Keyfactor
diff --git a/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs‎
Lines changed: 39 additions & 2 deletions b/‎IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs‎
Lines changed: 39 additions & 2 deletions
diff --git a/‎IISU/ImplementedStoreTypes/WinIIS/Inventory.cs‎
Lines changed: 2 additions & 2 deletions b/‎IISU/ImplementedStoreTypes/WinIIS/Inventory.cs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎IISU/ImplementedStoreTypes/WinIIS/Management.cs‎
Lines changed: 28 additions & 3 deletions b/‎IISU/ImplementedStoreTypes/WinIIS/Management.cs‎
Lines changed: 28 additions & 3 deletions
diff --git a/‎IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs‎
Lines changed: 26 additions & 13 deletions b/‎IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs‎
Lines changed: 26 additions & 13 deletions
diff --git a/‎IISU/PSHelper.cs‎
Lines changed: 21 additions & 11 deletions b/‎IISU/PSHelper.cs‎
Lines changed: 21 additions & 11 deletions
@@ -1,3 +1,9 @@
+2.6.1
+* documentation updates for the 2.6 release
+* fix a naming typo in the 2.5 migration SQL script
+* update integration-manifest.json
+* Updated the Alias in IIS to also include Site-Name.  NOTE: Inventory will need to be performed prior to any management job to include new Alias format.
+
 2.6.0
 * Added the ability to run the extension in a Linux environment.  To utilize this change, for each Cert Store Types (WinCert/WinIIS/WinSQL), add ssh to the Custom Field <b>WinRM Protocol</b>.  When using ssh as a protocol, make sure to enter the appropriate ssh port number under WinRM Port.
 * NOTE: For legacy purposes the Display names WinRM Protocol and WinRM Port are maintained although the type of protocols now includes ssh.
 
@@ -16,8 +16,10 @@
 
 // 021225 rcp   2.6.0   Cleaned up and verified code
 
+using Markdig.Syntax;
 using System;
 using System.Collections.Generic;
+using System.Web.Services.Description;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
 {
@@ -29,6 +31,12 @@ public class IISBindingInfo
         public string Port { get; set; }
         public string? HostName { get; set; }
         public string SniFlag { get; set; }
+        public string Thumbprint { get; private set; }
+
+        public IISBindingInfo()
+        {
+                
+        }
 
         public IISBindingInfo(Dictionary<string, object> bindingInfo)
         {
@@ -40,15 +48,44 @@ public IISBindingInfo(Dictionary<string, object> bindingInfo)
             SniFlag = MigrateSNIFlag(bindingInfo["SniFlag"].ToString());
         }
 
+        public static IISBindingInfo ParseAliaseBindingString(string alias)
+        {
+            if (string.IsNullOrWhiteSpace(alias))
+                throw new ArgumentException("Alias cannot be null or empty.", nameof(alias));
+
+            var parts = alias.Split(':');
+            if (parts.Length < 4 || parts.Length > 5)
+                throw new FormatException("Alias must be in the format of Thumbprint:IPAddress:Port[:Hostname]");
+
+            return new IISBindingInfo
+            {
+                Thumbprint = parts[0],
+                SiteName = parts[1],
+                IPAddress = parts[2],
+                Port = parts[3],
+                HostName = parts.Length == 5 ? parts[4] : null
+            };
+        }
+
+
         private string MigrateSNIFlag(string input)
         {
-            // Check if the input is numeric, if so, just return it as an integer
             if (int.TryParse(input, out int numericValue))
             {
                 return numericValue.ToString();
             }
 
-            if (string.IsNullOrEmpty(input)) { throw new ArgumentNullException("SNI/SSL Flag", "The SNI or SSL Flag flag must not be empty or null."); }
+            if (string.IsNullOrEmpty(input))
+                throw new ArgumentNullException("SNI/SSL Flag", "The SNI or SSL Flag must not be empty or null.");
+
+            // Normalize input
+            var trimmedInput = input.Trim().ToLowerInvariant();
+
+            // Handle boolean values
+            if (trimmedInput == "true")
+                return "1";
+            if (trimmedInput == "false")
+                return "0";
 
             // Handle the string cases
             switch (input.ToLower())
 
@@ -107,7 +107,7 @@ public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration, SubmitIn
             {
                 _logger.LogTrace(LogHandler.FlattenException(ex));
 
-                var failureMessage = $"Inventory job failed for Site '{jobConfiguration.CertificateStoreDetails.StorePath}' on server '{jobConfiguration.CertificateStoreDetails.ClientMachine}' with error: '{LogHandler.FlattenException(ex)}'";
+                var failureMessage = $"Inventory job failed for Site '{jobConfiguration.CertificateStoreDetails.StorePath}' on server '{jobConfiguration.CertificateStoreDetails.ClientMachine}' with error: '{ex.Message}'";
                 _logger.LogWarning(failureMessage);
 
                 return new JobResult
@@ -164,7 +164,7 @@ public List<CurrentInventoryItem> QueryIISCertificates(RemoteSettings settings)
                             new CurrentInventoryItem
                             {
                                 Certificates = new[] {cert.CertificateBase64 },
-                                Alias = cert.Thumbprint + ":" + cert.Binding?.ToString(),
+                                Alias = cert.Thumbprint + ":" + cert.SiteName + ":" + cert.Binding?.ToString(),
                                 PrivateKeyEntry = cert.HasPrivateKey,
                                 UseChainLevel = false,
                                 ItemStatus = OrchestratorInventoryItemStatus.Unknown,
 
@@ -103,13 +103,16 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                 {
                                     string newThumbprint = AddCertificate(certificateContents, privateKeyPassword, cryptoProvider);
                                     _logger.LogTrace($"Completed adding the certificate to the store");
+                                    _logger.LogTrace($"New thumbprint: {newThumbprint}");
 
                                     // Bind Certificate to IIS Site
                                     if (newThumbprint != null)
                                     {
                                         IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);
                                         WinIISBinding.BindCertificate(_psHelper, bindingInfo, newThumbprint, "", _storePath);
 
+                                        _logger.LogTrace("Returned after binding certificate to store");
+
                                         complete = new JobResult
                                         {
                                             Result = OrchestratorJobStatusJobResult.Success,
@@ -136,12 +139,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                             {
                                 // Removing a certificate involves two steps: UnBind the certificate, then delete the cert from the store
 
+                                IISBindingInfo thisBinding = IISBindingInfo.ParseAliaseBindingString(config.JobCertificate.Alias);
                                 string thumbprint = config.JobCertificate.Alias.Split(':')[0];
                                 try
                                 {
-                                    if (WinIISBinding.UnBindCertificate(_psHelper, new IISBindingInfo(config.JobProperties)))
+                                    if (WinIISBinding.UnBindCertificate(_psHelper, thisBinding))
                                     {
-                                        complete = RemoveCertificate(thumbprint);
+                                        // This function will only remove the certificate from the store if not used by any other sites
+                                        RemoveIISCertificate(thisBinding.Thumbprint);
+
+                                        complete = new JobResult
+                                        {
+                                            Result = OrchestratorJobStatusJobResult.Success,
+                                            JobHistoryId = _jobHistoryID,
+                                            FailureMessage = ""
+                                        };
                                     }
                                 }
                                 catch (Exception ex)
@@ -225,8 +237,21 @@ public string AddCertificate(string certificateContents, string privateKeyPasswo
                 throw new Exception (failureMessage);
             }
 }
+        public void RemoveIISCertificate(string thumbprint)
+        {
+            _logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {_storePath}");
+
+            var parameters = new Dictionary<string, object>()
+                    {
+                        { "Thumbprint", thumbprint },
+                        { "StoreName", _storePath }
+                    };
+
+            _psHelper.ExecutePowerShell("Remove-KFIISCertificateIfUnused", parameters);
+
+        }
 
-        public JobResult RemoveCertificate(string thumbprint)
+        public JobResult RemoveCertificateORIG(string thumbprint)
         {
             try
             {
 
@@ -49,25 +49,39 @@ public static void BindCertificate(PSHelper psHelper, IISBindingInfo bindingInfo
             // Optional parameters
             if (!string.IsNullOrEmpty(bindingInfo.HostName)) { parameters.Add("HostName", bindingInfo.HostName); }
 
-            _results = psHelper.ExecutePowerShell("New-KFIISSiteBinding", parameters);      // returns true if successful
-            _logger.LogTrace("Returned from executing PS function (New-KFIISSiteBinding)");
-
-            // This should return the thumbprint of the certificate
-            if (_results != null && _results.Count > 0)
+            try
             {
-                bool success = _results[0].BaseObject is bool value && value;
-                if (success)
+                _results = psHelper.ExecutePowerShell("New-KFIISSiteBinding", parameters);      // returns true if successful
+                _logger.LogTrace("Returned from executing PS function (New-KFIISSiteBinding)");
+
+                if (_results != null && _results.Count > 0)
                 {
-                    _logger.LogTrace($"Bound certificate with the thumbprint: '{thumbprint}' to site: '{bindingInfo.SiteName}' successfully.");
-                    return;
+                    var baseObject = _results[0]?.BaseObject;
+                    if (baseObject is bool value)
+                    {
+                        if (value)
+                        {
+                            _logger.LogTrace($"Bound certificate with the thumbprint: '{thumbprint}' to site: '{bindingInfo.SiteName}' successfully.");
+                        }
+                        else
+                        {
+                            _logger.LogTrace("Something happened and the binding failed.");
+                        }
+                    }
+                    else
+                    {
+                        _logger.LogWarning("Unexpected result type returned from script: " + baseObject?.GetType().Name);
+                    }
                 }
                 else
                 {
-                    _logger.LogTrace("Something happened and the binding failed.");
+                    _logger.LogWarning("PowerShell script returned no results.");
                 }
             }
-
-            throw new Exception($"An unknown error occurred while attempting to bind thumbprint: {thumbprint} to site: '{bindingInfo.SiteName}'. \nCheck the UO Logs for more information.");
+            catch (Exception ex)
+            {
+                throw new Exception($"An unknown error occurred while attempting to bind thumbprint: {thumbprint} to site: '{bindingInfo.SiteName}'. \n{ex.Message}");
+            }
         }
 
         public static bool UnBindCertificate(PSHelper psHelper, IISBindingInfo bindingInfo)
@@ -102,7 +116,6 @@ public static bool UnBindCertificate(PSHelper psHelper, IISBindingInfo bindingIn
 
                 if (results[0].BaseObject is bool success)
                 {
-                    _logger.LogTrace($"Returned from unbinding as {success}.");
                     return success;
                 }
                 else
 
@@ -102,6 +102,8 @@ public PSHelper(string protocol, string port, bool useSPN, string clientMachineN
         public void Initialize()
         {
             _logger.LogTrace("Entered PSHelper.Initialize()");
+            _logger.LogTrace($"PowerShell SDK Location: {typeof(System.Management.Automation.PowerShell).Assembly.Location}");
+            _logger.LogTrace($".NET Runtime Version: {RuntimeInformation.FrameworkDescription}");
 
             PS = PowerShell.Create();
 
@@ -181,20 +183,28 @@ private void InitializeRemoteSession()
             else
             {
                 _logger.LogTrace("Initializing WinRM connection");
-                var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
-                PSCredential myCreds = new PSCredential(serverUserName, pw);
+                try
+                {
+                    var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
+                    PSCredential myCreds = new PSCredential(serverUserName, pw);
 
-                // Create the PSSessionOption object
-                var sessionOption = new PSSessionOption
+                    // Create the PSSessionOption object
+                    var sessionOption = new PSSessionOption
+                    {
+                        IncludePortInSPN = useSPN
+                    };
+
+                    PS.AddCommand("New-PSSession")
+                    .AddParameter("ComputerName", ClientMachineName)
+                    .AddParameter("Port", port)
+                    .AddParameter("Credential", myCreds)
+                    .AddParameter("SessionOption", sessionOption);
+                }
+                catch (Exception)
                 {
-                    IncludePortInSPN = useSPN
-                };
+                    throw new Exception("Problems establishing network credentials.  Please check the User name and Password for the Certificate Store");
+                }
 
-                PS.AddCommand("New-PSSession")
-                .AddParameter("ComputerName", ClientMachineName)
-                .AddParameter("Port", port)
-                .AddParameter("Credential", myCreds)
-                .AddParameter("SessionOption", sessionOption);
             }
 
             using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
Original file line number	Diff line number	Diff line change
`@@ -103,13 +103,16 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`103`	`103`	`{`
`104`	`104`	`string newThumbprint = AddCertificate(certificateContents, privateKeyPassword, cryptoProvider);`
`105`	`105`	`_logger.LogTrace($"Completed adding the certificate to the store");`
	`106`	`+ _logger.LogTrace($"New thumbprint: {newThumbprint}");`
`106`	`107`
`107`	`108`	`// Bind Certificate to IIS Site`
`108`	`109`	`if (newThumbprint != null)`
`109`	`110`	`{`
`110`	`111`	`IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);`
`111`	`112`	`WinIISBinding.BindCertificate(_psHelper, bindingInfo, newThumbprint, "", _storePath);`
`112`	`113`
	`114`	`+ _logger.LogTrace("Returned after binding certificate to store");`
	`115`	`+`
`113`	`116`	`complete = new JobResult`
`114`	`117`	`{`
`115`	`118`	`Result = OrchestratorJobStatusJobResult.Success,`
`@@ -136,12 +139,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`136`	`139`	`{`
`137`	`140`	`// Removing a certificate involves two steps: UnBind the certificate, then delete the cert from the store`
`138`	`141`
	`142`	`+ IISBindingInfo thisBinding = IISBindingInfo.ParseAliaseBindingString(config.JobCertificate.Alias);`
`139`	`143`	`string thumbprint = config.JobCertificate.Alias.Split(':')[0];`
`140`	`144`	`try`
`141`	`145`	`{`
`142`		`- if (WinIISBinding.UnBindCertificate(_psHelper, new IISBindingInfo(config.JobProperties)))`
	`146`	`+ if (WinIISBinding.UnBindCertificate(_psHelper, thisBinding))`
`143`	`147`	`{`
`144`		`- complete = RemoveCertificate(thumbprint);`
	`148`	`+ // This function will only remove the certificate from the store if not used by any other sites`
	`149`	`+ RemoveIISCertificate(thisBinding.Thumbprint);`
	`150`	`+`
	`151`	`+ complete = new JobResult`
	`152`	`+ {`
	`153`	`+ Result = OrchestratorJobStatusJobResult.Success,`
	`154`	`+ JobHistoryId = _jobHistoryID,`
	`155`	`+ FailureMessage = ""`
	`156`	`+ };`
`145`	`157`	`}`
`146`	`158`	`}`
`147`	`159`	`catch (Exception ex)`
`@@ -225,8 +237,21 @@ public string AddCertificate(string certificateContents, string privateKeyPasswo`
`225`	`237`	`throw new Exception (failureMessage);`
`226`	`238`	`}`
`227`	`239`	`}`
	`240`	`+ public void RemoveIISCertificate(string thumbprint)`
	`241`	`+ {`
	`242`	`+ _logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {_storePath}");`
	`243`	`+`
	`244`	`+ var parameters = new Dictionary<string, object>()`
	`245`	`+ {`
	`246`	`+ { "Thumbprint", thumbprint },`
	`247`	`+ { "StoreName", _storePath }`
	`248`	`+ };`
	`249`	`+`
	`250`	`+ _psHelper.ExecutePowerShell("Remove-KFIISCertificateIfUnused", parameters);`
	`251`	`+`
	`252`	`+ }`
`228`	`253`
`229`		`- public JobResult RemoveCertificate(string thumbprint)`
	`254`	`+ public JobResult RemoveCertificateORIG(string thumbprint)`
`230`	`255`	`{`
`231`	`256`	`try`
`232`	`257`	`{`