public async Task TestStoreCredentialDictionary()
{
var secrets = new Dictionary <string, string>();
secrets.Add("zoneid", "ABC123");
secrets.Add("secretid", "thereisnosecret");
var test = new StoredCredential
{
ProviderType = "DNS01.API.Route53",
Title = "A test credential",
StorageKey = Guid.NewGuid().ToString(),
Secret = Newtonsoft.Json.JsonConvert.SerializeObject(secrets)
};
var credentialsManager = new CredentialsManager();
credentialsManager.StorageSubfolder = "Tests\\credentials";
var result = await credentialsManager.UpdateCredential(test);
Assert.IsNotNull(result, "Credential stored OK");
var list = await credentialsManager.GetStoredCredentials();
Assert.IsTrue(list.Any(l => l.StorageKey == test.StorageKey), "Credential retrieved");
var secret = await credentialsManager.GetUnlockedCredentialsDictionary(test.StorageKey);
Assert.IsNotNull(secret);
Assert.IsTrue(secret["zoneid"] == "ABC123", "Credential decrypted");
}
public async Task InitTest()
{
var credentialsManager = new CredentialsManager();
_credentials = await credentialsManager.GetUnlockedCredentialsDictionary(_credStorageKey);
_provider = new Providers.DNS.Cloudflare.DnsProviderCloudflare(_credentials);
await _provider.InitProvider();
}
public async Task InitTest()
{
var credentialsManager = new CredentialsManager();
_credentials = await credentialsManager.GetUnlockedCredentialsDictionary(_credStorageKey);
_provider = new Providers.DNS.Azure.DnsProviderAzure(_credentials);
await _provider.InitProvider(new Dictionary <string, string> {
});
}
public async Task TestSftpFileCopy()
{
var credentialsManager = new CredentialsManager
{
StorageSubfolder = "credentials\\test"
};
string destPath = ConfigSettings["TestSSHPath"];
var storedCred = await credentialsManager.GetUnlockedCredentialsDictionary(ConfigSettings["TestCredentialsKey_SSH"]);
// var credentials = new UserCredentials(storedCred["username"], storedCred["password"]);
// create a test temp file
var tmpPath = Path.GetTempFileName();
File.WriteAllText(tmpPath, "This is a test temp file");
var files = new List <FileCopy>
{
new FileCopy {
SourcePath = tmpPath, DestinationPath = destPath + "/testfilecopy.txt"
}
};
var client = new SftpClient(new SshConnectionConfig
{
Host = ConfigSettings["TestSSHHost"],
KeyPassphrase = storedCred["password"],
Port = 22,
Username = storedCred["username"],
PrivateKeyPath = ConfigSettings["TestSSHPrivateKeyPath"]
});
// test file list
var fileList = client.ListFiles(destPath, null);
Assert.IsTrue(fileList.Count > 0);
// test file copy
var copiedOK = client.CopyLocalToRemote(files, null);
Assert.IsTrue(copiedOK);
File.Delete(tmpPath);
}
public async Task TestDeployToKeyVault()
{
var deploymentTasks = new List <DeploymentTask>();
var azureKeyVaultUri = ConfigSettings["Azure_TestKeyVaultUri"];
var inputFile = ConfigSettings["TestLocalPath"] + "\\testcert.pfx";
var tasktypeId = Plugin.DeploymentTasks.Azure.AzureKeyVault.Definition.Id.ToLower();
var config = new DeploymentTaskConfig
{
TaskTypeId = tasktypeId,
TaskName = "A test pfx export task",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("vault_uri", azureKeyVaultUri)
}
};
var credentialsManager = new CredentialsManager();
var credentials = await credentialsManager.GetUnlockedCredentialsDictionary(ConfigSettings["TestCredentialsKey_AzureKeyVault"]);
var provider = DeploymentTaskProviderFactory.Create(tasktypeId, _pluginManager.DeploymentTaskProviders);
var t = new DeploymentTask(provider, config, credentials);
deploymentTasks.Add(t);
// perform preview deployments
var managedCert = GetMockManagedCertificate("DeploymentTest", "123", PrimaryTestDomain, PrimaryIISRoot);
managedCert.CertificatePath = inputFile;
foreach (var task in deploymentTasks)
{
var results = await task.Execute(_log, null, managedCert, CancellationToken.None, new DeploymentContext { }, isPreviewOnly : false);
// assert new valid pfx exists in destination
Assert.IsTrue(results.All(r => r.IsSuccess));
}
}
public async Task TestWindowsNetworkFileCopy()
{
var destPath = ConfigSettings["TestUNCPath"];
var credentialsManager = new CredentialsManager
{
StorageSubfolder = "credentials\\test"
};
var storedCred = await credentialsManager.GetUnlockedCredentialsDictionary(ConfigSettings["TestCredentialsKey_UNC"]);
// create a test temp file
var tmpPath = Path.GetTempFileName();
File.WriteAllText(tmpPath, "This is a test temp file");
var files = new List <FileCopy>
{
new FileCopy {
SourcePath = tmpPath, DestinationPath = destPath + @"\test-copy.txt"
}
};
var credentials = Plugin.DeploymentTasks.Shared.Helpers.GetWindowsCredentials(storedCred);
var client = new WindowsNetworkFileClient(credentials);
// test file list
var fileList = client.ListFiles(destPath);
Assert.IsTrue(fileList.Count > 0);
// test file copy
var results = client.CopyLocalToRemote(_log, files);
File.Delete(tmpPath);
Assert.IsTrue(results.All(s => s.IsSuccess == true));
}
public async Task <DnsChallengeHelperResult> GetDnsProvider(string providerTypeId, string credentialsId, Dictionary <string, string> parameters)
{
var credentialsManager = new CredentialsManager();
var credentials = new Dictionary <string, string>();
IDnsProvider dnsAPIProvider = null;
if (!string.IsNullOrEmpty(credentialsId))
{
// decode credentials string array
try
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(credentialsId);
}
catch (Exception)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Credentials could not be decrypted. The original user must be used for decryption."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
try
{
dnsAPIProvider = await ChallengeProviders.GetDnsProvider(providerTypeId, credentials, parameters);
}
catch (ChallengeProviders.CredentialsRequiredException)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "This DNS Challenge API requires one or more credentials to be specified."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"DNS Challenge API Provider could not be created. Check all required credentials are set and software dependencies installed. {exp.ToString()}"
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
if (dnsAPIProvider == null)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Provider not set or could not load."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = true, Message = "Create Provider Instance"
},
Provider = dnsAPIProvider
});
}
public async Task <DnsChallengeHelperResult> CompleteDNSChallenge(ILog log, ManagedCertificate managedcertificate, string domain, string txtRecordName, string txtRecordValue)
{
// for a given managed site configuration, attempt to complete the required challenge by
// creating the required TXT record
var credentialsManager = new CredentialsManager();
Dictionary <string, string> credentials = new Dictionary <string, string>();
IDnsProvider dnsAPIProvider = null;
var challengeConfig = managedcertificate.GetChallengeConfig(domain);
/*if (String.IsNullOrEmpty(challengeConfig.ZoneId))
* {
* return new ActionResult { IsSuccess = false, Message = "DNS Challenge Zone Id not set. Set the Zone Id to proceed." };
* }*/
if (!String.IsNullOrEmpty(challengeConfig.ChallengeCredentialKey))
{
// decode credentials string array
try
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(challengeConfig.ChallengeCredentialKey);
}
catch (Exception)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Credentials could not be decrypted. The original user must be used for decryption."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
var parameters = new Dictionary <String, string>();
if (challengeConfig.Parameters != null)
{
foreach (var p in challengeConfig.Parameters)
{
parameters.Add(p.Key, p.Value);
}
}
try
{
dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeConfig.ChallengeProvider, credentials, parameters, log);
}
catch (ChallengeProviders.CredentialsRequiredException)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "This DNS Challenge API requires one or more credentials to be specified."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"DNS Challenge API Provider could not be created. Check all required credentials are set. {exp.ToString()}"
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
if (dnsAPIProvider == null)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Provider not set or not recognised. Select an API to proceed."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
string zoneId = null;
if (parameters != null && parameters.ContainsKey("zoneid"))
{
zoneId = parameters["zoneid"]?.Trim();
}
else
{
zoneId = challengeConfig.ZoneId?.Trim();
}
if (dnsAPIProvider != null)
{
//most DNS providers require domains to by ASCII
txtRecordName = _idnMapping.GetAscii(txtRecordName).ToLower();
log.Information($"DNS: Creating TXT Record '{txtRecordName}' with value '{txtRecordValue}', in Zone Id '{zoneId}' using API provider '{dnsAPIProvider.ProviderTitle}'");
try
{
var result = await dnsAPIProvider.CreateRecord(new DnsRecord
{
RecordType = "TXT",
TargetDomainName = domain,
RecordName = txtRecordName,
RecordValue = txtRecordValue,
ZoneId = zoneId
});
result.Message = $"{dnsAPIProvider.ProviderTitle} :: {result.Message}";
return(new DnsChallengeHelperResult
{
Result = result,
PropagationSeconds = dnsAPIProvider.PropagationDelaySeconds,
IsAwaitingUser = challengeConfig.ChallengeProvider.Contains(".Manual")
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"Failed [{dnsAPIProvider.ProviderTitle}]: " + exp.Message
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
//TODO: DNS query to check for new record
/*
* if (result.IsSuccess)
* {
* // do our own txt record query before proceeding with challenge completion
*
* int attempts = 3;
* bool recordCheckedOK = false;
* var networkUtil = new NetworkUtils(false);
*
* while (attempts > 0 && !recordCheckedOK)
* {
* recordCheckedOK = networkUtil.CheckDNSRecordTXT(domain, txtRecordName, txtRecordValue);
* attempts--;
* if (!recordCheckedOK)
* {
* await Task.Delay(1000); // hold on a sec
* }
* }
*
* // wait for provider specific propogation delay
*
* // FIXME: perform validation check in DNS nameservers await
* // Task.Delay(dnsAPIProvider.PropagationDelaySeconds * 1000);
*
* return result;
* }
* else
* {
* return result;
* }
*/
}
else
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "Error: Could not determine DNS API Provider."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
public async Task <DnsChallengeHelperResult> DeleteDNSChallenge(ILog log, ManagedCertificate managedcertificate, string domain, string txtRecordName)
{
// for a given managed site configuration, attempt to delete the TXT record created for
// the challenge
var credentialsManager = new CredentialsManager();
var credentials = new Dictionary <string, string>();
IDnsProvider dnsAPIProvider = null;
var challengeConfig = managedcertificate.GetChallengeConfig(domain);
if (challengeConfig == null || challengeConfig.ChallengeProvider == null)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = true, Message = $"The DNS record {txtRecordName} can now be removed."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
if (challengeConfig.ChallengeProvider.Contains(".Manual"))
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = true, Message = $"The DNS record {txtRecordName} can now be removed."
},
PropagationSeconds = 0,
IsAwaitingUser = true
});
}
if (!String.IsNullOrEmpty(challengeConfig.ChallengeCredentialKey))
{
// decode credentials string array
try
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(challengeConfig.ChallengeCredentialKey);
}
catch (Exception)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Credentials could not be decrypted. The original user must be used for decryption."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
var parameters = new Dictionary <String, string>();
if (challengeConfig.Parameters != null)
{
foreach (var p in challengeConfig.Parameters)
{
parameters.Add(p.Key, p.Value);
}
}
try
{
dnsAPIProvider = await ChallengeProviders.GetDnsProvider(challengeConfig.ChallengeProvider, credentials, parameters);
}
catch (ChallengeProviders.CredentialsRequiredException)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "This DNS Challenge API requires one or more credentials to be specified."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"DNS Challenge API Provider could not be created. Check all required credentials are set. {exp.ToString()}"
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
if (dnsAPIProvider == null)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "DNS Challenge API Provider not set or not recognised. Select an API to proceed."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
string zoneId = null;
if (parameters != null && parameters.ContainsKey("zoneid"))
{
zoneId = parameters["zoneid"]?.Trim();
}
else
{
zoneId = challengeConfig.ZoneId?.Trim();
}
if (dnsAPIProvider != null)
{
//most DNS providers require domains to by ASCII
txtRecordName = _idnMapping.GetAscii(txtRecordName).ToLower();
log.Information($"DNS: Deleting TXT Record '{txtRecordName}', in Zone Id '{zoneId}' using API provider '{dnsAPIProvider.ProviderTitle}'");
try
{
var result = await dnsAPIProvider.DeleteRecord(new DnsRecord
{
RecordType = "TXT",
TargetDomainName = domain,
RecordName = txtRecordName,
ZoneId = zoneId
});
result.Message = $"{dnsAPIProvider.ProviderTitle} :: {result.Message}";
return(new DnsChallengeHelperResult
{
Result = result,
PropagationSeconds = dnsAPIProvider.PropagationDelaySeconds,
IsAwaitingUser = challengeConfig.ChallengeProvider.Contains(".Manual")
});
}
catch (Exception exp)
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = $"Failed [{dnsAPIProvider.ProviderTitle}]: " + exp.Message
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
else
{
return(new DnsChallengeHelperResult
{
Result = new ActionResult {
IsSuccess = false, Message = "Error: Could not determine DNS API Provider."
},
PropagationSeconds = 0,
IsAwaitingUser = false
});
}
}
