Skip to content

Commit acf6137

Browse files
bhillkeyfactorbhillkeyfactor
authored
Merge pull request #17 from Keyfactor/release-1.1-pre
Release 1.1 pre
2 parents 9ebbe94 + 50df1d5 commit acf6137

29 files changed

+456
-110
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
1.1.3
2+
* Made WinRM port a store parameter
3+
* Made WinRM protocol a store parameter
4+
* IISWBin 1.1.3 upgrade script.sql added to upgrade from 1.1.2
5+
16
1.1.0
27
* Migrate to Universal Orchestrator (KF9 / .NET Core)
38
* Perform Renewals using RenewalThumbprint

IISWBin 1.1.3 upgrade script.sql

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
DECLARE @iiswbin INT = -1, @iiswibin2 INT = -1
2+
3+
SELECT @iiswbin = [StoreType] FROM [cms_agents].[CertStoreTypes] WHERE [ShortName] = 'IISWBin'
4+
IF NOT @iiswbin = -1
5+
BEGIN
6+
IF NOT EXISTS(SELECT [Id] FROM [cms_agents].[CertStoreTypeProperties] WHERE [StoreTypeId] = @iiswbin AND [Name] = 'WinRm Protocol')
7+
BEGIN
8+
INSERT INTO [cms_agents].[CertStoreTypeProperties]
9+
([StoreTypeId]
10+
,[Name]
11+
,[DisplayName]
12+
,[Type]
13+
,[Required]
14+
,[DependsOn]
15+
,[DefaultValue])
16+
VALUES
17+
(@iiswbin, 'WinRm Protocol', 'WinRm Protocol', 2, 1, '', 'http,https')
18+
19+
END
20+
END
21+
22+
SELECT @iiswibin2 = [StoreType] FROM [cms_agents].[CertStoreTypes] WHERE [ShortName] = 'IISWBin'
23+
IF NOT @iiswibin2 = -1
24+
BEGIN
25+
IF NOT EXISTS(SELECT [Id] FROM [cms_agents].[CertStoreTypeProperties] WHERE [StoreTypeId] = @iiswibin2 AND [Name] = 'WinRm Port')
26+
BEGIN
27+
INSERT INTO [cms_agents].[CertStoreTypeProperties]
28+
([StoreTypeId]
29+
,[Name]
30+
,[DisplayName]
31+
,[Type]
32+
,[Required]
33+
,[DependsOn]
34+
,[DefaultValue])
35+
VALUES
36+
(@iiswibin2, 'WinRm Port', 'WinRm Port',0, 1, '', '5985')
37+
END
38+
END

IISWithBindings/Jobs/Inventory.cs

Lines changed: 76 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
1-
using System;
1+
using System;
22
using System.Collections.Generic;
3+
using System.Linq;
34
using System.Management.Automation;
45
using System.Management.Automation.Runspaces;
56
using System.Net;
6-
using System.Security;
77
using Keyfactor.Logging;
88
using Keyfactor.Orchestrators.Common.Enums;
99
using Keyfactor.Orchestrators.Extensions;
@@ -23,48 +23,69 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
2323
{
2424
try
2525
{
26-
StorePath storePath = JsonConvert.DeserializeObject<StorePath>(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
26+
_logger.MethodEntry();
27+
_logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
28+
var storePath = JsonConvert.DeserializeObject<StorePath>(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
2729
var inventoryItems = new List<CurrentInventoryItem>();
2830

2931
_logger.LogTrace($"Begin Inventory for Cert Store {$@"\\{config.CertificateStoreDetails.ClientMachine}\{config.CertificateStoreDetails.StorePath}"}");
3032

31-
WSManConnectionInfo connInfo = new WSManConnectionInfo(new Uri($"http://{config.CertificateStoreDetails.ClientMachine}:5985/wsman"));
33+
var connInfo = new WSManConnectionInfo(new Uri($"{storePath?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{storePath?.WinRmPort}/wsman"));
34+
_logger.LogTrace($"WinRm Url: {storePath?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{storePath?.WinRmPort}/wsman");
35+
3236
if (storePath != null)
3337
{
34-
SecureString pw = new NetworkCredential(config.ServerUsername, config.ServerPassword)
38+
var pw = new NetworkCredential(config.ServerUsername, config.ServerPassword)
3539
.SecurePassword;
40+
_logger.LogTrace($"Credentials: UserName:{config.ServerUsername} Password:{config.ServerPassword}");
3641
connInfo.Credential = new PSCredential(config.ServerUsername, pw);
42+
_logger.LogTrace($"PSCredential Created {pw}");
3743

38-
using Runspace runSpace = RunspaceFactory.CreateRunspace(connInfo);
44+
using var runSpace = RunspaceFactory.CreateRunspace(connInfo);
45+
_logger.LogTrace("runSpace Created");
3946
runSpace.Open();
40-
PowerShellCertStore psCertStore = new PowerShellCertStore(
47+
_logger.LogTrace("runSpace Opened");
48+
49+
var psCertStore = new PowerShellCertStore(
4150
config.CertificateStoreDetails.ClientMachine, config.CertificateStoreDetails.StorePath,
4251
runSpace);
43-
using (PowerShell ps = PowerShell.Create())
52+
_logger.LogTrace("psCertStore Created");
53+
54+
using (var ps = PowerShell.Create())
4455
{
4556
ps.Runspace = runSpace;
57+
_logger.LogTrace("RunSpace Created");
4658
ps.AddCommand("Import-Module")
4759
.AddParameter("Name", "WebAdministration")
4860
.AddStatement();
61+
_logger.LogTrace("WebAdministration Imported");
4962

5063
var searchScript = "Foreach($Site in get-website) { Foreach ($Bind in $Site.bindings.collection) {[pscustomobject]@{name=$Site.name;Protocol=$Bind.Protocol;Bindings=$Bind.BindingInformation;thumbprint=$Bind.certificateHash;sniFlg=$Bind.sslFlags}}}";
64+
_logger.LogTrace($"searchScript {searchScript}");
5165
ps.AddScript(searchScript).AddStatement();
66+
_logger.LogTrace("searchScript added...");
5267
var iisBindings = ps.Invoke();
53-
68+
_logger.LogTrace("iisBindings Created...");
69+
5470
if (ps.HadErrors)
5571
{
72+
_logger.LogTrace("ps Has Errors");
73+
var psError = ps.Streams.Error.ReadAll().Aggregate(String.Empty, (current, error) => current + error.ErrorDetails.Message);
74+
5675
return new JobResult
5776
{
5877
Result = OrchestratorJobStatusJobResult.Failure,
5978
JobHistoryId = config.JobHistoryId,
6079
FailureMessage =
61-
$"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: failed."
80+
$"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: failed with Error: {psError}"
6281
};
6382
}
6483

6584
if (iisBindings.Count == 0)
6685
{
86+
_logger.LogTrace("submitInventory About To Be Invoked No Bindings Found");
6787
submitInventory.Invoke(inventoryItems);
88+
_logger.LogTrace("submitInventory Invoked...");
6889
return new JobResult
6990
{
7091
Result = OrchestratorJobStatusJobResult.Warning,
@@ -77,32 +98,69 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
7798
//in theory should only be one, but keeping for future update to chance inventory
7899
foreach (var binding in iisBindings)
79100
{
101+
_logger.LogTrace("Looping Bindings...");
80102
var thumbPrint = $"{(binding.Properties["thumbprint"]?.Value)}";
103+
_logger.LogTrace($"thumbPrint: {thumbPrint}");
81104
if (string.IsNullOrEmpty(thumbPrint))
82105
continue;
83106

84107
var foundCert = psCertStore.Certificates.Find(m => m.Thumbprint.Equals(thumbPrint));
85-
108+
_logger.LogTrace($"foundCert: {foundCert?.CertificateData}");
109+
86110
if (foundCert == null)
87111
continue;
88112

113+
var sniValue = "";
114+
switch (Convert.ToInt16(binding.Properties["sniFlg"]?.Value))
115+
{
116+
case 0:
117+
sniValue = "0 - No SNI";
118+
break;
119+
case 1:
120+
sniValue = "1 - SNI Enabled";
121+
break;
122+
case 2:
123+
sniValue = "2 - Non SNI Binding";
124+
break;
125+
case 3:
126+
sniValue = "3 - SNI Binding";
127+
break;
128+
129+
}
130+
131+
_logger.LogTrace($"bindingSiteName: {binding.Properties["Name"]?.Value}, bindingIpAddress: {binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[0]}, bindingPort: {binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[1]}, bindingHostName: {binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[2]}, bindingProtocol: {binding.Properties["Protocol"]?.Value}, bindingSniFlg: {sniValue}");
132+
133+
var siteSettingsDict = new Dictionary<string, object>
134+
{
135+
{ "Site Name", binding.Properties["Name"]?.Value },
136+
{ "Port", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[1] },
137+
{ "IP Address", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[0] },
138+
{ "Host Name", binding.Properties["Bindings"]?.Value.ToString()?.Split(':')[2] },
139+
{ "Sni Flag", sniValue },
140+
{ "Protocol", binding.Properties["Protocol"]?.Value }
141+
};
142+
89143
inventoryItems.Add(
90144
new CurrentInventoryItem
91145
{
92-
Certificates = new[] {foundCert.CertificateData},
146+
Certificates = new[] { foundCert.CertificateData },
93147
Alias = thumbPrint,
94148
PrivateKeyEntry = foundCert.HasPrivateKey,
95149
UseChainLevel = false,
96-
ItemStatus = OrchestratorInventoryItemStatus.Unknown
150+
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
151+
Parameters = siteSettingsDict
97152
}
98153
);
99154
}
100155
}
101-
156+
_logger.LogTrace("closing runSpace...");
102157
runSpace.Close();
158+
_logger.LogTrace("runSpace closed...");
103159
}
104-
160+
_logger.LogTrace("Invoking Inventory..");
105161
submitInventory.Invoke(inventoryItems);
162+
_logger.LogTrace($"Inventory Invoked... {inventoryItems.Count} Items");
163+
106164
return new JobResult
107165
{
108166
Result = OrchestratorJobStatusJobResult.Success,
@@ -118,14 +176,14 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
118176
Result = OrchestratorJobStatusJobResult.Failure,
119177
JobHistoryId = config.JobHistoryId,
120178
FailureMessage =
121-
$"Unable to open remote certificate store: {psEx.Message}"
179+
$"Unable to open remote certificate store: {LogHandler.FlattenException(psEx)}"
122180
};
123181
}
124182
catch (Exception ex)
125183
{
126184
_logger.LogTrace(LogHandler.FlattenException(ex));
127185

128-
string failureMessage = $"Inventory job failed for Site '{config.CertificateStoreDetails.StorePath}' on server '{config.CertificateStoreDetails.ClientMachine}' with error: '{ex.Message}'";
186+
var failureMessage = $"Inventory job failed for Site '{config.CertificateStoreDetails.StorePath}' on server '{config.CertificateStoreDetails.ClientMachine}' with error: '{LogHandler.FlattenException(ex)}'";
129187
_logger.LogWarning(failureMessage);
130188

131189
return new JobResult
@@ -143,4 +201,4 @@ public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration, SubmitIn
143201
return PerformInventory(jobConfiguration, submitInventoryUpdate);
144202
}
145203
}
146-
}
204+
}

0 commit comments

Comments
 (0)