Merge c3912ab into 084bb01

Author: rcpokorny

.github/workflows/keyfactor-starter-workflow.yml

@@ -11,7 +11,7 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@dual-platform-without-doctool
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}

CHANGELOG.md

@@ -1,3 +1,11 @@
+2.5.0
+* Added the Bindings to the end of the thumbprint to make the alias unique.
+* Using new IISWebBindings commandlet to use additional SSL flags when binding certificate to website.
+* Added multi-platform support for .Net6 and .Net8.
+* Updated various PowerShell scripts to handle both .Net6 and .Net8 differences (specifically the absense of the WebAdministration module in PS SDK 7.4.x+)
+* Fixed issue to update multiple websites when using the same cert.
+* Removed renewal thumbprint logic to update multiple website; each job now updates its own specific certificate.
+
 2.4.4
 * Fix an issue with WinRM parameters when migrating Legacy IIS Stores to the WinCert type
 * Fix an issue with "Delete" script in the Legacy IIS Migration that did not remove some records from dependent tables

IISU/CertificateStore.cs

@@ -181,38 +181,21 @@ public static List<CurrentInventoryItem> GetIISBoundCertificates(Runspace runSpa
 
                     if (foundCert == null) continue;
 
-                    var sniValue = "";
-                    switch (Convert.ToInt16(binding.Properties["sniFlg"]?.Value))
-                    {
-                        case 0:
-                            sniValue = "0 - No SNI";
-                            break;
-                        case 1:
-                            sniValue = "1 - SNI Enabled";
-                            break;
-                        case 2:
-                            sniValue = "2 - Non SNI Binding";
-                            break;
-                        case 3:
-                            sniValue = "3 - SNI Binding";
-                            break;
-                    }
-
                     var siteSettingsDict = new Dictionary<string, object>
                              {
                                  { "SiteName", binding.Properties["Name"]?.Value },
                                  { "Port", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[1] },
                                  { "IPAddress", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[0] },
                                  { "HostName", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[2] },
-                                 { "SniFlag", sniValue },
+                                 { "SniFlag", binding.Properties["sniFlg"]?.Value },
                                  { "Protocol", binding.Properties["Protocol"]?.Value }
                              };
 
                     myBoundCerts.Add(
                         new CurrentInventoryItem
                         {
                             Certificates = new[] { foundCert.CertificateData },
-                            Alias = thumbPrint,
+                            Alias = thumbPrint + ":" + binding.Properties["Bindings"]?.Value.ToString(),
                             PrivateKeyEntry = foundCert.HasPrivateKey,
                             UseChainLevel = false,
                             ItemStatus = OrchestratorInventoryItemStatus.Unknown,

IISU/CertificateStoreException.cs

@@ -18,7 +18,7 @@
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
     [Serializable]
-    internal class CertificateStoreException : Exception
+    public class CertificateStoreException : Exception
     {
         public CertificateStoreException()
         {

IISU/ClientPSCertStoreInventory.cs

@@ -11,26 +11,82 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+using Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU;
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
+using System.Runtime.ConstrainedExecution;
 using System.Text;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
-    abstract class ClientPSCertStoreInventory
+    public abstract class ClientPSCertStoreInventory
     {
         private ILogger _logger;
+
+        protected ClientPSCertStoreInventory()
+        {
+            _logger = LogHandler.GetClassLogger<ClientPSCertStoreInventory>();
+        }
+
         public ClientPSCertStoreInventory(ILogger logger)
         {
             _logger = logger;
         }
 
+        public List<Certificate> GetCertificatesFromStore(RemoteSettings settings, string storePath)
+        {
+            try
+            {
+                ILogger _logger = LogHandler.GetClassLogger(this.GetType());
+
+                List<Certificate> myCertificates = new();
+
+                _logger.LogTrace("Attempting to establish PowerShell connection.");
+                using (PSHelper ps = new(settings.Protocol, settings.Port, settings.IncludePortInSPN, settings.ClientMachineName, settings.ServerUserName, settings.ServerPassword))
+                {
+                    _logger.LogTrace("Initializing connection");
+                    ps.Initialize();
+
+                    var scriptParameters = new Dictionary<string, object>
+                    {
+                        { "StoreName", storePath }
+                    };
+
+                    var results = ps.ExecuteCommand(PSHelper.LoadScript("WinCertInventory.ps1"), scriptParameters);
+
+                    foreach (var c in results)
+                    {
+                        myCertificates.Add(new Certificate
+                        {
+                            Thumbprint = $"{c.Properties["Thumbprint"]?.Value}",
+                            HasPrivateKey = bool.Parse($"{c.Properties["HasPrivateKey"]?.Value}"),
+                            RawData = (byte[])c.Properties["RawData"]?.Value,
+                            CryptoServiceProvider = $"{c.Properties["CSP"]?.Value}",
+                            SAN = Certificate.Utilities.FormatSAN($"{c.Properties["san"]?.Value}")
+                        });
+                    }
+                }
+
+                _logger.LogTrace($"found: {myCertificates.Count} certificate(s), exiting GetCertificatesFromStore()");
+                return myCertificates;
+
+            }
+            catch (Exception ex)
+            {
+                throw new Exception ("An error occurred while attempting to read the certificates from the store.\n" + ex.Message.ToString());
+            }
+        }
+
+        // ORIG
         public List<Certificate> GetCertificatesFromStore(Runspace runSpace, string storePath)
         {
+            ILogger _logger = LogHandler.GetClassLogger(this.GetType());
+
             List<Certificate> myCertificates = new List<Certificate>();
             try
             {

IISU/ClientPSCertStoreManager.cs

@@ -27,7 +27,7 @@
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
-    internal class ClientPSCertStoreManager
+    public class ClientPSCertStoreManager
     {
         private ILogger _logger;
         private Runspace _runspace;
@@ -40,6 +40,11 @@ public X509Certificate2 X509Cert
             get { return x509Cert; }
         }
 
+        public ClientPSCertStoreManager(Runspace runSpace)
+        {
+            _logger = LogHandler.GetClassLogger<ClientPSCertStoreManager>();
+            _runspace = runSpace;
+        }
 
         public ClientPSCertStoreManager(ILogger logger, Runspace runSpace, long jobNumber)
         {
@@ -126,9 +131,9 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin
                 {
                     ps.Runspace = _runspace;
 
-                    if (cryptoProviderName == null)
+                    if (string.IsNullOrEmpty(cryptoProviderName))
                     {
-                        if (privateKeyPassword == null)
+                        if (string.IsNullOrEmpty(privateKeyPassword))
                         {
                             // If no private key password is provided, import the pfx file directory to the store using addstore argument
                             string script = @"
@@ -179,7 +184,7 @@ public JobResult ImportPFXFile(string filePath, string privateKeyPassword, strin
                     }
                     else
                     {
-                        if (privateKeyPassword == null)
+                        if (string.IsNullOrEmpty(privateKeyPassword))
                         {
                             string script = @"
                             param($pfxFilePath, $cspName, $storePath)

IISU/ClientPSCertStoreReEnrollment.cs

@@ -65,7 +65,7 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit
                 string storePath = config.CertificateStoreDetails.StorePath;
 
                 _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}");
-                using var runSpace = PsHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
+                using var runSpace = PSHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword);
 
                 _logger.LogTrace("Runspace created");
                 runSpace.Open();