static ServiceManager() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.ServiceManager", Title = "Stop, Start or Restart a Service", IsExperimental = false, HasDynamicParameters = true, UsageType = DeploymentProviderUsage.Any, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork, Description = "Used to restart a service affected by certificate updates.", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "servicename", Name = "Service", IsRequired = true, IsCredential = false, Type = OptionType.Select, OptionsList = "W3SVC=World Wide Web Publishing Service;" }, new ProviderParameter { Key = "action", Name = "Action", IsRequired = true, IsCredential = false, Value = "restart", Type = OptionType.Select, OptionsList = "restart=Restart Service;stop=Stop Service;start=Start Service;" }, new ProviderParameter { Key = "maxwait", Name = "Max. Wait Time (secs)", IsRequired = true, IsCredential = false, Value = "20", Type = OptionType.String } } }; }
static Apache() { // https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile // SSLCertificateFile : e.g. server.crt - pem encoded certificate(s). At a minimum, the file must include an end-entity (leaf) certificate. Can include intermediates sorted from leaf to root (apache 2.4.8 and higher) // SSLCertificateChainFile: e.g. ca.crt - (not required if intermediates etc included in SSLCertificateFile) crt concatentated PEM format, intermediate to root CA certificate // SSLCertificateKeyFile : e.g. server.key - pem encoded private key Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Apache", Title = "Deploy to Apache", Description = "Deploy latest certificate to Local or Remote Apache Server", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork | DeploymentContextType.SSH, ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "path_cert", Name = "Output file path .crt", IsRequired = true, IsCredential = false, Description = "e.g. /somewhere/server.crt" }, new ProviderParameter { Key = "path_key", Name = "Output file path .key", IsRequired = true, IsCredential = false, Description = "e.g. /somewhere/server.key" }, new ProviderParameter { Key = "path_chain", Name = "Output file for chain", IsRequired = false, IsCredential = false, Description = "(Optional) e.g. /somewhere/ca.crt" }, } }; }
static Webhook() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Webhook", Title = "Webhook", IsExperimental = true, Description = "Call a custom webhook on renewal success or failure", SupportedContexts = DeploymentContextType.LocalAsService, UsageType = DeploymentProviderUsage.Any, ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "url", Name = "Webhook URL", IsRequired = true, IsCredential = false, Description = "The url for the webhook request" }, new ProviderParameter { Key = "trigger", Name = "Webhook Trigger", IsRequired = true, IsCredential = false, Description = "The trigger for the webhook (None, Success, Error)", OptionsList = "None;Success;Error", Value = "None" }, new ProviderParameter { Key = "method", Name = "Http Method", IsRequired = true, IsCredential = false, Description = "The http method for the webhook request", OptionsList = "GET;POST;", Value = "POST" }, new ProviderParameter { Key = "contenttype", Name = "Content Type", IsRequired = true, IsCredential = false, Description = "The http content type header for the webhook request", Value = "application/json" }, new ProviderParameter { Key = "contentbody", Name = "Content Body", IsRequired = true, IsCredential = false, Description = "The http body template for the webhook request" }, } }; }
static PowershellScript() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Powershell", Title = "Run Powershell Script", IsExperimental = false, UsageType = DeploymentProviderUsage.Any, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork, Description = "Run a Powershell script", ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "scriptpath", Name = "Program/Script", IsRequired = true, IsCredential = false, Description = "Command to run, may require a full path" }, new ProviderParameter { Key = "inputresult", Name = "Pass Result as First Arg", IsRequired = false, IsCredential = false, Type = OptionType.Boolean, Value = "true" }, new ProviderParameter { Key = "logontype", Name = "Impersonation LogonType", IsRequired = false, IsCredential = false, Type = OptionType.Select, Value = "network", OptionsList = "network=Network;newcredentials=New Credentials;service=Service;interactive=Interactive;batch=Batch" }, new ProviderParameter { Key = "args", Name = "Arguments (optional)", IsRequired = false, IsCredential = false, Description = "optional arguments in the form arg1=value;arg2=value" }, new ProviderParameter { Key = "timeout", Name = "Script Timeout Mins.", IsRequired = false, IsCredential = false, Description = "optional number of minutes to wait for the script before timeout." }, } }; }
static Tomcat() { /* * https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html * Most instructions refer to generating a CSR and using a keystore, however tomcat can consume the normal PFX * From Tomcat installation directory, edit server.xml * Add or Edit connector on port 443 pointing to .pfx * * <Connector port="443" ... scheme="https" secure="true" * SSLEnabled="true" * sslProtocol="TLS" * keystoreFile="your_certificate.pfx" * keystorePass="" keystoreType="PKCS12"/> */ Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Tomcat", Title = "Deploy to Tomcat", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork | DeploymentContextType.SSH, Description = "Deploy latest certificate to a local or remote Tomcat server", ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "path_pfx", Name = "Destination Path", IsRequired = true, IsCredential = false, Description = "Local/remote path to copy PFX file to e.g /usr/local/ssl/server.pfx" }, } }; }
static RdpListener() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.RDPListener", Title = "Deploy to RDP Listener Service (Terminal Services)", IsExperimental = true, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, Description = "Deploy latest certificate to RDP Listener Service using Powershell", ProviderParameters = new System.Collections.Generic.List <ProviderParameter>() }; }
static IIS() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.IIS", Title = "Deploy to IIS (Local Machine)", Description = "Deploy certificate to one or more local IIS sites", UsageType = DeploymentProviderUsage.Disabled, IsExperimental = true, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { } }; }
static WaitTask() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Wait", Title = "Wait For N Seconds..", IsExperimental = false, UsageType = DeploymentProviderUsage.Any, SupportedContexts = DeploymentContextType.LocalAsService, Description = "Used to pause task execution.", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "duration", Name = "Wait Time (seconds)", IsRequired = true, IsCredential = false, Value = "20", Type = OptionType.String } } }; }
static RdpGateway() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.RDPGateway", Title = "Deploy to RDP Gateway Service", IsExperimental = true, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, Description = "Deploy latest certificate to RDP Gateway Service using Powershell", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "restartServices", Name = "Include Service Restart?", Type = OptionType.Boolean, IsCredential = false, Value = "false" }, } }; }
static GenericServer() { // https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile // SSLCertificateFile : e.g. server.crt - pem encoded certificate(s). At a minimum, the file must include an end-entity (leaf) certificate. Can include intermediates sorted from leaf to root (apache 2.4.8 and higher) // SSLCertificateChainFile: e.g. ca.crt - (not required if intermediates etc included in SSLCertificateFile) crt concatentated PEM format, intermediate to root CA certificate // SSLCertificateKeyFile : e.g. server.key - pem encoded private key Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.GenericServer", Title = "Deploy to Generic Server (multi-purpose)", Description = "Deploy latest certificate as component files (PEM, CRT, KEY) to Local or Remote Server", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork | DeploymentContextType.SSH, ProviderParameters = Apache.Definition.ProviderParameters }; }
static HashicorpVault() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.HashicorpVault", Title = "Deploy to Hashicorp Vault", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.ExternalCredential, ExternalCredentialType = StandardAuthTypes.STANDARD_AUTH_API_TOKEN, Description = "Store your certificate and private key in an instance of Hashicorp Vault.", ProviderParameters = new List<ProviderParameter> { new ProviderParameter{ Key="vault_uri", Name="Vault URI", IsRequired=true, IsCredential=false, Type= OptionType.String, Description="e.g. http://127.0.0.1:8200" }, new ProviderParameter{ Key="vault_secret_path", Name="Path to Secret", IsRequired=true, IsCredential=false, Type= OptionType.String, Description="e.g. /v1/secret/data/examplecert" }, } }; }
static RemoteAccess() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.RemoteAccess", Title = "Deploy to RAS (DirectAccess, VPN, SSTP VPN etc)", DefaultTitle = "Deploy to Remote Access Services", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, Description = "Deploy latest certificate to RAS using Powershell (Set-RemoteAccess)", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "restartServices", Name = "Include Service Restart?", Type = OptionType.Boolean, IsCredential = false, Value = "false" }, } }; }
public DeploymentTaskExecutionParams( ILog log, ICredentialsManager credentialsManager, object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, bool isPreviewOnly, DeploymentProviderDefinition definition, CancellationToken cancellationToken ) { Log = log; CredentialsManager = credentialsManager; Subject = subject; Settings = settings; Credentials = credentials; IsPreviewOnly = isPreviewOnly; Definition = definition; CancellationToken = cancellationToken; }
public DeploymentProviderDefinition GetDefinition(DeploymentProviderDefinition currentDefinition = null) { var definition = (currentDefinition ?? Definition); // this provider has dynamic properties to list the available services // TODO: current user may not have access try { // populate options list with list of current services var services = ServiceController.GetServices().OrderBy(s => s.DisplayName); var p = definition.ProviderParameters.First(k => k.Key == "servicename"); p.OptionsList = string.Join(";", services.Select(s => s.ServiceName + "=" + s.DisplayName)); } catch { } return(definition); }
static Script() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.ShellExecute", Title = "Run...", IsExperimental = true, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.SSH, Description = "Run a program, batch file or custom script", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "path", Name = "Program/Script", IsRequired = true, IsCredential = false, Description = "Command to run, may require a full path" }, new ProviderParameter { Key = "args", Name = "Arguments (optional)", IsRequired = false, IsCredential = false }, } }; }
static Nginx() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Nginx", Title = "Deploy to nginx", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork | DeploymentContextType.SSH, Description = "Deploy latest certificate to a local or remote nginx server", ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "path_cert", Name = "Destination for .crt", IsRequired = true, IsCredential = false, Description = "e.g. Path, UNC or /somewhere/server.crt" }, new ProviderParameter { Key = "path_key", Name = "Destination for .key", IsRequired = true, IsCredential = false, Description = "e.g. Path, UNC or /somewhere/server.key" }, } }; }
static Adfs() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.ADFS", Title = "Deploy Certificate to ADFS", UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, IsExperimental = true, Description = "Apply certificate to local Active Directory Federation Services (ADFS) service", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "restartServices", Name = "Include Service Restart", Type = OptionType.Boolean, IsCredential = false, Value = "true" }, new ProviderParameter { Key = "alternateTlsBinding", Name = "Update Alternate TLS client binding", Type = OptionType.Boolean, IsCredential = false, Value = "false" }, } }; }
static MockTask() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Mock", Title = "Mock Task", IsExperimental = true, UsageType = DeploymentProviderUsage.Any, SupportedContexts = DeploymentContextType.LocalAsService, Description = "Used to test task execution success, failure and logging", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "message", Name = "Message", IsRequired = true, IsCredential = false, Description = "Test message" }, new ProviderParameter { Key = "throw", Name = "Throw on demand", IsRequired = true, IsCredential = false, Description = "If true, throw exception during task", Type = OptionType.Boolean } } }; }
/// <summary> /// Execute a local powershell script /// </summary> /// <param name="log"></param> /// <param name="managedCert"></param> /// <param name="settings"></param> /// <param name="credentials"></param> /// <param name="isPreviewOnly"></param> /// <returns></returns> public async Task <List <ActionResult> > Execute( ILog log, object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, bool isPreviewOnly, DeploymentProviderDefinition definition = null ) { definition = GetDefinition(definition); var msg = settings.Parameters.FirstOrDefault(c => c.Key == "message")?.Value; bool.TryParse(settings.Parameters.FirstOrDefault(c => c.Key == "throw")?.Value, out var shouldThrow); if (string.IsNullOrEmpty(msg)) { // fail task log?.Warning($"Mock Task says: <msg not supplied, task will fail>"); return(new List <ActionResult> { new ActionResult("Mock Task message not supplied.", false) }); } else { if (shouldThrow) { throw new System.Exception($"Mock task should throw: {msg}"); } else { log?.Information($"Mock Task says: {msg}"); return(new List <ActionResult> { new ActionResult($"{msg}.", true), new ActionResult($"MockTaskWorkCompleted.", true) }); } } }
static Exchange() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.Exchange", Title = "Deploy to Microsoft Exchange (2013 or higher)", DefaultTitle = "Deploy to Exchange", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, Description = "Deploy latest certificate to MS Exchange Services", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "services", Name = "Services", IsRequired = true, IsCredential = false, Value = "POP,IMAP,SMTP,IIS" }, new ProviderParameter { Key = "donotrequiressl", Name = "Do Not Require Ssl", IsRequired = false, Type = OptionType.Boolean, IsCredential = false, Value = "false" } } }; }
static AzureKeyVault() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.AzureKeyVault", Title = "Deploy to Azure Key Vault", IsExperimental = true, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.ExternalCredential, ExternalCredentialType = "ExternalAuth.Azure.ClientSecret", Description = "Store a certificate in a Microsoft Azure Key Vault", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "vault_uri", Name = "Azure Vault Uri", IsRequired = true, IsCredential = false, Description = "e.g. https://<vault-name>.vault.azure.net/", Type = OptionType.String }, new ProviderParameter { Key = "cert_name", Name = "Certificate Name", IsRequired = false, IsCredential = false, Description = "(optional, alphanumeric characters 0-9a-Z or -)", Type = OptionType.String } } }; }
static CertificateStore() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.CertificateStore", Title = "Certificate Store (Local Machine)", DefaultTitle = "Store Certificate", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, Description = "Store certificate in the local Certificate Store with custom name. Note that standard Deployment already includes storing the certificate in the local computer store. ", SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser, ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "storetype", Name = "Store", IsRequired = true, IsCredential = false, OptionsList = "default=Default; My=Personal (My); WebHosting=Web Hosting", Value = "default" }, new ProviderParameter { Key = "friendlyname", Name = "Custom Friendly Name", IsRequired = false, IsCredential = false, Type = OptionType.String, Description = "(optional) custom friendly name for certificate in store." }, } }; }
static CentralizedCertificateStore() { Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.CCS", Title = "Deploy to Centralized Certificate Store (CCS)", DefaultTitle = "Deploy to CCS", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork, Description = "Deploy latest certificate to Windows Centralized Certificate Store. Note: if a local IIS install is present you should disable Auto deployment to avoid mixing use of local certs bindings and CCS.", ProviderParameters = new System.Collections.Generic.List <ProviderParameter> { new ProviderParameter { Key = "path", Name = "Destination Path", IsRequired = true, IsCredential = false, Description = "UNC Path or Local Share" }, } }; }
static CertificateExport() { var optionsList = string.Join(";", ExportTypes.Select(e => e.Key + "=" + e.Value)); Definition = new DeploymentProviderDefinition { Id = "Certify.Providers.DeploymentTasks.CertificateExport", Title = "Export Certificate", IsExperimental = false, UsageType = DeploymentProviderUsage.PostRequest, SupportedContexts = DeploymentContextType.LocalAsService | DeploymentContextType.LocalAsUser | DeploymentContextType.WindowsNetwork | DeploymentContextType.SSH, Description = "Deploy latest certificate to a file (locally or remote)", ProviderParameters = new List <ProviderParameter> { new ProviderParameter { Key = "path", Name = "Destination File Path", IsRequired = true, IsCredential = false, Description = "output file, e.g. C:\\CertifyCerts\\mycert.ext" }, new ProviderParameter { Key = "type", Name = "Export As", IsRequired = true, IsCredential = false, Value = "pfxfull", Type = OptionType.Select, OptionsList = optionsList }, } }; }
public Task <List <ActionResult> > Execute(ILog log, object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, bool isPreviewOnly, DeploymentProviderDefinition definition) { throw new System.NotImplementedException(); }
public DeploymentProviderDefinition GetDefinition(DeploymentProviderDefinition currentDefinition = null) => (currentDefinition ?? Definition);
/// <summary> /// Create new set of exec params from a source with a different provider definition /// </summary> /// <param name="execParams"></param> /// <param name="definition"></param> public DeploymentTaskExecutionParams(DeploymentTaskExecutionParams execParams, DeploymentProviderDefinition definition) { Log = execParams.Log; CredentialsManager = execParams.CredentialsManager; Subject = execParams.Subject; Settings = execParams.Settings; Credentials = execParams.Credentials; IsPreviewOnly = execParams.IsPreviewOnly; Definition = definition ?? execParams.Definition; CancellationToken = execParams.CancellationToken; }
public Task <List <ActionResult> > Validate(object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, DeploymentProviderDefinition definition) { throw new System.NotImplementedException(); }
public async Task <List <ActionResult> > Validate(object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, DeploymentProviderDefinition definition) { var results = new List <ActionResult>(); var requestedStore = settings.Parameters.FirstOrDefault(p => p.Key == "storetype")?.Value.Trim().ToLower(); var friendlyName = settings.Parameters.FirstOrDefault(p => p.Key == "friendlyname")?.Value; if (!string.IsNullOrEmpty(requestedStore)) { // check store name is valid if (!(requestedStore == "default" || requestedStore.ToLower() == "my" || requestedStore == "webhosting")) { results.Add(new ActionResult($"Invalid Certificate Store Name: {requestedStore}", false)); } } return(results); }
public async Task <List <ActionResult> > Validate(object subject, DeploymentTaskConfig settings, Dictionary <string, string> credentials, DeploymentProviderDefinition definition) { var results = new List <ActionResult> { }; foreach (var p in definition.ProviderParameters) { if (!settings.Parameters.Exists(s => s.Key == p.Key) && p.IsRequired) { results.Add(new ActionResult($"Required parameter not supplied: { p.Name}", false)); } } return(results); }