Last active
April 12, 2017 15:49
-
-
Save Wesley-Lomax/e3e8ebd3e39e13e2129847e434be24f6 to your computer and use it in GitHub Desktop.
Octopus Deployment Step for Unicorn sync over https using TLS1.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Id": "ActionTemplates-22", | |
| "Name": "Unicorn Sync over https", | |
| "Description": "Calls the unicorn sync over https using TLS1.2", | |
| "ActionType": "Octopus.Script", | |
| "Version": 8, | |
| "Properties": { | |
| "Octopus.Action.Script.Syntax": "PowerShell", | |
| "Octopus.Action.Script.ScriptBody": "$ErrorActionPreference = 'Stop'\r\n\r\nAdd-Type -Path \"${MicroChap}\\MicroCHAP.dll\"\r\n\r\n\r\nAdd-Type @\"\r\n using System.Net;\r\n using System.Security.Cryptography.X509Certificates;\r\n public class TrustAllCertsPolicy : ICertificatePolicy {\r\n public bool CheckValidationResult(\r\n ServicePoint srvPoint, X509Certificate certificate,\r\n WebRequest request, int certificateProblem) {\r\n return true;\r\n }\r\n }\r\n\"@\r\n[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy\r\n\r\nFunction Sync-Unicorn {\r\n\tParam(\r\n\t\t[Parameter(Mandatory=$True)]\r\n\t\t[string]$ControlPanelUrl,\r\n\r\n\t\t[Parameter(Mandatory=$True)]\r\n\t\t[string]$SharedSecret,\r\n\r\n\t\t[Parameter(Mandatory=$True)]\r\n\t\t[string[]]$Configurations,\r\n\r\n\t\t[string]$Verb = 'Sync'\r\n\t)\r\n\r\n\t# PARSE THE URL TO REQUEST\r\n\t$parsedConfigurations = ($Configurations) -join \"^\"\r\n\r\n\t$url = \"{0}?verb={1}&configuration={2}\" -f $ControlPanelUrl, $Verb, $parsedConfigurations\r\n\r\n\tWrite-Host \"Sync-Unicorn: Preparing authorization for $url\"\r\n\r\n\t# GET AN AUTH CHALLENGE\r\n\t$challenge = Get-Challenge -ControlPanelUrl $ControlPanelUrl\r\n\r\n\tWrite-Host \"Sync-Unicorn: Received challenge: $challenge\"\r\n\r\n\t# CREATE A SIGNATURE WITH THE SHARED SECRET AND CHALLENGE\r\n\t$signatureService = New-Object MicroCHAP.SignatureService -ArgumentList $SharedSecret\r\n\r\n\t$signature = $signatureService.CreateSignature($challenge, $url, $null)\r\n\t\r\n\tWrite-Host \"Sync-Unicorn: MAC '$($signature.SignatureSource)'\"\r\n\tWrite-Host \"Sync-Unicorn: HMAC '$($signature.SignatureHash)'\"\r\n\tWrite-Host \"Sync-Unicorn: If you get authorization failures compare the values above to the Sitecore logs.\"\r\n\r\n\tWrite-Host \"Sync-Unicorn: Created signature $signature, executing $Verb...\"\r\n\r\n\t# USING THE SIGNATURE, EXECUTE UNICORN\r\n\t[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\r\n\t$result = Invoke-WebRequest -Uri $url -Headers @{ \"X-MC-MAC\" = $signature.SignatureHash; \"X-MC-Nonce\" = $challenge } -TimeoutSec 10800 -UseBasicParsing\r\n\r\n\t$result.Content\r\n}\r\n\r\nFunction Get-Challenge {\r\n\tParam(\r\n\t\t[Parameter(Mandatory=$True)]\r\n\t\t[string]$ControlPanelUrl\r\n\t)\r\n\r\n\t$url = \"$($ControlPanelUrl)?verb=Challenge\"\r\n\r\n\t\r\n\t$result = Invoke-WebRequest -Uri $url -TimeoutSec 360 -UseBasicParsing\r\n\r\n\t$result.Content\r\n}\r\n\r\n$configs = $Configurations.split(\"`n\")\r\n\r\n[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\r\nSync-Unicorn -ControlPanelUrl \"$($SiteUrl)/unicorn.aspx\" -SharedSecret $SharedSecret -Configurations $configs", | |
| "Octopus.Action.Script.ScriptSource": "Inline" | |
| }, | |
| "Parameters": [ | |
| { | |
| "Name": "SharedSecret", | |
| "Label": "Shared Secret", | |
| "HelpText": null, | |
| "DefaultValue": null, | |
| "DisplaySettings": { | |
| "Octopus.ControlType": "Sensitive" | |
| } | |
| }, | |
| { | |
| "Name": "SiteUrl", | |
| "Label": "Site Url", | |
| "HelpText": null, | |
| "DefaultValue": null, | |
| "DisplaySettings": { | |
| "Octopus.ControlType": "SingleLineText" | |
| } | |
| }, | |
| { | |
| "Name": "MicroChap", | |
| "Label": "MicroCHAP DLL Location", | |
| "HelpText": null, | |
| "DefaultValue": null, | |
| "DisplaySettings": { | |
| "Octopus.ControlType": "SingleLineText" | |
| } | |
| }, | |
| { | |
| "Name": "Configurations", | |
| "Label": "Configurations", | |
| "HelpText": "Add a configuration per line", | |
| "DefaultValue": null, | |
| "DisplaySettings": { | |
| "Octopus.ControlType": "MultiLineText" | |
| } | |
| } | |
| ], | |
| "$Meta": { | |
| "ExportedAt": "2017-04-12T15:49:18.593Z", | |
| "OctopusVersion": "3.3.4", | |
| "Type": "ActionTemplate" | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ErrorActionPreference = 'Stop' | |
| Add-Type -Path "${MicroChap}\MicroCHAP.dll" | |
| Add-Type @" | |
| using System.Net; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class TrustAllCertsPolicy : ICertificatePolicy { | |
| public bool CheckValidationResult( | |
| ServicePoint srvPoint, X509Certificate certificate, | |
| WebRequest request, int certificateProblem) { | |
| return true; | |
| } | |
| } | |
| "@ | |
| [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy | |
| Function Sync-Unicorn { | |
| Param( | |
| [Parameter(Mandatory=$True)] | |
| [string]$ControlPanelUrl, | |
| [Parameter(Mandatory=$True)] | |
| [string]$SharedSecret, | |
| [Parameter(Mandatory=$True)] | |
| [string[]]$Configurations, | |
| [string]$Verb = 'Sync' | |
| ) | |
| # PARSE THE URL TO REQUEST | |
| $parsedConfigurations = ($Configurations) -join "^" | |
| $url = "{0}?verb={1}&configuration={2}" -f $ControlPanelUrl, $Verb, $parsedConfigurations | |
| Write-Host "Sync-Unicorn: Preparing authorization for $url" | |
| # GET AN AUTH CHALLENGE | |
| $challenge = Get-Challenge -ControlPanelUrl $ControlPanelUrl | |
| Write-Host "Sync-Unicorn: Received challenge: $challenge" | |
| # CREATE A SIGNATURE WITH THE SHARED SECRET AND CHALLENGE | |
| $signatureService = New-Object MicroCHAP.SignatureService -ArgumentList $SharedSecret | |
| $signature = $signatureService.CreateSignature($challenge, $url, $null) | |
| Write-Host "Sync-Unicorn: MAC '$($signature.SignatureSource)'" | |
| Write-Host "Sync-Unicorn: HMAC '$($signature.SignatureHash)'" | |
| Write-Host "Sync-Unicorn: If you get authorization failures compare the values above to the Sitecore logs." | |
| Write-Host "Sync-Unicorn: Created signature $signature, executing $Verb..." | |
| # USING THE SIGNATURE, EXECUTE UNICORN | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $result = Invoke-WebRequest -Uri $url -Headers @{ "X-MC-MAC" = $signature.SignatureHash; "X-MC-Nonce" = $challenge } -TimeoutSec 10800 -UseBasicParsing | |
| $result.Content | |
| } | |
| Function Get-Challenge { | |
| Param( | |
| [Parameter(Mandatory=$True)] | |
| [string]$ControlPanelUrl | |
| ) | |
| $url = "$($ControlPanelUrl)?verb=Challenge" | |
| $result = Invoke-WebRequest -Uri $url -TimeoutSec 360 -UseBasicParsing | |
| $result.Content | |
| } | |
| $configs = $Configurations.split("`n") | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| Sync-Unicorn -ControlPanelUrl "$($SiteUrl)/unicorn.aspx" -SharedSecret $SharedSecret -Configurations $configs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment