private static async Task BindCertificateToSite(string resourceGroupName, string siteName, string certificateName, string hostName)
{
var certificateResponse = await _websiteClient.Certificates.GetWithHttpMessagesAsync(resourceGroupName, certificateName);
var certificate = certificateResponse.Body;
var siteResponse = await _websiteClient.WebApps.GetWithHttpMessagesAsync(resourceGroupName, siteName);
var site = siteResponse.Body;
var hst = new HostNameBinding();
hst.Name = siteName;
hst.Name = $"{siteName}/{hostName}";
hst.Location = site.Location;
var doms3 = await _websiteClient.WebApps.CreateOrUpdateHostNameBindingWithHttpMessagesAsync(resourceGroupName, siteName, hostName, hst);
if (!site.HostNames.Any(h => string.Equals(h, hostName, StringComparison.OrdinalIgnoreCase)))
{
site.HostNames.Add(hostName);
}
if (site.HostNameSslStates == null)
{
site.HostNameSslStates = new List <HostNameSslState>();
}
if (!site.HostNameSslStates.Any(s => string.Equals(s.Name, hostName, StringComparison.OrdinalIgnoreCase)))
{
site.HostNameSslStates.Add(new HostNameSslState
{
Name = hostName,
Thumbprint = certificate.Thumbprint,
SslState = SslState.SniEnabled,
ToUpdate = true
});
}
await _websiteClient.WebApps.CreateOrUpdateAsync(resourceGroupName, siteName, site);
}
public static HostNameBinding CreateOrUpdateSiteHostNameBinding(this IWebAppsOperations webApp,
string resourceGroupName, string name, string hostName, HostNameBinding hostNameBinding)
{
return(webApp.CreateOrUpdateHostNameBinding(resourceGroupName, name, hostName, hostNameBinding));
}
public static HostNameBinding CreateOrUpdateSiteOrSlotHostNameBinding(this IWebAppsOperations sites, string resourceGroupName, string webAppName, string siteSlotName, string hostName, HostNameBinding hostNameBinding)
{
if (string.IsNullOrEmpty(siteSlotName))
{
return(sites.CreateOrUpdateHostNameBinding(resourceGroupName, webAppName, hostName, hostNameBinding));
}
else
{
return(sites.CreateOrUpdateHostNameBindingSlot(resourceGroupName, webAppName, hostName, hostNameBinding, siteSlotName));
}
}
public static async Task MainAsync(string[] args)
{
Console.OutputEncoding = Encoding.UTF8;
// WebApp Environment
var WEBSITE_OWNER_NAME = GetEnvironment("WEBSITE_OWNER_NAME");
var SUBSCRIPTION_ID = WEBSITE_OWNER_NAME.Split('+')[0];
var WEBSITE_RESOURCE_GROUP = GetEnvironment("WEBSITE_RESOURCE_GROUP");
var WEBSITE_SITE_NAME = GetEnvironment("WEBSITE_SITE_NAME");
// AppSettings "CertificationUpdater:xxx"
var DOMAINS = AppSettings.CertificateUpdater.Domain.Split(",");
var KEYVAULT_ID = AppSettings.CertificateUpdater.KeyVaultId;
var KEYVAULT_CERTIFICATE_NAME = AppSettings.CertificateUpdater.CertificateName;
var IS_FORCE_UPDATE = AppSettings.CertificateUpdater.ForceUpdate;
// Using Managed ID
var tokenProvider = new AzureServiceTokenProvider();
var token = await tokenProvider.GetAccessTokenAsync("https://management.azure.com/");
var webSiteManagementClient = new WebSiteManagementClient(new TokenCredentials(token))
{
SubscriptionId = SUBSCRIPTION_ID
};
// Slotは未サポート
var webSite = webSiteManagementClient.WebApps.Get(WEBSITE_RESOURCE_GROUP, WEBSITE_SITE_NAME);
if (webSite == null)
{
// WEBSITE_SITE_NAMEが何らかの理由で間違えていると、例外にならずnullが返ってくる。(WebApp側が設定するので間違えるはずはないのだけど。)
// しかし、後続の処理で引っかかるのが嫌なのでチェックする。
throw new Exception($"Invalid parameters or not found webapp. SubscriptionId='{SUBSCRIPTION_ID}', ResouceGroup='{WEBSITE_RESOURCE_GROUP}', Name='{WEBSITE_SITE_NAME}'");
}
foreach (var domain in DOMAINS)
{
if (!IS_FORCE_UPDATE && NeedCreateOrUpdate(webSiteManagementClient, WEBSITE_RESOURCE_GROUP, WEBSITE_SITE_NAME, domain))
{
// 更新不要
return;
}
// KeyVaultへの参照を行い、最新の証明書の情報を得る
var certificate = webSiteManagementClient.Certificates.CreateOrUpdate(WEBSITE_RESOURCE_GROUP, WEBSITE_SITE_NAME, new Certificate()
{
Location = webSite.Location,
ServerFarmId = webSite.ServerFarmId,
KeyVaultId = KEYVAULT_ID,
KeyVaultSecretName = KEYVAULT_CERTIFICATE_NAME,
Password = "", // TODO: PassPhraseが必要になったら改修する
});
// カスタムドメインの作成と証明書の紐づけを兼ねている
HostNameBinding result = webSiteManagementClient.WebApps.CreateOrUpdateHostNameBinding(WEBSITE_RESOURCE_GROUP, WEBSITE_SITE_NAME, domain, new HostNameBinding()
{
Thumbprint = certificate.Thumbprint,
SslState = SslState.SniEnabled,
});
// Done
Console.WriteLine($"更新しました。domain={domain}, ExpirationDate={certificate.ExpirationDate}, Thumbprint='{result.Thumbprint}'");
}
}
