Exemplo n.º 1
0
 private static async Task ProcessAppWithPasswordCredentailsAsync(
     CredentialRotatePayload payload,
     StringBuilder executionLogs,
     Dictionary <string, string> context,
     AzDoService azdo,
     Payloads.AzureDevOps.VstsServiceEndpoint endpoint,
     GraphServiceClient graph,
     Application application)
 {
     if (application.PasswordCredentials.Any())
     {
         executionLogs.AppendLine($"Password Credentails found ({application.PasswordCredentials.Count()}).");
         context.Add("Total Credentails", application.PasswordCredentials.Count().ToString());
         var now         = DateTimeOffset.UtcNow;
         var oldPassCred = application.PasswordCredentials.First();
         if (oldPassCred.EndDateTime.HasValue)
         {
             var rotationRequired = (now.AddDays(payload.DaysBeforeExpire) > oldPassCred.EndDateTime);
             executionLogs.AppendLine($"{now.AddDays(payload.DaysBeforeExpire)} > {oldPassCred.EndDateTime} = {rotationRequired}");
             if (rotationRequired)
             {
                 await RotatePasswordCoreAsync(payload, executionLogs, context, azdo, endpoint, graph, application, now, oldPassCred);
             }
         }
     }
 }
Exemplo n.º 2
0
        private static async Task RotatePasswordCoreAsync(
            CredentialRotatePayload payload,
            StringBuilder executionLogs,
            Dictionary <string, string> context,
            AzDoService azdo,
            Payloads.AzureDevOps.VstsServiceEndpoint endpoint,
            GraphServiceClient graph,
            Application application,
            DateTimeOffset now,
            PasswordCredential oldPassCred)
        {
            var newPassCred = await graph.Applications[application.Id]
                              .AddPassword(new PasswordCredential
            {
                DisplayName   = $"AutoGen: {now}",
                Hint          = $"AutoGen: {now}",
                StartDateTime = now,
                EndDateTime   = now.AddDays(payload.LifeTimeInDays)
            })
                              .Request().PostAsync();

            endpoint.Authorization.Parameters.Serviceprincipalkey = newPassCred.SecretText;
            await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint);

            context.Add("Secret Id", newPassCred.KeyId.ToString());
            context.Add("Secret Start Time", newPassCred.StartDateTime.ToString());
            context.Add("Secret End Time", newPassCred.EndDateTime.ToString());
            await graph
            .Applications[application.Id]
            .RemovePassword(oldPassCred.KeyId.Value)
            .Request().PostAsync();

            executionLogs.AppendLine($"App ({application.DisplayName}) password credentail ({oldPassCred.KeyId.Value}) deleted successfully");
            context.Add("Deleted Secret Id", oldPassCred.KeyId.ToString());
        }
Exemplo n.º 3
0
        private static async Task RotateCertificateCoreAsync(
            CredentialRotatePayload payload,
            StringBuilder executionLogs,
            Dictionary <string, string> context,
            AzDoService azdo,
            Payloads.AzureDevOps.VstsServiceEndpoint endpoint,
            GraphServiceClient graph,
            Application application,
            DateTimeOffset now)
        {
            var selfSignedCertificate =
                CertificateUtils.CreateSelfSignedCertificateAsync(validForDays: payload.LifeTimeInDays);
            var certificateCredentail = new KeyCredential
            {
                StartDateTime = now,
                EndDateTime   = now.AddDays(payload.LifeTimeInDays),
                Type          = "AsymmetricX509Cert",
                Usage         = "Verify",
                Key           = CertificateUtils.GetPfxAsBytes(selfSignedCertificate)
            };
            var app = new Application
            {
                KeyCredentials = new List <KeyCredential> {
                    certificateCredentail
                }
            };
            await graph.Applications[application.Id].Request().UpdateAsync(app);

            endpoint.Authorization.Parameters
            .ServicePrincipalCertificate = CertificateUtils.GeneratePEMWithPrivateKeyAsString(selfSignedCertificate);
            await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint);

            context.Add("Certificate Key Id", certificateCredentail.KeyId.ToString());
            context.Add("Certificate Start Time", certificateCredentail.StartDateTime.ToString());
            context.Add("Certificate End Time", certificateCredentail.EndDateTime.ToString());
            context.Add("Certificate Thumbprint", selfSignedCertificate.Thumbprint);
        }