ab#55565

Author: leefine02

RemoteFile/RemoteCertificateStore.cs

@@ -24,13 +24,15 @@
 using Keyfactor.Logging;
 using System.Management.Automation;
 using System.Runtime.InteropServices;
+using Microsoft.CodeAnalysis.CSharp.Syntax;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     internal class RemoteCertificateStore
     {
         private const string NO_EXTENSION = "noext";
         private const string FULL_SCAN = "fullscan";
+        private const string LOCAL_MACHINE_SUFFIX = "|localmachine";
 
         internal enum ServerTypeEnum
         {
@@ -333,10 +335,12 @@ internal void Initialize()
         {
             logger.MethodEntry(LogLevel.Debug);
 
+            bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);
+
             if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
-                RemoteHandler = new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux);
+                RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux) as IRemoteHandler;
             else
-                RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword);
+                RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal);
 
             RemoteHandler.Initialize();
 

RemoteFile/RemoteFile.csproj

@@ -21,6 +21,7 @@
 
   <ItemGroup>
     <PackageReference Include="BouncyCastle.Cryptography" Version="2.3.0" />
+    <PackageReference Include="CliWrap" Version="3.6.6" />
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
     <PackageReference Include="Keyfactor.PKI" Version="5.0.0" />

RemoteFile/RemoteHandlers/BaseRemoteHandler.cs

@@ -8,6 +8,7 @@
 using Keyfactor.Logging;
 
 using Microsoft.Extensions.Logging;
+using System.Text.RegularExpressions;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
 {
@@ -16,6 +17,7 @@ abstract class BaseRemoteHandler : IRemoteHandler
         internal ILogger _logger;
         internal const string PASSWORD_MASK_VALUE = "[PASSWORD]";
         internal const int PASSWORD_LENGTH_MAX = 100;
+        internal const string LINUX_PERMISSION_REGEXP = "^[0-7]{3}$";
 
         public string Server { get; set; }
 
@@ -24,6 +26,13 @@ public BaseRemoteHandler()
             _logger = LogHandler.GetClassLogger(this.GetType());
         }
 
+        public static void AreLinuxPermissionsValid(string permissions)
+        {
+            Regex regex = new Regex(LINUX_PERMISSION_REGEXP);
+            if (!regex.IsMatch(permissions))
+                throw new RemoteFileException($"Invalid format for Linux file permissions.  This value must be exactly 3 digits long with each digit between 0-7 but found {permissions} instead.");
+        }
+
         public abstract void Initialize();
 
         public abstract void Terminate();

RemoteFile/RemoteHandlers/LinuxLocalHandler.cs

@@ -0,0 +1,166 @@
+// Copyright 2021 Keyfactor
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+// and limitations under the License.
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+
+using CliWrap;
+using CliWrap.Buffered;
+
+using Renci.SshNet;
+
+using Microsoft.Extensions.Logging;
+
+using Keyfactor.Logging;
+using Keyfactor.PKI.PrivateKeys;
+using Keyfactor.PKI.PEM;
+
+namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
+{
+    class LinuxLocalHandler : BaseRemoteHandler
+    {
+        private Command BaseCommand { get; set; }
+
+        internal LinuxLocalHandler()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override void Initialize()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+
+            BaseCommand = Cli.Wrap("/bin/bash");
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override void Terminate()
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override string RunCommand(string commandText, object[] arguments, bool withSudo, string[] passwordsToMaskInLog)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+
+            string sudo = $"echo -e '\n' | sudo -i -S ";
+
+            try
+            {
+                if (withSudo)
+                    commandText = sudo + commandText;
+
+                string displayCommand = commandText;
+                if (passwordsToMaskInLog != null)
+                {
+                    foreach (string password in passwordsToMaskInLog)
+                        displayCommand = displayCommand.Replace(password, PASSWORD_MASK_VALUE);
+                }
+
+                _logger.LogDebug($"RunCommand: {displayCommand}");
+
+                Command cmd = BaseCommand.WithArguments($@"-c ""{commandText}""");
+                BufferedCommandResult result = cmd.ExecuteBufferedAsync().GetAwaiter().GetResult();
+
+                _logger.LogDebug($"Linux Local Results: {displayCommand}::: {result.StandardOutput}::: {result.StandardError}");
+
+                if (!String.IsNullOrEmpty(result.StandardError))
+                    throw new ApplicationException(result.StandardError);
+
+                _logger.MethodExit(LogLevel.Debug);
+
+                return result.StandardOutput;
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Exception during RunCommand...{RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw ex;
+            }
+        }
+
+        public override void UploadCertificateFile(string path, string fileName, byte[] certBytes)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"UploadCertificateFile: {path}{fileName}");
+
+            string uploadPath = path+fileName;
+            
+            try
+            {
+                File.WriteAllBytes(uploadPath, certBytes);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Error attempting upload file to {uploadPath}...");
+                _logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw new RemoteFileException($"Error attempting upload file to {uploadPath}.", ex);
+            }
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override byte[] DownloadCertificateFile(string path)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"DownloadCertificateFile: {path}");
+
+            byte[] rtnStore = new byte[] { };
+
+            try
+            {
+                rtnStore = File.ReadAllBytes(path);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError($"Error attempting download file {path}...");
+                _logger.LogError($"Download Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
+                throw new RemoteFileException($"Error attempting download file {path}.", ex);
+            }
+
+            _logger.MethodExit(LogLevel.Debug);
+
+            return rtnStore;
+        }
+
+        public override void CreateEmptyStoreFile(string path, string linuxFilePermissions, string linuxFileOwner)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            string[] linuxGroupOwner = linuxFileOwner.Split(":");
+            string linuxFileGroup = linuxFileOwner;
+
+            if (linuxGroupOwner.Length == 2)
+            {
+                linuxFileOwner = linuxGroupOwner[0];
+                linuxFileGroup = linuxGroupOwner[1];
+            }
+
+            AreLinuxPermissionsValid(linuxFilePermissions);
+            RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} -g {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null);
+
+            _logger.MethodExit(LogLevel.Debug);
+        }
+
+        public override bool DoesFileExist(string path)
+        {
+            _logger.MethodEntry(LogLevel.Debug);
+            _logger.LogDebug($"DoesFileExist: {path}");
+
+            return File.Exists(path);
+        }
+
+        public override void RemoveCertificateFile(string path, string fileName)
+        {
+            _logger.LogDebug($"RemoveCertificateFile: {path} {fileName}");
+
+            RunCommand($"rm {path}{fileName}", null, ApplicationSettings.UseSudo, null);
+        }
+    }
+}

RemoteFile/RemoteHandlers/SSHHandler.cs

@@ -9,7 +9,6 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Security.Cryptography;
-using System.Text.RegularExpressions;
 using System.Text;
 
 using Renci.SshNet;
@@ -19,15 +18,12 @@
 using Keyfactor.Logging;
 using Keyfactor.PKI.PrivateKeys;
 using Keyfactor.PKI.PEM;
-using System.Runtime.InteropServices;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
 {
     class SSHHandler : BaseRemoteHandler
     {
-        private const string LINUX_PERMISSION_REGEXP = "^[0-7]{3}$";
         private ConnectionInfo Connection { get; set; }
-        private bool RunLocal { get; set; }
         private bool IsStoreServerLinux { get; set; }
 
         private SshClient sshClient;
@@ -37,59 +33,52 @@ internal SSHHandler(string server, string serverLogin, string serverPassword, bo
             _logger.MethodEntry(LogLevel.Debug);
 
             Server = server;
-            RunLocal = Server.ToLower() == "localhost" || Server.ToLower().EndsWith("|localmachine");
             IsStoreServerLinux = isStoreServerLinux;
 
-            if (!RunLocal)
+            List<AuthenticationMethod> authenticationMethods = new List<AuthenticationMethod>();
+            if (serverPassword.Length < PASSWORD_LENGTH_MAX)
             {
-                List<AuthenticationMethod> authenticationMethods = new List<AuthenticationMethod>();
-                if (serverPassword.Length < PASSWORD_LENGTH_MAX)
-                {
-                    authenticationMethods.Add(new PasswordAuthenticationMethod(serverLogin, serverPassword));
-                }
-                else
-                {
-                    PrivateKeyFile privateKeyFile;
+                authenticationMethods.Add(new PasswordAuthenticationMethod(serverLogin, serverPassword));
+            }
+            else
+            {
+                PrivateKeyFile privateKeyFile;
 
-                    try
+                try
+                {
+                    using (MemoryStream ms = new MemoryStream(Encoding.ASCII.GetBytes(FormatRSAPrivateKey(serverPassword))))
                     {
-                        using (MemoryStream ms = new MemoryStream(Encoding.ASCII.GetBytes(FormatRSAPrivateKey(serverPassword))))
-                        {
-                            privateKeyFile = new PrivateKeyFile(ms);
-                        }
+                        privateKeyFile = new PrivateKeyFile(ms);
                     }
-                    catch (Exception ex)
+                }
+                catch (Exception ex)
+                {
+                    using (MemoryStream ms = new MemoryStream(Encoding.ASCII.GetBytes(ConvertToPKCS1(serverPassword))))
                     {
-                        using (MemoryStream ms = new MemoryStream(Encoding.ASCII.GetBytes(ConvertToPKCS1(serverPassword))))
-                        {
-                            privateKeyFile = new PrivateKeyFile(ms);
-                        }
+                        privateKeyFile = new PrivateKeyFile(ms);
                     }
-
-                    authenticationMethods.Add(new PrivateKeyAuthenticationMethod(serverLogin, privateKeyFile));
                 }
 
-                Connection = new ConnectionInfo(server, serverLogin, authenticationMethods.ToArray());
+                authenticationMethods.Add(new PrivateKeyAuthenticationMethod(serverLogin, privateKeyFile));
             }
 
+            Connection = new ConnectionInfo(server, serverLogin, authenticationMethods.ToArray());
+
             _logger.MethodExit(LogLevel.Debug);
         }
 
         public override void Initialize()
         {
             _logger.MethodEntry(LogLevel.Debug);
 
-            if (!RunLocal)
+            try
             {
-                try
-                {
-                    sshClient = new SshClient(Connection);
-                    sshClient.Connect();
-                }
-                catch (Exception ex)
-                {
-                    throw new RemoteFileException($"Error making a SSH connection to remote server {Connection.Host}, for user {Connection.Username}.  Please contact your company's system administrator to verify connection and permission settings.", ex);
-                }
+                sshClient = new SshClient(Connection);
+                sshClient.Connect();
+            }
+            catch (Exception ex)
+            {
+                throw new RemoteFileException($"Error making a SSH connection to remote server {Connection.Host}, for user {Connection.Username}.  Please contact your company's system administrator to verify connection and permission settings.", ex);
             }
 
             _logger.MethodExit(LogLevel.Debug);
@@ -99,19 +88,15 @@ public override void Terminate()
         {
             _logger.MethodEntry(LogLevel.Debug);
 
-            if (!RunLocal)
-            {
-                sshClient.Disconnect();
-                sshClient.Dispose();
-            }
+            sshClient.Disconnect();
+            sshClient.Dispose();
 
             _logger.MethodExit(LogLevel.Debug);
         }
 
         public override string RunCommand(string commandText, object[] arguments, bool withSudo, string[] passwordsToMaskInLog)
         {
             _logger.MethodEntry(LogLevel.Debug);
-            _logger.LogDebug($"RunCommand: {commandText}");
 
             string sudo = $"sudo -i -S ";
             string echo = $"echo -e '\n' | ";
@@ -381,13 +366,6 @@ public override bool DoesFileExist(string path)
             }
         }
 
-        public static void AreLinuxPermissionsValid(string permissions)
-        {
-            Regex regex = new Regex(LINUX_PERMISSION_REGEXP);
-            if (!regex.IsMatch(permissions))
-                throw new RemoteFileException($"Invalid format for Linux file permissions.  This value must be exactly 3 digits long with each digit between 0-7 but found {permissions} instead.");
-        }
-
         public override void RemoveCertificateFile(string path, string fileName)
         {
             _logger.LogDebug($"RemoveCertificateFile: {path} {fileName}");

RemoteFile/RemoteHandlers/WinRMHandler.cs

@@ -28,12 +28,12 @@ class WinRMHandler : BaseRemoteHandler
         private WSManConnectionInfo connectionInfo { get; set; }
         private bool RunLocal { get; set; }
 
-        internal WinRMHandler(string server, string serverLogin, string serverPassword)
+        internal WinRMHandler(string server, string serverLogin, string serverPassword, bool treatAsLocal)
         {
             _logger.MethodEntry(LogLevel.Debug);
 
             Server = server;
-            RunLocal = Server.ToLower() == "localhost" || Server.ToLower().EndsWith("|localmachine");
+            RunLocal = Server.ToLower() == "localhost" || treatAsLocal;
 
             if (!RunLocal)
             {