Private/WebUtil.ps1

Function Get-FreeWebPort {
    <#
    .Synopsis
    Find a free port for web application.
 
    .Description
    Find a free port for web application, starting from a given port, and increment if needed.
 
    .Parameter startingPort
    The port to start with.
 
    .Example
    # find a free port starting with 8090
    Get-FreeWebPort 8090
    #>
    
    [cmdletbinding()]
    [OutputType([int])]
    param( 
        [int] $startingPort
    )
    Process
    {        
        $usedPorts = @()
        Import-Module WebAdministration
        
        foreach ($bind in (Get-WebBinding).bindingInformation) {
            $port = Get-BindingPort $bind
            $usedPorts += $port 
        }
        
        $choosenPort = $startingPort
        while ($usedPorts.contains($choosenPort)) {
            $choosenPort += 10
        }
        
        return $choosenPort
    }
}

function Get-BindingPort($bind) {
    $startIndex = $bind.indexof(':')+1
    $endIndex = $bind.lastindexof(':')
    $port = $bind.Substring($startIndex, ($endIndex-$startIndex))
    return [int] $port
}

function Find-WebSite($Port) {
    $sites = Get-WebSite
    foreach ($site in $sites) {
        $matchSite = Find-SiteMatchPort $site $Port
        if ($matchSite) {
            return $site
        }
    }

    return $null
}

function Find-SiteMatchPort($Site, $Port) {
   $bindings = $Site.bindings.Collection
   foreach ($binding in $bindings.bindingInformation) {
       $sitePort = Get-BindingPort $binding
       $siteName = $Site.Name
       Write-Verbose "Comparing site $sitePort with $Port"
       if ($sitePort -eq $Port) {
           Write-Verbose "Site $siteName match port $Port"
           return $true
       }
   }

   return $false
}

function Get-Path($Site, $WebApplication) {
    return "$Site/$WebApplication"
}

function Set-WebAuthentication($Tenant, $WebSite, $AppName, $Value, [switch] $NoSave) {
    $Path = Get-Path $WebSite $AppName
    Write-Verbose "Path is $Path"
    if ($Value -eq "Windows") {
        Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value $true -PSPath IIS:\ -location "$Path"
        Set-WebConfigurationProperty -filter /system.webServer/security/authentication/AnonymousAuthentication -name enabled -value $false -PSPath IIS:\ -location "$Path"
        $config = (Get-WebConfiguration system.web/authentication "IIS:Sites\$Website\$AppName")
        $config.mode = "Windows"
        $config | Set-WebConfiguration system.web/authentication
    }

    if ($Value -eq "Formular") {
        Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value $false -PSPath IIS:\ -location "$Path"
        Set-WebConfigurationProperty -filter /system.webServer/security/authentication/AnonymousAuthentication -name enabled -value $true -PSPath IIS:\ -location "$Path"
        $config = (Get-WebConfiguration system.web/authentication "IIS:Sites\$Website\$AppName")
        $config.mode = "Forms"
        $config | Set-WebConfiguration system.web/authentication
    }

    if (!($NoSave)) {
        Store-WebConf $Tenant "Authentication" $Value
    }

    Write-Verbose "Configuration saved"
}

function Store-WebConf($Tenant, $Key, $Value) {
    $path = Get-WebConfigPathFromTenant $Tenant
    if (!(Test-Path $path)) {
        md $path | Out-Null
    }

    $filePath = "$path$Key"
    Write-Verbose "Writing $Value to $filePath"
    Set-Content $filePath $Value
}

function Get-WebConf($Tenant, $Key) {
    $path = Get-WebConfigPathFromTenant $Tenant
    $filePath = "$path$Key"
    if (!(Test-Path $filePath)) {
        Write-Verbose "Path $filePath does not exist"
        return $null
    }

    Write-Verbose "Reading $filePath"
    $value = Get-Content $filePath
    Write-Verbose "$Key : $value"
    return $value
}

function Get-SSLConf($Tenant) {
    $ssljson = [string] (Get-WebConf $Tenant "SSL")
    if ($ssljson -eq $null) {
        
        $ssl = @{
            "Enable" = $false;
        }
    } else {
        $ssl = ConvertFrom-Json $ssljson
    }

    return $ssl
}

function Get-AuthenticationConf($Tenant) {
    $authentication = Get-WebConf $Tenant "Authentication"
    if ($authentication -eq $null) {
            $authentication = "Windows"
    }

    return $authentication
}

function Apply-WebConfOnWebServices($webPath) {
    $sslConf = Get-SSLConf $Tenant
    if ($sslConf -eq $null) {
        $ssl = "false"
    } else {
        $ssl = $sslConf.Enable
    }

    $authentication = Get-AuthenticationConf $Tenant
    if ($authentication -eq $null) {
        $authentication = "Windows"
    }

    Write-Output "Web configuration - SSL: $ssl, Authentication: $authentication"
    $servicePath = "$webPath\services.config"
    $backupPath = "$webPath\services.backup"

    Backup-ServiceConfig $servicePath $backupPath
    Write-ServiceInit $servicePath
    Write-ServicesHeader $servicePath
    Write-Services $servicePath $authentication $ssl
    Write-ServicesFooter $servicePath
}

function Backup-ServiceConfig($Path, $Backup) {
    Write-Verbose "Creating backup of $Path to $Backup"
    Copy-Item $Path $Backup -force | Out-Null
}

function Write-ServiceInit($Path) {
    Write-Verbose "Initializing $Path"
    New-Item $Path -force | Out-Null
}

function Write-ServicesHeader($Path) {
    Add-Content $Path "<?xml version=`"1.0`"?>"
    Add-Content $Path "<services>"
}

function Write-ServicesFooter($Path) {
    Add-Content $Path "</services>"
}

function Write-Services($Path, $Authentication, $SSL) {
    foreach($pair in $services.GetEnumerator()) {
        $service = $($pair.Name)
        $behavior = $($pair.Value)
        $contract = $endpointContract[$service]
        if ($contract -eq $null) {
            $contract = $service
        }

        Write-Verbose "Registering service $service"
        Write-ServiceHeader $Path $service
        $binding = Get-Binding $Authentication "false"
        Write-EndPoint $Path $behavior $binding $contract
        if ($SSL -eq "true") {
            $binding = Get-Binding $Authentication "true"
            Write-EndPoint $Path $behavior $binding $contract
        }

        Write-ServiceFooter $Path
    }
}

function Get-Binding($Authentication, $SSL) {
    if ($Authentication -eq "Windows") {
        if ($SSL -eq "true") {
            return "securedWebBinding"
        } else {
            return "defaultWebBinding"
        }
    } else {
        if ($SSL -eq "true") {
            return "anoSecuredWebBinding"
        } else {
            return "anoWebBinding"
        }
    }
}

function Write-ServiceHeader($Path, $Service) {
    $header = "`t" + $serviceHeaderTemplate.Replace("[SERVICE]", $Service)
    Add-Content $Path $header
}

function Write-EndPoint($Path, $Behavior, $Binding, $Service) {
    $endpoint = "`t`t" + $endPointTemplate.Replace("[BEHAVIOR]", $Behavior).Replace("[BINDING]", $Binding).Replace("[SERVICE]", $Service)
    Add-Content $Path $endpoint
}

function Write-ServiceFooter($Path) {
    Add-Content $Path "`t</service>"
}

$serviceHeaderTemplate = "<service behaviorConfiguration=`"httpGetEnablingBehavior`" name=`"[SERVICE]`">"
$endPointTemplate = "<endpoint address=`"`" behaviorConfiguration=`"[BEHAVIOR]`" binding=`"webHttpBinding`" bindingConfiguration=`"[BINDING]`" contract=`"[SERVICE]`"/>"

$services = @{
        "Ortems.PlannerOne.Web.UserControl.CalendarExceptions.CalendarException" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Indicators.IndicatorsService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Scheduling.ConfirmationLoader" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Sequencing.SequencingService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.Custom.TaskColorService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Filter.FilterService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Views.ResourceSequence.ResourceSequenceService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.DetailsPanel.InfoService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Utilities.UtilitiesService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.RefreshService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.ViewsService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.Custom.RowService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.Custom.Task" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Robots.RobotsService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Search.SearchService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Action.ManageTask.TaskManagerService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Views.Calendar.Service" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.ActivityComputation.ActivityComputationService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Service.SelectionService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Views.JobOverview.JobOverviewService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.Display.Total.TotalService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Service.ViewsService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.SwitchPlanning.SwitchPlanningService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.MoveTasks.MoveTasksService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Api.PlanningProduction" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Api.PlanningProject" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.UserControl.WebGantt.Gantt" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Admin.PerformanceService" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Admin.PerformanceSessionService" = "webHttp";
        "Ortems.PlannerOne.Web.Admin.WebSecurityService" = "webHttp";
        "Ortems.PlannerOne.Web.UserControl.Action.Assignment.ChooseResource" = "webScriptEnablingBehavior";
        "Ortems.PlannerOne.Web.Configure.ConfigurationService" = "webHttp";
        "Ortems.PlannerOne.Web.Admin.ICalConfigurationService" = "webHttp";
        "Ortems.PlannerOne.Web.UserControl.PinTasks.PinTasksService" = "webScriptEnablingBehavior";
}

$endpointContract = @{
    "Ortems.PlannerOne.Web.Api.PlanningProduction" = "Ortems.PlannerOne.Web.Api.IPlanningProductionContract";
    "Ortems.PlannerOne.Web.Api.PlanningProject" = "Ortems.PlannerOne.Web.Api.IPlanningContract"
}

function Register-P1WebServices($Tenant) {
    Write-Section "Registering Web services for current security"
    if (!(Test-Tenant $Tenant)) {
        Write-Warning "Tenant $Tenant does not exist."
        Write-Warning "Operation canceled."
        return;
    }

    $info = Get-P1Tenant $Tenant
    $host = $info.WebHost
    $port = $info.SitePort
    $app = $info.WebApplicationName
    Write-Output "Host: $host, Port: $port, Application name: $app"

    $site = Find-WebSite $port
    $siteName = $site.Name
    if ($site -eq $null) {
        Write-Warning "No site use binding $port configured for tenant Web Application $app of tenant $Tenant. Operation canceled."
        return
    } else {
        Write-Verbose "Site found"
    }

    $webApp = Get-WebApplication -Name $app -Site $siteName
    if ($webApp -eq $null) {
        Write-Warning "Cannot find Web Application $app for port $port"
    } else {
        Write-Verbose "Web Application found"
    }

    $path = $webApp.PhysicalPath

    Write-Verbose "Physical path is $path"
    Apply-WebConfOnWebServices $path
    Write-OK "REST services registered with security for tenant $Tenant"
}

function Set-WebAuthenticationInternal([string] $Tenant, [switch] $Windows, [switch] $Formular, [switch] $NoSave) {
    $info = Get-P1Tenant $Tenant
    $host = $info.WebHost
    $port = $info.SitePort
    $app = $info.WebApplicationName
    Write-Verbose "Host: $host, Port: $port, Application name: $app"

    $site = Find-WebSite $port
    $siteName = $site.Name
    if ($site -eq $null) {
        Write-Warning "No site use binding $port configured for tenant Web Application $app of tenant $Tenant. Operation canceled."
        return
    } else {
        Write-Verbose "Site found"
    }


    $webApp = Get-WebApplication -Name $app -Site $siteName
    if ($webApp -eq $null) {
        Write-Warning "Cannot find Web Application $app for port $port"
    } else {
        Write-Verbose "Web Application found"
    }

    $mode = ""
    if ($Windows) {
        $mode = "Windows"
    }

    if ($Formular) {
        $mode = "Formular"
    }

    Write-Verbose "Mode will be set to $mode"

    Set-WebAuthentication $Tenant $siteName $app $mode -NoSave:$NoSave.IsPresent
}

function Set-WebSSLInternal([string] $Tenant, [switch] $Enable, [switch] $Disable, [int] $SSLPort, [string] $CertificateStore, [string] $CertificateFriendlyName, [string] $CertificateThumbprint, [string] $HostedIP, [switch] $NoSave) {
    if ($SSLPort -eq 0) {
        Write-Warning "No SSL Port define, trying with 443."
        $SSLPort = 443
    }
        
    $info = Get-P1Tenant $Tenant
    $host = $info.WebHost
    $port = $info.SitePort
    $app = $info.WebApplicationName
    Write-Verbose "Host: $host, Port: $port, Application name: $app"

    $site = Find-WebSite $port
    $siteName = $site.Name
    if ($site -eq $null) {
        Write-Warning "No site use binding $port configured for tenant Web Application $app of tenant $Tenant. Operation canceled."
        return
    } else {
        Write-Verbose "Site found"
    }

    $bindingHostedIP = $HostedIP
    if ($HostedIP -eq "" -or $HostedIP -eq "0.0.0.0") {
        $HostedIP = "0.0.0.0"
        $bindingHostedIP = "*"
    }

    # Disable binding for site
    if ($Disable) {
        Write-Verbose "Removing binding $SSLPort on site $siteName"
        try {
            Remove-WebBinding -Name "$siteName" -Port $SSLPort -ErrorAction Stop
        } catch {
            Write-KO "Web application binding for port $SSLPort does not exist"
        }

        Write-Verbose "Removing SSL binding record"
        try {
            Remove-Item "IIS:\SslBindings\$HostedIP!$SSLPort" -ErrorAction Stop
        } catch {
            Write-KO "SSL Binding IIS:\SslBindings\$HostedIP!$SSLPort does not exist"
        }

        if (!($NoSave)) {
            $conf = @{
                "Enable" = $false;
            }

            $jsonConf = ConvertTo-Json $conf
            Store-WebConf $Tenant "SSL" $jsonConf
        }

        Write-OK "Web SSL disabled for tenant $Tenant"
        return
    }

    # Create binding for site
    Write-Verbose "Creating new binding $SSLPort on site $siteName"
    try {
        New-WebBinding -Name "$siteName" -IPAddress "$bindingHostedIP" -Port $SSLPort -Protocol https
    } catch {
        Write-KO "Port is already define on site"
        return
    }

    # Create SSL Binding in IIS
    if ($CertificateStore -eq "") {
        $CertificateStore = "My"
    }

    if ($CertificateFriendlyName -ne "" -and $CertificateThumbprint -ne "" ) {
        Write-Warning "You can only use one certificate option between CertificateFriendlyName and CertificateThumbprint"
        return
    }

    if ($CertificateFriendlyName -eq "" -and $CertificateThumbprint -eq "" ) {
        Write-Warning "You must choose one certificate option between CertificateFriendlyName and CertificateThumbprint"
        return
    }

    $certificateLocation = "cert:\LocalMachine\$CertificateStore"
    Write-Verbose "Certificate location is $certificateLocation"
    if ($CertificateFriendlyName -ne "") {
        Write-Verbose "Searching for certificate with friendly name $CertificateFriendlyName"
        $certificate = Get-ChildItem $certificateLocation | where-object { $_.FriendlyName -eq "$CertificateFriendlyName" }
    }

    if ($CertificateThumbprint -ne "") {
        Write-Verbose "Searching for certificate with thumbprint $CertificateThumbprint"
        $certificate = Get-ChildItem $certificateLocation | where-object { $_.Thumbprint -eq "$CertificateThumbprint" }
    }

    if ($certificate -eq $null) {
        Write-KO "Cannot find certificate $CertificateFriendlyName $CertificateThumbprint in $certificateLocation"
        return
    } else {
        # Thumbprint is store in configuration
        $CertificateThumbprint = $certificate.Thumbprint
        Write-Verbose "Certificate has been found"
    }
    
    Write-Verbose "Writing SSL binding IIS:\SslBindings\$HostedIP!$SSLPort"
    try {
        $certificate | New-Item "IIS:\SslBindings\$HostedIP!$SSLPort"
    } catch {
        Write-KO "IIS SSL binding IIS:\SslBindings\$HostedIP!$SSLPort already exist"
    }

    Write-Verbose "SSL binding written"

    if (!($NoSave)) {
        $conf = @{
            "Enable" = $true;
            "Port" = $SSLPort;
            "Store" = "$CertificateStore";
            "Thumbprint" = "$CertificateThumbprint";
            "IP" = "$HostedIP";
        }

        $jsonConf = ConvertTo-Json $conf
        Store-WebConf $Tenant "SSL" $jsonConf
    }
}