From 44ec4daa22b1f657b34708e0f6923e5e796bd7ea Mon Sep 17 00:00:00 2001 From: Bob Pokorny Date: Thu, 16 Mar 2023 22:09:39 +0000 Subject: [PATCH 1/2] Refactored WinIIS to IISU. Updated ReadMe to reflect changes. --- IISU/ClientPSCertStoreReEnrollment.cs | 13 +++++----- IISU/ClientPSIIManager.cs | 2 +- IISU/ImplementedStoreTypes/Win/Inventory.cs | 2 +- IISU/ImplementedStoreTypes/Win/Management.cs | 2 +- .../ImplementedStoreTypes/Win/ReEnrollment.cs | 2 +- .../ImplementedStoreTypes/Win/WinInventory.cs | 2 +- .../WinIIS/IISManager.cs | 6 ++--- .../ImplementedStoreTypes/WinIIS/Inventory.cs | 2 +- .../WinIIS/Management.cs | 6 +---- .../WinIIS/ReEnrollment.cs | 2 +- .../WinIIS/WinIISInventory.cs | 2 +- IISU/WindowsCertStore.csproj | 1 + IISU/manifest.json | 24 +++++++++---------- readme_source.md | 12 ++++------ 14 files changed, 37 insertions(+), 41 deletions(-) diff --git a/IISU/ClientPSCertStoreReEnrollment.cs b/IISU/ClientPSCertStoreReEnrollment.cs index 5257f83..fca10b0 100644 --- a/IISU/ClientPSCertStoreReEnrollment.cs +++ b/IISU/ClientPSCertStoreReEnrollment.cs @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS; using Keyfactor.Logging; using Keyfactor.Orchestrators.Common.Enums; using Keyfactor.Orchestrators.Extensions; @@ -34,8 +33,8 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore { internal class ClientPSCertStoreReEnrollment { - private ILogger _logger; - private IPAMSecretResolver _resolver; + private readonly ILogger _logger; + private readonly IPAMSecretResolver _resolver; public ClientPSCertStoreReEnrollment(ILogger logger, IPAMSecretResolver resolver) { @@ -59,8 +58,10 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit JobProperties properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); - WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman")); - connectionInfo.IncludePortInSPN = properties.SpnPortFlag; + WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman")) + { + IncludePortInSPN = properties.SpnPortFlag + }; var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword; _logger.LogTrace($"Credentials: UserName:{serverUserName}"); @@ -91,7 +92,7 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit Collection results; // If the provider name is null, default it to the Microsoft CA - if (providerName == null) providerName = "Microsoft Strong Cryptographic Provider"; + providerName ??= "Microsoft Strong Cryptographic Provider"; // Create the script file ps.AddScript("$infFilename = New-TemporaryFile"); diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs index 2e08b32..a322211 100644 --- a/IISU/ClientPSIIManager.cs +++ b/IISU/ClientPSIIManager.cs @@ -82,7 +82,7 @@ public ClientPSIIManager(ReenrollmentJobConfiguration config, string serverUsern Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"]?.ToString()[..1]; IPAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password diff --git a/IISU/ImplementedStoreTypes/Win/Inventory.cs b/IISU/ImplementedStoreTypes/Win/Inventory.cs index d277ba7..44c0ef4 100644 --- a/IISU/ImplementedStoreTypes/Win/Inventory.cs +++ b/IISU/ImplementedStoreTypes/Win/Inventory.cs @@ -25,7 +25,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class Inventory : WinCertJobTypeBase, IInventoryJobExtension { diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs index fe5d96a..d7eddfa 100644 --- a/IISU/ImplementedStoreTypes/Win/Management.cs +++ b/IISU/ImplementedStoreTypes/Win/Management.cs @@ -24,7 +24,7 @@ using System.Net; using Keyfactor.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class Management : WinCertJobTypeBase, IManagementJobExtension { diff --git a/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs b/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs index 9152fd3..a261438 100644 --- a/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs +++ b/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs @@ -16,7 +16,7 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class ReEnrollment : WinCertJobTypeBase, IReenrollmentJobExtension { diff --git a/IISU/ImplementedStoreTypes/Win/WinInventory.cs b/IISU/ImplementedStoreTypes/Win/WinInventory.cs index 70ad891..0e4542c 100644 --- a/IISU/ImplementedStoreTypes/Win/WinInventory.cs +++ b/IISU/ImplementedStoreTypes/Win/WinInventory.cs @@ -19,7 +19,7 @@ using System.Management.Automation.Runspaces; using System.Text; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { internal class WinInventory : ClientPSCertStoreInventory { diff --git a/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs b/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs index 6a14735..eda2049 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs @@ -24,7 +24,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class IISManager { @@ -66,7 +66,7 @@ public IISManager(ReenrollmentJobConfiguration config, string serverUserName, st Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; IpAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password @@ -105,7 +105,7 @@ public IISManager(ManagementJobConfiguration config, string serverUserName, stri Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; IpAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = config.JobCertificate.PrivateKeyPassword; diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs index 0919ccf..8ea49e4 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs @@ -25,7 +25,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class Inventory : WinCertJobTypeBase, IInventoryJobExtension { diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs index da0d60f..b7bc699 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/Management.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/Management.cs @@ -25,7 +25,7 @@ using Microsoft.PowerShell.Commands; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class Management : WinCertJobTypeBase, IManagementJobExtension { @@ -33,8 +33,6 @@ public class Management : WinCertJobTypeBase, IManagementJobExtension public string ExtensionName => string.Empty; - private string _thumbprint = string.Empty; - private Runspace myRunspace; public Management(IPAMSecretResolver resolver) @@ -139,8 +137,6 @@ private JobResult PerformRemoveCertificate(ManagementJobConfiguration config, st { _logger.LogTrace("Before Remove Certificate..."); - string certificateContents = config.JobCertificate.Contents; - string privateKeyPassword = config.JobCertificate.PrivateKeyPassword; string storePath = config.CertificateStoreDetails.StorePath; long jobNumber = config.JobHistoryId; diff --git a/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs b/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs index 59d2703..4307725 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs @@ -17,7 +17,7 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class ReEnrollment: WinCertJobTypeBase, IReenrollmentJobExtension { diff --git a/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs b/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs index 23fb0a3..5ac831f 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs @@ -22,7 +22,7 @@ using System.Management.Automation.Runspaces; using System.Text; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { internal class WinIISInventory : ClientPSCertStoreInventory { diff --git a/IISU/WindowsCertStore.csproj b/IISU/WindowsCertStore.csproj index dd80058..5af1292 100644 --- a/IISU/WindowsCertStore.csproj +++ b/IISU/WindowsCertStore.csproj @@ -21,6 +21,7 @@ + diff --git a/IISU/manifest.json b/IISU/manifest.json index 77c0b2b..6fa8618 100644 --- a/IISU/manifest.json +++ b/IISU/manifest.json @@ -1,29 +1,29 @@ { "extensions": { "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { - "CertStores.WinIIS.Inventory": { + "CertStores.IISU.Inventory": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.Inventory" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.Inventory" }, - "CertStores.WinIIS.Management": { + "CertStores.IISU.Management": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.Management" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.Management" }, - "CertStores.WinIIS.ReEnrollment": { + "CertStores.IISU.ReEnrollment": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.ReEnrollment" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.ReEnrollment" }, - "CertStores.Win.Inventory": { + "CertStores.WinCert.Inventory": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.Inventory" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.Inventory" }, - "CertStores.Win.Management": { + "CertStores.WinCert.Management": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.Management" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.Management" }, - "CertStores.Win.ReEnrollment": { + "CertStores.WinCert.ReEnrollment": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.ReEnrollment" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.ReEnrollment" } } } diff --git a/readme_source.md b/readme_source.md index 550a643..519a12b 100644 --- a/readme_source.md +++ b/readme_source.md @@ -22,8 +22,6 @@ In version 2.0 of the IIS Orchestrator, the certificate store type has been rena **Note: There is an additional certificate store type of “IIS” that ships with the Keyfactor platform. Migration of certificate stores from the “IIS” type to either the “IISBin” or “IISU” types is not currently supported.** -**Note: In version 3.0, the orchestrator has been renamed from IISU to WinCert. There is currently no succession process to update previous certificate store types.** - **1. Create the New Certificate Store Type** @@ -34,9 +32,9 @@ In Keyfactor Command create a new Certificate Store Type similar to the one belo CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), WinIIS (for IIS Webstore cert store) -Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either Win or WinIIS -Custom Capability|Store type name orchestrator will register with. Currently must be Win or WinIIS. +Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), IISU (for IIS Webstore cert store with bindings) +Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either WinCert or IISU +Custom Capability|Store type name orchestrator will register with. Currently must be WinCert or IISU. Job Types |Inventory (Checked), Add, Remove, and Reenrollment are the supported job types. General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. @@ -113,7 +111,7 @@ See Keyfactor InstallingKeyfactorOrchestrators.pdf Documentation. Get from your **3a. Create an IIS Binding Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+In Keyfactor Command create a new Certificate Store similar to the one below, selecting "IISU" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
![](images/IISCertStore.png) @@ -137,7 +135,7 @@ Inventory Schedule |The interval that the system will use to report on what cert **3b. Create a Windows Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+In Keyfactor Command create a new Certificate Store similar to the one below, selecting "IISU" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
![](images/WinCertStore.png) From 183df51d5b13228a171bf81ba409e987ddb7bada Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 16 Mar 2023 22:10:21 +0000 Subject: [PATCH 2/2] Update generated README --- README.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6da3b6e..518fcbc 100644 --- a/README.md +++ b/README.md @@ -110,8 +110,6 @@ In version 2.0 of the IIS Orchestrator, the certificate store type has been rena **Note: There is an additional certificate store type of “IIS” that ships with the Keyfactor platform. Migration of certificate stores from the “IIS” type to either the “IISBin” or “IISU” types is not currently supported.** -**Note: In version 3.0, the orchestrator has been renamed from IISU to WinCert. There is currently no succession process to update previous certificate store types.** - **1. Create the New Certificate Store Type** @@ -122,9 +120,9 @@ In Keyfactor Command create a new Certificate Store Type similar to the one belo CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), WinIIS (for IIS Webstore cert store) -Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either Win or WinIIS -Custom Capability|Store type name orchestrator will register with. Currently must be Win or WinIIS. +Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), IISU (for IIS Webstore cert store with bindings) +Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either WinCert or IISU +Custom Capability|Store type name orchestrator will register with. Currently must be WinCert or IISU. Job Types |Inventory (Checked), Add, Remove, and Reenrollment are the supported job types. General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. @@ -201,7 +199,7 @@ See Keyfactor InstallingKeyfactorOrchestrators.pdf Documentation. Get from your **3a. Create an IIS Binding Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+In Keyfactor Command create a new Certificate Store similar to the one below, selecting "IISU" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
![](images/IISCertStore.png) @@ -225,7 +223,7 @@ Inventory Schedule |The interval that the system will use to report on what cert **3b. Create a Windows Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+In Keyfactor Command create a new Certificate Store similar to the one below, selecting "IISU" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
![](images/WinCertStore.png)