public void TestRemove()
{
var config = new AppSettingsAuthConfig();
var service = new WebAppCertificateService(config, new CertificateServiceSettings {
});
service.RemoveExpired(180);
}
public void TestInstall()
{
var config = new AppSettingsAuthConfig();
var service = new WebAppCertificateService(config, new CertificateServiceSettings {
});
var pfx = File.ReadAllBytes("letsencrypt.sjkp.dk-all.pfx");
service.Install(new CertificateInstallModel
{
AllDnsIdentifiers = new List <string>()
{
"letsencrypt.sjkp.dk"
},
Host = "letsencrypt.sjkp.dk",
CertificateInfo = new CertificateInfo()
{
Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfx, "Simon123"),
Name = "letsencrypt.sjkp.dk-all.pfx",
Password = "******",
PfxCertificate = pfx
}
});
}
public async Task TestInstall()
{
Console.WriteLine(typeof(Microsoft.IdentityModel.Clients.ActiveDirectory.AdalOption).AssemblyQualifiedName);
var config = new AppSettingsAuthConfig();
var service = new WebAppCertificateService(config, new CertificateServiceSettings {
});
var pfx = File.ReadAllBytes("letsencrypt.sjkp.dk-all.pfx");
await service.Install(new CertificateInstallModel
{
AllDnsIdentifiers = new List <string>()
{
"letsencrypt.sjkp.dk"
},
Host = "letsencrypt.sjkp.dk",
CertificateInfo = new CertificateInfo()
{
Certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfx, "Simon123"),
Name = "letsencrypt.sjkp.dk-all.pfx",
Password = "******",
PfxCertificate = pfx
}
});
}
private static async Task RenewCore(RenewalParameters renewalParams)
{
Trace.TraceInformation("Generating SSL certificate with parameters: {0}", renewalParams);
Trace.TraceInformation("Generating secure PFX password for '{0}'...", renewalParams.WebApp);
var pfxPassData = new byte[32];
s_randomGenerator.GetBytes(pfxPassData);
Trace.TraceInformation(
"Adding SSL cert for '{0}{1}'...",
renewalParams.WebApp,
renewalParams.GroupName == null ? string.Empty : $"[{renewalParams.GroupName}]");
var certServiceSettings = new CertificateServiceSettings {
UseIPBasedSSL = renewalParams.UseIpBasedSsl
};
var azureWebAppEnvironment = new AzureWebAppEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.ResourceGroup,
renewalParams.WebApp,
renewalParams.ServicePlanResourceGroup,
renewalParams.SiteSlotName)
{
AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName,
AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri),
ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint),
TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService)
};
AzureWebAppEnvironment otherAzureWebAppEnvironment = null;
WebAppCertificateService otherWebAppCertificateService = null;
if (!string.IsNullOrEmpty(renewalParams.OtherWebAppResourceGroup) && !string.IsNullOrEmpty(renewalParams.OtherWebApp))
{
otherAzureWebAppEnvironment = new AzureWebAppEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.OtherWebAppResourceGroup,
renewalParams.OtherWebApp,
renewalParams.ServicePlanResourceGroup,
renewalParams.OtherSlotName)
{
AzureWebSitesDefaultDomainName = renewalParams.AzureDefaultWebsiteDomainName ?? DefaultWebsiteDomainName,
AuthenticationEndpoint = renewalParams.AuthenticationUri ?? new Uri(DefaultAuthenticationUri),
ManagementEndpoint = renewalParams.AzureManagementEndpoint ?? new Uri(DefaultManagementEndpoint),
TokenAudience = renewalParams.AzureTokenAudience ?? new Uri(DefaultAzureTokenAudienceService)
};
otherWebAppCertificateService = new WebAppCertificateService(otherAzureWebAppEnvironment, certServiceSettings);
}
var azureStorageEnvironment = new AzureStorageEnvironment(
renewalParams.TenantId,
renewalParams.SubscriptionId,
renewalParams.ClientId,
renewalParams.ClientSecret,
renewalParams.ResourceGroup,
renewalParams.StorageConnectionString,
renewalParams.StorageContainer);
var webAppCertificateService = new WebAppCertificateService(azureWebAppEnvironment, certServiceSettings);
var manager = new CertificateManager(
azureWebAppEnvironment,
new AcmeConfig
{
Host = renewalParams.Hosts[0],
AlternateNames = renewalParams.Hosts.Skip(1).ToList(),
RegistrationEmail = renewalParams.Email,
RSAKeyLength = renewalParams.RsaKeyLength,
PFXPassword = Convert.ToBase64String(pfxPassData),
BaseUri = (renewalParams.AcmeBaseUri ?? new Uri(DefaultAcmeBaseUri)).ToString()
},
webAppCertificateService,
new AzureStorageFileSystemAuthorizationChallengeProvider(azureStorageEnvironment));
if (renewalParams.RenewXNumberOfDaysBeforeExpiration > 0)
{
await manager.RenewCertificate(false, renewalParams.RenewXNumberOfDaysBeforeExpiration);
}
else
{
var res = await manager.AddCertificate();
webAppCertificateService.RemoveExpired();
otherWebAppCertificateService?.Install(res);
otherWebAppCertificateService?.RemoveExpired();
}
Trace.TraceInformation("SSL cert added successfully to '{0}'", renewalParams.WebApp);
}
