/// <summary>
/// Background CleanUp method
/// </summary>
private void CleanUpMethod()
{
using (_canceller.Token.Register(Thread.CurrentThread.Abort))
{
while (!_mustexit)
{
try
{
int res = Certs.CleanOrphanedPrivateKeys();
if (res > 0)
{
_service.EventLog.WriteEntry(string.Format("{0} orphaned certificates private keys deleted.", res), EventLogEntryType.Error, 1010);
}
Thread.Sleep(new TimeSpan(0, 0, _minutes, 0));
}
catch (ThreadAbortException)
{
_mustexit = true;
return;
}
catch (Exception ex)
{
_service.EventLog.WriteEntry(string.Format("error on CleanUp Keys : {0}.", ex.Message), EventLogEntryType.Error, 1011);
}
}
}
}
/// <summary>
/// CreateCertificate implementation
/// </summary>
public override X509Certificate2 CreateCertificate(string upn, string password, int validity)
{
string pass = string.Empty;
if (!string.IsNullOrEmpty(password))
{
pass = password;
}
return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass));
}
/// <summary>
/// CreateCertificate method implmentation
/// </summary>
public override X509Certificate2 CreateCertificate(string upn, int validity, bool generatepassword = false)
{
string pass = string.Empty;
string strcert = string.Empty;
if (generatepassword)
{
pass = CheckSumEncoding.CheckSumAsString(upn);
}
return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass));
}
/// <summary>
/// CleanOrphanedPrivateKeys method implmentation
/// </summary>
internal static int CleanOrphanedPrivateKeys()
{
EnsureService();
try
{
return(Certs.CleanOrphanedPrivateKeys());
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// UpdateCertificatesACL method implementation
/// </summary>
internal static bool UpdateCertificatesACL()
{
EnsureService();
try
{
return(Certs.UpdateCertificatesACL());
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// GetClientCredentials method implmentation
/// </summary>
private void GetClientCredentials()
{
try
{
X509Certificate2 azureCertificate = Certs.GetCertificate(this._thumbprint, StoreLocation.LocalMachine);
this._clientAssertion = new ADAL.ClientAssertionCertificate(this._clientId, azureCertificate);
this._certTimestamp = DateTime.Now.ToUniversalTime();
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// CreateCertificate method implmentation
/// </summary>
private X509Certificate2 CreateCertificate(string upn, int validity, out string strcert)
{
strcert = Certs.CreateSelfSignedCertificateAsString(upn.ToLower(), validity);
X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(strcert), "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
if (Certs.RemoveSelfSignedCertificate(cert))
{
return(cert);
}
else
{
return(null);
}
}
public static async Task <HttpResponseMessage> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("Get Groups using Azure.Identity...");
#if DEBUG
log.LogInformation("Using client credentials");
X509Certificate2 cert = Certs.GetCertificateFromStore(Configuration.LocalDevCertName);
var credential = new ClientCertificateCredential(Configuration.LocalDevTenantId, Configuration.LocalDevAppId, cert);
#else
log.LogInformation("Using Managed identity credentials");
var credential = new ManagedIdentityCredential();
#endif
try
{
var accessTokenRequest = await credential.GetTokenAsync(
new TokenRequestContext(scopes : new string[] { "https://graph.microsoft.com/.default" }) { }
);
var accessToken = accessTokenRequest.Token;
//log.LogInformation(accessToken);
var httpClient = new HttpClient()
{
DefaultRequestHeaders =
{
Authorization = new AuthenticationHeaderValue("Bearer", accessToken)
}
};
var result = await httpClient.GetStringAsync("https://graph.microsoft.com/v1.0/groups");
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(result, Encoding.UTF8, "application/json")
});
}
catch (AuthenticationFailedException ex)
{
log.LogError($"Authentication Failed. {ex.Message}");
return(null);
}
}
/// <summary>
/// CreateCertificate method implmentation
/// </summary>
public override X509Certificate2 CreateCertificate(string upn, int validity, out string strcert, bool generatepassword = false)
{
string pass = string.Empty;
if (generatepassword)
{
pass = Utilities.CheckSumAsString(upn);
}
strcert = Certs.CreateSelfSignedCertificateAsString(upn.ToLower(), validity, pass);
X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(strcert), pass, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
if (Certs.RemoveSelfSignedCertificate(cert))
{
return(cert);
}
else
{
return(null);
}
}
protected void Page_Load(object sender, EventArgs e)
{
certs = new Certs();
if (Request.QueryString["ImgType"] != "Multiple")
{
_pageURL = "http://10.1.35.247:85/LibertyIMS::/anon/Cmd%3DXmlGetRequest%3BName%3D%232b6%3BNoUI%3D1%3BF0%3D" + Request.QueryString["ItemNo"].ToString() + "%3BF2%3D" + Request.QueryString["LotNo"].ToString();
}
else
{
if (Request.QueryString["IUrl"] != null)
{
_pageURL = Server.UrlDecode(Request.QueryString["IUrl"].ToString());
}
else
{
_pageURL = Session["ImgURL"].ToString();
}
}
GetImage(_pageURL);
}
/// <summary>
/// HTTP ONLY
/// </summary>
/// <param name="url"></param>
public static RpcClient Initialize(Uri url, string cerFilePath = null, WebProxy proxy = null)
{
var iocContainer = new TinyIoC.TinyIoCContainer();
iocContainer.Register <IWsDataSerializer, ProtoBufRpcDataSerializer>(new ProtoBufRpcDataSerializer(), "default");
iocContainer.Register <IRpcDataSerializer, HttpMultipartSerializer>(new HttpMultipartSerializer(), "default");
iocContainer.Register <IRpcHeadSerializer, JsonRpcHeadSerializer>(new JsonRpcHeadSerializer(), "default");
var _proxyFactory = new RpcDynamicProxyFactory(url, proxy, iocContainer);
var websocketServer = "";
var client = new RpcClient(_proxyFactory, proxy, iocContainer);
if (!string.IsNullOrEmpty(cerFilePath))
{
if (!System.IO.File.Exists(cerFilePath))
{
throw new Exception("the cer file you provided is not exists. " + Path.GetFileName(cerFilePath));
}
client.AddCertForHttps(cerFilePath);
}
if (url.Scheme == ("https"))
{
websocketServer = url.AbsoluteUri.Replace("https://", "wss://");
if (!Certs.Any())
{
throw new Exception("you should provide a cert when using https.");
}
}
else
{
websocketServer = url.AbsoluteUri.Replace("http://", "ws://");
}
var cb = new RemoteCertificateValidationCallback(client.RemoteCertificateValidationCallback);
_proxyFactory.ServerCertificateValidationCallback = cb;
_proxyFactory.websocketServer = websocketServer;
return(client);
}
protected void Page_Load(object sender, EventArgs e)
{
certFileName = "Cert_" + HttpContext.Current.Session.SessionID.ToString() + ".jpg";
certs = new Certs();
}
public override void WriteYaml(StreamWriter writer, AssetManager assetManager, ILoggerFactory loggerFactory,
int indent = 0)
{
var spaces = "".PadLeft(indent);
writer.Write($"{spaces}aks:\n");
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}clusterName: {ClusterName}\n");
writer.Write($"{spaces}dnsPrefix: {DnsPrefix}\n");
writer.Write($"{spaces}version: {Version}\n");
writer.Write($"{spaces}vmSize: {VmSize}\n");
writer.Write($"{spaces}nodeCount: {NodeCount}\n");
writer.Write($"{spaces}ownerUpn: {AksOwnerAadUpn}\n");
writer.Write($"{spaces}access:\n");
if (Readers?.Any() == true)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}readers:");
spaces = "".PadLeft(indent + 6);
foreach (var aadIdentity in Readers)
{
writer.Write($"{spaces}name: {aadIdentity.Name}\n");
writer.Write($"{spaces}type: {aadIdentity.Type}\n");
}
}
if (Contributors?.Any() == true)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}contributors:");
spaces = "".PadLeft(indent + 6);
foreach (var aadIdentity in Contributors)
{
writer.Write($"{spaces}name: {aadIdentity.Name}\n");
writer.Write($"{spaces}type: {aadIdentity.Type}\n");
}
}
if (Owners?.Any() == true)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}owners:");
spaces = "".PadLeft(indent + 6);
foreach (var aadIdentity in Owners)
{
writer.Write($"{spaces}name: {aadIdentity.Name}\n");
writer.Write($"{spaces}type: {aadIdentity.Type}\n");
}
}
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}useDevSpaces: {UseDevSpaces}\n");
writer.Write($"{spaces}useTerraform: {UseTerraform}\n");
writer.Write($"{spaces}useIstio: {UseIstio}\n");
writer.Write($"{spaces}useCertManager: {UseCertManager}\n");
if (KeyVaultAccess?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}keyVaultAccess:\n");
foreach (var option in KeyVaultAccess)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- {option}\n");
}
}
if (Metrics?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}metrics:\n");
foreach (var option in Metrics)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- {option}\n");
}
}
if (Logging?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}logging:\n");
foreach (var option in Logging)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- {option}\n");
}
}
if (Tracing?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}tracing:\n");
foreach (var option in Tracing)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- {option}\n");
}
}
if (Ingress?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}ingress:\n");
foreach (var option in Ingress)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- {option}\n");
}
}
if (Certs?.Any() == true)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}certs:\n");
foreach (var cert in Certs)
{
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}- name: {cert.Name}\n");
if (!string.IsNullOrEmpty(cert.Type))
{
writer.Write($"{spaces} type: {cert.Type}\n");
}
}
}
if (Secrets != null)
{
spaces = "".PadLeft(indent + 2);
writer.Write($"{spaces}secrets:\n");
spaces = "".PadLeft(indent + 4);
writer.Write($"{spaces}addContainerRegistryAccess: {Secrets.AddContainerRegistryAccess}\n");
writer.Write($"{spaces}addKeyVaultAccess: {Secrets.AddKeyVaultAccess}\n");
writer.Write($"{spaces}addAppInsightsKey: {Secrets.AddAppInsightsKey}\n");
}
}
