private static async Task RotatePasswordCoreAsync( CredentialRotatePayload payload, StringBuilder executionLogs, Dictionary <string, string> context, AzDoService azdo, Payloads.AzureDevOps.VstsServiceEndpoint endpoint, GraphServiceClient graph, Application application, DateTimeOffset now, PasswordCredential oldPassCred) { var newPassCred = await graph.Applications[application.Id] .AddPassword(new PasswordCredential { DisplayName = $"AutoGen: {now}", Hint = $"AutoGen: {now}", StartDateTime = now, EndDateTime = now.AddDays(payload.LifeTimeInDays) }) .Request().PostAsync(); endpoint.Authorization.Parameters.Serviceprincipalkey = newPassCred.SecretText; await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint); context.Add("Secret Id", newPassCred.KeyId.ToString()); context.Add("Secret Start Time", newPassCred.StartDateTime.ToString()); context.Add("Secret End Time", newPassCred.EndDateTime.ToString()); await graph .Applications[application.Id] .RemovePassword(oldPassCred.KeyId.Value) .Request().PostAsync(); executionLogs.AppendLine($"App ({application.DisplayName}) password credentail ({oldPassCred.KeyId.Value}) deleted successfully"); context.Add("Deleted Secret Id", oldPassCred.KeyId.ToString()); }
private static async Task RotateCertificateCoreAsync( CredentialRotatePayload payload, StringBuilder executionLogs, Dictionary <string, string> context, AzDoService azdo, Payloads.AzureDevOps.VstsServiceEndpoint endpoint, GraphServiceClient graph, Application application, DateTimeOffset now) { var selfSignedCertificate = CertificateUtils.CreateSelfSignedCertificateAsync(validForDays: payload.LifeTimeInDays); var certificateCredentail = new KeyCredential { StartDateTime = now, EndDateTime = now.AddDays(payload.LifeTimeInDays), Type = "AsymmetricX509Cert", Usage = "Verify", Key = CertificateUtils.GetPfxAsBytes(selfSignedCertificate) }; var app = new Application { KeyCredentials = new List <KeyCredential> { certificateCredentail } }; await graph.Applications[application.Id].Request().UpdateAsync(app); endpoint.Authorization.Parameters .ServicePrincipalCertificate = CertificateUtils.GeneratePEMWithPrivateKeyAsString(selfSignedCertificate); await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint); context.Add("Certificate Key Id", certificateCredentail.KeyId.ToString()); context.Add("Certificate Start Time", certificateCredentail.StartDateTime.ToString()); context.Add("Certificate End Time", certificateCredentail.EndDateTime.ToString()); context.Add("Certificate Thumbprint", selfSignedCertificate.Thumbprint); }