From b4edafdae738f9f2f37f536b8cee5033fd220363 Mon Sep 17 00:00:00 2001
From: shibayan <me@shibayan.jp>
Date: Mon, 29 Apr 2019 18:57:05 +0900
Subject: [PATCH] Fixed an issue where intermediate certificates were not
 included

---
 .../AzureKeyVault.LetsEncrypt.csproj          |  2 +-
 .../Internal/X509Certificate2Extension.cs     | 20 +++++++++++++++++++
 AzureKeyVault.LetsEncrypt/SharedFunctions.cs  |  8 +++++---
 3 files changed, 26 insertions(+), 4 deletions(-)
 create mode 100644 AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs

diff --git a/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj b/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj
index 232d5d4c..1ce622e9 100644
--- a/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj
+++ b/AzureKeyVault.LetsEncrypt/AzureKeyVault.LetsEncrypt.csproj
@@ -10,7 +10,7 @@
     <PackageReference Include="Microsoft.Azure.Management.Dns" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.0.3" />
     <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="1.8.0" />
-    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.26" />
+    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.27" />
   </ItemGroup>
   <ItemGroup>
     <None Update="host.json">
diff --git a/AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs b/AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs
new file mode 100644
index 00000000..faa7d42d
--- /dev/null
+++ b/AzureKeyVault.LetsEncrypt/Internal/X509Certificate2Extension.cs
@@ -0,0 +1,20 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+
+namespace AzureKeyVault.LetsEncrypt.Internal
+{
+    internal static class X509Certificate2Extension
+    {
+        private static ReadOnlySpan<byte> Separator => new byte[] { 0x0A, 0x0A };
+
+        public static void ImportFromPem(this X509Certificate2Collection collection, byte[] rawData)
+        {
+            var rawDataSpan = rawData.AsSpan();
+
+            var separator = rawDataSpan.IndexOf(Separator);
+
+            collection.Add(new X509Certificate2(rawDataSpan.Slice(0, separator).ToArray()));
+            collection.Add(new X509Certificate2(rawDataSpan.Slice(separator + 2).ToArray()));
+        }
+    }
+}
\ No newline at end of file
diff --git a/AzureKeyVault.LetsEncrypt/SharedFunctions.cs b/AzureKeyVault.LetsEncrypt/SharedFunctions.cs
index e0ca16a6..72ad996e 100644
--- a/AzureKeyVault.LetsEncrypt/SharedFunctions.cs
+++ b/AzureKeyVault.LetsEncrypt/SharedFunctions.cs
@@ -299,10 +299,12 @@ public static async Task FinalizeOrder([ActivityTrigger] DurableActivityContext
 
             var certificateData = await _httpClient.GetByteArrayAsync(finalize.Payload.Certificate);
 
-            // X509Certificate2 を作成
-            var certificate = new X509Certificate2(certificateData);
+            // X509Certificate2Collection を作成
+            var x509Certificates = new X509Certificate2Collection();
 
-            await keyVaultClient.MergeCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, new X509Certificate2Collection(certificate));
+            x509Certificates.ImportFromPem(certificateData);
+
+            await keyVaultClient.MergeCertificateAsync(Settings.Default.VaultBaseUrl, certificateName, x509Certificates);
         }
 
         private static async Task<AcmeProtocolClient> CreateAcmeClientAsync()