Пример #1
0
        public void Install(ICertificateInstallModel model)
        {
            var cert = model.CertificateInfo;
            using (var webSiteClient = ArmHelper.GetWebSiteManagementClient(azureEnvironment))
            {


                var s = webSiteClient.WebApps.GetSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName);

                Trace.TraceInformation(String.Format("Installing certificate {0} on azure with server farm id {1}", cert.Name, s.ServerFarmId));
                var newCert = new Certificate()
                {
                    PfxBlob = cert.PfxCertificate,
                    Password = cert.Password,
                    Location = s.Location,
                    ServerFarmId = s.ServerFarmId,
                    Name = model.Host + "-" + cert.Certificate.Thumbprint

                };
                //BUG https://github.com/sjkp/letsencrypt-siteextension/issues/99
                //using this will not install the certificate with the correct webSpace property set, 
                //and the app service will be unable to find the certificate if the app service plan has been moved between resource groups.
                //webSiteClient.Certificates.CreateOrUpdate(azureEnvironment.ServicePlanResourceGroupName, cert.Certificate.Subject.Replace("CN=", ""), newCert);

                var client = ArmHelper.GetHttpClient(azureEnvironment);

                var body = JsonConvert.SerializeObject(newCert, JsonHelper.DefaultSerializationSettings);

                var t = client.PutAsync($"/subscriptions/{azureEnvironment.SubscriptionId}/resourceGroups/{azureEnvironment.ServicePlanResourceGroupName}/providers/Microsoft.Web/certificates/{newCert.Name}?api-version=2016-03-01", new StringContent(body, Encoding.UTF8, "application/json")).Result;

                t.EnsureSuccessStatusCode();


                foreach (var dnsName in model.AllDnsIdentifiers)
                {
                    var sslState = s.HostNameSslStates.FirstOrDefault(g => g.Name == dnsName);

                    if (sslState == null)
                    {
                        sslState = new HostNameSslState()
                        {
                            Name = model.Host,
                            SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled,
                        };
                        s.HostNameSslStates.Add(sslState);
                    }
                    else
                    {
                        //First time setting the HostNameSslState it is set to disabled.
                        sslState.SslState = settings.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled;
                    }
                    sslState.ToUpdate = true;
                    sslState.Thumbprint = cert.Certificate.Thumbprint;
                }
                webSiteClient.WebApps.BeginCreateOrUpdateSiteOrSlot(azureEnvironment.ResourceGroupName, azureEnvironment.WebAppName, azureEnvironment.SiteSlotName, s);
            }


        }
        public async Task Install(ICertificateInstallModel model)
        {
            logger.LogInformation("Starting installation of certificate {Thumbprint} for {Host}", model.CertificateInfo.Certificate.Thumbprint, model.Host);
            var cert = model.CertificateInfo;

            foreach (var setting in this.settings)
            {
                logger.LogInformation("Installing certificate for web app {WebApp}", setting.WebAppName);
                try
                {
                    IAppServiceManager appServiceManager = GetAppServiceManager(setting);
                    var         s          = appServiceManager.WebApps.GetByResourceGroup(setting.ResourceGroupName, setting.WebAppName);
                    IWebAppBase siteOrSlot = s;
                    if (!string.IsNullOrEmpty(setting.SiteSlotName))
                    {
                        var slot = s.DeploymentSlots.GetByName(setting.SiteSlotName);
                        siteOrSlot = slot;
                    }

                    var existingCerts = await appServiceManager.AppServiceCertificates.ListByResourceGroupAsync(setting.ServicePlanResourceGroupName ?? setting.ResourceGroupName);

                    if (existingCerts.Where(_ => _.RegionName == s.RegionName).All(_ => _.Thumbprint != cert.Certificate.Thumbprint))
                    {
                        await appServiceManager.AppServiceCertificates.Define($"{cert.Certificate.Thumbprint}-{model.Host}-{s.RegionName}").WithRegion(s.RegionName).WithExistingResourceGroup(setting.ServicePlanResourceGroupName ?? setting.ResourceGroupName).WithPfxByteArray(model.CertificateInfo.PfxCertificate).WithPfxPassword(model.CertificateInfo.Password).CreateAsync();
                    }



                    var sslStates = siteOrSlot.HostNameSslStates;

                    var domainSslMappings = new List <KeyValuePair <string, HostNameSslState> >(sslStates.Where(_ => _.Key.Contains($"{model.Host}")));

                    if (domainSslMappings.Any())
                    {
                        foreach (var domainMapping in domainSslMappings)
                        {
                            string hostName = domainMapping.Value.Name;
                            if (domainMapping.Value.Thumbprint == cert.Certificate.Thumbprint)
                            {
                                continue;
                            }
                            logger.LogInformation("Binding certificate {Thumbprint} to {Host}", model.CertificateInfo.Certificate.Thumbprint, hostName);
                            var binding = new HostNameBindingInner()
                            {
                                SslState   = setting.UseIPBasedSSL ? SslState.IpBasedEnabled : SslState.SniEnabled,
                                Thumbprint = model.CertificateInfo.Certificate.Thumbprint
                            };
                            if (!string.IsNullOrEmpty(setting.SiteSlotName))
                            {
                                await appServiceManager.Inner.WebApps.CreateOrUpdateHostNameBindingSlotAsync(setting.ResourceGroupName, setting.WebAppName, hostName, binding, setting.SiteSlotName);
                            }
                            else
                            {
                                await appServiceManager.Inner.WebApps.CreateOrUpdateHostNameBindingAsync(setting.ResourceGroupName, setting.WebAppName, hostName, binding);
                            }
                        }
                    }
                }
                catch (Exception e)
                {
                    logger.LogCritical(e, "Unable to install certificate for '{WebApp}'", setting.WebAppName);
                    throw;
                }
            }
        }
 public void Install(ICertificateInstallModel model)
 {
     throw new NotImplementedException();
 }
 public Task Install(ICertificateInstallModel model)
 {
     return(Task.CompletedTask);
 }