Merge pull request #10 from Keyfactor/release-1.0

Release 1.0 to main

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -0,0 +1,19 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

CHANGELOG.md

@@ -1,5 +1,8 @@
-1.0.3
+1.0.4
 - Initial Public release
+
+1.0.3
+- Initial Internal/Private release
 - Supports Inventory and Reenrollment jobs
 - Allows Certificate Usage codes:
     - None

README.md

@@ -1,10 +1,10 @@
+
 # Bosch IP Camera
 
 Bosch IP Camera Orchestrator for Inventory and Reenrollment (on-device keygen) for existing and new certificates
 
 #### Integration status: Production - Ready for use in production environments.
 
-
 ## About the Keyfactor Universal Orchestrator Extension
 
 This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications.
@@ -13,15 +13,22 @@ The Universal Orchestrator is part of the Keyfactor software distribution and is
 
 The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator.
 
+## Support for Bosch IP Camera
 
+Bosch IP Camera is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
 
+###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
+
+---
 
 
 ---
 
 
 
+## Keyfactor Version Supported
 
+The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1
 ## Platform Specific Notes
 
 The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
@@ -31,7 +38,7 @@ The Keyfactor Universal Orchestrator may be installed on either Windows or Linux
 |Supports Management Remove|  |  |
 |Supports Create Store|  |  |
 |Supports Discovery|  |  |
-|Supports Renrollment|✓ |  |
+|Supports Reenrollment|✓ |  |
 |Supports Inventory|✓ |  |
 
 
@@ -97,6 +104,7 @@ The entry parameters that need to be created are as follows:
 ![](images/entry-overwrite.png)
 
 **2. Register the BoschIPCamera Universal Orchestrator with Keyfactor**
+
 Within Windows File Explorer, navigate to the Keyfactor Orchestrator installation folder (usually C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "extensions" folder, and under that create a new folder named "BoschIPCamera". Under the BoschIPCamera folder copy all of the files from the downloaded release to this location.
 
 **3. Create a Bosch IP Camera Store within Keyfactor Command**
@@ -137,12 +145,18 @@ The serial number is entered as the Store Path on the Certificate Store, and sho
 ![](images/reenrollment-example.png)
 
 Running a Reenrollment job to issue a new certificate on the camera can happen in two ways. 
-1. Right click on the cert store and chooose Reenrollment. In the dialog box, type "CN=Test" and click Done. A job will be created in the job queue that will perform on camera CSR that will be signed by a CA integrated with Keyfactor and then uploaded to the camera. Once complete, the camera will be rebooted. 
-2. For auto renewals with Expiration Workflow
-    a. Install ExperationAlertHandler.ps1 on Command server in C:\Program Files\Keyfactor\ExtensionLibrary
-    b. Create a collection for each certificate type (or one for all cert types) used on cameras. Create an exiration alert and configure the Event Handler similar to the one below.
+##### Manual Reenrollment Scheduling
+Right click on the cert store and chooose Reenrollment. In the dialog box, type "SERIALNUMBER=xxxx,CN=Test" and click Done. A job will be created in the job queue that will perform on camera CSR that will be signed by a CA integrated with Keyfactor and then uploaded to the camera. Once complete, the camera will be rebooted. 
+##### Automated Reenrollment Scheduling with Expiration Alerts
+Start by installing the ExperationAlertHandler.ps1 on the Command server.
+
+__Keyfactor Command before version 11__: copy the PowerShell to the ExtensionLibrary folder in the install location, typically `C:\Program Files\Keyfactor\ExtensionLibrary`
+
+__Keyfactor Command version 11+__: upload the script using the API [documented here](https://software.keyfactor.com/Core-OnPrem/v11.5/Content/ReferenceGuide/PowerShellScripts.htm) so it can be used in an Expiration Alert Handler
+
+After installing the PowerShell script, create a collection for each certificate type (or one for all cert types) used on cameras. Create an expiration alert and configure the Event Handler similar to the one below.
 
-  #### Event Handler Configuration 
+##### Event Handler Configuration 
 Parameter Name	|Type           |Value
 ----------------|---------------|------------
 DN	    |Token  |dn
@@ -152,3 +166,6 @@ ScriptName  |Script |ExpirationAlertHandler.ps1
 
 ![](images/ExpirationAlerts.gif)
 
+When creating cert store type manually, that store property names and entry parameter names are case sensitive
+
+

integration-manifest.json

@@ -3,11 +3,16 @@
   "integration_type": "orchestrator",
   "name": "Bosch IP Camera",
   "status": "production",
-  "update_catalog": false,
-  "link_github": false,
+  "update_catalog": true,
+  "link_github": true,
+  "support_level": "kf-supported",
+  "release_dir": "BoschIPCamera/bin/Release/netcoreapp3.1",
   "description": "Bosch IP Camera Orchestrator for Inventory and Reenrollment (on-device keygen) for existing and new certificates",
   "about": {
     "orchestrator": {
+      "UOFramework": "10.1",
+      "keyfactor_platform_version": "9.10",
+      "pam_support": false,
       "win": {
         "supportsCreateStore": false,
         "supportsDiscovery": false,
@@ -25,7 +30,95 @@
         "supportsReenrollment": false,
         "supportsInventory": false,
         "platformSupport": "Unused"
-      }
+      },
+      "store_types": [
+        {
+          "Name": "Bosch IP Camera",
+          "ShortName": "BIPCamera",
+          "Capability": "BIPCamera",
+          "LocalStore": false,
+          "SupportedOperations": {
+            "Add": true,
+            "Create": false,
+            "Discovery": false,
+            "Enrollment": true,
+            "Remove": true
+          },
+          "Properties": [
+            {
+              "Name": "ServerUsername",
+              "DisplayName": "Server Username",
+              "Type": "Secret",
+              "DependsOn": null,
+              "DefaultValue": null,
+              "Required": false
+            },
+            {
+              "Name": "ServerPassword",
+              "DisplayName": "Server Password",
+              "Type": "Secret",
+              "DependsOn": null,
+              "DefaultValue": null,
+              "Required": false
+            },
+            {
+              "Name": "ServerUseSsl",
+              "DisplayName": "Use SSL",
+              "Type": "Bool",
+              "DependsOn": null,
+              "DefaultValue": "true",
+              "Required": true
+            }
+          ],
+          "EntryParameters": [
+            {
+              "Name": "CertificateUsage",
+              "DisplayName": "Certificate Usage",
+              "Type": "MultipleChoice",
+              "RequiredWhen": {
+                "HasPrivateKey": false,
+                "OnAdd": false,
+                "OnRemove": false,
+                "OnReenrollment": false
+              },
+              "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client"
+            },
+            {
+              "Name": "Name",
+              "DisplayName": "Name (Alias)",
+              "Type": "String",
+              "RequiredWhen": {
+                "HasPrivateKey": false,
+                "OnAdd": false,
+                "OnRemove": false,
+                "OnReenrollment": true
+              }
+            },
+            {
+              "Name": "Overwrite",
+              "DisplayName": "Overwrite",
+              "Type": "Bool",
+              "RequiredWhen": {
+                "HasPrivateKey": false,
+                "OnAdd": false,
+                "OnRemove": false,
+                "OnReenrollment": false
+              },
+              "DefaultValue": "false"
+            }
+          ],
+          "PasswordOptions": {
+            "EntrySupported": false,
+            "StoreRequired": false,
+            "Style": "Default"
+          },
+          "PrivateKeyAllowed": "Optional",
+          "ServerRequired": true,
+          "PowerShell": false,
+          "BlueprintAllowed": true,
+          "CustomAliasAllowed": "Required"
+        }
+      ]
     }
   }
 }

readme-src/readme-pam-support.md

@@ -0,0 +1,4 @@
+|Name|Description|
+|----|-----------|
+|ServerUsername|The user id that will be used to authenticate into the server hosting the store|
+|ServerPassword|The password that will be used to authenticate into the server hosting the store|

readme_source.md

@@ -54,6 +54,7 @@ The entry parameters that need to be created are as follows:
 ![](images/entry-overwrite.png)
 
 **2. Register the BoschIPCamera Universal Orchestrator with Keyfactor**
+
 Within Windows File Explorer, navigate to the Keyfactor Orchestrator installation folder (usually C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "extensions" folder, and under that create a new folder named "BoschIPCamera". Under the BoschIPCamera folder copy all of the files from the downloaded release to this location.
 
 **3. Create a Bosch IP Camera Store within Keyfactor Command**
@@ -94,12 +95,18 @@ The serial number is entered as the Store Path on the Certificate Store, and sho
 ![](images/reenrollment-example.png)
 
 Running a Reenrollment job to issue a new certificate on the camera can happen in two ways. 
-1. Right click on the cert store and chooose Reenrollment. In the dialog box, type "CN=Test" and click Done. A job will be created in the job queue that will perform on camera CSR that will be signed by a CA integrated with Keyfactor and then uploaded to the camera. Once complete, the camera will be rebooted. 
-2. For auto renewals with Expiration Workflow
-    a. Install ExperationAlertHandler.ps1 on Command server in C:\Program Files\Keyfactor\ExtensionLibrary
-    b. Create a collection for each certificate type (or one for all cert types) used on cameras. Create an exiration alert and configure the Event Handler similar to the one below.
+##### Manual Reenrollment Scheduling
+Right click on the cert store and chooose Reenrollment. In the dialog box, type "SERIALNUMBER=xxxx,CN=Test" and click Done. A job will be created in the job queue that will perform on camera CSR that will be signed by a CA integrated with Keyfactor and then uploaded to the camera. Once complete, the camera will be rebooted. 
+##### Automated Reenrollment Scheduling with Expiration Alerts
+Start by installing the ExperationAlertHandler.ps1 on the Command server.
+
+__Keyfactor Command before version 11__: copy the PowerShell to the ExtensionLibrary folder in the install location, typically `C:\Program Files\Keyfactor\ExtensionLibrary`
+
+__Keyfactor Command version 11+__: upload the script using the API [documented here](https://software.keyfactor.com/Core-OnPrem/v11.5/Content/ReferenceGuide/PowerShellScripts.htm) so it can be used in an Expiration Alert Handler
+
+After installing the PowerShell script, create a collection for each certificate type (or one for all cert types) used on cameras. Create an expiration alert and configure the Event Handler similar to the one below.
 
-  #### Event Handler Configuration 
+##### Event Handler Configuration 
 Parameter Name	|Type           |Value
 ----------------|---------------|------------
 DN	    |Token  |dn