/// <summary> /// ProcessRecord /// </summary> protected override void ProcessRecord() { Data.KeyVault KeyVault = KeyVaultHelper.GetItemThrow(null, VaultName, true); if (!(String.IsNullOrEmpty(KeyVault.Thumbprint))) { WriteError( (new PSAdminException(PSAdminExceptionType.ParameterDefined, String.Format("in KeyVault '{0}' with the name of '{1}'", VaultName, Thumbprint))).GetErrorRecord() ); return; } Data.KeyVaultCertificate[] SearchCertificate = KeyVaultCertificateHelper.GetItemsThrow(null, KeyVault.VaultName, null, Thumbprint, null, false, true); X509Certificate2 x509 = (X509Certificate2)SearchCertificate[0].Certificate; if ((x509.HasPrivateKey == false) || (x509.PrivateKey == null)) { WriteError( (new PSAdminException(PSAdminExceptionType.CertificatePrivateKey, Thumbprint)).GetErrorRecord() ); return; } Hashtable filter = new Hashtable { { "Id", KeyVault.Id }, { "VaultName", KeyVault.VaultName }, }; Hashtable row = new Hashtable { { "Thumbprint", x509.Thumbprint }, { "VaultKey", ((RSACryptoServiceProvider)x509.PublicKey.Key).Encrypt(KeyVault.VaultKey, true) } }; bool issuccessful = KeyVaultHelper.SetItemsThrow(row, filter, true); }
/// <summary> /// Process Record /// </summary> protected override void ProcessRecord() { Data.KeyVault KeyVault = KeyVaultHelper.GetItemThrow(null, VaultName, true); Data.KeyVaultCertificate[] SearchCertificate = KeyVaultCertificateHelper.GetItemsThrow(null, VaultName, Name, null, null, false, true); // Note: This will only ever return one item foreach (Data.KeyVaultCertificate Certificate in SearchCertificate) { X509Certificate2 x509 = (X509Certificate2)Certificate.Certificate; byte[] CertificateByteArray = x509.Export(X509ContentType.Pkcs12, Password); x509.Dispose(); switch (ParameterSetName) { case ImportFromFileParameterSetName: File.WriteAllBytes(FileName, CertificateByteArray); break; case ImportFromStringParameterSetName: WriteObject( Convert.ToBase64String(CertificateByteArray) ); break; default: WriteError( (new PSAdminException(PSAdminExceptionType.ParameterSetNotFound, Name, "Name")).GetErrorRecord() ); return; } } }
/// <summary> /// Process Record /// </summary> protected override void ProcessRecord() { Data.KeyVaultCertificate[] results = KeyVaultCertificateHelper.GetItems(Id, VaultName, Name, Thumbprint, Tags, Export, Exact); // Unroll the object foreach (Data.KeyVaultCertificate result in results) { WriteObject(result); } }
public InvitationController(IOptions <AppSettingsModel> appSettings, KeyVaultCertificateHelper keyVaultCertificateHelper, IEmailSender mailSender, ILogger <InvitationController> logger) { _appSettings = appSettings?.Value ?? throw new ArgumentNullException(nameof(appSettings)); _keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper)); _mailSender = mailSender ?? throw new ArgumentNullException(nameof(mailSender)); _logger = logger; }
public HomeController( IOptions <AppSettingsModel> appSettings, IWebHostEnvironment hostingEnvironment, KeyVaultCertificateHelper keyVaultCertificateHelper, IEmailSender mailSender, ILogger <HomeController> logger) { _appSettings = appSettings?.Value ?? throw new ArgumentNullException(nameof(appSettings)); _hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(hostingEnvironment)); _keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper)); _mailSender = mailSender ?? throw new ArgumentNullException(nameof(mailSender)); _logger = logger; }
/// <summary> /// Process Record /// </summary> protected override void ProcessRecord() { KeyVaultHelper.GetItemsThrow(null, VaultName, !Match); Data.KeyVaultCertificate[] certificates = KeyVaultCertificateHelper.GetItemsThrow(Id, VaultName, Name, Thumbprint, null, false, !Match); // Unroll the object foreach (Data.KeyVaultCertificate certificate in certificates) { if (!ShouldProcess(certificate.Name, "Remove")) { continue; } KeyVaultCertificateHelper.RemoveItemThrow(certificate.Id, certificate.VaultName, certificate.Name, !Match); } }
public OidcController(KeyVaultCertificateHelper keyVaultCertificateHelper) { _keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper)); }
/// <summary> /// Process Record /// </summary> protected override void ProcessRecord() { KeyVaultHelper.GetItemThrow(null, VaultName, true); KeyVaultCertificateHelper.ThrowIfItemExists(null, VaultName, Name, null, null, false, true); byte[] CertificateByteArray; switch (ParameterSetName) { case ImportFromFileParameterSetName: CertificateByteArray = File.ReadAllBytes(FileName); break; case ImportFromStringParameterSetName: CertificateByteArray = Convert.FromBase64String(CertificateString); break; default: WriteError( (new PSAdminException(PSAdminExceptionType.ParameterSetNotFound, Name, "Name")).GetErrorRecord() ); return; } X509Certificate2 x509 = new X509Certificate2(CertificateByteArray, Password, X509KeyStorageFlags.Exportable); /* * // Certificate should NOT throw if Private Key is not available. * if (x509.HasPrivateKey) * { * x509.Dispose(); * WriteError( * PSAdminException.Create(KevinExceptions.CertificateRequiresPrivateKey) * ); * } */ byte[] rawcert = x509.Export(X509ContentType.Pkcs12, x509.Thumbprint); Hashtable item = new Hashtable { { "Id", Guid.NewGuid().ToString().Replace("-", "") }, { "VaultName", VaultName }, { "Name", Name }, { "Version", Version }, { "Enabled", true }, { "DeletedDate", null }, { "RecoveryLevel", RecoveryLevel }, { "Created", DateTime.UtcNow }, { "Updated", DateTime.UtcNow }, { "NotBefore", x509.NotBefore }, { "Expires", x509.NotAfter }, { "ScheduledPurgeDate", ScheduledPurgeDate }, { "SecretId", x509.SerialNumber }, { "KeyId", x509.SerialNumber }, { "Certificate", rawcert }, { "Thumbprint", x509.Thumbprint }, { "Tags", (Tags != null) ? String.Join(";", Tags) : null } }; x509.Dispose(); bool issuccessful = Call(item); if (!issuccessful) { WriteError( (new PSAdminException(PSAdminExceptionType.RowCreate)).GetErrorRecord() ); } if (Passthru) { Data.KeyVaultCertificate[] results = KeyVaultCertificateHelper.GetItems(null, VaultName, Name, null, null, false, true); // Unroll the object foreach (Data.KeyVaultCertificate result in results) { WriteObject(result); } } }
public static async Task Run([TimerTrigger("0 17 23 * * *")] TimerInfo myTimer, ILogger log, ExecutionContext executionContext) { log.LogInformation($"C# Timer trigger function executed at: {DateTime.Now}"); string subscriptionId = Environment.GetEnvironmentVariable("SubscriptionId"); var config = new ConfigurationBuilder() .SetBasePath(executionContext.FunctionAppDirectory) .AddJsonFile("local.settings.json", optional: true, reloadOnChange: true) .AddEnvironmentVariables() .Build(); var certificateDetails = new List <CertificateRenewalInputModel>(); config.GetSection("CertificateDetails").Bind(certificateDetails); foreach (var certifcate in certificateDetails) { log.LogInformation($"Processing certificate - {certifcate.DomainName}"); var acmeHelper = new AcmeHelper(log); var certificateHelper = new KeyVaultCertificateHelper(certifcate.KeyVaultName); await InitAcme(log, certifcate, acmeHelper); string domainName = certifcate.DomainName; if (domainName.StartsWith("*")) { domainName = domainName.Substring(1); } log.LogInformation($"Calculated domain name is {domainName}"); string keyVaultCertificateName = domainName.Replace(".", ""); log.LogInformation($"Getting expiry for {keyVaultCertificateName} in Key Vault certifictes"); var certificateExpiry = await certificateHelper.GetCertificateExpiryAsync(keyVaultCertificateName); if (certificateExpiry.HasValue && certificateExpiry.Value.Subtract(DateTime.UtcNow).TotalDays > 7) { log.LogInformation("No certificates to renew."); continue; } log.LogInformation("Creating order for certificates"); await acmeHelper.CreateOrderAsync(certifcate.DomainName); log.LogInformation("Authorization created"); await FetchAndCreateDnsRecords(log, subscriptionId, certifcate, acmeHelper, domainName); log.LogInformation("Validating DNS challenge"); await acmeHelper.ValidateDnsAuthorizationAsync(); log.LogInformation("Challenge validated"); string password = Guid.NewGuid().ToString(); var pfx = await acmeHelper.GetPfxCertificateAsync(password, certifcate.CertificateCountryName, certifcate.CertificateState, certifcate.CertificateLocality, certifcate.CertificateOrganization, certifcate.CertificateOrganizationUnit, certifcate.DomainName, domainName); log.LogInformation("Certificate built"); (string certificateName, string certificateVerison) = await certificateHelper.ImportCertificate(keyVaultCertificateName, pfx, password); log.LogInformation("Certificate imported"); var cdnHelper = new CdnHelper(subscriptionId); await cdnHelper.EnableHttpsForCustomDomain(certifcate.CdnResourceGroup, certifcate.CdnProfileName, certifcate.CdnEndpointName, certifcate.CdnCustomDomainName, certificateName, certificateVerison, certifcate.KeyVaultName); log.LogInformation("HTTPS enabling started"); } }