Skip to content

Commit

Permalink
Testing SQL ReEnrollment
Browse files Browse the repository at this point in the history
  • Loading branch information
Bob Pokorny committed Nov 26, 2024
1 parent 60a1a82 commit 8ea49ab
Show file tree
Hide file tree
Showing 16 changed files with 377 additions and 244 deletions.
2 changes: 0 additions & 2 deletions IISU/Certificate.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
Expand Down
37 changes: 26 additions & 11 deletions IISU/ClientPSCertStoreReEnrollment.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,25 @@
// See the License for the specific language governing permissions and
// limitations under the License.

// Ignore Spelling: Keyfactor

using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Management.Automation.Runspaces;
using System.Management.Automation;
using System.Management.Automation.Remoting;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Microsoft.Extensions.Logging;
using Keyfactor.Orchestrators.Extensions.Interfaces;
using System.Linq;
using System.IO;
using Microsoft.PowerShell;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinSql;

namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
{
Expand All @@ -39,7 +40,7 @@ internal class ClientPSCertStoreReEnrollment
private readonly IPAMSecretResolver _resolver;

private PSHelper _psHelper;
private Collection<PSObject>? _results = null;
private Collection<PSObject>? _results;

Check warning on line 43 in IISU/ClientPSCertStoreReEnrollment.cs

View workflow job for this annotation

GitHub Actions / call-starter-workflow / call-dotnet-build-and-release-workflow / dotnet-build-and-release 

The annotation for nullable reference types should only be used in code within a '#nullable' annotations context.

public ClientPSCertStoreReEnrollment(ILogger logger, IPAMSecretResolver resolver)
{
Expand Down Expand Up @@ -100,14 +101,30 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit
string thumbprint = ImportCertificate(myCert.RawData, storePath);

// If there is binding, bind it to the correct store type
switch (bindingType)
if (thumbprint != null)
{
case CertStoreBindingTypeENUM.WinIIS:
break;
case CertStoreBindingTypeENUM.WinSQL:
break;
switch (bindingType)
{
case CertStoreBindingTypeENUM.WinIIS:
// Bind Certificate to IIS Site
IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);
WinIISBinding.BindCertificate(_psHelper, bindingInfo, thumbprint, "", storePath);
break;
case CertStoreBindingTypeENUM.WinSQL:
// Bind Certificate to SQL Instance
string sqlInstanceNames = "MSSQLSERVER";
if (config.JobProperties.ContainsKey("InstanceName"))
{
sqlInstanceNames = config.JobProperties["InstanceName"]?.ToString() ?? "MSSQLSERVER";
}
WinSqlBinding.BindSQLCertificate(_psHelper, sqlInstanceNames, thumbprint, "", storePath, false);
break;
}

}



jobResult = new JobResult
{
Result = OrchestratorJobStatusJobResult.Success,
Expand Down Expand Up @@ -255,8 +272,6 @@ private string ImportCertificate(byte[] certificateRawData, string storeName)
}
}



public JobResult PerformReEnrollmentORIG(ReenrollmentJobConfiguration config, SubmitReenrollmentCSR submitReenrollment, CertStoreBindingTypeENUM bindingType)
{
bool hasError = false;
Expand Down
6 changes: 0 additions & 6 deletions IISU/ImplementedStoreTypes/Win/Inventory.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,7 @@
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.Win;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS;
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
Expand Down
2 changes: 1 addition & 1 deletion IISU/ImplementedStoreTypes/Win/Management.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ public JobResult AddCertificate(string certificateContents, string privateKeyPas

_logger.LogTrace("Attempting to execute PS function (Add-KFCertificateToStore)");

// Manditory parameters
// Mandatory parameters
var parameters = new Dictionary<string, object>
{
{ "Base64Cert", certificateContents },
Expand Down
2 changes: 1 addition & 1 deletion IISU/ImplementedStoreTypes/Win/WinCertCertificateInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
using System.Text;
using System.Threading.Tasks;

namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.Win
namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
{
public class WinCertCertificateInfo
{
Expand Down
10 changes: 4 additions & 6 deletions IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
using System;
// Ignore Spelling: Keyfactor IISU

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Text;
using System.Threading.Tasks;

namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS
namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
{
public class IISBindingInfo
{
Expand Down
2 changes: 1 addition & 1 deletion IISU/ImplementedStoreTypes/WinIIS/IISCertificateInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
using System.Text;
using System.Threading.Tasks;

namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS
namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
{
public class IISCertificateInfo
{
Expand Down
2 changes: 0 additions & 2 deletions IISU/ImplementedStoreTypes/WinIIS/Inventory.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.

using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert;
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
Expand Down
122 changes: 61 additions & 61 deletions IISU/ImplementedStoreTypes/WinIIS/Management.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
using System.Collections.ObjectModel;
using System.IO;
using System.Management.Automation;
using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS;
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
Expand Down Expand Up @@ -109,8 +108,9 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
// Bind Certificate to IIS Site
if (newThumbprint != null)
{
// TODO: Need to check/test IISU renewal thumbprint
IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);
BindCertificate(bindingInfo, newThumbprint);
WinIISBinding.BindCertificate(_psHelper, bindingInfo, newThumbprint, "", _storePath);

complete = new JobResult
{
Expand Down Expand Up @@ -141,7 +141,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
string thumbprint = config.JobCertificate.Alias.Split(':')[0];
try
{
if (UnBindCertificate(new IISBindingInfo(config.JobProperties)))
if (WinIISBinding.UnBindCertificate(_psHelper, new IISBindingInfo(config.JobProperties)))
{
complete = RemoveCertificate(thumbprint);
}
Expand Down Expand Up @@ -271,64 +271,64 @@ public JobResult RemoveCertificate(string thumbprint)
}
}

public void BindCertificate(IISBindingInfo bindingInfo, string thumbprint)
{
_logger.LogTrace("Attempting to bind and execute PS function (New-KFIISSiteBinding)");
//public void BindCertificate(IISBindingInfo bindingInfo, string thumbprint)
//{
// _logger.LogTrace("Attempting to bind and execute PS function (New-KFIISSiteBinding)");

// Manditory parameters
var parameters = new Dictionary<string, object>
{
{ "Thumbprint", thumbprint },
{ "WebSite", bindingInfo.SiteName },
{ "Protocol", bindingInfo.Protocol },
{ "IPAddress", bindingInfo.IPAddress },
{ "Port", bindingInfo.Port },
{ "SNIFlag", bindingInfo.SniFlag },
{ "StoreName", _storePath },
};

// Optional parameters
if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

_results = _psHelper.ExecutePowerShell("New-KFIISSiteBinding", parameters);
_logger.LogTrace("Returned from executing PS function (Add-KFCertificateToStore)");

// This should return the thumbprint of the certificate
if (_results != null && _results.Count > 0)
{
_logger.LogTrace($"Bound certificate with the thumbprint: '{thumbprint}' to site: '{bindingInfo.SiteName}'.");
}
else
{
_logger.LogTrace("No results were returned. There could have been an error while adding the certificate. Look in the trace logs for PowerShell informaiton.");
}
}

public bool UnBindCertificate(IISBindingInfo bindingInfo)
{
_logger.LogTrace("Attempting to UnBind and execute PS function (Remove-KFIISBinding)");

// Manditory parameters
var parameters = new Dictionary<string, object>
{
{ "SiteName", bindingInfo.SiteName },
{ "IPAddress", bindingInfo.IPAddress },
{ "Port", bindingInfo.Port },
};

// Optional parameters
if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

try
{
_results = _psHelper.ExecutePowerShell("Remove-KFIISBinding", parameters);
_logger.LogTrace("Returned from executing PS function (Remove-KFIISBinding)");
return true;
}
catch (Exception)
{
return false;
}
}
// // Manditory parameters
// var parameters = new Dictionary<string, object>
// {
// { "Thumbprint", thumbprint },
// { "WebSite", bindingInfo.SiteName },
// { "Protocol", bindingInfo.Protocol },
// { "IPAddress", bindingInfo.IPAddress },
// { "Port", bindingInfo.Port },
// { "SNIFlag", bindingInfo.SniFlag },
// { "StoreName", _storePath },
// };

// // Optional parameters
// if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

// _results = _psHelper.ExecutePowerShell("New-KFIISSiteBinding", parameters);
// _logger.LogTrace("Returned from executing PS function (Add-KFCertificateToStore)");

// // This should return the thumbprint of the certificate
// if (_results != null && _results.Count > 0)
// {
// _logger.LogTrace($"Bound certificate with the thumbprint: '{thumbprint}' to site: '{bindingInfo.SiteName}'.");
// }
// else
// {
// _logger.LogTrace("No results were returned. There could have been an error while adding the certificate. Look in the trace logs for PowerShell informaiton.");
// }
//}

//public bool UnBindCertificate(IISBindingInfo bindingInfo)
//{
// _logger.LogTrace("Attempting to UnBind and execute PS function (Remove-KFIISBinding)");

// // Mandatory parameters
// var parameters = new Dictionary<string, object>
// {
// { "SiteName", bindingInfo.SiteName },
// { "IPAddress", bindingInfo.IPAddress },
// { "Port", bindingInfo.Port },
// };

// // Optional parameters
// if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

// try
// {
// _results = _psHelper.ExecutePowerShell("Remove-KFIISBinding", parameters);
// _logger.LogTrace("Returned from executing PS function (Remove-KFIISBinding)");
// return true;
// }
// catch (Exception)
// {
// return false;
// }
//}
}
}
79 changes: 79 additions & 0 deletions IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
using Keyfactor.Logging;
using Microsoft.Extensions.Logging;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Management.Automation;
using System.Text;
using System.Threading.Tasks;

namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
{
public class WinIISBinding
{
private static ILogger _logger;
private static Collection<PSObject>? _results = null;

Check warning on line 16 in IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs

View workflow job for this annotation

GitHub Actions / call-starter-workflow / call-dotnet-build-and-release-workflow / dotnet-build-and-release 

The annotation for nullable reference types should only be used in code within a '#nullable' annotations context.
private static PSHelper _helper;

public static void BindCertificate(PSHelper psHelper, IISBindingInfo bindingInfo, string thumbprint, string renewalThumbprint, string storePath)
{
_logger.LogTrace("Attempting to bind and execute PS function (New-KFIISSiteBinding)");

// Mandatory parameters
var parameters = new Dictionary<string, object>
{
{ "Thumbprint", thumbprint },
{ "WebSite", bindingInfo.SiteName },
{ "Protocol", bindingInfo.Protocol },
{ "IPAddress", bindingInfo.IPAddress },
{ "Port", bindingInfo.Port },
{ "SNIFlag", bindingInfo.SniFlag },
{ "StoreName", storePath },
};

// Optional parameters
if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

_results = psHelper.ExecutePowerShell("New-KFIISSiteBinding", parameters);
_logger.LogTrace("Returned from executing PS function (Add-KFCertificateToStore)");

// This should return the thumbprint of the certificate
if (_results != null && _results.Count > 0)
{
_logger.LogTrace($"Bound certificate with the thumbprint: '{thumbprint}' to site: '{bindingInfo.SiteName}'.");
}
else
{
_logger.LogTrace("No results were returned. There could have been an error while adding the certificate. Look in the trace logs for PowerShell informaiton.");
}
}

public static bool UnBindCertificate(PSHelper psHelper, IISBindingInfo bindingInfo)
{
_logger.LogTrace("Attempting to UnBind and execute PS function (Remove-KFIISBinding)");

// Mandatory parameters
var parameters = new Dictionary<string, object>
{
{ "SiteName", bindingInfo.SiteName },
{ "IPAddress", bindingInfo.IPAddress },
{ "Port", bindingInfo.Port },
};

// Optional parameters
if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }

try
{
_results = psHelper.ExecutePowerShell("Remove-KFIISBinding", parameters);
_logger.LogTrace("Returned from executing PS function (Remove-KFIISBinding)");
return true;
}
catch (Exception)
{
return false;
}
}
}
}
3 changes: 2 additions & 1 deletion IISU/ImplementedStoreTypes/WinSQL/Inventory.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

using Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinSQL;
// Ignore Spelling: Keyfactor Sql

using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
Expand Down
Loading

0 comments on commit 8ea49ab

Please sign in to comment.