This repository has been archived by the owner on Sep 21, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Setup.ps1
114 lines (90 loc) · 7.26 KB
/
Setup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# **********************************************************************************************
# This sample PowerShell script does the following
# create a self signed certificate
# create an Application within AAD
# Assign the self signed certificate as a key to the AAD Application
# Create a Resource Group and Key Vault
# Give the AAD Application permissions to read from your Key Vault
# **********************************************************************************************
Write-Host 'Vault name must be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hypens' -foregroundcolor Yellow
$vaultName = Read-Host -Prompt 'Please input a Vault Name'
$resourceGroupName = Read-Host -Prompt 'Please input a Azure Resource Group Name'
$applicationName = Read-Host -Prompt 'Please input application name in Azure Active Directory'
$identifierUri = Read-Host -Prompt 'Please input an Identifier Uri (As an example https://microsoft.com'
$CertName = Read-Host -Prompt 'Please input a name for the Self Signed Certificate'
$pwdresponse = Read-host "Please input a password for the Self Signed Certificate" -AsSecureString
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwdresponse))
[System.Environment]::SetEnvironmentVariable('VAULT_NAME', $vaultName, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('RESOURCE_GROUP_NAME', $resourceGroupName, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('APPLICATION_NAME', $applicationName, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('CERT_NAME', $CertName, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('IDENTIFIER_URI', $identifierUri, [System.EnvironmentVariableTarget]::User)
# **********************************************************************************************
# You MAY set the following values before running this script
# **********************************************************************************************
$location = 'East US' # Get-AzureLocation
$dnsName = 'mytest.domain.com'
# **********************************************************************************************
# Create a self signed cert
# **********************************************************************************************
Write-Host 'Creating a Self Signed Certificate named ' $CertName -foregroundcolor Green
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname $dnsName
$securepwd = ConvertTo-SecureString -String $password -Force -AsPlainText
$path = "cert:\localMachine\my\" + $cert.thumbprint
$certThumbprint = $cert.thumbprint
$certStore = "Cert:\localMachine\my"
# **********************************************************************************************
# Export the self signed cert to temp folder
# **********************************************************************************************
Write-Host 'Exporting a Self Signed Certificate named ' $CertName 'to C:\temp folder' -foregroundcolor Green
$certStoreLocation = Get-Location
$certStoreLocation = Join-Path -Path $certStoreLocation -ChildPath $CertName
$certNamePfx = $certStoreLocation + ".pfx"
$certNameCrt = $certStoreLocation + ".crt"
Write-Host Get-Location
Write-Host $certNamePfx
Write-Host $certStoreLocation
Export-PfxCertificate -cert $path -FilePath $certNamePfx -Password $securepwd
Export-Certificate -cert $path -FilePath $certNameCrt
# **********************************************************************************************
# Import certificate into certificate store on Windows
# **********************************************************************************************
# Import-PfxCertificate -FilePath C:\temp\$CertName.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $securepwd
$x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$x509.Import($certNameCrt)
$credValue = [System.Convert]::ToBase64String($x509.GetRawCertData())
$validFrom = [System.DateTime]::Now
$validTo = [System.DateTime]::Now.AddDays(5)
# **********************************************************************************************
# Login to Azure
# **********************************************************************************************
Write-Host 'Logging into Azure' -foregroundcolor Green
Login-AzureRmAccount
# **********************************************************************************************
# Create an Application in Azure Active Directory
# **********************************************************************************************
Write-Host 'Creating an Application named' $applicationName ' in Azure Active Directory ' -foregroundcolor Green
$adapp = New-AzureRmADApplication -DisplayName "$applicationName" -HomePage "https://keyvaultreader.com/" -IdentifierUris $identifierUri -CertValue $credValue ` -StartDate $validFrom -EndDate $validTo
# **********************************************************************************************
# Create a Service Principal associated with the Application in Azure Active Directory
# **********************************************************************************************
Write-Host 'Creating an Service Principal for an Application ' $applicationName ' in Azure Active Directory' -foregroundcolor Green
$ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
[System.Environment]::SetEnvironmentVariable('SP_OBJECT_ID', $ServicePrincipal.Id, [System.EnvironmentVariableTarget]::User)
# **********************************************************************************************
# Create a Key Vault with a specified Resource Group
# **********************************************************************************************
Write-Host 'Creating a Vault ' $vaultName 'with Specified Resource Group ' $resourceGroupName -foregroundcolor Green
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $resourceGroupName -Location $location
# **********************************************************************************************
# Setting permissions for the Application in AAD to have access to Key Vault Secrets, Keys, Certificates
# **********************************************************************************************
Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -ResourceGroupName $resourceGroupName -ObjectId $ServicePrincipal.Id -PermissionsToKeys all -PermissionsToSecrets all -PermissionsToCertificates all
[System.Environment]::SetEnvironmentVariable('APPLICATION_ID', $adapp.ApplicationId, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('KEYVAULT_URI', $vaultName, [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('CERT_THUMBPRINT', $certThumbprint, [System.EnvironmentVariableTarget]::User)
Write-Host 'APPLICATION_ID ' $adapp.ApplicationId
Write-Host 'Cert Thumbprint ' $certThumbprint
Write-Host 'Application Name in AAD is ' $applicationName
Write-Host "Vault Name " $vaultName -foregroundcolor Green | Format-Table