diff --git a/AppHandling/Compile-AppInNavContainer.ps1 b/AppHandling/Compile-AppInNavContainer.ps1 index 8b68249d..6d838d6c 100644 --- a/AppHandling/Compile-AppInNavContainer.ps1 +++ b/AppHandling/Compile-AppInNavContainer.ps1 @@ -391,25 +391,8 @@ try { $devServerUrl = "$($protocol)$($containerName):$($customConfig.DeveloperServicesPort)/$ServerInstance" } - $sslVerificationDisabled = ($protocol -eq "https://") - if ($sslVerificationDisabled) { - if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) - { - Add-Type -TypeDefinition " - using System.Net.Security; - using System.Security.Cryptography.X509Certificates; - public static class SslVerification - { - private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } - public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; } - public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } - }" - } - Write-Host "Disabling SSL Verification" - [SslVerification]::Disable() - } - $timeout = 300000 + $sslVerificationDisabled = ($protocol -eq "https://") if ($customConfig.ClientServicesCredentialType -eq "Windows") { $useDefaultCredentials = $true } @@ -467,7 +450,7 @@ try { } Write-Host "Url : $Url" try { - DownloadFileLow -sourceUrl $url -destinationFile $symbolsFile -timeout $timeout -useDefaultCredentials:$useDefaultCredentials -Headers $headers + DownloadFileLow -sourceUrl $url -destinationFile $symbolsFile -timeout $timeout -useDefaultCredentials:$useDefaultCredentials -Headers $headers -skipCertificateCheck:$sslVerificationDisabled } catch { $throw = $true @@ -485,14 +468,6 @@ try { } if ($throw) { Write-Host "ERROR $($_.Exception.Message)" - if ($_.Exception.InnerException) - { - Write-Host "ERROR $($_.Exception.InnerException.Message)" - if ($_.Exception.InnerException.InnerException) - { - Write-Host "ERROR $($_.Exception.InnerException.InnerException.Message)" - } - } throw (GetExtendedErrorMessage $_) } } @@ -568,11 +543,6 @@ try { } $depidx++ } - - if ($sslverificationdisabled) { - Write-Host "Re-enabling SSL Verification" - [SslVerification]::Enable() - } $result = Invoke-ScriptInBcContainer -containerName $containerName -ScriptBlock { Param($appProjectFolder, $appSymbolsFolder, $appOutputFile, $EnableCodeCop, $EnableAppSourceCop, $EnablePerTenantExtensionCop, $EnableUICop, $CustomCodeCops, $rulesetFile, $assemblyProbingPaths, $nowarn, $GenerateCrossReferences, $ReportSuppressedDiagnostics, $generateReportLayoutParam, $features, $preProcessorSymbols, $platformversion, $updateDependencies ) diff --git a/AppHandling/Get-NavContainerApp.ps1 b/AppHandling/Get-NavContainerApp.ps1 index 814bc244..e4483127 100644 --- a/AppHandling/Get-NavContainerApp.ps1 +++ b/AppHandling/Get-NavContainerApp.ps1 @@ -64,23 +64,6 @@ try { } $sslVerificationDisabled = ($protocol -eq "https://") - if ($sslVerificationDisabled) { - if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) - { - Add-Type -TypeDefinition " - using System.Net.Security; - using System.Security.Cryptography.X509Certificates; - public static class SslVerification - { - private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } - public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; } - public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } - }" - } - Write-Host "Disabling SSL Verification" - [SslVerification]::Disable() - } - $timeout = 300000 $useDefaultCredentials = $false $headers = @{} @@ -104,18 +87,13 @@ try { $url = "$devServerUrl/dev/packages?publisher=$([uri]::EscapeDataString($publisher))&appName=$([uri]::EscapeDataString($appName))&versionText=$($appVersion)&tenant=$tenant" Write-Host "Url : $Url" try { - DownloadFileLow -sourceUrl $url -destinationFile $appFile -timeout $timeout -useDefaultCredentials:$useDefaultCredentials -Headers $headers + DownloadFileLow -sourceUrl $url -destinationFile $appFile -timeout $timeout -useDefaultCredentials:$useDefaultCredentials -Headers $headers -skipCertificateCheck:$sslVerificationDisabled } catch [System.Net.WebException] { Write-Host "ERROR $($_.Exception.Message)" throw (GetExtendedErrorMessage $_) } - if ($sslverificationdisabled) { - Write-Host "Re-enabling SSL Verification" - [SslVerification]::Enable() - } - $appFile } catch { diff --git a/AppHandling/PsTestFunctions.ps1 b/AppHandling/PsTestFunctions.ps1 index 28cb4273..504cb74f 100644 --- a/AppHandling/PsTestFunctions.ps1 +++ b/AppHandling/PsTestFunctions.ps1 @@ -1243,16 +1243,18 @@ function Disable-SslVerification { if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) { - Add-Type -TypeDefinition @" -using System.Net.Security; -using System.Security.Cryptography.X509Certificates; -public static class SslVerification -{ - private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } - public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; } - public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } -} +$sslCallbackCode = @" + using System.Net.Security; + using System.Security.Cryptography.X509Certificates; + + public static class SslVerification + { + public static bool DisabledServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } + public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = DisabledServerCertificateValidationCallback; } + public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } + } "@ + Add-Type -TypeDefinition $sslCallbackCode } [SslVerification]::Disable() } diff --git a/AppHandling/Publish-NavContainerApp.ps1 b/AppHandling/Publish-NavContainerApp.ps1 index d2d6d7a7..76d42492 100644 --- a/AppHandling/Publish-NavContainerApp.ps1 +++ b/AppHandling/Publish-NavContainerApp.ps1 @@ -1,3 +1,21 @@ +$sslCallbackCode = @" + using System.Net.Security; + using System.Security.Cryptography.X509Certificates; + + public static class SslVerification + { + public static bool DisabledServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } + public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = DisabledServerCertificateValidationCallback; } + public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } + } +"@ +try { + if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) { + Add-Type -TypeDefinition $sslCallbackCode -Language CSharp -WarningAction SilentlyContinue | Out-Null + } +} +catch {} + <# .Synopsis Publish App to a NAV/BC Container @@ -189,6 +207,17 @@ try { } else { $handler = New-Object System.Net.Http.HttpClientHandler + if ($customConfig.DeveloperServicesSSLEnabled -eq "true") { + $protocol = "https://" + } + else { + $protocol = "http://" + } + $sslVerificationDisabled = ($protocol -eq "https://") + if ($sslVerificationDisabled) { + Write-Host "Disabling SSL Verification" + $handler.ServerCertificateCustomValidationCallback = [SslVerification]::DisabledServerCertificateValidationCallback + } if ($customConfig.ClientServicesCredentialType -eq "Windows") { $handler.UseDefaultCredentials = $true } @@ -204,13 +233,6 @@ try { } $HttpClient.Timeout = [System.Threading.Timeout]::InfiniteTimeSpan $HttpClient.DefaultRequestHeaders.ExpectContinue = $false - - if ($customConfig.DeveloperServicesSSLEnabled -eq "true") { - $protocol = "https://" - } - else { - $protocol = "http://" - } $ip = Get-BcContainerIpAddress -containerName $containerName if ($ip) { @@ -219,24 +241,6 @@ try { else { $devServerUrl = "$($protocol)$($containerName):$($customConfig.DeveloperServicesPort)/$($customConfig.ServerInstance)" } - - $sslVerificationDisabled = ($protocol -eq "https://") - if ($sslVerificationDisabled) { - if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) - { - Add-Type -TypeDefinition " - using System.Net.Security; - using System.Security.Cryptography.X509Certificates; - public static class SslVerification - { - private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } - public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; } - public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } - }" - } - Write-Host "Disabling SSL Verification" - [SslVerification]::Disable() - } } $schemaUpdateMode = "synchronize" @@ -289,8 +293,7 @@ try { } if ($sslverificationdisabled) { - Write-Host "Re-enablssing SSL Verification" - [SslVerification]::Enable() + Write-Host "Restoring SSL Verification" # no action required - only to enforce blocks consistency } if ($bcContainerHelperConfig.NoOfSecondsToSleepAfterPublishBcContainerApp -gt 0) { # Avoid race condition diff --git a/HelperFunctions.ps1 b/HelperFunctions.ps1 index 160aad9a..d84389e2 100644 --- a/HelperFunctions.ps1 +++ b/HelperFunctions.ps1 @@ -1,6 +1,6 @@ -$useTimeOutWebClient = $false +$useTimeOutWebClient = $false if ($PSVersionTable.PSVersion -lt "6.0.0" -and !$useTimeOutWebClient) { -$Source = @" +$timeoutWebClientCode = @" using System.Net; public class TimeoutWebClient : WebClient @@ -25,12 +25,30 @@ $Source = @" "@; try { - Add-Type -TypeDefinition $Source -Language CSharp -WarningAction SilentlyContinue | Out-Null + Add-Type -TypeDefinition $timeoutWebClientCode -Language CSharp -WarningAction SilentlyContinue | Out-Null $useTimeOutWebClient = $true } catch {} } +$sslCallbackCode = @" + using System.Net.Security; + using System.Security.Cryptography.X509Certificates; + + public static class SslVerification + { + public static bool DisabledServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } + public static void Disable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = DisabledServerCertificateValidationCallback; } + public static void Enable() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } + } +"@ +try { + if (-not ([System.Management.Automation.PSTypeName]"SslVerification").Type) { + Add-Type -TypeDefinition $sslCallbackCode -Language CSharp -WarningAction SilentlyContinue | Out-Null + } +} +catch {} + function Get-DefaultCredential { Param( [string]$Message, @@ -432,11 +450,11 @@ function GetExtendedErrorMessage { $message = $exception.Message if ($errorRecord.ErrorDetails) { - try { - $errorDetails = $errorRecord.ErrorDetails | ConvertFrom-Json - $message += " $($errorDetails.error)`r`n$($errorDetails.error_description)" - } - catch {} + try { + $errorDetails = $errorRecord.ErrorDetails | ConvertFrom-Json + $message += " $($errorDetails.error)`r`n$($errorDetails.error_description)" + } + catch {} } try { if ($exception -is [System.Management.Automation.MethodInvocationException]) { @@ -972,12 +990,17 @@ function DownloadFileLow { [string] $destinationFile, [switch] $dontOverwrite, [switch] $useDefaultCredentials, + [switch] $skipCertificateCheck, [hashtable] $headers = @{"UserAgent" = "BcContainerHelper $bcContainerHelperVersion" }, [int] $timeout = 100 ) if ($useTimeOutWebClient) { Write-Host "Downloading using WebClient" + if ($skipCertificateCheck) { + Write-Host "Disabling SSL Verification" + [SslVerification]::Disable() + } $webClient = New-Object TimeoutWebClient -ArgumentList (1000*$timeout) $headers.Keys | ForEach-Object { $webClient.Headers.Add($_, $headers."$_") @@ -994,71 +1017,51 @@ function DownloadFileLow { } finally { $webClient.Dispose() + if ($skipCertificateCheck) { + Write-Host "Restoring SSL Verification" + [SslVerification]::Enable() + } } } else { - if ($PSVersionTable.PSVersion -ge "7.0.0") { - Write-Host "Downloading using Invoke-WebRequest" - if ($useDefaultCredentials) { - $response = Invoke-WebRequest -UseDefaultCredentials -TimeoutSec $timeout -Headers $headers -Uri $sourceUrl -SkipCertificateCheck - } - else { - $response = Invoke-WebRequest -TimeoutSec $timeout -Headers $headers -Uri $sourceUrl -SkipCertificateCheck - } - - $fileStream = $null - if ($dontOverwrite) { - $fileMode = [System.IO.FileMode]::CreateNew - } - else { - $fileMode = [System.IO.FileMode]::Create - } - try { - $fileStream = New-Object System.IO.Filestream($destinationFile, $fileMode) - $fileStream.Write($response.Content) - $fileStream.Close() - } - finally { - if ($fileStream) { - $fileStream.Dispose() - } - } + Write-Host "Downloading using HttpClient" + + $handler = New-Object System.Net.Http.HttpClientHandler + if ($skipCertificateCheck) { + Write-Host "Disabling SSL Verification" + $handler.ServerCertificateCustomValidationCallback = [SslVerification]::DisabledServerCertificateValidationCallback + } + if ($useDefaultCredentials) { + $handler.UseDefaultCredentials = $true + } + $httpClient = New-Object System.Net.Http.HttpClient -ArgumentList $handler + $httpClient.Timeout = [Timespan]::FromSeconds($timeout) + $headers.Keys | ForEach-Object { + $httpClient.DefaultRequestHeaders.Add($_, $headers."$_") + } + $stream = $null + $fileStream = $null + if ($dontOverwrite) { + $fileMode = [System.IO.FileMode]::CreateNew } else { - Write-Host "Downloading using HttpClient" - if ($useDefaultCredentials) { - $handler = New-Object System.Net.Http.HttpClientHandler - $handler.UseDefaultCredentials = $true - $httpClient = New-Object System.Net.Http.HttpClient -ArgumentList $handler + $fileMode = [System.IO.FileMode]::Create + } + try { + $stream = $httpClient.GetStreamAsync($sourceUrl).GetAwaiter().GetResult() + $fileStream = New-Object System.IO.Filestream($destinationFile, $fileMode) + $stream.CopyToAsync($fileStream).GetAwaiter().GetResult() | Out-Null + $fileStream.Close() + } + finally { + if ($fileStream) { + $fileStream.Dispose() } - else { - $httpClient = New-Object System.Net.Http.HttpClient + if ($stream) { + $stream.Dispose() } - $httpClient.Timeout = [Timespan]::FromSeconds($timeout) - $headers.Keys | ForEach-Object { - $httpClient.DefaultRequestHeaders.Add($_, $headers."$_") - } - $stream = $null - $fileStream = $null - if ($dontOverwrite) { - $fileMode = [System.IO.FileMode]::CreateNew - } - else { - $fileMode = [System.IO.FileMode]::Create - } - try { - $stream = $httpClient.GetStreamAsync($sourceUrl).GetAwaiter().GetResult() - $fileStream = New-Object System.IO.Filestream($destinationFile, $fileMode) - $stream.CopyToAsync($fileStream).GetAwaiter().GetResult() | Out-Null - $fileStream.Close() - } - finally { - if ($fileStream) { - $fileStream.Dispose() - } - if ($stream) { - $stream.Dispose() - } + if ($skipCertificateCheck) { + Write-Host "Restoring SSL Verification" # no action required - only to enforce blocks consistency } } }