Keyfactor · fiddlermikey · Mar 23, 2023 · Mar 22, 2023 · Mar 22, 2023 · Mar 23, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 * Added PAM registration/initialization documentation in README.md
 * Resolved Null HostName error 
 * Added WinCert Cert Store Type
+* Added custom property parser to not show any passwords
 
 2.0.0
 * Add support for reenrollment jobs (On Device Key Generation) with the ability to specify a cryptographic provider. Specification of cryptographic provider allows HSM (Hardware Security Module) use.

diff --git a/IISU/ClientPSCertStoreManager.cs b/IISU/ClientPSCertStoreManager.cs
@@ -78,6 +78,7 @@ function InstallPfxToMachineStore([byte[]]$bytes, [string]$password, [string]$st
                             $certStore.Open(5)
                             $cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $bytes, $password, 18 <# Persist, Machine #>
                             $certStore.Add($cert)
+
                             $certStore.Close();
                         }";
 

diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs
@@ -50,8 +50,8 @@ internal class ClientPSIIManager
 
         private long JobHistoryID { get; set; }
 
-        private ILogger _logger;
-        private Runspace _runSpace;
+        private readonly ILogger _logger;
+        private readonly Runspace _runSpace;
 
         private PowerShell ps;
 
@@ -119,7 +119,7 @@ public ClientPSIIManager(ManagementJobConfiguration config, string serverUsernam
                 Port = config.JobProperties["Port"].ToString();
                 HostName = config.JobProperties["HostName"]?.ToString();
                 Protocol = config.JobProperties["Protocol"].ToString();
-                SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1);
+                SniFlag = config.JobProperties["SniFlag"].ToString()?[..1];
                 IPAddress = config.JobProperties["IPAddress"].ToString();
 
                 PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password

diff --git a/IISU/ImplementedStoreTypes/Win/Inventory.cs b/IISU/ImplementedStoreTypes/Win/Inventory.cs
@@ -55,7 +55,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
             {
                 var inventoryItems = new List<CurrentInventoryItem>();
 
-                _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
+                _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config));
 
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);

diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs
@@ -47,11 +47,13 @@ public Management(IPAMSecretResolver resolver)
 
         public JobResult ProcessJob(ManagementJobConfiguration config)
         {
-            _logger = LogHandler.GetClassLogger<Management>();
-            _logger.MethodEntry();
-
             try
             {
+                _logger = LogHandler.GetClassLogger<Management>();
+                _logger.MethodEntry();
+
+                _logger.LogTrace(JobConfigurationParser.ParseManagementJobConfiguration(config));
+
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);
 

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs
@@ -52,7 +52,9 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
             {
                 var inventoryItems = new List<CurrentInventoryItem>();
 
-                _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
+                string myConfig = config.ToString();
+
+                _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config));
 
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);

diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs
@@ -47,7 +47,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 _logger = LogHandler.GetClassLogger<Management>();
                 _logger.MethodEntry();
 
-                _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
+                _logger.LogTrace(JobConfigurationParser.ParseManagementJobConfiguration(config));
 
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);

diff --git a/IISU/Interfaces/ICertificateStoreDetailsBase.cs b/IISU/Interfaces/ICertificateStoreDetailsBase.cs
@@ -0,0 +1,11 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface ICertificateStoreDetailsBase
+    {
+        public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; }
+    }
+}
diff --git a/IISU/Interfaces/IInventoryCertStoreDetails.cs b/IISU/Interfaces/IInventoryCertStoreDetails.cs
@@ -0,0 +1,7 @@
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface IInventoryCertStoreDetails
+    {
+        public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; }
+    }
+}
diff --git a/IISU/Interfaces/IInventoryJobLogger.cs b/IISU/Interfaces/IInventoryJobLogger.cs
@@ -0,0 +1,10 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface IInventoryJobLogger : IJobConfigurationLoggerBase, IInventoryCertStoreDetails
+    {
+    }
+}
diff --git a/IISU/Interfaces/IJobConfigurationLoggerBase.cs b/IISU/Interfaces/IJobConfigurationLoggerBase.cs
@@ -0,0 +1,24 @@
+using Keyfactor.Orchestrators.Extensions;
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface IJobConfigurationLoggerBase
+    {
+        public bool JobCancelled { get; set; }
+        public ServerFault ServerError { get; set; }
+        public long JobHistoryID { get; set; }
+        public int RequestStatus { get; set; }
+        public string ServerUserName { get; set; }
+        public string ServerPassword { get; set; }
+        public JobProperties JobConfigurationProperties { get; set; }
+        public bool UseSSL { get; set; }
+        public Guid JobTypeID { get; set; }
+        public Guid JobID { get; set; }
+        public string Capability { get; set; }
+
+        public IEnumerable<PreviousInventoryItem> LastInventory { get; set; }
+    }
+}
diff --git a/IISU/Interfaces/IManagementCertStoreDetails.cs b/IISU/Interfaces/IManagementCertStoreDetails.cs
@@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface IManagementCertStoreDetails
+    {
+        public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; }
+        public CertificateStoreDetailPropertiesDTO CertificateStoreDetailProperties { get; set; }
+    }
+}
diff --git a/IISU/Interfaces/IManagementJobLogger.cs b/IISU/Interfaces/IManagementJobLogger.cs
@@ -0,0 +1,13 @@
+using Keyfactor.Orchestrators.Common.Enums;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal interface IManagementJobLogger : IJobConfigurationLoggerBase, IManagementCertStoreDetails
+    {
+        public CertStoreOperationType OperationType { get; set; }
+        public bool Overwrite { get; set; }
+
+        public JobCertificateDTO JobCertificateProperties { get; set; }
+
+    }
+}
diff --git a/IISU/JobConfigurationParser.cs b/IISU/JobConfigurationParser.cs
@@ -0,0 +1,107 @@
+using Keyfactor.Orchestrators.Extensions;
+using Microsoft.PowerShell.Commands;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Configuration.Internal;
+using System.Diagnostics.Contracts;
+using System.Linq;
+using System.Management.Automation.Remoting;
+using System.Net;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal class JobConfigurationParser
+    {
+        public static string ParseManagementJobConfiguration(ManagementJobConfiguration config)
+        {
+
+            IManagementJobLogger managementParser = new ManagementJobLogger();
+
+            // JobConfiguration
+            managementParser.JobCancelled = config.JobCancelled;
+            managementParser.ServerError = config.ServerError;
+            managementParser.JobHistoryID = config.JobHistoryId;
+            managementParser.RequestStatus = config.RequestStatus;
+            managementParser.ServerUserName = config.ServerUsername;
+            managementParser.ServerPassword = "**********";
+            managementParser.UseSSL = config.UseSSL;
+            managementParser.JobTypeID = config.JobTypeId;
+            managementParser.JobID = config.JobId;
+            managementParser.Capability = config.Capability;
+
+            // JobProperties
+            JobProperties jobProperties = JsonConvert.DeserializeObject<JobProperties>(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
+            managementParser.JobConfigurationProperties = jobProperties;
+
+            // PreviousInventoryItem
+            managementParser.LastInventory = config.LastInventory;
+
+            //CertificateStore
+            managementParser.CertificateStoreDetails.ClientMachine = config.CertificateStoreDetails.ClientMachine;
+            managementParser.CertificateStoreDetails.StorePath = config.CertificateStoreDetails.StorePath;
+            managementParser.CertificateStoreDetails.StorePassword = "**********";
+            managementParser.CertificateStoreDetails.Type = config.CertificateStoreDetails.Type;
+
+            bool isEmpty = (config.JobProperties.Count == 0);       // Check if the dictionary is empty or not
+            if (!isEmpty)
+            {
+                managementParser.CertificateStoreDetailProperties.SiteName = config.JobProperties["SiteName"].ToString();
+                managementParser.CertificateStoreDetailProperties.Port = config.JobProperties["Port"].ToString();
+                managementParser.CertificateStoreDetailProperties.HostName = config.JobProperties["HostName"]?.ToString();
+                managementParser.CertificateStoreDetailProperties.Protocol = config.JobProperties["Protocol"].ToString();
+                managementParser.CertificateStoreDetailProperties.SniFlag = config.JobProperties["SniFlag"].ToString()?[..1];
+                managementParser.CertificateStoreDetailProperties.IPAddress = config.JobProperties["IPAddress"].ToString();
+                managementParser.CertificateStoreDetailProperties.ProviderName = config.JobProperties["ProviderName"]?.ToString();
+                managementParser.CertificateStoreDetailProperties.SAN = config.JobProperties["SAN"]?.ToString();
+            }
+
+            // Management Base
+            managementParser.OperationType = config.OperationType;
+            managementParser.Overwrite = config.Overwrite;
+
+            // JobCertificate
+            managementParser.JobCertificateProperties.Thumbprint = config.JobCertificate.Thumbprint;
+            managementParser.JobCertificateProperties.Contents = config.JobCertificate.Contents;
+            managementParser.JobCertificateProperties.Alias = config.JobCertificate.Alias;
+            managementParser.JobCertificateProperties.PrivateKeyPassword = "**********";
+
+            return JsonConvert.SerializeObject(managementParser);
+        }
+
+        public static string ParseInventoryJobConfiguration(InventoryJobConfiguration config)
+        {
+            IInventoryJobLogger inventoryParser = new InventoryJobLogger();
+
+            // JobConfiguration
+            inventoryParser.JobCancelled = config.JobCancelled;
+            inventoryParser.ServerError = config.ServerError;
+            inventoryParser.JobHistoryID = config.JobHistoryId;
+            inventoryParser.RequestStatus = config.RequestStatus;
+            inventoryParser.ServerUserName = config.ServerUsername;
+            inventoryParser.ServerPassword = "**********";
+            inventoryParser.UseSSL = config.UseSSL;
+            inventoryParser.JobTypeID = config.JobTypeId;
+            inventoryParser.JobID = config.JobId;
+            inventoryParser.Capability = config.Capability;
+
+            // JobProperties
+            JobProperties jobProperties = JsonConvert.DeserializeObject<JobProperties>(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
+            inventoryParser.JobConfigurationProperties = jobProperties;
+
+            // PreviousInventoryItem
+            inventoryParser.LastInventory = config.LastInventory;
+
+            //CertificateStore
+
+            inventoryParser.CertificateStoreDetails.ClientMachine = config.CertificateStoreDetails.ClientMachine;
+            inventoryParser.CertificateStoreDetails.StorePath = config.CertificateStoreDetails.StorePath;
+            inventoryParser.CertificateStoreDetails.StorePassword = "**********";
+            inventoryParser.CertificateStoreDetails.Type = config.CertificateStoreDetails.Type;
+
+
+            return JsonConvert.SerializeObject(inventoryParser);
+        }
+    }
+}
diff --git a/IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs b/IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal class CertificateStoreDetailPropertiesDTO
+    {
+        public string SiteName { get; set; }
+        public string Port { get; set; }
+        public string HostName { get; set; }
+        public string Protocol { get; set; }
+        public string SniFlag { get; set; }
+        public string IPAddress { get; set; }
+        public string ProviderName { get; set; }
+        public string SAN { get; set; }
+    }
+}
diff --git a/IISU/Models/DTOs/CertificateStoreDetailsDTO.cs b/IISU/Models/DTOs/CertificateStoreDetailsDTO.cs
@@ -0,0 +1,14 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal class CertificateStoreDetailsDTO
+    {
+        public string ClientMachine { get; set; }
+        public string StorePath { get; set; }
+        public string StorePassword { get; set; }
+        public int Type { get; set; }
+    }
+}
diff --git a/IISU/Models/DTOs/JobCertificateDTO.cs b/IISU/Models/DTOs/JobCertificateDTO.cs
@@ -0,0 +1,15 @@
+using Keyfactor.Orchestrators.Extensions;
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal class JobCertificateDTO
+    {
+        public string Thumbprint { get; set; }
+        public string Contents { get; set; }
+        public string Alias { get; set; }
+        public string PrivateKeyPassword { get; set; }
+    }
+}
diff --git a/IISU/Models/InventoryJobLogger.cs b/IISU/Models/InventoryJobLogger.cs
@@ -0,0 +1,26 @@
+using Keyfactor.Orchestrators.Extensions;
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
+{
+    internal class InventoryJobLogger : IInventoryJobLogger, IInventoryCertStoreDetails
+    {
+        public bool JobCancelled { get; set; }
+        public ServerFault ServerError { get; set; } = new ServerFault();
+        public long JobHistoryID { get; set; }
+        public int RequestStatus { get; set; }
+        public string ServerUserName { get; set; }
+        public string ServerPassword { get; set; }
+        public JobProperties JobConfigurationProperties { get; set; } = new JobProperties();
+        public bool UseSSL { get; set; }
+        public Guid JobTypeID { get; set; }
+        public Guid JobID { get; set; }
+        public string Capability { get; set; }
+
+        public IEnumerable<PreviousInventoryItem> LastInventory { get; set; } = new List<PreviousInventoryItem>();
+        public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } = new CertificateStoreDetailsDTO();
+
+    }
+}
diff --git a/IISU/Models/JobProperties.cs b/IISU/Models/JobProperties.cs
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 using System.ComponentModel;
+using System.Reflection.Metadata.Ecma335;
 using Newtonsoft.Json;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
@@ -36,6 +37,13 @@ public JobProperties()
         [DefaultValue("5985")]
         public string WinRmPort { get; set; }
 
+        [JsonProperty("ServerUsername")]
+        public string ServerUsername { get; set; }
+
+        [JsonProperty("ServerUseSsl")]
+        [DefaultValue(true)]
+        public bool ServerUseSsl { get; set; }
+
         [JsonProperty("sniflag")]
         [DefaultValue(SniFlag.None)]
         public SniFlag SniFlag { get; set; }