-
Notifications
You must be signed in to change notification settings - Fork 298
Expand file tree
/
Copy pathProgram.cs
More file actions
122 lines (112 loc) · 4.5 KB
/
Copy pathProgram.cs
File metadata and controls
122 lines (112 loc) · 4.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Specialized;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace CertHelper;
internal class Program
{
static readonly string TENANT_ID = "72f988bf-86f1-41af-91ab-2d7cd011db47";
static readonly string CERT_CLIENT_ID = "8c4b65ef-5a73-4d5a-a298-962d4a4ef7bc";
static async Task<int> Main(string[] args)
{
try
{
var kvc = new KeyVaultCert();
await kvc.LoadKeyVaultCertsAsync();
if (kvc.ShouldRotateCerts())
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
WriteCertsToDisk(kvc.KeyVaultCertificateBytes);
}
else
{
using (var localMachineCerts = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
localMachineCerts.Open(OpenFlags.ReadWrite);
localMachineCerts.RemoveRange(kvc.LocalCerts.Certificates);
localMachineCerts.AddRange(kvc.KeyVaultCertificates);
}
}
}
if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
var bcc = new BlobContainerClient(new Uri("https://pvscmdupload.blob.core.windows.net/certstatus"),
new ClientCertificateCredential(TENANT_ID, CERT_CLIENT_ID, kvc.KeyVaultCertificates.First(), new() {SendCertificateChain = true}));
var currentKeyValutCertThumbprints = "";
foreach (var cert in kvc.KeyVaultCertificates)
{
currentKeyValutCertThumbprints += $"[{DateTimeOffset.UtcNow}] {cert.Thumbprint}{Environment.NewLine}";
}
var blob = bcc.GetBlobClient(System.Environment.MachineName);
if (blob.Exists())
{
var result = blob.DownloadContent();
var currentBlob = result.Value.Content.ToString();
currentBlob = currentBlob + currentKeyValutCertThumbprints;
blob.Upload(new MemoryStream(Encoding.UTF8.GetBytes(currentBlob)), overwrite: true);
}
else
{
blob.Upload(new MemoryStream(Encoding.UTF8.GetBytes(currentKeyValutCertThumbprints)), overwrite: false);
}
}
}
catch (Exception ex)
{
Console.Error.WriteLine("Failed to rotate certificates");
Console.Error.WriteLine(ex.Message);
Console.Error.WriteLine(ex.StackTrace);
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
ReadCertsFromDisk();
}
else
{
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite))
{
foreach(var cert in store.Certificates.Find(X509FindType.FindBySubjectName, "dotnetperf.microsoft.com", false))
{
Console.WriteLine(Convert.ToBase64String(cert.Export(X509ContentType.Pfx)));
}
}
}
return 0;
}
static string GetMacCertDirectory()
{
var home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
return Path.Combine(home, "certs");
}
static void WriteCertsToDisk(List<byte[]> certBytes)
{
var certDir = GetMacCertDirectory();
Directory.CreateDirectory(certDir);
var certNames = new[] { Constants.Cert1Name, Constants.Cert2Name };
for (int i = 0; i < certBytes.Count && i < certNames.Length; i++)
{
var pfxPath = Path.Combine(certDir, $"{certNames[i]}.pfx");
File.WriteAllBytes(pfxPath, certBytes[i]);
Console.Error.WriteLine($"Wrote certificate to {pfxPath}");
}
}
static void ReadCertsFromDisk()
{
var certDir = GetMacCertDirectory();
foreach (var certName in new[] { Constants.Cert1Name, Constants.Cert2Name })
{
var pfxPath = Path.Combine(certDir, $"{certName}.pfx");
if (File.Exists(pfxPath))
{
Console.WriteLine(Convert.ToBase64String(File.ReadAllBytes(pfxPath)));
}
else
{
Console.Error.WriteLine($"Certificate file not found: {pfxPath}");
}
}
}
}