public async Task TestRequestAndInstallDnsCertificate()
{
var config = new AppSettingsAuthConfig();
var client = ArmHelper.GetWebSiteManagementClient(config);
var kuduClient = KuduHelper.GetKuduClient(client, config);
var body = new DnsAzureInstallModel()
{
AzureWebAppEnvironment = new AzureWebAppEnvironment(config.Tenant, config.SubscriptionId, config.ClientId, config.ClientSecret, config.ResourceGroupName, config.WebAppName),
AcmeConfig = new AcmeConfig()
{
Host = "letsencrypt.ai4bots.com",
PFXPassword = "******",
RegistrationEmail = "*****@*****.**",
RSAKeyLength = 2048
},
RelativeRecordSetName = "letsencrypt",
ZoneName = "ai4bots.com",
ResourceGroupName = "dns",
SubscriptionId = new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"),
CertificateSettings = new CertificateServiceSettings()
};
var res = await kuduClient.HttpClient.PostAsync(
"https://webappcfmv5fy7lcq7o.scm.azurewebsites.net/letsencrypt/api/certificates/challengeprovider/dns/azure/certificateinstall/azurewebapp?api-version=2017-09-01",
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json"));
await ValidateResponse(body.AcmeConfig, res);
}
public KuduFileSystemAuthorizationChallengeProvider(IAzureWebAppEnvironment azureEnvironment, IAuthorizationChallengeProviderConfig config)
{
this.config = config;
var website = ArmHelper.GetWebSiteManagementClient(azureEnvironment);
this.kuduClient = KuduHelper.GetKuduClient(website, azureEnvironment);
}
public async Task TestRequestAndInstallCertificate()
{
var config = new AppSettingsAuthConfig();
var client = ArmHelper.GetWebSiteManagementClient(config);
var kuduClient = KuduHelper.GetKuduClient(client, config);
var body = new HttpKuduInstallModel()
{
AzureEnvironment = new AzureWebAppEnvironment(config.Tenant, config.SubscriptionId, config.ClientId, config.ClientSecret, config.ResourceGroupName, config.WebAppName),
AcmeConfig = new AcmeConfig()
{
Host = "letsencrypt.sjkp.dk",
PFXPassword = "******",
RegistrationEmail = "*****@*****.**",
RSAKeyLength = 2048
},
AuthorizationChallengeProviderConfig = new AuthorizationChallengeProviderConfig(),
CertificateSettings = new CertificateServiceSettings()
};
var res = await kuduClient.HttpClient.PostAsync(
"https://webappcfmv5fy7lcq7o.scm.azurewebsites.net/letsencrypt/api/certificates/challengeprovider/http/kudu/certificateinstall/azurewebapp?api-version=2017-09-01",
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json"));
await ValidateResponse(body.AcmeConfig, res);
}
private async Task EnsureVirtualDirectorySetup()
{
if (virtualDirectorySetup)
{
Trace.TraceInformation("/.well-known already configured, skipping");
return;
}
using (var client = await ArmHelper.GetWebSiteManagementClient(this.azureEnvironment))
{
var siteConfig = client.WebApps.GetSiteConfigurationOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);
if (!IsVirtualDirectorySetup(siteConfig))
{
var app = siteConfig.VirtualApplications.First();
if (app.VirtualDirectories == null)
{
app.VirtualDirectories = new List <VirtualDirectory>();
}
app.VirtualDirectories.Add(new VirtualDirectory()
{
PhysicalPath = wellKnownPhysicalPath,
VirtualPath = "/.well-known",
});
client.WebApps.UpdateSiteConfigurationOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName, siteConfig);
}
virtualDirectorySetup = true;
}
}
public override async Task PersistsChallenge(DnsChallenge dnsChallenge)
{
List <TxtRecord> records = new List <TxtRecord>()
{
new TxtRecord()
{
Value = new[] { dnsChallenge.RecordValue }
}
};
var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
if ((await dnsClient.RecordSets.ListByTypeAsync(environment.ResourceGroupName, environment.ZoneName, RecordType.TXT)).Any())
{
var existingRecords = await SafeGetExistingRecords(dnsChallenge);
if (existingRecords != null)
{
if (existingRecords.TxtRecords.Any(s => s.Value.Contains(dnsChallenge.RecordValue)))
{
records = existingRecords.TxtRecords.ToList();
}
else
{
records.AddRange(existingRecords.TxtRecords);
}
}
}
await dnsClient.RecordSets.CreateOrUpdateAsync(this.environment.ResourceGroupName, this.environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT, new RecordSet()
{
TxtRecords = records,
TTL = 60
});
}
public ActionResult Hostname(string id)
{
var settings = new AppSettingsAuthConfig();
var model = new HostnameModel();
List <ValidationResult> validationResult = null;
if (settings.IsValid(out validationResult))
{
var client = ArmHelper.GetWebSiteManagementClient(settings);
var site = client.Sites.GetSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName);
model.HostNames = site.HostNames;
model.HostNameSslStates = site.HostNameSslStates;
model.Certificates = client.Certificates.GetCertificates(settings.ServicePlanResourceGroupName).Value;
model.InstalledCertificateThumbprint = id;
if (model.HostNames.Count == 1)
{
model.ErrorMessage = "No custom host names registered. At least one custom domain name must be registed for the web site to request a letsencrypt certificate.";
}
}
else
{
var errorMessage = string.Join(" ,", validationResult.Select(s => s.ErrorMessage));
model.ErrorMessage = $"Application settings was invalid, please wait a little and try to reload page if you just updated appsettings. Validation errors: {errorMessage}";
}
return(View(model));
}
public async Task TestRequestDnsCertificate()
{
var config = new AppSettingsAuthConfig();
var client = await ArmHelper.GetWebSiteManagementClient(config);
var kuduClient = KuduHelper.GetKuduClient(client, config);
var body = new DnsAzureModel()
{
AzureDnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "@"),
AcmeConfig = new AcmeConfig()
{
Host = "ai4bots.com",
PFXPassword = "******",
RegistrationEmail = "*****@*****.**",
RSAKeyLength = 2048
}
};
var res = await kuduClient.HttpClient.PostAsync(
"https://webappcfmv5fy7lcq7o.scm.azurewebsites.net/letsencrypt/api/certificates/challengeprovider/dns/azure?api-version=2017-09-01",
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json"));
await ValidateResponse(body.AcmeConfig, res);
}
internal static async Task <bool> DeployAciInstance(string templateFileName, string subscriptionId, string resourceGroupName, string aciName, string jobName)
{
try
{
if (await ShouldDeleteExistingInstance(templateFileName, subscriptionId, resourceGroupName, aciName))
{
await DeleteAciInstance(subscriptionId, resourceGroupName, aciName);
}
var rgName = resourceGroupName;
var deploymentName = jobName;
var templateFileContents = File.ReadAllText(templateFileName);
log.LogInformation($"Starting a deployment for ACI '{aciName}' for job: {deploymentName}");
bool success = await ArmHelper.SubmitDeployment(subscriptionId, rgName, templateFileContents, "{}", deploymentName);
log.LogInformation($"Completed ACI deployment: {deploymentName}. Waiting for identity assignment completion....");
//Introduce a delay to see if that will help with what seems to be an issue with a timely managed identity assignment
Thread.Sleep(10000);
log.LogInformation("Completed ACI deployment");
return(success);
}
catch (Exception ex)
{
log.LogError($"Unable to deploy ACI instance: {ex.Message}");
return(false);
}
}
public static async Task <IReadOnlyList <string> > GetLetsEncryptHostNames(IAzureWebAppEnvironment webAppEnvironment, bool staging)
{
Site site;
using (var client = await ArmHelper.GetWebSiteManagementClient(webAppEnvironment))
{
Trace.TraceInformation(
"Getting Web App '{0}' (slot '{1}') from resource group '{2}'",
webAppEnvironment.WebAppName,
webAppEnvironment.SiteSlotName,
webAppEnvironment.ResourceGroupName);
site = client.WebApps.GetSiteOrSlot(webAppEnvironment.ResourceGroupName, webAppEnvironment.WebAppName, webAppEnvironment.SiteSlotName);
}
using (var httpClient = await ArmHelper.GetHttpClient(webAppEnvironment))
{
var certRequestUri = $"/subscriptions/{webAppEnvironment.SubscriptionId}/providers/Microsoft.Web/certificates?api-version=2016-03-01";
Trace.TraceInformation("GET {0}", certRequestUri);
var response = await ArmHelper.ExponentialBackoff().ExecuteAsync(async() => await httpClient.GetAsync(certRequestUri));
Trace.TraceInformation("Reading ARM certificate query response");
var body = await response.EnsureSuccessStatusCode().Content.ReadAsStringAsync();
var letsEncryptCerts = ExtractCertificates(body).Where(s => s.Issuer.Contains(staging ? "Fake LE" : "Let's Encrypt"));
var leCertThumbprints = new HashSet <string>(letsEncryptCerts.Select(c => c.Thumbprint));
return(site.HostNameSslStates.Where(ssl => leCertThumbprints.Contains(ssl.Thumbprint)).Select(ssl => ssl.Name).ToArray());
}
}
public ActionResult Index(AuthenticationModel model)
{
if (ModelState.IsValid)
{
try
{
using (var client = ArmHelper.GetWebSiteManagementClient(model))
{
//Update web config.
var site = client.Sites.GetSite(model.ResourceGroupName, model.WebAppName);
var webappsettings = client.Sites.ListSiteAppSettings(model.ResourceGroupName, model.WebAppName);
if (model.UpdateAppSettings)
{
var newAppSettingsValues = new Dictionary <string, string> {
{ AppSettingsAuthConfig.clientIdKey, model.ClientId.ToString() },
{ AppSettingsAuthConfig.clientSecretKey, model.ClientSecret.ToString() },
{ AppSettingsAuthConfig.subscriptionIdKey, model.SubscriptionId.ToString() },
{ AppSettingsAuthConfig.tenantKey, model.Tenant },
{ AppSettingsAuthConfig.resourceGroupNameKey, model.ResourceGroupName },
{ AppSettingsAuthConfig.servicePlanResourceGroupNameKey, model.ServicePlanResourceGroupName }
};
foreach (var appsetting in newAppSettingsValues)
{
if (!webappsettings.Properties.ContainsKey(appsetting.Key))
{
webappsettings.Properties.Add(appsetting.Key, appsetting.Value);
}
else
{
webappsettings.Properties[appsetting.Key] = appsetting.Value;
}
}
client.Sites.UpdateSiteAppSettings(model.ResourceGroupName, model.WebAppName, webappsettings);
}
else
{
var appSetting = new AppSettingsAuthConfig();
if (!ValidateModelVsAppSettings("ClientId", model.ClientId.ToString(), appSetting.ClientId.ToString()) ||
!ValidateModelVsAppSettings("ClientSecret", appSetting.ClientSecret, model.ClientSecret) ||
!ValidateModelVsAppSettings("ResourceGroupName", appSetting.ResourceGroupName, model.ResourceGroupName) ||
!ValidateModelVsAppSettings("SubScriptionId", appSetting.SubscriptionId.ToString(), model.SubscriptionId.ToString()) ||
!ValidateModelVsAppSettings("Tenant", appSetting.Tenant, model.Tenant) ||
!ValidateModelVsAppSettings("ServicePlanResourceGroupName", appSetting.ServicePlanResourceGroupName, model.ServicePlanResourceGroupName))
{
model.ErrorMessage = "One or more app settings are different from the values entered, do you want to update the app settings?";
return(View(model));
}
}
}
return(RedirectToAction("Hostname"));
}
catch (Exception ex)
{
Trace.TraceError(ex.ToString());
model.ErrorMessage = ex.ToString();
}
}
return(View(model));
}
public void Install(ICertificateInstallModel model)
{
var cert = model.CertificateInfo;
using (var webSiteClient = ArmHelper.GetWebSiteManagementClient(azureEnvironment))
{
var s = webSiteClient.WebApps.GetSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);
Trace.TraceInformation(String.Format("Installing certificate {0} on azure with server farm id {1}", cert.Name, s.ServerFarmId));
var newCert = new Certificate()
{
PfxBlob = cert.PfxCertificate,
Password = cert.Password,
Location = s.Location,
ServerFarmId = s.ServerFarmId,
Name = model.Host + "-" + cert.Certificate.Thumbprint
};
//BUG https://github.com/sjkp/letsencrypt-siteextension/issues/99
//using this will not install the certificate with the correct webSpace property set,
//and the app service will be unable to find the certificate if the app service plan has been moved between resource groups.
//webSiteClient.Certificates.CreateOrUpdate(azureEnvironment.ServicePlanResourceGroupName, cert.Certificate.Subject.Replace("CN=", ""), newCert);
var client = ArmHelper.GetHttpClient(azureEnvironment);
var body = JsonConvert.SerializeObject(newCert, JsonHelper.DefaultSerializationSettings);
var t = client.PutAsync($"/subscriptions/{azureEnvironment.SubscriptionId}/resourceGroups/{azureEnvironment.ServicePlanResourceGroupName}/providers/Microsoft.Web/certificates/{newCert.Name}?api-version=2016-03-01", new StringContent(body, Encoding.UTF8, "application/json")).Result;
t.EnsureSuccessStatusCode();
foreach (var dnsName in model.AllDnsIdentifiers)
{
var sslState = s.HostNameSslStates.FirstOrDefault(g => g.Name == dnsName);
if (sslState == null)
{
sslState = new HostNameSslState()
{
Name = model.Host,
SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled,
};
s.HostNameSslStates.Add(sslState);
}
else
{
//First time setting the HostNameSslState it is set to disabled.
sslState.SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled;
}
sslState.ToUpdate = true;
sslState.Thumbprint = cert.Certificate.Thumbprint;
}
webSiteClient.WebApps.BeginCreateOrUpdateSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName, s);
}
}
public override async Task CleanupChallenge(DnsChallenge dnsChallenge)
{
var existingRecords = await SafeGetExistingRecords(dnsChallenge);
var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
await dnsClient.RecordSets.DeleteAsync(this.environment.ResourceGroupName, this.environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT);
}
private static async Task <Aci.Arm.Deployment> GetAciInstanceData(string subscriptionId, string resourceGroupName, string aciName)
{
var resp = await ArmHelper.GetAciDeploymentDetails(subscriptionId, resourceGroupName, aciName);
var aciResult = JsonSerializer.Deserialize <Aci.Arm.Deployment>(JsonSerializer.Serialize(resp));
return(aciResult);
}
public async Task <bool> IsVirtualDirectorySetup()
{
using (var client = await ArmHelper.GetWebSiteManagementClient(this.azureEnvironment))
{
var siteConfig = client.WebApps.GetSiteConfigurationOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);
return(IsVirtualDirectorySetup(siteConfig));
}
}
public async Task RetryTest()
{
var client = HttpClientFactory.Create(new HttpClientHandler(), new TimeoutHandler());
var retry = ArmHelper.ExponentialBackoff();
var resp = await retry.ExecuteAsync(async() =>
{
return(await client.PostAsJsonAsync("https://en8zkq5hogjyi.x.pipedream.net", new { text = "hello" }));
});
}
/// <summary>
/// Used for automatic installation of letsencrypt certificate
/// </summary>
public void AddCertificate()
{
Trace.TraceInformation("Staring add certificate");
using (var client = ArmHelper.GetWebSiteManagementClient(settings))
{
Trace.TraceInformation($"Add certificate for acmeConfig hostname {string.Join(", ", acmeConfig.Hostnames)}");
if (acmeConfig.Hostnames.Any())
{
RequestAndInstallInternal(this.acmeConfig);
}
}
}
public async Task <List <AcmeConfig> > RenewCertificate(bool skipInstallCertificate = false, int renewXNumberOfDaysBeforeExpiration = 0)
{
Trace.TraceInformation("Checking certificate");
var ss = SettingsStore.Instance.Load();
using (var client = ArmHelper.GetWebSiteManagementClient(settings))
using (var httpClient = ArmHelper.GetHttpClient(settings))
{
//Cant just get certificates by resource group, because sites that have been moved, have their certs sitting in the old RG.
//Also cant use client.Certificates.List() due to bug in the nuget
var response = await httpClient.GetAsync($"/subscriptions/{settings.SubscriptionId}/providers/Microsoft.Web/certificates?api-version=2016-03-01");
response.EnsureSuccessStatusCode();
var body = await response.Content.ReadAsStringAsync();
IEnumerable <Certificate> certs = JsonConvert.DeserializeObject <Certificate[]>(body, JsonHelper.DefaultSerializationSettings);
var expiringCerts = certs.Where(s => s.ExpirationDate < DateTime.UtcNow.AddDays(renewXNumberOfDaysBeforeExpiration) && (s.Issuer.Contains("Let's Encrypt") || s.Issuer.Contains("Fake LE")));
if (expiringCerts.Count() == 0)
{
Trace.TraceInformation(string.Format("No certificates installed issued by Let's Encrypt that are about to expire within the next {0} days. Skipping.", renewXNumberOfDaysBeforeExpiration));
}
var res = new List <AcmeConfig>();
foreach (var toExpireCert in expiringCerts)
{
Trace.TraceInformation("Starting renew of certificate " + toExpireCert.Name + " expiration date " + toExpireCert.ExpirationDate);
var site = client.WebApps.Get(settings.ResourceGroupName, settings.WebAppName);
var sslStates = site.HostNameSslStates.Where(s => s.Thumbprint == toExpireCert.Thumbprint);
if (!sslStates.Any())
{
Trace.TraceInformation(String.Format("Certificate {0} was not assigned any hostname, skipping update", toExpireCert.Thumbprint));
continue;
}
var target = new AcmeConfig()
{
RegistrationEmail = this.acmeConfig.RegistrationEmail ?? ss.FirstOrDefault(s => s.Name == "email").Value,
Host = sslStates.First().Name,
BaseUri = this.acmeConfig.BaseUri ?? ss.FirstOrDefault(s => s.Name == "baseUri").Value,
AlternateNames = sslStates.Skip(1).Select(s => s.Name).ToList(),
PFXPassword = this.acmeConfig.PFXPassword,
RSAKeyLength = this.acmeConfig.RSAKeyLength
};
if (!skipInstallCertificate)
{
await RequestAndInstallInternalAsync(target);
}
res.Add(target);
}
return(res);
}
}
public List <string> RemoveExpired(int removeXNumberOfDaysBeforeExpiration = 0)
{
using (var webSiteClient = ArmHelper.GetWebSiteManagementClient(azureEnvironment))
{
var certs = webSiteClient.Certificates.ListByResourceGroup(azureEnvironment.ServicePlanResourceGroupName);
var tobeRemoved = certs.Where(s => s.ExpirationDate < DateTime.UtcNow.AddDays(removeXNumberOfDaysBeforeExpiration) && (s.Issuer.Contains("Let's Encrypt") || s.Issuer.Contains("Fake LE"))).ToList();
tobeRemoved.ForEach(s => RemoveCertificate(webSiteClient, s));
return(tobeRemoved.Select(s => s.Thumbprint).ToList());
}
}
internal static async Task <bool> DeleteContainerApp(CommandLineArgs cmdLine)
{
if (await ArmHelper.DeleteResource(cmdLine.ContainerAppArgs.SubscriptionId, cmdLine.ContainerAppArgs.ResourceGroup, $"sbm{cmdLine.JobName}"))
{
log.LogInformation($"Successfully deleted ContainerApp: sbm{cmdLine.JobName}");
return(true);
}
else
{
log.LogError($"Unable to delete ContainerApp: sbm{cmdLine.JobName}");
return(false);
}
}
private void SetViewBagHostnames()
{
var settings = new AppSettingsAuthConfig();
var client = ArmHelper.GetWebSiteManagementClient(settings);
var site = client.Sites.GetSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName);
var model = new HostnameModel();
ViewBag.HostNames = site.HostNames.Where(s => !s.EndsWith(settings.AzureWebSitesDefaultDomainName)).Select(s => new SelectListItem()
{
Text = s,
Value = s
});
}
public IEnumerable <Target> RenewCertificate(bool debug = false)
{
Trace.TraceInformation("Checking certificate");
var settings = new AppSettingsAuthConfig();
var ss = SettingsStore.Instance.Load();
using (var client = ArmHelper.GetWebSiteManagementClient(settings))
{
var certs = client.Certificates.GetCertificates(settings.ServicePlanResourceGroupName).Value;
var expiringCerts = certs.Where(s => s.ExpirationDate < DateTime.UtcNow.AddDays(settings.RenewXNumberOfDaysBeforeExpiration) && (s.Issuer.Contains("Let's Encrypt") || s.Issuer.Contains("Fake LE")));
if (expiringCerts.Count() == 0)
{
Trace.TraceInformation(string.Format("No certificates installed issued by Let's Encrypt that are about to expire within the next {0} days. Skipping.", settings.RenewXNumberOfDaysBeforeExpiration));
}
foreach (var toExpireCert in expiringCerts)
{
Trace.TraceInformation("Starting renew of certificate " + toExpireCert.Name + " expiration date " + toExpireCert.ExpirationDate);
var site = client.Sites.GetSite(settings.ResourceGroupName, settings.WebAppName);
var sslStates = site.HostNameSslStates.Where(s => s.Thumbprint == toExpireCert.Thumbprint);
if (!sslStates.Any())
{
Trace.TraceInformation(String.Format("Certificate {0} was not assigned any hostname, skipping update", toExpireCert.Thumbprint));
continue;
}
var target = new Target()
{
WebAppName = settings.WebAppName,
Tenant = settings.Tenant,
SubscriptionId = settings.SubscriptionId,
ClientId = settings.ClientId,
ClientSecret = settings.ClientSecret,
ResourceGroupName = settings.ResourceGroupName,
Email = settings.Email ?? ss.FirstOrDefault(s => s.Name == "email").Value,
Host = sslStates.First().Name,
BaseUri = settings.BaseUri ?? ss.FirstOrDefault(s => s.Name == "baseUri").Value,
ServicePlanResourceGroupName = settings.ServicePlanResourceGroupName,
AlternativeNames = sslStates.Skip(1).Select(s => s.Name).ToList(),
UseIPBasedSSL = settings.UseIPBasedSSL,
SiteSlotName = settings.SiteSlotName
};
if (!debug)
{
RequestAndInstallInternal(target);
}
yield return(target);
}
}
}
public async Task <List <string> > RemoveExpired(int removeXNumberOfDaysBeforeExpiration = 0)
{
using (var webSiteClient = await ArmHelper.GetWebSiteManagementClient(azureEnvironment))
{
var certs = webSiteClient.Certificates.ListByResourceGroup(azureEnvironment.ServicePlanResourceGroupName);
var site = webSiteClient.WebApps.GetSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);
var tobeRemoved = certs.Where(s => s.ExpirationDate < DateTime.UtcNow.AddDays(removeXNumberOfDaysBeforeExpiration) && (s.Issuer.Contains("Let's Encrypt") || s.Issuer.Contains("Fake LE")) && !site.HostNameSslStates.Any(hostNameBindings => hostNameBindings.Thumbprint == s.Thumbprint)).ToList();
foreach (var cert in tobeRemoved)
{
await RemoveCertificate(webSiteClient, cert);
}
return(tobeRemoved.Select(s => s.Thumbprint).ToList());
}
}
public async Task TestRenewCertificate()
{
var config = new AppSettingsAuthConfig();
var client = ArmHelper.GetWebSiteManagementClient(config);
var kuduClient = KuduHelper.GetKuduClient(client, config);
var res = await kuduClient.HttpClient.PostAsync("https://webappcfmv5fy7lcq7o-vnext.scm.azurewebsites.net/letsencrypt/api/certificates/renew?api-version=2017-09-01", new StringContent(""));
Assert.AreEqual(System.Net.HttpStatusCode.OK, res.StatusCode);
var model = JsonConvert.DeserializeObject <CertificateInstallModel[]>(await res.Content.ReadAsStringAsync());
Assert.AreEqual(1, model.Count());
File.WriteAllBytes(Path.GetFileName(model.First().CertificateInfo.Name), model.First().CertificateInfo.PfxCertificate);
}
internal static async Task <bool> DeleteAciInstance(string subscriptionId, string resourceGroupName, string aciName)
{
try
{
log.LogInformation("Removing any pre-existing ACI deployment");
var success = await ArmHelper.DeleteResource(subscriptionId, resourceGroupName, aciName);
log.LogInformation("Pre-existing ACI deployment removed");
return(success);
}
catch (Exception exe)
{
log.LogError($"Unable to remove existing ACI instance: {exe.Message}");
return(false);
}
}
private async Task <RecordSet> SafeGetExistingRecords(DnsChallenge dnsChallenge)
{
try
{
var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
return(await dnsClient.RecordSets.GetAsync(environment.ResourceGroupName, environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT));
}
catch (CloudException cex)
{
if (!cex.Message.StartsWith("The resource record '_acme-challenge"))
{
throw;
}
}
return(null);
}
/// <summary>
/// Used for automatic installation of hostnames bindings and certificate
/// upon first installation on the site extension and if hostnames are specified in app settings
/// </summary>
public void SetupHostnameAndCertificate()
{
Trace.TraceInformation("Setup hostname and certificates");
var settings = new AppSettingsAuthConfig();
using (var client = ArmHelper.GetWebSiteManagementClient(settings))
{
var s = client.Sites.GetSite(settings.ResourceGroupName, settings.WebAppName);
foreach (var hostname in settings.Hostnames)
{
if (s.HostNames.Any(existingHostname => string.Equals(existingHostname, hostname, StringComparison.InvariantCultureIgnoreCase)))
{
Trace.TraceInformation("Hostname already configured skipping installation");
continue;
}
Trace.TraceInformation("Setting up hostname and lets encrypt certificate for " + hostname);
client.Sites.CreateOrUpdateSiteOrSlotHostNameBinding(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName, hostname, new HostNameBinding()
{
CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
HostNameType = HostNameType.Verified,
SiteName = settings.WebAppName,
Location = s.Location
});
}
if (settings.Hostnames.Any())
{
RequestAndInstallInternal(new Target()
{
BaseUri = settings.BaseUri,
ClientId = settings.ClientId,
ClientSecret = settings.ClientSecret,
Email = settings.Email,
Host = settings.Hostnames.First(),
ResourceGroupName = settings.ResourceGroupName,
SubscriptionId = settings.SubscriptionId,
Tenant = settings.Tenant,
WebAppName = settings.WebAppName,
ServicePlanResourceGroupName = settings.ServicePlanResourceGroupName,
AlternativeNames = settings.Hostnames.Skip(1).ToList(),
SiteSlotName = settings.SiteSlotName,
UseIPBasedSSL = settings.UseIPBasedSSL
});
}
}
}
public ActionResult Hostname(string id)
{
var settings = new AppSettingsAuthConfig();
var client = ArmHelper.GetWebSiteManagementClient(settings);
var site = client.Sites.GetSite(settings.ResourceGroupName, settings.WebAppName);
var model = new HostnameModel();
model.HostNames = site.HostNames;
model.HostNameSslStates = site.HostNameSslStates;
model.Certificates = client.Certificates.GetCertificates(settings.ServicePlanResourceGroupName).Value;
model.InstalledCertificateThumbprint = id;
if (model.HostNames.Count == 1)
{
model.ErrorMessage = "No custom host names registered. At least one custom domain name must be registed for the web site to request a letsencrypt certificate.";
}
return(View(model));
}
public async Task <ActionResult> AddHostname()
{
var settings = new AppSettingsAuthConfig();
using (var client = await ArmHelper.GetWebSiteManagementClient(settings))
{
var s = client.WebApps.GetSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName);
foreach (var hostname in settings.Hostnames)
{
client.WebApps.CreateOrUpdateSiteOrSlotHostNameBinding(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName, hostname, new HostNameBinding
{
CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
HostNameType = HostNameType.Verified,
SiteName = settings.WebAppName,
});
}
}
return(View());
}
public ActionResult AddHostname()
{
var settings = new AppSettingsAuthConfig();
using (var client = ArmHelper.GetWebSiteManagementClient(settings))
{
var s = client.Sites.GetSite(settings.ResourceGroupName, settings.WebAppName);
foreach (var hostname in settings.Hostnames)
{
client.Sites.CreateOrUpdateSiteHostNameBinding(settings.ResourceGroupName, settings.WebAppName, hostname, new Microsoft.Azure.Management.WebSites.Models.HostNameBinding()
{
CustomHostNameDnsRecordType = Microsoft.Azure.Management.WebSites.Models.CustomHostNameDnsRecordType.CName,
HostNameType = Microsoft.Azure.Management.WebSites.Models.HostNameType.Verified,
SiteName = settings.WebAppName,
Location = s.Location
});
}
}
return(View());
}
public async Task GetPublishingCredentials()
{
var model = new AppSettingsAuthConfig();
var helper = ArmHelper.GetWebSiteManagementClient(model);
var kuduClient = KuduHelper.GetKuduClient(helper, model);
//var res = await kuduClient.GetScmInfo();
var dir = await kuduClient.GetFile("site/wwwroot/host.json");
using (var ms = new MemoryStream())
{
var sw = new StreamWriter(ms);
sw.WriteLine("Hell asd asd asd ");
sw.Flush();
await kuduClient.PutFile("site/wwwroot/.well-known/acme-challenge2/test.json", ms);
}
}
