From d7dabe32df76b592f54e99b04449bd13dc620010 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Thu, 6 Jul 2023 14:36:30 -0400 Subject: [PATCH] Nullthumb (#80) * Update KeyfactorClient.cs - IIS Orchestrator Fails with https binding with no cert attached fixes ab#47018 fixes ab#46865 --- CHANGELOG.md | 3 +++ IISU/ClientPSIIManager.cs | 15 ++++++++------- README.md | 2 ++ 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 872e330..60e9dd8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +2.2.1 +* Fixed issue where https binding without cert was causing an error + 2.2.0 * Added Support for GMSA Account by using no value for ServerUsernanme and ServerPassword. KF Command version 10.2 or later is required to specify empty credentials. * Added local PowerShell support, triggered when specifying 'localhost' as the client machine while using the IISU or WinCert Orchestrator. This change was tested using KF Command 10.3 diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs index 600f085..dd57b4a 100644 --- a/IISU/ClientPSIIManager.cs +++ b/IISU/ClientPSIIManager.cs @@ -178,16 +178,17 @@ public JobResult BindCertificate(X509Certificate2 x509Cert) var bindings = ps.Invoke(); foreach (var binding in bindings) { - if (binding.Properties["Protocol"].Value.ToString().Contains("http")) + if (binding.Properties["Protocol"].Value.ToString().Contains("https")) { _logger.LogTrace("Looping Bindings...."); var bindingSiteName = binding.Properties["name"].Value.ToString(); - var bindingIpAddress = binding.Properties["Bindings"].Value.ToString()?.Split(':')[0]; - var bindingPort = binding.Properties["Bindings"].Value.ToString()?.Split(':')[1]; - var bindingHostName = binding.Properties["Bindings"].Value.ToString()?.Split(':')[2]; - var bindingProtocol = binding.Properties["Protocol"].Value.ToString(); - var bindingThumbprint = binding.Properties["thumbprint"].Value.ToString(); - var bindingSniFlg = binding.Properties["sniFlg"].Value.ToString(); + var bindingBindings = binding.Properties["Bindings"].Value.ToString()?.Split(':'); + var bindingIpAddress = bindingBindings?.Length > 0 ? bindingBindings[0] : null; + var bindingPort = bindingBindings?.Length > 1 ? bindingBindings[1] : null; + var bindingHostName = bindingBindings?.Length > 2 ? bindingBindings[2] : null; + var bindingProtocol = binding.Properties["Protocol"]?.Value?.ToString(); + var bindingThumbprint = binding.Properties["thumbprint"]?.Value?.ToString(); + var bindingSniFlg = binding.Properties["sniFlg"]?.Value?.ToString(); _logger.LogTrace( $"bindingSiteName: {bindingSiteName}, bindingIpAddress: {bindingIpAddress}, bindingPort: {bindingPort}, bindingHostName: {bindingHostName}, bindingProtocol: {bindingProtocol}, bindingThumbprint: {bindingThumbprint}, bindingSniFlg: {bindingSniFlg}"); diff --git a/README.md b/README.md index 637e9b5..65b10fd 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ The Windows Certificate Store Orchestrator Extension implements two certificate #### Integration status: Production - Ready for use in production environments. + ## About the Keyfactor Universal Orchestrator Extension This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. @@ -15,6 +16,7 @@ The Universal Orchestrator is the successor to the Windows Orchestrator. This Or + ---