Keyfactor · doebrowsk · Dec 10, 2024 · Sep 6, 2024 · Sep 6, 2024 · Sep 10, 2024
diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+2.5.0
+* Added the Bindings to the end of the thumbprint to make the alias unique.
+* Using new IISWebBindings commandlet to use additional SSL flags when binding certificate to website.
+* Added multi-platform support for .Net6 and .Net8.
+* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absense of the WebAdministration module in PS SDK 7.4.x+)
+* Fixed issue to update multiple websites when using the same cert.
+* Removed renewal thumbprint logic to update multiple website; each job now updates its own specific certificate.
+
 2.4.4
 * Fix an issue with WinRM parameters when migrating Legacy IIS Stores to the WinCert type
 * Fix an issue with "Delete" script in the Legacy IIS Migration that did not remove some records from dependent tables

diff --git a/IISU/CertificateStore.cs b/IISU/CertificateStore.cs
@@ -181,38 +181,21 @@ public static List<CurrentInventoryItem> GetIISBoundCertificates(Runspace runSpa
 
                     if (foundCert == null) continue;
 
-                    var sniValue = "";
-                    switch (Convert.ToInt16(binding.Properties["sniFlg"]?.Value))
-                    {
-                        case 0:
-                            sniValue = "0 - No SNI";
-                            break;
-                        case 1:
-                            sniValue = "1 - SNI Enabled";
-                            break;
-                        case 2:
-                            sniValue = "2 - Non SNI Binding";
-                            break;
-                        case 3:
-                            sniValue = "3 - SNI Binding";
-                            break;
-                    }
-
                     var siteSettingsDict = new Dictionary<string, object>
                              {
                                  { "SiteName", binding.Properties["Name"]?.Value },
                                  { "Port", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[1] },
                                  { "IPAddress", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[0] },
                                  { "HostName", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[2] },
-                                 { "SniFlag", sniValue },
+                                 { "SniFlag", binding.Properties["sniFlg"]?.Value },
                                  { "Protocol", binding.Properties["Protocol"]?.Value }
                              };
 
                     myBoundCerts.Add(
                         new CurrentInventoryItem
                         {
                             Certificates = new[] { foundCert.CertificateData },
-                            Alias = thumbPrint,
+                            Alias = thumbPrint + ":" + binding.Properties["Bindings"]?.Value.ToString(),
                             PrivateKeyEntry = foundCert.HasPrivateKey,
                             UseChainLevel = false,
                             ItemStatus = OrchestratorInventoryItemStatus.Unknown,

diff --git a/IISU/CertificateStoreException.cs b/IISU/CertificateStoreException.cs
@@ -18,7 +18,7 @@
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
     [Serializable]
-    internal class CertificateStoreException : Exception
+    public class CertificateStoreException : Exception
     {
         public CertificateStoreException()
         {
@@ -32,7 +32,7 @@
        {
        }

        protected CertificateStoreException(SerializationInfo info, StreamingContext context) : base(info, context)
        {
        }
    }

diff --git a/IISU/ClientPSCertStoreInventory.cs b/IISU/ClientPSCertStoreInventory.cs
@@ -11,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+using Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU;
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
 using System;
@@ -21,9 +22,15 @@
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
-    abstract class ClientPSCertStoreInventory
+    public abstract class ClientPSCertStoreInventory
     {
         private ILogger _logger;
+
+        protected ClientPSCertStoreInventory()
+        {
+            _logger = LogHandler.GetClassLogger<ClientPSCertStoreInventory>();
+        }
+
         public ClientPSCertStoreInventory(ILogger logger)
         {
             _logger = logger;

diff --git a/IISU/ClientPSCertStoreManager.cs b/IISU/ClientPSCertStoreManager.cs
@@ -27,7 +27,7 @@
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
-    internal class ClientPSCertStoreManager
+    public class ClientPSCertStoreManager
     {
         private ILogger _logger;
         private Runspace _runspace;
@@ -40,6 +40,11 @@ public X509Certificate2 X509Cert
             get { return x509Cert; }
         }
 
+        public ClientPSCertStoreManager(Runspace runSpace)
+        {
+            _logger = LogHandler.GetClassLogger<ClientPSCertStoreManager>();
+            _runspace = runSpace;
+        }
 
         public ClientPSCertStoreManager(ILogger logger, Runspace runSpace, long jobNumber)
         {
@@ -126,9 +131,9 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin
                 {
                     ps.Runspace = _runspace;
 
-                    if (cryptoProviderName == null)
+                    if (string.IsNullOrEmpty(cryptoProviderName))
                     {
-                        if (privateKeyPassword == null)
+                        if (string.IsNullOrEmpty(privateKeyPassword))
                         {
                             // If no private key password is provided, import the pfx file directory to the store using addstore argument
                             string script = @"
@@ -179,7 +184,7 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin
                     }
                     else
                     {
-                        if (privateKeyPassword == null)
+                        if (string.IsNullOrEmpty(privateKeyPassword))
                         {
                             string script = @"
                             param($pfxFilePath, $cspName, $storePath)