epic/play-with-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd6815aed5209096d6c4b877965013dc0d199eac
play-with-docker/dockerfiles/dind/copy_certs.ps1
Marcos Lilljedahl 1bee95e862 Add missing files
2019-04-04 13:07:48 -03:00

115 lines
3.1 KiB
PowerShell
Raw Blame History

param (
[Parameter(Mandatory = $true)]
[string] $Node,
[Parameter(Mandatory = $true)]
[string] $SessionId,
[Parameter(Mandatory = $true)]
[string] $FQDN
)
function GetDirectUrlFromIp ($ip) {
$ip_dash=$ip -replace "\.","-"
$url="https://ip${ip_dash}-${SessionId}.direct.${FQDN}"
return $url
}
function WaitForUrl ($url) {
write-host $url
do {
try{
invoke-webrequest -UseBasicParsing -uri $url | Out-Null
} catch {}
$status = $?
sleep 1
} until($status)
}
function GetNodeRoutableIp ($nodeName) {
$JQFilter='.instances[] | select (.hostname == \"{0}\") | .routable_ip' -f $nodeName
$rip = (invoke-webrequest -UseBasicParsing -uri "https://$FQDN/sessions/$SessionId").Content | jq -r $JQFilter
IF([string]::IsNullOrEmpty($rip)) {
Write-Host "Could not fetch IP for node $nodeName"
exit 1
}
return $rip
}
function Set-UseUnsafeHeaderParsing
{
param(
[Parameter(Mandatory,ParameterSetName='Enable')]
[switch]$Enable,
[Parameter(Mandatory,ParameterSetName='Disable')]
[switch]$Disable
)
$ShouldEnable = $PSCmdlet.ParameterSetName -eq 'Enable'
$netAssembly = [Reflection.Assembly]::GetAssembly([System.Net.Configuration.SettingsSection])
if($netAssembly)
{
$bindingFlags = [Reflection.BindingFlags] 'Static,GetProperty,NonPublic'
$settingsType = $netAssembly.GetType('System.Net.Configuration.SettingsSectionInternal')
$instance = $settingsType.InvokeMember('Section', $bindingFlags, $null, $null, @())
if($instance)
{
$bindingFlags = 'NonPublic','Instance'
$useUnsafeHeaderParsingField = $settingsType.GetField('useUnsafeHeaderParsing', $bindingFlags)
if($useUnsafeHeaderParsingField)
{
$useUnsafeHeaderParsingField.SetValue($instance, $ShouldEnable)
}
}
}
}
$ProgressPreference = 'SilentlyContinue'
$ErrorActionPreference = 'Stop'
Set-UseUnsafeHeaderParsing -Enable
Start-Transcript -path ("C:\{0}.log" -f $MyInvocation.MyCommand.Name) -append
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class IDontCarePolicy : ICertificatePolicy {
public IDontCarePolicy() {}
public bool CheckValidationResult(
ServicePoint sPoint, X509Certificate cert,
WebRequest wRequest, int certProb) {
return true;
}
}
"@
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
$dtr_ip = GetNodeRoutableIp $Node
$dtr_url = GetDirectUrlFromIp $dtr_ip
$dtr_hostname = $dtr_url -replace "https://",""
WaitForUrl "${dtr_url}/ca"
invoke-webrequest -UseBasicParsing -uri "$dtr_url/ca" -o c:\ca.crt
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 c:\ca.crt
$store = new-object System.Security.Cryptography.X509Certificates.X509Store('Root','localmachine')
$store.Open('ReadWrite')
$store.Add($cert)
$store.Close()
Stop-Transcript
Reference in New Issue View Git Blame Copy Permalink