diff --git a/IISU/IISManager.cs b/IISU/IISManager.cs
index 59abc55..30aea1d 100644
--- a/IISU/IISManager.cs
+++ b/IISU/IISManager.cs
@@ -42,7 +42,7 @@ public class IISManager
/// Performs a Reenrollment of a certificate in IIS
///
///
- public IISManager(ReenrollmentJobConfiguration config)
+ public IISManager(ReenrollmentJobConfiguration config,string serverUserName,string serverPassword)
{
Logger = LogHandler.GetClassLogger();
@@ -56,8 +56,8 @@ public IISManager(ReenrollmentJobConfiguration config)
IpAddress = config.JobProperties["IPAddress"].ToString();
PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password
- ServerUserName = config.ServerUsername;
- ServerPassword = config.ServerPassword;
+ ServerUserName = serverUserName;
+ ServerPassword = serverPassword;
RenewalThumbprint = ""; // A reenrollment will always be empty
ClientMachine = config.CertificateStoreDetails.ClientMachine;
Path = config.CertificateStoreDetails.StorePath;
@@ -81,7 +81,7 @@ public IISManager(ReenrollmentJobConfiguration config)
/// Performs Management functions of Adding or updating certificates in IIS
///
///
- public IISManager(ManagementJobConfiguration config)
+ public IISManager(ManagementJobConfiguration config, string serverUserName, string serverPassword)
{
Logger = LogHandler.GetClassLogger();
@@ -95,8 +95,8 @@ public IISManager(ManagementJobConfiguration config)
IpAddress = config.JobProperties["IPAddress"].ToString();
PrivateKeyPassword = config.JobCertificate.PrivateKeyPassword;
- ServerUserName = config.ServerUsername;
- ServerPassword = config.ServerPassword;
+ ServerUserName = serverUserName;
+ ServerPassword = serverPassword;
ClientMachine = config.CertificateStoreDetails.ClientMachine;
Path = config.CertificateStoreDetails.StorePath;
CertContents = config.JobCertificate.Contents;
diff --git a/IISU/IISU.csproj b/IISU/IISU.csproj
index 45621eb..4ad8110 100644
--- a/IISU/IISU.csproj
+++ b/IISU/IISU.csproj
@@ -1,30 +1,30 @@
-
-
-
- netcoreapp3.1
+
+
+
+ netcoreapp3.1
Keyfactor.Extensions.Orchestrator.IISU
- true
-
-
-
- none
- false
-
-
+ true
+
+
+
+ none
+ false
+
+
-
-
-
-
-
-
-
- PreserveNewest
-
-
-
-
+
+
+
+
+
+
+
+ PreserveNewest
+
+
+
+
diff --git a/IISU/Jobs/Inventory.cs b/IISU/Jobs/Inventory.cs
index 934780c..535b1cb 100644
--- a/IISU/Jobs/Inventory.cs
+++ b/IISU/Jobs/Inventory.cs
@@ -7,6 +7,7 @@
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
+using Keyfactor.Orchestrators.Extensions.Interfaces;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
@@ -14,16 +15,33 @@ namespace Keyfactor.Extensions.Orchestrator.IISU.Jobs
{
public class Inventory : IInventoryJobExtension
{
- private readonly ILogger _logger;
-
- public Inventory(ILogger logger) =>
- _logger = logger;
+ private ILogger _logger;
+
+ private IPAMSecretResolver _resolver;
+
+ private string ServerUserName { get; set; }
+ private string ServerPassword { get; set; }
+
+ public Inventory(IPAMSecretResolver resolver)
+ {
+ _resolver = resolver;
+ }
+
+ private string ResolvePamField(string name, string value)
+ {
+ _logger.LogTrace($"Attempting to resolved PAM eligible field {name}");
+ return _resolver.Resolve(value);
+ }
private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInventoryUpdate submitInventory)
{
try
- {
- _logger.MethodEntry();
+ {
+ _logger = LogHandler.GetClassLogger();
+ _logger.MethodEntry();
+ ServerUserName = ResolvePamField("Server UserName", config.ServerUsername);
+ ServerPassword = ResolvePamField("Server Password", config.ServerPassword);
+
_logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
var storePath = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
var inventoryItems = new List();
@@ -35,10 +53,10 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
if (storePath != null)
{
- var pw = new NetworkCredential(config.ServerUsername, config.ServerPassword)
+ var pw = new NetworkCredential(ServerUserName, ServerPassword)
.SecurePassword;
- _logger.LogTrace($"Credentials: UserName:{config.ServerUsername} Password:{config.ServerPassword}");
- connInfo.Credential = new PSCredential(config.ServerUsername, pw);
+ _logger.LogTrace($"Credentials: UserName:{ServerUserName} Password:{ServerPassword}");
+ connInfo.Credential = new PSCredential(ServerUserName, pw);
_logger.LogTrace($"PSCredential Created {pw}");
using var runSpace = RunspaceFactory.CreateRunspace(connInfo);
diff --git a/IISU/Jobs/Management.cs b/IISU/Jobs/Management.cs
index 64e651c..fc015cd 100644
--- a/IISU/Jobs/Management.cs
+++ b/IISU/Jobs/Management.cs
@@ -6,6 +6,7 @@
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
+using Keyfactor.Orchestrators.Extensions.Interfaces;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
@@ -13,19 +14,33 @@ namespace Keyfactor.Extensions.Orchestrator.IISU.Jobs
{
public class Management : IManagementJobExtension
{
- private readonly ILogger _logger;
+ private ILogger _logger;
+
+ private IPAMSecretResolver _resolver;
private string _thumbprint = string.Empty;
- public Management(ILogger logger)
+ private string ServerUserName { get; set; }
+ private string ServerPassword { get; set; }
+
+ public Management(IPAMSecretResolver resolver)
{
- _logger = logger;
+ _resolver = resolver;
}
public string ExtensionName => "IISU";
+ private string ResolvePamField(string name,string value)
+ {
+ _logger.LogTrace($"Attempting to resolved PAM eligible field {name}");
+ return _resolver.Resolve(value);
+ }
+
public JobResult ProcessJob(ManagementJobConfiguration jobConfiguration)
{
+ _logger = LogHandler.GetClassLogger();
+ ServerUserName = ResolvePamField("Server UserName", jobConfiguration.ServerUsername);
+ ServerPassword = ResolvePamField("Server Password", jobConfiguration.ServerPassword);
_logger.MethodEntry();
_logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(jobConfiguration)}");
var complete = new JobResult
@@ -83,10 +98,10 @@ private JobResult PerformRemoval(ManagementJobConfiguration config)
{
_logger.LogTrace($"IncludePortInSPN: {storePath.SpnPortFlag}");
connInfo.IncludePortInSPN = storePath.SpnPortFlag;
- var pw = new NetworkCredential(config.ServerUsername, config.ServerPassword)
+ var pw = new NetworkCredential(ServerUserName, ServerPassword)
.SecurePassword;
- _logger.LogTrace($"Credentials: UserName:{config.ServerUsername} Password:{config.ServerPassword}");
- connInfo.Credential = new PSCredential(config.ServerUsername, pw);
+ _logger.LogTrace($"Credentials: UserName:{ServerUserName} Password:{ServerPassword}");
+ connInfo.Credential = new PSCredential(ServerUserName, pw);
_logger.LogTrace($"PSCredential Created {pw}");
using var runSpace = RunspaceFactory.CreateRunspace(connInfo);
_logger.LogTrace("runSpace Created");
@@ -212,7 +227,7 @@ private JobResult PerformAddition(ManagementJobConfiguration config)
{
_logger.MethodEntry();
- var iisManager=new IISManager(config);
+ var iisManager=new IISManager(config,ServerUserName,ServerPassword);
return iisManager.AddCertificate();
}
catch (Exception ex)
diff --git a/IISU/Jobs/ReEnrollment.cs b/IISU/Jobs/ReEnrollment.cs
index eba5534..703e60b 100644
--- a/IISU/Jobs/ReEnrollment.cs
+++ b/IISU/Jobs/ReEnrollment.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Collections;
+using System;
using System.Collections.ObjectModel;
using System.Linq;
using System.Management.Automation;
@@ -10,6 +9,7 @@
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
+using Keyfactor.Orchestrators.Extensions.Interfaces;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
@@ -17,18 +17,27 @@ namespace Keyfactor.Extensions.Orchestrator.IISU.Jobs
{
public class ReEnrollment:IReenrollmentJobExtension
{
- private readonly ILogger _logger;
+ private ILogger _logger;
- public ReEnrollment(ILogger logger)
+ private IPAMSecretResolver _resolver;
+
+ public ReEnrollment(IPAMSecretResolver resolver)
{
- _logger = logger;
+ _resolver = resolver;
}
public string ExtensionName => "IISU";
+ private string ResolvePamField(string name, string value)
+ {
+ _logger.LogTrace($"Attempting to resolved PAM eligible field {name}");
+ return _resolver.Resolve(value);
+ }
+
public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollmentCSR submitReEnrollmentUpdate)
{
_logger.MethodEntry();
+ _logger = LogHandler.GetClassLogger();
_logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
var storePath = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
_logger.LogTrace($"WinRm Url: {storePath?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{storePath?.WinRmPort}/wsman");
@@ -44,6 +53,8 @@ private JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submi
try
{
_logger.MethodEntry();
+ var serverUserName = ResolvePamField("Server UserName", config.ServerUsername);
+ var serverPassword = ResolvePamField("Server Password", config.ServerPassword);
// Extract values necessary to create remote PS connection
JobProperties properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties,
@@ -51,10 +62,10 @@ private JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submi
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman"));
connectionInfo.IncludePortInSPN = properties.SpnPortFlag;
- var pw = new NetworkCredential(config.ServerUsername, config.ServerPassword).SecurePassword;
- _logger.LogTrace($"Credentials: UserName:{config.ServerUsername} Password:{config.ServerPassword}");
+ var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
+ _logger.LogTrace($"Credentials: UserName:{serverUserName} Password:{serverPassword}");
- connectionInfo.Credential = new PSCredential(config.ServerUsername, pw);
+ connectionInfo.Credential = new PSCredential(serverUserName, pw);
_logger.LogTrace($"PSCredential Created {pw}");
// Establish new remote ps session
@@ -64,6 +75,7 @@ private JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submi
runSpace.Open();
_logger.LogTrace("Workspace opened");
+ // NEW
var ps = PowerShell.Create();
ps.Runspace = runSpace;
@@ -176,8 +188,7 @@ private JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submi
runSpace.Close();
// Bind the certificate to IIS
- _logger.LogTrace("Binding the certificate to IIS.");
- var iisManager = new IISManager(config);
+ var iisManager = new IISManager(config,serverUserName,serverPassword);
return iisManager.ReEnrollCertificate(myCert);
}
else
diff --git a/README.md b/README.md
index 78e2a1d..0089bc2 100644
--- a/README.md
+++ b/README.md
@@ -20,9 +20,11 @@ The Universal Orchestrator is the successor to the Windows Orchestrator. This Ca
-## Platform Specific Notes
+## Keyfactor Version Supported
+
+The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1
-The minimum version of the Universal Orchestrator Framework needed to run this version of the extension is
+## Platform Specific Notes
The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running.
| Operation | Win | Linux |
diff --git a/integration-manifest.json b/integration-manifest.json
index dc6cc1e..fb483e8 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -7,6 +7,7 @@
"description": "The IIS Orchestrator treats the certificates bound (actively in use) on a Microsoft Internet Information Server (IIS) as a Keyfactor certificate store. Inventory and Management functions are supported. The orchestrator replaces the IIS orchestrator that ships with Keyfactor Command (which did not support binding.)",
"about": {
"orchestrator": {
+ "UOFramework": "10.1",
"win": {
"supportsCreateStore": false,
"supportsDiscovery": false,