|
14 | 14 |
|
15 | 15 | // Ignore Spelling: Keyfactor |
16 | 16 |
|
| 17 | +// 021225 rcp Cleaned up and removed unnecessary code |
| 18 | + |
17 | 19 | using Keyfactor.Logging; |
18 | 20 | using Keyfactor.Orchestrators.Common.Enums; |
19 | 21 | using Keyfactor.Orchestrators.Extensions; |
@@ -296,254 +298,5 @@ private string ImportCertificate(byte[] certificateRawData, string storeName) |
296 | 298 | } |
297 | 299 | } |
298 | 300 |
|
299 | | - public JobResult PerformReEnrollmentORIG(ReenrollmentJobConfiguration config, SubmitReenrollmentCSR submitReenrollment, CertStoreBindingTypeENUM bindingType) |
300 | | - { |
301 | | - bool hasError = false; |
302 | | - |
303 | | - try |
304 | | - { |
305 | | - _logger.MethodEntry(); |
306 | | - var serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); |
307 | | - var serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); |
308 | | - |
309 | | - // Extract values necessary to create remote PS connection |
310 | | - JobProperties jobProperties = JsonConvert.DeserializeObject<JobProperties>(config.CertificateStoreDetails.Properties, |
311 | | - new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); |
312 | | - |
313 | | - string protocol = jobProperties.WinRmProtocol; |
314 | | - string port = jobProperties.WinRmPort; |
315 | | - bool IncludePortInSPN = jobProperties.SpnPortFlag; |
316 | | - string clientMachineName = config.CertificateStoreDetails.ClientMachine; |
317 | | - string storePath = config.CertificateStoreDetails.StorePath; |
318 | | - |
319 | | - _logger.LogTrace($"Establishing runspace on client machine: {clientMachineName}"); |
320 | | - using var runSpace = PSHelper.GetClientPsRunspace(protocol, clientMachineName, port, IncludePortInSPN, serverUserName, serverPassword); |
321 | | - |
322 | | - _logger.LogTrace("Runspace created"); |
323 | | - runSpace.Open(); |
324 | | - _logger.LogTrace("Runspace opened"); |
325 | | - |
326 | | - PowerShell ps = PowerShell.Create(); |
327 | | - ps.Runspace = runSpace; |
328 | | - |
329 | | - string CSR = string.Empty; |
330 | | - |
331 | | - var subjectText = config.JobProperties["subjectText"]; |
332 | | - var providerName = config.JobProperties["ProviderName"]; |
333 | | - var keyType = config.JobProperties["keyType"]; |
334 | | - var keySize = config.JobProperties["keySize"]; |
335 | | - var SAN = config.JobProperties["SAN"]; |
336 | | - |
337 | | - Collection<PSObject> results; |
338 | | - |
339 | | - // If the provider name is null, default it to the Microsoft CA |
340 | | - providerName ??= "Microsoft Strong Cryptographic Provider"; |
341 | | - |
342 | | - // Create the script file |
343 | | - ps.AddScript("$infFilename = New-TemporaryFile"); |
344 | | - ps.AddScript("$csrFilename = New-TemporaryFile"); |
345 | | - |
346 | | - ps.AddScript("if (Test-Path $csrFilename) { Remove-Item $csrFilename }"); |
347 | | - |
348 | | - ps.AddScript($"Set-Content $infFilename -Value [NewRequest]"); |
349 | | - ps.AddScript($"Add-Content $infFilename -Value 'Subject = \"{subjectText}\"'"); |
350 | | - ps.AddScript($"Add-Content $infFilename -Value 'ProviderName = \"{providerName}\"'"); |
351 | | - ps.AddScript($"Add-Content $infFilename -Value 'MachineKeySet = True'"); |
352 | | - ps.AddScript($"Add-Content $infFilename -Value 'HashAlgorithm = SHA256'"); |
353 | | - ps.AddScript($"Add-Content $infFilename -Value 'KeyAlgorithm = {keyType}'"); |
354 | | - ps.AddScript($"Add-Content $infFilename -Value 'KeyLength={keySize}'"); |
355 | | - ps.AddScript($"Add-Content $infFilename -Value 'KeySpec = 0'"); |
356 | | - |
357 | | - if (SAN != null) |
358 | | - { |
359 | | - ps.AddScript($"Add-Content $infFilename -Value '[Extensions]'"); |
360 | | - ps.AddScript(@"Add-Content $infFilename -Value '2.5.29.17 = ""{text}""'"); |
361 | | - |
362 | | - foreach (string s in SAN.ToString().Split("&")) |
363 | | - { |
364 | | - ps.AddScript($"Add-Content $infFilename -Value '_continue_ = \"{s + "&"}\"'"); |
365 | | - } |
366 | | - } |
367 | | - |
368 | | - try |
369 | | - { |
370 | | - // Get INF file for debugging |
371 | | - ps.AddScript("$name = $infFilename.FullName"); |
372 | | - ps.AddScript("$name"); |
373 | | - results = ps.Invoke(); |
374 | | - |
375 | | - string fname = results[0].ToString(); |
376 | | - string infContent = File.ReadAllText(fname); |
377 | | - |
378 | | - _logger.LogDebug($"Contents of {fname}:"); |
379 | | - _logger.LogDebug(infContent); |
380 | | - } |
381 | | - catch (Exception) |
382 | | - { |
383 | | - } |
384 | | - |
385 | | - // Execute the -new command |
386 | | - ps.AddScript($"certreq -new -q $infFilename $csrFilename"); |
387 | | - _logger.LogDebug($"Subject Text: {subjectText}"); |
388 | | - _logger.LogDebug($"SAN: {SAN}"); |
389 | | - _logger.LogDebug($"Provider Name: {providerName}"); |
390 | | - _logger.LogDebug($"Key Type: {keyType}"); |
391 | | - _logger.LogDebug($"Key Size: {keySize}"); |
392 | | - _logger.LogTrace("Attempting to create the CSR by Invoking the script."); |
393 | | - |
394 | | - results = ps.Invoke(); |
395 | | - _logger.LogTrace("Completed the attempt in creating the CSR."); |
396 | | - |
397 | | - ps.Commands.Clear(); |
398 | | - |
399 | | - try |
400 | | - { |
401 | | - ps.AddScript($"$CSR = Get-Content $csrFilename -Raw"); |
402 | | - _logger.LogTrace("Attempting to get the contents of the CSR file."); |
403 | | - results = ps.Invoke(); |
404 | | - _logger.LogTrace("Finished getting the CSR Contents."); |
405 | | - } |
406 | | - catch (Exception) |
407 | | - { |
408 | | - var psError = ps.Streams.Error.ReadAll().Aggregate(String.Empty, (current, error) => current + error.ErrorDetails.Message); |
409 | | - |
410 | | - hasError = true; |
411 | | - |
412 | | - throw new CertificateStoreException($"Error creating CSR File. {psError}"); |
413 | | - } |
414 | | - finally |
415 | | - { |
416 | | - ps.Commands.Clear(); |
417 | | - |
418 | | - // Delete the temp files |
419 | | - ps.AddScript("if (Test-Path $infFilename) { Remove-Item -Path $infFilename }"); |
420 | | - ps.AddScript("if (Test-Path $csrFilename) { Remove-Item -Path $csrFilename }"); |
421 | | - _logger.LogTrace("Attempt to delete the temporary files."); |
422 | | - results = ps.Invoke(); |
423 | | - |
424 | | - if (hasError) runSpace.Close(); |
425 | | - } |
426 | | - |
427 | | - // Get the byte array |
428 | | - var RawContent = runSpace.SessionStateProxy.GetVariable("CSR"); |
429 | | - |
430 | | - // Sign CSR in Keyfactor |
431 | | - _logger.LogTrace("Get the signed CSR from KF."); |
432 | | - X509Certificate2 myCert = submitReenrollment.Invoke(RawContent.ToString()); |
433 | | - |
434 | | - if (myCert != null) |
435 | | - { |
436 | | - // Get the cert data into string format |
437 | | - string csrData = Convert.ToBase64String(myCert.RawData, Base64FormattingOptions.InsertLineBreaks); |
438 | | - |
439 | | - _logger.LogTrace("Creating the text version of the certificate."); |
440 | | - |
441 | | - // Write out the cert file |
442 | | - StringBuilder sb = new StringBuilder(); |
443 | | - sb.AppendLine("-----BEGIN CERTIFICATE-----"); |
444 | | - sb.AppendLine(csrData); |
445 | | - sb.AppendLine("-----END CERTIFICATE-----"); |
446 | | - |
447 | | - ps.AddScript("$cerFilename = New-TemporaryFile"); |
448 | | - ps.AddScript($"Set-Content $cerFilename '{sb}'"); |
449 | | - |
450 | | - results = ps.Invoke(); |
451 | | - ps.Commands.Clear(); |
452 | | - |
453 | | - // Accept the signed cert |
454 | | - _logger.LogTrace("Attempting to accept or bind the certificate to the HSM."); |
455 | | - |
456 | | - ps.AddScript($"Set-Location -Path Cert:\\localmachine\\'{config.CertificateStoreDetails.StorePath}'"); |
457 | | - ps.AddScript($"Import-Certificate -Filepath $cerFilename"); |
458 | | - ps.Invoke(); |
459 | | - _logger.LogTrace("Successfully bound the certificate."); |
460 | | - |
461 | | - ps.Commands.Clear(); |
462 | | - |
463 | | - // Delete the temp files |
464 | | - ps.AddScript("if (Test-Path $infFilename) { Remove-Item -Path $infFilename }"); |
465 | | - ps.AddScript("if (Test-Path $csrFilename) { Remove-Item -Path $csrFilename }"); |
466 | | - ps.AddScript("if (Test-Path $cerFilename) { Remove-Item -Path $cerFilename }"); |
467 | | - _logger.LogTrace("Removing temporary files."); |
468 | | - results = ps.Invoke(); |
469 | | - |
470 | | - ps.Commands.Clear(); |
471 | | - runSpace.Close(); |
472 | | - |
473 | | - // Default results |
474 | | - JobResult result = new JobResult |
475 | | - { |
476 | | - Result = OrchestratorJobStatusJobResult.Success, |
477 | | - JobHistoryId = config.JobHistoryId, |
478 | | - FailureMessage = "" |
479 | | - }; |
480 | | - |
481 | | - // Do specific bindings |
482 | | - switch (bindingType) |
483 | | - { |
484 | | - case CertStoreBindingTypeENUM.WinIIS: |
485 | | - // Bind the certificate to IIS |
486 | | - ClientPSIIManager iisManager = new ClientPSIIManager(config, serverUserName, serverPassword); |
487 | | - result = iisManager.BindCertificate(myCert); |
488 | | - // Provide logging information |
489 | | - if (result.Result == OrchestratorJobStatusJobResult.Success) { _logger.LogInformation("Certificate was successfully bound to the IIS Server."); } |
490 | | - else { _logger.LogInformation("There was an issue while attempting to bind the certificate to the IIS Server. Check the logs for more information."); } |
491 | | - break; |
492 | | - |
493 | | - case CertStoreBindingTypeENUM.WinSQL: |
494 | | - |
495 | | - // Bind to SQL Server |
496 | | - ClientPsSqlManager sqlManager = new ClientPsSqlManager(config, serverUserName, serverPassword); |
497 | | - result = sqlManager.BindCertificates("", myCert); |
498 | | - |
499 | | - // Provide logging information |
500 | | - if (result.Result == OrchestratorJobStatusJobResult.Success) { _logger.LogInformation("Certificate was successfully bound to the SQL Server."); } |
501 | | - else { _logger.LogInformation("There was an issue while attempting to bind the certificate to the SQL Server. Check the logs for more information."); } |
502 | | - break; |
503 | | - |
504 | | - } |
505 | | - |
506 | | - ps.Commands.Clear(); |
507 | | - runSpace.Close(); |
508 | | - |
509 | | - return result; |
510 | | - } |
511 | | - else |
512 | | - { |
513 | | - return new JobResult |
514 | | - { |
515 | | - Result = OrchestratorJobStatusJobResult.Failure, |
516 | | - JobHistoryId = config.JobHistoryId, |
517 | | - FailureMessage = "The ReEnrollment job was unable to sign the CSR. Please check the formatting of the SAN and other ReEnrollment properties." |
518 | | - }; |
519 | | - } |
520 | | - |
521 | | - } |
522 | | - catch (PSRemotingTransportException psEx) |
523 | | - { |
524 | | - var failureMessage = $"ReEnrollment job failed for Site '{config.CertificateStoreDetails.StorePath}' on server '{config.CertificateStoreDetails.ClientMachine}' with a PowerShell Transport Exception: {psEx.Message}"; |
525 | | - _logger.LogError(failureMessage + LogHandler.FlattenException(psEx)); |
526 | | - |
527 | | - return new JobResult |
528 | | - { |
529 | | - Result = OrchestratorJobStatusJobResult.Failure, |
530 | | - JobHistoryId = config.JobHistoryId, |
531 | | - FailureMessage = failureMessage |
532 | | - }; |
533 | | - |
534 | | - } |
535 | | - catch (Exception ex) |
536 | | - { |
537 | | - var failureMessage = $"ReEnrollment job failed for Site '{config.CertificateStoreDetails.StorePath}' on server '{config.CertificateStoreDetails.ClientMachine}' with error: '{LogHandler.FlattenException(ex)}'"; |
538 | | - _logger.LogWarning(failureMessage); |
539 | | - |
540 | | - return new JobResult |
541 | | - { |
542 | | - Result = OrchestratorJobStatusJobResult.Failure, |
543 | | - JobHistoryId = config.JobHistoryId, |
544 | | - FailureMessage = failureMessage |
545 | | - }; |
546 | | - } |
547 | | - } |
548 | 301 | } |
549 | 302 | } |
0 commit comments