ab#55979

Author: Lee Fine

CHANGELOG.md

@@ -1,3 +1,10 @@
+v2.10.0
+- Added support for Eliptical Curve (EC) private keys for RFPEM.
+- For Linux hosted certificate stores, added ability to inherit file permissions and ownership when creating new stores by modifying default behavior when config.json and certificate store permissions/ownership settings are left empty.
+- Added new custom field to store type definitions - IncludePortInSPN - which will set this option when creating remote Powershell connections.
+- Fixed documentation error in Discovery section
+- Added RemoveRootCertificate custom field to integration-manifest.json.  This option was previously added in v2.8.0 but never added to the integration-manifest.json.
+
 v2.9.1 
 - Bug Fix: Use AES encryption when creating PKCS12 files instead of less secure defaults
 

RemoteFile/InventoryBase.cs

@@ -51,8 +51,11 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                 string sudoImpersonatedUser = properties.SudoImpersonatedUser == null || string.IsNullOrEmpty(properties.SudoImpersonatedUser.Value) ?
                     ApplicationSettings.DefaultSudoImpersonatedUser :
                     properties.SudoImpersonatedUser.Value;
+                bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
+                    false :
+                    Convert.ToBoolean(properties.IncludePortInSPN.Value);
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
                 certificateStore.LoadCertificateStore(certificateStoreSerializer, true);
 

RemoteFile/ManagementBase.cs

@@ -53,8 +53,11 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 bool removeRootCertificate = properties.RemoveRootCertificate == null || string.IsNullOrEmpty(properties.RemoveRootCertificate.Value) ?
                     false :
                     Convert.ToBoolean(properties.RemoveRootCertificate.Value);
+                bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
+                    false :
+                    Convert.ToBoolean(properties.IncludePortInSPN.Value);
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
 
                 PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);

RemoteFile/ReenrollmentBase.cs

@@ -71,6 +71,9 @@ public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenr
                 bool removeRootCertificate = properties.RemoveRootCertificate == null || string.IsNullOrEmpty(properties.RemoveRootCertificate.Value) ?
                     false :
                     Convert.ToBoolean(properties.RemoveRootCertificate.Value);
+                bool includePortInSPN = properties.IncludePortInSPN == null || string.IsNullOrEmpty(properties.IncludePortInSPN.Value) ?
+                    false :
+                    Convert.ToBoolean(properties.IncludePortInSPN.Value);
                 bool createCSROnDevice = properties.CreateCSROnDevice == null || string.IsNullOrEmpty(properties.CreateCSROnDevice.Value) ?
                     ApplicationSettings.CreateCSROnDevice :
                     Convert.ToBoolean(properties.CreateCSROnDevice.Value);
@@ -90,7 +93,7 @@ public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenr
                     throw new RemoteFileException($"Unsupported KeyType value {keyType}.  Supported types are {keyTypes}.");
                 }
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
 
                 PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);

RemoteFile/RemoteCertificateStore.cs

@@ -54,14 +54,15 @@ internal enum ServerTypeEnum
         internal ServerTypeEnum ServerType { get; set; }
         internal List<string> DiscoveredStores { get; set; }
         internal string UploadFilePath { get; set; }
+        internal bool IncludePortInSPN { get; set; }
 
         private Pkcs12Store CertificateStore;
         private ILogger logger;
 
 
         internal RemoteCertificateStore() { }
 
-        internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, Dictionary<string, object> jobProperties)
+        internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, bool includePortInSPN)
         {
             logger = LogHandler.GetClassLogger(this.GetType());
             logger.MethodEntry(LogLevel.Debug);
@@ -77,6 +78,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
             StorePassword = storePassword;
             ServerType = StorePath.Substring(0, 1) == "/" ? ServerTypeEnum.Linux : ServerTypeEnum.Windows;
             UploadFilePath = !string.IsNullOrEmpty(ApplicationSettings.SeparateUploadFilePath) && ServerType == ServerTypeEnum.Linux ? ApplicationSettings.SeparateUploadFilePath : StorePath;
+            IncludePortInSPN = includePortInSPN;
             logger.LogDebug($"UploadFilePath: {UploadFilePath}");
 
             if (!IsValueSafeRegex(StorePath + StoreFileName))
@@ -452,9 +454,14 @@ internal void Initialize(string sudoImpersonatedUser)
             bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);
 
             if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+            {
                 RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux, sudoImpersonatedUser) as IRemoteHandler;
+            }
             else
+            {
                 RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal);
+                ((WinRMHandler)RemoteHandler).SetIncludeSPN(IncludePortInSPN);
+            }
 
             logger.MethodExit(LogLevel.Debug);
         }

RemoteFile/RemoteHandlers/WinRMHandler.cs

@@ -142,6 +142,11 @@ public override string RunCommand(string commandText, object[] parameters, bool
             }
         }
 
+        public void SetIncludeSPN(bool includePortInSPN)
+        {
+            connectionInfo.IncludePortInSPN = includePortInSPN;
+        }
+
         private byte[] RunCommandBinary(string commandText)
         {
             _logger.MethodEntry(LogLevel.Debug);