public KuduFileSystemAuthorizationChallengeProvider(IAzureWebAppEnvironment azureEnvironment, IAuthorizationChallengeProviderConfig config) { this.config = config; this.azureEnvironment = azureEnvironment; this.pathProvider = new PathProvider(azureEnvironment); }
public static async Task <IReadOnlyList <string> > GetLetsEncryptHostNames(IAzureWebAppEnvironment webAppEnvironment, bool staging) { Site site; using (var client = await ArmHelper.GetWebSiteManagementClient(webAppEnvironment)) { Trace.TraceInformation( "Getting Web App '{0}' (slot '{1}') from resource group '{2}'", webAppEnvironment.WebAppName, webAppEnvironment.SiteSlotName, webAppEnvironment.ResourceGroupName); site = client.WebApps.GetSiteOrSlot(webAppEnvironment.ResourceGroupName, webAppEnvironment.WebAppName, webAppEnvironment.SiteSlotName); } using (var httpClient = await ArmHelper.GetHttpClient(webAppEnvironment)) { var certRequestUri = $"/subscriptions/{webAppEnvironment.SubscriptionId}/providers/Microsoft.Web/certificates?api-version=2016-03-01"; Trace.TraceInformation("GET {0}", certRequestUri); var response = await ArmHelper.ExponentialBackoff().ExecuteAsync(async() => await httpClient.GetAsync(certRequestUri)); Trace.TraceInformation("Reading ARM certificate query response"); var body = await response.EnsureSuccessStatusCode().Content.ReadAsStringAsync(); var letsEncryptCerts = ExtractCertificates(body).Where(s => s.Issuer.Contains(staging ? "Fake LE" : "Let's Encrypt")); var leCertThumbprints = new HashSet <string>(letsEncryptCerts.Select(c => c.Thumbprint)); return(site.HostNameSslStates.Where(ssl => leCertThumbprints.Contains(ssl.Thumbprint)).Select(ssl => ssl.Name).ToArray()); } }
public CertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, ICertificateService certificateService, IAuthorizationChallengeProvider challengeProvider) { this.settings = settings; this.certificateService = certificateService; this.acmeConfig = acmeConfig; this.challengeProvider = challengeProvider; }
public KuduFileSystemAuthorizationChallengeProvider(IAzureWebAppEnvironment azureEnvironment, IAuthorizationChallengeProviderConfig config) { this.config = config; var website = ArmHelper.GetWebSiteManagementClient(azureEnvironment); this.kuduClient = KuduHelper.GetKuduClient(website, azureEnvironment); }
public static WebSiteManagementClient GetWebSiteManagementClient(IAzureWebAppEnvironment model) { AuthenticationResult token = GetToken(model); var creds = new TokenCredentials(token.AccessToken); var websiteClient = new WebSiteManagementClient(model.ManagementEndpoint, creds); websiteClient.SubscriptionId = model.SubscriptionId.ToString(); return(websiteClient); }
public KuduRestClient(IAzureWebAppEnvironment azureEnvironment, string publishingUserName, string publishingPassword) { this.webAppName = string.IsNullOrEmpty(azureEnvironment.SiteSlotName) ? azureEnvironment.WebAppName : azureEnvironment.WebAppName + "-" + azureEnvironment.SiteSlotName; this.publishingUserName = publishingUserName; this.publishingPassword = publishingPassword; this.baseUri = $"https://{this.webAppName}.scm.{azureEnvironment.AzureWebSitesDefaultDomainName}"; this.client = new HttpClient(); client.BaseAddress = new System.Uri(baseUri); client.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", CreateToken()); }
public static HttpClient GetHttpClient(IAzureWebAppEnvironment model) { AuthenticationResult token = GetToken(model); var client = new HttpClient(); client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token.AccessToken); client.BaseAddress = model.ManagementEndpoint; return(client); }
public static async Task <HttpClient> GetHttpClient(IAzureWebAppEnvironment model) { AuthenticationResult token = await GetToken(model); var client = HttpClientFactory.Create(new HttpClientHandler(), new TimeoutHandler()); client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token.AccessToken); client.BaseAddress = model.ManagementEndpoint; return(client); }
/// <summary> /// For backwards compatability /// </summary> /// <param name="config"></param> public CertificateManager(AppSettingsAuthConfig config) { this.settings = config; this.acmeConfig = config; this.challengeProvider = new KuduFileSystemAuthorizationChallengeProvider(this.settings, new AuthorizationChallengeProviderConfig() { DisableWebConfigUpdate = config.DisableWebConfigUpdate }); this.certificateService = new WebAppCertificateService(this.settings, new CertificateServiceSettings() { UseIPBasedSSL = config.UseIPBasedSSL }); }
/// <summary> /// For backwards compatability /// </summary> /// <param name="config"></param> public CertificateManager(AppSettingsAuthConfig config) { this.settings = config; this.acmeConfig = config; string storageAccount = AuthorizationChallengeBlobStorageAccount(); if (string.IsNullOrEmpty(storageAccount)) { this.challengeProvider = new KuduFileSystemAuthorizationChallengeProvider(this.settings, new AuthorizationChallengeProviderConfig() { DisableWebConfigUpdate = config.DisableWebConfigUpdate }); } else { this.challengeProvider = NewBlobStorageAuthorizationChallengeProvider(); } this.certificateService = new WebAppCertificateService(this.settings, new CertificateServiceSettings() { UseIPBasedSSL = config.UseIPBasedSSL }); }
public static KuduRestClient GetKuduClient(this WebSiteManagementClient client, IAzureWebAppEnvironment settings) { var user = client.WebApps.GetPublsihingCredentialSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName); return(new KuduRestClient(settings, user.PublishingUserName, user.PublishingPassword)); }
/// <summary> /// Returns a <see cref="CertificateManager"/> configured to use HTTP Challenge, placing the challenge file on Azure Web App /// using Kudu, and assigning the obtained certificate directly to the web app service. /// </summary> /// <param name="settings"></param> /// <param name="acmeConfig"></param> /// <param name="certSettings"></param> /// <param name="authProviderConfig"></param> /// <returns></returns> public static CertificateManager CreateKuduWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAuthorizationChallengeProviderConfig authProviderConfig) { return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new KuduFileSystemAuthorizationChallengeProvider(settings, authProviderConfig))); }
/// <summary> /// Returns a <see cref="CertificateManager"/> configured to use HTTP Challenge, placing the challenge file on Azure Blob Storage, /// and assigning the obtained certificate directly to the web app service. /// </summary> /// <param name="settings"></param> /// <param name="acmeConfig"></param> /// <param name="certSettings"></param> /// <returns></returns> public static CertificateManager CreateBlobWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings) { return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), NewBlobStorageAuthorizationChallengeProvider())); }
public static async Task<IReadOnlyList<string>> GetNonExpiringLetsEncryptHostNames(IAzureWebAppEnvironment webAppEnvironment, bool staging, int renewXNumberOfDaysBeforeExpiration) { Site site; using (var client = await ArmHelper.GetWebSiteManagementClient(webAppEnvironment).ConfigureAwait(false)) { var webAppName = webAppEnvironment.WebAppName; var resourceGroupName = webAppEnvironment.ResourceGroupName; var siteSlotName = webAppEnvironment.SiteSlotName; Trace.TraceInformation( "Getting Web App '{0}' (slot '{1}') from resource group '{2}'", webAppName, siteSlotName, resourceGroupName); site = client.WebApps.GetSiteOrSlot(resourceGroupName, webAppName, siteSlotName); if (site == null) { throw new InvalidOperationException( $"Could not find web app '{webAppName}' (slot '{siteSlotName}') under Resource Groups '{resourceGroupName}'"); } } using (var httpClient = await ArmHelper.GetHttpClient(webAppEnvironment).ConfigureAwait(false)) { var certRequestUri = $"/subscriptions/{webAppEnvironment.SubscriptionId}/providers/Microsoft.Web/certificates?api-version=2016-03-01"; Trace.TraceInformation("GET {0}", certRequestUri); var response = await ArmHelper.ExponentialBackoff().ExecuteAsync(() => httpClient.GetAsync(new Uri(certRequestUri, UriKind.Relative))).ConfigureAwait(false); Trace.TraceInformation("Reading ARM certificate query response"); var body = await response.EnsureSuccessStatusCode().Content.ReadAsStringAsync().ConfigureAwait(false); var letsEncryptIssuerNames = staging ? s_letsEncrypStagingtIssuerNames : s_letsEncryptIssuerNames; var letsEncryptNonExpiringCerts = ExtractCertificates(body).Where(cert => letsEncryptIssuerNames.Contains(cert.Issuer) && cert.ExpirationDate > DateTime.UtcNow.AddDays(renewXNumberOfDaysBeforeExpiration)); var letsEncryptNonExpiringThumbprints = new HashSet<string>(letsEncryptNonExpiringCerts.Select(c => c.Thumbprint)); return site.HostNameSslStates.Where(ssl => letsEncryptNonExpiringThumbprints.Contains(ssl.Thumbprint)).Select(ssl => ssl.Name).ToArray(); } }
public static async Task <WebSiteManagementClient> GetWebSiteManagementClient(IAzureWebAppEnvironment model) { AuthenticationResult token = await GetToken(model); var creds = new TokenCredentials(token.AccessToken); var websiteClient = new WebSiteManagementClient(model.ManagementEndpoint, creds, new TraceLoggingHandler()); websiteClient.SubscriptionId = model.SubscriptionId.ToString(); return(websiteClient); }
public WebAppCertificateService(IAzureWebAppEnvironment azureEnvironment, IWebAppCertificateSettings settings) { this.azureEnvironment = azureEnvironment; this.settings = settings; }
public LocalFileSystemAuthorizationChallengeProvider(IAzureWebAppEnvironment azureEnvironment, IAuthorizationChallengeProviderConfig config) { this.azureEnvironment = azureEnvironment; this.config = config; }
/// <summary> /// TODO; should also work for APP service environment, which uses a different format for scm site uri https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/08/how-to-access-kudu-scm-for-an-azure-app-service-environment-ase/ /// </summary> /// <param name="defaultHostName"></param> /// <param name="settings"></param> /// <returns></returns> public static Uri MakeScmUri(string defaultHostName, IAzureWebAppEnvironment settings) { var i = defaultHostName.IndexOf("." + settings.AzureWebSitesDefaultDomainName); return new Uri($"https://{defaultHostName.Insert(i, ".scm")}"); }
/// <summary> /// Returns a <see cref="CertificateManager"/> configured to use DNS Challenge, placing the challenge record in Azure DNS, /// and assigning the obtained certificate directly to the web app service. /// </summary> /// <param name="settings"></param> /// <param name="acmeConfig"></param> /// <param name="certSettings"></param> /// <param name="dnsEnvironment"></param> /// <returns></returns> public static CertificateManager CreateAzureDnsWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAzureDnsEnvironment dnsEnvironment) { return(new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment))); }
public PathProvider(IAzureWebAppEnvironment azureEnvironment) { this.azureEnvironment = azureEnvironment; }
public static KuduRestClient GetKuduClient(this WebSiteManagementClient client, IAzureWebAppEnvironment settings) { var user = client.WebApps.GetPublsihingCredentialSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName); var site = client.WebApps.GetSiteOrSlot(settings.ResourceGroupName, settings.WebAppName, settings.SiteSlotName); var defaultHostName = site.DefaultHostName; return new KuduRestClient(MakeScmUri(defaultHostName,settings), user.PublishingUserName, user.PublishingPassword); }