Keyfactor · leefine02 · Jun 7, 2024 · Jun 10, 2024 · Jun 10, 2024 · Jun 12, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+v2.6.1
+- Bug Fix: Supplied Linux user needing password reset could cause orchestrator locking.
+- Bug Fix: Not supplying group for Linux File Owner on Store Creation caused the supplied owner to erroneously be used as the group for the newly create certificate store file.
+- Updgraded Nuget packages for BouncyCastle and Renci.SSH.Net
+
 v2.6.0
 - Added ability for Linux installed universal orchestrator to manage stores as an "agent" (stores reside on same server as universal orchestrator) without the need to have SSH enabled.
 - Added ability for Linux installed universal orchestrator to manage certificate stores on Windows servers by using SSH to communicate between the Linux UO server and the Windows machines hosting the certificate stores.

diff --git a/README.md b/README.md
diff --git a/RemoteFile/External References/Renci.SshNet.dll b/RemoteFile/External References/Renci.SshNet.dll
diff --git a/RemoteFile/External References/SshNet.Security.Cryptography.dll b/RemoteFile/External References/SshNet.Security.Cryptography.dll
diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs
@@ -8,7 +8,6 @@
 using System;
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
-using System.Threading;
 
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Extensions;
@@ -22,8 +21,6 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     public abstract class ManagementBase : RemoteFileJobTypeBase, IManagementJobExtension
     {
-        static Mutex mutex = new Mutex(false, "ModifyStore");
-
         public string ExtensionName => "";
 
         internal RemoteCertificateStore certificateStore = new RemoteCertificateStore();
@@ -44,8 +41,6 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
 
             try
             {
-                mutex.WaitOne();
-
                 string userName = PAMUtilities.ResolvePAMField(_resolver, logger, "Server User Name", config.ServerUsername);
                 string userPassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Server Password", config.ServerPassword);
                 string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
@@ -118,8 +113,6 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
             }
             finally
             {
-                mutex.ReleaseMutex();
-
                 if (certificateStore.RemoteHandler != null)
                     certificateStore.Terminate();
             }

diff --git a/RemoteFile/RemoteFile.csproj b/RemoteFile/RemoteFile.csproj
@@ -6,30 +6,19 @@
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
   </PropertyGroup>
 
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <DebugType>none</DebugType>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <DebugType>none</DebugType>
-  </PropertyGroup>
-
   <ItemGroup>
     <Compile Remove="ImplementedStoreTypes\JKS\JksStore.cs" />
     <Compile Remove="RemoteHandlers\SSHHelper.cs" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="BouncyCastle.Cryptography" Version="2.3.0" />
+    <PackageReference Include="BouncyCastle.Cryptography" Version="2.4.0" />
     <PackageReference Include="CliWrap" Version="3.6.6" />
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="5.0.0" />
     <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.2.12" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="External References\" />
+    <PackageReference Include="SSH.NET" Version="2024.0.0" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/RemoteFile/RemoteHandlers/SSHHandler.cs b/RemoteFile/RemoteHandlers/SSHHandler.cs
@@ -76,6 +76,9 @@ public override void Initialize()
             {
                 sshClient = new SshClient(Connection);
                 sshClient.Connect();
+
+                //method call below necessary to check edge condition where password for user id has expired. SCP (and possibly SFTP) download hangs in that scenario
+                CheckConnection();
             }
             catch (Exception ex)
             {
@@ -146,7 +149,7 @@ public override string RunCommand(string commandText, object[] arguments, bool w
             catch (Exception ex)
             {
                 _logger.LogError($"Exception during RunCommand...{RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
-                throw ex;
+                throw;
             }
         }
 
@@ -328,18 +331,18 @@ public override void CreateEmptyStoreFile(string path, string linuxFilePermissio
         {
             _logger.MethodEntry(LogLevel.Debug);
             string[] linuxGroupOwner = linuxFileOwner.Split(":");
-            string linuxFileGroup = linuxFileOwner;
+            string linuxFileGroup = String.Empty;
 
             if (linuxGroupOwner.Length == 2)
             {
                 linuxFileOwner = linuxGroupOwner[0];
-                linuxFileGroup = linuxGroupOwner[1];
+                linuxFileGroup = $"-g {linuxGroupOwner[1]}";
             }
 
             if (IsStoreServerLinux)
             {
                 AreLinuxPermissionsValid(linuxFilePermissions);
-                RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} -g {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null);
+                RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null);
             }
             else
                 RunCommand($@"Out-File -FilePath ""{path}""", null, false, null);
@@ -431,5 +434,18 @@ private string FormatFTPPath(string path, bool addLeadingSlashForWindows)
 
             return rtnPath;
         }
+
+        private void CheckConnection()
+        {
+            try
+            {
+                RunCommand("echo", null, ApplicationSettings.UseSudo, null);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(RemoteFileException.FlattenExceptionMessages(ex, "Error validating server connection."));
+                throw;
+            }
+        }
     }
 }
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -5,6 +5,7 @@
   "status": "production",
   "link_github": true,
   "update_catalog": true,
+  "support_level": "kf-supported",
   "release_dir": "RemoteFile/bin/Release",
   "description": "The Remote File Orchestrator allows for the remote management of file-based certificate stores. Discovery, Inventory, and Management functions are supported. The orchestrator performs operations by first converting the certificate store into a BouncyCastle PKCS12Store.",
   "about": {