watahani · March 12, 2020 11:29
diff --git a/azure-winacme-tool.ps1 b/azure-winacme-tool.ps1
 param(
    [Parameter(Mandatory = $false)]
    [string]
    $zoneName,
    
    [Parameter(Mandatory = $false)]
    [string]
    $resourceGroupName,

    [Parameter(Mandatory = $false)]
    [string]
    $clientId,

    [Parameter(Mandatory = $false)]
    [string]
    $clientSecret,

    [Parameter(Mandatory = $false)]
    [string]
    $tenantId,

    [Parameter(Mandatory = $false)]
    [string]
    $subscriptionId,

    [Parameter(Mandatory = $false)]
    [string]
    $targetHost,

    [Parameter(Mandatory = $false)]
    [array]
    $DNSServers

 )

 if (-not $targetHost) {
    $targetHost = Read-Host "enter target hostname: "
 }

 if (-not $zoneName) {
    $zoneName = Read-Host "enter target zoneName: "
 }

 if (-not $resourceGroupName) {
    $resourceGroupName = Read-Host "enter resource group name: "
 }

 if (-not $clientId) {
    $clientId = Read-Host "enter client id which have permission to edit dns zone: "
 }

 if(-not $clientSecret) {
    $clientSecret = Read-Host "enter client secret: "
 }

 if(-not $tenantId) {
    $tenantId = Read-Host "enter tenant id: "
 }

 if(-not $subscriptionId) {
    $subscriptionId = Read-Host "enter subscription id: "
 }

 $winacmeVersion = "v2.1.5.742"
 $winacmeMajorVersion = $winacmeVersion -Replace "\.\d+?$",""

 if (-not (Test-Path ".\win-acme\wacs.exe")) {
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    (New-Object System.Net.WebClient).DownloadFile("https://github.com/PKISharp/win-acme/releases/download/$winacmeMajorVersion/win-acme.$winacmeVersion.x64.pluggable.zip" , ".\win-acme.zip" )
    (New-Object System.Net.WebClient).DownloadFile("https://github.com/PKISharp/win-acme/releases/download/$winacmeMajorVersion/plugin.validation.dns.azure.$winacmeVersion.zip" , ".\win-acme-azure.zip" )
    (New-Object System.Net.WebClient).DownloadFile("https://gist.github.com/watahani/b22e4f2ce1f05eb972241adc593ab56c/raw/a1af3e69bd1476b276578834fd31c114ed88e472/copy-pfxfile.ps1" , ".\copy-pfxfile.ps1" )
    Expand-Archive .\win-acme.zip
    Expand-Archive .\win-acme-azure.zip -DestinationPath .\win-acme
 }

 # $settingxml = [xml](Get-Content .\win-acme\wacs.exe.config)

 # if ($settingxml.configuration.runtime.loadFromRemoteSources) {
 # }
 # else {
 #     # <loadFromRemoteSources enabled="true"/>
 #     $loadFromRemoteSources = $settingxml.CreateElement("loadFromRemoteSources")
 #     $loadFromRemoteSources.SetAttribute("enabled", "true")
 #     $settingxml.configuration.runtime.AppendChild($loadFromRemoteSources) | Out-Null
 #     $settingxml.Save(".\win-acme\wacs.exe.config")
 # }


 if(Test-Path .\win-acme\settings.json) {
    $settingsjson =  $(Get-Content .\win-acme\settings.json) | ConvertFrom-Json
 }else{
    $settingsjson =  $(Get-Content .\win-acme\settings_default.json) | ConvertFrom-Json
 }


 #  set MS Corp DNS Server at first time
 if(-not (Test-Path .\win-acme\settings.json) -and (-not $DNSServers)) {
    $DNSServers = "10.50.50.50", "10.50.10.50"
 }

 if($DNSServers){
    $settingsjson.Validation.DnsServers = $DNSServers
    $settingsjson | ConvertTo-Json | Out-File -FilePath .\win-acme\settings.json -Encoding utf8
 }

 .\win-acme\wacs.exe  --validationmode dns-01 --validation azure `
    --azuretenantid $tenantId --azureclientid $clientId --azuresecret $clientSecret --azuresubscriptionid $subscriptionId --azureresourcegroupname $resourceGroupName `
    --target manual --host $targetHost --store pemfiles, certificatestore --pemfilespath $(pwd) --installation script --script ".\copy-pfxfile.ps1" --scriptparameters "'{CertThumbprint}' '{CertFriendlyName}' '{CacheFile}' '{CachePassword}'"
	param(
	[Parameter(Mandatory = $false)]
	[string]
	$zoneName,

	[Parameter(Mandatory = $false)]
	[string]
	$resourceGroupName,

	[Parameter(Mandatory = $false)]
	[string]
	$clientId,

	[Parameter(Mandatory = $false)]
	[string]
	$clientSecret,

	[Parameter(Mandatory = $false)]
	[string]
	$tenantId,

	[Parameter(Mandatory = $false)]
	[string]
	$subscriptionId,

	[Parameter(Mandatory = $false)]
	[string]
	$targetHost,

	[Parameter(Mandatory = $false)]
	[array]
	$DNSServers

	)

	if (-not $targetHost) {
	$targetHost = Read-Host "enter target hostname: "
	}

	if (-not $zoneName) {
	$zoneName = Read-Host "enter target zoneName: "
	}

	if (-not $resourceGroupName) {
	$resourceGroupName = Read-Host "enter resource group name: "
	}

	if (-not $clientId) {
	$clientId = Read-Host "enter client id which have permission to edit dns zone: "
	}

	if(-not $clientSecret) {
	$clientSecret = Read-Host "enter client secret: "
	}

	if(-not $tenantId) {
	$tenantId = Read-Host "enter tenant id: "
	}

	if(-not $subscriptionId) {
	$subscriptionId = Read-Host "enter subscription id: "
	}

	$winacmeVersion = "v2.1.5.742"
	$winacmeMajorVersion = $winacmeVersion -Replace "\.\d+?$",""

	if (-not (Test-Path ".\win-acme\wacs.exe")) {
	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
	(New-Object System.Net.WebClient).DownloadFile("https://github.com/PKISharp/win-acme/releases/download/$winacmeMajorVersion/win-acme.$winacmeVersion.x64.pluggable.zip" , ".\win-acme.zip" )
	(New-Object System.Net.WebClient).DownloadFile("https://github.com/PKISharp/win-acme/releases/download/$winacmeMajorVersion/plugin.validation.dns.azure.$winacmeVersion.zip" , ".\win-acme-azure.zip" )
	(New-Object System.Net.WebClient).DownloadFile("https://gist.github.com/watahani/b22e4f2ce1f05eb972241adc593ab56c/raw/a1af3e69bd1476b276578834fd31c114ed88e472/copy-pfxfile.ps1" , ".\copy-pfxfile.ps1" )
	Expand-Archive .\win-acme.zip
	Expand-Archive .\win-acme-azure.zip -DestinationPath .\win-acme
	}

	# $settingxml = [xml](Get-Content .\win-acme\wacs.exe.config)

	# if ($settingxml.configuration.runtime.loadFromRemoteSources) {
	# }
	# else {
	# # <loadFromRemoteSources enabled="true"/>
	# $loadFromRemoteSources = $settingxml.CreateElement("loadFromRemoteSources")
	# $loadFromRemoteSources.SetAttribute("enabled", "true")
	# $settingxml.configuration.runtime.AppendChild($loadFromRemoteSources) \| Out-Null
	# $settingxml.Save(".\win-acme\wacs.exe.config")
	# }


	if(Test-Path .\win-acme\settings.json) {
	$settingsjson = $(Get-Content .\win-acme\settings.json) \| ConvertFrom-Json
	}else{
	$settingsjson = $(Get-Content .\win-acme\settings_default.json) \| ConvertFrom-Json
	}


	# set MS Corp DNS Server at first time
	if(-not (Test-Path .\win-acme\settings.json) -and (-not $DNSServers)) {
	$DNSServers = "10.50.50.50", "10.50.10.50"
	}

	if($DNSServers){
	$settingsjson.Validation.DnsServers = $DNSServers
	$settingsjson \| ConvertTo-Json \| Out-File -FilePath .\win-acme\settings.json -Encoding utf8
	}

	.\win-acme\wacs.exe --validationmode dns-01 --validation azure `
	--azuretenantid $tenantId --azureclientid $clientId --azuresecret $clientSecret --azuresubscriptionid $subscriptionId --azureresourcegroupname $resourceGroupName `
	--target manual --host $targetHost --store pemfiles, certificatestore --pemfilespath $(pwd) --installation script --script ".\copy-pfxfile.ps1" --scriptparameters "'{CertThumbprint}' '{CertFriendlyName}' '{CacheFile}' '{CachePassword}'"