/// <summary>
/// ProcessRecord
/// </summary>
protected override void ProcessRecord()
{
Data.KeyVault KeyVault = KeyVaultHelper.GetItemThrow(null, VaultName, true);
if (!(String.IsNullOrEmpty(KeyVault.Thumbprint)))
{
WriteError(
(new PSAdminException(PSAdminExceptionType.ParameterDefined, String.Format("in KeyVault '{0}' with the name of '{1}'", VaultName, Thumbprint))).GetErrorRecord()
);
return;
}
Data.KeyVaultCertificate[] SearchCertificate = KeyVaultCertificateHelper.GetItemsThrow(null, KeyVault.VaultName, null, Thumbprint, null, false, true);
X509Certificate2 x509 = (X509Certificate2)SearchCertificate[0].Certificate;
if ((x509.HasPrivateKey == false) || (x509.PrivateKey == null))
{
WriteError(
(new PSAdminException(PSAdminExceptionType.CertificatePrivateKey, Thumbprint)).GetErrorRecord()
);
return;
}
Hashtable filter = new Hashtable {
{ "Id", KeyVault.Id },
{ "VaultName", KeyVault.VaultName },
};
Hashtable row = new Hashtable {
{ "Thumbprint", x509.Thumbprint },
{ "VaultKey", ((RSACryptoServiceProvider)x509.PublicKey.Key).Encrypt(KeyVault.VaultKey, true) }
};
bool issuccessful = KeyVaultHelper.SetItemsThrow(row, filter, true);
}
/// <summary>
/// Process Record
/// </summary>
protected override void ProcessRecord()
{
Data.KeyVault KeyVault = KeyVaultHelper.GetItemThrow(null, VaultName, true);
Data.KeyVaultCertificate[] SearchCertificate = KeyVaultCertificateHelper.GetItemsThrow(null, VaultName, Name, null, null, false, true);
// Note: This will only ever return one item
foreach (Data.KeyVaultCertificate Certificate in SearchCertificate)
{
X509Certificate2 x509 = (X509Certificate2)Certificate.Certificate;
byte[] CertificateByteArray = x509.Export(X509ContentType.Pkcs12, Password);
x509.Dispose();
switch (ParameterSetName)
{
case ImportFromFileParameterSetName:
File.WriteAllBytes(FileName, CertificateByteArray);
break;
case ImportFromStringParameterSetName:
WriteObject(
Convert.ToBase64String(CertificateByteArray)
);
break;
default:
WriteError(
(new PSAdminException(PSAdminExceptionType.ParameterSetNotFound, Name, "Name")).GetErrorRecord()
);
return;
}
}
}
/// <summary>
/// Process Record
/// </summary>
protected override void ProcessRecord()
{
Data.KeyVaultCertificate[] results = KeyVaultCertificateHelper.GetItems(Id, VaultName, Name, Thumbprint, Tags, Export, Exact);
// Unroll the object
foreach (Data.KeyVaultCertificate result in results)
{
WriteObject(result);
}
}
public InvitationController(IOptions <AppSettingsModel> appSettings,
KeyVaultCertificateHelper keyVaultCertificateHelper,
IEmailSender mailSender,
ILogger <InvitationController> logger)
{
_appSettings = appSettings?.Value ?? throw new ArgumentNullException(nameof(appSettings));
_keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper));
_mailSender = mailSender ?? throw new ArgumentNullException(nameof(mailSender));
_logger = logger;
}
public HomeController(
IOptions <AppSettingsModel> appSettings,
IWebHostEnvironment hostingEnvironment,
KeyVaultCertificateHelper keyVaultCertificateHelper,
IEmailSender mailSender,
ILogger <HomeController> logger)
{
_appSettings = appSettings?.Value ?? throw new ArgumentNullException(nameof(appSettings));
_hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(hostingEnvironment));
_keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper));
_mailSender = mailSender ?? throw new ArgumentNullException(nameof(mailSender));
_logger = logger;
}
/// <summary>
/// Process Record
/// </summary>
protected override void ProcessRecord()
{
KeyVaultHelper.GetItemsThrow(null, VaultName, !Match);
Data.KeyVaultCertificate[] certificates = KeyVaultCertificateHelper.GetItemsThrow(Id, VaultName, Name, Thumbprint, null, false, !Match);
// Unroll the object
foreach (Data.KeyVaultCertificate certificate in certificates)
{
if (!ShouldProcess(certificate.Name, "Remove"))
{
continue;
}
KeyVaultCertificateHelper.RemoveItemThrow(certificate.Id, certificate.VaultName, certificate.Name, !Match);
}
}
public OidcController(KeyVaultCertificateHelper keyVaultCertificateHelper)
{
_keyVaultCertificateHelper = keyVaultCertificateHelper ?? throw new ArgumentNullException(nameof(keyVaultCertificateHelper));
}
/// <summary>
/// Process Record
/// </summary>
protected override void ProcessRecord()
{
KeyVaultHelper.GetItemThrow(null, VaultName, true);
KeyVaultCertificateHelper.ThrowIfItemExists(null, VaultName, Name, null, null, false, true);
byte[] CertificateByteArray;
switch (ParameterSetName)
{
case ImportFromFileParameterSetName:
CertificateByteArray = File.ReadAllBytes(FileName);
break;
case ImportFromStringParameterSetName:
CertificateByteArray = Convert.FromBase64String(CertificateString);
break;
default:
WriteError(
(new PSAdminException(PSAdminExceptionType.ParameterSetNotFound, Name, "Name")).GetErrorRecord()
);
return;
}
X509Certificate2 x509 = new X509Certificate2(CertificateByteArray, Password, X509KeyStorageFlags.Exportable);
/*
* // Certificate should NOT throw if Private Key is not available.
* if (x509.HasPrivateKey)
* {
* x509.Dispose();
* WriteError(
* PSAdminException.Create(KevinExceptions.CertificateRequiresPrivateKey)
* );
* }
*/
byte[] rawcert = x509.Export(X509ContentType.Pkcs12, x509.Thumbprint);
Hashtable item = new Hashtable {
{ "Id", Guid.NewGuid().ToString().Replace("-", "") },
{ "VaultName", VaultName },
{ "Name", Name },
{ "Version", Version },
{ "Enabled", true },
{ "DeletedDate", null },
{ "RecoveryLevel", RecoveryLevel },
{ "Created", DateTime.UtcNow },
{ "Updated", DateTime.UtcNow },
{ "NotBefore", x509.NotBefore },
{ "Expires", x509.NotAfter },
{ "ScheduledPurgeDate", ScheduledPurgeDate },
{ "SecretId", x509.SerialNumber },
{ "KeyId", x509.SerialNumber },
{ "Certificate", rawcert },
{ "Thumbprint", x509.Thumbprint },
{ "Tags", (Tags != null) ? String.Join(";", Tags) : null }
};
x509.Dispose();
bool issuccessful = Call(item);
if (!issuccessful)
{
WriteError(
(new PSAdminException(PSAdminExceptionType.RowCreate)).GetErrorRecord()
);
}
if (Passthru)
{
Data.KeyVaultCertificate[] results = KeyVaultCertificateHelper.GetItems(null, VaultName, Name, null, null, false, true);
// Unroll the object
foreach (Data.KeyVaultCertificate result in results)
{
WriteObject(result);
}
}
}
public static async Task Run([TimerTrigger("0 17 23 * * *")] TimerInfo myTimer, ILogger log, ExecutionContext executionContext)
{
log.LogInformation($"C# Timer trigger function executed at: {DateTime.Now}");
string subscriptionId = Environment.GetEnvironmentVariable("SubscriptionId");
var config = new ConfigurationBuilder()
.SetBasePath(executionContext.FunctionAppDirectory)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
var certificateDetails = new List <CertificateRenewalInputModel>();
config.GetSection("CertificateDetails").Bind(certificateDetails);
foreach (var certifcate in certificateDetails)
{
log.LogInformation($"Processing certificate - {certifcate.DomainName}");
var acmeHelper = new AcmeHelper(log);
var certificateHelper = new KeyVaultCertificateHelper(certifcate.KeyVaultName);
await InitAcme(log, certifcate, acmeHelper);
string domainName = certifcate.DomainName;
if (domainName.StartsWith("*"))
{
domainName = domainName.Substring(1);
}
log.LogInformation($"Calculated domain name is {domainName}");
string keyVaultCertificateName = domainName.Replace(".", "");
log.LogInformation($"Getting expiry for {keyVaultCertificateName} in Key Vault certifictes");
var certificateExpiry = await certificateHelper.GetCertificateExpiryAsync(keyVaultCertificateName);
if (certificateExpiry.HasValue && certificateExpiry.Value.Subtract(DateTime.UtcNow).TotalDays > 7)
{
log.LogInformation("No certificates to renew.");
continue;
}
log.LogInformation("Creating order for certificates");
await acmeHelper.CreateOrderAsync(certifcate.DomainName);
log.LogInformation("Authorization created");
await FetchAndCreateDnsRecords(log, subscriptionId, certifcate, acmeHelper, domainName);
log.LogInformation("Validating DNS challenge");
await acmeHelper.ValidateDnsAuthorizationAsync();
log.LogInformation("Challenge validated");
string password = Guid.NewGuid().ToString();
var pfx = await acmeHelper.GetPfxCertificateAsync(password, certifcate.CertificateCountryName, certifcate.CertificateState, certifcate.CertificateLocality,
certifcate.CertificateOrganization, certifcate.CertificateOrganizationUnit, certifcate.DomainName, domainName);
log.LogInformation("Certificate built");
(string certificateName, string certificateVerison) = await certificateHelper.ImportCertificate(keyVaultCertificateName, pfx, password);
log.LogInformation("Certificate imported");
var cdnHelper = new CdnHelper(subscriptionId);
await cdnHelper.EnableHttpsForCustomDomain(certifcate.CdnResourceGroup, certifcate.CdnProfileName,
certifcate.CdnEndpointName, certifcate.CdnCustomDomainName, certificateName, certificateVerison, certifcate.KeyVaultName);
log.LogInformation("HTTPS enabling started");
}
}
