Merge branch '58570-Add_Cert_With_No_PW' into MacysPOC

Keyfactor · May 29, 2024 · c50a384 · c50a384
2 parents 3ce27b4 + 1a5353d
commit c50a384
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 44 deletions.
diff --git a/IISU/ClientPSCertStoreManager.cs b/IISU/ClientPSCertStoreManager.cs
@@ -15,6 +15,7 @@
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
 using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.FlowAnalysis;
 using Microsoft.Extensions.Logging;
 using System;
 using System.IO;
@@ -115,7 +116,7 @@ public void DeletePFXFile(string filePath, string fileName)
             }
         }
 
-        public JobResult ImportPFXFile(string filePath, string privateKeyPassword, string cryptoProviderName)
+        public JobResult ImportPFXFile(string filePath, string privateKeyPassword, string cryptoProviderName, string storePath)
         {
             try
             {
@@ -127,61 +128,92 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin
 
                     if (cryptoProviderName == null)
                     {
-                        //string script = @"
-                        //param($pfxFilePath, $privateKeyPassword)
-                        //$output = certutil -importpfx -p $privateKeyPassword $pfxFilePath 2>&1
-                        //$c = $LASTEXITCODE 2>&1
-                        //$output
-                        //";
-
-                        string script = @"
-                        param($pfxFilePath, $privateKeyPassword)
-                        $output = certutil -importpfx -p $privateKeyPassword $pfxFilePath 2>&1
-                        $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)""
-                        $stuff = certutil -dump
-
-                        if ($stuff.GetType().Name -eq ""String"")
+                        if (privateKeyPassword == null)
                         {
-                            $stuff = @($stuff, $exit_message)
+                            // If no private key password is provided, import the pfx file directory to the store using addstore argument
+                            string script = @"
+                            param($pfxFilePath, $storePath)
+                            $output = certutil -addstore Cert:\LocalMachine\$storePath $pfxFilePath 2>&1
+                            $c = $LASTEXITCODE
+                            $output
+                            ";
+
+                            ps.AddScript(script);
+                            ps.AddParameter("pfxFilePath", filePath);
+                            ps.AddParameter("storePath", storePath);
                         }
                         else
                         {
-                            $stuff += $exit_message
-                        }
+                            // Use ImportPFX to import the pfx file with private key password to the appropriate cert store
 
-                        $output
-                        $stuff
-                        ";
+                            string script = @"
+                            param($pfxFilePath, $privateKeyPassword)
+                            $output = certutil -importpfx -p $privateKeyPassword $pfxFilePath 2>&1
+                            $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)""
+                            $stuff = certutil -dump
+
+                            if ($stuff.GetType().Name -eq ""String"")
+                            {
+                                $stuff = @($stuff, $exit_message)
+                            }
+                            else
+                            {
+                                $stuff += $exit_message
+                            }
 
-                        ps.AddScript(script);
-                        ps.AddParameter("pfxFilePath", filePath);
-                        ps.AddParameter("privateKeyPassword", privateKeyPassword);
+                            $output
+                            $stuff
+                            ";
+
+                            ps.AddScript(script);
+                            ps.AddParameter("pfxFilePath", filePath);
+                            ps.AddParameter("privateKeyPassword", privateKeyPassword);
+                            ps.AddParameter("storePath", storePath);
+                        }
                     }
                     else
                     {
-                        string script = @"
-                        param($pfxFilePath, $privateKeyPassword, $cspName)
-                        $output = certutil -importpfx -csp $cspName -p $privateKeyPassword $pfxFilePath 2>&1
-                        $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)""
-                        $stuff = certutil -dump
-
-                        if ($stuff.GetType().Name -eq ""String"")
+                        if (privateKeyPassword == null)
                         {
-                            $stuff = @($stuff, $exit_message)
+                            string script = @"
+                            param($pfxFilePath, $cspName, $storePath)
+                            $output = certutil -csp $cspName -addstore LocalMachine\$storePath $pfxFilePath 2>&1
+                            $c = $LASTEXITCODE
+                            $output
+                            ";
+
+                            ps.AddScript(script);
+                            ps.AddParameter("pfxFilePath", filePath);
+                            ps.AddParameter("cspName", cryptoProviderName);
+                            ps.AddParameter("storePath", storePath);
                         }
                         else
                         {
-                            $stuff += $exit_message
-                        }
+                            string script = @"
+                            param($pfxFilePath, $privateKeyPassword, $cspName)
+                            $output = certutil -importpfx -csp $cspName -p $privateKeyPassword LocalMachine\$storePath $pfxFilePath 2>&1
+                            $exit_message = ""LASTEXITCODE:$($LASTEXITCODE)""
+                            $stuff = certutil -dump
 
-                        $output
-                        $stuff
-                        ";
+                            if ($stuff.GetType().Name -eq ""String"")
+                            {
+                                $stuff = @($stuff, $exit_message)
+                            }
+                            else
+                            {
+                                $stuff += $exit_message
+                            }
 
-                        ps.AddScript(script);
-                        ps.AddParameter("pfxFilePath", filePath);
-                        ps.AddParameter("privateKeyPassword", privateKeyPassword);
-                        ps.AddParameter("cspName", cryptoProviderName);
+                            $output
+                            $stuff
+                            ";
+
+                            ps.AddScript(script);
+                            ps.AddParameter("pfxFilePath", filePath);
+                            ps.AddParameter("privateKeyPassword", privateKeyPassword);
+                            ps.AddParameter("cspName", cryptoProviderName);
+                            ps.AddParameter("storePath", storePath);
+                        }
                     }
 
                     // Invoke the script

diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs
@@ -145,7 +145,7 @@ private JobResult performAddition(ManagementJobConfiguration config)
 
                     // Using certutil on the remote computer, import the pfx file using a supplied csp if any.
                     _logger.LogTrace($"Importing temporary PFX File: {filePath}.");
-                    JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider);
+                    JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider, storePath);
 
                     // Delete the temporary file
                     _logger.LogTrace($"Deleting temporary PFX File: {filePath}.");

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs
@@ -148,7 +148,7 @@ private JobResult PerformAddCertificate(ManagementJobConfiguration config, strin
                 _logger.LogTrace($"{filePath} was created.");
 
                 // Using certutil on the remote computer, import the pfx file using a supplied csp if any.
-                JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider);
+                JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider, storePath);
 
                 // Delete the temporary file
                 manager.DeletePFXFile(Path.GetDirectoryName(filePath), Path.GetFileNameWithoutExtension(filePath));

diff --git a/IISU/ImplementedStoreTypes/WinSQL/Management.cs b/IISU/ImplementedStoreTypes/WinSQL/Management.cs
@@ -145,7 +145,7 @@ private JobResult PerformAddCertificate(ManagementJobConfiguration config, strin
                 _logger.LogTrace($"{filePath} was created.");
 
                 // Using certutil on the remote computer, import the pfx file using a supplied csp if any.
-                JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider);
+                JobResult result = manager.ImportPFXFile(filePath, privateKeyPassword, cryptoProvider, storePath);
 
                 // Delete the temporary file
                 manager.DeletePFXFile(Path.GetDirectoryName(filePath), Path.GetFileNameWithoutExtension(filePath));