Merge branch '48867-Add_SSH' into 62847-Update_SNI_Flags

Keyfactor · Oct 8, 2024 · c3912ab · c3912ab
2 parents f1438bd + e3370a4
commit c3912ab
Show file tree

Hide file tree

Showing 32 changed files with 1,398 additions and 69 deletions.
diff --git a/IISU/ClientPSCertStoreInventory.cs b/IISU/ClientPSCertStoreInventory.cs
@@ -16,8 +16,10 @@
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
+using System.Runtime.ConstrainedExecution;
 using System.Text;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
@@ -36,8 +38,55 @@ public ClientPSCertStoreInventory(ILogger logger)
             _logger = logger;
         }
 
+        public List<Certificate> GetCertificatesFromStore(RemoteSettings settings, string storePath)
+        {
+            try
+            {
+                ILogger _logger = LogHandler.GetClassLogger(this.GetType());
+
+                List<Certificate> myCertificates = new();
+
+                _logger.LogTrace("Attempting to establish PowerShell connection.");
+                using (PSHelper ps = new(settings.Protocol, settings.Port, settings.IncludePortInSPN, settings.ClientMachineName, settings.ServerUserName, settings.ServerPassword))
+                {
+                    _logger.LogTrace("Initializing connection");
+                    ps.Initialize();
+
+                    var scriptParameters = new Dictionary<string, object>
+                    {
+                        { "StoreName", storePath }
+                    };
+
+                    var results = ps.ExecuteCommand(PSHelper.LoadScript("WinCertInventory.ps1"), scriptParameters);
+
+                    foreach (var c in results)
+                    {
+                        myCertificates.Add(new Certificate
+                        {
+                            Thumbprint = $"{c.Properties["Thumbprint"]?.Value}",
+                            HasPrivateKey = bool.Parse($"{c.Properties["HasPrivateKey"]?.Value}"),
+                            RawData = (byte[])c.Properties["RawData"]?.Value,
+                            CryptoServiceProvider = $"{c.Properties["CSP"]?.Value}",
+                            SAN = Certificate.Utilities.FormatSAN($"{c.Properties["san"]?.Value}")
+                        });
+                    }
+                }
+
+                _logger.LogTrace($"found: {myCertificates.Count} certificate(s), exiting GetCertificatesFromStore()");
+                return myCertificates;
+
+            }
+            catch (Exception ex)
+            {
+                throw new Exception ("An error occurred while attempting to read the certificates from the store.\n" + ex.Message.ToString());
+            }
+        }
+
+        // ORIG
         public List<Certificate> GetCertificatesFromStore(Runspace runSpace, string storePath)
         {
+            ILogger _logger = LogHandler.GetClassLogger(this.GetType());
+
             List<Certificate> myCertificates = new List<Certificate>();
             try
             {

diff --git a/IISU/ClientPSCertStoreReEnrollment.cs b/IISU/ClientPSCertStoreReEnrollment.cs
@@ -65,7 +65,7 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit
                 string storePath = config.CertificateStoreDetails.StorePath;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                using var runSpace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
+                using var runSpace = PSHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
 
                 _logger.LogTrace("Runspace created");
                 runSpace.Open();

diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs
@@ -107,7 +107,7 @@ public ClientPSIIManager(ReenrollmentJobConfiguration config, string serverUsern
                 bool includePortInSPN = jobProperties.SpnPortFlag;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {ClientMachineName}");
-                _runSpace = PsHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
+                _runSpace = PSHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
             }
             catch (Exception e)
             {
@@ -158,7 +158,7 @@ public ClientPSIIManager(ManagementJobConfiguration config, string serverUsernam
                 bool includePortInSPN = jobProperties.SpnPortFlag;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {ClientMachineName}");
-                _runSpace = PsHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
+                _runSpace = PSHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
             }
             catch (Exception e)
             {

diff --git a/IISU/ClientPsSqlManager.cs b/IISU/ClientPsSqlManager.cs
@@ -66,7 +66,7 @@ public ClientPsSqlManager(ManagementJobConfiguration config, string serverUserna
                 RestartService = jobProperties.RestartService;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {ClientMachineName}");
-                _runSpace = PsHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
+                _runSpace = PSHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
             }
             catch (Exception e)
             {
@@ -121,7 +121,7 @@ public ClientPsSqlManager(ReenrollmentJobConfiguration config, string serverUser
                 RestartService = jobProperties.RestartService;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {ClientMachineName}");
-                _runSpace = PsHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
+                _runSpace = PSHelper.GetClientPsRunspace(winRmProtocol, ClientMachineName, winRmPort, includePortInSPN, serverUsername, serverPassword);
             }
             catch (Exception e)
             {

diff --git a/IISU/ImplementedStoreTypes/Win/Inventory.cs b/IISU/ImplementedStoreTypes/Win/Inventory.cs
@@ -14,6 +14,8 @@
 
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Diagnostics;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
 using System.Net;
@@ -49,6 +51,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
         {
             try
             {
+
                 var inventoryItems = new List<CurrentInventoryItem>();
 
                 _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config));
@@ -66,20 +69,17 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
 
                 if (storePath != null)
                 {
-                    _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                    using var myRunspace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
-                    myRunspace.Open();
-
-                    _logger.LogTrace("Runspace is now open");
-                    _logger.LogTrace($"Attempting to read certificates from cert store: {storePath}");
-
-                    //foreach (Certificate cert in PowerShellUtilities.CertificateStore.GetCertificatesFromStore(myRunspace, storePath))
-                    WinInventory winInv = new WinInventory(_logger);
-                    inventoryItems = winInv.GetInventoryItems(myRunspace, storePath);
-
-                    _logger.LogTrace($"A total of {inventoryItems.Count} were found");
-                    _logger.LogTrace("Closing runspace");
-                    myRunspace.Close();
+                    // Create the remote connection class to pass to Inventory Class
+                    RemoteSettings settings = new();
+                    settings.ClientMachineName = config.CertificateStoreDetails.ClientMachine;
+                    settings.Protocol = jobProperties.WinRmProtocol;
+                    settings.Port = jobProperties.WinRmPort;
+                    settings.IncludePortInSPN = jobProperties.SpnPortFlag;
+                    settings.ServerUserName = serverUserName;
+                    settings.ServerPassword = serverPassword;
+
+                    WinInventory winInventory = new(_logger);
+                    inventoryItems = winInventory.GetInventoryItems(settings, storePath);
 
                     _logger.LogTrace("Invoking Inventory...");
                     submitInventory.Invoke(inventoryItems);

diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs
@@ -72,7 +72,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 long JobHistoryID = config.JobHistoryId;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                myRunspace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
+                myRunspace = PSHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
 
                 var complete = new JobResult
                 {
@@ -136,7 +136,7 @@ private JobResult performAddition(ManagementJobConfiguration config)
                 if (cryptoProvider !=  null)
                 {
                     _logger.LogInformation($"Checking the server for the crypto provider: {cryptoProvider}");
-                    if (!PsHelper.IsCSPFound(PsHelper.GetCSPList(myRunspace), cryptoProvider))
+                    if (!PSHelper.IsCSPFound(PSHelper.GetCSPList(myRunspace), cryptoProvider))
                         { throw new Exception($"The Crypto Provider: {cryptoProvider} was not found.  Please check the spelling and accuracy of the Crypto Provider Name provided.  If unsure which provider to use, leave the field blank and the default crypto provider will be used."); }
                 }
 

diff --git a/IISU/ImplementedStoreTypes/Win/WinInventory.cs b/IISU/ImplementedStoreTypes/Win/WinInventory.cs
@@ -11,11 +11,14 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Management.Automation;
 using System.Management.Automation.Runspaces;
 using System.Text;
 
@@ -29,11 +32,41 @@ public WinInventory(ILogger logger) : base(logger)
             _logger = logger;
         }
 
+        public List<CurrentInventoryItem> GetInventoryItems(RemoteSettings settings, string storePath)
+        {
+            _logger.LogTrace("Entering WinCert GetInventoryItems.");
+            List<CurrentInventoryItem> inventoryItems = new List<CurrentInventoryItem>();
+
+            _logger.LogTrace($"Attempting to read certificates from store: {storePath}.");
+            foreach (Certificate cert in base.GetCertificatesFromStore(settings, storePath))
+            {
+                var entryParms = new Dictionary<string, object>
+                        {
+                            { "ProviderName", cert.CryptoServiceProvider },
+                            { "SAN", cert.SAN }
+                        };
+
+                inventoryItems.Add(new CurrentInventoryItem
+                {
+                    Certificates = new[] { cert.CertificateData },
+                    Alias = cert.Thumbprint,
+                    PrivateKeyEntry = cert.HasPrivateKey,
+                    UseChainLevel = false,
+                    ItemStatus = OrchestratorInventoryItemStatus.Unknown,
+                    Parameters = entryParms
+                });
+            }
+
+            _logger.LogTrace($"Found {inventoryItems.Count} certificates.  Exiting WinCert GetInventoryItems.");
+            return inventoryItems;
+        }
+
         public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string storePath)
         {
             _logger.LogTrace("Entering WinCert GetInventoryItems.");
             List<CurrentInventoryItem> inventoryItems = new List<CurrentInventoryItem>();
 
+
             foreach (Certificate cert in base.GetCertificatesFromStore(runSpace, storePath))
             {
                 var entryParms = new Dictionary<string, object>

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert;
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
@@ -66,18 +67,25 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
 
                 if (storePath != null)
                 {
-                    _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                    using var myRunspace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
-                    myRunspace.Open();
+                    _logger.LogTrace($"Getting settings to connect to: {clientMachineName}");
 
-                    _logger.LogTrace("Runspace is now open");
-                    _logger.LogTrace($"Attempting to read bound IIS certificates from cert store: {storePath}");
-                    WinIISInventory IISInventory = new WinIISInventory(_logger);
-                    inventoryItems = IISInventory.GetInventoryItems(myRunspace, storePath);
+                    // Create the remote connection class to pass to Inventory Class
+                    RemoteSettings settings = new();
+                    settings.ClientMachineName = config.CertificateStoreDetails.ClientMachine;
+                    settings.Protocol = jobProperties.WinRmProtocol;
+                    settings.Port = jobProperties.WinRmPort;
+                    settings.IncludePortInSPN = jobProperties.SpnPortFlag;
+                    settings.ServerUserName = serverUserName;
+                    settings.ServerPassword = serverPassword;
 
+                    _logger.LogTrace($"Attempting to read bound IIS certificates from cert store: {storePath}");
+                    WinIISInventory winIISInventory = new(_logger);
+                    inventoryItems = winIISInventory.GetInventoryItems(settings, storePath);
                     _logger.LogTrace($"A total of {inventoryItems.Count} bound certificate(s) were found");
-                    _logger.LogTrace("Closing runspace...");
-                    myRunspace.Close();
+
+                    _logger.LogTrace("Invoking Inventory...");
+                    submitInventory.Invoke(inventoryItems);
+                    _logger.LogTrace($"Inventory Invoked ... {inventoryItems.Count} Items");
 
                     _logger.LogTrace("Invoking submitInventory..");
                     submitInventory.Invoke(inventoryItems);

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs
@@ -69,7 +69,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 long JobHistoryID = config.JobHistoryId;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                myRunspace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
+                myRunspace = PSHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
 
                 var complete = new JobResult
                 {
@@ -136,7 +136,7 @@ private JobResult PerformAddCertificate(ManagementJobConfiguration config, strin
                 if (cryptoProvider != null)
                 {
                     _logger.LogInformation($"Checking the server for the crypto provider: {cryptoProvider}");
-                    if (!PsHelper.IsCSPFound(PsHelper.GetCSPList(myRunspace), cryptoProvider))
+                    if (!PSHelper.IsCSPFound(PSHelper.GetCSPList(myRunspace), cryptoProvider))
                     { throw new Exception($"The Crypto Profider: {cryptoProvider} was not found.  Please check the spelling and accuracy of the Crypto Provider Name provided.  If unsure which provider to use, leave the field blank and the default crypto provider will be used."); }
                 }