Updated code for WinCert and WinIIS

Keyfactor · Oct 24, 2024 · 0a59d74 · 0a59d74
1 parent 62187bb
commit 0a59d74
Show file tree

Hide file tree

Showing 6 changed files with 272 additions and 192 deletions.
diff --git a/IISU/ImplementedStoreTypes/Win/Inventory.cs b/IISU/ImplementedStoreTypes/Win/Inventory.cs
@@ -126,14 +126,16 @@ public List<CurrentInventoryItem> QueryWinCertCertificates(RemoteSettings settin
         {
             List<CurrentInventoryItem> Inventory = new();
 
-            string command = string.Empty;
-
             using (PSHelper ps = new(settings.Protocol, settings.Port, settings.IncludePortInSPN, settings.ClientMachineName, settings.ServerUserName, settings.ServerPassword))
             {
                 ps.Initialize();
 
-                command = $"Get-KFCertificates -StoreName '{StoreName}'";
-                results = ps.ExecuteFunction(command);
+                var parameters = new Dictionary<string, object>
+                {
+                    { "StoreName", StoreName }
+                };
+
+                results = ps.ExecutePowerShell("Get-KFCertificates", parameters);
 
                 // If there are certificates, deserialize the results and send them back to command
                 if (results != null && results.Count > 0)

diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs
@@ -23,6 +23,8 @@
 using System.Management.Automation;
 using Keyfactor.Logging;
 using System.Collections.ObjectModel;
+using System.Collections.Generic;
+using System.Management.Automation.Runspaces;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
@@ -31,7 +33,6 @@ public class Management : WinCertJobTypeBase, IManagementJobExtension
         public string ExtensionName => "WinCertManagement";
         private ILogger _logger;
 
-        private string command = string.Empty;
         private PSHelper _psHelper;
         private Collection<PSObject>? _results = null;
 
@@ -98,7 +99,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                             string privateKeyPassword = config.JobCertificate.PrivateKeyPassword;
                             string? cryptoProvider = config.JobProperties["ProviderName"]?.ToString();
 
-                            complete = AddCertificate(certificateContents, privateKeyPassword, _storePath, cryptoProvider);
+                            complete = AddCertificate(certificateContents, privateKeyPassword, cryptoProvider);
                             _logger.LogTrace($"Completed adding the certificate to the store");
 
                             break;
@@ -107,7 +108,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         {
                             string thumbprint = config.JobCertificate.Alias;
 
-                            complete = RemoveCertificate(thumbprint, _storePath);
+                            complete = RemoveCertificate(thumbprint);
                             _logger.LogTrace($"Completed removing the certificate from the store");
 
                             break;
@@ -134,7 +135,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
             }
         }
 
-        public JobResult AddCertificate(string certificateContents, string privateKeyPassword, string storePath, string cryptoProvider)
+        public JobResult AddCertificate(string certificateContents, string privateKeyPassword, string cryptoProvider)
         {
             try
             {
@@ -143,15 +144,26 @@ public JobResult AddCertificate(string certificateContents, string privateKeyPas
                     _psHelper.Initialize();
 
                     _logger.LogTrace("Attempting to execute PS function (Add-KFCertificateToStore)");
-                    command = $"Add-KFCertificateToStore -Base64Cert '{certificateContents}' -PrivateKeyPassword '{privateKeyPassword}' -StoreName '{storePath}' -CryptoServiceProvider '{cryptoProvider}'";
-                    _results = _psHelper.ExecuteFunction(command);
+
+                    // Manditory parameters
+                    var parameters = new Dictionary<string, object>
+                    {
+                        { "Base64Cert", certificateContents },
+                        { "StorePath", _storePath },
+                    };
+
+                    // Optional parameters
+                    if (!string.IsNullOrEmpty(privateKeyPassword)) { parameters.Add("PrivateKeyPassword", privateKeyPassword); }
+                    if (!string.IsNullOrEmpty(cryptoProvider)) { parameters.Add("CryptoServiceProvider", cryptoProvider); }
+
+                    _results = _psHelper.ExecutePowerShell("Add-KFCertificateToStore", parameters);
                     _logger.LogTrace("Returned from executing PS function (Add-KFCertificateToStore)");
 
                     // This should return the thumbprint of the certificate
                     if (_results != null && _results.Count > 0)
                     {
                         var thumbprint = _results[0].ToString();
-                        _logger.LogTrace($"Added certificate to store {storePath}, returned with the thumbprint {thumbprint}");
+                        _logger.LogTrace($"Added certificate to store {_storePath}, returned with the thumbprint {thumbprint}");
                     }
                     else
                     {
@@ -182,17 +194,23 @@ public JobResult AddCertificate(string certificateContents, string privateKeyPas
             }
         }
 
-        public JobResult RemoveCertificate(string thumbprint, string storePath)
+        public JobResult RemoveCertificate(string thumbprint)
         {
             try
             {
                 using (_psHelper)
                 {
                     _psHelper.Initialize();
 
-                    _logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {storePath}");
-                    command = $"Remove-KFCertificateFromStore -Thumbprint '{thumbprint}' -StorePath '{storePath}'";
-                    _psHelper.ExecuteFunction(command);
+                    _logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {_storePath}");
+
+                    var parameters = new Dictionary<string, object>()
+                    {
+                        { "Thumbprint", thumbprint },
+                        { "StorePath", _storePath }
+                    };
+
+                    _psHelper.ExecutePowerShell("Remove-KFCertificateFromStore", parameters);
                     _logger.LogTrace("Returned from executing PS function (Remove-KFCertificateFromStore)");
 
                     _psHelper.Terminate();

diff --git a/IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs b/IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs
@@ -0,0 +1,55 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.CompilerServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.ImplementedStoreTypes.WinIIS
+{
+    public class IISBindingInfo
+    {
+        public string SiteName { get; set; }
+        public string Protocol { get; set; }
+        public string IPAddress { get; set; }
+        public string Port { get; set; }
+        public string HostName { get; set; }
+        public string SniFlag { get; set; }
+
+        public IISBindingInfo(Dictionary<string, object> bindingInfo)
+        {
+            SiteName = bindingInfo["SiteName"].ToString();
+            Protocol = bindingInfo["Protocol"].ToString();
+            IPAddress = bindingInfo["IPAddress"].ToString();
+            Port = bindingInfo["Port"].ToString();
+            HostName = bindingInfo["HostName"].ToString();
+            SniFlag = MigrateSNIFlag(bindingInfo["SniFlag"].ToString());
+        }
+
+        private string MigrateSNIFlag(string input)
+        {
+            // Check if the input is numeric, if so, just return it as an integer
+            if (int.TryParse(input, out int numericValue))
+            {
+                return numericValue.ToString();
+            }
+
+            if (string.IsNullOrEmpty(input)) { throw new ArgumentNullException("SNI/SSL Flag", "The SNI or SSL Flag flag must not be empty or null."); }
+
+            // Handle the string cases
+            switch (input.ToLower())
+            {
+                case "0 - no sni":
+                    return "0";
+                case "1 - sni enabled":
+                    return "1";
+                case "2 - non sni binding":
+                    return "2";
+                case "3 - sni binding":
+                    return "3";
+                default:
+                    throw new ArgumentOutOfRangeException($"Received an invalid value '{input}' for sni/ssl Flag value");
+            }
+        }
+    }
+}
diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs
@@ -123,14 +123,11 @@ public List<CurrentInventoryItem> QueryIISCertificates(RemoteSettings settings)
         {
             List<CurrentInventoryItem> Inventory = new();
 
-            string command = string.Empty;
-
             using (PSHelper ps = new(settings.Protocol, settings.Port, settings.IncludePortInSPN, settings.ClientMachineName, settings.ServerUserName, settings.ServerPassword))
             {
                 ps.Initialize();
 
-                command = "Get-KFIISBoundCertificates";
-                results = ps.ExecuteFunction(command);
+                results = ps.ExecutePowerShell("Get-KFIISBoundCertificates");
 
                 // If there are certificates, deserialize the results and send them back to command
                 if (results != null && results.Count > 0)