Merge branch 'ab#55565' into release-2.6

Author: fiddlermikey

RemoteFile/RemoteCertificateStore.cs

@@ -23,13 +23,16 @@
 using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
 using Keyfactor.Logging;
 using System.Management.Automation;
+using System.Runtime.InteropServices;
+using Microsoft.CodeAnalysis.CSharp.Syntax;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     internal class RemoteCertificateStore
     {
         private const string NO_EXTENSION = "noext";
         private const string FULL_SCAN = "fullscan";
+        private const string LOCAL_MACHINE_SUFFIX = "|localmachine";
 
         internal enum ServerTypeEnum
         {
@@ -340,10 +343,12 @@ internal void Initialize(string sudoImpersonatedUser)
         {
             logger.MethodEntry(LogLevel.Debug);
 
-            if (ServerType == ServerTypeEnum.Linux)
-                RemoteHandler = new SSHHandler(Server, ServerId, ServerPassword, sudoImpersonatedUser);
+            bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);
+
+            if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+                RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux) as IRemoteHandler;
             else
-                RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword);
+                RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal);
 
             RemoteHandler.Initialize();
 
@@ -389,10 +394,10 @@ private List<string> FindStoresLinux(string[] paths, string[] extensions, string
                 {
                     foreach (string fileName in fileNames)
                     {
-                        command += (command.IndexOf("-iname") == -1 ? string.Empty : "-or ");
-                        command += $"-iname '{fileName.Trim()}";
+                        command += (command.IndexOf("-name") == -1 ? string.Empty : "-or ");
+                        command += $"-name '{fileName.Trim()}";
                         if (extension.ToLower() == NO_EXTENSION)
-                            command += $"' ! -iname '*.*' ";
+                            command += $"' ! -name '*.*' ";
                         else
                             command += $".{extension.Trim()}' ";
                     }

RemoteFile/RemoteFile.csproj

@@ -6,13 +6,22 @@
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
   </PropertyGroup>
 
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <DebugType>none</DebugType>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+    <DebugType>none</DebugType>
+  </PropertyGroup>
+
   <ItemGroup>
     <Compile Remove="ImplementedStoreTypes\JKS\JksStore.cs" />
     <Compile Remove="RemoteHandlers\SSHHelper.cs" />
   </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="BouncyCastle.Cryptography" Version="2.3.0" />
+    <PackageReference Include="CliWrap" Version="3.6.6" />
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="5.0.0" />

RemoteFile/RemoteHandlers/BaseRemoteHandler.cs

@@ -8,6 +8,7 @@
 using Keyfactor.Logging;
 
 using Microsoft.Extensions.Logging;
+using System.Text.RegularExpressions;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
 {
@@ -16,6 +17,7 @@ abstract class BaseRemoteHandler : IRemoteHandler
         internal ILogger _logger;
         internal const string PASSWORD_MASK_VALUE = "[PASSWORD]";
         internal const int PASSWORD_LENGTH_MAX = 100;
+        internal const string LINUX_PERMISSION_REGEXP = "^[0-7]{3}$";
 
         public string Server { get; set; }
 
@@ -24,6 +26,13 @@ public BaseRemoteHandler()
             _logger = LogHandler.GetClassLogger(this.GetType());
         }
 
+        public static void AreLinuxPermissionsValid(string permissions)
+        {
+            Regex regex = new Regex(LINUX_PERMISSION_REGEXP);
+            if (!regex.IsMatch(permissions))
+                throw new RemoteFileException($"Invalid format for Linux file permissions.  This value must be exactly 3 digits long with each digit between 0-7 but found {permissions} instead.");
+        }
+
         public abstract void Initialize();
 
         public abstract void Terminate();

RemoteFile/RemoteHandlers/LinuxLocalHandler.cs

@@ -0,0 +1,166 @@
+// Copyright 2021 Keyfactor
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+// and limitations under the License.
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+
+using CliWrap;
+using CliWrap.Buffered;
+
+using Renci.SshNet;
+
+using Microsoft.Extensions.Logging;
+
+using Keyfactor.Logging;
+using Keyfactor.PKI.PrivateKeys;
+using Keyfactor.PKI.PEM;
+
+namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
+{
+    class LinuxLocalHandler : BaseRemoteHandler
+    {
+        private Command BaseCommand { get; set; }
+
+        internal LinuxLocalHandler()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override void Initialize()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+
+            BaseCommand = Cli.Wrap("/bin/bash");
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override void Terminate()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override string RunCommand(string commandText, object[] arguments, bool withSudo, string[] passwordsToMaskInLog)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+
+            string sudo = $"echo -e '\n' | sudo -i -S ";
+
+            try
+            {
+                if (withSudo)
+                    commandText = sudo + commandText;
+
+                string displayCommand = commandText;
+                if (passwordsToMaskInLog != null)
+                {
+                    foreach (string password in passwordsToMaskInLog)
+                        displayCommand = displayCommand.Replace(password, PASSWORD_MASK_VALUE);
+                }
+
+                _logger.LogDebug($"RunCommand: {displayCommand}");
+
+                Command cmd = BaseCommand.WithArguments($@"-c ""{commandText}""");
+                BufferedCommandResult result = cmd.ExecuteBufferedAsync().GetAwaiter().GetResult();
+
+                _logger.LogDebug($"Linux Local Results: {displayCommand}::: {result.StandardOutput}::: {result.StandardError}");
+
+                if (!String.IsNullOrEmpty(result.StandardError))
+                    throw new ApplicationException(result.StandardError);
+
+                _logger.MethodExit(LogLevel.Debug);
+
+                return result.StandardOutput;
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Exception during RunCommand...{RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw ex;
+            }
+        }
+
+        public override void UploadCertificateFile(string path, string fileName, byte[] certBytes)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"UploadCertificateFile: {path}{fileName}");
+
+            string uploadPath = path+fileName;
+            
+            try
+            {
+                File.WriteAllBytes(uploadPath, certBytes);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Error attempting upload file to {uploadPath}...");
+                _logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw new RemoteFileException($"Error attempting upload file to {uploadPath}.", ex);
+            }
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override byte[] DownloadCertificateFile(string path)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"DownloadCertificateFile: {path}");
+
+            byte[] rtnStore = new byte[] { };
+
+            try
+            {
+                rtnStore = File.ReadAllBytes(path);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Error attempting download file {path}...");
+                _logger.LogError($"Download Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw new RemoteFileException($"Error attempting download file {path}.", ex);
+            }
+
+            _logger.MethodExit(LogLevel.Debug);
+
+            return rtnStore;
+        }
+
+        public override void CreateEmptyStoreFile(string path, string linuxFilePermissions, string linuxFileOwner)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            string[] linuxGroupOwner = linuxFileOwner.Split(":");
+            string linuxFileGroup = linuxFileOwner;
+
+            if (linuxGroupOwner.Length == 2)
+            {
+                linuxFileOwner = linuxGroupOwner[0];
+                linuxFileGroup = linuxGroupOwner[1];
+            }
+
+            AreLinuxPermissionsValid(linuxFilePermissions);
+            RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} -g {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null);
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override bool DoesFileExist(string path)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"DoesFileExist: {path}");
+
+            return File.Exists(path);
+        }
+
+        public override void RemoveCertificateFile(string path, string fileName)
+        {
+            _logger.LogDebug($"RemoveCertificateFile: {path} {fileName}");
+
+            RunCommand($"rm {path}{fileName}", null, ApplicationSettings.UseSudo, null);
+        }
+    }
+}