sent asynchronously to an instance (each instance is a hub client)
+    /// </summary>
+    public class InstanceCommandRequest
+    {
+        public InstanceCommandRequest()
+        {
+
+        }
+
+        public InstanceCommandRequest(string commandType)
+        {
+            CommandId = Guid.NewGuid();
+            CommandType = commandType;
+        }
+        public InstanceCommandRequest(string commandType, KeyValuePair<string, string>[] values) : this(commandType)
+        {
+            Value = System.Text.Json.JsonSerializer.Serialize(values);
+        }
+        /// <summary>
+        /// Unique ID of this command
+        /// </summary>
+        public Guid CommandId { get; set; }
+
+        /// <summary>
+        /// Command type
+        /// </summary>
+        public string CommandType { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Command associated value
+        /// </summary>
+        public string? Value { get; set; } = string.Empty;
+    }
+
+    /// <summary>
+    /// A result (eventually) received from an instance command
+    /// </summary>
+    public class InstanceCommandResult
+    {
+        /// <summary>
+        /// Guid of the original command being responded to
+        /// </summary>
+        public Guid CommandId { get; set; }
+
+        public string? InstanceId { get; set; }
+        public DateTimeOffset? Received { get; set; }
+        /// <summary>
+        /// Response value
+        /// </summary>
+        public string? Value { get; set; }
+
+        public object? ObjectValue { get; set; }
+    }
+
+    /// <summary>
+    /// General ad-hoc message sent from an instance to the management hub such as a progress report or new/updated managed item
+    /// </summary>
+    public class InstanceMessage
+    {
+        /// <summary>
+        /// Type of message instance is sending
+        /// </summary>
+        public string MessageType { get; set; } = string.Empty;
+
+        /// <summary>
+        /// Value of message instance is sending, to be interpreted by the management hub
+        /// </summary>
+        public string? Value { get; set; }
+    }
+}
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 0ea888a1c..cd9a0150b 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.1" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Models/Reporting/Summary.cs b/src/Certify.Models/Reporting/Summary.cs
index 94129011b..66b47f82e 100644
--- a/src/Certify.Models/Reporting/Summary.cs
+++ b/src/Certify.Models/Reporting/Summary.cs
@@ -2,6 +2,7 @@
 {
     public class Summary : BindableBase
     {
+        public string InstanceId { get; set; } = string.Empty;
         public int Total { get; set; }
         public int Healthy { get; set; }
         public int Error { get; set; }
diff --git a/src/Certify.Models/Shared/ServiceConfig.cs b/src/Certify.Models/Shared/ServiceConfig.cs
index 1d5fdcd53..afa934733 100644
--- a/src/Certify.Models/Shared/ServiceConfig.cs
+++ b/src/Certify.Models/Shared/ServiceConfig.cs
@@ -33,6 +33,8 @@ public class ServiceConfig
         /// If true, allow service to negotitate it's own port and update required config.
         /// </summary>
         public bool EnableAutoPortNegotiation { get; set; }
+
+        public string ManagementServerHubUri { get; set; } = string.Empty;
     }
 
     public enum ConfigStatus
diff --git a/src/Certify.Models/Util/EnvironmentUtil.cs b/src/Certify.Models/Util/EnvironmentUtil.cs
index f563bc1d1..c3d0cd38e 100644
--- a/src/Certify.Models/Util/EnvironmentUtil.cs
+++ b/src/Certify.Models/Util/EnvironmentUtil.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 
@@ -85,6 +85,11 @@ public static string CreateAppDataPath(string? subDirectory = null)
                 Models.SharedConstants.APPDATASUBFOLDER
             };
 
+            if (Environment.GetEnvironmentVariable("CERTIFY_ENABLE_PER_INSTANCE_SETTINGS")?.ToLowerInvariant() == "true")
+            {
+                parts.Add(Environment.MachineName.ToLowerInvariant().Trim());
+            }
+
             var path = Path.Combine(parts.ToArray());
             CreateAndApplyRestrictedACL(path);
 
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 669c64235..4bd89977e 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.72" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.75" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 3ddc9ec30..07ff0c074 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1,6 +1,6 @@
 //----------------------
 // <auto-generated>
-//     Generated using the NSwag toolchain v14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
+//     Generated using the NSwag toolchain v14.0.8.0 (NJsonSchema v11.0.1.0 (Newtonsoft.Json v13.0.0.0)) (http://NSwag.org)
 // </auto-generated>
 //----------------------
 
@@ -11,6 +11,7 @@
 using Certify.Models.Providers;
 using Certify.Models.Config.AccessControl;
 using Certify.Models.Config.Migration;
+using Certify.API.Management;
 
 #pragma warning disable 108 // Disable "CS0108 '{derivedDto}.ToJson()' hides inherited member '{dtoBase}.ToJson()'. Use the new keyword if hiding was intended."
 #pragma warning disable 114 // Disable "CS0114 '{derivedDto}.RaisePropertyChanged(String)' hides inherited member 'dtoBase.RaisePropertyChanged(String)'. To make the current member override that implementation, add the override keyword. Otherwise add the new keyword."
@@ -23,12 +24,13 @@
 #pragma warning disable 8603 // Disable "CS8603 Possible null reference return"
 #pragma warning disable 8604 // Disable "CS8604 Possible null reference argument for parameter"
 #pragma warning disable 8625 // Disable "CS8625 Cannot convert null literal to non-nullable reference type"
+#pragma warning disable CS8765 // Nullability of type of parameter doesn't match overridden member (possibly because of nullability attributes).
 
 namespace Certify.API.Public
 {
     using System = global::System;
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.8.0 (NJsonSchema v11.0.1.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class Client 
     {
         #pragma warning disable 8618
@@ -38,7 +40,9 @@ public partial class Client
         private System.Net.Http.HttpClient _httpClient;
         private static System.Lazy<Newtonsoft.Json.JsonSerializerSettings> _settings = new System.Lazy<Newtonsoft.Json.JsonSerializerSettings>(CreateSerializerSettings, true);
 
+    #pragma warning disable CS8618 // Non-nullable field must contain a non-null value when exiting constructor. Consider declaring as nullable.
         public Client(string baseUrl, System.Net.Http.HttpClient httpClient)
+    #pragma warning restore CS8618 // Non-nullable field must contain a non-null value when exiting constructor. Consider declaring as nullable.
         {
             BaseUrl = baseUrl;
             _httpClient = httpClient;
@@ -54,7 +58,6 @@ private static Newtonsoft.Json.JsonSerializerSettings CreateSerializerSettings()
         public string BaseUrl
         {
             get { return _baseUrl; }
-            [System.Diagnostics.CodeAnalysis.MemberNotNull(nameof(_baseUrl))]
             set
             {
                 _baseUrl = value;
@@ -74,7 +77,7 @@ public string BaseUrl
         /// <summary>
         /// Get list of Assigned Roles for a given security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AssignedRole>> GetSecurityPrincipleAssignedRolesAsync(string id)
         {
@@ -85,7 +88,7 @@ public string BaseUrl
         /// <summary>
         /// Get list of Assigned Roles for a given security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AssignedRole>> GetSecurityPrincipleAssignedRolesAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -163,7 +166,7 @@ public string BaseUrl
         /// <summary>
         /// Get list of Assigned Roles etc for a given security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipleRoleStatusAsync(string id)
         {
@@ -174,7 +177,7 @@ public virtual System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipleRoleS
         /// <summary>
         /// Get list of Assigned Roles etc for a given security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipleRoleStatusAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -252,7 +255,7 @@ public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipl
         /// <summary>
         /// Get list of available security Roles [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<Role>> GetAccessRolesAsync()
         {
@@ -263,7 +266,7 @@ public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipl
         /// <summary>
         /// Get list of available security Roles [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<Role>> GetAccessRolesAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -336,7 +339,7 @@ public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipl
         /// <summary>
         /// Get list of available security principles [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SecurityPrinciple>> GetSecurityPrinciplesAsync()
         {
@@ -347,7 +350,7 @@ public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipl
         /// <summary>
         /// Get list of available security principles [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SecurityPrinciple>> GetSecurityPrinciplesAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -420,7 +423,7 @@ public virtual async System.Threading.Tasks.Task<RoleStatus> GetSecurityPrincipl
         /// <summary>
         /// Check password valid for security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<SecurityPrincipleCheckResponse> ValidateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordCheck body)
         {
@@ -431,7 +434,7 @@ public virtual System.Threading.Tasks.Task<SecurityPrincipleCheckResponse> Valid
         /// <summary>
         /// Check password valid for security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<SecurityPrincipleCheckResponse> ValidateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordCheck body, System.Threading.CancellationToken cancellationToken)
         {
@@ -508,7 +511,7 @@ public virtual async System.Threading.Tasks.Task<SecurityPrincipleCheckResponse>
         /// <summary>
         /// Update password for security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordUpdate body)
         {
@@ -519,7 +522,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciple
         /// <summary>
         /// Update password for security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciplePasswordAsync(SecurityPrinciplePasswordUpdate body, System.Threading.CancellationToken cancellationToken)
         {
@@ -596,7 +599,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
         /// <summary>
         /// Add new security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> AddSecurityPrincipleAsync(SecurityPrinciple body)
         {
@@ -607,7 +610,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> AddSecurityPrincipleAsy
         /// <summary>
         /// Add new security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> AddSecurityPrincipleAsync(SecurityPrinciple body, System.Threading.CancellationToken cancellationToken)
         {
@@ -684,7 +687,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddSecurityPrinci
         /// <summary>
         /// Delete security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> DeleteSecurityPrincipleAsync(string id)
         {
@@ -695,7 +698,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> DeleteSecurityPrinciple
         /// <summary>
         /// Delete security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> DeleteSecurityPrincipleAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -774,7 +777,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> DeleteSecurityPri
         /// <summary>
         /// Update existing security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAsync(SecurityPrinciple body)
         {
@@ -785,7 +788,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciple
         /// <summary>
         /// Update existing security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAsync(SecurityPrinciple body, System.Threading.CancellationToken cancellationToken)
         {
@@ -862,7 +865,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
         /// <summary>
         /// Update assigned roles for a security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAssignedRolesAsync(SecurityPrincipleAssignedRoleUpdate body)
         {
@@ -873,7 +876,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrinciple
         /// <summary>
         /// Update assigned roles for a security principle [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPrincipleAssignedRolesAsync(SecurityPrincipleAssignedRoleUpdate body, System.Threading.CancellationToken cancellationToken)
         {
@@ -950,7 +953,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> UpdateSecurityPri
         /// <summary>
         /// Operations to check current auth status for the given presented authentication tokens
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task CheckAuthStatusAsync()
         {
@@ -961,7 +964,7 @@ public virtual System.Threading.Tasks.Task CheckAuthStatusAsync()
         /// <summary>
         /// Operations to check current auth status for the given presented authentication tokens
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task CheckAuthStatusAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -1029,7 +1032,7 @@ public virtual async System.Threading.Tasks.Task CheckAuthStatusAsync(System.Thr
         /// Perform login using username and password
         /// </summary>
         /// <param name="body">Login credentials</param>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRequest body)
         {
@@ -1041,7 +1044,7 @@ public virtual System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRequest
         /// Perform login using username and password
         /// </summary>
         /// <param name="body">Login credentials</param>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRequest body, System.Threading.CancellationToken cancellationToken)
         {
@@ -1118,7 +1121,7 @@ public virtual async System.Threading.Tasks.Task<AuthResponse> LoginAsync(AuthRe
         /// <summary>
         /// Refresh users current auth token
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<AuthResponse> RefreshAsync(string refreshToken)
         {
@@ -1129,7 +1132,7 @@ public virtual System.Threading.Tasks.Task<AuthResponse> RefreshAsync(string ref
         /// <summary>
         /// Refresh users current auth token
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<AuthResponse> RefreshAsync(string refreshToken, System.Threading.CancellationToken cancellationToken)
         {
@@ -1209,7 +1212,7 @@ public virtual async System.Threading.Tasks.Task<AuthResponse> RefreshAsync(stri
         /// <summary>
         /// Download the latest certificate for the given managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<FileResponse> DownloadAsync(string managedCertId, string format, string mode)
         {
@@ -1220,7 +1223,7 @@ public virtual System.Threading.Tasks.Task<FileResponse> DownloadAsync(string ma
         /// <summary>
         /// Download the latest certificate for the given managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<FileResponse> DownloadAsync(string managedCertId, string format, string mode, System.Threading.CancellationToken cancellationToken)
         {
@@ -1306,7 +1309,7 @@ public virtual async System.Threading.Tasks.Task<FileResponse> DownloadAsync(str
         /// <summary>
         /// Download text log for the given managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines)
         {
@@ -1317,7 +1320,7 @@ public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string ma
         /// <summary>
         /// Download text log for the given managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines, System.Threading.CancellationToken cancellationToken)
         {
@@ -1401,7 +1404,7 @@ public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(str
         /// <summary>
         /// Get all managed certificates matching criteria
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetManagedCertificatesAsync(string keyword, int? page, int? pageSize)
         {
@@ -1412,7 +1415,7 @@ public virtual System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetM
         /// <summary>
         /// Get all managed certificates matching criteria
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetManagedCertificatesAsync(string keyword, int? page, int? pageSize, System.Threading.CancellationToken cancellationToken)
         {
@@ -1499,7 +1502,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
         /// <summary>
         /// Get summary counts of all managed certs
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword)
         {
@@ -1510,7 +1513,7 @@ public virtual System.Threading.Tasks.Task<Summary> GetManagedCertificateSummary
         /// <summary>
         /// Get summary counts of all managed certs
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword, System.Threading.CancellationToken cancellationToken)
         {
@@ -1590,21 +1593,28 @@ public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateS
         /// <summary>
         /// Gets the full settings for a specific managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <param name="instanceId">target instance</param>
+        /// <param name="managedCertId">managed item</param>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string managedCertId)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string instanceId, string managedCertId)
         {
-            return GetManagedCertificateDetailsAsync(managedCertId, System.Threading.CancellationToken.None);
+            return GetManagedCertificateDetailsAsync(instanceId, managedCertId, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
         /// Gets the full settings for a specific managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <param name="instanceId">target instance</param>
+        /// <param name="managedCertId">managed item</param>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string managedCertId, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedCertificateDetailsAsync(string instanceId, string managedCertId, System.Threading.CancellationToken cancellationToken)
         {
+            if (instanceId == null)
+                throw new System.ArgumentNullException("instanceId");
+
             if (managedCertId == null)
                 throw new System.ArgumentNullException("managedCertId");
 
@@ -1619,8 +1629,10 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedC
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/settings/{managedCertId}"
+                    // Operation Path: "api/v1/certificate/settings/{instanceId}/{managedCertId}"
                     urlBuilder_.Append("api/v1/certificate/settings/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append('/');
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
 
                     PrepareRequest(client_, request_, urlBuilder_);
@@ -1678,21 +1690,24 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedC
         /// <summary>
         /// Add/update the full settings for a specific managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(ManagedCertificate body)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body)
         {
-            return UpdateManagedCertificateDetailsAsync(body, System.Threading.CancellationToken.None);
+            return UpdateManagedCertificateDetailsAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
         /// Add/update the full settings for a specific managed certificate
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
+            if (instanceId == null)
+                throw new System.ArgumentNullException("instanceId");
+
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
@@ -1708,8 +1723,10 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/settings/update"
-                    urlBuilder_.Append("api/v1/certificate/settings/update");
+                    // Operation Path: "api/v1/certificate/settings/{instanceId}/update"
+                    urlBuilder_.Append("api/v1/certificate/settings/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/update");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1766,7 +1783,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
         /// <summary>
         /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id)
         {
@@ -1777,7 +1794,7 @@ public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(s
         /// <summary>
         /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -1857,7 +1874,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
         /// <summary>
         /// Begin the managed certificate request/renewal process a set of managed certificates
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body)
         {
@@ -1868,7 +1885,7 @@ public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsy
         /// <summary>
         /// Begin the managed certificate request/renewal process a set of managed certificates
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body, System.Threading.CancellationToken cancellationToken)
         {
@@ -1945,7 +1962,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         /// <summary>
         /// Perform default tests for the given configuration
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body)
         {
@@ -1956,7 +1973,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         /// <summary>
         /// Perform default tests for the given configuration
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
@@ -2033,7 +2050,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         /// <summary>
         /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id)
         {
@@ -2044,7 +2061,7 @@ public virtual System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(s
         /// <summary>
         /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -2121,7 +2138,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
         /// <summary>
         /// Get list of known certificate authorities
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<CertificateAuthority>> GetCertificateAuthoritiesAsync()
         {
@@ -2132,7 +2149,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
         /// <summary>
         /// Get list of known certificate authorities
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<CertificateAuthority>> GetCertificateAuthoritiesAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -2205,7 +2222,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
         /// <summary>
         /// Get All Acme Accounts [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AccountDetails>> GetAcmeAccountsAsync()
         {
@@ -2216,7 +2233,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
         /// <summary>
         /// Get All Acme Accounts [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<AccountDetails>> GetAcmeAccountsAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -2289,7 +2306,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
         /// <summary>
         /// Add New Acme Account [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsync(ContactRegistration body)
         {
@@ -2300,7 +2317,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsync(Con
         /// <summary>
         /// Add New Acme Account [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsync(ContactRegistration body, System.Threading.CancellationToken cancellationToken)
         {
@@ -2377,7 +2394,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddAcmeAccountAsy
         /// <summary>
         /// Add New Certificate Authority [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> AddCertificateAuthorityAsync(CertificateAuthority body)
         {
@@ -2388,7 +2405,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> AddCertificateAuthority
         /// <summary>
         /// Add New Certificate Authority [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> AddCertificateAuthorityAsync(CertificateAuthority body, System.Threading.CancellationToken cancellationToken)
         {
@@ -2465,7 +2482,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddCertificateAut
         /// <summary>
         /// Remove Certificate Authority [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> RemoveCertificateAuthorityAsync(string id)
         {
@@ -2476,7 +2493,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> RemoveCertificateAuthor
         /// <summary>
         /// Remove Certificate Authority [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> RemoveCertificateAuthorityAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
@@ -2553,7 +2570,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveCertificate
         /// <summary>
         /// Remove ACME Account [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccountAsync(string storageKey, bool deactivate)
         {
@@ -2564,7 +2581,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccountAsync(
         /// <summary>
         /// Remove ACME Account [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccountAsync(string storageKey, bool deactivate, System.Threading.CancellationToken cancellationToken)
         {
@@ -2646,7 +2663,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get list of supported challenge providers
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ChallengeProviderDefinition>> GetChallengeProvidersAsync()
         {
@@ -2657,7 +2674,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get list of supported challenge providers
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ChallengeProviderDefinition>> GetChallengeProvidersAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -2730,7 +2747,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Fetch list of DNS zones for a given DNS provider and credential
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DnsZone>> GetDnsZonesAsync(string providerTypeId, string credentialsId)
         {
@@ -2741,7 +2758,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Fetch list of DNS zones for a given DNS provider and credential
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DnsZone>> GetDnsZonesAsync(string providerTypeId, string credentialsId, System.Threading.CancellationToken cancellationToken)
         {
@@ -2824,7 +2841,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get List of supported deployment tasks
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DeploymentProviderDefinition>> GetDeploymentProvidersAsync()
         {
@@ -2835,7 +2852,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get List of supported deployment tasks
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DeploymentProviderDefinition>> GetDeploymentProvidersAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -2905,10 +2922,186 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
             }
         }
 
+        /// <summary>
+        /// Get all managed certificates matching criteria
+        /// </summary>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetHubManagedItemsAsync(string keyword, int? page, int? pageSize)
+        {
+            return GetHubManagedItemsAsync(keyword, page, pageSize, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Get all managed certificates matching criteria
+        /// </summary>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult> GetHubManagedItemsAsync(string keyword, int? page, int? pageSize, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "api/v1/hub/items"
+                    urlBuilder_.Append("api/v1/hub/items");
+                    urlBuilder_.Append('?');
+                    if (keyword != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    if (page != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("page")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(page, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    if (pageSize != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("pageSize")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(pageSize, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificateSummaryResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ManagedInstanceInfo>> GetHubManagedInstancesAsync()
+        {
+            return GetHubManagedInstancesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ManagedInstanceInfo>> GetHubManagedInstancesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "api/v1/hub/instances"
+                    urlBuilder_.Append("api/v1/hub/instances");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<ManagedInstanceInfo>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Get preview of steps for certificate order and deployment
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> GetPreviewAsync(ManagedCertificate body)
         {
@@ -2919,7 +3112,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get preview of steps for certificate order and deployment
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> GetPreviewAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
@@ -2996,7 +3189,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get List of stored credentials
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StoredCredential>> GetStoredCredentialsAsync()
         {
@@ -3007,7 +3200,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Get List of stored credentials
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StoredCredential>> GetStoredCredentialsAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -3080,7 +3273,7 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAcmeAccount
         /// <summary>
         /// Add/Update a stored credential
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<StoredCredential> UpdateStoredCredentialAsync(StoredCredential body)
         {
@@ -3091,7 +3284,7 @@ public virtual System.Threading.Tasks.Task<StoredCredential> UpdateStoredCredent
         /// <summary>
         /// Add/Update a stored credential
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<StoredCredential> UpdateStoredCredentialAsync(StoredCredential body, System.Threading.CancellationToken cancellationToken)
         {
@@ -3168,7 +3361,7 @@ public virtual async System.Threading.Tasks.Task<StoredCredential> UpdateStoredC
         /// <summary>
         /// Remove Stored Credential [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ActionResult> RemoveStoredCredentialAsync(string storageKey)
         {
@@ -3179,7 +3372,7 @@ public virtual System.Threading.Tasks.Task<ActionResult> RemoveStoredCredentialA
         /// <summary>
         /// Remove Stored Credential [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ActionResult> RemoveStoredCredentialAsync(string storageKey, System.Threading.CancellationToken cancellationToken)
         {
@@ -3256,9 +3449,9 @@ public virtual async System.Threading.Tasks.Task<ActionResult> RemoveStoredCrede
         /// <summary>
         /// Get the server software version
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<Version> GetSystemVersionAsync()
+        public virtual System.Threading.Tasks.Task<string> GetSystemVersionAsync()
         {
             return GetSystemVersionAsync(System.Threading.CancellationToken.None);
         }
@@ -3267,9 +3460,9 @@ public virtual System.Threading.Tasks.Task<Version> GetSystemVersionAsync()
         /// <summary>
         /// Get the server software version
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<Version> GetSystemVersionAsync(System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<string> GetSystemVersionAsync(System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -3310,7 +3503,7 @@ public virtual async System.Threading.Tasks.Task<Version> GetSystemVersionAsync(
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<Version>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            var objectResponse_ = await ReadObjectResponseAsync<string>(response_, headers_, cancellationToken).ConfigureAwait(false);
                             if (objectResponse_.Object == null)
                             {
                                 throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
@@ -3340,7 +3533,7 @@ public virtual async System.Threading.Tasks.Task<Version> GetSystemVersionAsync(
         /// <summary>
         /// Check API is responding and can connect to background service
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<object> GetHealthAsync()
         {
@@ -3351,7 +3544,7 @@ public virtual System.Threading.Tasks.Task<object> GetHealthAsync()
         /// <summary>
         /// Check API is responding and can connect to background service
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<object> GetHealthAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -3424,7 +3617,7 @@ public virtual async System.Threading.Tasks.Task<object> GetHealthAsync(System.T
         /// <summary>
         /// Perform an export of all settings [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body)
         {
@@ -3435,7 +3628,7 @@ public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsy
         /// <summary>
         /// Perform an export of all settings [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body, System.Threading.CancellationToken cancellationToken)
         {
@@ -3512,7 +3705,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// <summary>
         /// Perform an import of all settings [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body)
         {
@@ -3523,7 +3716,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// <summary>
         /// Perform an import of all settings [Generated by Certify.SourceGenerators]
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body, System.Threading.CancellationToken cancellationToken)
         {
@@ -3600,7 +3793,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// <summary>
         /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert. May return many items (e.g. thousands of sites)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SiteInfo>> GetTargetServiceItemsAsync(string serverType)
         {
@@ -3611,7 +3804,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// <summary>
         /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert. May return many items (e.g. thousands of sites)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SiteInfo>> GetTargetServiceItemsAsync(string serverType, System.Threading.CancellationToken cancellationToken)
         {
@@ -3689,7 +3882,7 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// <summary>
         /// Return details of single target server item (e.g. 1 site)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemAsync(string serverType, string itemId)
         {
@@ -3700,7 +3893,7 @@ public virtual System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemAsync(s
         /// <summary>
         /// Return details of single target server item (e.g. 1 site)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemAsync(string serverType, string itemId, System.Threading.CancellationToken cancellationToken)
         {
@@ -3782,7 +3975,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DomainOption>> GetTargetServiceItemIdentifiersAsync(string serverType, string itemId)
         {
@@ -3793,7 +3986,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// Get list of known service items (e.g. websites etc) we may want to then check for domains etc to add to cert
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<DomainOption>> GetTargetServiceItemIdentifiersAsync(string serverType, string itemId, System.Threading.CancellationToken cancellationToken)
         {
@@ -3876,7 +4069,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// Get list of target services this server supports (e.g. IIS etc)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<string>> GetTargetServiceTypesAsync()
         {
@@ -3887,7 +4080,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// Get list of target services this server supports (e.g. IIS etc)
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<string>> GetTargetServiceTypesAsync(System.Threading.CancellationToken cancellationToken)
         {
@@ -3960,7 +4153,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// get current challenge info for a given type/key
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SimpleAuthorizationChallengeItem>> GetValidationChallengesAsync(string type, string key)
         {
@@ -3971,7 +4164,7 @@ public virtual async System.Threading.Tasks.Task<SiteInfo> GetTargetServiceItemA
         /// <summary>
         /// get current challenge info for a given type/key
         /// </summary>
-        /// <returns>Success</returns>
+        /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
         public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<SimpleAuthorizationChallengeItem>> GetValidationChallengesAsync(string type, string key, System.Threading.CancellationToken cancellationToken)
         {
@@ -4164,7 +4357,7 @@ private string ConvertToString(object value, System.Globalization.CultureInfo cu
 
     
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.8.0 (NJsonSchema v11.0.1.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class FileResponse : System.IDisposable
     {
         private System.IDisposable _client;
@@ -4201,7 +4394,7 @@ public void Dispose()
     }
 
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.8.0 (NJsonSchema v11.0.1.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException : System.Exception
     {
         public int StatusCode { get; private set; }
@@ -4224,7 +4417,7 @@ public override string ToString()
         }
     }
 
-    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.3.0 (NJsonSchema v11.0.0.0 (Newtonsoft.Json v13.0.0.0))")]
+    [System.CodeDom.Compiler.GeneratedCode("NSwag", "14.0.8.0 (NJsonSchema v11.0.1.0 (Newtonsoft.Json v13.0.0.0))")]
     public partial class ApiException<TResult> : ApiException
     {
         public TResult Result { get; private set; }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
index 317296a56..afefcbf6e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/nswag.json
@@ -53,7 +53,8 @@
         "Certify.Models.API",
         "Certify.Models.Providers",
         "Certify.Models.Config.AccessControl",
-        "Certify.Models.Config.Migration"
+        "Certify.Models.Config.Migration",
+        "Certify.API.Management"
       ],
       "additionalContractNamespaceUsages": [],
       "generateOptionalParameters": false,
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 87bb81382..6c31c62b8 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,32 +1,32 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
-  <PropertyGroup>
-    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
-    <Nullable>enable</Nullable>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <InvariantGlobalization>true</InvariantGlobalization>
-    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    <DockerfileContext>..\..</DockerfileContext>
-    <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
-    <GenerateDocumentationFile>True</GenerateDocumentationFile>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <Optimize>False</Optimize>
-    <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
-  </PropertyGroup>
+    <PropertyGroup>
+        <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+        <Nullable>enable</Nullable>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <InvariantGlobalization>true</InvariantGlobalization>
+        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+        <DockerfileContext>..\..</DockerfileContext>
+        <UserSecretsId>8793068b-aa98-48a5-807b-962b5b3e1aea</UserSecretsId>
+        <GenerateDocumentationFile>True</GenerateDocumentationFile>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+        <Optimize>False</Optimize>
+        <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+        <DefineConstants>$(DefineConstants);ASPIRE</DefineConstants>
+    </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
-    <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
-    <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
-    <ProjectReference Include="..\..\Certify.Aspire\Certify.Aspire.ServiceDefaults\Certify.Aspire.ServiceDefaults.csproj" />
-  </ItemGroup>
+    <ItemGroup>
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
+        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
+    </ItemGroup>
+    <ItemGroup>
+        <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
+        <ProjectReference Include="..\..\..\..\certify\src\Certify.Client\Certify.Client.csproj" />
+        <ProjectReference Include="..\..\..\..\certify\src\Certify.Shared\Certify.Shared.Core.csproj" />
+        <ProjectReference Include="..\..\Certify.Aspire\Certify.Aspire.ServiceDefaults\Certify.Aspire.ServiceDefaults.csproj" />
+    </ItemGroup>
 
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
new file mode 100644
index 000000000..c4940feb4
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
@@ -0,0 +1,94 @@
+
+using System.Collections.Frozen;
+using Certify.API.Management;
+using Certify.Client;
+using Certify.Models.API;
+using Certify.Server.Api.Public.SignalR.ManagementHub;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Certify.Server.Api.Public.Controllers
+{
+    /// <summary>
+    /// Provides managed certificate related operations
+    /// </summary>
+    [ApiController]
+    [Route("api/v1/[controller]")]
+    public partial class HubController : ApiControllerBase
+    {
+
+        private readonly ILogger<CertificateController> _logger;
+
+        private readonly ICertifyInternalApiClient _client;
+
+        private IInstanceManagementStateProvider _mgmtStateProvider;
+
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="client"></param>
+        public HubController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, IInstanceManagementStateProvider mgmtStateProvider)
+        {
+            _logger = logger;
+            _client = client;
+            _mgmtStateProvider = mgmtStateProvider;
+        }
+
+        /// <summary>
+        /// Get all managed certificates matching criteria
+        /// </summary>
+        /// <param name="keyword"></param>
+        /// <param name="page"></param>
+        /// <param name="pageSize"></param>
+        /// <returns></returns>
+        [HttpGet]
+        [Route("items")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(ManagedCertificateSummaryResult))]
+        public async Task<IActionResult> GetHubManagedItems(string? keyword, int? page = null, int? pageSize = null)
+        {
+
+            var result = new ManagedCertificateSummaryResult();
+
+            var managedItems = _mgmtStateProvider.GetManagedInstanceItems();
+            var instances = _mgmtStateProvider.GetConnectedInstances();
+
+            result.TotalResults = managedItems.Values.SelectMany(s => s.Items).Count();
+
+            var list = new List<ManagedCertificateSummary>();
+            foreach (var remote in managedItems.Values)
+            {
+                list.AddRange(remote.Items.Select(i => new ManagedCertificateSummary
+                {
+                    InstanceId = remote.InstanceId,
+                    InstanceTitle = instances.FirstOrDefault(i=>i.InstanceId==remote.InstanceId)?.Title,
+                    Id = i.Id ?? "",
+                    Title = $"[remote] {i.Name}" ?? "",
+                    PrimaryIdentifier = i.GetCertificateIdentifiers().FirstOrDefault(p => p.Value == i.RequestConfig.PrimaryDomain) ?? i.GetCertificateIdentifiers().FirstOrDefault(),
+                    Identifiers = i.GetCertificateIdentifiers(),
+                    DateRenewed = i.DateRenewed,
+                    DateExpiry = i.DateExpiry,
+                    Comments = i.Comments ?? "",
+                    Status = i.LastRenewalStatus?.ToString() ?? "",
+                    HasCertificate = !string.IsNullOrEmpty(i.CertificatePath)
+                }));
+            }
+
+            result.Results = list.OrderBy(l => l.Title);
+
+            return new OkObjectResult(result);
+        }
+
+        [HttpGet]
+        [Route("instances")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<ManagedInstanceInfo>))]
+        public async Task<IActionResult> GetHubManagedInstances()
+        {
+            var managedInstances = _mgmtStateProvider.GetConnectedInstances();
+            return new OkObjectResult(managedInstances);
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 2e6bc7a58..61fe94f01 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -1,9 +1,12 @@
 using Certify.Client;
 using Certify.Models.API;
 using Certify.Models.Reporting;
+using Certify.Server.Api.Public.Services;
+using Certify.Server.Api.Public.SignalR.ManagementHub;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.SignalR;
 
 namespace Certify.Server.Api.Public.Controllers
 {
@@ -19,15 +22,21 @@ public partial class CertificateController : ApiControllerBase
 
         private readonly ICertifyInternalApiClient _client;
 
+        private IInstanceManagementStateProvider _mgmtStateProvider;
+
+        private IHubContext<InstanceManagementHub, IInstanceManagementHub> _mgmtHubContext;
+
         /// <summary>
         /// Constructor
         /// </summary>
         /// <param name="logger"></param>
         /// <param name="client"></param>
-        public CertificateController(ILogger<CertificateController> logger, ICertifyInternalApiClient client)
+        public CertificateController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, IInstanceManagementStateProvider mgmtStateProvider, IHubContext<InstanceManagementHub, IInstanceManagementHub> mgmtHubContext)
         {
             _logger = logger;
             _client = client;
+            _mgmtStateProvider = mgmtStateProvider;
+            _mgmtHubContext = mgmtHubContext;
         }
 
         /// <summary>
@@ -119,6 +128,7 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
 
             var list = managedCertResult.Results.Select(i => new ManagedCertificateSummary
             {
+                InstanceId = i.InstanceId,
                 Id = i.Id ?? "",
                 Title = i.Name ?? "",
                 PrimaryIdentifier = i.GetCertificateIdentifiers().FirstOrDefault(p => p.Value == i.RequestConfig.PrimaryDomain) ?? i.GetCertificateIdentifiers().FirstOrDefault(),
@@ -165,16 +175,19 @@ public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
         /// <summary>
         /// Gets the full settings for a specific managed certificate
         /// </summary>
-        /// <param name="managedCertId"></param>
+        /// <param name="instanceId">target instance</param>
+        /// <param name="managedCertId">managed item</param>
         /// <returns></returns>
         [HttpGet]
-        [Route("settings/{managedCertId}")]
+        [Route("settings/{instanceId}/{managedCertId}")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        public async Task<IActionResult> GetManagedCertificateDetails(string managedCertId)
+        public async Task<IActionResult> GetManagedCertificateDetails(string instanceId, string managedCertId)
         {
 
-            var managedCert = await _client.GetManagedCertificate(managedCertId, CurrentAuthContext);
+            var mgmtClient = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
+
+            var managedCert = await mgmtClient.GetManagedCertificate(instanceId, managedCertId, CurrentAuthContext);
 
             return new OkObjectResult(managedCert);
         }
@@ -185,13 +198,15 @@ public async Task<IActionResult> GetManagedCertificateDetails(string managedCert
         /// <param name="managedCertificate"></param>
         /// <returns></returns>
         [HttpPost]
-        [Route("settings/update")]
+        [Route("settings/{instanceId}/update")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        public async Task<IActionResult> UpdateManagedCertificateDetails(Models.ManagedCertificate managedCertificate)
+        public async Task<IActionResult> UpdateManagedCertificateDetails(string instanceId, Models.ManagedCertificate managedCertificate)
         {
+            var mgmtClient = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
+
+            var result = await mgmtClient.UpdateManagedCertificate(instanceId, managedCertificate, CurrentAuthContext);
 
-            var result = await _client.UpdateManagedCertificate(managedCertificate, CurrentAuthContext);
             if (result != null)
             {
                 return new OkObjectResult(result);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Program.cs b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
index 0780c2333..783a1dcf1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Program.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Program.cs
@@ -31,6 +31,6 @@
 
 startup.Configure(app, builder.Environment);
 
-app.Lifetime.ApplicationStarted.Register(async () => await startup.SetupStatusHubConnection(app));
+app.Lifetime.ApplicationStarted.Register(async () => await startup.SetupStatusHubConnections(app));
 
 app.Run();
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index 3e4e64087..97edc6655 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -16,7 +16,7 @@
         "CERTIFY_SERVICE_HOST": "127.0.0.2",
         "CERTIFY_SERVICE_PORT": "9695"
       },
-      "applicationUrl": "https://localhost:44361;http://localhost:44360"
+      "applicationUrl": "https://0.0.0.0:44361;http://0.0.0.0:44360"
     },
     "WSL": {
       "commandName": "WSL2",
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
new file mode 100644
index 000000000..6855d16b3
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
@@ -0,0 +1,96 @@
+using System.Text.Json;
+using Certify.API.Management;
+using Certify.Client;
+using Certify.Models;
+using Certify.Server.Api.Public.SignalR.ManagementHub;
+using Microsoft.AspNetCore.SignalR;
+
+namespace Certify.Server.Api.Public.Services
+{
+    public class ManagementAPI
+    {
+        IInstanceManagementStateProvider _mgmtStateProvider;
+        IHubContext<InstanceManagementHub, IInstanceManagementHub> _mgmtHubContext;
+        ICertifyInternalApiClient _backendAPIClient;
+
+        public ManagementAPI(IInstanceManagementStateProvider mgmtStateProvider, IHubContext<InstanceManagementHub, IInstanceManagementHub> mgmtHubContext, ICertifyInternalApiClient backendAPIClient)
+        {
+            _mgmtStateProvider = mgmtStateProvider;
+            _mgmtHubContext = mgmtHubContext;
+            _backendAPIClient = backendAPIClient;
+        }
+
+        /// <summary>
+        /// Fetch managed cert details from the target instance
+        /// </summary>
+        /// <param name="instanceId"></param>
+        /// <param name="managedCertId"></param>
+        /// <param name="authContext"></param>
+        /// <returns></returns>
+        public async Task<ManagedCertificate?> GetManagedCertificate(string instanceId, string managedCertId, AuthContext authContext)
+        {
+            // get managed cert via local api or via management hub
+
+            var args = new KeyValuePair
+                <string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCertId", managedCertId)
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetInstanceManagedItem, args);
+            var result = await GetCommandResult(instanceId, cmd);
+
+            if (result?.Value != null)
+            {
+                return JsonSerializer.Deserialize<ManagedCertificate>(result.Value);
+
+            }
+            else
+            {
+                return null;
+            }
+        }
+
+        public async Task<ManagedCertificate?> UpdateManagedCertificate(string instanceId, ManagedCertificate managedCert, AuthContext authContext)
+        {
+            // get managed cert via local api or via management hub
+
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCert", JsonSerializer.Serialize(managedCert))
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.UpdateInstanceManagedItem, args);
+
+            var result = await GetCommandResult(instanceId, cmd);
+
+            if (result?.Value != null)
+            {
+                var update =  JsonSerializer.Deserialize<ManagedCertificate>(result.Value);
+                
+                _mgmtStateProvider.UpdateCachedManagedInstanceItem(instanceId, update);
+                return update;
+            }
+            else
+            {
+                return null;
+            }
+        }
+
+        private async Task<InstanceCommandResult?> GetCommandResult(string instanceId, InstanceCommandRequest cmd)
+        {
+            var connectionId = _mgmtStateProvider.GetConnectionIdForInstance(instanceId);
+
+            if (connectionId == null)
+            {
+                throw new Exception("Instance connection info not known, cannot send commands to instance.");
+            }
+
+            _mgmtStateProvider.AddAwaitedCommandRequest(cmd);
+
+            await _mgmtHubContext.Clients.Client(connectionId).SendCommandRequest(cmd);
+
+            return await _mgmtStateProvider.ConsumeAwaitedCommandResult(cmd.CommandId);
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementWorker.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementWorker.cs
new file mode 100644
index 000000000..d40563126
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementWorker.cs
@@ -0,0 +1,81 @@
+using Certify.API.Management;
+using Certify.Server.Api.Public.SignalR.ManagementHub;
+using Microsoft.AspNetCore.SignalR;
+
+namespace Certify.Server.Api.Public.Services
+{
+    public class ManagementWorker : IHostedService, IDisposable
+    {
+        private readonly ILogger<ManagementWorker> _logger;
+        private Timer? _timer = null;
+        IHubContext<InstanceManagementHub> _hubContext;
+        IInstanceManagementStateProvider _stateProvider;
+        private int _updateFrequency = 10;
+        private string _serviceName = "[Management Worker]";
+
+        public ManagementWorker(ILogger<ManagementWorker> logger, IHubContext<InstanceManagementHub> hubContext, IInstanceManagementStateProvider stateProvider)
+        {
+            _logger = logger;
+            _hubContext = hubContext;
+            _stateProvider = stateProvider;
+        }
+
+        public Task StartAsync(CancellationToken stoppingToken)
+        {
+            _logger.LogInformation("{svc} running.", _serviceName);
+            _timer = new Timer(DoWork, null, TimeSpan.Zero, TimeSpan.FromSeconds(_updateFrequency));
+
+            return Task.CompletedTask;
+        }
+
+        private void DispatchCommand(string instanceId, InstanceCommandRequest cmd)
+        {
+            var connectionId = _stateProvider.GetConnectionIdForInstance(instanceId);
+            if (connectionId == null)
+            {
+                _logger.LogWarning("{svc} Could not dispatch command to instance {instanceId}. Connection ID not yet known", _serviceName, instanceId);
+            }
+            else
+            {
+                _stateProvider.AddAwaitedCommandRequest(cmd);
+                _hubContext.Clients.Client(connectionId).SendAsync(ManagementHubMessages.SendCommandRequest, cmd);
+            }
+        }
+
+        private void DoWork(object? state)
+        {
+            var instances = _stateProvider.GetConnectedInstances();
+            _logger.LogInformation("{svc} connected instances: {count}", _serviceName, instances.Count());
+
+            /*foreach (var instance in instances)
+            {
+                _logger.LogInformation("{svc} requesting info from instance: id:{id} title:{title}", _serviceName, instance.InstanceId, instance.Title);
+
+                // refresh instance status
+                var cmd = new InstanceCommandRequest { CommandId = Guid.NewGuid(), CommandType = ManagementHubCommands.GetInstanceItems, Value = null };
+
+                DispatchCommand(instance.InstanceId, cmd);
+            }
+
+            // 
+            var items = _stateProvider.GetManagedInstanceItems();
+            _logger.LogInformation("{svc} total items managed across instances: {count}", _serviceName, items.SelectMany(s=>s.Value.Items).Count());
+            */
+
+        }
+
+        public Task StopAsync(CancellationToken stoppingToken)
+        {
+            _logger.LogInformation("{svc} is stopping.", _serviceName);
+
+            _timer?.Change(Timeout.Infinite, 0);
+
+            return Task.CompletedTask;
+        }
+
+        public void Dispose()
+        {
+            _timer?.Dispose();
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
new file mode 100644
index 000000000..44f062ba6
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
@@ -0,0 +1,207 @@
+using System;
+using System.Collections.Concurrent;
+using System.Diagnostics;
+using Certify.API.Management;
+using Certify.Models;
+using Microsoft.AspNetCore.SignalR;
+
+namespace Certify.Server.Api.Public.SignalR.ManagementHub
+{
+    /// <summary>
+    /// Interface for instance management hub events
+    /// </summary>
+    public interface IInstanceManagementHub
+    {
+        /// <summary>
+        /// Send command to an instance or the current caller if instance not provided
+        /// </summary>
+        /// <param name="request"></param>
+        /// <returns></returns>
+        Task SendCommandRequest(InstanceCommandRequest cmd);
+
+        /// <summary>
+        /// Receive command result from an instance
+        /// </summary>
+        /// <param name="result"></param>
+        /// <returns></returns>
+        Task ReceiveCommandResult(InstanceCommandResult result);
+
+        /// <summary>
+        /// Receive adhoc message from an instance
+        /// </summary>
+        /// <param name="message"></param>
+        /// <returns></returns>
+        Task ReceiveInstanceMessage(InstanceMessage message);
+    }
+
+    /// <summary>
+    /// Individual backend/agent instances connect as clients to this hub to send back managed item updates, progress reports, config settings. 
+    /// Instances receive commands (managed item updates etc, config updates)
+    /// </summary>
+    public class InstanceManagementHub : Hub<IInstanceManagementHub>, IInstanceManagementHub
+    {
+        private IInstanceManagementStateProvider _stateProvider;
+        private ILogger<InstanceManagementHub> _logger;
+
+        /// <summary>
+        /// Set up instance management hub
+        /// </summary>
+        /// <param name="stateProvider"></param>
+        /// <param name="logger"></param>
+        public InstanceManagementHub(IInstanceManagementStateProvider stateProvider, ILogger<InstanceManagementHub> logger)
+        {
+            _stateProvider = stateProvider;
+            _logger = logger;
+        }
+
+        /// <summary>
+        /// Handle connection event
+        /// </summary>
+        /// <returns></returns>
+        public override Task OnConnectedAsync()
+        {
+            _logger?.LogInformation("InstanceManagementHub: Instance connected to instance management hub..");
+
+            // begin tracking connection 
+            _stateProvider.UpdateInstanceConnectionInfo(Context.ConnectionId, new ManagedInstanceInfo { InstanceId = string.Empty, LastReported = DateTimeOffset.Now });
+
+            // issue command for instance to identify itself
+            var request = new InstanceCommandRequest
+            {
+                CommandId = Guid.NewGuid(),
+                CommandType = ManagementHubCommands.GetInstanceInfo
+            };
+
+            IssueCommand(request);
+
+            return base.OnConnectedAsync();
+        }
+
+        private void IssueCommand(InstanceCommandRequest cmd)
+        {
+            _stateProvider.AddAwaitedCommandRequest(cmd);
+
+            Clients.Caller.SendCommandRequest(cmd);
+        }
+
+        /// <summary>
+        /// Handle disconnection event
+        /// </summary>
+        /// <param name="exception"></param>
+        /// <returns></returns>
+        public override Task OnDisconnectedAsync(Exception? exception)
+        {
+            var instanceId = _stateProvider.GetInstanceIdForConnection(Context.ConnectionId);
+            if (exception != null)
+            {
+                _logger?.LogError("InstanceManagementHub: Instance {instanceId} disconnected unexpectedly from instance management hub. {exp}", instanceId, exception);
+            }
+            else
+            {
+                _logger?.LogInformation("InstanceManagementHub: Instance {instanceId} disconnected from instance management hub, with no error.", instanceId);
+            }
+
+            return base.OnDisconnectedAsync(exception);
+        }
+
+        /// <summary>
+        /// Receive results from a previously issued command
+        /// </summary>
+        /// <param name="result"></param>
+        /// <returns></returns>
+        public Task ReceiveCommandResult(InstanceCommandResult result)
+        {
+
+            result.Received = DateTimeOffset.Now;
+
+            // check we are awaiting this result
+            var cmd = _stateProvider.GetAwaitedCommandRequest(result.CommandId);
+
+            if (cmd != null)
+            {
+                _stateProvider.RemoveAwaitedCommandRequest(cmd.CommandId);
+
+                if (cmd.CommandType == ManagementHubCommands.GetInstanceInfo)
+                {
+                    var instanceInfo = System.Text.Json.JsonSerializer.Deserialize<ManagedInstanceInfo>(result.Value);
+
+                    if (instanceInfo != null)
+                    {
+
+                        instanceInfo.LastReported = DateTimeOffset.Now;
+                        _stateProvider.UpdateInstanceConnectionInfo(Context.ConnectionId, instanceInfo);
+
+                        _logger?.LogInformation("Received instance {instanceId} {instanceTitle} for mgmt hub connection.", instanceInfo.InstanceId, instanceInfo.Title);
+
+                        // if we don't yet have any managed items for this instance, ask for them
+                        if (!_stateProvider.HasItemsForManagedInstance(instanceInfo.InstanceId))
+                        {
+                            var request = new InstanceCommandRequest
+                            {
+                                CommandId = Guid.NewGuid(),
+                                CommandType = ManagementHubCommands.GetInstanceManagedItems
+                            };
+
+                            IssueCommand(request);
+                        }
+                    }
+                }
+                else
+                {
+                    // for all other command results we need to resolve which instance id we are communicating with
+                    var instanceId = _stateProvider.GetInstanceIdForConnection(Context.ConnectionId);
+                    result.InstanceId= instanceId;
+
+                    if (!string.IsNullOrWhiteSpace(instanceId))
+                    {
+                        // action this message from this instance
+                        _logger?.LogInformation("Received instance command result {result}", result);
+
+                        if (cmd.CommandType == ManagementHubCommands.GetInstanceManagedItems)
+                        {
+                            // got items from an instance
+                            var itemInfo = System.Text.Json.JsonSerializer.Deserialize<ManagedInstanceItems>(result.Value);
+
+                            _stateProvider.UpdateInstanceItemInfo(instanceId, itemInfo.Items);
+                        }
+                        else
+                        {
+                            // store for something else to consume
+                            _stateProvider.AddAwaitedCommandResult(result);
+                        }
+                    }
+                    else
+                    {
+                        _logger?.LogError("Received instance command result for an unknown instance {result}", result);
+                    }
+                }
+            }
+
+            return Task.CompletedTask;
+        }
+
+        public Task ReceiveInstanceMessage(InstanceMessage message)
+        {
+
+            var instanceId = _stateProvider.GetInstanceIdForConnection(Context.ConnectionId);
+            if (instanceId != null)
+            {
+                // action this message from this instance
+                _logger?.LogInformation("Received instance message {msg}", message);
+            }
+            else
+            {
+                _logger?.LogError("Received instance command result for an unknown instance {msg}", message);
+            }
+
+            return Task.CompletedTask;
+        }
+
+        public Task SendCommandRequest(InstanceCommandRequest cmd)
+        {
+            IssueCommand(cmd);
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
new file mode 100644
index 000000000..fe4e6e8f3
--- /dev/null
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
@@ -0,0 +1,185 @@
+using System.Collections.Concurrent;
+using Certify.API.Management;
+using Certify.Models;
+using Microsoft.IdentityModel.Logging;
+
+namespace Certify.Server.Api.Public.SignalR.ManagementHub
+{
+    public interface IInstanceManagementStateProvider
+    {
+        public void UpdateInstanceConnectionInfo(string connectionId, ManagedInstanceInfo instanceInfo);
+        public string GetConnectionIdForInstance(string instanceId);
+        public string GetInstanceIdForConnection(string connectionId);
+        public List<ManagedInstanceInfo> GetConnectedInstances();
+        public void AddAwaitedCommandRequest(InstanceCommandRequest command);
+        public void RemoveAwaitedCommandRequest(Guid commandId);
+        public InstanceCommandRequest? GetAwaitedCommandRequest(Guid commandId);
+        public void AddAwaitedCommandResult(InstanceCommandResult result);
+        public Task<InstanceCommandResult?> ConsumeAwaitedCommandResult(Guid commandId);
+        public void UpdateInstanceItemInfo(string instanceId, List<ManagedCertificate> items);
+        public ConcurrentDictionary<string, ManagedInstanceItems> GetManagedInstanceItems(string instanceId = null);
+        public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate);
+        public bool HasItemsForManagedInstance(string instanceId);
+    }
+
+    /// <summary>
+    /// Track state across pool of instance connections to management hub
+    /// </summary>
+    public class InstanceManagementStateProvider : IInstanceManagementStateProvider
+    {
+        private ConcurrentDictionary<string, ManagedInstanceInfo> _instanceConnections = [];
+        private ConcurrentDictionary<Guid, InstanceCommandRequest> _awaitedCommandRequests = [];
+        private ConcurrentDictionary<Guid, InstanceCommandResult> _awaitedCommandResults = [];
+
+        private ConcurrentDictionary<string, ManagedInstanceItems> _managedInstanceItems = [];
+        private ILogger<InstanceManagementStateProvider> _logger;
+        public InstanceManagementStateProvider(ILogger<InstanceManagementStateProvider> logger)
+        {
+            _logger = logger;
+        }
+
+        public List<ManagedInstanceInfo> GetConnectedInstances()
+        {
+            return _instanceConnections.Values.ToList();
+        }
+        /// <summary>
+        /// Track the instance info associated with a hub connection
+        /// </summary>
+        /// <param name="connectionId"></param>
+        /// <param name="instanceInfo"></param>
+        public void UpdateInstanceConnectionInfo(string connectionId, ManagedInstanceInfo instanceInfo)
+        {
+            var existingOther = _instanceConnections.FirstOrDefault(a => a.Value.InstanceId == instanceInfo.InstanceId && a.Key != connectionId);
+
+            if (existingOther.Value != null)
+            {
+                _logger.LogWarning("[InstanceManagementStateProvider] Connection ID for instance {instance} changed to {connection}", instanceInfo.Title, connectionId);
+                _instanceConnections.Remove(existingOther.Key, out _);
+            }
+
+            _instanceConnections.AddOrUpdate(connectionId, instanceInfo, (i, oldValue) => { return instanceInfo; });
+        }
+
+        /// <summary>
+        /// Get the current connection ID we haev associated with the given instance id
+        /// </summary>
+        /// <param name="instanceId"></param>
+        /// <returns></returns>
+        public string GetConnectionIdForInstance(string instanceId)
+        {
+            // TODO: of instances use the same instanceid accidentally they will clobber each other
+            var info = _instanceConnections.FirstOrDefault(k => k.Value.InstanceId == instanceId);
+
+            return info.Key;
+        }
+
+        public string? GetInstanceIdForConnection(string connectionId)
+        {
+            _instanceConnections.TryGetValue(connectionId, out var managedInstanceInfo);
+
+            if (managedInstanceInfo != null)
+            {
+                return managedInstanceInfo.InstanceId;
+            }
+            else
+            {
+                return null;
+            }
+        }
+
+        /// <summary>
+        /// Track command requests we are waiting on responses for.
+        /// </summary>
+        /// <param name="command"></param>
+        public void AddAwaitedCommandRequest(InstanceCommandRequest command)
+        {
+            _awaitedCommandRequests.AddOrUpdate(command.CommandId, command, (i, oldValue) => { return command; });
+        }
+
+        /// <summary>
+        /// Get command request we are waiting on a response for
+        /// </summary>
+        /// <param name="commandId"></param>
+        /// <returns></returns>
+        public InstanceCommandRequest? GetAwaitedCommandRequest(Guid commandId)
+        {
+            _awaitedCommandRequests.TryGetValue(commandId, out var cmd);
+            return cmd;
+        }
+
+        public void AddAwaitedCommandResult(InstanceCommandResult result)
+        {
+            _awaitedCommandResults.AddOrUpdate(result.CommandId, result, (i, oldValue) => result);
+        }
+
+        public async Task<InstanceCommandResult?> ConsumeAwaitedCommandResult(Guid commandId)
+        {
+            _logger.LogInformation("Waiting for command result {commandId}..", commandId);
+            var attempts = 50;
+
+            while (attempts > 0 && !_awaitedCommandResults.TryGetValue(commandId, out _))
+            {
+                attempts--;
+                await Task.Delay(100);
+                _logger.LogInformation("Still waiting for command result {commandId}..", commandId);
+            };
+
+            _awaitedCommandResults.Remove(commandId, out var cmd);
+
+            if (cmd == null)
+            {
+                _logger.LogError("Gave up waiting for command result {commandId}..", commandId);
+            }
+            else
+            {
+                _logger.LogInformation("Got command result {commandId}..", commandId);
+            }
+
+            return cmd;
+        }
+
+        /// <summary>
+        /// Remove a command request we have received a response for
+        /// </summary>
+        /// <param name="commandId"></param>
+        public void RemoveAwaitedCommandRequest(Guid commandId)
+        {
+            _awaitedCommandRequests.Remove(commandId, out _);
+        }
+
+        public void UpdateInstanceItemInfo(string instanceId, List<ManagedCertificate> items)
+        {
+            var info = new ManagedInstanceItems { InstanceId = instanceId, Items = items };
+            _managedInstanceItems.AddOrUpdate(instanceId, info, (k, old) => info);
+        }
+
+        public ConcurrentDictionary<string, ManagedInstanceItems> GetManagedInstanceItems(string instanceId = null)
+        {
+            return _managedInstanceItems;
+        }
+
+        public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate)
+        {
+            _managedInstanceItems.TryGetValue(instanceId, out var instance);
+            
+            if (instance!=null)
+            {
+                foreach (var item in instance.Items)
+                {
+                    if (item.Id == managedCertificate.Id)
+                    {
+                        instance.Items.Remove(item);
+                        managedCertificate.InstanceId = instanceId;
+                        instance.Items.Add(managedCertificate);
+                        return;
+                    }
+                }
+            }
+        }
+
+        public bool HasItemsForManagedInstance(string instanceId)
+        {
+            return _managedInstanceItems.ContainsKey(instanceId);
+        }
+    }
+}
diff --git a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/UserInterfaceStatusHub.cs
similarity index 78%
rename from src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
rename to src/Certify.Server/Certify.Server.Api.Public/SignalR/UserInterfaceStatusHub.cs
index 28a405764..fc2200381 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/StatusHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/UserInterfaceStatusHub.cs
@@ -3,20 +3,20 @@
 using Certify.Providers;
 using Microsoft.AspNetCore.SignalR;
 
-namespace Certify.Server.API
+namespace Certify.Server.Api.Public.SignalR
 {
     /// <summary>
-    /// Forwards status messages via SignalR
+    /// Forwards status messages via SignalR back to UI client(s)
     /// </summary>
-    public class StatusHubReporting : Providers.IStatusReporting
+    public class UserInterfaceStatusHubReporting : IStatusReporting
     {
-        private IHubContext<StatusHub> _hubContext;
+        private IHubContext<UserInterfaceStatusHub> _hubContext;
 
         /// <summary>
         /// constructor
         /// </summary>
         /// <param name="hubContext"></param>
-        public StatusHubReporting(IHubContext<StatusHub> hubContext)
+        public UserInterfaceStatusHubReporting(IHubContext<UserInterfaceStatusHub> hubContext)
         {
             _hubContext = hubContext;
         }
@@ -28,7 +28,7 @@ public StatusHubReporting(IHubContext<StatusHub> hubContext)
         /// <returns></returns>
         public async Task ReportRequestProgress(RequestProgressState state)
         {
-            System.Diagnostics.Debug.WriteLine($"Sending progress update message to UI: {state.Message}");
+            Debug.WriteLine($"Sending progress update message to UI: {state.Message}");
             await _hubContext.Clients.All.SendAsync(StatusHubMessages.SendProgressStateMsg, state);
 
         }
@@ -40,7 +40,7 @@ public async Task ReportRequestProgress(RequestProgressState state)
         /// <returns></returns>
         public async Task ReportManagedCertificateUpdated(ManagedCertificate item)
         {
-            System.Diagnostics.Debug.WriteLine($"Sending updated managed cert message to UI: {item.Name}");
+            Debug.WriteLine($"Sending updated managed cert message to UI: {item.Name}");
             await _hubContext.Clients.All.SendAsync(StatusHubMessages.SendManagedCertificateUpdateMsg, item);
         }
     }
@@ -48,7 +48,7 @@ public async Task ReportManagedCertificateUpdated(ManagedCertificate item)
     /// <summary>
     /// Status Hub interface
     /// </summary>
-    public interface IStatusHub
+    public interface IUserInterfaceStatusHub
     {
         /// <summary>
         /// Send progress result back to subscribed UIs
@@ -68,7 +68,7 @@ public interface IStatusHub
     /// <summary>
     /// Status hub
     /// </summary>
-    public class StatusHub : Hub<IStatusHub>
+    public class UserInterfaceStatusHub : Hub<IUserInterfaceStatusHub>
     {
         /// <summary>
         /// Handle connection event
@@ -81,7 +81,7 @@ public override Task OnConnectedAsync()
         }
 
         /// <summary>
-        /// Handle disonnection event
+        /// Handle disconnection event
         /// </summary>
         /// <param name="exception"></param>
         /// <returns></returns>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 0cc483914..6ccdab19e 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,6 +1,10 @@
 using System.Reflection;
+using System.Reflection.Metadata.Ecma335;
 using Certify.Client;
 using Certify.Server.Api.Public.Middleware;
+using Certify.Server.Api.Public.Services;
+using Certify.Server.Api.Public.SignalR;
+using Certify.Server.Api.Public.SignalR.ManagementHub;
 using Certify.SharedUtils;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.ResponseCompression;
@@ -60,7 +64,8 @@ public void ConfigureServices(IServiceCollection services)
             services.AddRouting(r => r.LowercaseUrls = true);
 
             services
-                .AddSignalR()
+                .AddSignalR(opt => opt.MaximumReceiveMessageSize = null)
+
                 .AddMessagePackProtocol();
 
             services.AddResponseCompression(opts =>
@@ -169,6 +174,9 @@ public void ConfigureServices(IServiceCollection services)
 
             services.AddSingleton(typeof(Certify.Client.ICertifyInternalApiClient), internalServiceClient);
 
+            services.AddSingleton<IInstanceManagementStateProvider, InstanceManagementStateProvider>();
+
+            services.AddHostedService<ManagementWorker>();
             return results;
         }
 
@@ -178,7 +186,7 @@ public void ConfigureServices(IServiceCollection services)
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
 
-            var statusHubContext = app.ApplicationServices.GetRequiredService<IHubContext<StatusHub>>();
+            var statusHubContext = app.ApplicationServices.GetRequiredService<IHubContext<UserInterfaceStatusHub>>();
 
             if (statusHubContext == null)
             {
@@ -186,7 +194,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             }
 
             // setup signalr message forwarding, message received from internal service will be resent to our connected clients via our own SignalR hub
-            _statusReporting = new StatusHubReporting(statusHubContext);
+            _statusReporting = new UserInterfaceStatusHubReporting(statusHubContext);
 
             if (env.IsDevelopment())
             {
@@ -199,6 +207,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseCors((p) =>
             {
                 p.AllowAnyOrigin()
+                // .AllowCredentials()
                 .AllowAnyMethod()
                 .AllowAnyHeader();
             });
@@ -209,7 +218,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapControllers();
-                endpoints.MapHub<StatusHub>("/api/internal/status");
+                endpoints.MapHub<UserInterfaceStatusHub>("/api/internal/status");
+                endpoints.MapHub<InstanceManagementHub>("/api/internal/managementhub");
             });
 
 #if DEBUG
@@ -232,8 +242,9 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         /// </summary>
         /// <param name="app"></param>
         /// <returns></returns>
-        public async Task SetupStatusHubConnection(WebApplication app)
+        public async Task SetupStatusHubConnections(WebApplication app)
         {
+
             var internalServiceClient = app.Services.GetRequiredService<ICertifyInternalApiClient>() as CertifyServiceClient;
 
             if (internalServiceClient == null)
@@ -273,7 +284,7 @@ public async Task SetupStatusHubConnection(WebApplication app)
             }
         }
 
-        private StatusHubReporting _statusReporting = default!;
+        private UserInterfaceStatusHubReporting _statusReporting = default!;
 
         private void InternalServiceClient_OnManagedCertificateUpdated(Models.ManagedCertificate obj)
         {
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index da27ad228..74f92be69 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.2" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.3" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' == 'netstandard2.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 3bf4696b2..57e3a92c5 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -13,7 +13,7 @@
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Serilog.Sinks.Debug" Version="3.0.0" />
-        <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
+        <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />

From c4f40bddda501fbd19a2085922c63a31afcd3e8b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 28 Jun 2024 16:50:53 +0800
Subject: [PATCH 196/237] Svc: skip access control init for same version

---
 .../CertifyManager.Maintenance.cs             | 20 +++++++++----------
 src/Certify.Service/APIHost.cs                |  2 ++
 src/Certify.Service/OwinService.cs            |  4 ++--
 .../Windows/MainWindow.xaml.cs                |  4 ++--
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index 4747b69f3..df01cbdef 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
@@ -60,17 +60,17 @@ private async Task UpgradeSettings()
 
                 CoreAppSettings.Current.CurrentServiceVersion = systemVersion;
                 SettingsManager.SaveAppSettings();
-            }
 
-            var accessControl = await GetCurrentAccessControl();
+                var accessControl = await GetCurrentAccessControl();
 
-            if (await accessControl.IsInitialized() == false)
-            {
-                await BootstrapTestAdminUserAndRoles(accessControl);
-            }
-            else
-            {
-                await UpdateStandardRoles(accessControl);
+                if (await accessControl.IsInitialized() == false)
+                {
+                    await BootstrapTestAdminUserAndRoles(accessControl);
+                }
+                else
+                {
+                    await UpdateStandardRoles(accessControl);
+                }
             }
         }
 
diff --git a/src/Certify.Service/APIHost.cs b/src/Certify.Service/APIHost.cs
index 8cca98136..137af24f5 100644
--- a/src/Certify.Service/APIHost.cs
+++ b/src/Certify.Service/APIHost.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Diagnostics;
 using System.Net;
 using System.Net.Http;
@@ -81,6 +82,7 @@ public void Configuration(IAppBuilder appBuilder)
             // inject single CertifyManager for service to use
             _container.Register<Management.ICertifyManager, Management.CertifyManager>(new PerContainerLifetime());
 
+            
             var currentCertifyManager = _container.GetInstance<Management.ICertifyManager>();
 
             var sw = Stopwatch.StartNew();
diff --git a/src/Certify.Service/OwinService.cs b/src/Certify.Service/OwinService.cs
index ba48bee83..19bd486bf 100644
--- a/src/Certify.Service/OwinService.cs
+++ b/src/Certify.Service/OwinService.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Diagnostics;
 using System.ServiceProcess;
 using Certify.Management;
@@ -74,7 +74,7 @@ public void Start(int? portOverride = null)
             try
             {
                 _webApp = WebApp.Start<APIHost>(serviceUri);
-
+               
                 Program.LogEvent(null, $"Service API bound OK to {serviceUri}", false);
             }
             catch (Exception exp)
diff --git a/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs b/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
index 4cdc52e0f..aaebec9f5 100644
--- a/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
+++ b/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Diagnostics;
@@ -268,7 +268,7 @@ private async Task PerformAppStartupChecks()
             }
 
             sw.Stop();
-
+            
             _appViewModel.Log.Information("Service connection init process took {total}ms.", sw.ElapsedMilliseconds);
 
             if (_appViewModel.IsServiceAvailable)

From 3b83614a80e0e1b8d234696105fa27d02b553667 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 28 Jun 2024 16:51:03 +0800
Subject: [PATCH 197/237] Cleanup

---
 src/Certify.SourceGenerators/Certify.SourceGenerators.csproj | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index 98f9c2a4a..ae7640c78 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -2,6 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netstandard2.0</TargetFramework>
+        <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" PrivateAssets="all" />

From 4300c0f44519aa1ba3a67d340201cd1efde72e45 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 1 Jul 2024 17:03:37 +0800
Subject: [PATCH 198/237] Package update

---
 src/Certify.Client/Certify.Client.csproj                      | 2 +-
 src/Certify.Core/Certify.Core.csproj                          | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 .../Certify.Server.Api.Public.csproj                          | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj            | 4 ++--
 .../Certify.Core.Tests.Integration.csproj                     | 2 +-
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj    | 2 +-
 .../Certify.Service.Tests.Integration.csproj                  | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 237fe3764..fa0209045 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -20,7 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Polly" Version="8.4.0" />
+    <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
   
diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index dc3c1321e..0acea6a9a 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -51,7 +51,7 @@
     <NoWarn>1701;1702;CA1068</NoWarn>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Polly" Version="8.4.0" />
+    <PackageReference Include="Polly" Version="8.4.1" />
   </ItemGroup>
   
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 4bd89977e..c847147aa 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.75" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.78" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 6c31c62b8..658e6a5d3 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -19,7 +19,7 @@
 
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
-        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
+        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 80432117f..135319ca9 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -9,10 +9,10 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
-        <PackageReference Include="Polly" Version="8.4.0" />
+        <PackageReference Include="Polly" Version="8.4.1" />
         <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
-        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
+        <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.6" />
         <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 904c08af1..457500b55 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -79,7 +79,7 @@
     <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
     <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Polly" Version="8.4.0" />
+    <PackageReference Include="Polly" Version="8.4.1" />
 
     <PackageReference Include="System.AppContext" Version="4.3.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index bae49fdec..3e2702176 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -109,7 +109,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
     <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
-    <PackageReference Include="Polly" Version="8.4.0" />
+    <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index dad0e97eb..ccce25df7 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -64,7 +64,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
     <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
     <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
-    <PackageReference Include="Polly" Version="8.4.0" />
+    <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>

From 1977ec8479f4881c786ff0731c57a98152bc409b Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 1 Jul 2024 17:05:25 +0800
Subject: [PATCH 199/237] Management Hub: send regular heartbeat msg to hub

---
 src/Certify.Client/ManagementServerClient.cs  | 36 ++++++++++++++-----
 .../CertifyManager.ManagementHub.cs           |  5 ++-
 .../CertifyManager/CertifyManager.cs          | 12 +++----
 .../API/Management/ManagementHubMessages.cs   |  6 ++++
 .../ManagementHub/InstanceManagementHub.cs    |  8 ++++-
 5 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/src/Certify.Client/ManagementServerClient.cs b/src/Certify.Client/ManagementServerClient.cs
index bafea046f..a377e3651 100644
--- a/src/Certify.Client/ManagementServerClient.cs
+++ b/src/Certify.Client/ManagementServerClient.cs
@@ -86,22 +86,40 @@ public async Task ConnectAsync()
 
         }
 
-        private void PerformRequestedCommand(InstanceCommandRequest s)
+        private void PerformRequestedCommand(InstanceCommandRequest cmd)
         {
-            System.Diagnostics.Debug.WriteLine($"Got command from management server {s}");
+            System.Diagnostics.Debug.WriteLine($"Got command from management server {cmd}");
 
-            if (s.CommandType == ManagementHubCommands.GetInstanceInfo)
+            if (cmd.CommandType == ManagementHubCommands.GetInstanceInfo)
             {
-                // send this clients instance ID back to the hub to identify it in the connection: should send a shared secret before this to confirm this client knows and is not impersonating another instance
-                var result = new InstanceCommandResult { CommandId = s.CommandId, Value = System.Text.Json.JsonSerializer.Serialize(_instanceInfo) };
-                result.ObjectValue = _instanceInfo;
-                _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, result);
+                SendInstanceInfo(cmd.CommandId);
             }
-            else { 
-                var task = OnGetCommandResult?.Invoke(s);
+            else
+            {
+                var task = OnGetCommandResult?.Invoke(cmd);
 
                 _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, task.Result).Wait();
             }
         }
+
+        /// <summary>
+        /// Send instance info back to the management hub
+        /// </summary>
+        /// <param name="commandId">Unique ID for this command, New Guid if command is not a response</param>
+        /// <param name="isCommandResponse">If false, message is not being sent in response to an existing query </param>
+        public void SendInstanceInfo(Guid commandId, bool isCommandResponse = true)
+        {
+            // send this clients instance ID back to the hub to identify it in the connection: should send a shared secret before this to confirm this client knows and is not impersonating another instance
+            var result = new InstanceCommandResult
+            {
+                CommandId = commandId,
+                CommandType = ManagementHubCommands.GetInstanceInfo,
+                Value = System.Text.Json.JsonSerializer.Serialize(_instanceInfo),
+                IsCommandResponse = isCommandResponse
+            };
+
+            result.ObjectValue = _instanceInfo;
+            _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, result);
+        }
     }
 }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index d9d9688c6..368830e07 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -14,7 +14,10 @@ public partial class CertifyManager
     {
         private ManagementServerClient _managementServerClient;
         private string _managementServerConnectionId = string.Empty;
-
+        private void SendHeartbeatToManagementHub()
+        {
+            _managementServerClient.SendInstanceInfo(Guid.NewGuid(), false);
+        }
         private async Task StartManagementHubConnection(string hubUri)
         {
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 535947f8c..85fec6d71 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -1,22 +1,16 @@
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
-using Certify.API.Management;
-using Certify.Client;
-using Certify.Core.Management;
 using Certify.Core.Management.Access;
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
 using Certify.Models;
-using Certify.Models.Config.Migration;
 using Certify.Models.Providers;
 using Certify.Providers;
-using Certify.Providers.ACME.Anvil;
 using Serilog;
 
 namespace Certify.Management
@@ -260,6 +254,12 @@ private async void _heartbeatTimer_Elapsed(object sender, System.Timers.ElapsedE
                     await StartManagementHubConnection(mgmtHubUri);
                 }
             }
+            else
+            {
+
+                // send heartbeat message to management hub
+                SendHeartbeatToManagementHub();
+            }
         }
 
         private async void _frequentTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
index e47a5cde0..11deaf5c1 100644
--- a/src/Certify.Models/API/Management/ManagementHubMessages.cs
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -63,6 +63,12 @@ public class InstanceCommandResult
         /// </summary>
         public Guid CommandId { get; set; }
 
+        public string CommandType { get; set; } = string.Empty;
+
+        /// <summary>
+        /// If false, message was sent without being requested by the management hub
+        /// </summary>
+        public bool IsCommandResponse { get; set; } = true;
         public string? InstanceId { get; set; }
         public DateTimeOffset? Received { get; set; }
         /// <summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
index 44f062ba6..18de496c7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
@@ -117,6 +117,12 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
             // check we are awaiting this result
             var cmd = _stateProvider.GetAwaitedCommandRequest(result.CommandId);
 
+            if (cmd == null && !result.IsCommandResponse)
+            {
+                // message was not requested and has been sent by the instance (e.g. heartbeat)
+                cmd = new InstanceCommandRequest { CommandId = result.CommandId, CommandType = result.CommandType };
+            }
+
             if (cmd != null)
             {
                 _stateProvider.RemoveAwaitedCommandRequest(cmd.CommandId);
@@ -150,7 +156,7 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
                 {
                     // for all other command results we need to resolve which instance id we are communicating with
                     var instanceId = _stateProvider.GetInstanceIdForConnection(Context.ConnectionId);
-                    result.InstanceId= instanceId;
+                    result.InstanceId = instanceId;
 
                     if (!string.IsNullOrWhiteSpace(instanceId))
                     {

From c90abd0faf49d267d145bf610e0c49e4e31b5cc3 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 2 Jul 2024 16:46:19 +0800
Subject: [PATCH 200/237] Extend and add test for demo data generator

---
 .../CertifyManager.ManagementHub.cs           |  82 +++---------
 src/Certify.Shared/Utils/DemoDataGenerator.cs | 119 ++++++++++++++++++
 .../Tests/MiscTests.cs                        |   7 ++
 3 files changed, 145 insertions(+), 63 deletions(-)
 create mode 100644 src/Certify.Shared/Utils/DemoDataGenerator.cs

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index 368830e07..d35cfc87d 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -7,6 +7,7 @@
 using Certify.Models;
 using Certify.Models.Shared.Validation;
 using System.Text.Json;
+using Certify.Shared.Core.Utils;
 
 namespace Certify.Management
 {
@@ -77,6 +78,21 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
                 var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
                 val = await UpdateManagedCertificate(managedCertObj);
             }
+            else if (arg.CommandType == ManagementHubCommands.DeleteInstanceManagedItem)
+            {
+                // delete a single managed item 
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+                await DeleteManagedCertificate(managedCertIdArg.Value);
+            }
+            else if (arg.CommandType == ManagementHubCommands.TestInstanceManagedItem)
+            {
+                // test challenge response config for a single managed item 
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
+                var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
+                await TestChallenge(null, managedCertObj, isPreviewMode: true);
+            }
 
             var result = new InstanceCommandResult { CommandId = arg.CommandId, Value = JsonSerializer.Serialize(val) };
 
@@ -92,71 +108,11 @@ private void _managementServerClient_OnConnectionReconnecting()
 
         private void GenerateDemoItems()
         {
-            var numItems = new Random().Next(10, 50);
-            for (var i = 0; i < numItems; i++)
+            var items = DemoDataGenerator.GenerateDemoItems();
+            foreach (var item in items)
             {
-
-                var item = new ManagedCertificate
-                {
-                    Id = Guid.NewGuid().ToString(),
-                    Name = GenerateName(),
-                    RequestConfig = new CertRequestConfig
-                    {
-                        Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig> { new CertRequestChallengeConfig { ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP } }
-                    }
-                };
-
-                item.DomainOptions.Add(new DomainOption { Domain = $"{item.Name}.dev.projectbids.co.uk", IsManualEntry = true, IsPrimaryDomain = true, IsSelected = true, Type = CertIdentifierType.Dns });
-                item.RequestConfig.PrimaryDomain = item.DomainOptions[0].Domain;
-                item.RequestConfig.SubjectAlternativeNames = new string[] { item.DomainOptions[0].Domain };
-
-                var validation = CertificateEditorService.Validate(item, null, null, applyAutoConfiguration: true);
-                if (validation.IsValid)
-                {
-                    UpdateManagedCertificate(item);
-                }
-                else
-                {
-                    // generated invalid test item
-                    System.Diagnostics.Debug.WriteLine(validation.Message);
-                }
+                _ = UpdateManagedCertificate(item);
             }
         }
-
-        private string GenerateName()
-        {
-            // generate test item names using verb,animal
-            var subjects = new string[] {
-                "Lion",
-                "Tiger",
-                "Leopard",
-                "Cheetah",
-                "Elephant",
-                "Giraffe",
-                "Rhinoceros",
-                "Gorilla"
-            };
-            var adjectives = new string[] {
-                "active",
-                "adaptable",
-                "alert",
-                "clever" ,
-                "comfortable" ,
-                "conscientious",
-                "considerate",
-                "courageous" ,
-                "decisive",
-                "determined" ,
-                "diligent" ,
-                "energetic",
-                "entertaining",
-                "enthusiastic" ,
-                "fabulous"
-            };
-
-            var rnd = new Random();
-
-            return $"{adjectives[rnd.Next(0, adjectives.Length - 1)]}-{subjects[rnd.Next(0, subjects.Length - 1)]}".ToLower();
-        }
     }
 }
diff --git a/src/Certify.Shared/Utils/DemoDataGenerator.cs b/src/Certify.Shared/Utils/DemoDataGenerator.cs
new file mode 100644
index 000000000..8d469e63e
--- /dev/null
+++ b/src/Certify.Shared/Utils/DemoDataGenerator.cs
@@ -0,0 +1,119 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using Certify.Models;
+using Certify.Models.Shared.Validation;
+using Org.BouncyCastle.Tls;
+
+namespace Certify.Shared.Core.Utils
+{
+    public class DemoDataGenerator
+    {
+        public static List<ManagedCertificate> GenerateDemoItems()
+        {
+            var items = new List<ManagedCertificate>();
+            var numItems = new Random().Next(10, 50);
+            for (var i = 0; i < numItems; i++)
+            {
+
+                var item = new ManagedCertificate
+                {
+                    Id = Guid.NewGuid().ToString(),
+                    Name = GenerateName(),
+                    RequestConfig = new CertRequestConfig
+                    {
+                        Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig> { new CertRequestChallengeConfig { ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP } }
+                    }
+                };
+
+                item.DomainOptions.Add(new DomainOption { Domain = $"{item.Name}.dev.projectbids.co.uk", IsManualEntry = true, IsPrimaryDomain = true, IsSelected = true, Type = CertIdentifierType.Dns });
+                item.RequestConfig.PrimaryDomain = item.DomainOptions[0].Domain;
+                item.RequestConfig.SubjectAlternativeNames = new string[] { item.DomainOptions[0].Domain };
+
+                var validation = CertificateEditorService.Validate(item, null, null, applyAutoConfiguration: true);
+                if (validation.IsValid)
+                {
+                    var demoState = new Random().Next(1, 3);
+                    if (demoState == 1)
+                    {
+                        // not yet requested
+                        item.Comments = "This is an example item note yet attempted.";
+                    }
+                    else if (demoState == 2)
+                    {
+                        // failed
+                        item.CertificateCurrentCA = "demo-ca.org";
+                        item.DateStart = DateTime.UtcNow;
+                        item.DateLastRenewalAttempt = item.DateStart;
+                        item.DateExpiry = DateTime.UtcNow.AddDays(5);
+                        item.CertificateFriendlyName = $"{item.GetCertificateIdentifiers().First().Value} [CertifyDemo] - {item.DateStart} to {item.DateExpiry}";
+                        item.Comments = "This is an example item showing failure.";
+                        item.LastAttemptedCA = item.CertificateCurrentCA;
+                        item.LastRenewalStatus = RequestState.Error;
+                        item.RenewalFailureCount = new Random().Next(1, 3);
+                        item.RenewalFailureMessage = "Item failed because it is a demo item that was designed to show what failure looks like.";
+
+                    }
+                    else if (demoState == 3)
+                    {
+                        //success
+                        item.CertificateCurrentCA = "demo-ca.org";
+                        item.DateStart = DateTime.UtcNow;
+                        item.DateExpiry = DateTime.UtcNow.AddDays(5);
+                        item.DateLastRenewalAttempt = item.DateStart;
+                        item.CertificateFriendlyName = $"{item.GetCertificateIdentifiers().First().Value} [CertifyDemo] - {item.DateStart} to {item.DateExpiry}";
+                        item.Comments = "This is an example item showing success";
+                        item.LastAttemptedCA = item.CertificateCurrentCA;
+                        item.LastRenewalStatus = RequestState.Success;
+                    }
+
+                    items.Add(item);
+                }
+                else
+                {
+                    // generated invalid test item
+                    System.Diagnostics.Debug.WriteLine(validation.Message);
+                }
+            }
+
+            return items;
+        }
+
+        public static string GenerateName()
+        {
+            // generate test item names using verb,animal
+            var subjects = new string[] {
+                "Lion",
+                "Tiger",
+                "Leopard",
+                "Cheetah",
+                "Elephant",
+                "Giraffe",
+                "Rhinoceros",
+                "Gorilla"
+            };
+            var adjectives = new string[] {
+                "active",
+                "adaptable",
+                "alert",
+                "clever" ,
+                "comfortable" ,
+                "conscientious",
+                "considerate",
+                "courageous" ,
+                "decisive",
+                "determined" ,
+                "diligent" ,
+                "energetic",
+                "entertaining",
+                "enthusiastic" ,
+                "fabulous"
+            };
+
+            var rnd = new Random();
+
+            return $"{adjectives[rnd.Next(0, adjectives.Length - 1)]}-{subjects[rnd.Next(0, subjects.Length - 1)]}".ToLower();
+        }
+    }
+}
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index a04147925..339141cb2 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -5,6 +5,7 @@
 using System.Threading.Tasks;
 using Certify.Management;
 using Certify.Models.API;
+using Certify.Shared.Core.Utils;
 using Certify.Shared.Core.Utils.PKI;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Org.BouncyCastle.Asn1.X509;
@@ -109,6 +110,12 @@ public void TestARICertIDEncodingWithTestCert()
             Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
         }
 #endif
+        [TestMethod, Description("Test Demo Managed Cert Generation")]
+        public void TestDemoDataGeneration()
+        {
+            var items= DemoDataGenerator.GenerateDemoItems();
 
+            Assert.IsTrue(items.Any());
+        }
     }
 }

From a58eac7a9fad778263a4c7a036c702390b4dc831 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 2 Jul 2024 16:49:38 +0800
Subject: [PATCH 201/237] Add delete API option as generated source

---
 .../API/Management/ManagementHubMessages.cs   |   3 +-
 .../Certify.API.Public.cs                     | 127 +++++++++---------
 .../Controllers/v1/CertificateController.cs   |  14 +-
 .../Services/ManagementAPI.cs                 |  35 ++++-
 .../InstanceManagementStateProvider.cs        |  18 +++
 src/Certify.SourceGenerators/ApiMethods.cs    |   9 +-
 .../PublicAPISourceGenerator.cs               |   5 +-
 7 files changed, 134 insertions(+), 77 deletions(-)

diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
index 11deaf5c1..538799194 100644
--- a/src/Certify.Models/API/Management/ManagementHubMessages.cs
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 
 namespace Certify.API.Management
@@ -16,6 +16,7 @@ public class ManagementHubCommands
         public const string GetInstanceManagedItems = "GetInstanceManagedItems";
         public const string GetInstanceManagedItem = "GetInstanceManagedItem";
         public const string UpdateInstanceManagedItem = "UpdateInstanceManagedItem";
+        public const string DeleteInstanceManagedItem = "DeleteInstanceManagedItem";
     }
 
     /// <summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 07ff0c074..8cca41fe1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1430,8 +1430,8 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate"
-                    urlBuilder_.Append("api/v1/certificate");
+                    // Operation Path: "api/v1/certificate/search"
+                    urlBuilder_.Append("api/v1/certificate/search");
                     urlBuilder_.Append('?');
                     if (keyword != null)
                     {
@@ -1688,45 +1688,45 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> GetManagedC
         }
 
         /// <summary>
-        /// Add/update the full settings for a specific managed certificate
+        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body)
+        public virtual System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string instanceId, string managedCertId)
         {
-            return UpdateManagedCertificateDetailsAsync(instanceId, body, System.Threading.CancellationToken.None);
+            return RemoveManagedCertificateAsync(instanceId, managedCertId, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// Add/update the full settings for a specific managed certificate
+        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string instanceId, string managedCertId, System.Threading.CancellationToken cancellationToken)
         {
             if (instanceId == null)
                 throw new System.ArgumentNullException("instanceId");
 
+            if (managedCertId == null)
+                throw new System.ArgumentNullException("managedCertId");
+
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
             {
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
-                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
-                    var content_ = new System.Net.Http.StringContent(json_);
-                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
-                    request_.Content = content_;
-                    request_.Method = new System.Net.Http.HttpMethod("POST");
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/settings/{instanceId}/update"
+                    // Operation Path: "api/v1/certificate/settings/{instanceId}/{managedCertId}"
                     urlBuilder_.Append("api/v1/certificate/settings/");
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
-                    urlBuilder_.Append("/update");
+                    urlBuilder_.Append('/');
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1753,7 +1753,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            var objectResponse_ = await ReadObjectResponseAsync<bool>(response_, headers_, cancellationToken).ConfigureAwait(false);
                             if (objectResponse_.Object == null)
                             {
                                 throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
@@ -1781,43 +1781,45 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
         }
 
         /// <summary>
-        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
+        /// Add/update the full settings for a specific managed certificate
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body)
         {
-            return BeginOrderAsync(id, System.Threading.CancellationToken.None);
+            return UpdateManagedCertificateDetailsAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
+        /// Add/update the full settings for a specific managed certificate
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManagedCertificateDetailsAsync(string instanceId, ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
+            if (instanceId == null)
+                throw new System.ArgumentNullException("instanceId");
+
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
             {
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
-                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
                     request_.Method = new System.Net.Http.HttpMethod("POST");
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/order"
-                    urlBuilder_.Append("api/v1/certificate/order");
-                    urlBuilder_.Append('?');
-                    if (id != null)
-                    {
-                        urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-                    }
-                    urlBuilder_.Length--;
+                    // Operation Path: "api/v1/certificate/settings/{instanceId}/update"
+                    urlBuilder_.Append("api/v1/certificate/settings/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/update");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1872,22 +1874,22 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
         }
 
         /// <summary>
-        /// Begin the managed certificate request/renewal process a set of managed certificates
+        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id)
         {
-            return PerformRenewalAsync(body, System.Threading.CancellationToken.None);
+            return BeginOrderAsync(id, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// Begin the managed certificate request/renewal process a set of managed certificates
+        /// Begin the managed certificate request/renewal process for the given managed certificate id (on demand)
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1895,17 +1897,20 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
             {
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
-                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
-                    var content_ = new System.Net.Http.StringContent(json_);
-                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
-                    request_.Content = content_;
+                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
                     request_.Method = new System.Net.Http.HttpMethod("POST");
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/renew"
-                    urlBuilder_.Append("api/v1/certificate/renew");
+                    // Operation Path: "api/v1/certificate/order"
+                    urlBuilder_.Append("api/v1/certificate/order");
+                    urlBuilder_.Append('?');
+                    if (id != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -1960,22 +1965,22 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         }
 
         /// <summary>
-        /// Perform default tests for the given configuration
+        /// Begin the managed certificate request/renewal process a set of managed certificates
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body)
         {
-            return PerformConfigurationTestAsync(body, System.Threading.CancellationToken.None);
+            return PerformRenewalAsync(body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// Perform default tests for the given configuration
+        /// Begin the managed certificate request/renewal process a set of managed certificates
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1992,8 +1997,8 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/test"
-                    urlBuilder_.Append("api/v1/certificate/test");
+                    // Operation Path: "api/v1/certificate/renew"
+                    urlBuilder_.Append("api/v1/certificate/renew");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -2020,7 +2025,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<StatusMessage>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
                             if (objectResponse_.Object == null)
                             {
                                 throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
@@ -2048,40 +2053,40 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         }
 
         /// <summary>
-        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
+        /// Perform default tests for the given configuration
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id)
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body)
         {
-            return RemoveManagedCertificateAsync(id, System.Threading.CancellationToken.None);
+            return PerformConfigurationTestAsync(body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
         /// <summary>
-        /// Remove Managed Certificate [Generated by Certify.SourceGenerators]
+        /// Perform default tests for the given configuration
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateAsync(string id, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
-            if (id == null)
-                throw new System.ArgumentNullException("id");
-
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
             {
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
-                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    var json_ = Newtonsoft.Json.JsonConvert.SerializeObject(body, _settings.Value);
+                    var content_ = new System.Net.Http.StringContent(json_);
+                    content_.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json");
+                    request_.Content = content_;
+                    request_.Method = new System.Net.Http.HttpMethod("POST");
                     request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/certificate/certificate/{id}"
-                    urlBuilder_.Append("api/v1/certificate/certificate/");
-                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture)));
+                    // Operation Path: "api/v1/certificate/test"
+                    urlBuilder_.Append("api/v1/certificate/test");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -2108,7 +2113,7 @@ public virtual async System.Threading.Tasks.Task<bool> RemoveManagedCertificateA
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<bool>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<StatusMessage>>(response_, headers_, cancellationToken).ConfigureAwait(false);
                             if (objectResponse_.Object == null)
                             {
                                 throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 61fe94f01..e92cbb6bc 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -26,6 +26,8 @@ public partial class CertificateController : ApiControllerBase
 
         private IHubContext<InstanceManagementHub, IInstanceManagementHub> _mgmtHubContext;
 
+        private ManagementAPI _mgmtAPI;
+
         /// <summary>
         /// Constructor
         /// </summary>
@@ -37,6 +39,8 @@ public CertificateController(ILogger<CertificateController> logger, ICertifyInte
             _client = client;
             _mgmtStateProvider = mgmtStateProvider;
             _mgmtHubContext = mgmtHubContext;
+
+            _mgmtAPI = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
         }
 
         /// <summary>
@@ -116,6 +120,7 @@ public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines
         [HttpGet]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(ManagedCertificateSummaryResult))]
+        [Route("search")]
         public async Task<IActionResult> GetManagedCertificates(string? keyword, int? page = null, int? pageSize = null)
         {
             var managedCertResult = await _client.GetManagedCertificateSearchResult(
@@ -184,10 +189,7 @@ public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
         public async Task<IActionResult> GetManagedCertificateDetails(string instanceId, string managedCertId)
         {
-
-            var mgmtClient = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
-
-            var managedCert = await mgmtClient.GetManagedCertificate(instanceId, managedCertId, CurrentAuthContext);
+            var managedCert = await _mgmtAPI.GetManagedCertificate(instanceId, managedCertId, CurrentAuthContext);
 
             return new OkObjectResult(managedCert);
         }
@@ -203,9 +205,7 @@ public async Task<IActionResult> GetManagedCertificateDetails(string instanceId,
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
         public async Task<IActionResult> UpdateManagedCertificateDetails(string instanceId, Models.ManagedCertificate managedCertificate)
         {
-            var mgmtClient = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
-
-            var result = await mgmtClient.UpdateManagedCertificate(instanceId, managedCertificate, CurrentAuthContext);
+            var result = await _mgmtAPI.UpdateManagedCertificate(instanceId, managedCertificate, CurrentAuthContext);
 
             if (result != null)
             {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
index 6855d16b3..abaa51de6 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
@@ -66,8 +66,8 @@ public ManagementAPI(IInstanceManagementStateProvider mgmtStateProvider, IHubCon
 
             if (result?.Value != null)
             {
-                var update =  JsonSerializer.Deserialize<ManagedCertificate>(result.Value);
-                
+                var update = JsonSerializer.Deserialize<ManagedCertificate>(result.Value);
+
                 _mgmtStateProvider.UpdateCachedManagedInstanceItem(instanceId, update);
                 return update;
             }
@@ -77,6 +77,37 @@ public ManagementAPI(IInstanceManagementStateProvider mgmtStateProvider, IHubCon
             }
         }
 
+        /// <summary>
+        /// Delete a managed certificate
+        /// </summary>
+        /// <param name="instanceId"></param>
+        /// <param name="managedCertId"></param>
+        /// <param name="authContext"></param>
+        /// <returns></returns>
+        public async Task<bool> RemoveManagedCertificate(string instanceId, string managedCertId, AuthContext authContext)
+        {
+            // delete managed cert via management hub
+
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCertId",managedCertId)
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.DeleteInstanceManagedItem, args);
+
+            var result = await GetCommandResult(instanceId, cmd);
+
+            try
+            {
+                _mgmtStateProvider.DeleteCachedManagedInstanceItem(instanceId, managedCertId);
+                return true;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
         private async Task<InstanceCommandResult?> GetCommandResult(string instanceId, InstanceCommandRequest cmd)
         {
             var connectionId = _mgmtStateProvider.GetConnectionIdForInstance(instanceId);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
index fe4e6e8f3..7da82046f 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
@@ -19,6 +19,7 @@ public interface IInstanceManagementStateProvider
         public void UpdateInstanceItemInfo(string instanceId, List<ManagedCertificate> items);
         public ConcurrentDictionary<string, ManagedInstanceItems> GetManagedInstanceItems(string instanceId = null);
         public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate);
+        public void DeleteCachedManagedInstanceItem(string instanceId, string managedCertificateId);
         public bool HasItemsForManagedInstance(string instanceId);
     }
 
@@ -181,5 +182,22 @@ public bool HasItemsForManagedInstance(string instanceId)
         {
             return _managedInstanceItems.ContainsKey(instanceId);
         }
+
+        public void DeleteCachedManagedInstanceItem(string instanceId, string managedCertificateId)
+        {
+            _managedInstanceItems.TryGetValue(instanceId, out var instance);
+
+            if (instance != null)
+            {
+                foreach (var item in instance.Items)
+                {
+                    if (item.Id == managedCertificateId)
+                    {
+                        instance.Items.Remove(item);
+                        return;
+                    }
+                }
+            }
+        }
     }
 }
diff --git a/src/Certify.SourceGenerators/ApiMethods.cs b/src/Certify.SourceGenerators/ApiMethods.cs
index d57ac7d0d..0ba2896f9 100644
--- a/src/Certify.SourceGenerators/ApiMethods.cs
+++ b/src/Certify.SourceGenerators/ApiMethods.cs
@@ -157,16 +157,17 @@ public static List<GeneratedAPI> GetApiDefinitions()
                         ReturnType = "Models.Config.ActionResult",
                         Params =new Dictionary<string, string>{{ "certificateAuthority", "Certify.Models.CertificateAuthority" } }
                     },
-                     new GeneratedAPI {
+                    new GeneratedAPI {
 
                         OperationName = "RemoveManagedCertificate",
                         OperationMethod = "HttpDelete",
                         Comment = "Remove Managed Certificate",
                         PublicAPIController = "Certificate",
-                        PublicAPIRoute = "certificate/{id}",
-                        ServiceAPIRoute = "managedcertificates/delete/{id}",
+                        PublicAPIRoute = "settings/{instanceId}/{managedCertId}",
+                        UseManagementAPI = true,
+                        ServiceAPIRoute = "managedcertificates/delete/{managedCertId}",
                         ReturnType = "bool",
-                        Params =new Dictionary<string, string>{{ "id", "string" } }
+                        Params =new Dictionary<string, string>{ { "instanceId", "string" },{ "managedCertId", "string" } }
                     },
                     new GeneratedAPI {
 
diff --git a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
index 2b1e959d6..f18cc5f84 100644
--- a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
+++ b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
@@ -16,6 +16,7 @@ public class GeneratedAPI
         public string PublicAPIController { get; set; } = string.Empty;
 
         public string PublicAPIRoute { get; set; } = string.Empty;
+        public bool UseManagementAPI { get; set; } = false;
         public string ServiceAPIRoute { get; set; } = string.Empty;
         public string ReturnType { get; set; } = string.Empty;
         public Dictionary<string, string> Params { get; set; } = new Dictionary<string, string>();
@@ -72,7 +73,7 @@ public partial class {config.PublicAPIController}Controller
                     [Route(""""""{config.PublicAPIRoute}"""""")]
                     public async Task<IActionResult> {config.OperationName}({apiParamDeclWithoutAuthContext})
                     {{
-                        var result = await _client.{config.OperationName}({apiParamCall.Replace("authContext", "CurrentAuthContext")});
+                        var result = await {(config.UseManagementAPI ? "_mgmtAPI" : "_client")}.{config.OperationName}({apiParamCall.Replace("authContext", "CurrentAuthContext")});
                         return new OkObjectResult(result);
                     }}
                 }}
@@ -226,7 +227,7 @@ public void Initialize(GeneratorInitializationContext context)
             // then add a watch on 
             if (!Debugger.IsAttached)
             {
-                // Debugger.Launch();
+                 //Debugger.Launch();
             }
 #endif
         }

From 6acc57608147cc9a628e8ff0c45f0d6764a8b30d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sun, 7 Jul 2024 12:12:52 +0800
Subject: [PATCH 202/237] Implement status summary per instance

---
 src/Certify.Client/CertifyApiClient.cs        |  4 +-
 src/Certify.Client/ICertifyClient.cs          |  2 +-
 src/Certify.Client/ManagementServerClient.cs  | 18 +++-
 .../CertifyManager.ManagedCertificates.cs     |  4 +-
 .../CertifyManager.ManagementHub.cs           | 10 +++
 .../CertifyManager/ICertifyManager.cs         |  2 +-
 .../API/Management/ManagementHubMessages.cs   |  6 +-
 .../{Summary.cs => StatusSummary.cs}          |  2 +-
 .../Certify.API.Public.cs                     | 84 ++++++++++++++++++-
 .../Controllers/internal/HubController.cs     | 18 +++-
 .../Controllers/v1/CertificateController.cs   | 12 +--
 .../Services/ManagementAPI.cs                 | 25 ++++++
 .../ManagementHub/InstanceManagementHub.cs    | 24 +++++-
 .../InstanceManagementStateProvider.cs        | 39 ++++++++-
 .../ManagedCertificateController.cs           |  2 +-
 .../ManagedCertificateController.cs           |  2 +-
 src/Certify.Shared/Utils/DemoDataGenerator.cs | 24 ++++--
 .../ManagedCertificate/Dashboard.xaml.cs      |  2 +-
 .../AppViewModel.ManagedCerticates.cs         |  2 +-
 19 files changed, 241 insertions(+), 41 deletions(-)
 rename src/Certify.Models/Reporting/{Summary.cs => StatusSummary.cs} (90%)

diff --git a/src/Certify.Client/CertifyApiClient.cs b/src/Certify.Client/CertifyApiClient.cs
index c67cb3e58..e4c7dedc0 100644
--- a/src/Certify.Client/CertifyApiClient.cs
+++ b/src/Certify.Client/CertifyApiClient.cs
@@ -424,7 +424,7 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateSearchRes
             }
         }
 
-        public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null)
+        public async Task<StatusSummary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null)
         {
             var response = await PostAsync("managedcertificates/summary/", filter, authContext);
             var serializer = new JsonSerializer();
@@ -432,7 +432,7 @@ public async Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter
             using (var sr = new StreamReader(await response.Content.ReadAsStreamAsync()))
             using (var reader = new JsonTextReader(sr))
             {
-                var result = serializer.Deserialize<Summary>(reader);
+                var result = serializer.Deserialize<StatusSummary>(reader);
                 return result;
             }
         }
diff --git a/src/Certify.Client/ICertifyClient.cs b/src/Certify.Client/ICertifyClient.cs
index e546d0f2d..28ac176fe 100644
--- a/src/Certify.Client/ICertifyClient.cs
+++ b/src/Certify.Client/ICertifyClient.cs
@@ -73,7 +73,7 @@ public partial interface ICertifyInternalApiClient
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter, AuthContext authContext = null);
         Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter, AuthContext authContext = null);
-        Task<Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null);
+        Task<StatusSummary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null);
 
         Task<ManagedCertificate> GetManagedCertificate(string managedItemId, AuthContext authContext = null);
 
diff --git a/src/Certify.Client/ManagementServerClient.cs b/src/Certify.Client/ManagementServerClient.cs
index a377e3651..662a4b3f0 100644
--- a/src/Certify.Client/ManagementServerClient.cs
+++ b/src/Certify.Client/ManagementServerClient.cs
@@ -86,6 +86,11 @@ public async Task ConnectAsync()
 
         }
 
+        public async Task Disconnect()
+        {
+            await _connection.StopAsync();
+
+        }
         private void PerformRequestedCommand(InstanceCommandRequest cmd)
         {
             System.Diagnostics.Debug.WriteLine($"Got command from management server {cmd}");
@@ -97,8 +102,17 @@ private void PerformRequestedCommand(InstanceCommandRequest cmd)
             else
             {
                 var task = OnGetCommandResult?.Invoke(cmd);
-
-                _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, task.Result).Wait();
+                if (task != null)
+                {
+                    if (cmd.CommandType != ManagementHubCommands.Reconnect)
+                    {
+                        _connection.SendAsync(ManagementHubMessages.ReceiveCommandResult, task.Result).Wait();
+                    }
+                    else
+                    {
+                        task.Wait();
+                    }
+                }
             }
         }
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 7c378bc2a..721d5eb4f 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -143,11 +143,11 @@ public async Task<ManagedCertificateSearchResult> GetManagedCertificateResults(M
             return result;
         }
 
-        public async Task<Certify.Models.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
+        public async Task<Certify.Models.Reporting.StatusSummary> GetManagedCertificateSummary(ManagedCertificateFilter filter)
         {
             var ms = await _itemManager.Find(filter);
 
-            var summary = new Summary();
+            var summary = new StatusSummary();
             summary.InstanceId = InstanceId;
             summary.Total = ms.Count;
             summary.Healthy = ms.Count(c => c.Health == ManagedCertificateHealth.OK);
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index d35cfc87d..2ad71342a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -70,6 +70,12 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
                 var items = await GetManagedCertificates(new ManagedCertificateFilter { });
                 val = new ManagedInstanceItems { InstanceId = InstanceId, Items = items };
             }
+            else if (arg.CommandType == ManagementHubCommands.GetInstanceStatusSummary)
+            {
+                var s=  await GetManagedCertificateSummary(new ManagedCertificateFilter { });
+                s.InstanceId = InstanceId;
+                val = s;
+            }
             else if (arg.CommandType == ManagementHubCommands.UpdateInstanceManagedItem)
             {
                 // update a single managed item 
@@ -93,6 +99,10 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
                 var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
                 await TestChallenge(null, managedCertObj, isPreviewMode: true);
             }
+            else if (arg.CommandType == ManagementHubCommands.Reconnect)
+            {
+                await _managementServerClient.Disconnect();
+            }
 
             var result = new InstanceCommandResult { CommandId = arg.CommandId, Value = JsonSerializer.Serialize(val) };
 
diff --git a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
index 08191c91d..f145da2d3 100644
--- a/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/ICertifyManager.cs
@@ -29,7 +29,7 @@ public interface ICertifyManager
 
         Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter = null);
         Task<ManagedCertificateSearchResult> GetManagedCertificateResults(ManagedCertificateFilter filter = null);
-        Task<Certify.Models.Reporting.Summary> GetManagedCertificateSummary(ManagedCertificateFilter filter = null);
+        Task<Certify.Models.Reporting.StatusSummary> GetManagedCertificateSummary(ManagedCertificateFilter filter = null);
 
         Task<ManagedCertificate> UpdateManagedCertificate(ManagedCertificate site);
 
diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
index 538799194..7dbaa7c65 100644
--- a/src/Certify.Models/API/Management/ManagementHubMessages.cs
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 
 namespace Certify.API.Management
@@ -13,10 +13,14 @@ public class ManagementHubMessages
     public class ManagementHubCommands
     {
         public const string GetInstanceInfo = "GetInstanceInfo";
+        public const string GetInstanceStatusSummary = "GetInstanceStatusSummary";
         public const string GetInstanceManagedItems = "GetInstanceManagedItems";
         public const string GetInstanceManagedItem = "GetInstanceManagedItem";
         public const string UpdateInstanceManagedItem = "UpdateInstanceManagedItem";
         public const string DeleteInstanceManagedItem = "DeleteInstanceManagedItem";
+        public const string TestInstanceManagedItem = "TestInstanceManagedItem";
+
+        public const string Reconnect = "Reconnect";
     }
 
     /// <summary>
diff --git a/src/Certify.Models/Reporting/Summary.cs b/src/Certify.Models/Reporting/StatusSummary.cs
similarity index 90%
rename from src/Certify.Models/Reporting/Summary.cs
rename to src/Certify.Models/Reporting/StatusSummary.cs
index 66b47f82e..8bcc4a756 100644
--- a/src/Certify.Models/Reporting/Summary.cs
+++ b/src/Certify.Models/Reporting/StatusSummary.cs
@@ -1,6 +1,6 @@
 namespace Certify.Models.Reporting
 {
-    public class Summary : BindableBase
+    public class StatusSummary : BindableBase
     {
         public string InstanceId { get; set; } = string.Empty;
         public int Total { get; set; }
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 8cca41fe1..6de1592ef 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1504,7 +1504,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword)
+        public virtual System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync(string keyword)
         {
             return GetManagedCertificateSummaryAsync(keyword, System.Threading.CancellationToken.None);
         }
@@ -1515,7 +1515,7 @@ public virtual System.Threading.Tasks.Task<Summary> GetManagedCertificateSummary
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateSummaryAsync(string keyword, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync(string keyword, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1563,7 +1563,7 @@ public virtual async System.Threading.Tasks.Task<Summary> GetManagedCertificateS
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<Summary>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            var objectResponse_ = await ReadObjectResponseAsync<StatusSummary>(response_, headers_, cancellationToken).ConfigureAwait(false);
                             if (objectResponse_.Object == null)
                             {
                                 throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
@@ -3103,6 +3103,84 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
             }
         }
 
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ManagedInstanceInfo>> FlushHubManagedInstancesAsync()
+        {
+            return FlushHubManagedInstancesAsync(System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ManagedInstanceInfo>> FlushHubManagedInstancesAsync(System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("GET");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "api/v1/hub/flush"
+                    urlBuilder_.Append("api/v1/hub/flush");
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<System.Collections.Generic.ICollection<ManagedInstanceInfo>>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Get preview of steps for certificate order and deployment
         /// </summary>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
index c4940feb4..eff7cade2 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
@@ -7,6 +7,7 @@
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.SignalR;
 
 namespace Certify.Server.Api.Public.Controllers
 {
@@ -23,17 +24,19 @@ public partial class HubController : ApiControllerBase
         private readonly ICertifyInternalApiClient _client;
 
         private IInstanceManagementStateProvider _mgmtStateProvider;
+        private IHubContext<InstanceManagementHub, IInstanceManagementHub> _mgmtHubContext;
 
         /// <summary>
         /// Constructor
         /// </summary>
         /// <param name="logger"></param>
         /// <param name="client"></param>
-        public HubController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, IInstanceManagementStateProvider mgmtStateProvider)
+        public HubController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, IInstanceManagementStateProvider mgmtStateProvider, IHubContext<InstanceManagementHub, IInstanceManagementHub> mgmtHubContext)
         {
             _logger = logger;
             _client = client;
             _mgmtStateProvider = mgmtStateProvider;
+            _mgmtHubContext = mgmtHubContext;
         }
 
         /// <summary>
@@ -63,7 +66,7 @@ public async Task<IActionResult> GetHubManagedItems(string? keyword, int? page =
                 list.AddRange(remote.Items.Select(i => new ManagedCertificateSummary
                 {
                     InstanceId = remote.InstanceId,
-                    InstanceTitle = instances.FirstOrDefault(i=>i.InstanceId==remote.InstanceId)?.Title,
+                    InstanceTitle = instances.FirstOrDefault(i => i.InstanceId == remote.InstanceId)?.Title,
                     Id = i.Id ?? "",
                     Title = $"[remote] {i.Name}" ?? "",
                     PrimaryIdentifier = i.GetCertificateIdentifiers().FirstOrDefault(p => p.Value == i.RequestConfig.PrimaryDomain) ?? i.GetCertificateIdentifiers().FirstOrDefault(),
@@ -90,5 +93,16 @@ public async Task<IActionResult> GetHubManagedInstances()
             var managedInstances = _mgmtStateProvider.GetConnectedInstances();
             return new OkObjectResult(managedInstances);
         }
+
+        [HttpGet]
+        [Route("flush")]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<ManagedInstanceInfo>))]
+        public async Task<IActionResult> FlushHubManagedInstances()
+        {
+            _mgmtStateProvider.Clear();
+            await _mgmtHubContext.Clients.All.SendCommandRequest(new InstanceCommandRequest(ManagementHubCommands.Reconnect));
+            return new OkResult();
+        }
     }
 }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index e92cbb6bc..4a9beb978 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -164,15 +164,11 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
         [HttpPost]
         [Route("summary")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Summary))]
-        public async Task<IActionResult> GetManagedCertificateSummary(string? keyword)
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(StatusSummary))]
+        public async Task<IActionResult> GetManagedCertificateSummary()
         {
-
-            var summary = await _client.GetManagedCertificateSummary(
-                new Models.ManagedCertificateFilter
-                {
-                    Keyword = keyword
-                }, CurrentAuthContext);
+            var summary = await _mgmtAPI.GetManagedCertificateSummary(CurrentAuthContext);
+         
 
             return new OkObjectResult(summary);
         }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
index abaa51de6..f752e1611 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
@@ -2,6 +2,7 @@
 using Certify.API.Management;
 using Certify.Client;
 using Certify.Models;
+using Certify.Models.Reporting;
 using Certify.Server.Api.Public.SignalR.ManagementHub;
 using Microsoft.AspNetCore.SignalR;
 
@@ -123,5 +124,29 @@ public async Task<bool> RemoveManagedCertificate(string instanceId, string manag
 
             return await _mgmtStateProvider.ConsumeAwaitedCommandResult(cmd.CommandId);
         }
+
+        public async Task<StatusSummary> GetManagedCertificateSummary(AuthContext? currentAuthContext)
+        {
+
+            var allSummary = _mgmtStateProvider.GetManagedInstanceStatusSummaries();
+            var sum = new StatusSummary();
+
+            foreach (var item in allSummary)
+            {
+                if (item.Value != null)
+                {
+                    sum.Total += item.Value.Total;
+                    sum.Error += item.Value.Error;
+                    sum.Warning += item.Value.Warning;
+                    sum.AwaitingUser += item.Value.AwaitingUser;
+                    sum.Healthy += item.Value.Healthy;
+                    sum.NoCertificate += item.Value.NoCertificate;
+
+                }
+            }
+
+            return await Task.FromResult(sum);
+        }
     }
 }
+
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
index 18de496c7..d45fafe97 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
@@ -3,6 +3,7 @@
 using System.Diagnostics;
 using Certify.API.Management;
 using Certify.Models;
+using Certify.Models.Reporting;
 using Microsoft.AspNetCore.SignalR;
 
 namespace Certify.Server.Api.Public.SignalR.ManagementHub
@@ -150,6 +151,18 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
 
                             IssueCommand(request);
                         }
+
+                        // if we dont have a status summary, ask for that
+                        if (!_stateProvider.HasStatusSummaryForManagedInstance(instanceInfo.InstanceId))
+                        {
+                            var request = new InstanceCommandRequest
+                            {
+                                CommandId = Guid.NewGuid(),
+                                CommandType = ManagementHubCommands.GetInstanceStatusSummary
+                            };
+
+                            IssueCommand(request);
+                        }
                     }
                 }
                 else
@@ -166,9 +179,16 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
                         if (cmd.CommandType == ManagementHubCommands.GetInstanceManagedItems)
                         {
                             // got items from an instance
-                            var itemInfo = System.Text.Json.JsonSerializer.Deserialize<ManagedInstanceItems>(result.Value);
+                            var val = System.Text.Json.JsonSerializer.Deserialize<ManagedInstanceItems>(result.Value);
+
+                            _stateProvider.UpdateInstanceItemInfo(instanceId, val.Items);
+                        }
+                        else if (cmd.CommandType == ManagementHubCommands.GetInstanceStatusSummary && result?.Value!=null)
+                        {
+                            // got status summary
+                            var val = System.Text.Json.JsonSerializer.Deserialize<StatusSummary>(result.Value);
 
-                            _stateProvider.UpdateInstanceItemInfo(instanceId, itemInfo.Items);
+                            _stateProvider.UpdateInstanceStatusSummary(instanceId, val);
                         }
                         else
                         {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
index 7da82046f..eb97fdc93 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
@@ -1,13 +1,16 @@
 using System.Collections.Concurrent;
 using Certify.API.Management;
 using Certify.Models;
+using Certify.Models.Reporting;
 using Microsoft.IdentityModel.Logging;
 
 namespace Certify.Server.Api.Public.SignalR.ManagementHub
 {
     public interface IInstanceManagementStateProvider
     {
+        public void Clear();
         public void UpdateInstanceConnectionInfo(string connectionId, ManagedInstanceInfo instanceInfo);
+        public void UpdateInstanceStatusSummary(string instanceId, StatusSummary summary);
         public string GetConnectionIdForInstance(string instanceId);
         public string GetInstanceIdForConnection(string connectionId);
         public List<ManagedInstanceInfo> GetConnectedInstances();
@@ -21,10 +24,13 @@ public interface IInstanceManagementStateProvider
         public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate);
         public void DeleteCachedManagedInstanceItem(string instanceId, string managedCertificateId);
         public bool HasItemsForManagedInstance(string instanceId);
+        
+        public bool HasStatusSummaryForManagedInstance(string instanceId);
+        public ConcurrentDictionary<string, StatusSummary> GetManagedInstanceStatusSummaries();
     }
 
     /// <summary>
-    /// Track state across pool of instance connections to management hub
+    /// Track state across pool of instance connections to the management hub
     /// </summary>
     public class InstanceManagementStateProvider : IInstanceManagementStateProvider
     {
@@ -33,12 +39,24 @@ public class InstanceManagementStateProvider : IInstanceManagementStateProvider
         private ConcurrentDictionary<Guid, InstanceCommandResult> _awaitedCommandResults = [];
 
         private ConcurrentDictionary<string, ManagedInstanceItems> _managedInstanceItems = [];
+        private ConcurrentDictionary<string, StatusSummary> _managedInstanceStatusSummary = [];
         private ILogger<InstanceManagementStateProvider> _logger;
         public InstanceManagementStateProvider(ILogger<InstanceManagementStateProvider> logger)
         {
             _logger = logger;
         }
 
+        public void Clear()
+        {
+            _logger.LogWarning("Flushing management hub state, clients will need to reconnect.");
+            _instanceConnections.Clear();
+            _managedInstanceItems.Clear();
+            _awaitedCommandRequests.Clear();
+            _awaitedCommandResults.Clear();
+            _managedInstanceStatusSummary.Clear();
+
+        }
+
         public List<ManagedInstanceInfo> GetConnectedInstances()
         {
             return _instanceConnections.Values.ToList();
@@ -61,6 +79,11 @@ public void UpdateInstanceConnectionInfo(string connectionId, ManagedInstanceInf
             _instanceConnections.AddOrUpdate(connectionId, instanceInfo, (i, oldValue) => { return instanceInfo; });
         }
 
+        public void UpdateInstanceStatusSummary(string instanceId, StatusSummary summary)
+        {
+            _managedInstanceStatusSummary.AddOrUpdate(instanceId, summary, (i, oldValue) => summary);
+        }
+
         /// <summary>
         /// Get the current connection ID we haev associated with the given instance id
         /// </summary>
@@ -159,11 +182,16 @@ public ConcurrentDictionary<string, ManagedInstanceItems> GetManagedInstanceItem
             return _managedInstanceItems;
         }
 
+        public ConcurrentDictionary<string, StatusSummary> GetManagedInstanceStatusSummaries()
+        {
+            return _managedInstanceStatusSummary;
+        }
+
         public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate)
         {
             _managedInstanceItems.TryGetValue(instanceId, out var instance);
-            
-            if (instance!=null)
+
+            if (instance != null)
             {
                 foreach (var item in instance.Items)
                 {
@@ -183,6 +211,11 @@ public bool HasItemsForManagedInstance(string instanceId)
             return _managedInstanceItems.ContainsKey(instanceId);
         }
 
+        public bool HasStatusSummaryForManagedInstance(string instanceId)
+        {
+            return _managedInstanceStatusSummary.ContainsKey(instanceId);
+        }
+
         public void DeleteCachedManagedInstanceItem(string instanceId, string managedCertificateId)
         {
             _managedInstanceItems.TryGetValue(instanceId, out var instance);
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index 657ed53ed..a5ab89745 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -40,7 +40,7 @@ public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateF
         }
 
         [HttpPost, Route("summary")]
-        public async Task<Summary> GetSummary(ManagedCertificateFilter filter)
+        public async Task<StatusSummary> GetSummary(ManagedCertificateFilter filter)
         {
             DebugLog();
             return await _certifyManager.GetManagedCertificateSummary(filter);
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 353a0d025..0892e7982 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -44,7 +44,7 @@ public async Task<ManagedCertificateSearchResult> GetResults(ManagedCertificateF
         }
 
         [HttpPost, Route("summary")]
-        public async Task<Summary> GetSummary(ManagedCertificateFilter filter)
+        public async Task<StatusSummary> GetSummary(ManagedCertificateFilter filter)
         {
             DebugLog();
             return await _certifyManager.GetManagedCertificateSummary(filter);
diff --git a/src/Certify.Shared/Utils/DemoDataGenerator.cs b/src/Certify.Shared/Utils/DemoDataGenerator.cs
index 8d469e63e..14304d659 100644
--- a/src/Certify.Shared/Utils/DemoDataGenerator.cs
+++ b/src/Certify.Shared/Utils/DemoDataGenerator.cs
@@ -12,6 +12,8 @@ public class DemoDataGenerator
     {
         public static List<ManagedCertificate> GenerateDemoItems()
         {
+            var rnd = new Random();
+
             var items = new List<ManagedCertificate>();
             var numItems = new Random().Next(10, 50);
             for (var i = 0; i < numItems; i++)
@@ -20,7 +22,7 @@ public static List<ManagedCertificate> GenerateDemoItems()
                 var item = new ManagedCertificate
                 {
                     Id = Guid.NewGuid().ToString(),
-                    Name = GenerateName(),
+                    Name = GenerateName(rnd),
                     RequestConfig = new CertRequestConfig
                     {
                         Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig> { new CertRequestChallengeConfig { ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP } }
@@ -35,6 +37,10 @@ public static List<ManagedCertificate> GenerateDemoItems()
                 if (validation.IsValid)
                 {
                     var demoState = new Random().Next(1, 3);
+                    var certLifetime = new Random().Next(7, 30);
+                    var certElapsed = new Random().Next(1, certLifetime);
+                    var certStart = DateTime.UtcNow.AddDays(-certElapsed);
+
                     if (demoState == 1)
                     {
                         // not yet requested
@@ -44,9 +50,9 @@ public static List<ManagedCertificate> GenerateDemoItems()
                     {
                         // failed
                         item.CertificateCurrentCA = "demo-ca.org";
-                        item.DateStart = DateTime.UtcNow;
-                        item.DateLastRenewalAttempt = item.DateStart;
-                        item.DateExpiry = DateTime.UtcNow.AddDays(5);
+                        item.DateStart = certStart;
+                        item.DateLastRenewalAttempt = certStart;
+                        item.DateExpiry = certStart.AddDays(certLifetime);
                         item.CertificateFriendlyName = $"{item.GetCertificateIdentifiers().First().Value} [CertifyDemo] - {item.DateStart} to {item.DateExpiry}";
                         item.Comments = "This is an example item showing failure.";
                         item.LastAttemptedCA = item.CertificateCurrentCA;
@@ -59,9 +65,9 @@ public static List<ManagedCertificate> GenerateDemoItems()
                     {
                         //success
                         item.CertificateCurrentCA = "demo-ca.org";
-                        item.DateStart = DateTime.UtcNow;
-                        item.DateExpiry = DateTime.UtcNow.AddDays(5);
-                        item.DateLastRenewalAttempt = item.DateStart;
+                        item.DateStart = certStart;
+                        item.DateLastRenewalAttempt = certStart;
+                        item.DateExpiry = certStart.AddDays(certLifetime);
                         item.CertificateFriendlyName = $"{item.GetCertificateIdentifiers().First().Value} [CertifyDemo] - {item.DateStart} to {item.DateExpiry}";
                         item.Comments = "This is an example item showing success";
                         item.LastAttemptedCA = item.CertificateCurrentCA;
@@ -80,7 +86,7 @@ public static List<ManagedCertificate> GenerateDemoItems()
             return items;
         }
 
-        public static string GenerateName()
+        public static string GenerateName(Random rnd)
         {
             // generate test item names using verb,animal
             var subjects = new string[] {
@@ -111,7 +117,7 @@ public static string GenerateName()
                 "fabulous"
             };
 
-            var rnd = new Random();
+         
 
             return $"{adjectives[rnd.Next(0, adjectives.Length - 1)]}-{subjects[rnd.Next(0, subjects.Length - 1)]}".ToLower();
         }
diff --git a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
index 14197f015..b0c9f5937 100644
--- a/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
+++ b/src/Certify.UI.Shared/Controls/ManagedCertificate/Dashboard.xaml.cs
@@ -19,7 +19,7 @@ public class DailySummary : BindableBase
 
         }
 
-        public Summary ViewModel { get; set; } = new Summary();
+        public StatusSummary ViewModel { get; set; } = new StatusSummary();
 
         protected ViewModel.AppViewModel _appViewModel => AppViewModel.Current;
 
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 7444298f4..3206829e9 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -117,7 +117,7 @@ public virtual async Task RefreshManagedCertificates()
             TotalManagedCertificates = result.TotalResults;
         }
 
-        public async Task<Summary> GetManagedCertificateSummary()
+        public async Task<StatusSummary> GetManagedCertificateSummary()
         {
             if (!IsServiceAvailable)
             {

From 52badcc07cb3a789425ddba7085c64a448866346 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sun, 7 Jul 2024 12:13:01 +0800
Subject: [PATCH 203/237] Package update

Package updates, OpenAPI build fix, begin using ms logging interface
---
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj   | 6 +-----
 .../Certify.Aspire.ServiceDefaults.csproj                  | 4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj            | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj         | 2 +-
 src/Certify.Service/Certify.Service.csproj                 | 2 --
 src/Certify.Shared/Certify.Shared.Core.csproj              | 7 ++++---
 src/Certify.UI.Shared/Certify.UI.Shared.csproj             | 1 -
 src/Certify.UI/Certify.UI.csproj                           | 3 ---
 8 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index 9dfb01097..cf6b04489 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,11 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <None Remove="global.json" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.1" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 7abf131aa..7011041ab 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -12,11 +12,11 @@
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
     <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.6.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.1" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.2" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
-    <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
+    <PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.9.0-beta.1" />
     <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.9.0" />
   </ItemGroup>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index c847147aa..9dfcb059b 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.78" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.81" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 135319ca9..3c9fea62d 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -5,12 +5,12 @@
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
         <Platforms>AnyCPU</Platforms>
         <ImplicitUsings>enable</ImplicitUsings>
+        <OpenApiGenerateDocumentsOnBuild>false</OpenApiGenerateDocumentsOnBuild>
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.1" />
-        <PackageReference Include="Serilog" Version="4.0.0" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index f6c841f69..76dd66f16 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -48,8 +48,6 @@
         <PackageReference Include="Microsoft.Owin.SelfHost" Version="4.2.2" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
         <PackageReference Include="Owin" Version="1.0.0" />
-        <PackageReference Include="Serilog" Version="4.0.0" />
-        <PackageReference Include="Serilog.Sinks.ListOfString" Version="4.1.4.3" />
         <PackageReference Include="Swashbuckle.Core" Version="5.6.0" />
         <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
         <PackageReference Include="System.ServiceProcess.ServiceController" Version="8.0.0" />
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 57e3a92c5..5fd237fde 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -6,14 +6,15 @@
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
+        <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
+        <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
         <PackageReference Include="System.IO" Version="4.3.0" />
         <PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
         <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
         <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
         <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-        <PackageReference Include="Serilog" Version="4.0.0" />
-        <PackageReference Include="Serilog.Sinks.Debug" Version="3.0.0" />
-        <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
         <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
         <PackageReference Include="System.Runtime.Handles" Version="4.3.0" />
         <PackageReference Include="System.Runtime.InteropServices" Version="4.3.0" />
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index c9329f3cd..3e9592ca8 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,6 @@
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
-		<PackageReference Include="Serilog" Version="4.0.0" />
 		<PackageReference Include="System.Text.Json" Version="8.0.3" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
diff --git a/src/Certify.UI/Certify.UI.csproj b/src/Certify.UI/Certify.UI.csproj
index db63cca5c..68f45af6b 100644
--- a/src/Certify.UI/Certify.UI.csproj
+++ b/src/Certify.UI/Certify.UI.csproj
@@ -158,9 +158,6 @@
       <Version>4.1.0</Version>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Serilog">
-      <Version>4.0.0</Version>
-    </PackageReference>
     <PackageReference Include="System.Diagnostics.DiagnosticSource">
       <Version>8.0.1</Version>
     </PackageReference>

From f057e4aeef313bbae8ff380df6f778932f1c1620 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 9 Jul 2024 14:07:20 +0800
Subject: [PATCH 204/237] Implement logging via ms logging extensions (with
 serilog)

---
 .../CertifyCLI.RunCertDiagnostics.cs          |  7 +--
 .../CertifyManager/CertifyManager.Account.cs  |  3 +-
 .../CertifyManager/CertifyManager.cs          | 51 +++++++++++++------
 .../ManagedCertificateController.cs           |  8 +--
 .../Certify.Server.Core/Startup.cs            |  2 +-
 .../ManagedCertificateController.cs           |  3 +-
 .../Management/PluginManager.cs               | 15 ++++--
 src/Certify.Shared/Utils/Loggy.cs             | 14 ++---
 .../Utils/ManagedCertificateLog.cs            | 30 +++++------
 .../CertRequestTests.cs                       |  6 +--
 .../DeploymentPreviewTests.cs                 |  4 --
 .../DeploymentTaskTests.cs                    |  6 ---
 .../IntegrationTestBase.cs                    |  8 +--
 .../Tests/AccessControlTests.cs               |  6 +--
 .../Tests/CertificateOperationTests.cs        |  8 +--
 .../Tests/CertifyManagerAccountTests.cs       |  4 +-
 .../Tests/ConnectionCheckTests.cs             |  6 ---
 .../Tests/DnsQueryTests.cs                    |  8 +--
 .../Tests/LoggyTests.cs                       | 16 +++---
 .../ViewModel/AppViewModel/AppViewModel.cs    | 15 +++---
 20 files changed, 111 insertions(+), 109 deletions(-)

diff --git a/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs b/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
index 5b3b33d67..90c1b1e72 100644
--- a/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
+++ b/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
@@ -6,6 +6,7 @@
 using System.Threading.Tasks;
 using Certify.Management;
 using Certify.Models;
+using Microsoft.Extensions.Logging;
 using Serilog;
 
 namespace Certify.CLI
@@ -279,11 +280,7 @@ public async Task FindPendingAuthorizations(bool autoFix)
                 var c = new CertifyManager();
                 await c.Init();
 
-                var log = new LoggerConfiguration()
-                  .WriteTo.Debug()
-                  .CreateLogger();
-
-                var logger = new Loggy(log);
+                var logger = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<CertifyCLI>());
 
                 foreach (var url in orderUrls)
                 {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index 15ff3c5fd..a0baf0e06 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -7,6 +7,7 @@
 using Certify.Models.Config;
 using Certify.Models.Providers;
 using Certify.Providers.ACME.Anvil;
+using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
 namespace Certify.Management
@@ -184,7 +185,7 @@ public async Task<AccountDetails> GetAccountDetails(ManagedCertificate item, boo
 
             if (defaultMatchingAccount == null)
             {
-                var log = ManagedCertificateLog.GetLogger(item.Id, new Serilog.Core.LoggingLevelSwitch(Serilog.Events.LogEventLevel.Error));
+                var log = ManagedCertificateLog.GetLogger(item.Id, LogLevel.Error);
                 log?.Error($"Failed to match ACME account for managed certificate. Cannot continue request. :: {item.Name} CA: {currentCA} {(item.UseStagingMode ? "[Staging Mode]" : "[Production]")}");
                 return null;
             }
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 85fec6d71..f1ea00d51 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
@@ -11,7 +11,9 @@
 using Certify.Models;
 using Certify.Models.Providers;
 using Certify.Providers;
+using Microsoft.Extensions.Logging;
 using Serilog;
+using Serilog.Core;
 
 namespace Certify.Management
 {
@@ -55,7 +57,7 @@ public partial class CertifyManager : ICertifyManager, IDisposable
         /// <summary>
         /// Current service log level setting
         /// </summary>
-        private Serilog.Core.LoggingLevelSwitch _loggingLevelSwitch { get; set; }
+        private LogLevel _loggingLevelSwitch { get; set; }
 
         /// <summary>
         /// If true, http challenge service is started
@@ -196,14 +198,14 @@ public async Task Init()
             }
 #endif
         }
-       
+
         /// <summary>
         /// Setup the continuous job tasks for renewals and maintenance
         /// </summary>
         private void SetupJobs()
         {
-            // 30 second job timer (reporting etc)
-            _heartbeatTimer = new System.Timers.Timer(30 * 1000); // every 30 seconds
+            // 60 second job timer (reporting etc)
+            _heartbeatTimer = new System.Timers.Timer(60 * 1000); // every n seconds
             _heartbeatTimer.Elapsed += _heartbeatTimer_Elapsed;
             _heartbeatTimer.Start();
 
@@ -366,20 +368,37 @@ private async Task InitDataStore()
         /// <param name="serverConfig"></param>
         private void InitLogging(Shared.ServiceConfig serverConfig)
         {
-            _loggingLevelSwitch = new Serilog.Core.LoggingLevelSwitch(Serilog.Events.LogEventLevel.Information);
+            _loggingLevelSwitch = LogLevel.Information;
 
             SetLoggingLevel(serverConfig?.LogLevel);
 
-            _serviceLog = new Loggy(
-                new LoggerConfiguration()
-               .MinimumLevel.ControlledBy(_loggingLevelSwitch)
+            var serilogLog = new Serilog.LoggerConfiguration()
+               .Enrich.FromLogContext()
+               .MinimumLevel.ControlledBy(LogLevelSwitchFromLogLevel(_loggingLevelSwitch))
                .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
-               .CreateLogger()
-               );
+               .CreateLogger();
+
+            var msLogger = new Serilog.Extensions.Logging.SerilogLoggerFactory(serilogLog).CreateLogger<ManagedCertificate>();
 
-            _serviceLog?.Information($"-------------------- Logging started: {_loggingLevelSwitch.MinimumLevel} --------------------");
+            _serviceLog = new Loggy(msLogger);
+
+            _serviceLog?.Information($"-------------------- Logging started: {_loggingLevelSwitch} --------------------");
         }
 
+        private LoggingLevelSwitch LogLevelSwitchFromLogLevel(LogLevel level)
+        {
+            switch (level)
+            {
+               case  LogLevel.Error:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Error);
+                case LogLevel.Debug:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Debug);
+                case LogLevel.Warning:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Warning);
+                default: 
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Information);
+            }
+        }
         /// <summary>
         /// Update the current service log level
         /// </summary>
@@ -389,15 +408,15 @@ public void SetLoggingLevel(string logLevel)
             switch (logLevel?.ToLower())
             {
                 case "debug":
-                    _loggingLevelSwitch.MinimumLevel = Serilog.Events.LogEventLevel.Debug;
+                    _loggingLevelSwitch = LogLevel.Trace;
                     break;
 
                 case "verbose":
-                    _loggingLevelSwitch.MinimumLevel = Serilog.Events.LogEventLevel.Verbose;
+                    _loggingLevelSwitch = LogLevel.Debug;
                     break;
 
                 default:
-                    _loggingLevelSwitch.MinimumLevel = Serilog.Events.LogEventLevel.Information;
+                    _loggingLevelSwitch = LogLevel.Information;
                     break;
             }
         }
@@ -410,7 +429,7 @@ public void SetStatusReporting(IStatusReporting statusReporting)
         {
             _statusReporting = statusReporting;
         }
-    
+
         /// <summary>
         /// Update progress tracking and send status report to client(s). optionally logging to service log
         /// </summary>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
index a5ab89745..131f6dc6c 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/ManagedCertificateController.cs
@@ -1,4 +1,4 @@
-using Certify.Config;
+using Certify.Config;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.API;
@@ -89,7 +89,8 @@ public async Task<List<StatusMessage>> TestChallengeResponse(ManagedCertificate
                      .WriteTo.Sink(new ProgressLogSink(progressIndicator, managedCertificate, _certifyManager))
                      .CreateLogger())
             {
-                var theLog = new Loggy(log);
+                var theLog = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(log).CreateLogger<ManagedCertificatesController>());
+
                 var results = await _certifyManager.TestChallenge(theLog, managedCertificate, isPreviewMode: true, progress: progressIndicator);
 
                 return results;
@@ -112,7 +113,8 @@ public async Task<List<StatusMessage>> PerformChallengeCleanup(ManagedCertificat
                      .WriteTo.Sink(new ProgressLogSink(progressIndicator, managedCertificate, _certifyManager))
                      .CreateLogger())
             {
-                var theLog = new Loggy(log);
+                var theLog = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(log).CreateLogger<ManagedCertificatesController>());
+
                 var results = await _certifyManager.PerformChallengeCleanup(theLog, managedCertificate, progress: progressIndicator);
 
                 return results;
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
index b757fdebc..cad4c1d97 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Startup.cs
@@ -1,4 +1,4 @@
-using System.Text;
+using System.Text;
 using Certify.Management;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
diff --git a/src/Certify.Service/Controllers/ManagedCertificateController.cs b/src/Certify.Service/Controllers/ManagedCertificateController.cs
index 0892e7982..94a5b12ec 100644
--- a/src/Certify.Service/Controllers/ManagedCertificateController.cs
+++ b/src/Certify.Service/Controllers/ManagedCertificateController.cs
@@ -11,6 +11,7 @@
 using Certify.Models.Config;
 using Certify.Models.Reporting;
 using Certify.Models.Utils;
+using Microsoft.Extensions.Logging;
 using Serilog;
 
 namespace Certify.Service.Controllers
@@ -93,7 +94,7 @@ public async Task<List<StatusMessage>> TestChallengeResponse(ManagedCertificate
                      .WriteTo.Sink(new ProgressLogSink(progressIndicator, managedCertificate, _certifyManager))
                      .CreateLogger())
             {
-                var theLog = new Loggy(log);
+                var theLog = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(log).CreateLogger<ManagedCertificatesController>());
                 var results = await _certifyManager.TestChallenge(theLog, managedCertificate, isPreviewMode: true, progress: progressIndicator);
 
                 return results;
diff --git a/src/Certify.Shared/Management/PluginManager.cs b/src/Certify.Shared/Management/PluginManager.cs
index e53ca133d..7eda51aa8 100644
--- a/src/Certify.Shared/Management/PluginManager.cs
+++ b/src/Certify.Shared/Management/PluginManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
@@ -7,7 +7,9 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Plugins;
+using Microsoft.Extensions.Logging;
 using Serilog;
+using Serilog.Extensions.Logging;
 
 namespace Certify.Management
 {
@@ -52,12 +54,15 @@ public class PluginManager
 
         public PluginManager()
         {
-            _log = new Models.Loggy(
-                    new LoggerConfiguration()
+            var serilogLogger = new LoggerConfiguration()
+                        .Enrich.FromLogContext()
                         .MinimumLevel.Information()
                         .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "plugins.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10))
-                        .CreateLogger()
-                );
+                        .CreateLogger();
+
+           var msLogger = new SerilogLoggerFactory(serilogLogger).CreateLogger<PluginManager>(); 
+
+            _log = new Models.Loggy(msLogger);
 
             if (CurrentInstance == null)
             {
diff --git a/src/Certify.Shared/Utils/Loggy.cs b/src/Certify.Shared/Utils/Loggy.cs
index c946e7b0a..01981517f 100644
--- a/src/Certify.Shared/Utils/Loggy.cs
+++ b/src/Certify.Shared/Utils/Loggy.cs
@@ -1,5 +1,5 @@
 using System;
-using Serilog;
+using Microsoft.Extensions.Logging;
 
 namespace Certify.Models
 {
@@ -12,16 +12,16 @@ public Loggy(ILogger log)
             _log = log;
         }
 
-        public void Error(string template, params object[] propertyValues) => _log.Error(template, propertyValues);
+        public void Error(string template, params object[] propertyValues) => _log?.LogError(template, propertyValues);
 
-        public void Error(Exception exp, string template, params object[] propertyValues) => _log.Error(exp, template, propertyValues);
+        public void Error(Exception exp, string template, params object[] propertyValues) => _log?.LogError(exp, template, propertyValues);
 
-        public void Information(string template, params object[] propertyValues) => _log.Information(template, propertyValues);
+        public void Information(string template, params object[] propertyValues) => _log?.LogInformation(template, propertyValues);
 
-        public void Debug(string template, params object[] propertyValues) => _log.Debug(template, propertyValues);
+        public void Debug(string template, params object[] propertyValues) => _log?.LogDebug(template, propertyValues);
 
-        public void Verbose(string template, params object[] propertyValues) => _log.Verbose(template, propertyValues);
+        public void Verbose(string template, params object[] propertyValues) => _log?.LogTrace(template, propertyValues);
 
-        public void Warning(string template, params object[] propertyValues) => _log.Warning(template, propertyValues);
+        public void Warning(string template, params object[] propertyValues) => _log?.LogWarning(template, propertyValues);
     }
 }
diff --git a/src/Certify.Shared/Utils/ManagedCertificateLog.cs b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
index dfcdf7ebe..ed0e99382 100644
--- a/src/Certify.Shared/Utils/ManagedCertificateLog.cs
+++ b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
@@ -1,7 +1,8 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.IO;
 using Certify.Models.Providers;
+using Microsoft.Extensions.Logging;
 using Serilog;
 
 namespace Certify.Models
@@ -26,11 +27,11 @@ public class ManagedCertificateLogItem
 
     public static class ManagedCertificateLog
     {
-        private static ConcurrentDictionary<string, Serilog.Core.Logger> _managedItemLoggers { get; set; }
+        private static ConcurrentDictionary<string, Microsoft.Extensions.Logging.ILogger> _managedItemLoggers { get; set; }
 
         public static string GetLogPath(string managedItemId) => Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "log_" + managedItemId.Replace(':', '_') + ".txt");
 
-        public static ILog GetLogger(string managedItemId, Serilog.Core.LoggingLevelSwitch logLevelSwitch)
+        public static ILog GetLogger(string managedItemId, LogLevel logLevelSwitch)
         {
             if (string.IsNullOrEmpty(managedItemId))
             {
@@ -39,10 +40,10 @@ public static ILog GetLogger(string managedItemId, Serilog.Core.LoggingLevelSwit
 
             if (_managedItemLoggers == null)
             {
-                _managedItemLoggers = new ConcurrentDictionary<string, Serilog.Core.Logger>();
+                _managedItemLoggers = new ConcurrentDictionary<string, Microsoft.Extensions.Logging.ILogger>();
             }
 
-            Serilog.Core.Logger log = _managedItemLoggers.GetOrAdd(managedItemId, (key) =>
+            var log = _managedItemLoggers.GetOrAdd(managedItemId, (key) =>
             {
                 var logPath = GetLogPath(key);
 
@@ -55,26 +56,22 @@ public static ILog GetLogger(string managedItemId, Serilog.Core.LoggingLevelSwit
                 }
                 catch { }
 
-                Serilog.Debugging.SelfLog.Enable(Console.Error);
-
-                log = new LoggerConfiguration()
-                    .MinimumLevel.ControlledBy(logLevelSwitch)
-#if DEBUG
-                    .WriteTo.Debug()
-#endif
+                var serilogLog = new Serilog.LoggerConfiguration()
+                    .Enrich.FromLogContext()
                     .WriteTo.File(
                         logPath, shared: true,
                         flushToDiskInterval: new TimeSpan(0, 0, 10)
                     )
                     .CreateLogger();
 
-                return log;
+                return new Serilog.Extensions.Logging.SerilogLoggerFactory(serilogLog).CreateLogger<ManagedCertificate>();
+
             });
 
             return new Loggy(log);
         }
 
-        public static void AppendLog(string managedItemId, ManagedCertificateLogItem logItem, Serilog.Core.LoggingLevelSwitch logLevelSwitch)
+        public static void AppendLog(string managedItemId, ManagedCertificateLogItem logItem, LogLevel logLevelSwitch)
         {
             var log = GetLogger(managedItemId, logLevelSwitch);
 
@@ -106,7 +103,10 @@ public static void DisposeLoggers()
             {
                 foreach (var l in _managedItemLoggers.Values)
                 {
-                    l?.Dispose();
+                    if (l is IDisposable tmp)
+                    {
+                        tmp?.Dispose();
+                    }
                 }
             }
         }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
index f50639dce..ce411e9d1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
@@ -35,11 +35,7 @@ public class CertRequestTests : IntegrationTestBase, IDisposable
 
         public CertRequestTests()
         {
-            var log = new LoggerConfiguration()
-                     .WriteTo.Debug()
-                     .CreateLogger();
-
-            _log = new Loggy(log);
+            
             certifyManager = new CertifyManager();
             certifyManager.Init().Wait();
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
index 2970281ff..bb4522449 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
@@ -27,11 +27,7 @@ public class DeploymentPreviewTests : IntegrationTestBase, IDisposable
 
         public DeploymentPreviewTests()
         {
-            var log = new LoggerConfiguration()
-                     .WriteTo.Debug()
-                     .CreateLogger();
 
-            _log = new Loggy(log);
             certifyManager = new CertifyManager();
             certifyManager.Init().Wait();
             iisManager = new ServerProviderIIS();
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
index c6f2bdd50..6b7d20335 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
@@ -23,12 +23,6 @@ public class DeploymentTaskTests : IntegrationTestBase
 
         public DeploymentTaskTests()
         {
-            var log = new LoggerConfiguration()
-                     .WriteTo.Debug()
-                     .CreateLogger();
-
-            _log = new Loggy(log);
-
             certifyManager = new CertifyManager();
             certifyManager.Init().Wait();
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
index 82a0fd5bb..f58b24981 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
@@ -4,6 +4,7 @@
 using System.IO;
 using Certify.Models;
 using Certify.Models.Providers;
+using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 using Serilog;
 
@@ -31,12 +32,7 @@ public IntegrationTestBase()
 
             ConfigSettings = JsonConvert.DeserializeObject<Dictionary<string, string>>(System.IO.File.ReadAllText("C:\\temp\\Certify\\TestConfigSettings.json"));
 
-            var logImp = new LoggerConfiguration()
-           .WriteTo.Debug()
-           .CreateLogger();
-
-            _log = new Loggy(logImp);
-
+            _log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<IntegrationTestBase>());
         }
 
         public ManagedCertificate GetMockManagedCertificate(string siteName, string testDomain, string siteId = null, string testPath = null)
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index 14f33ff0e..d5cebf7ca 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -7,6 +7,7 @@
 using Certify.Models;
 using Certify.Models.Config.AccessControl;
 using Certify.Providers;
+using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Newtonsoft.Json;
 using Serilog;
@@ -164,9 +165,8 @@ public class AccessControlTests
         [TestInitialize]
         public void TestInitialize()
         {
-            this.loggy = new Loggy(new LoggerConfiguration()
-                .WriteTo.Debug()
-                .CreateLogger());
+            this.loggy = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<AccessControlTests>());
+
             this.access = new AccessControl(loggy, new MemoryObjectStore());
         }
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
index 9e3af1522..eeaa45718 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
@@ -3,6 +3,7 @@
 using System.Runtime.InteropServices;
 using Certify.Management;
 using Certify.Models;
+using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Serilog;
 
@@ -118,12 +119,7 @@ public void TestSetACLOnPrivateKey(string account, string keyType, string fileSy
                 return;
             }
 
-            var logCfg = new LoggerConfiguration()
-              .MinimumLevel.Debug()
-              .WriteTo.Debug()
-              .CreateLogger();
-
-            var log = new Loggy(logCfg);
+            var log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<CertificateOperationTests>());
 
             var cert = CertificateManager.GenerateSelfSignedCertificate("localhost", DateTime.UtcNow, DateTime.UtcNow.AddDays(30), suffix: "[Certify](test)", keyType: keyType);
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index 4782fb528..41406c7d9 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -15,6 +15,7 @@
 using DotNet.Testcontainers.Builders;
 using DotNet.Testcontainers.Containers;
 using DotNet.Testcontainers.Volumes;
+using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Newtonsoft.Json;
 using Serilog;
@@ -39,7 +40,8 @@ public class CertifyManagerAccountTests
         [ClassInitialize]
         public static async Task ClassInit(TestContext context)
         {
-            _log = new Loggy(new LoggerConfiguration().WriteTo.Debug().CreateLogger());
+            
+            _log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<CertifyManagerAccountTests>());
 
             _caDomain = _isContainer ? "step-ca" : "localhost";
             _caPort = 9000;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
index 7ab2fe3a7..ea960ed3e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
@@ -14,12 +14,6 @@ public async Task TestPortConnection()
         {
             var net = new NetworkUtils(enableProxyValidationAPI: true);
 
-            var logImp = new LoggerConfiguration()
-                .WriteTo.Debug()
-                .CreateLogger();
-
-            var log = new Loggy(logImp);
-
             var result = await net.CheckServiceConnection("webprofusion.com", 80);
 
             Assert.IsTrue(result.IsSuccess, "hostname should connect ok on port 80");
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
index e0b4a1c7d..14cee841a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
@@ -2,7 +2,7 @@
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Shared.Core.Utils;
-
+using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Serilog;
 
@@ -17,11 +17,7 @@ public async Task TestDNSTests()
         {
             var net = new NetworkUtils(enableProxyValidationAPI: true);
 
-            var logImp = new LoggerConfiguration()
-                .WriteTo.Debug()
-                .CreateLogger();
-
-            var log = new Loggy(logImp);
+            var log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<DnsQueryTests>());
 
             // check invalid domain
             var result = await net.CheckDNS(log, "fdlsakdfoweinoijsjdfpsdkfspdf.com");
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
index bb773bd74..03f4eed99 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/LoggyTests.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using Certify.Models;
+using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Serilog;
 
@@ -43,7 +44,8 @@ public void TestLoggyError()
             var logImp = new LoggerConfiguration()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Log an error message using Loggy.Error()
             var logMessage = "New Loggy Error";
@@ -65,7 +67,7 @@ public void TestLoggyErrorException()
             var logImp = new LoggerConfiguration()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Trigger an exception error and log it using Loggy.Error()
             var logMessage = "New Loggy Exception Error";
@@ -80,6 +82,7 @@ public void TestLoggyErrorException()
             {
                 log.Error(e, logMessage);
             }
+
             logImp.Dispose();
 
             // Read in logged out exception error text
@@ -98,7 +101,7 @@ public void TestLoggyInformation()
             var logImp = new LoggerConfiguration()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Log an info message using Loggy.Information()
             var logMessage = "New Loggy Information";
@@ -121,7 +124,7 @@ public void TestLoggyDebug()
                 .MinimumLevel.Debug()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Log a debug message using Loggy.Debug()
             var logMessage = "New Loggy Debug";
@@ -144,7 +147,7 @@ public void TestLoggyVerbose()
                 .MinimumLevel.Verbose()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Log a verbose message using Loggy.Verbose()
             var logMessage = "New Loggy Verbose";
@@ -166,7 +169,8 @@ public void TestLoggyWarning()
             var logImp = new LoggerConfiguration()
                 .WriteTo.File(this.logFilePath)
                 .CreateLogger();
-            var log = new Loggy(logImp);
+
+            var log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(logImp).CreateLogger<LoggyTests>());
 
             // Log a warning message using Loggy.Warning()
             var logMessage = "New Loggy Warning";
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
index a42e324a6..de76e9dea 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
@@ -14,7 +14,9 @@
 using Certify.Providers;
 using Certify.SharedUtils;
 using Certify.UI.Shared;
+using Microsoft.Extensions.Logging;
 using Serilog;
+using Serilog.Core;
 
 namespace Certify.UI.ViewModel
 {
@@ -68,13 +70,14 @@ public static AppViewModel GetModel()
         /// </summary>
         private void Init()
         {
-            Log = new Loggy(
-                new LoggerConfiguration()
-                .MinimumLevel.Verbose()
-                .WriteTo.Debug()
+
+            var serilogLog = new Serilog.LoggerConfiguration()
+            .Enrich.FromLogContext()
+            .MinimumLevel.Verbose()
                 .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "ui.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10))
-                .CreateLogger()
-                );
+                .CreateLogger();
+
+            Log = new Loggy(new Serilog.Extensions.Logging.SerilogLoggerFactory(serilogLog).CreateLogger<AppViewModel>());
 
             ProgressResults = new ObservableCollection<RequestProgressState>();
 

From 26a000bbe64599f1c90d3e759cedc2881b529c33 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 9 Jul 2024 14:10:25 +0800
Subject: [PATCH 205/237] Implement per instance log fetch and item challenge
 config test

---
 .../CertifyManager.ManagementHub.cs           | 15 +++++--
 .../API/Management/ManagementHubMessages.cs   |  1 +
 .../Certify.API.Public.cs                     | 22 +++++-----
 .../Controllers/v1/CertificateController.cs   | 20 +++------
 .../Services/ManagementAPI.cs                 | 44 +++++++++++++++++++
 5 files changed, 74 insertions(+), 28 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index 2ad71342a..570656844 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
@@ -72,10 +72,19 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
             }
             else if (arg.CommandType == ManagementHubCommands.GetInstanceStatusSummary)
             {
-                var s=  await GetManagedCertificateSummary(new ManagedCertificateFilter { });
+                var s = await GetManagedCertificateSummary(new ManagedCertificateFilter { });
                 s.InstanceId = InstanceId;
                 val = s;
             }
+            else if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItemLog)
+            {
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+                var limit = args.FirstOrDefault(a => a.Key == "limit");
+                var s = await GetItemLog(managedCertIdArg.Value, int.Parse(limit.Value));
+               
+                val = s;
+            }
             else if (arg.CommandType == ManagementHubCommands.UpdateInstanceManagedItem)
             {
                 // update a single managed item 
@@ -97,7 +106,7 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
                 var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
-                await TestChallenge(null, managedCertObj, isPreviewMode: true);
+                val = await TestChallenge(null, managedCertObj, isPreviewMode: true);
             }
             else if (arg.CommandType == ManagementHubCommands.Reconnect)
             {
diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
index 7dbaa7c65..fce7d50ea 100644
--- a/src/Certify.Models/API/Management/ManagementHubMessages.cs
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -16,6 +16,7 @@ public class ManagementHubCommands
         public const string GetInstanceStatusSummary = "GetInstanceStatusSummary";
         public const string GetInstanceManagedItems = "GetInstanceManagedItems";
         public const string GetInstanceManagedItem = "GetInstanceManagedItem";
+        public const string GetInstanceManagedItemLog = "GetInstanceManagedItemLog";
         public const string UpdateInstanceManagedItem = "UpdateInstanceManagedItem";
         public const string DeleteInstanceManagedItem = "DeleteInstanceManagedItem";
         public const string TestInstanceManagedItem = "TestInstanceManagedItem";
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 6de1592ef..0e85b6f7a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1311,9 +1311,9 @@ public virtual async System.Threading.Tasks.Task<FileResponse> DownloadAsync(str
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines)
+        public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string instanceId, string managedCertId, int? maxLines)
         {
-            return DownloadLogAsync(managedCertId, maxLines, System.Threading.CancellationToken.None);
+            return DownloadLogAsync(instanceId, managedCertId, maxLines, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -1322,7 +1322,7 @@ public virtual System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string ma
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string managedCertId, int? maxLines, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(string instanceId, string managedCertId, int? maxLines, System.Threading.CancellationToken cancellationToken)
         {
             if (managedCertId == null)
                 throw new System.ArgumentNullException("managedCertId");
@@ -1343,6 +1343,10 @@ public virtual async System.Threading.Tasks.Task<LogResult> DownloadLogAsync(str
                     urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(managedCertId, System.Globalization.CultureInfo.InvariantCulture)));
                     urlBuilder_.Append("/log");
                     urlBuilder_.Append('?');
+                    if (instanceId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("instanceId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
                     if (maxLines != null)
                     {
                         urlBuilder_.Append(System.Uri.EscapeDataString("maxLines")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(maxLines, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
@@ -1504,9 +1508,9 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificateSummaryResult
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync(string keyword)
+        public virtual System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync()
         {
-            return GetManagedCertificateSummaryAsync(keyword, System.Threading.CancellationToken.None);
+            return GetManagedCertificateSummaryAsync(System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -1515,7 +1519,7 @@ public virtual System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateS
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync(string keyword, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<StatusSummary> GetManagedCertificateSummaryAsync(System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1531,12 +1535,6 @@ public virtual async System.Threading.Tasks.Task<StatusSummary> GetManagedCertif
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/summary"
                     urlBuilder_.Append("api/v1/certificate/summary");
-                    urlBuilder_.Append('?');
-                    if (keyword != null)
-                    {
-                        urlBuilder_.Append(System.Uri.EscapeDataString("keyword")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(keyword, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
-                    }
-                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 4a9beb978..6f6999ce9 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -1,4 +1,5 @@
-using Certify.Client;
+using Certify.Client;
+using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Reporting;
 using Certify.Server.Api.Public.Services;
@@ -91,21 +92,15 @@ public async Task<IActionResult> Download(string managedCertId, string format, s
         [Route("{managedCertId}/log")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(LogResult))]
-        public async Task<IActionResult> DownloadLog(string managedCertId, int maxLines = 1000)
+        public async Task<IActionResult> DownloadLog(string instanceId, string managedCertId, int maxLines = 1000)
         {
-            var managedCert = await _client.GetManagedCertificate(managedCertId, CurrentAuthContext);
-
-            if (managedCert == null)
-            {
-                return new NotFoundResult();
-            }
 
             if (maxLines > 1000)
             {
                 maxLines = 1000;
             }
 
-            var log = await _client.GetItemLog(managedCertId, maxLines, CurrentAuthContext);
+            LogItem[] log = await _mgmtAPI.GetItemLog(instanceId, managedCertId, maxLines, CurrentAuthContext);
 
             return new OkObjectResult(new LogResult { Items = log });
         }
@@ -168,8 +163,6 @@ public async Task<IActionResult> GetManagedCertificates(string? keyword, int? pa
         public async Task<IActionResult> GetManagedCertificateSummary()
         {
             var summary = await _mgmtAPI.GetManagedCertificateSummary(CurrentAuthContext);
-         
-
             return new OkObjectResult(summary);
         }
 
@@ -268,10 +261,11 @@ public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         [Route("test")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<Models.StatusMessage>))]
-        public async Task<IActionResult> PerformConfigurationTest(Models.ManagedCertificate item)
+        public async Task<IActionResult> PerformConfigurationTest(string instanceId, Models.ManagedCertificate item)
         {
 
-            var results = await _client.TestChallengeConfiguration(item, CurrentAuthContext);
+            List<StatusMessage> results = await _mgmtAPI.TestManagedCertificateConfiguration(instanceId, item, CurrentAuthContext);
+
             if (results != null)
             {
                 return new OkObjectResult(results);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
index f752e1611..2de240a43 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
@@ -2,6 +2,7 @@
 using Certify.API.Management;
 using Certify.Client;
 using Certify.Models;
+using Certify.Models.API;
 using Certify.Models.Reporting;
 using Certify.Server.Api.Public.SignalR.ManagementHub;
 using Microsoft.AspNetCore.SignalR;
@@ -147,6 +148,49 @@ public async Task<StatusSummary> GetManagedCertificateSummary(AuthContext? curre
 
             return await Task.FromResult(sum);
         }
+
+        public async Task<LogItem[]> GetItemLog(string instanceId, string managedCertId, int maxLines, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCertId",managedCertId),
+                    new("limit",maxLines.ToString())
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetInstanceManagedItemLog, args);
+
+            var result = await GetCommandResult(instanceId, cmd);
+
+            if (result?.Value != null)
+            {
+                return JsonSerializer.Deserialize<LogItem[]>(result.Value);
+            }
+            else
+            {
+                return [];
+            }
+        }
+
+        internal async Task<List<StatusMessage>> TestManagedCertificateConfiguration(string instanceId, ManagedCertificate managedCert, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCert",JsonSerializer.Serialize(managedCert))
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.TestInstanceManagedItem, args);
+
+            var result = await GetCommandResult(instanceId, cmd);
+
+            if (result?.Value != null)
+            {
+                return JsonSerializer.Deserialize<List<StatusMessage>>(result.Value);
+            }
+            else
+            {
+                return [];
+            }
+        }
     }
 }
 

From 71d63fe78702cf813fbe69d38ac5533fa810618a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 9 Jul 2024 18:39:25 +0800
Subject: [PATCH 206/237] Implement instance item preview, request, fix log
 reading

---
 src/Certify.Core/Certify.Core.csproj          | 133 +++++++++---------
 .../CertifyManager.ManagedCertificates.cs     |  23 ++-
 .../CertifyManager.ManagementHub.cs           |  67 ++++++---
 .../CertifyManager/CertifyManager.cs          |   9 +-
 .../API/Management/ManagementHubMessages.cs   |  17 ++-
 .../AWSRoute53/Plugin.DNS.AWSRoute53.csproj   |   2 +-
 .../Certify.API.Public.cs                     |  44 +++---
 .../Controllers/internal/PreviewController.cs |  11 +-
 .../Controllers/v1/CertificateController.cs   |  33 ++---
 .../Services/ManagementAPI.cs                 |  57 +++++++-
 .../ManagementHub/InstanceManagementHub.cs    |   8 +-
 .../Certify.Server.Api.Public/Startup.cs      |   9 ++
 src/Certify.Shared/Certify.Shared.Core.csproj |   2 +-
 src/Certify.Shared/Utils/DemoDataGenerator.cs |   4 +-
 14 files changed, 263 insertions(+), 156 deletions(-)

diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 0acea6a9a..36d40e890 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -1,71 +1,72 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFrameworks>net462;net9.0</TargetFrameworks>
-    <Configurations>Debug;Release;</Configurations>
-    <Platforms>AnyCPU</Platforms>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>AnyCPU</PlatformTarget>
-  </PropertyGroup>
+    <PropertyGroup>
+        <TargetFrameworks>net462;net9.0</TargetFrameworks>
+        <Configurations>Debug;Release;</Configurations>
+        <Platforms>AnyCPU</Platforms>
+        <LangVersion>latest</LangVersion>
+    </PropertyGroup>
+    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-   
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>AnyCPU</PlatformTarget>
- 
-  </PropertyGroup>
+        <Optimize>false</Optimize>
+        <OutputPath>bin\Debug\</OutputPath>
+        <DefineConstants>DEBUG;TRACE</DefineConstants>
+        <ErrorReport>prompt</ErrorReport>
+        <WarningLevel>4</WarningLevel>
+        <PlatformTarget>AnyCPU</PlatformTarget>
+    </PropertyGroup>
 
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{58881E46-4A76-47B9-9725-FA7C5F0090D0}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>Certify.Core</RootNamespace>
-    <AssemblyName>Certify.Core</AssemblyName>
-    <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <NuGetPackageImportStamp />
-    <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
-    <NoWarn>1701;1702;CA1068</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
-    <NoWarn>1701;1702;CA1068</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
-    <NoWarn>1701;1702;CA1068</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
-    <NoWarn>1701;1702;CA1068</NoWarn>
-  </PropertyGroup>
-  <ItemGroup>
-    <PackageReference Include="Polly" Version="8.4.1" />
-  </ItemGroup>
-  
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
-    <ProjectReference Include="..\Certify.Client\Certify.Client.csproj" />
-    <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
-    <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
-    <ProjectReference Include="..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
-    <ProjectReference Include="..\Certify.Shared.Extensions\Certify.Shared.Extensions.csproj" />
-    <ProjectReference Include="..\Certify.Shared\Certify.Shared.Core.csproj" />
-  </ItemGroup>
-  
-  <ItemGroup>
-    <Reference Include="System.Security" />
-  </ItemGroup>
+    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+
+        <Optimize>true</Optimize>
+        <OutputPath>bin\Release\</OutputPath>
+        <DefineConstants>TRACE</DefineConstants>
+        <ErrorReport>prompt</ErrorReport>
+        <WarningLevel>4</WarningLevel>
+        <PlatformTarget>AnyCPU</PlatformTarget>
+
+    </PropertyGroup>
+
+    <PropertyGroup>
+        <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+        <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+        <ProjectGuid>{58881E46-4A76-47B9-9725-FA7C5F0090D0}</ProjectGuid>
+        <OutputType>Library</OutputType>
+        <AppDesignerFolder>Properties</AppDesignerFolder>
+        <RootNamespace>Certify.Core</RootNamespace>
+        <AssemblyName>Certify.Core</AssemblyName>
+        <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
+        <FileAlignment>512</FileAlignment>
+        <NuGetPackageImportStamp />
+        <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
+        <NoWarn>1701;1702;CA1068</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
+        <NoWarn>1701;1702;CA1068</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
+        <NoWarn>1701;1702;CA1068</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
+        <NoWarn>1701;1702;CA1068</NoWarn>
+    </PropertyGroup>
+    <ItemGroup>
+        <PackageReference Include="Polly" Version="8.4.1" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <ProjectReference Include="..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
+        <ProjectReference Include="..\Certify.Client\Certify.Client.csproj" />
+        <ProjectReference Include="..\Certify.Locales\Certify.Locales.csproj" />
+        <ProjectReference Include="..\Certify.Models\Certify.Models.csproj" />
+        <ProjectReference Include="..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
+        <ProjectReference Include="..\Certify.Shared.Extensions\Certify.Shared.Extensions.csproj" />
+        <ProjectReference Include="..\Certify.Shared\Certify.Shared.Core.csproj" />
+    </ItemGroup>
+
+    <ItemGroup>
+        <Reference Include="System.Security" />
+    </ItemGroup>
 
 </Project>
\ No newline at end of file
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 721d5eb4f..79955ac6f 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -554,14 +554,23 @@ public async Task<LogItem[]> GetItemLog(string id, int limit)
             {
                 try
                 {
+                    LogItem[] results = [];
                     // TODO: use reverse stream reader for large files
+                    var stream = System.IO.File.Open(logPath, System.IO.FileMode.Open, System.IO.FileAccess.Read, System.IO.FileShare.ReadWrite);
+                    using (var streamReader = new System.IO.StreamReader(stream))
+                    {
+                        var str = await streamReader.ReadToEndAsync();
+                        stream.Close();
+
+                        var log =str.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
+                            .Reverse()
+                            .Take(limit)
+                            .ToArray();
+
+                        results = LogParser.Parse(log);
+                    }
 
-                    var log = System.IO.File.ReadAllLines(logPath)
-                        .Reverse()
-                        .Take(limit)
-                        .ToArray();
-                    var parsed = LogParser.Parse(log);
-                    return parsed;
+                    return results;
                 }
                 catch (Exception exp)
                 {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index 570656844..642de6bb1 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
@@ -8,6 +8,7 @@
 using Certify.Models.Shared.Validation;
 using System.Text.Json;
 using Certify.Shared.Core.Utils;
+using Serilog;
 
 namespace Certify.Management
 {
@@ -17,8 +18,9 @@ public partial class CertifyManager
         private string _managementServerConnectionId = string.Empty;
         private void SendHeartbeatToManagementHub()
         {
-            _managementServerClient.SendInstanceInfo(Guid.NewGuid(), false);
+            //_managementServerClient.SendInstanceInfo(Guid.NewGuid(), false);
         }
+
         private async Task StartManagementHubConnection(string hubUri)
         {
 
@@ -57,56 +59,89 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
         {
             object val = null;
 
-            if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItem)
+            if (arg.CommandType == ManagementHubCommands.GetManagedItem)
             {
                 // Get a single managed item by id
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
                 val = await GetManagedCertificate(managedCertIdArg.Value);
             }
-            else if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItems)
+            else if (arg.CommandType == ManagementHubCommands.GetManagedItems)
             {
                 // Get all managed items
                 var items = await GetManagedCertificates(new ManagedCertificateFilter { });
                 val = new ManagedInstanceItems { InstanceId = InstanceId, Items = items };
             }
-            else if (arg.CommandType == ManagementHubCommands.GetInstanceStatusSummary)
+            else if (arg.CommandType == ManagementHubCommands.GetStatusSummary)
             {
                 var s = await GetManagedCertificateSummary(new ManagedCertificateFilter { });
                 s.InstanceId = InstanceId;
                 val = s;
             }
-            else if (arg.CommandType == ManagementHubCommands.GetInstanceManagedItemLog)
+            else if (arg.CommandType == ManagementHubCommands.GetManagedItemLog)
             {
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
                 var limit = args.FirstOrDefault(a => a.Key == "limit");
-                var s = await GetItemLog(managedCertIdArg.Value, int.Parse(limit.Value));
-               
-                val = s;
+
+                val = await GetItemLog(managedCertIdArg.Value, int.Parse(limit.Value));
+            }
+            else if (arg.CommandType == ManagementHubCommands.GetManagedItemRenewalPreview)
+            {
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
+                var managedCert = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
+
+                val = await GeneratePreview(managedCert);
             }
-            else if (arg.CommandType == ManagementHubCommands.UpdateInstanceManagedItem)
+            else if (arg.CommandType == ManagementHubCommands.UpdateManagedItem)
             {
                 // update a single managed item 
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
-                var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
-                val = await UpdateManagedCertificate(managedCertObj);
+                var managedCert = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
+
+                val = await UpdateManagedCertificate(managedCert);
             }
-            else if (arg.CommandType == ManagementHubCommands.DeleteInstanceManagedItem)
+            else if (arg.CommandType == ManagementHubCommands.DeleteManagedItem)
             {
                 // delete a single managed item 
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+
                 await DeleteManagedCertificate(managedCertIdArg.Value);
             }
-            else if (arg.CommandType == ManagementHubCommands.TestInstanceManagedItem)
+            else if (arg.CommandType == ManagementHubCommands.TestManagedItemConfiguration)
             {
                 // test challenge response config for a single managed item 
                 var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
                 var managedCertArg = args.FirstOrDefault(a => a.Key == "managedCert");
-                var managedCertObj = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
-                val = await TestChallenge(null, managedCertObj, isPreviewMode: true);
+                var managedCert = JsonSerializer.Deserialize<ManagedCertificate>(managedCertArg.Value);
+
+                var log = ManagedCertificateLog.GetLogger(managedCert.Id, _loggingLevelSwitch);
+
+                val = await TestChallenge(log, managedCert, isPreviewMode: true);
+
+            }
+            else if (arg.CommandType == ManagementHubCommands.PerformManagedItemRequest)
+            {
+                // attempt certificate order
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+                var managedCert = await GetManagedCertificate(managedCertIdArg.Value);
+
+                var progressState = new RequestProgressState(RequestState.Running, "Starting..", managedCert);
+                var progressIndicator = new Progress<RequestProgressState>(progressState.ProgressReport);
+
+                _ = await PerformCertificateRequest(
+                                                        null,
+                                                        managedCert,
+                                                        progressIndicator,
+                                                        resumePaused: true,
+                                                        isInteractive: true
+                                                        );
+
+                val = true;
             }
             else if (arg.CommandType == ManagementHubCommands.Reconnect)
             {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index f1ea00d51..2b598a326 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
@@ -197,6 +197,8 @@ public async Task Init()
                 GenerateDemoItems();
             }
 #endif
+
+            await EnsureMgmtHubConnection();
         }
 
         /// <summary>
@@ -245,6 +247,11 @@ private async void _hourlyTimer_Elapsed(object sender, System.Timers.ElapsedEven
         }
 
         private async void _heartbeatTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
+        {
+            await EnsureMgmtHubConnection();
+        }
+
+        private async Task EnsureMgmtHubConnection()
         {
             // connect/reconnect to management hub if enabled
             if (_managementServerClient == null || !_managementServerClient.IsConnected())
diff --git a/src/Certify.Models/API/Management/ManagementHubMessages.cs b/src/Certify.Models/API/Management/ManagementHubMessages.cs
index fce7d50ea..62dc9ebff 100644
--- a/src/Certify.Models/API/Management/ManagementHubMessages.cs
+++ b/src/Certify.Models/API/Management/ManagementHubMessages.cs
@@ -13,13 +13,16 @@ public class ManagementHubMessages
     public class ManagementHubCommands
     {
         public const string GetInstanceInfo = "GetInstanceInfo";
-        public const string GetInstanceStatusSummary = "GetInstanceStatusSummary";
-        public const string GetInstanceManagedItems = "GetInstanceManagedItems";
-        public const string GetInstanceManagedItem = "GetInstanceManagedItem";
-        public const string GetInstanceManagedItemLog = "GetInstanceManagedItemLog";
-        public const string UpdateInstanceManagedItem = "UpdateInstanceManagedItem";
-        public const string DeleteInstanceManagedItem = "DeleteInstanceManagedItem";
-        public const string TestInstanceManagedItem = "TestInstanceManagedItem";
+        public const string GetStatusSummary = "GetStatusSummary";
+        public const string GetManagedItems = "GetManagedItems";
+        public const string GetManagedItem = "GetManagedItem";
+        public const string GetManagedItemLog = "GetManagedItemLog";
+        public const string GetManagedItemRenewalPreview = "GetManagedItemRenewalPreview";
+
+        public const string UpdateManagedItem = "UpdateManagedItem";
+        public const string DeleteManagedItem = "DeleteManagedItem";
+        public const string TestManagedItemConfiguration = "TestManagedItemConfiguration";
+        public const string PerformManagedItemRequest = "PerformManagedItemRequest";
 
         public const string Reconnect = "Reconnect";
     }
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 9dfcb059b..ce88d2d00 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.81" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.82" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
index 0e85b6f7a..28418eced 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.API.Public.cs
@@ -1876,9 +1876,9 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> UpdateManag
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id)
+        public virtual System.Threading.Tasks.Task BeginOrderAsync(string instanceId, string id)
         {
-            return BeginOrderAsync(id, System.Threading.CancellationToken.None);
+            return BeginOrderAsync(instanceId, id, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -1887,7 +1887,7 @@ public virtual System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(s
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderAsync(string id, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task BeginOrderAsync(string instanceId, string id, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1895,15 +1895,18 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
             {
                 using (var request_ = new System.Net.Http.HttpRequestMessage())
                 {
-                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "text/plain");
+                    request_.Content = new System.Net.Http.StringContent(string.Empty, System.Text.Encoding.UTF8, "application/json");
                     request_.Method = new System.Net.Http.HttpMethod("POST");
-                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/order"
                     urlBuilder_.Append("api/v1/certificate/order");
                     urlBuilder_.Append('?');
+                    if (instanceId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("instanceId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
                     if (id != null)
                     {
                         urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
@@ -1935,12 +1938,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
                         var status_ = (int)response_.StatusCode;
                         if (status_ == 200)
                         {
-                            var objectResponse_ = await ReadObjectResponseAsync<ManagedCertificate>(response_, headers_, cancellationToken).ConfigureAwait(false);
-                            if (objectResponse_.Object == null)
-                            {
-                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
-                            }
-                            return objectResponse_.Object;
+                            return;
                         }
                         else
                         {
@@ -1967,9 +1965,9 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> BeginOrderA
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body)
+        public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(string instanceId, RenewalSettings body)
         {
-            return PerformRenewalAsync(body, System.Threading.CancellationToken.None);
+            return PerformRenewalAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -1978,7 +1976,7 @@ public virtual System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsy
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(RenewalSettings body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRenewalAsync(string instanceId, RenewalSettings body, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -1997,6 +1995,12 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/renew"
                     urlBuilder_.Append("api/v1/certificate/renew");
+                    urlBuilder_.Append('?');
+                    if (instanceId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("instanceId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -2055,9 +2059,9 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body)
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(string instanceId, ManagedCertificate body)
         {
-            return PerformConfigurationTestAsync(body, System.Threading.CancellationToken.None);
+            return PerformConfigurationTestAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -2066,7 +2070,7 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<StatusMessage>> PerformConfigurationTestAsync(string instanceId, ManagedCertificate body, System.Threading.CancellationToken cancellationToken)
         {
             var client_ = _httpClient;
             var disposeClient_ = false;
@@ -2085,6 +2089,12 @@ public virtual async System.Threading.Tasks.Task<ManagedCertificate> PerformRene
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
                     // Operation Path: "api/v1/certificate/test"
                     urlBuilder_.Append("api/v1/certificate/test");
+                    urlBuilder_.Append('?');
+                    if (instanceId != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("instanceId")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index 412d787e9..3e1de3f77 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -1,5 +1,6 @@
 using Certify.Client;
 using Certify.Models;
+using Certify.Server.Api.Public.Services;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -16,17 +17,17 @@ public partial class PreviewController : ApiControllerBase
 
         private readonly ILogger<PreviewController> _logger;
 
-        private readonly ICertifyInternalApiClient _client;
+        private readonly ManagementAPI _mgmtAPI;
 
         /// <summary>
         /// Constructor
         /// </summary>
         /// <param name="logger"></param>
-        /// <param name="client"></param>
-        public PreviewController(ILogger<PreviewController> logger, ICertifyInternalApiClient client)
+        /// <param name="mgmtAPI"></param>
+        public PreviewController(ILogger<PreviewController> logger, ManagementAPI mgmtAPI)
         {
             _logger = logger;
-            _client = client;
+            _mgmtAPI = mgmtAPI;
         }
 
         /// <summary>
@@ -39,7 +40,7 @@ public PreviewController(ILogger<PreviewController> logger, ICertifyInternalApiC
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<ActionStep>))]
         public async Task<IActionResult> GetPreview([FromBody] ManagedCertificate item)
         {
-            var previewSteps = await _client.PreviewActions(item);
+            var previewSteps = await _mgmtAPI.GetPreviewActions(item.InstanceId, item, CurrentAuthContext);
             return new OkObjectResult(previewSteps);
         }
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index 6f6999ce9..bb8018fd0 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -1,4 +1,4 @@
-using Certify.Client;
+using Certify.Client;
 using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Reporting;
@@ -23,10 +23,6 @@ public partial class CertificateController : ApiControllerBase
 
         private readonly ICertifyInternalApiClient _client;
 
-        private IInstanceManagementStateProvider _mgmtStateProvider;
-
-        private IHubContext<InstanceManagementHub, IInstanceManagementHub> _mgmtHubContext;
-
         private ManagementAPI _mgmtAPI;
 
         /// <summary>
@@ -34,14 +30,12 @@ public partial class CertificateController : ApiControllerBase
         /// </summary>
         /// <param name="logger"></param>
         /// <param name="client"></param>
-        public CertificateController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, IInstanceManagementStateProvider mgmtStateProvider, IHubContext<InstanceManagementHub, IInstanceManagementHub> mgmtHubContext)
+        public CertificateController(ILogger<CertificateController> logger, ICertifyInternalApiClient client, ManagementAPI mgmtApi)
         {
             _logger = logger;
             _client = client;
-            _mgmtStateProvider = mgmtStateProvider;
-            _mgmtHubContext = mgmtHubContext;
 
-            _mgmtAPI = new ManagementAPI(_mgmtStateProvider, _mgmtHubContext, _client);
+            _mgmtAPI = mgmtApi;
         }
 
         /// <summary>
@@ -214,19 +208,12 @@ public async Task<IActionResult> UpdateManagedCertificateDetails(string instance
         [HttpPost]
         [Route("order")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        public async Task<IActionResult> BeginOrder(string id)
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public async Task<IActionResult> BeginOrder(string instanceId, string id)
         {
+            await _mgmtAPI.PerformManagedCertificateRequest(instanceId, id, CurrentAuthContext);
 
-            var result = await _client.BeginCertificateRequest(id, true, false, CurrentAuthContext);
-            if (result != null)
-            {
-                return new OkObjectResult(result);
-            }
-            else
-            {
-                return new BadRequestResult();
-            }
+            return new OkResult();
         }
 
         /// <summary>
@@ -238,9 +225,9 @@ public async Task<IActionResult> BeginOrder(string id)
         [Route("renew")]
         [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Models.ManagedCertificate))]
-        public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
+        public async Task<IActionResult> PerformRenewal(string instanceId, Models.RenewalSettings settings)
         {
-
+            // TODO: send to instance
             var results = await _client.BeginAutoRenewal(settings, CurrentAuthContext);
             if (results != null)
             {
@@ -264,7 +251,7 @@ public async Task<IActionResult> PerformRenewal(Models.RenewalSettings settings)
         public async Task<IActionResult> PerformConfigurationTest(string instanceId, Models.ManagedCertificate item)
         {
 
-            List<StatusMessage> results = await _mgmtAPI.TestManagedCertificateConfiguration(instanceId, item, CurrentAuthContext);
+            var results = await _mgmtAPI.TestManagedCertificateConfiguration(instanceId, item, CurrentAuthContext);
 
             if (results != null)
             {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
index 2de240a43..3fd9a9de1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Services/ManagementAPI.cs
@@ -39,7 +39,7 @@ public ManagementAPI(IInstanceManagementStateProvider mgmtStateProvider, IHubCon
                     new("managedCertId", managedCertId)
                 };
 
-            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetInstanceManagedItem, args);
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetManagedItem, args);
             var result = await GetCommandResult(instanceId, cmd);
 
             if (result?.Value != null)
@@ -62,7 +62,7 @@ public ManagementAPI(IInstanceManagementStateProvider mgmtStateProvider, IHubCon
                     new("managedCert", JsonSerializer.Serialize(managedCert))
                 };
 
-            var cmd = new InstanceCommandRequest(ManagementHubCommands.UpdateInstanceManagedItem, args);
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.UpdateManagedItem, args);
 
             var result = await GetCommandResult(instanceId, cmd);
 
@@ -95,7 +95,7 @@ public async Task<bool> RemoveManagedCertificate(string instanceId, string manag
                     new("managedCertId",managedCertId)
                 };
 
-            var cmd = new InstanceCommandRequest(ManagementHubCommands.DeleteInstanceManagedItem, args);
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.DeleteManagedItem, args);
 
             var result = await GetCommandResult(instanceId, cmd);
 
@@ -126,6 +126,20 @@ public async Task<bool> RemoveManagedCertificate(string instanceId, string manag
             return await _mgmtStateProvider.ConsumeAwaitedCommandResult(cmd.CommandId);
         }
 
+        private async Task SendCommandWithNoResult(string instanceId, InstanceCommandRequest cmd)
+        {
+            var connectionId = _mgmtStateProvider.GetConnectionIdForInstance(instanceId);
+
+            if (connectionId == null)
+            {
+                throw new Exception("Instance connection info not known, cannot send commands to instance.");
+            }
+
+            _mgmtStateProvider.AddAwaitedCommandRequest(cmd);
+
+            await _mgmtHubContext.Clients.Client(connectionId).SendCommandRequest(cmd);
+        }
+
         public async Task<StatusSummary> GetManagedCertificateSummary(AuthContext? currentAuthContext)
         {
 
@@ -157,7 +171,7 @@ public async Task<LogItem[]> GetItemLog(string instanceId, string managedCertId,
                     new("limit",maxLines.ToString())
                 };
 
-            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetInstanceManagedItemLog, args);
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetManagedItemLog, args);
 
             var result = await GetCommandResult(instanceId, cmd);
 
@@ -178,7 +192,7 @@ internal async Task<List<StatusMessage>> TestManagedCertificateConfiguration(str
                     new("managedCert",JsonSerializer.Serialize(managedCert))
                 };
 
-            var cmd = new InstanceCommandRequest(ManagementHubCommands.TestInstanceManagedItem, args);
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.TestManagedItemConfiguration, args);
 
             var result = await GetCommandResult(instanceId, cmd);
 
@@ -191,6 +205,39 @@ internal async Task<List<StatusMessage>> TestManagedCertificateConfiguration(str
                 return [];
             }
         }
+
+        internal async Task<List<ActionStep>> GetPreviewActions(string instanceId, ManagedCertificate managedCert, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCert",JsonSerializer.Serialize(managedCert))
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.GetManagedItemRenewalPreview, args);
+
+            var result = await GetCommandResult(instanceId, cmd);
+
+            if (result?.Value != null)
+            {
+                return JsonSerializer.Deserialize<List<ActionStep>>(result.Value);
+            }
+            else
+            {
+                return [];
+            }
+        }
+
+        internal async Task PerformManagedCertificateRequest(string instanceId, string managedCertId, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("managedCertId",managedCertId)
+                };
+
+            var cmd = new InstanceCommandRequest(ManagementHubCommands.PerformManagedItemRequest, args);
+
+            await SendCommandWithNoResult(instanceId, cmd);
+        }
     }
 }
 
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
index d45fafe97..31fcf18e8 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
@@ -146,7 +146,7 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
                             var request = new InstanceCommandRequest
                             {
                                 CommandId = Guid.NewGuid(),
-                                CommandType = ManagementHubCommands.GetInstanceManagedItems
+                                CommandType = ManagementHubCommands.GetManagedItems
                             };
 
                             IssueCommand(request);
@@ -158,7 +158,7 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
                             var request = new InstanceCommandRequest
                             {
                                 CommandId = Guid.NewGuid(),
-                                CommandType = ManagementHubCommands.GetInstanceStatusSummary
+                                CommandType = ManagementHubCommands.GetStatusSummary
                             };
 
                             IssueCommand(request);
@@ -176,14 +176,14 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
                         // action this message from this instance
                         _logger?.LogInformation("Received instance command result {result}", result);
 
-                        if (cmd.CommandType == ManagementHubCommands.GetInstanceManagedItems)
+                        if (cmd.CommandType == ManagementHubCommands.GetManagedItems)
                         {
                             // got items from an instance
                             var val = System.Text.Json.JsonSerializer.Deserialize<ManagedInstanceItems>(result.Value);
 
                             _stateProvider.UpdateInstanceItemInfo(instanceId, val.Items);
                         }
-                        else if (cmd.CommandType == ManagementHubCommands.GetInstanceStatusSummary && result?.Value!=null)
+                        else if (cmd.CommandType == ManagementHubCommands.GetStatusSummary && result?.Value!=null)
                         {
                             // got status summary
                             var val = System.Text.Json.JsonSerializer.Deserialize<StatusSummary>(result.Value);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index 6ccdab19e..ea71d7b40 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 
 namespace Certify.Server.API
@@ -176,6 +177,14 @@ public void ConfigureServices(IServiceCollection services)
 
             services.AddSingleton<IInstanceManagementStateProvider, InstanceManagementStateProvider>();
 
+            services.AddTransient(s =>
+            {
+                var p = s.GetService(typeof(IInstanceManagementStateProvider)) as IInstanceManagementStateProvider;
+                var h = s.GetService(typeof(IHubContext<InstanceManagementHub, IInstanceManagementHub>)) as IHubContext<InstanceManagementHub, IInstanceManagementHub>;
+                var c = s.GetService(typeof(ICertifyInternalApiClient)) as ICertifyInternalApiClient;
+                return new ManagementAPI(p, h, c);
+            });
+
             services.AddHostedService<ManagementWorker>();
             return results;
         }
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 5fd237fde..ad5121fa6 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -6,7 +6,7 @@
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
-        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
         <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
         <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
diff --git a/src/Certify.Shared/Utils/DemoDataGenerator.cs b/src/Certify.Shared/Utils/DemoDataGenerator.cs
index 14304d659..8d874f43d 100644
--- a/src/Certify.Shared/Utils/DemoDataGenerator.cs
+++ b/src/Certify.Shared/Utils/DemoDataGenerator.cs
@@ -15,7 +15,7 @@ public static List<ManagedCertificate> GenerateDemoItems()
             var rnd = new Random();
 
             var items = new List<ManagedCertificate>();
-            var numItems = new Random().Next(10, 50);
+            var numItems = new Random().Next(10, 500);
             for (var i = 0; i < numItems; i++)
             {
 
@@ -117,8 +117,6 @@ public static string GenerateName(Random rnd)
                 "fabulous"
             };
 
-         
-
             return $"{adjectives[rnd.Next(0, adjectives.Length - 1)]}-{subjects[rnd.Next(0, subjects.Length - 1)]}".ToLower();
         }
     }

From 389f55a3c38939be23adafacabc12c589955dca6 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 10 Jul 2024 18:54:00 +0800
Subject: [PATCH 207/237] Package updates

---
 src/Certify.Client/Certify.Client.csproj                  | 6 +++---
 src/Certify.Models/Certify.Models.csproj                  | 4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj           | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                | 4 ++--
 .../Certify.Server.Api.Public.csproj                      | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj        | 8 ++++----
 .../Certify.Core.Tests.Unit.csproj                        | 2 +-
 src/Certify.UI.Shared/Certify.UI.Shared.csproj            | 2 +-
 8 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index fa0209045..65e13af5c 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.3" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index cd9a0150b..9f7ae3119 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.2" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.3" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -30,7 +30,7 @@
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0">
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="System.Text.Json" Version="8.0.3" />
+		<PackageReference Include="System.Text.Json" Version="8.0.4" />
 		<PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
 	</ItemGroup>
 
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index ce88d2d00..11e73b7d3 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.82" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.83" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 8891f8bf8..cd3e21a6b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,8 +10,8 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.6" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.7" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
         <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
         <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 658e6a5d3..3a185c46b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,7 +18,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.7" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
     </ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 3c9fea62d..79303d4b1 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.7" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.6" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.6" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.6" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 3e2702176..4d83783d0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -113,7 +113,7 @@
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageReference Include="System.Text.Json" Version="8.0.3" />
+    <PackageReference Include="System.Text.Json" Version="8.0.4" />
     <PackageReference Include="Testcontainers" Version="3.9.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/Certify.UI.Shared/Certify.UI.Shared.csproj b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
index 3e9592ca8..e2586a16e 100644
--- a/src/Certify.UI.Shared/Certify.UI.Shared.csproj
+++ b/src/Certify.UI.Shared/Certify.UI.Shared.csproj
@@ -42,7 +42,7 @@
 		<PackageReference Include="Markdig.Wpf" Version="0.5.0.1" />
 		<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
 		<PackageReference Include="PropertyChanged.Fody" Version="4.1.0" />
-		<PackageReference Include="System.Text.Json" Version="8.0.3" />
+		<PackageReference Include="System.Text.Json" Version="8.0.4" />
 		<PackageReference Include="ToastNotifications.Messages" Version="2.5.1">
 		  <NoWarn>NU1701</NoWarn>
 		</PackageReference>

From 91905fc5db0bf377b344d29cf13e6f8133eae758 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 10 Jul 2024 18:54:32 +0800
Subject: [PATCH 208/237] Cleanup

---
 .../CertifyManager.ManagementHub.cs           | 21 ++++++++++++++++++
 .../CertifyManager/CertifyManager.cs          | 22 +------------------
 .../Properties/launchSettings.json            |  2 +-
 3 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index 642de6bb1..733daef3a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -16,6 +16,27 @@ public partial class CertifyManager
     {
         private ManagementServerClient _managementServerClient;
         private string _managementServerConnectionId = string.Empty;
+
+        private async Task EnsureMgmtHubConnection()
+        {
+            // connect/reconnect to management hub if enabled
+            if (_managementServerClient == null || !_managementServerClient.IsConnected())
+            {
+                var mgmtHubUri = Environment.GetEnvironmentVariable("CERTIFY_MANAGEMENT_HUB") ?? _serverConfig.ManagementServerHubUri;
+
+                if (!string.IsNullOrWhiteSpace(mgmtHubUri))
+                {
+                    await StartManagementHubConnection(mgmtHubUri);
+                }
+            }
+            else
+            {
+
+                // send heartbeat message to management hub
+                SendHeartbeatToManagementHub();
+            }
+        }
+
         private void SendHeartbeatToManagementHub()
         {
             //_managementServerClient.SendInstanceInfo(Guid.NewGuid(), false);
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 2b598a326..98ccf5540 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
@@ -251,26 +251,6 @@ private async void _heartbeatTimer_Elapsed(object sender, System.Timers.ElapsedE
             await EnsureMgmtHubConnection();
         }
 
-        private async Task EnsureMgmtHubConnection()
-        {
-            // connect/reconnect to management hub if enabled
-            if (_managementServerClient == null || !_managementServerClient.IsConnected())
-            {
-                var mgmtHubUri = Environment.GetEnvironmentVariable("CERTIFY_MANAGEMENT_HUB") ?? _serverConfig.ManagementServerHubUri;
-
-                if (!string.IsNullOrWhiteSpace(mgmtHubUri))
-                {
-                    await StartManagementHubConnection(mgmtHubUri);
-                }
-            }
-            else
-            {
-
-                // send heartbeat message to management hub
-                SendHeartbeatToManagementHub();
-            }
-        }
-
         private async void _frequentTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
         {
             await PerformRenewalTasks();
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
index 97edc6655..38d1d0174 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
+++ b/src/Certify.Server/Certify.Server.Api.Public/Properties/launchSettings.json
@@ -5,7 +5,7 @@
       "launchUrl": "https://localhost:44361/docs",
       "environmentVariables": {
         "ASPNETCORE_URLS": "https://localhost:44361;http://localhost:44360",
-        "CERTIFY_SERVICE_HOST": "localhost",
+        "CERTIFY_SERVICE_HOST": "127.0.0.2", // note: aspire hosted uses this profile
         "CERTIFY_SERVICE_PORT": "9695"
       }
     },

From 18a5ace2033c41f374ebf20aff1e097599093ccb Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 16 Jul 2024 11:40:00 +0800
Subject: [PATCH 209/237] Package updates

---
 .../Certify.Aspire.ServiceDefaults.csproj                       | 2 +-
 src/Certify.Client/Certify.Client.csproj                        | 2 +-
 src/Certify.Models/Certify.Models.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 7011041ab..1d4c877fb 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.6.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.7.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.2" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 65e13af5c..1568ae567 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.3" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 9f7ae3119..723527481 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.6.3" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.0" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 11e73b7d3..0a7833c62 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.83" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.85" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index c873b3e00..8e9b1ccc8 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.40.0" />
+    <PackageReference Include="Azure.Core" Version="1.41.0" />
     <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />

From b57f757b9ac089467e9064f4e391d01f2cc5a866 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Tue, 16 Jul 2024 12:56:13 +0800
Subject: [PATCH 210/237] Update actions

---
 .github/workflows/4_6_2_Core_Unit_Tests_Win.yaml       |  4 ++--
 ...sts_Linux.yaml => DotNetCore_Unit_Tests_Linux.yaml} | 10 +++++-----
 ...t_Tests_Win.yaml => DotNetCore_Unit_Tests_Win.yaml} | 10 +++++-----
 3 files changed, 12 insertions(+), 12 deletions(-)
 rename .github/workflows/{8_0_Core_Unit_Tests_Linux.yaml => DotNetCore_Unit_Tests_Linux.yaml} (94%)
 rename .github/workflows/{8_0_Core_Unit_Tests_Win.yaml => DotNetCore_Unit_Tests_Win.yaml} (94%)

diff --git a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
index 8b3de816b..3af767ca1 100644
--- a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
+++ b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
 
 jobs:
   build-and-test:
@@ -65,7 +65,7 @@ jobs:
         echo "C:\Program Files\step_0.24.4\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
     - name: Pull step-ca Docker Image
-      run: docker pull jrnelson90/step-ca-win
+      run: docker pull webprofusion/step-ca-win
 
     - name: Cache NuGet Dependencies    
       uses: actions/cache@v3
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
similarity index 94%
rename from .github/workflows/8_0_Core_Unit_Tests_Linux.yaml
rename to .github/workflows/DotNetCore_Unit_Tests_Linux.yaml
index 2d0f7d2cd..f0150c54f 100644
--- a/.github/workflows/8_0_Core_Unit_Tests_Linux.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
@@ -1,4 +1,4 @@
-name: build and test .NET Core 8.0 Linux
+name: build and test .NET Core 9.0 Linux
 
 on:
   push:
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
 
 jobs:
   build-and-test:
@@ -79,14 +79,14 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
-        dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
+        dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
       run: |
         export GITHUB_WORKSPACE="$GITHUB_WORKSPACE/certify"
         export GITHUB_STEP_SUMMARY="./TestResults-${{ runner.os }}/test-summary.md"
-        dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
+        dotnet test --no-build -f net9.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Generate Test Results Report
@@ -108,6 +108,6 @@ jobs:
     #   uses: actions/upload-artifact@master
     #   with:
     #     name: dotnet-results-${{ runner.os }}-${{ env.DOTNET_VERSION }}
-    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-8_0-${{ runner.os }}
+    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-9_0-${{ runner.os }}
     #   # Use always() to always run this step to publish test results when there are test failures
     #   if: ${{ always() }}
diff --git a/.github/workflows/8_0_Core_Unit_Tests_Win.yaml b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
similarity index 94%
rename from .github/workflows/8_0_Core_Unit_Tests_Win.yaml
rename to .github/workflows/DotNetCore_Unit_Tests_Win.yaml
index 2e7607240..41a0ebcc6 100644
--- a/.github/workflows/8_0_Core_Unit_Tests_Win.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
@@ -1,4 +1,4 @@
-name: build and test .NET Core 8.0 Windows
+name: build and test .NET Core 9.0 Windows
 
 on:
   push:
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '8.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
 
 jobs:
   build-and-test:
@@ -80,14 +80,14 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
-        dotnet build -c Debug -f net8.0 --property WarningLevel=0 /clp:ErrorsOnly
+        dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
       run: |
         $env:GITHUB_WORKSPACE="$env:GITHUB_WORKSPACE\certify"
         $env:GITHUB_STEP_SUMMARY=".\TestResults-${{ runner.os }}\test-summary.md"
-        dotnet test --no-build -f net8.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
+        dotnet test --no-build -f net9.0 -l "GitHubActions;summary.includePassedTests=true;summary.includeSkippedTests=true;annotations.messageFormat=@error\n@trace"
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
     
     - name: Generate Test Results Report
@@ -108,6 +108,6 @@ jobs:
     #   uses: actions/upload-artifact@master
     #   with:
     #     name: dotnet-results-${{ runner.os }}-${{ env.DOTNET_VERSION }}
-    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-8_0-${{ runner.os }}
+    #     path: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/TestResults-9_0-${{ runner.os }}
     #   # Use always() to always run this step to publish test results when there are test failures
     #   if: ${{ always() }}

From 30e3fe6ef533d943daf480f22f2ab4278e0d2d0a Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 Jul 2024 13:33:35 +0800
Subject: [PATCH 211/237] Update dotnet version

Update dotnet version
---
 .github/workflows/4_6_2_Core_Unit_Tests_Win.yaml   | 2 +-
 .github/workflows/DotNetCore_Unit_Tests_Linux.yaml | 2 +-
 .github/workflows/DotNetCore_Unit_Tests_Win.yaml   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
index 3af767ca1..4455dbedf 100644
--- a/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
+++ b/.github/workflows/4_6_2_Core_Unit_Tests_Win.yaml
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.x' # The .NET SDK version to use
 
 jobs:
   build-and-test:
diff --git a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
index f0150c54f..7576c7bbd 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.x' # The .NET SDK version to use
 
 jobs:
   build-and-test:
diff --git a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
index 41a0ebcc6..29edb1301 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
@@ -9,7 +9,7 @@ on:
     - '**.csproj'
 
 env:
-  DOTNET_VERSION: '9.0.100' # The .NET SDK version to use
+  DOTNET_VERSION: '9.0.x' # The .NET SDK version to use
 
 jobs:
   build-and-test:

From b57c9c5f9ed37d407c213241a6139e615ef2a274 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 Jul 2024 14:18:53 +0800
Subject: [PATCH 212/237] Test: fix primary domain test config

Test: fix version check test

Update test dotnet targets
---
 .../DotNetCore_Unit_Tests_Linux.yaml          |  1 +
 .../workflows/DotNetCore_Unit_Tests_Win.yaml  |  1 +
 .../Certify.Aspire.AppHost.csproj             |  2 +-
 .../Certify.Aspire.ServiceDefaults.csproj     |  2 +-
 .../Certify.Server.Api.Public.Client.csproj   |  2 +-
 .../Certify.Server.Api.Public.csproj          |  2 +-
 .../Certify.Server.Core.csproj                |  2 +-
 .../Certify.Shared.Extensions.csproj          |  2 +-
 .../Certify.Core.Tests.Unit.csproj            |  6 ++--
 .../Certify.Core.Tests.Unit/Docker.md         | 30 +++++++++----------
 .../Tests/CertificateEditorServiceTests.cs    | 13 ++++----
 .../Tests/CertifyServiceTests.cs              |  1 -
 .../Tests/DnsQueryTests.cs                    |  6 +---
 ...rtify-core-tests-unit-4_6_2-win.dockerfile |  4 +--
 ...tify-core-tests-unit-9_0-linux.dockerfile} | 10 +++----
 ...ertify-core-tests-unit-9_0-win.dockerfile} | 10 +++----
 .../linux_compose.yaml                        | 10 +++----
 .../windows_compose.yaml                      | 14 ++++-----
 18 files changed, 58 insertions(+), 60 deletions(-)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{certify-core-tests-unit-8_0-linux.dockerfile => certify-core-tests-unit-9_0-linux.dockerfile} (80%)
 rename src/Certify.Tests/Certify.Core.Tests.Unit/{certify-core-tests-unit-8_0-win.dockerfile => certify-core-tests-unit-9_0-win.dockerfile} (80%)

diff --git a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
index 7576c7bbd..2a63af2c1 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
@@ -79,6 +79,7 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
+        dotnet restore -f net9.0
         dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
diff --git a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
index 29edb1301..36694101e 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
@@ -80,6 +80,7 @@ jobs:
       run: |
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
+        dotnet restore -f net9.0
         dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index cf6b04489..ec5f05fb8 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFrameworks>net8.0;</TargetFrameworks>
+    <TargetFrameworks>net9.0;</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsAspireHost>true</IsAspireHost>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 1d4c877fb..ac4d48703 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Library</OutputType>
-    <TargetFrameworks>net8.0;</TargetFrameworks>
+    <TargetFrameworks>net9.0;</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsAspireSharedProject>true</IsAspireSharedProject>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
index 9c3b2587f..b52f9423a 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Client/Certify.Server.Api.Public.Client.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index 3a185c46b..cae528e5b 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
     <PropertyGroup>
-        <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+        <TargetFrameworks>net9.0</TargetFrameworks>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
         <InvariantGlobalization>true</InvariantGlobalization>
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 79303d4b1..95563355f 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
     <PropertyGroup>
-        <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+        <TargetFrameworks>net9.0</TargetFrameworks>
         <UserSecretsId>3648c5f3-f642-441e-979e-d4624cd39e49</UserSecretsId>
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
         <Platforms>AnyCPU</Platforms>
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 74f92be69..4de098ddb 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -3,7 +3,7 @@
     <PropertyGroup>
         <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
-
+        <LangVersion>latest</LangVersion>
     </PropertyGroup>
 
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 4d83783d0..4093be8d9 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net462;net8.0;</TargetFrameworks>
+    <TargetFrameworks>net462;net9.0;</TargetFrameworks>
     <Configurations>Debug;Release</Configurations>
     <Platforms>AnyCPU</Platforms>
   </PropertyGroup>
@@ -56,10 +56,10 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
     <PlatformTarget>AnyCPU</PlatformTarget>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net8.0|AnyCPU'">
+  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
     <NoWarn>1701;1702;NU1701</NoWarn>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
index 26cfae975..19cda4c7f 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Docker.md
@@ -9,8 +9,8 @@ To build the Docker Images for the Certify Core Unit Tests, first navigate to `c
 To build the Linux images, use the following Docker build commands (make sure Docker Desktop is switched to Linux containers):
 
 ```
-// For .NET Core 8.0
-docker build ..\..\..\..\ -t certify-core-tests-unit-8_0-linux -f .\certify-core-tests-unit-8_0-linux.dockerfile
+// For .NET Core 9.0
+docker build ..\..\..\..\ -t certify-core-tests-unit-9_0-linux -f .\certify-core-tests-unit-9_0-linux.dockerfile
 ```
 
 ### Windows Images
@@ -21,8 +21,8 @@ To build the Windows images, use the following Docker build commands (make sure
 // For .NET 4.6.2
 docker build ..\..\..\..\ -t certify-core-tests-unit-4_6_2-win -f .\certify-core-tests-unit-4_6_2-win.dockerfile -m 8GB
 
-// For .NET Core 8.0
-docker build ..\..\..\..\ -t certify-core-tests-unit-8_0-win -f .\certify-core-tests-unit-8_0-win.dockerfile -m 8GB
+// For .NET Core 9.0
+docker build ..\..\..\..\ -t certify-core-tests-unit-9_0-win -f .\certify-core-tests-unit-9_0-win.dockerfile -m 8GB
 
 // For the step-ca-win image
 docker build . -t step-ca-win -f .\step-ca-win.dockerfile
@@ -56,8 +56,8 @@ To run the Windows Tests in Docker, use the following Docker Compose command:
 // For .NET 4.6.2
 docker compose --profile 4_6_2 -f windows_compose.yaml up -d
 
-// For .NET Core 8.0
-docker compose --profile 8_0 -f windows_compose.yaml up -d
+// For .NET Core 9.0
+docker compose --profile 9_0 -f windows_compose.yaml up -d
 ```
 
 To stop the Windows Tests in Docker, use the following Docker Compose command:
@@ -67,7 +67,7 @@ To stop the Windows Tests in Docker, use the following Docker Compose command:
 docker compose --profile 4_6_2 -f windows_compose.yaml down -v
 
 // For .NET Core 8.0
-docker compose --profile 8_0 -f windows_compose.yaml down -v
+docker compose --profile 9_0 -f windows_compose.yaml down -v
 ```
 
 ### Debugging Tests Running in Containers with Docker Compose in Visual Studio
@@ -77,14 +77,14 @@ Within each test Docker Compose file are commented out lines for debugging subse
 To run an individual class of tests, uncomment the following section of the corresponding Docker Compose file, with the name of the test class you wish to run following `ClassName=`:
 
 ```
-  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
 ```
 
 To run an individual test, uncomment the following section of the corresponding Docker Compose file, with 
 the name of the test you wish to run following `Name=`:
 
 ```
-  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
+  entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
 ```
 
 To run tests using the Visual Studio debugger, first ensure that you have the `Containers` window visible (`View -> Other Windows -> Containers`)
@@ -131,25 +131,25 @@ To do this, first navigate to `certify\src\Certify.Tests\Certify.Core.Tests.Unit
 To run all of the Certify Core Unit Tests in a Linux container, use the following command:
 
 ```
-docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0
+docker run --name core-tests-unit-9_0-linux --rm -it -v ${pwd}\bin\Debug\net9.0:/app -w /app mcr.microsoft.com/dotnet/sdk:9.0 dotnet test Certify.Core.Tests.Unit.dll -f net9.0
 ```
 
 To run a specific class of Certify Core Unit Tests in a Linux container, use the following command, substituting the Class Name of the tests after `--filter "ClassName=`:
 
 ```
-docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter "ClassName=Certify.Core.Tests.Unit.DnsQueryTests"
+docker run --name core-tests-unit-9_0-linux --rm -it -v ${pwd}\bin\Debug\net9.0:/app -w /app mcr.microsoft.com/dotnet/sdk:9.0 dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter "ClassName=Certify.Core.Tests.Unit.DnsQueryTests"
 ```
 
 To run a single Certify Core Unit Test in a Linux container, use the following command, substituting the Test Name of the tests after `--filter "Name=`:
 
 ```
-docker run --name core-tests-unit-8_0-linux --rm -it -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter "Name=MixedIPBindingChecksNoPreview"
+docker run --name core-tests-unit-9_0-linux --rm -it -v ${pwd}\bin\Debug\net9.0:/app -w /app mcr.microsoft.com/dotnet/sdk:9.0 dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter "Name=MixedIPBindingChecksNoPreview"
 ```
 
 To run Certify Core Unit Tests with Debugging in a Linux container, use the following command, add `-e VSTEST_HOST_DEBUG=1` as a `docker run` parameter like so:
 
 ```
-docker run --name core-tests-unit-8_0-linux --rm -it -e VSTEST_HOST_DEBUG=1 -v ${pwd}\bin\Debug\net8.0:/app -w /app mcr.microsoft.com/dotnet/sdk:8.0 dotnet test Certify.Core.Tests.Unit.dll -f net8.0"
+docker run --name core-tests-unit-9_0-linux --rm -it -e VSTEST_HOST_DEBUG=1 -v ${pwd}\bin\Debug\net9.0:/app -w /app mcr.microsoft.com/dotnet/sdk:9.0 dotnet test Certify.Core.Tests.Unit.dll -f net9.0"
 ```
 
 ### Running Certify Core Unit Tests with a Windows Base Image
@@ -160,10 +160,10 @@ To run all of the Certify Core Unit Tests in a Windows container, use the follow
 
 ```
 // For .NET 4.6.2
-docker run --name core-tests-unit-4_6_2-win --rm -it -v ${pwd}\bin\Debug\net462:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net462
+docker run --name core-tests-unit-4_6_2-win --rm -it -v ${pwd}\bin\Debug\net462:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net462
 
 // For .NET Core 8.0
-docker run --name core-tests-unit-8_0-win --rm -it -v ${pwd}\bin\Debug\net8.0:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net8.0
+docker run --name core-tests-unit-9_0-win --rm -it -v ${pwd}\bin\Debug\net9.0:C:\app -w C:\app mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 dotnet test Certify.Core.Tests.Unit.dll -f net9.0
 ```
 
 See the above Linux examples to see how to run tests selectively or with debugging enabled.
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
index 795d566c1..1c797d81a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateEditorServiceTests.cs
@@ -22,12 +22,13 @@ public void TestPrimaryDomainRequired()
                 RequestConfig = new CertRequestConfig
                 {
                     Challenges = new System.Collections.ObjectModel.ObservableCollection<CertRequestChallengeConfig>
-                  {
-                      new CertRequestChallengeConfig
-                      {
-                          ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
-                      }
-                  }
+                    {
+                        new CertRequestChallengeConfig
+                        {
+                            ChallengeType = SupportedChallengeTypes.CHALLENGE_TYPE_HTTP
+                        }
+                    },
+                    SubjectAlternativeNames = new[] { "test.com", "www.test.com" }
                 }
             };
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
index e87eb8db7..d830affa0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyServiceTests.cs
@@ -121,7 +121,6 @@ public async Task TestCertifyServiceUpdateCheckRoute()
                 Assert.AreEqual(HttpStatusCode.OK, updatesRawRes.StatusCode, $"Unexpected status code from GET {updatesRawRes.RequestMessage.RequestUri.AbsoluteUri}");
                 Assert.IsFalse(updateRes.MustUpdate);
                 Assert.IsFalse(updateRes.IsNewerVersion);
-                Assert.AreEqual(updateRes.InstalledVersion.ToString(), updateRes.Version.ToString());
                 Assert.AreEqual("", updateRes.UpdateFilePath);
             }
             finally
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
index 14cee841a..3ad05b3e1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
@@ -53,11 +53,7 @@ public async Task TestDNS_CheckTXT()
         {
             var net = new NetworkUtils(enableProxyValidationAPI: true);
 
-            var logImp = new LoggerConfiguration()
-                .WriteTo.Debug()
-                .CreateLogger();
-
-            var log = new Loggy(logImp);
+            var log = new Loggy(null);
 
             // check invalid domain
             var result = await net.GetDNSRecordTXT(log, "_acme-challenge-test.cointelligence.io");
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
index 46c6672da..9a0b7d4c3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-4_6_2-win.dockerfile
@@ -1,11 +1,11 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS base
+FROM mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 AS base
 WORKDIR /app
 EXPOSE 80
 EXPOSE 443
 EXPOSE 9696
 
 # define build and copy required source files
-FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 AS build
 WORKDIR /src
 COPY ./certify/src ./certify/src
 COPY ./certify-plugins/src ./certify-plugins/src
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-linux.dockerfile
similarity index 80%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile
rename to src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-linux.dockerfile
index 5eb8e2c83..abb4010d7 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-linux.dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS base
+FROM mcr.microsoft.com/dotnet/sdk:9.0 AS base
 WORKDIR /app
 EXPOSE 80
 EXPOSE 443
@@ -6,7 +6,7 @@ EXPOSE 9696
 RUN wget https://dl.smallstep.com/gh-release/cli/docs-cli-install/v0.23.0/step-cli_0.23.0_amd64.deb && dpkg -i step-cli_0.23.0_amd64.deb
 
 # define build and copy required source files
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
 WORKDIR /src
 COPY ./certify/src ./certify/src
 COPY ./certify-plugins/src ./certify-plugins/src
@@ -15,8 +15,8 @@ COPY ./libs/anvil ./libs/anvil
 
 # build and publish (as Release mode) to /app/publish
 FROM build AS publish
-RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net8.0 -c Debug -o /app/publish
-RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net8.0 -c Debug -o /app/publish/plugins
+RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net9.0 -c Debug -o /app/publish
+RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net9.0 -c Debug -o /app/publish/plugins
 COPY ./libs/Posh-ACME/Posh-ACME /app/publish/Scripts/DNS/PoshACME
 
 # copy build from /app/publish in sdk image to final image
@@ -25,4 +25,4 @@ WORKDIR /app
 COPY --from=publish /app/publish .
 
 # run the service, alternatively we could runs tests etc
-ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net8.0"]
+ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net9.0"]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-win.dockerfile
similarity index 80%
rename from src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
rename to src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-win.dockerfile
index feacfe1bf..62599e8f0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-win.dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS base
+FROM mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 AS base
 WORKDIR /app
 EXPOSE 80
 EXPOSE 443
@@ -9,7 +9,7 @@ RUN setx /M PATH "%PATH%;C:\Program Files\step_0.24.4\bin"
 USER ContainerUser
 
 # define build and copy required source files
-FROM mcr.microsoft.com/dotnet/sdk:8.0-windowsservercore-ltsc2022 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0-preview-windowsservercore-ltsc2022 AS build
 WORKDIR /src
 COPY ./certify/src ./certify/src
 COPY ./certify-plugins/src ./certify-plugins/src
@@ -18,8 +18,8 @@ COPY ./libs/anvil ./libs/anvil
 
 # build and publish (as Debug mode) to /app/publish
 FROM build AS publish
-RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net8.0 -c Debug -o /app/publish
-RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net8.0 -c Debug -o /app/publish/plugins
+RUN dotnet publish ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -f net9.0 -c Debug -o /app/publish
+RUN dotnet publish ./certify-internal/src/Certify.Plugins/Plugins.All/Plugins.All.csproj -f net9.0 -c Debug -o /app/publish/plugins
 COPY ./libs/Posh-ACME/Posh-ACME /app/publish/Scripts/DNS/PoshACME
 
 # copy build from /app/publish in sdk image to final image
@@ -28,4 +28,4 @@ WORKDIR /app
 COPY --from=publish /app/publish .
 
 # run the service, alternatively we could runs tests etc
-ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net8.0"]
+ENTRYPOINT ["dotnet", "test", "Certify.Core.Tests.Unit.dll", "-f", "net9.0"]
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml b/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
index d7274b88a..2485a9d0b 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/linux_compose.yaml
@@ -1,11 +1,11 @@
 name: certify-core-tests-unit-linux
 services:
 
-  certify-core-tests-unit-8_0:
-    image: certify-core-tests-unit-8_0-linux:latest
+  certify-core-tests-unit-9_0:
+    image: certify-core-tests-unit-9_0-linux:latest
     build: 
       context: ../../../../
-      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-linux.dockerfile   
+      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-linux.dockerfile   
     ports:
       - 80:80
       - 443:443
@@ -14,8 +14,8 @@ services:
     #   VSTEST_HOST_DEBUG: 1
     volumes:
       - step:/mnt/step_share
-    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
-    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetails'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'Name=TestCertifyManagerGetAccountDetails'"
     depends_on:
       step-ca:
         condition: service_healthy
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
index 8dd660ff5..3c78e9086 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/windows_compose.yaml
@@ -1,22 +1,22 @@
 name: certify-core-tests-unit-win
 services:
 
-  certify-core-tests-unit-8_0:
-    image: certify-core-tests-unit-8_0-win:latest
+  certify-core-tests-unit-9_0:
+    image: certify-core-tests-unit-9_0-win:latest
     build: 
       context: ../../../../
-      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-8_0-win.dockerfile
+      dockerfile: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/certify-core-tests-unit-9_0-win.dockerfile
     # environment:
     #   VSTEST_HOST_DEBUG: 1
     ports:
       - 80:80
       - 443:443
       - 9696:9696
-    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
-    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net8.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'ClassName=Certify.Core.Tests.Unit.CertifyManagerAccountTests'"
+    # entrypoint: "dotnet test Certify.Core.Tests.Unit.dll -f net9.0 --filter 'Name=TestCertifyManagerGetAccountDetailsDefinedCertificateAuthorityId'"
     volumes:
       - step:C:\step_share
-    profiles: ["8_0"]
+    profiles: ["9_0"]
     depends_on:
       step-ca:
         condition: service_healthy
@@ -47,7 +47,7 @@ services:
       context: .
       dockerfile: ./step-ca-win.dockerfile   
     hostname: step-ca
-    profiles: ["4_6_2", "8_0"]
+    profiles: ["4_6_2", "9_0"]
     ports:
       - 9000:9000
     environment:

From 2980c2c9a44fb689220793f8246c73c4fa16678d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 Jul 2024 17:36:16 +0800
Subject: [PATCH 213/237] Powershell: improve script permission handling for
 impersonation accounts

---
 .../Utils/PowerShellManager.cs                | 181 ++++++++++++------
 1 file changed, 122 insertions(+), 59 deletions(-)

diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index 8d68f2d21..8eff819b4 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -5,6 +5,7 @@
 using System.Linq;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
+using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.AccessControl;
@@ -17,18 +18,26 @@
 
 namespace Certify.Management
 {
+    /// <summary>
+    /// PowerShell script execution manager. 
+    /// Manage the execution of PowerShell scripts, either in-process or by launching a new process.
+    /// </summary>
     public class PowerShellManager
     {
         /// <summary>
-        /// 
+        /// Run a PowerShell script, either in-process or by launching a new process.
         /// </summary>
-        /// <param name="powershellExecutionPolicy">Unrestricted etc, </param>
-        /// <param name="result"></param>
-        /// <param name="scriptFile"></param>
-        /// <param name="parameters"></param>
-        /// <param name="scriptContent"></param>
-        /// <param name="credentials"></param>
-        /// <returns></returns>
+        /// <param name="powershellExecutionPolicy">Unrestricted etc, see https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.3</param>
+        /// <param name="result">Result object to pass to the script</param>
+        /// <param name="scriptFile">Path to the script file</param>
+        /// <param name="parameters">Parameters to pass to the script</param>
+        /// <param name="scriptContent">Content of the script</param>
+        /// <param name="credentials">Credentials to use for running the script</param>
+        /// <param name="logonType">Logon type to use for running the script</param>
+        /// <param name="ignoredCommandExceptions">Commands to ignore exceptions for</param>
+        /// <param name="timeoutMinutes">Timeout in minutes</param>
+        /// <param name="launchNewProcess">Launch a new process</param>
+        /// <returns>ActionResult</returns>
         public static async Task<ActionResult> RunScript(
             string powershellExecutionPolicy,
             CertificateRequestResult result = null,
@@ -108,29 +117,7 @@ public static async Task<ActionResult> RunScript(
                                     return new ActionResult(err, false);
                                 }
 
-                                // logon type affects the range of abilities the impersonated user has
-                                var _defaultLogonType = LogonType.NewCredentials;
-
-                                if (logonType == "network")
-                                {
-                                    _defaultLogonType = LogonType.Network;
-                                }
-                                else if (logonType == "batch")
-                                {
-                                    _defaultLogonType = LogonType.Batch;
-                                }
-                                else if (logonType == "service")
-                                {
-                                    _defaultLogonType = LogonType.Service;
-                                }
-                                else if (logonType == "interactive")
-                                {
-                                    _defaultLogonType = LogonType.Interactive;
-                                }
-                                else if (logonType == "newcredentials")
-                                {
-                                    _defaultLogonType = LogonType.NewCredentials;
-                                }
+                                var _defaultLogonType = GetLogonType(logonType);
 
                                 ActionResult powerShellResult = null;
                                 using (var userHandle = windowsCredentials.LogonUser(_defaultLogonType))
@@ -159,6 +146,19 @@ public static async Task<ActionResult> RunScript(
             }
         }
 
+        private static LogonType GetLogonType(string logonType)
+        {
+            return logonType?.ToLower() switch
+            {
+                "network" => LogonType.Network,
+                "batch" => LogonType.Batch,
+                "service" => LogonType.Service,
+                "interactive" => LogonType.Interactive,
+                "newcredentials" => LogonType.NewCredentials,
+                _ => LogonType.NewCredentials,
+            };
+        }
+
         /// <summary>
         /// Get the path to the pwoershell exe, optionally using a preferred path first
         /// </summary>
@@ -193,10 +193,10 @@ private static string GetPowershellExePath(string powershellPathPreference)
 
         private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
         {
-
             var _log = new StringBuilder();
 
             var commandExe = GetPowershellExePath(powershellPathPreference);
+
             if (commandExe == null)
             {
                 return new ActionResult("Failed to locate powershell executable. Cannot launch as new process.", false);
@@ -208,11 +208,47 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
                 return new ActionResult("Script content is not yet supported when used with launch as new process.", false);
             }
 
+            var resultObj = parameters?.Where(p => p.Key == "result" && p.Value != null).FirstOrDefault().Value;
+            var resultJson = resultObj != null ? Newtonsoft.Json.JsonConvert.SerializeObject(resultObj) : null;
+
+            var resultsJsonTempPath = string.Empty;
+            var resultsJsonExported = false;
+
             var appBasePath = AppContext.BaseDirectory;
+
             var wrapperScriptPath = Path.Combine(new string[] { appBasePath, "Scripts", "Internal", "Script-Wrapper.ps1" });
+            var wrapperScriptSourceText = File.ReadAllText(wrapperScriptPath);
+
+            var isUsingCredentials = (credentials != null && credentials.ContainsKey("username") && credentials.ContainsKey("password"));
+
+            if (isUsingCredentials && (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)))
+            {
+                // The impersonating user must be able to read the script wrapper so that the process starting under their credentials can call it. They will also need to be able to read the users supplied target script (not addressed here).
+                // If the Results object is also being used we write that to a temp file and set the ACL to allow read by the impersonating user.
+
+                try
+                {
+                    var username = GetWindowsCredentialsUsername(credentials);
 
-            // note that the impersonating user must be able to read the script wrapper so that the process starting under their credentials can call it and the target script
-            // if the Results object is also being used we write that to a temp file and set the ACL to allow read by the impersonating user.
+                    var wrapperTempPath = Path.GetTempPath();
+                    var wrapperTempFilePath = Path.GetTempFileName();
+                    wrapperScriptPath = Path.ChangeExtension(wrapperTempFilePath, ".ps1");
+                    File.WriteAllText(wrapperScriptPath, wrapperScriptSourceText);
+                    ApplyFileACL(wrapperScriptPath, username);
+
+                    resultsJsonTempPath = Path.GetTempFileName();
+                    File.WriteAllText(resultsJsonTempPath, resultJson);
+                    ApplyFileACL(resultsJsonTempPath, username);
+
+                    resultsJsonExported = true;
+                }
+                catch
+                {
+                    var err = "A command with Windows Credentials requires a correct username and password. Check credentials.";
+
+                    return new ActionResult(err, false);
+                }
+            }
 
             var arguments = $" -File \"{wrapperScriptPath}\"";
 
@@ -223,24 +259,27 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
 
             if (!string.IsNullOrEmpty(executionPolicy))
             {
-                arguments = $"-ExecutionPolicy {executionPolicy} " + arguments;
+                arguments = $"-ExecutionPolicy {executionPolicy} {arguments}";
             }
 
             arguments += $" -scriptFile \"{scriptFile}\"";
 
-            string resultsJsonTempPath = null;
-
             if (parameters?.Any() == true)
             {
                 foreach (var p in parameters)
                 {
                     if (p.Key == "result" && p.Value != null)
                     {
-                        // reserved parameter name for the ManagedCertificate object
-                        var json = Newtonsoft.Json.JsonConvert.SerializeObject(p.Value);
+                        if (!resultsJsonExported)
+                        {   // if results file not already exported for the impersonated user export now
+
+                            // "result" is reserved parameter name for the ManagedCertificate object
+                            var json = Newtonsoft.Json.JsonConvert.SerializeObject(p.Value);
 
-                        resultsJsonTempPath = Path.GetTempFileName();
-                        File.WriteAllText(resultsJsonTempPath, json);
+                            resultsJsonTempPath = Path.GetTempFileName();
+                            File.WriteAllText(resultsJsonTempPath, json);
+                            resultsJsonExported = true;
+                        }
 
                         arguments += $" -resultJsonFile \"{resultsJsonTempPath}\"";
                     }
@@ -293,24 +332,6 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
 
                     scriptProcessInfo.Password = sPwd;
 
-                    if (resultsJsonTempPath != null)
-                    {
-                        //allow this user to read the results file
-                        var fileInfo = new FileInfo(resultsJsonTempPath);
-                        var accessControl = fileInfo.GetAccessControl();
-                        var fullUser = domain == "." ? username : $"{domain}\\{username}";
-                        accessControl.AddAccessRule(new FileSystemAccessRule(fullUser, FileSystemRights.Read, AccessControlType.Allow));
-
-                        try
-                        {
-                            fileInfo.SetAccessControl(accessControl);
-                        }
-                        catch
-                        {
-                            _log.AppendLine("Running PowerShell As New Process: Could not apply access control to allow this user to read the temp results file");
-                        }
-                    }
-
                     _log.AppendLine($"Launching Process {commandExe} as User: {domain}\\{username}");
                 }
                 else
@@ -399,6 +420,24 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
             }
         }
 
+        private static bool ApplyFileACL(string filePath, string fullUsername)
+        {
+            var fileInfo = new FileInfo(filePath);
+            var accessControl = fileInfo.GetAccessControl();
+
+            accessControl.AddAccessRule(new FileSystemAccessRule(fullUsername, FileSystemRights.Read, AccessControlType.Allow));
+
+            try
+            {
+                fileInfo.SetAccessControl(accessControl);
+                return true;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
         private static ActionResult InvokePowershell(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5)
         {
             // ensure execution policy will allow the script to run, default to system default, default policy is set in service config object 
@@ -593,5 +632,29 @@ public static UserCredentials GetWindowsCredentials(Dictionary<string, string> c
 
             return windowsCredentials;
         }
+
+        public static string GetWindowsCredentialsUsername(Dictionary<string, string> credentials, bool includeAutoLocalDomain = false)
+        {
+            var username = credentials["username"];
+
+            credentials.TryGetValue("domain", out var domain);
+
+            if (includeAutoLocalDomain)
+            {
+                if (domain == null && !username.Contains(".\\") && !username.Contains("@"))
+                {
+                    domain = ".";
+                }
+            }
+
+            if (domain != null)
+            {
+                return $"{domain}\\{username}";
+            }
+            else
+            {
+                return username;
+            }
+        }
     }
 }

From 45ed05535048faac94d3b3bb7ab6a20b10d30178 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 17 Jul 2024 17:41:22 +0800
Subject: [PATCH 214/237] test build: specify project path

---
 .github/workflows/DotNetCore_Unit_Tests_Linux.yaml | 2 +-
 .github/workflows/DotNetCore_Unit_Tests_Win.yaml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
index 2a63af2c1..deee70381 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
@@ -80,7 +80,7 @@ jobs:
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
         dotnet restore -f net9.0
-        dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
+        dotnet build ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
diff --git a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
index 36694101e..572b306c0 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
@@ -81,7 +81,7 @@ jobs:
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
         dotnet restore -f net9.0
-        dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
+        dotnet build ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests

From 43b5a613de115c613863d57caeafc8d8b50f732f Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Thu, 18 Jul 2024 14:17:07 +0800
Subject: [PATCH 215/237] Package updates

Package update
---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj               | 2 +-
 .../Certify.Server.Api.Public.Tests.csproj                    | 4 ++--
 .../Certify.Core.Tests.Integration.csproj                     | 4 ++--
 .../Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj    | 4 ++--
 .../Certify.Service.Tests.Integration.csproj                  | 4 ++--
 .../Certify.UI.Tests.Integration.csproj                       | 4 ++--
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 0a7833c62..0482135e1 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.85" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.86" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index cd3e21a6b..6d93da5aa 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -13,8 +13,8 @@
         <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.7" />
         <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.7" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index 457500b55..abb2a5fa4 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -76,8 +76,8 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 4093be8d9..7bbb2ddb3 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -107,8 +107,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
     <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index ccce25df7..aef71dfbb 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -62,8 +62,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index ab14f1145..0c0b361b4 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -58,8 +58,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.4.3" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.4.3" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
   </ItemGroup>
 
   <ItemGroup>

From 89ba444dbf1569d56826eeab53180383c8738ba4 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 22 Jul 2024 15:49:46 +0800
Subject: [PATCH 216/237] Minor updates to powershell manager

---
 .../Utils/PowerShellManager.cs                 | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index 8eff819b4..0c64c761f 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
@@ -12,6 +12,7 @@
 using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
+using Certify.Management.Utils;
 using Certify.Models;
 using Certify.Models.Config;
 using SimpleImpersonation;
@@ -70,7 +71,7 @@ public static async Task<ActionResult> RunScript(
             if (launchNewProcess)
             {
                 // spawn new process as the given user
-                return ExecutePowershellAsProcess(result, powershellExecutionPolicy, scriptFile, parameters, credentials, scriptContent, null, ignoredCommandExceptions: ignoredCommandExceptions, timeoutMinutes: timeoutMinutes);
+                return await ExecutePowershellAsProcess(result, powershellExecutionPolicy, scriptFile, parameters, credentials, logonType, scriptContent, null, ignoredCommandExceptions: ignoredCommandExceptions, timeoutMinutes: timeoutMinutes);
             }
             else
             {
@@ -101,7 +102,7 @@ public static async Task<ActionResult> RunScript(
                                 credentialsProvidedButNotSupported = true;
                             }
 
-                            if (credentials?.Any() == true && credentialsProvidedButNotSupported == false)
+                            if (credentials?.Any() == true && credentialsProvidedButNotSupported == false && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                             {
                                 // run as windows user
                                 UserCredentials windowsCredentials = null;
@@ -191,7 +192,7 @@ private static string GetPowershellExePath(string powershellPathPreference)
             return null;
         }
 
-        private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
+        private static async Task<ActionResult> ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string logonType, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
         {
             var _log = new StringBuilder();
 
@@ -319,6 +320,7 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
                         domain = ".";
                     }
 
+                    // Note: process running as local system cannot start a process as different user due to lack of security token context
                     scriptProcessInfo.UserName = username;
                     scriptProcessInfo.Domain = domain;
 
@@ -400,7 +402,11 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
             catch (Exception exp)
             {
                 _log.AppendLine("Error: " + exp.ToString());
-                return new ActionResult { IsSuccess = false, Message = _log.ToString() };
+                return new ActionResult
+                {
+                    IsSuccess = false,
+                    Message = _log.ToString()
+                };
             }
             finally
             {
@@ -425,7 +431,7 @@ private static bool ApplyFileACL(string filePath, string fullUsername)
             var fileInfo = new FileInfo(filePath);
             var accessControl = fileInfo.GetAccessControl();
 
-            accessControl.AddAccessRule(new FileSystemAccessRule(fullUsername, FileSystemRights.Read, AccessControlType.Allow));
+            accessControl.AddAccessRule(new FileSystemAccessRule(fullUsername, FileSystemRights.ReadAndExecute, AccessControlType.Allow));
 
             try
             {

From c23bceb444f7aa0ba106e4e685509ed5392bcf91 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Sun, 28 Jul 2024 14:50:10 +0800
Subject: [PATCH 217/237] Cleanup

---
 src/Certify.CLI/CertifyCLI.Backup.cs          |  1 -
 .../CertifyCLI.RunCertDiagnostics.cs          |  1 -
 src/Certify.Client/CertifyServiceClient.cs    |  2 +-
 src/Certify.Client/ManagementServerClient.cs  |  1 -
 .../CertifyManager.ImportExport.cs            |  4 ----
 .../CertifyManager.ManagedCertificates.cs     |  3 +--
 .../CertifyManager.ManagementHub.cs           |  4 +---
 .../CertifyManager/CertifyManager.cs          |  4 ++--
 .../ACME/Anvil/AnvilACMEProvider.cs           |  2 +-
 .../Controllers/internal/HubController.cs     |  4 +---
 .../Controllers/internal/PreviewController.cs |  3 +--
 .../Controllers/v1/CertificateController.cs   |  3 ---
 .../ManagementHub/InstanceManagementHub.cs    |  8 ++------
 .../InstanceManagementStateProvider.cs        |  3 +--
 .../Certify.Server.Api.Public/Startup.cs      |  2 --
 src/Certify.Service/APIHost.cs                |  3 +--
 src/Certify.Service/OwinService.cs            |  2 +-
 .../Utils/PowerShellManager.cs                |  4 +---
 .../Management/CredentialsUtil.cs             |  2 --
 .../Management/PluginManager.cs               |  2 +-
 src/Certify.Shared/Utils/DemoDataGenerator.cs |  2 --
 .../PublicAPISourceGenerator.cs               |  2 +-
 .../CertRequestTests.cs                       |  3 +--
 .../DNS/DnsAPITest.AWSRoute53.cs              |  1 -
 .../DNS/DnsAPITest.Azure.cs                   |  1 -
 .../DNS/DnsAPITest.Cloudflare.cs              |  1 -
 .../DataStores/AccessControlDataStoreTests.cs |  1 -
 .../DeploymentPreviewTests.cs                 |  1 -
 .../DeploymentTaskTests.cs                    |  1 -
 .../IntegrationTestBase.cs                    |  1 -
 .../Tests/AccessControlTests.cs               |  1 -
 .../Tests/CertificateOperationTests.cs        |  1 -
 .../Tests/CertifyManagerAccountTests.cs       |  3 +--
 .../Tests/ConnectionCheckTests.cs             |  2 --
 .../Tests/DnsQueryTests.cs                    |  1 -
 .../Tests/GetDnsProviderTests.cs              |  1 -
 .../Tests/MiscTests.cs                        | 19 ++++++++-----------
 .../ViewModelTests.cs                         |  7 +------
 .../ViewModel/AppViewModel/AppViewModel.cs    |  1 -
 .../Windows/MainWindow.xaml.cs                |  2 +-
 40 files changed, 28 insertions(+), 82 deletions(-)

diff --git a/src/Certify.CLI/CertifyCLI.Backup.cs b/src/Certify.CLI/CertifyCLI.Backup.cs
index 49896c5a7..284b95f65 100644
--- a/src/Certify.CLI/CertifyCLI.Backup.cs
+++ b/src/Certify.CLI/CertifyCLI.Backup.cs
@@ -2,7 +2,6 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
-using Certify.Client;
 using Certify.Models.Config.Migration;
 using Newtonsoft.Json;
 
diff --git a/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs b/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
index 90c1b1e72..417f5f8fc 100644
--- a/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
+++ b/src/Certify.CLI/CertifyCLI.RunCertDiagnostics.cs
@@ -7,7 +7,6 @@
 using Certify.Management;
 using Certify.Models;
 using Microsoft.Extensions.Logging;
-using Serilog;
 
 namespace Certify.CLI
 {
diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index 9ecc50078..d09128a3e 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -64,7 +64,7 @@ public async Task ConnectStatusStreamAsync()
                 _legacyConnection.TraceLevel = TraceLevels.All;
                 _legacyConnection.TraceWriter = writer;
 #endif
-                
+
                 await _legacyConnection.Start();
 
             }
diff --git a/src/Certify.Client/ManagementServerClient.cs b/src/Certify.Client/ManagementServerClient.cs
index 662a4b3f0..ed9cc01cf 100644
--- a/src/Certify.Client/ManagementServerClient.cs
+++ b/src/Certify.Client/ManagementServerClient.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Threading.Tasks;
 using Certify.API.Management;
-using Certify.Models;
 using Microsoft.AspNetCore.SignalR.Client;
 using Microsoft.Extensions.DependencyInjection;
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
index 5ff1ab638..8a38455d5 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ImportExport.cs
@@ -1,10 +1,6 @@
-using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Text;
 using System.Threading.Tasks;
-using Certify.API.Management;
-using Certify.Client;
 using Certify.Core.Management;
 using Certify.Models;
 using Certify.Models.Config.Migration;
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 79955ac6f..9bcea4a6d 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -3,7 +3,6 @@
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
-using System.Management.Automation;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.API;
@@ -562,7 +561,7 @@ public async Task<LogItem[]> GetItemLog(string id, int limit)
                         var str = await streamReader.ReadToEndAsync();
                         stream.Close();
 
-                        var log =str.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
+                        var log = str.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
                             .Reverse()
                             .Take(limit)
                             .ToArray();
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
index 733daef3a..a9890800d 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs
@@ -1,14 +1,12 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.Json;
 using System.Threading.Tasks;
 using Certify.API.Management;
 using Certify.Client;
 using Certify.Models;
-using Certify.Models.Shared.Validation;
-using System.Text.Json;
 using Certify.Shared.Core.Utils;
-using Serilog;
 
 namespace Certify.Management
 {
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index 98ccf5540..f51d1d781 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -376,13 +376,13 @@ private LoggingLevelSwitch LogLevelSwitchFromLogLevel(LogLevel level)
         {
             switch (level)
             {
-               case  LogLevel.Error:
+                case LogLevel.Error:
                     return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Error);
                 case LogLevel.Debug:
                     return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Debug);
                 case LogLevel.Warning:
                     return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Warning);
-                default: 
+                default:
                     return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Information);
             }
         }
diff --git a/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs b/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
index fd324c042..4cf57956c 100644
--- a/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
+++ b/src/Certify.Providers/ACME/Anvil/AnvilACMEProvider.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Globalization;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
index eff7cade2..5b4782428 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/HubController.cs
@@ -1,6 +1,4 @@
-
-using System.Collections.Frozen;
-using Certify.API.Management;
+using Certify.API.Management;
 using Certify.Client;
 using Certify.Models.API;
 using Certify.Server.Api.Public.SignalR.ManagementHub;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
index 3e1de3f77..c6db096cf 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/internal/PreviewController.cs
@@ -1,5 +1,4 @@
-using Certify.Client;
-using Certify.Models;
+using Certify.Models;
 using Certify.Server.Api.Public.Services;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
index bb8018fd0..57005eef1 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Controllers/v1/CertificateController.cs
@@ -1,13 +1,10 @@
 using Certify.Client;
-using Certify.Models;
 using Certify.Models.API;
 using Certify.Models.Reporting;
 using Certify.Server.Api.Public.Services;
-using Certify.Server.Api.Public.SignalR.ManagementHub;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.SignalR;
 
 namespace Certify.Server.Api.Public.Controllers
 {
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
index 31fcf18e8..d6058f7d4 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementHub.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Concurrent;
-using System.Diagnostics;
-using Certify.API.Management;
-using Certify.Models;
+using Certify.API.Management;
 using Certify.Models.Reporting;
 using Microsoft.AspNetCore.SignalR;
 
@@ -183,7 +179,7 @@ public Task ReceiveCommandResult(InstanceCommandResult result)
 
                             _stateProvider.UpdateInstanceItemInfo(instanceId, val.Items);
                         }
-                        else if (cmd.CommandType == ManagementHubCommands.GetStatusSummary && result?.Value!=null)
+                        else if (cmd.CommandType == ManagementHubCommands.GetStatusSummary && result?.Value != null)
                         {
                             // got status summary
                             var val = System.Text.Json.JsonSerializer.Deserialize<StatusSummary>(result.Value);
diff --git a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
index eb97fdc93..3e74e0ecc 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/SignalR/ManagementHub/InstanceManagementStateProvider.cs
@@ -2,7 +2,6 @@
 using Certify.API.Management;
 using Certify.Models;
 using Certify.Models.Reporting;
-using Microsoft.IdentityModel.Logging;
 
 namespace Certify.Server.Api.Public.SignalR.ManagementHub
 {
@@ -24,7 +23,7 @@ public interface IInstanceManagementStateProvider
         public void UpdateCachedManagedInstanceItem(string instanceId, ManagedCertificate managedCertificate);
         public void DeleteCachedManagedInstanceItem(string instanceId, string managedCertificateId);
         public bool HasItemsForManagedInstance(string instanceId);
-        
+
         public bool HasStatusSummaryForManagedInstance(string instanceId);
         public ConcurrentDictionary<string, StatusSummary> GetManagedInstanceStatusSummaries();
     }
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
index ea71d7b40..42f80ae92 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
+++ b/src/Certify.Server/Certify.Server.Api.Public/Startup.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
-using System.Reflection.Metadata.Ecma335;
 using Certify.Client;
 using Certify.Server.Api.Public.Middleware;
 using Certify.Server.Api.Public.Services;
@@ -9,7 +8,6 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.AspNetCore.SignalR;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 
 namespace Certify.Server.API
diff --git a/src/Certify.Service/APIHost.cs b/src/Certify.Service/APIHost.cs
index 137af24f5..d20a47e96 100644
--- a/src/Certify.Service/APIHost.cs
+++ b/src/Certify.Service/APIHost.cs
@@ -1,4 +1,3 @@
-using System;
 using System.Diagnostics;
 using System.Net;
 using System.Net.Http;
@@ -82,7 +81,7 @@ public void Configuration(IAppBuilder appBuilder)
             // inject single CertifyManager for service to use
             _container.Register<Management.ICertifyManager, Management.CertifyManager>(new PerContainerLifetime());
 
-            
+
             var currentCertifyManager = _container.GetInstance<Management.ICertifyManager>();
 
             var sw = Stopwatch.StartNew();
diff --git a/src/Certify.Service/OwinService.cs b/src/Certify.Service/OwinService.cs
index 19bd486bf..60d2cb0dd 100644
--- a/src/Certify.Service/OwinService.cs
+++ b/src/Certify.Service/OwinService.cs
@@ -74,7 +74,7 @@ public void Start(int? portOverride = null)
             try
             {
                 _webApp = WebApp.Start<APIHost>(serviceUri);
-               
+
                 Program.LogEvent(null, $"Service API bound OK to {serviceUri}", false);
             }
             catch (Exception exp)
diff --git a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
index 0c64c761f..62d2a9018 100644
--- a/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
+++ b/src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
@@ -1,18 +1,16 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
-using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.AccessControl;
 using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
-using Certify.Management.Utils;
 using Certify.Models;
 using Certify.Models.Config;
 using SimpleImpersonation;
diff --git a/src/Certify.Shared/Management/CredentialsUtil.cs b/src/Certify.Shared/Management/CredentialsUtil.cs
index 0ea0cba41..2788419ae 100644
--- a/src/Certify.Shared/Management/CredentialsUtil.cs
+++ b/src/Certify.Shared/Management/CredentialsUtil.cs
@@ -1,12 +1,10 @@
 using System;
-using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Certify.Models.Config;
 using Certify.Providers;
 
 namespace Certify.Management
diff --git a/src/Certify.Shared/Management/PluginManager.cs b/src/Certify.Shared/Management/PluginManager.cs
index 7eda51aa8..45570ced7 100644
--- a/src/Certify.Shared/Management/PluginManager.cs
+++ b/src/Certify.Shared/Management/PluginManager.cs
@@ -60,7 +60,7 @@ public PluginManager()
                         .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "plugins.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10))
                         .CreateLogger();
 
-           var msLogger = new SerilogLoggerFactory(serilogLogger).CreateLogger<PluginManager>(); 
+            var msLogger = new SerilogLoggerFactory(serilogLogger).CreateLogger<PluginManager>();
 
             _log = new Models.Loggy(msLogger);
 
diff --git a/src/Certify.Shared/Utils/DemoDataGenerator.cs b/src/Certify.Shared/Utils/DemoDataGenerator.cs
index 8d874f43d..10903c4a0 100644
--- a/src/Certify.Shared/Utils/DemoDataGenerator.cs
+++ b/src/Certify.Shared/Utils/DemoDataGenerator.cs
@@ -1,10 +1,8 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Text;
 using Certify.Models;
 using Certify.Models.Shared.Validation;
-using Org.BouncyCastle.Tls;
 
 namespace Certify.Shared.Core.Utils
 {
diff --git a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
index f18cc5f84..44ab3f3b3 100644
--- a/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
+++ b/src/Certify.SourceGenerators/PublicAPISourceGenerator.cs
@@ -227,7 +227,7 @@ public void Initialize(GeneratorInitializationContext context)
             // then add a watch on 
             if (!Debugger.IsAttached)
             {
-                 //Debugger.Launch();
+                //Debugger.Launch();
             }
 #endif
         }
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
index ce411e9d1..facd4422e 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/CertRequestTests.cs
@@ -11,7 +11,6 @@
 using Certify.Models;
 using Certify.Providers.ACME.Anvil;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests
 {
@@ -35,7 +34,7 @@ public class CertRequestTests : IntegrationTestBase, IDisposable
 
         public CertRequestTests()
         {
-            
+
             certifyManager = new CertifyManager();
             certifyManager.Init().Wait();
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
index b3d5e8e84..796867e5a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.AWSRoute53.cs
@@ -2,7 +2,6 @@
 using System.Diagnostics;
 using System.Threading.Tasks;
 using Certify.Datastore.SQLite;
-using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
index 35fae6cfa..733936dc1 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Azure.cs
@@ -2,7 +2,6 @@
 using System.Diagnostics;
 using System.Threading.Tasks;
 using Certify.Datastore.SQLite;
-using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
index be16e5eec..906999019 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DNS/DnsAPITest.Cloudflare.cs
@@ -2,7 +2,6 @@
 using System.Diagnostics;
 using System.Threading.Tasks;
 using Certify.Datastore.SQLite;
-using Certify.Management;
 using Certify.Models.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
index 64eceacfe..ac1261907 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DataStores/AccessControlDataStoreTests.cs
@@ -4,7 +4,6 @@
 using System.Threading.Tasks;
 using Certify.Core.Management.Access;
 using Certify.Datastore.SQLite;
-using Certify.Management;
 using Certify.Models.Config.AccessControl;
 using Certify.Providers;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
index bb4522449..00750073a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentPreviewTests.cs
@@ -9,7 +9,6 @@
 using Certify.Management.Servers;
 using Certify.Models;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
index 6b7d20335..e9850d15a 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/DeploymentTaskTests.cs
@@ -8,7 +8,6 @@
 using Certify.Models;
 using Certify.Models.Config;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
index f58b24981..3234d9ae9 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/IntegrationTestBase.cs
@@ -6,7 +6,6 @@
 using Certify.Models.Providers;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
-using Serilog;
 
 namespace Certify.Core.Tests
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
index d5cebf7ca..1bc4a1339 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs
@@ -10,7 +10,6 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Newtonsoft.Json;
-using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
index eeaa45718..231022096 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertificateOperationTests.cs
@@ -5,7 +5,6 @@
 using Certify.Models;
 using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index 41406c7d9..e9b1e0ae0 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -18,7 +18,6 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Newtonsoft.Json;
-using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
@@ -40,7 +39,7 @@ public class CertifyManagerAccountTests
         [ClassInitialize]
         public static async Task ClassInit(TestContext context)
         {
-            
+
             _log = new Loggy(LoggerFactory.Create(builder => builder.AddDebug()).CreateLogger<CertifyManagerAccountTests>());
 
             _caDomain = _isContainer ? "step-ca" : "localhost";
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
index ea960ed3e..5df117389 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/ConnectionCheckTests.cs
@@ -1,8 +1,6 @@
 using System.Threading.Tasks;
-using Certify.Models;
 using Certify.Shared.Core.Utils;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
index 3ad05b3e1..646c0961d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/DnsQueryTests.cs
@@ -4,7 +4,6 @@
 using Certify.Shared.Core.Utils;
 using Microsoft.Extensions.Logging;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Serilog;
 
 namespace Certify.Core.Tests.Unit
 {
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
index 171b5fd99..23e259469 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/GetDnsProviderTests.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Certify.Core.Management.Challenges;
 using Certify.Datastore.SQLite;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
index 339141cb2..e359e041d 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscTests.cs
@@ -1,14 +1,11 @@
 using System;
 using System.Linq;
-using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
-using Certify.Management;
 using Certify.Models.API;
 using Certify.Shared.Core.Utils;
 using Certify.Shared.Core.Utils.PKI;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.X509;
 
 namespace Certify.Core.Tests.Unit
@@ -75,14 +72,14 @@ public async Task TestNtp()
         public void TestARICertIDEncoding()
         {
             // https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients
-            var certAKIbytes = Convert.FromHexString("69:88:5B:6B:87:46:40:41:E1:B3:7B:84:7B:A0:AE:2C:DE:01:C8:D4".Replace(":",""));
-            var certSerialBytes= Convert.FromHexString("00:87:65:43:21".Replace(":",""));
+            var certAKIbytes = Convert.FromHexString("69:88:5B:6B:87:46:40:41:E1:B3:7B:84:7B:A0:AE:2C:DE:01:C8:D4".Replace(":", ""));
+            var certSerialBytes = Convert.FromHexString("00:87:65:43:21".Replace(":", ""));
 
-            var certId = Certify.Management.Util.ToUrlSafeBase64String(certAKIbytes) 
-                + "." 
+            var certId = Certify.Management.Util.ToUrlSafeBase64String(certAKIbytes)
+                + "."
                 + Certify.Management.Util.ToUrlSafeBase64String(certSerialBytes);
 
-           Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
+            Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
         }
 
         [TestMethod, Description("Test ARI CertID encoding example 2")]
@@ -104,8 +101,8 @@ public void TestARICertIDEncodingWithTestCert()
 
 ";
             var cert = new X509CertificateParser().ReadCertificate(ASCIIEncoding.ASCII.GetBytes(testCertPem));
-                                  
-            var certId= CertUtils.GetARICertIdBase64(cert);
+
+            var certId = CertUtils.GetARICertIdBase64(cert);
 
             Assert.AreEqual("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE", certId);
         }
@@ -113,7 +110,7 @@ public void TestARICertIDEncodingWithTestCert()
         [TestMethod, Description("Test Demo Managed Cert Generation")]
         public void TestDemoDataGeneration()
         {
-            var items= DemoDataGenerator.GenerateDemoItems();
+            var items = DemoDataGenerator.GenerateDemoItems();
 
             Assert.IsTrue(items.Any());
         }
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
index 72290a528..096938bcf 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/ViewModelTests.cs
@@ -1,13 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Certify.Client;
-using Certify.Models;
+using Certify.Models;
 using Certify.Models.Config;
 using Certify.Models.Shared.Validation;
 using Certify.UI.ViewModel;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using Moq;
 
 namespace Certify.UI.Tests.Integration
 {
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
index de76e9dea..15b2dc1f3 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.cs
@@ -16,7 +16,6 @@
 using Certify.UI.Shared;
 using Microsoft.Extensions.Logging;
 using Serilog;
-using Serilog.Core;
 
 namespace Certify.UI.ViewModel
 {
diff --git a/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs b/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
index aaebec9f5..f6c53b8e6 100644
--- a/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
+++ b/src/Certify.UI.Shared/Windows/MainWindow.xaml.cs
@@ -268,7 +268,7 @@ private async Task PerformAppStartupChecks()
             }
 
             sw.Stop();
-            
+
             _appViewModel.Log.Information("Service connection init process took {total}ms.", sw.ElapsedMilliseconds);
 
             if (_appViewModel.IsServiceAvailable)

From a4bde0cb5959250cd85d82dda124768f14cf19ba Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 31 Jul 2024 19:07:48 +0800
Subject: [PATCH 218/237] Package updates

---
 .../Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj    | 2 +-
 .../Certify.Aspire.ServiceDefaults.csproj                   | 2 +-
 src/Certify.Client/Certify.Client.csproj                    | 6 +++---
 src/Certify.Models/Certify.Models.csproj                    | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj             | 2 +-
 src/Certify.Service/Certify.Service.csproj                  | 2 +-
 .../Certify.Shared.Extensions.csproj                        | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index ec5f05fb8..f4b1d96e4 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.0.2" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.1.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index ac4d48703..32cfa7b8e 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -12,7 +12,7 @@
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
     <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.7.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.0.2" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.1.0" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 1568ae567..60c695454 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -1,7 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netstandard2.0</TargetFramework>
+    <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
     <Platforms>AnyCPU</Platforms>
     <GeneratePackageOnBuild>False</GeneratePackageOnBuild>
   </PropertyGroup>
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.0" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 723527481..290f326d6 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,7 +21,7 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
 		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index 0482135e1..b94ee00d3 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.302.86" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.400.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 76dd66f16..537b23b2b 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -37,7 +37,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.62.0" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index 4de098ddb..a67cf4149 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.3" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.4" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' == 'netstandard2.0'" />
     </ItemGroup>
 

From d3e42fa647593f35e9cdcfa977d523bacb7b0631 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 2 Aug 2024 13:11:04 +0800
Subject: [PATCH 219/237] Logging: fix debug log level

---
 .../CertifyManager/CertifyManager.cs          | 16 +---------------
 .../Utils/ManagedCertificateLog.cs            | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index f51d1d781..f61c1ff7f 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -361,7 +361,7 @@ private void InitLogging(Shared.ServiceConfig serverConfig)
 
             var serilogLog = new Serilog.LoggerConfiguration()
                .Enrich.FromLogContext()
-               .MinimumLevel.ControlledBy(LogLevelSwitchFromLogLevel(_loggingLevelSwitch))
+               .MinimumLevel.ControlledBy(ManagedCertificateLog.LogLevelSwitchFromLogLevel(_loggingLevelSwitch))
                .WriteTo.File(Path.Combine(EnvironmentUtil.CreateAppDataPath("logs"), "session.log"), shared: true, flushToDiskInterval: new TimeSpan(0, 0, 10), rollOnFileSizeLimit: true, fileSizeLimitBytes: 5 * 1024 * 1024)
                .CreateLogger();
 
@@ -372,20 +372,6 @@ private void InitLogging(Shared.ServiceConfig serverConfig)
             _serviceLog?.Information($"-------------------- Logging started: {_loggingLevelSwitch} --------------------");
         }
 
-        private LoggingLevelSwitch LogLevelSwitchFromLogLevel(LogLevel level)
-        {
-            switch (level)
-            {
-                case LogLevel.Error:
-                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Error);
-                case LogLevel.Debug:
-                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Debug);
-                case LogLevel.Warning:
-                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Warning);
-                default:
-                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Information);
-            }
-        }
         /// <summary>
         /// Update the current service log level
         /// </summary>
diff --git a/src/Certify.Shared/Utils/ManagedCertificateLog.cs b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
index ed0e99382..52ffb2c2f 100644
--- a/src/Certify.Shared/Utils/ManagedCertificateLog.cs
+++ b/src/Certify.Shared/Utils/ManagedCertificateLog.cs
@@ -4,6 +4,7 @@
 using Certify.Models.Providers;
 using Microsoft.Extensions.Logging;
 using Serilog;
+using Serilog.Core;
 
 namespace Certify.Models
 {
@@ -58,6 +59,7 @@ public static ILog GetLogger(string managedItemId, LogLevel logLevelSwitch)
 
                 var serilogLog = new Serilog.LoggerConfiguration()
                     .Enrich.FromLogContext()
+                    .MinimumLevel.ControlledBy(LogLevelSwitchFromLogLevel(logLevelSwitch))
                     .WriteTo.File(
                         logPath, shared: true,
                         flushToDiskInterval: new TimeSpan(0, 0, 10)
@@ -71,6 +73,23 @@ public static ILog GetLogger(string managedItemId, LogLevel logLevelSwitch)
             return new Loggy(log);
         }
 
+        public static LoggingLevelSwitch LogLevelSwitchFromLogLevel(LogLevel level)
+        {
+            switch (level)
+            {
+                case LogLevel.Trace:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Debug);
+                case LogLevel.Debug:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Verbose);
+                case LogLevel.Warning:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Warning);
+                case LogLevel.Error:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Error);
+                default:
+                    return new LoggingLevelSwitch(Serilog.Events.LogEventLevel.Information);
+            }
+        }
+
         public static void AppendLog(string managedItemId, ManagedCertificateLogItem logItem, LogLevel logLevelSwitch)
         {
             var log = GetLogger(managedItemId, logLevelSwitch);

From 7067a4df3f82c6b400ccbbb249277b7f9b637a79 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 2 Aug 2024 17:48:25 +0800
Subject: [PATCH 220/237] Add request throttling to http logging handler

Update acme directory tests
---
 .../Certify.Core.Tests.Unit.csproj            | 253 +++++++++---------
 .../Tests/CertifyManagerAccountTests.cs       |   2 +-
 .../Tests/MiscAcmeTests.cs                    | 223 +++++++++++++++
 3 files changed, 351 insertions(+), 127 deletions(-)
 create mode 100644 src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs

diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index 7bbb2ddb3..e00341169 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -1,129 +1,130 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFrameworks>net462;net9.0;</TargetFrameworks>
-    <Configurations>Debug;Release</Configurations>
-    <Platforms>AnyCPU</Platforms>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>AnyCPU</PlatformTarget>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>AnyCPU</PlatformTarget>
-  </PropertyGroup>
-  
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{C0534CD8-10E9-438D-B9A1-A8C09A6BB964}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>Certify.Core.Tests.Unit</RootNamespace>
-    <AssemblyName>Certify.Core.Tests.Unit</AssemblyName>
-    <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">15.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-    <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
-    <IsCodedUITest>False</IsCodedUITest>
-    <TestProjectType>UnitTest</TestProjectType>
-    <NuGetPackageImportStamp />
-    <TargetFrameworkProfile />
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
-    <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
-    <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
-  </PropertyGroup>
-  <PropertyGroup>
-    <Configuration Condition="'$(OS)|$(Configuration)' == 'UNIX|Debug'"></Configuration>
-    <DebugType>portable</DebugType>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
-    <NoWarn>1701;1702;NU1701</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
-    <NoWarn>1701;1702;NU1701</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
-    <NoWarn>1701;1702;NU1701</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
-    <NoWarn>1701;1702;NU1701</NoWarn>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(OS)'=='WINDOWS_NT'">
-    <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test.runsettings</RunSettingsFilePath>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(OS)'=='UNIX'">
-    <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test-linux.runsettings</RunSettingsFilePath>
-  </PropertyGroup>
-  <ItemGroup>
-    <Content Include="Assets\Powershell\Simple.ps1">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </Content>
-    <None Include="Assets\dummycert.pfx">
-        <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
-    <None Include="Assets\badcert.pfx">
-        <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\Postgres\Plugin.Datastore.Postgres.csproj" />
-    <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
-    <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\SQLServer\Plugin.Datastore.SQLServer.csproj" />
-    <ProjectReference Include="..\..\Certify.Core\Certify.Core.csproj" />
-    <ProjectReference Include="..\..\Certify.Locales\Certify.Locales.csproj" />
-    <ProjectReference Include="..\..\Certify.Models\Certify.Models.csproj" />
-    <ProjectReference Include="..\..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
-    <ProjectReference Include="..\..\Certify.Service\Certify.Service.csproj" />
-    <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
-    <PackageReference Include="coverlet.msbuild" Version="6.0.2">
-      <PrivateAssets>all</PrivateAssets>
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-    </PackageReference>
-    <PackageReference Include="MedallionShell" Version="1.6.2" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
-    <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
-    <PackageReference Include="Polly" Version="8.4.1" />
-    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
-    <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-    <PackageReference Include="System.Text.Json" Version="8.0.4" />
-    <PackageReference Include="Testcontainers" Version="3.9.0" />
-  </ItemGroup>
-  <ItemGroup>
-    <Reference Include="System.Configuration" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="app.config" />
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
+    <PropertyGroup>
+        <TargetFrameworks>net462;net9.0;</TargetFrameworks>
+        <Configurations>Debug;Release</Configurations>
+        <Platforms>AnyCPU</Platforms>
+        <LangVersion>latest</LangVersion>
+    </PropertyGroup>
+    <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+        <DebugSymbols>true</DebugSymbols>
+        <DebugType>full</DebugType>
+        <Optimize>false</Optimize>
+        <OutputPath>bin\Debug\</OutputPath>
+        <DefineConstants>DEBUG;TRACE</DefineConstants>
+        <ErrorReport>prompt</ErrorReport>
+        <WarningLevel>4</WarningLevel>
+        <PlatformTarget>AnyCPU</PlatformTarget>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+        <DebugSymbols>true</DebugSymbols>
+        <DebugType>full</DebugType>
+        <Optimize>false</Optimize>
+        <OutputPath>bin\Debug\</OutputPath>
+        <DefineConstants>DEBUG;TRACE</DefineConstants>
+        <ErrorReport>prompt</ErrorReport>
+        <WarningLevel>4</WarningLevel>
+        <PlatformTarget>AnyCPU</PlatformTarget>
+    </PropertyGroup>
+
+    <PropertyGroup>
+        <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+        <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+        <ProjectGuid>{C0534CD8-10E9-438D-B9A1-A8C09A6BB964}</ProjectGuid>
+        <OutputType>Library</OutputType>
+        <AppDesignerFolder>Properties</AppDesignerFolder>
+        <RootNamespace>Certify.Core.Tests.Unit</RootNamespace>
+        <AssemblyName>Certify.Core.Tests.Unit</AssemblyName>
+        <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
+        <FileAlignment>512</FileAlignment>
+        <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
+        <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">15.0</VisualStudioVersion>
+        <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+        <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
+        <IsCodedUITest>False</IsCodedUITest>
+        <TestProjectType>UnitTest</TestProjectType>
+        <NuGetPackageImportStamp />
+        <TargetFrameworkProfile />
+        <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+        <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
+        <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
+        <RestoreProjectStyle>PackageReference</RestoreProjectStyle>
+    </PropertyGroup>
+    <PropertyGroup>
+        <Configuration Condition="'$(OS)|$(Configuration)' == 'UNIX|Debug'"></Configuration>
+        <DebugType>portable</DebugType>
+    </PropertyGroup>
+    <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+        <PlatformTarget>AnyCPU</PlatformTarget>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net9.0|AnyCPU'">
+        <NoWarn>1701;1702;NU1701</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net9.0|AnyCPU'">
+        <NoWarn>1701;1702;NU1701</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net462|AnyCPU'">
+        <NoWarn>1701;1702;NU1701</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Release|net462|AnyCPU'">
+        <NoWarn>1701;1702;NU1701</NoWarn>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(OS)'=='WINDOWS_NT'">
+        <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test.runsettings</RunSettingsFilePath>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(OS)'=='UNIX'">
+        <RunSettingsFilePath>$(MSBuildThisFileDirectory)\unit-test-linux.runsettings</RunSettingsFilePath>
+    </PropertyGroup>
+    <ItemGroup>
+        <Content Include="Assets\Powershell\Simple.ps1">
+            <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+        </Content>
+        <None Include="Assets\dummycert.pfx">
+            <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+        </None>
+        <None Include="Assets\badcert.pfx">
+            <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+        </None>
+    </ItemGroup>
+    <ItemGroup>
+        <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\Postgres\Plugin.Datastore.Postgres.csproj" />
+        <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\SQLite\Plugin.Datastore.SQLite.csproj" />
+        <ProjectReference Include="..\..\..\..\certify-plugins\src\DataStores\SQLServer\Plugin.Datastore.SQLServer.csproj" />
+        <ProjectReference Include="..\..\Certify.Core\Certify.Core.csproj" />
+        <ProjectReference Include="..\..\Certify.Locales\Certify.Locales.csproj" />
+        <ProjectReference Include="..\..\Certify.Models\Certify.Models.csproj" />
+        <ProjectReference Include="..\..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
+        <ProjectReference Include="..\..\Certify.Service\Certify.Service.csproj" />
+        <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
+    </ItemGroup>
+    <ItemGroup>
+        <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
+        <PackageReference Include="coverlet.msbuild" Version="6.0.2">
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+        <PackageReference Include="MedallionShell" Version="1.6.2" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
+        <PackageReference Include="Moq" Version="4.20.70" />
+        <PackageReference Include="NETStandard.Library" Version="2.0.3" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+        <PackageReference Include="Polly" Version="8.4.1" />
+        <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
+        <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
+        <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
+        <PackageReference Include="System.Text.Json" Version="8.0.4" />
+        <PackageReference Include="Testcontainers" Version="3.9.0" />
+    </ItemGroup>
+    <ItemGroup>
+        <Reference Include="System.Configuration" />
+    </ItemGroup>
+    <ItemGroup>
+        <None Include="app.config" />
+    </ItemGroup>
+    <ItemGroup>
+        <Folder Include="Properties\" />
+    </ItemGroup>
 
 </Project>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
index e9b1e0ae0..4af5bac94 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/CertifyManagerAccountTests.cs
@@ -319,7 +319,7 @@ private static async Task CheckCustomCaIsRunning()
 
             httpHandler.ServerCertificateCustomValidationCallback = (message, certificate, chain, sslPolicyErrors) => true;
 
-            var loggingHandler = new LoggingHandler(httpHandler, _log);
+            var loggingHandler = new LoggingHandler(httpHandler, _log, maxRequestsPerSecond: 2);
             var stepCaHttp = new HttpClient(loggingHandler);
             var healthRes = await stepCaHttp.GetAsync($"https://{_caDomain}:{_caPort}/health");
             var healthResStr = await healthRes.Content.ReadAsStringAsync();
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs
new file mode 100644
index 000000000..f413c10d1
--- /dev/null
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs
@@ -0,0 +1,223 @@
+using System;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Certify.ACME.Anvil;
+using Certify.ACME.Anvil.Acme;
+using Certify.Models;
+using Certify.Providers.ACME.Anvil;
+using Microsoft.Extensions.Logging;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Moq;
+using Moq.Protected;
+
+namespace Certify.Core.Tests.Unit
+{
+    [TestClass]
+    public class MiscAcmeTests
+    {
+
+        [TestMethod, Description("Test Directory Query")]
+        public async Task TestAcmeDirectory()
+        {
+
+            var directoryJson = """
+                 
+                {
+                  "newNonce": "https://acme.dev.certifytheweb.com/v2/newNonce",
+                  "newAccount": "https://acme.dev.certifytheweb.com/v2/newAccount",
+                  "newOrder": "https://acme.dev.certifytheweb.com/v2/newOrder",
+                  "revokeCert": "https://acme.dev.certifytheweb.com/v2/revokeCert",
+                  "keyChange": "https://acme.dev.certifytheweb.com/v2/keyChange",
+                  "meta": {
+                    "termsOfService": "https://acme.dev.certifytheweb.com/v2/tc.pdf",
+                    "website": "https://certifytheweb.com",
+                    "caaIdentities": ["certifytheweb.com"],
+                    "externalAccountRequired": false
+                  }
+                }
+
+                """;
+
+            var mockMessageHandler = new Mock<HttpMessageHandler>();
+
+            mockMessageHandler
+                .Protected()
+                .Setup<Task<HttpResponseMessage>>("SendAsync", ItExpr.IsAny<HttpRequestMessage>(), ItExpr.IsAny<CancellationToken>())
+                .ReturnsAsync(new HttpResponseMessage
+                {
+                    StatusCode = HttpStatusCode.OK,
+                    Content = new StringContent(directoryJson.Trim(), Encoding.UTF8, "application/json")
+                });
+
+            using ILoggerFactory factory = LoggerFactory.Create(builder => builder.AddDebug());
+            var logger = factory.CreateLogger(nameof(MiscTests));
+
+            var loggingHandler = new LoggingHandler(mockMessageHandler.Object, new Loggy(logger), maxRequestsPerSecond: 2);
+            var customHttpClient = new System.Net.Http.HttpClient(loggingHandler);
+
+            var acmeHttpClient = new AcmeHttpClient(WellKnownServers.LetsEncryptStaging, customHttpClient);
+
+            var acmeContext = new AcmeContext(WellKnownServers.LetsEncryptStagingV2, http: acmeHttpClient);
+
+            var dir = await acmeContext.GetDirectory(throwOnError: true);
+
+            Assert.IsNotNull(dir);
+        }
+
+        [TestMethod, Description("Test Directory Query Rate Limit 429")]
+        public async Task TestAcmeDirectoryRateLimit()
+        {
+            // Some CAs have different type of rate limit, occasionally it's at the server or traffic manager level
+            // and is not aware of ACME problem responses etc. This example matches ZeroSSLs rate limit behaviour (if it encounters more than 7 requests per second)
+
+            var directoryResponseRateLimited = """
+                 
+                <html>
+                <head><title>429 Too Many Requests</title></head>
+                <body>
+                <center><h1>429 Too Many Requests</h1></center>
+                <hr><center>nginx</center>
+                </body>
+                </html>
+
+                """;
+
+            // test message gets disposed after being consumed so we generate a new one for every call
+            var rateLimitedResponseMessageFactory = () =>
+            {
+                var msg = new HttpResponseMessage
+                {
+                    Content = new StringContent(directoryResponseRateLimited.Trim(), Encoding.UTF8, "text/html"),
+                    StatusCode = (HttpStatusCode)429
+                };
+                msg.Headers.Add("Retry-After", "5");
+                return msg;
+            };
+
+            var mockMessageHandler = new Mock<HttpMessageHandler>();
+
+            mockMessageHandler
+                .Protected()
+                .SetupSequence<Task<HttpResponseMessage>>("SendAsync", ItExpr.IsAny<HttpRequestMessage>(), ItExpr.IsAny<CancellationToken>())
+                .ReturnsAsync(rateLimitedResponseMessageFactory())
+                .ReturnsAsync(rateLimitedResponseMessageFactory())
+                .ReturnsAsync(rateLimitedResponseMessageFactory());
+
+            using ILoggerFactory factory = LoggerFactory.Create(builder => builder.AddDebug());
+            var logger = factory.CreateLogger(nameof(MiscTests));
+
+            var loggingHandler = new LoggingHandler(mockMessageHandler.Object, new Loggy(logger), maxRequestsPerSecond: 2);
+            var customHttpClient = new System.Net.Http.HttpClient(loggingHandler);
+
+            var acmeHttpClient = new AcmeHttpClient(WellKnownServers.LetsEncryptStaging, customHttpClient);
+
+            var acmeContext = new AcmeContext(WellKnownServers.LetsEncryptStagingV2, http: acmeHttpClient);
+            acmeContext.AutoRetryAttempts = 2;
+
+            try
+            {
+                await acmeContext.GetDirectory(throwOnError: true);
+            }
+            catch (AcmeRequestException ex)
+            {
+                Assert.AreEqual("urn:ietf:params:acme:error:rateLimited", ex.Error.Type);
+            }
+        }
+
+        [TestMethod, Description("Test Directory Query Rate Limit With Auto Retry")]
+        public async Task TestAcmeDirectoryRateLimitWithRetry()
+        {
+            // Some CAs have different type of rate limit, occasionally it's at the server or traffic manager level
+            // and is not aware of ACME problem responses etc. This example matches ZeroSSLs rate limit behaviour (if it encounters more than 7 requests per second)
+
+            var directoryResponseRateLimited = """
+                 
+                <html>
+                <head><title>429 Too Many Requests</title></head>
+                <body>
+                <center><h1>429 Too Many Requests</h1></center>
+                <hr><center>nginx</center>
+                </body>
+                </html>
+
+                """;
+
+            var directoryJson = """
+                 
+                {
+                  "newNonce": "https://acme.dev.certifytheweb.com/v2/newNonce",
+                  "newAccount": "https://acme.dev.certifytheweb.com/v2/newAccount",
+                  "newOrder": "https://acme.dev.certifytheweb.com/v2/newOrder",
+                  "revokeCert": "https://acme.dev.certifytheweb.com/v2/revokeCert",
+                  "keyChange": "https://acme.dev.certifytheweb.com/v2/keyChange",
+                  "meta": {
+                    "termsOfService": "https://acme.dev.certifytheweb.com/v2/tc.pdf",
+                    "website": "https://certifytheweb.com",
+                    "caaIdentities": ["certifytheweb.com"],
+                    "externalAccountRequired": false
+                  }
+                }
+
+                """;
+
+            // test message gets disposed after being consumed so we generate a new one for every call
+            var rateLimitedResponseMessageFactory = (int retryAfter) =>
+            {
+                var msg = new HttpResponseMessage
+                {
+                    Content = new StringContent(directoryResponseRateLimited.Trim(), Encoding.UTF8, "text/html"),
+                    StatusCode = (HttpStatusCode)429
+                };
+
+                // optionally include retry-after header
+                if (retryAfter > 0)
+                {
+                    msg.Headers.Add("Retry-After", "5");
+                }
+
+                return msg;
+            };
+
+            var directoryResponseMessage = new HttpResponseMessage
+            {
+                Content = new StringContent(directoryJson.Trim(), Encoding.UTF8, "application/json"),
+                StatusCode = (HttpStatusCode)200
+            };
+
+            var mockMessageHandler = new Mock<HttpMessageHandler>();
+
+            mockMessageHandler.Protected()
+                .SetupSequence<Task<HttpResponseMessage>>("SendAsync", ItExpr.IsAny<HttpRequestMessage>(), ItExpr.IsAny<CancellationToken>())
+                .ReturnsAsync(rateLimitedResponseMessageFactory(5))
+                .ReturnsAsync(rateLimitedResponseMessageFactory(0))
+                .ReturnsAsync(directoryResponseMessage);
+
+            using ILoggerFactory factory = LoggerFactory.Create(builder => builder.AddDebug());
+
+            var logger = factory.CreateLogger(nameof(MiscTests));
+
+            var loggingHandler = new LoggingHandler(mockMessageHandler.Object, new Loggy(logger), maxRequestsPerSecond: 2);
+            var customHttpClient = new System.Net.Http.HttpClient(loggingHandler);
+
+            var acmeHttpClient = new AcmeHttpClient(WellKnownServers.LetsEncryptStaging, customHttpClient);
+
+            var acmeContext = new AcmeContext(WellKnownServers.LetsEncryptStagingV2, http: acmeHttpClient);
+
+            ACME.Anvil.Acme.Resource.Directory dir = default;
+            try
+            {
+                dir = await acmeContext.GetDirectory(throwOnError: false);
+            }
+            catch (AcmeRequestException ex)
+            {
+                Assert.AreEqual("urn:ietf:params:acme:error:rateLimited", ex.Error.Type);
+            }
+
+            Assert.IsNotNull(dir);
+            Assert.IsNotNull(dir.NewOrder);
+        }
+    }
+}

From 1a77d6efb511beb48f3947fd245377793c80d02d Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 5 Aug 2024 17:52:20 +0800
Subject: [PATCH 221/237] Clean up and sync with release

---
 src/Certify.Shared/Management/CertificateManager.cs     | 1 -
 src/Certify.Shared/Utils/NetworkUtils.cs                | 6 +++---
 src/Certify.UI.Shared/Windows/DataStoreConnections.xaml | 2 +-
 src/Certify.UI/App.xaml                                 | 1 +
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index b19e4b2d6..85eb83bc0 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -20,7 +20,6 @@
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.Security;
-
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.X509;
 
diff --git a/src/Certify.Shared/Utils/NetworkUtils.cs b/src/Certify.Shared/Utils/NetworkUtils.cs
index aaa80a271..271446f8a 100644
--- a/src/Certify.Shared/Utils/NetworkUtils.cs
+++ b/src/Certify.Shared/Utils/NetworkUtils.cs
@@ -7,7 +7,7 @@
 using System.Net.Sockets;
 using System.Threading.Tasks;
 using Certify.Management;
-#if NET8_0_OR_GREATER
+#if NET6_0_OR_GREATER
 using ARSoft.Tools.Net;
 using ARSoft.Tools.Net.Dns;
 #endif
@@ -209,7 +209,7 @@ public async Task<bool> CheckURL(ILog log, string url, bool? useProxyAPI = null)
             }
         }
 
-#if NET8_0_OR_GREATER
+#if NET6_0_OR_GREATER
         public async Task<string> GetDNSRecordTXT(ILog log, string fullyQualifiedRecordName)
         {
 
@@ -266,7 +266,7 @@ public async Task<ActionResult> CheckServiceConnection(string hostname, int port
         public async Task<List<ActionResult>> CheckDNS(ILog log, string domain, bool? useProxyAPI = null, bool includeIPCheck = true)
         {
             var results = new List<ActionResult>();
-#if NET8_0_OR_GREATER
+#if NET6_0_OR_GREATER
             log.Information("CheckDNS: performing DNS checks. This option can be disabled in Settings if required.");
 
             if (string.IsNullOrEmpty(domain))
diff --git a/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml b/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
index eb929c88f..b151a7a22 100644
--- a/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
+++ b/src/Certify.UI.Shared/Windows/DataStoreConnections.xaml
@@ -1,4 +1,4 @@
-<Controls:MetroWindow
+<Controls:MetroWindow
     x:Class="Certify.UI.Windows.DataStoreConnections"
     xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
     xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
diff --git a/src/Certify.UI/App.xaml b/src/Certify.UI/App.xaml
index d62c524e1..450fd8628 100644
--- a/src/Certify.UI/App.xaml
+++ b/src/Certify.UI/App.xaml
@@ -75,6 +75,7 @@
                 <Setter Property="controls:ControlsHelper.CornerRadius" Value="0" />
             </Style>
 
+
             <!--  control templates  -->
             <DataTemplate x:Key="ProviderHiddenParameter" />
 

From a5245da3f9d21070fee706d3fc535ae054646229 Mon Sep 17 00:00:00 2001
From: Christopher Cook <development@webprofusion.com>
Date: Tue, 6 Aug 2024 12:35:47 +0800
Subject: [PATCH 222/237] Update DotNetCore_Unit_Tests_Win.yaml Update
 DotNetCore_Unit_Tests_Linux.yaml Update DotNetCore_Unit_Tests_Win.yaml Update
 DotNetCore_Unit_Tests_Linux.yaml Update DotNetCore_Unit_Tests_Linux.yaml
 Update DotNetCore_Unit_Tests_Linux.yaml

---
 .github/workflows/DotNetCore_Unit_Tests_Linux.yaml | 6 ++++--
 .github/workflows/DotNetCore_Unit_Tests_Win.yaml   | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
index deee70381..94acd9076 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Linux.yaml
@@ -77,10 +77,12 @@ jobs:
 
     - name: Install Dependencies & Build Certify.Core.Tests.Unit
       run: |
-        dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
+        dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.3.8
         dotnet add package GitHubActionsTestLogger
         dotnet restore -f net9.0
-        dotnet build ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
+        pwd
+        ls
+        dotnet build -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests
diff --git a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
index 572b306c0..1094fbe39 100644
--- a/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
+++ b/.github/workflows/DotNetCore_Unit_Tests_Win.yaml
@@ -65,7 +65,7 @@ jobs:
         echo "C:\Program Files\step_0.24.4\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
     - name: Pull step-ca Docker Image
-      run: docker pull jrnelson90/step-ca-win
+      run: docker pull webprofusion/step-ca-win
 
     - name: Cache NuGet Dependencies    
       uses: actions/cache@v3
@@ -81,7 +81,7 @@ jobs:
         dotnet tool install --global dotnet-reportgenerator-globaltool --version 5.2.0
         dotnet add package GitHubActionsTestLogger
         dotnet restore -f net9.0
-        dotnet build ./certify/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
+        dotnet build Certify.Core.Tests.Unit.csproj -c Debug -f net9.0 --property WarningLevel=0 /clp:ErrorsOnly
       working-directory: ./certify/src/Certify.Tests/Certify.Core.Tests.Unit
 
     - name: Run Certify.Core.Tests.Unit Tests

From dadd5747a3fb9eb102403fb2e18c51bb9b57cd51 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 9 Aug 2024 16:12:54 +0800
Subject: [PATCH 223/237] Port changes from latest release

---
 .../CertifyManager/CertifyManager.CertificateRequest.cs    | 1 -
 .../Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs     | 7 ++++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
index 5d566a762..cb3eb504a 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.CertificateRequest.cs
@@ -2,7 +2,6 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
-using System.Diagnostics;
 using System.Globalization;
 using System.IO;
 using System.Linq;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
index ce4be89b3..e6bb6b4cb 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
@@ -726,8 +726,8 @@ public async Task MixedIPBindingChecksRequestConfigUpdateOnly()
         public async Task HttpsIPBindingChecks()
         {
             var bindings = new List<BindingInfo> {
-                new BindingInfo{ Host="test.com", IP="127.0.0.1", Port=80, Protocol="https" },
-                new BindingInfo{ Host="www.test.com", IP="127.0.0.1", Port=80, Protocol="https" },
+                new BindingInfo{ Host="test.com", IP="127.0.0.1", Port=443, Protocol="https" },
+                new BindingInfo{ Host="www.test.com", IP="127.0.0.1", Port=443, Protocol="https" },
             };
             var deployment = new BindingDeploymentManager();
             var testManagedCert = new ManagedCertificate
@@ -764,9 +764,10 @@ public async Task HttpsIPBindingChecks()
             Assert.IsTrue(results[0].Description.Contains("Certificate will be stored in the computer certificate store"), $"Unexpected description: '{results[0].Description}'");
             Assert.AreEqual("Certificate Storage", results[0].Title);
 
+            // because the existing binding uses an IP address with non-SNI the resulting update should also use the IP address and no SNI.
             Assert.IsFalse(results[1].HasError, "This call to StoreAndDeploy() should not have an error adding binding while deploying certificate");
             Assert.AreEqual("Deployment.UpdateBinding", results[1].Category);
-            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:80:test.com Non-SNI**"), $"Unexpected description: '{results[1].Description}'");
+            Assert.IsTrue(results[1].Description.Contains("Update https binding |  | **127.0.0.1:443:test.com Non-SNI**"), $"Unexpected description: '{results[1].Description}'");
             Assert.AreEqual("Install Certificate For Binding", results[1].Title);
         }
 

From 0287256a2df9220e7ca8fc60ae9c915b052c1221 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Fri, 9 Aug 2024 17:05:28 +0800
Subject: [PATCH 224/237] Cleanup

---
 src/Certify.Core/Management/BindingDeploymentManager.cs     | 6 ++----
 .../Management/CertifyManager/CertifyManager.cs             | 1 -
 src/Certify.Providers/ACME/Anvil/LoggingHandler.cs          | 2 +-
 .../Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs      | 4 ++--
 .../Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs          | 3 +--
 5 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/Certify.Core/Management/BindingDeploymentManager.cs b/src/Certify.Core/Management/BindingDeploymentManager.cs
index 96593849c..8a7f92ec0 100644
--- a/src/Certify.Core/Management/BindingDeploymentManager.cs
+++ b/src/Certify.Core/Management/BindingDeploymentManager.cs
@@ -1,13 +1,11 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Certify.Management;
 using Certify.Models;
 using Certify.Models.Providers;
-using Microsoft.Web.Administration;
 
 namespace Certify.Core.Management
 {
@@ -348,7 +346,7 @@ private async Task<List<ActionStep>> DeployToAllTargetBindings(IBindingDeploymen
                                 {
                                     sslPort = int.Parse(requestConfig.BindingPort);
 
-                                    if (sslPort!=443)
+                                    if (sslPort != 443)
                                     {
                                         var step = new ActionStep(category, "Binding Port", $"A non-standard http port has been requested ({sslPort}) .");
                                         bindingExplanationSteps.Add(step);
@@ -408,7 +406,7 @@ private async Task<List<ActionStep>> DeployToAllTargetBindings(IBindingDeploymen
                                );
 
                                 stepActions.First().Substeps = bindingExplanationSteps;
-                                
+
                                 actions.AddRange(stepActions);
                             }
                             else
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
index f61c1ff7f..01da9df20 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.cs
@@ -13,7 +13,6 @@
 using Certify.Providers;
 using Microsoft.Extensions.Logging;
 using Serilog;
-using Serilog.Core;
 
 namespace Certify.Management
 {
diff --git a/src/Certify.Providers/ACME/Anvil/LoggingHandler.cs b/src/Certify.Providers/ACME/Anvil/LoggingHandler.cs
index ff7ad26a0..e75bf1465 100644
--- a/src/Certify.Providers/ACME/Anvil/LoggingHandler.cs
+++ b/src/Certify.Providers/ACME/Anvil/LoggingHandler.cs
@@ -66,7 +66,7 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                     if (response?.Content != null)
                     {
                         try
-                        {  
+                        {
                             _log.Debug("Content: {content}", await response.Content.ReadAsStringAsync());
                         }
                         catch
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
index e6bb6b4cb..21a3c4207 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/BindingMatchTests.cs
@@ -1240,7 +1240,7 @@ public async Task TestIPSpecific_ExistingHttpsBinding()
                     SubjectAlternativeNames = new string[] { "ipspecific.test.com", "ipspecific2.test.com", "nonipspecific.test.com", "nonipspecific2.test.com", "nonipspecific3.test.com" },
                     PerformAutomatedCertBinding = true,
                     DeploymentSiteOption = DeploymentOption.SingleSite,
-                    
+
                     DeploymentBindingBlankHostname = true,
                     BindingIPAddress = "127.0.0.1",
                     BindingPort = "443",
@@ -1261,7 +1261,7 @@ public async Task TestIPSpecific_ExistingHttpsBinding()
 
             var results = await deployment.StoreAndDeploy(mockTarget, testManagedCert, "test.pfx", pfxPwd: "", true, Certify.Management.CertificateManager.WEBHOSTING_STORE_NAME);
 
-            Assert.AreEqual(6, results.Count(r=>r.ObjectResult is BindingInfo));
+            Assert.AreEqual(6, results.Count(r => r.ObjectResult is BindingInfo));
 
             // existing IP specific https binding should be preserved
             var bindingInfo = results.Last(r => (r.ObjectResult as BindingInfo)?.Host == "ipspecific.test.com")?.ObjectResult as BindingInfo;
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs
index f413c10d1..7cec545f7 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Tests/MiscAcmeTests.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Net;
+using System.Net;
 using System.Net.Http;
 using System.Text;
 using System.Threading;

From 0b3acfc42d925f9adb5d0b679e38237e058ce194 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 12 Aug 2024 12:40:20 +0800
Subject: [PATCH 225/237] Update dev build props

---
 Directory.Build.props | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index b47498fba..5a4901c12 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,10 +1,10 @@
 <Project>
   <PropertyGroup>
-    <Version>6.1.0</Version>
-    <AssemblyVersion>6.1.0</AssemblyVersion>
+    <Version>7.0.0</Version>
+    <AssemblyVersion>7.0.0</AssemblyVersion>
     <Authors>Webprofusion Pty Ltd</Authors>
     <Company>Webprofusion Pty Ltd</Company>
-    <Product>Certify The Web - Certify Certificate Manager</Product>
+    <Product>Certify Certificate Manager - Community Edition [dev version via github]</Product>
     <PackageProjectUrl>https://certifytheweb.com</PackageProjectUrl>
     <RepositoryUrl>https://github.com/webprofusion/certify</RepositoryUrl>
     <Deterministic>false</Deterministic>

From 97d751e0d939454b3e8f21816cc999d67927d480 Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 12 Aug 2024 15:28:34 +0800
Subject: [PATCH 226/237] Package updates

---
 src/Certify.Service/App.config                                | 4 ++--
 src/Certify.Service/Certify.Service.csproj                    | 4 ++--
 .../Certify.UI.Tests.Integration.csproj                       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 69a44a551..61ccedc5d 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.39.0.0" newVersion="1.39.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.42.0.0" newVersion="1.42.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
@@ -34,7 +34,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.61.0.0" newVersion="4.61.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.63.0.0" newVersion="4.63.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 537b23b2b..dc85a3e3e 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -37,7 +37,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.62.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.63.0" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
@@ -55,7 +55,7 @@
         <PackageReference Include="System.ValueTuple" Version="4.5.0" />
         <PackageReference Include="Topshelf" Version="4.3.0" />
         <PackageReference Include="Topshelf.Serilog" Version="4.3.0" />
-        <PackageReference Include="System.Security.Permissions" Version="7.0.0" />
+        <PackageReference Include="System.Security.Permissions" Version="8.0.0" />
         
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 0c0b361b4..b25b95ee9 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -58,8 +58,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.1" />
   </ItemGroup>
 
   <ItemGroup>

From da58b0f4f9ea54181faf1479dc19a9b09820e32e Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Mon, 12 Aug 2024 14:10:32 +0800
Subject: [PATCH 227/237] Cleanup rebase from release branch

---
 src/Certify.Client/CertifyServiceClient.cs    |  2 +-
 .../CertifyManager.Maintenance.cs             | 23 -------------------
 .../Config/CertRequestConfig.cs               |  2 --
 src/Certify.Models/Util/EnvironmentUtil.cs    |  3 +++
 .../Management/CertificateManager.cs          |  3 ---
 .../AppViewModel.ManagedCerticates.cs         |  1 +
 6 files changed, 5 insertions(+), 29 deletions(-)

diff --git a/src/Certify.Client/CertifyServiceClient.cs b/src/Certify.Client/CertifyServiceClient.cs
index d09128a3e..2f743fc06 100644
--- a/src/Certify.Client/CertifyServiceClient.cs
+++ b/src/Certify.Client/CertifyServiceClient.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.IO;
 using System.Threading.Tasks;
 using Certify.Models;
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
index df01cbdef..0dfb52078 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Maintenance.cs
@@ -15,29 +15,6 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
-        /// <summary>
-        /// Upgrade/migrate settings from previous version if applicable
-        /// </summary>
-        /// <returns></returns>
-        private async Task UpgradeSettings()
-        {
-            var systemVersion = Util.GetAppVersion().ToString();
-            var previousVersion = CoreAppSettings.Current.CurrentServiceVersion;
-
-            if (CoreAppSettings.Current.CurrentServiceVersion != systemVersion)
-            {
-                _tc?.TrackEvent("ServiceUpgrade", new Dictionary<string, string> {
-                    { "previousVersion", previousVersion },
-                    { "currentVersion", systemVersion }
-                });
-
-                // service has been updated, run any required migrations
-                await PerformServiceUpgrades();
-
-                CoreAppSettings.Current.CurrentServiceVersion = systemVersion;
-                SettingsManager.SaveAppSettings();
-            }
-        }
 
         /// <summary>
         /// Upgrade/migrate settings from previous version if applicable
diff --git a/src/Certify.Models/Config/CertRequestConfig.cs b/src/Certify.Models/Config/CertRequestConfig.cs
index 8492dc4cc..d57cb32c4 100644
--- a/src/Certify.Models/Config/CertRequestConfig.cs
+++ b/src/Certify.Models/Config/CertRequestConfig.cs
@@ -343,8 +343,6 @@ internal List<string> GetCertificateDomains()
 
         private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
 
-        private static JsonSerializerOptions _defaultJsonSerializerOptions = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
-
         public List<CertIdentifierItem> GetCertificateIdentifiers()
         {
             var identifiers = new List<CertIdentifierItem>();
diff --git a/src/Certify.Models/Util/EnvironmentUtil.cs b/src/Certify.Models/Util/EnvironmentUtil.cs
index c3d0cd38e..7051f35bb 100644
--- a/src/Certify.Models/Util/EnvironmentUtil.cs
+++ b/src/Certify.Models/Util/EnvironmentUtil.cs
@@ -1,6 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Runtime.InteropServices;
+using System.Security.AccessControl;
+using System.Security.Principal;
 
 namespace Certify.Models
 {
diff --git a/src/Certify.Shared/Management/CertificateManager.cs b/src/Certify.Shared/Management/CertificateManager.cs
index 85eb83bc0..13bcc8b3c 100644
--- a/src/Certify.Shared/Management/CertificateManager.cs
+++ b/src/Certify.Shared/Management/CertificateManager.cs
@@ -752,9 +752,6 @@ private static string GetWindowsPrivateKeyLocation(string keyFileName)
             // if EC/CNG key may be under /keys
             machineKeyPath = Path.Combine(new string[] { appDataPath, "Microsoft", "Crypto", "Keys" });
 
-            // if EC/CNG key may be under /keys
-            machineKeyPath = Path.Combine(new string[] { appDataPath, "Microsoft", "Crypto", "Keys" });
-
             fileList = Directory.GetFiles(machineKeyPath, keyFileName);
 
             if (fileList.Any())
diff --git a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
index 3206829e9..49d7f8f38 100644
--- a/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
+++ b/src/Certify.UI.Shared/ViewModel/AppViewModel/AppViewModel.ManagedCerticates.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Linq;

From 65ae8d466267eb920cd500580ca36894d79c8e3c Mon Sep 17 00:00:00 2001
From: webprofusion-chrisc <christopher.cook@webprofusion.com>
Date: Wed, 14 Aug 2024 17:20:59 +0800
Subject: [PATCH 228/237] Package updates

---
 .../Certify.Aspire.ServiceDefaults.csproj              |  2 +-
 src/Certify.Client/Certify.Client.csproj               |  4 ++--
 .../CertifyManager.ManagedCertificates.cs              |  2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj        |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                  |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj             |  8 ++++----
 .../Certify.Server.Api.Public.csproj                   |  4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj     | 10 +++++-----
 .../Certify.Core.Tests.Integration.csproj              |  4 ++--
 .../Certify.Core.Tests.Unit.csproj                     |  4 ++--
 .../Certify.Service.Tests.Integration.csproj           |  4 ++--
 .../Certify.UI.Tests.Integration.csproj                |  4 ++--
 12 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 32cfa7b8e..a7ad86324 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.7.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.8.0" />
     <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.1.0" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 60c695454..34aec9361 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,8 +16,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.8" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 9bcea4a6d..29b00a230 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index b94ee00d3..d6b4f3f8d 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.400.2" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.401.3" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 8e9b1ccc8..6a92aed39 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.41.0" />
+    <PackageReference Include="Azure.Core" Version="1.42.0" />
     <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 6d93da5aa..fb115bf15 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,11 +10,11 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.8" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index cae528e5b..baf2fdd13 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,9 +18,9 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
     </ItemGroup>
     <ItemGroup>
         <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 95563355f..675278e40 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.8" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index abb2a5fa4..8060d469b 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -76,8 +76,8 @@
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index e00341169..bb751ef66 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -108,8 +108,8 @@
         <PackageReference Include="Moq" Version="4.20.70" />
         <PackageReference Include="NETStandard.Library" Version="2.0.3" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
         <PackageReference Include="Polly" Version="8.4.1" />
         <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
         <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index aef71dfbb..a5311fdb9 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -62,8 +62,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index b25b95ee9..85790061e 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -58,8 +58,8 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.1" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.1" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
   </ItemGroup>
 
   <ItemGroup>

From 2746e2f6f729daf0ec83c6132e7c1af0aa17ffb8 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Sun, 18 Aug 2024 17:50:07 +0800
Subject: [PATCH 229/237] Package updates

---
 src/Certify.Models/Certify.Models.csproj                        | 2 +-
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 src/Certify.SourceGenerators/Certify.SourceGenerators.csproj    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 290f326d6..05e1f34cc 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -22,7 +22,7 @@
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
 		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.11.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index d6b4f3f8d..c6801c731 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.401.3" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.401.4" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index ae7640c78..b3ef958b5 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -5,7 +5,7 @@
         <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
     </PropertyGroup>
     <ItemGroup>
-        <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" PrivateAssets="all" />
+        <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.11.0" PrivateAssets="all" />
         <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.4" PrivateAssets="all" />
     </ItemGroup>
 

From e96f126eec37476d5bf811a15b20fafeb1dc70b9 Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Mon, 19 Aug 2024 12:43:30 +0800
Subject: [PATCH 230/237] Package updates

---
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj                 | 2 +-
 .../Certify.Server.Api.Public/Certify.Server.Api.Public.csproj  | 2 +-
 .../Certify.Server.Core/Certify.Server.Core.csproj              | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index c6801c731..a06ddd1df 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.401.4" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.401.5" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index baf2fdd13..3abe8bc83 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -20,7 +20,7 @@
     <ItemGroup>
         <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.1" />
     </ItemGroup>
     <ItemGroup>
         <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 675278e40..8f40f3bbc 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -13,7 +13,7 @@
         <PackageReference Include="Polly" Version="8.4.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.0" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.1" />
         <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.8" />
         <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.8" />
         <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.8" />

From 83aadc8c705e912709be651fbf87b2734224752c Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sun, 1 Sep 2024 10:48:38 +0200
Subject: [PATCH 231/237] Improved locking performance on .NET 9.0+

---
 src/Certify.Core/Certify.Core.csproj                         | 2 +-
 .../Management/CertifyManager/CertifyManager.Account.cs      | 5 +++--
 .../Management/CertifyManager/CertifyManager.DataStores.cs   | 3 ++-
 src/Certify.Core/Management/Servers/ServerProviderIIS.cs     | 3 ++-
 src/Certify.Core/Management/SettingsManager.cs               | 5 +++--
 src/Certify.Shared/Certify.Shared.Core.csproj                | 5 +++++
 src/Certify.Shared/Utils/HttpChallengeServer.cs              | 4 ++--
 7 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 36d40e890..9c212a87c 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -3,7 +3,7 @@
         <TargetFrameworks>net462;net9.0</TargetFrameworks>
         <Configurations>Debug;Release;</Configurations>
         <Platforms>AnyCPU</Platforms>
-        <LangVersion>latest</LangVersion>
+        <LangVersion>preview</LangVersion>
     </PropertyGroup>
     <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index a0baf0e06..272d4f3ce 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -1,7 +1,8 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Config;
@@ -14,7 +15,7 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
-        private static object _accountsLock = new object();
+        private static readonly Lock _accountsLock = new();
         private List<AccountDetails> _accounts;
 
         /// <summary>
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
index c9fc8044c..222636c72 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Config;
@@ -11,7 +12,7 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
-        private object _dataStoreLocker = new object();
+        private readonly Lock _dataStoreLocker = new();
 
         private async Task<IManagedItemStore> GetManagedItemStoreProvider(DataStoreConnection dataStore)
         {
diff --git a/src/Certify.Core/Management/Servers/ServerProviderIIS.cs b/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
index b7c45a993..2e17c6014 100644
--- a/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
+++ b/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
@@ -3,6 +3,7 @@
 using System.Globalization;
 using System.Linq;
 using System.Runtime.InteropServices;
+using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Providers;
@@ -23,7 +24,7 @@ public class ServerProviderIIS : ITargetWebServer
         /// <summary>
         /// We use a lock on any method that uses CommitChanges, to avoid writing changes at the same time
         /// </summary>
-        private static readonly object _iisAPILock = new object();
+        private static readonly Lock _iisAPILock = new();
 
         private ILog _log;
 
diff --git a/src/Certify.Core/Management/SettingsManager.cs b/src/Certify.Core/Management/SettingsManager.cs
index 3425fadb2..d73cfb4f7 100644
--- a/src/Certify.Core/Management/SettingsManager.cs
+++ b/src/Certify.Core/Management/SettingsManager.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Threading;
 using Certify.Models;
 
 namespace Certify.Management
@@ -8,7 +9,7 @@ namespace Certify.Management
     public sealed class CoreAppSettings
     {
         private static volatile CoreAppSettings instance;
-        private static object syncRoot = new object();
+        private static readonly Lock syncRoot = new();
 
         private CoreAppSettings()
         {
@@ -188,7 +189,7 @@ public static CoreAppSettings Current
     public class SettingsManager
     {
         private const string COREAPPSETTINGSFILE = "appsettings.json";
-        private static Object settingsLocker = new Object();
+        private static readonly Lock settingsLocker = new();
 
         public static bool FromPreferences(Models.Preferences prefs)
         {
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index ad5121fa6..63b129189 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -3,6 +3,7 @@
     <PropertyGroup>
         <TargetFrameworks>netstandard2.0;net9.0;</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
+        <LangVersion>preview</LangVersion>
     </PropertyGroup>
     <ItemGroup>
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
@@ -38,4 +39,8 @@
       </None>
     </ItemGroup>
 
+    <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net9.0'))">
+        <PackageReference Include="Backport.System.Threading.Lock" Version="1.1.6" />
+    </ItemGroup>
+
 </Project>
diff --git a/src/Certify.Shared/Utils/HttpChallengeServer.cs b/src/Certify.Shared/Utils/HttpChallengeServer.cs
index cecdf3c95..976c54ed4 100644
--- a/src/Certify.Shared/Utils/HttpChallengeServer.cs
+++ b/src/Certify.Shared/Utils/HttpChallengeServer.cs
@@ -51,8 +51,8 @@ public class HttpChallengeServer
         private int _autoCloseSeconds = 60;
         private string _baseUri = "";
         private Timer _autoCloseTimer;
-        private readonly object _challengeServerStartLock = new object();
-        private readonly object _challengeServerStopLock = new object();
+        private readonly Lock _challengeServerStartLock = new();
+        private readonly Lock _challengeServerStopLock = new();
 
         /// <summary>
         /// If true, challenge server has been started or a start has been attempted

From 56706597fa14d22c4445ae80a8e4eb1f3fef2cfe Mon Sep 17 00:00:00 2001
From: Christopher Cook <christopher.cook@webprofusion.com>
Date: Wed, 4 Sep 2024 12:04:35 +0800
Subject: [PATCH 232/237] Package updates

Package updates

Package updates

Package updates

Package updates
---
 .../Certify.Aspire.AppHost.csproj                      |  2 +-
 .../Certify.Aspire.ServiceDefaults.csproj              |  4 ++--
 src/Certify.Client/Certify.Client.csproj               |  6 +++---
 .../CertifyManager.ManagedCertificates.cs              |  2 +-
 src/Certify.Models/Certify.Models.csproj               |  4 ++--
 .../DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj        |  2 +-
 .../DNS/Azure/Plugin.DNS.Azure.csproj                  |  2 +-
 .../Certify.Server.Api.Public.Tests.csproj             | 10 +++++-----
 .../Certify.Server.Api.Public.csproj                   |  4 ++--
 .../Certify.Server.Core/Certify.Server.Core.csproj     | 10 +++++-----
 src/Certify.Service/App.config                         |  4 ++--
 src/Certify.Service/Certify.Service.csproj             |  4 ++--
 .../Certify.Shared.Extensions.csproj                   |  2 +-
 .../Certify.SourceGenerators.csproj                    |  2 +-
 .../Certify.Core.Tests.Integration.csproj              |  8 ++++----
 .../Certify.Core.Tests.Unit.csproj                     | 10 +++++-----
 .../Certify.Service.Tests.Integration.csproj           |  8 ++++----
 .../Certify.UI.Tests.Integration.csproj                |  8 ++++----
 18 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
index f4b1d96e4..2eb5f1c9d 100644
--- a/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.AppHost/Certify.Aspire.AppHost.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.1.0" />
+    <PackageReference Include="Aspire.Hosting.AppHost" Version="8.2.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
index 32cfa7b8e..6e74a002b 100644
--- a/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
+++ b/src/Certify.Aspire/Certify.Aspire.ServiceDefaults/Certify.Aspire.ServiceDefaults.csproj
@@ -11,8 +11,8 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
 
-    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.7.0" />
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="8.8.0" />
+    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="8.2.0" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
diff --git a/src/Certify.Client/Certify.Client.csproj b/src/Certify.Client/Certify.Client.csproj
index 60c695454..45d311d69 100644
--- a/src/Certify.Client/Certify.Client.csproj
+++ b/src/Certify.Client/Certify.Client.csproj
@@ -16,9 +16,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.8" />
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
index 9bcea4a6d..29b00a230 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index 290f326d6..da5b812ee 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -21,8 +21,8 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
-		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.10.0">
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.2" />
+		<PackageReference Include="Microsoft.Net.Compilers.Toolset" Version="4.11.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
diff --git a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
index b94ee00d3..9556efb0b 100644
--- a/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
+++ b/src/Certify.Providers/DNS/AWSRoute53/Plugin.DNS.AWSRoute53.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.400.2" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.402.2" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
index 8e9b1ccc8..6a92aed39 100644
--- a/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
+++ b/src/Certify.Providers/DNS/Azure/Plugin.DNS.Azure.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.41.0" />
+    <PackageReference Include="Azure.Core" Version="1.42.0" />
     <PackageReference Include="Azure.Identity" Version="1.12.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.1.1" />
     <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
diff --git a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
index 6d93da5aa..4bf8339a7 100644
--- a/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public.Tests/Certify.Server.Api.Public.Tests.csproj
@@ -10,11 +10,11 @@
 
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.7" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="8.0.8" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
index cae528e5b..cb6283502 100644
--- a/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
+++ b/src/Certify.Server/Certify.Server.Api.Public/Certify.Server.Api.Public.csproj
@@ -18,9 +18,9 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.3" />
     </ItemGroup>
     <ItemGroup>
         <ProjectReference Include="..\..\..\..\certify\src\Certify.SourceGenerators\Certify.SourceGenerators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
diff --git a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
index 95563355f..4def1ce34 100644
--- a/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
+++ b/src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Certify.Server.Core.csproj
@@ -11,12 +11,12 @@
         <PackageReference Include="Microsoft.AspNet.SignalR.Client" Version="2.4.3" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Polly" Version="8.4.1" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.7" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.8" />
         <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
-        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.7" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.7.3" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.8" />
+        <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.MessagePack" Version="8.0.8" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Service/App.config b/src/Certify.Service/App.config
index 69a44a551..e7c7e79b2 100644
--- a/src/Certify.Service/App.config
+++ b/src/Certify.Service/App.config
@@ -14,7 +14,7 @@
       <!-- Azure resource manager references an old version of Azure Core but other azure libraries reference 1.32.0.0-->
       <dependentAssembly>
         <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.39.0.0" newVersion="1.39.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.42.0.0" newVersion="1.42.0.0"/>
       </dependentAssembly>
 
       <!-- Azure Core references an old version of System.Diagnostics.DiagnosticSource via  Azure.Identity > Azure.Core.Pipeline.DiagnosticScopeFactory 1.32.0.0-->
@@ -34,7 +34,7 @@
       <!-- Azure.Identity manager references 4.49.1 and Microsoft.Data.SqlClient references 4.47.2 -->
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.61.0.0" newVersion="4.61.0.0"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.64.0.0" newVersion="4.64.0.0"/>
       </dependentAssembly>
 
     </assemblyBinding>
diff --git a/src/Certify.Service/Certify.Service.csproj b/src/Certify.Service/Certify.Service.csproj
index 537b23b2b..a2555e579 100644
--- a/src/Certify.Service/Certify.Service.csproj
+++ b/src/Certify.Service/Certify.Service.csproj
@@ -37,7 +37,7 @@
         <PackageReference Include="Microsoft.AspNet.WebApi.Cors" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.Owin" Version="5.3.0" />
         <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.3.0" />
-        <PackageReference Include="Microsoft.Identity.Client" Version="4.62.0" />
+        <PackageReference Include="Microsoft.Identity.Client" Version="4.64.0" />
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Owin" Version="4.2.2" />
         <PackageReference Include="Microsoft.Owin.Cors" Version="4.2.2" />
@@ -55,7 +55,7 @@
         <PackageReference Include="System.ValueTuple" Version="4.5.0" />
         <PackageReference Include="Topshelf" Version="4.3.0" />
         <PackageReference Include="Topshelf.Serilog" Version="4.3.0" />
-        <PackageReference Include="System.Security.Permissions" Version="7.0.0" />
+        <PackageReference Include="System.Security.Permissions" Version="8.0.0" />
         
     </ItemGroup>
     <ItemGroup>
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index a67cf4149..f55b256c6 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -23,7 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="SimpleImpersonation" Version="4.2.0" />
-        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.4" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
+        <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.5" Condition="'$(TargetFramework)' != 'netstandard2.0'" />
         <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.1.0" Condition="'$(TargetFramework)' == 'netstandard2.0'" />
     </ItemGroup>
 
diff --git a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
index ae7640c78..b3ef958b5 100644
--- a/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
+++ b/src/Certify.SourceGenerators/Certify.SourceGenerators.csproj
@@ -5,7 +5,7 @@
         <EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
     </PropertyGroup>
     <ItemGroup>
-        <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" PrivateAssets="all" />
+        <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.11.0" PrivateAssets="all" />
         <PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.4" PrivateAssets="all" />
     </ItemGroup>
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
index abb2a5fa4..92edb8c64 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Integration/Certify.Core.Tests.Integration.csproj
@@ -71,13 +71,13 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
     <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
     <PackageReference Include="Microsoft.Win32.Primitives" Version="4.3.0" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
-    <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="Moq" Version="4.20.71" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
     <PackageReference Include="Polly" Version="8.4.1" />
 
diff --git a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
index e00341169..41e3db49b 100644
--- a/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
+++ b/src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj
@@ -105,17 +105,17 @@
         </PackageReference>
         <PackageReference Include="MedallionShell" Version="1.6.2" />
         <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
-        <PackageReference Include="Moq" Version="4.20.70" />
+        <PackageReference Include="Moq" Version="4.20.71" />
         <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-        <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-        <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
+        <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+        <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
         <PackageReference Include="Polly" Version="8.4.1" />
         <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
         <PackageReference Include="System.Security.Cryptography.Cng" Version="5.0.0" />
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
         <PackageReference Include="System.Text.Json" Version="8.0.4" />
-        <PackageReference Include="Testcontainers" Version="3.9.0" />
+        <PackageReference Include="Testcontainers" Version="3.10.0" />
     </ItemGroup>
     <ItemGroup>
         <Reference Include="System.Configuration" />
diff --git a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
index aef71dfbb..2c33df410 100644
--- a/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.Service.Tests.Integration/Certify.Service.Tests.Integration.csproj
@@ -59,11 +59,11 @@
     <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.70" />
+    <PackageReference Include="Moq" Version="4.20.71" />
     <PackageReference Include="NETStandard.Library" Version="2.0.3" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
     <PackageReference Include="Polly" Version="8.4.1" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="8.0.1" />
   </ItemGroup>
diff --git a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
index 0c0b361b4..1a1ee27f9 100644
--- a/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
+++ b/src/Certify.Tests/Certify.UI.Tests.Integration/Certify.UI.Tests.Integration.csproj
@@ -55,11 +55,11 @@
     <ProjectReference Include="..\..\Certify.UI.Shared\Certify.UI.Shared.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Moq" Version="4.20.70" />
+    <PackageReference Include="Moq" Version="4.20.71" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.5.0" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.5.2" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.5.2" />
   </ItemGroup>
 
   <ItemGroup>

From f74aa730ceed290a1ccae4901b4d1399f1c35637 Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sat, 7 Sep 2024 14:11:37 +0200
Subject: [PATCH 233/237] Hardening against thread aborts.

---
 .../CertifyManager/CertifyManager.Account.cs          |  2 +-
 .../CertifyManager/CertifyManager.DataStores.cs       |  3 +--
 .../Management/Servers/ServerProviderIIS.cs           |  3 +--
 src/Certify.Core/Management/SettingsManager.cs        |  5 ++---
 src/Certify.Locales/Certify.Locales.csproj            |  3 +++
 src/Certify.Models/Certify.Models.csproj              |  1 -
 src/Certify.Shared/Certify.Shared.Core.csproj         |  8 ++------
 src/Certify.Shared/Utils/HttpChallengeServer.cs       |  4 ++--
 src/Certify.UI.sln                                    |  1 +
 src/Directory.Build.props                             | 11 +++++++++++
 10 files changed, 24 insertions(+), 17 deletions(-)
 create mode 100644 src/Directory.Build.props

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index 272d4f3ce..306cbe576 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -15,7 +15,7 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
-        private static readonly Lock _accountsLock = new();
+        private static readonly Lock _accountsLock = LockFactory.Create();
         private List<AccountDetails> _accounts;
 
         /// <summary>
diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
index 222636c72..0358b0d04 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.DataStores.cs
@@ -1,7 +1,6 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
-using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Config;
@@ -12,7 +11,7 @@ namespace Certify.Management
 {
     public partial class CertifyManager
     {
-        private readonly Lock _dataStoreLocker = new();
+        private readonly Lock _dataStoreLocker = LockFactory.Create();
 
         private async Task<IManagedItemStore> GetManagedItemStoreProvider(DataStoreConnection dataStore)
         {
diff --git a/src/Certify.Core/Management/Servers/ServerProviderIIS.cs b/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
index 2e17c6014..204bbadef 100644
--- a/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
+++ b/src/Certify.Core/Management/Servers/ServerProviderIIS.cs
@@ -3,7 +3,6 @@
 using System.Globalization;
 using System.Linq;
 using System.Runtime.InteropServices;
-using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Providers;
@@ -24,7 +23,7 @@ public class ServerProviderIIS : ITargetWebServer
         /// <summary>
         /// We use a lock on any method that uses CommitChanges, to avoid writing changes at the same time
         /// </summary>
-        private static readonly Lock _iisAPILock = new();
+        private static readonly Lock _iisAPILock = LockFactory.Create();
 
         private ILog _log;
 
diff --git a/src/Certify.Core/Management/SettingsManager.cs b/src/Certify.Core/Management/SettingsManager.cs
index d73cfb4f7..7f3dfab99 100644
--- a/src/Certify.Core/Management/SettingsManager.cs
+++ b/src/Certify.Core/Management/SettingsManager.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.Threading;
 using Certify.Models;
 
 namespace Certify.Management
@@ -9,7 +8,7 @@ namespace Certify.Management
     public sealed class CoreAppSettings
     {
         private static volatile CoreAppSettings instance;
-        private static readonly Lock syncRoot = new();
+        private static readonly Lock syncRoot = LockFactory.Create();
 
         private CoreAppSettings()
         {
@@ -189,7 +188,7 @@ public static CoreAppSettings Current
     public class SettingsManager
     {
         private const string COREAPPSETTINGSFILE = "appsettings.json";
-        private static readonly Lock settingsLocker = new();
+        private static readonly Lock settingsLocker = LockFactory.Create();
 
         public static bool FromPreferences(Models.Preferences prefs)
         {
diff --git a/src/Certify.Locales/Certify.Locales.csproj b/src/Certify.Locales/Certify.Locales.csproj
index 9acc6809c..eee60e946 100644
--- a/src/Certify.Locales/Certify.Locales.csproj
+++ b/src/Certify.Locales/Certify.Locales.csproj
@@ -11,6 +11,9 @@
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
         <PlatformTarget>AnyCPU</PlatformTarget>
     </PropertyGroup>
+    <ItemGroup>
+      <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.0" />
+    </ItemGroup>
     <ItemGroup>
         <Compile Update="Properties\Resources.Designer.cs">
             <DesignTime>True</DesignTime>
diff --git a/src/Certify.Models/Certify.Models.csproj b/src/Certify.Models/Certify.Models.csproj
index da5b812ee..e01636a2c 100644
--- a/src/Certify.Models/Certify.Models.csproj
+++ b/src/Certify.Models/Certify.Models.csproj
@@ -3,7 +3,6 @@
 		<TargetFrameworks>netstandard2.0;net462;net9.0</TargetFrameworks>
 		<RootNamespace>Certify</RootNamespace>
 		<Platforms>AnyCPU</Platforms>
-		<LangVersion>10.0</LangVersion>
 		<Nullable>enable</Nullable>
 		<GeneratePackageOnBuild>False</GeneratePackageOnBuild>
 		<Description>Certify Certificate Manager API Models</Description>
diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 63b129189..988b65e77 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -1,11 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>netstandard2.0;net9.0;</TargetFrameworks>
+        <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
-        <LangVersion>preview</LangVersion>
     </PropertyGroup>
     <ItemGroup>
+        <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.0" />
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
         <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
         <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
@@ -39,8 +39,4 @@
       </None>
     </ItemGroup>
 
-    <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net9.0'))">
-        <PackageReference Include="Backport.System.Threading.Lock" Version="1.1.6" />
-    </ItemGroup>
-
 </Project>
diff --git a/src/Certify.Shared/Utils/HttpChallengeServer.cs b/src/Certify.Shared/Utils/HttpChallengeServer.cs
index 976c54ed4..8f3bb0a76 100644
--- a/src/Certify.Shared/Utils/HttpChallengeServer.cs
+++ b/src/Certify.Shared/Utils/HttpChallengeServer.cs
@@ -51,8 +51,8 @@ public class HttpChallengeServer
         private int _autoCloseSeconds = 60;
         private string _baseUri = "";
         private Timer _autoCloseTimer;
-        private readonly Lock _challengeServerStartLock = new();
-        private readonly Lock _challengeServerStopLock = new();
+        private readonly Lock _challengeServerStartLock = LockFactory.Create();
+        private readonly Lock _challengeServerStopLock = LockFactory.Create();
 
         /// <summary>
         /// If true, challenge server has been started or a start has been attempted
diff --git a/src/Certify.UI.sln b/src/Certify.UI.sln
index e202963f1..e312b4c08 100644
--- a/src/Certify.UI.sln
+++ b/src/Certify.UI.sln
@@ -17,6 +17,7 @@ EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{12876723-F648-4E76-9242-110F5635A4B1}"
 	ProjectSection(SolutionItems) = preProject
 		.editorconfig = .editorconfig
+		Directory.Build.props = Directory.Build.props
 	EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Shared", "Shared", "{9A70DEC0-70C4-42A7-B15A-647EC432E7F7}"
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
new file mode 100644
index 000000000..78d0ac19d
--- /dev/null
+++ b/src/Directory.Build.props
@@ -0,0 +1,11 @@
+<Project>
+  <PropertyGroup>
+    <LangVersion>preview</LangVersion>
+    <SuppressNETCoreSdkPreviewMessage>true</SuppressNETCoreSdkPreviewMessage>
+  </PropertyGroup>
+  <ItemGroup>
+    <Using Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net9.0'))" Alias="Lock" Include="System.Threading.Lock" />
+    <Using Condition="!$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net9.0'))" Alias="Lock" Include="Backport.System.Threading.Lock" />
+    <Using Alias="LockFactory" Include="Backport.System.Threading.LockFactory" />
+  </ItemGroup>
+</Project>

From dcd8cc412a85a697098a80cda34b6bb0f7f847f5 Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sat, 7 Sep 2024 14:13:27 +0200
Subject: [PATCH 234/237] Removed unnecessary LangVersion

---
 src/Certify.Core/Certify.Core.csproj                           | 1 -
 src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/Certify.Core/Certify.Core.csproj b/src/Certify.Core/Certify.Core.csproj
index 9c212a87c..21b639062 100644
--- a/src/Certify.Core/Certify.Core.csproj
+++ b/src/Certify.Core/Certify.Core.csproj
@@ -3,7 +3,6 @@
         <TargetFrameworks>net462;net9.0</TargetFrameworks>
         <Configurations>Debug;Release;</Configurations>
         <Platforms>AnyCPU</Platforms>
-        <LangVersion>preview</LangVersion>
     </PropertyGroup>
     <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 
diff --git a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
index f55b256c6..25396eb9f 100644
--- a/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
+++ b/src/Certify.Shared.Extensions/Certify.Shared.Extensions.csproj
@@ -3,7 +3,6 @@
     <PropertyGroup>
         <TargetFrameworks>netstandard2.0;net9.0</TargetFrameworks>
         <Platforms>AnyCPU</Platforms>
-        <LangVersion>latest</LangVersion>
     </PropertyGroup>
 
     <ItemGroup>

From ff3cccc8c2989269e8c9b0ac7b21cd13c6846017 Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sat, 7 Sep 2024 14:14:11 +0200
Subject: [PATCH 235/237] Removed unnecessary using

---
 .../Management/CertifyManager/CertifyManager.Account.cs          | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
index 306cbe576..9db9874a8 100644
--- a/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
+++ b/src/Certify.Core/Management/CertifyManager/CertifyManager.Account.cs
@@ -2,7 +2,6 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
-using System.Threading;
 using System.Threading.Tasks;
 using Certify.Models;
 using Certify.Models.Config;

From b42546b0b7405e3a8842c7f8a97cf3511a554059 Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sat, 21 Sep 2024 19:38:47 +0200
Subject: [PATCH 236/237] Update Certify.Locales.csproj

---
 src/Certify.Locales/Certify.Locales.csproj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Certify.Locales/Certify.Locales.csproj b/src/Certify.Locales/Certify.Locales.csproj
index eee60e946..23d2cac9b 100644
--- a/src/Certify.Locales/Certify.Locales.csproj
+++ b/src/Certify.Locales/Certify.Locales.csproj
@@ -12,7 +12,7 @@
         <PlatformTarget>AnyCPU</PlatformTarget>
     </PropertyGroup>
     <ItemGroup>
-      <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.0" />
+      <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.3" />
     </ItemGroup>
     <ItemGroup>
         <Compile Update="Properties\Resources.Designer.cs">
@@ -81,4 +81,4 @@
             <DependentUpon>SR.resx</DependentUpon>
         </EmbeddedResource>
     </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>

From 13ce84aff16e2342c39a5a2c4e9bcb361623e8d6 Mon Sep 17 00:00:00 2001
From: Mark Cilia Vincenti <markciliavincenti@gmail.com>
Date: Sat, 21 Sep 2024 19:39:03 +0200
Subject: [PATCH 237/237] Update Certify.Shared.Core.csproj

---
 src/Certify.Shared/Certify.Shared.Core.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Certify.Shared/Certify.Shared.Core.csproj b/src/Certify.Shared/Certify.Shared.Core.csproj
index 988b65e77..dbfc87e30 100644
--- a/src/Certify.Shared/Certify.Shared.Core.csproj
+++ b/src/Certify.Shared/Certify.Shared.Core.csproj
@@ -5,7 +5,7 @@
         <Platforms>AnyCPU</Platforms>
     </PropertyGroup>
     <ItemGroup>
-        <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.0" />
+        <PackageReference Include="Backport.System.Threading.Lock" Version="2.0.3" />
         <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
         <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
         <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />