ab#55979

Lee Fine · Lee Fine · commit fd49a7783742 · 2025-02-13T16:02:40.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,8 @@
 v2.10.0
 - Added support for Eliptical Curve (EC) private keys for RFPEM.
 - For Linux hosted certificate stores, added ability to inherit file permissions and ownership when creating new stores by modifying default behavior when config.json and certificate store permissions/ownership settings are left empty.
-- Added new custom field to store type definitions - IncludePortInSPN - which will set this option when creating remote Powershell connections.
+- Added new optional custom field to store type definitions - IncludePortInSPN - which will set this option when creating remote Powershell connections.
+- Added new optional custom field to store type definitions - FileTransferProtocol - which will act as a store level override to the config.json setting.
 - Fixed documentation error in Discovery section
 - Added RemoveRootCertificate custom field to integration-manifest.json.  This option was previously added in v2.8.0 but never added to the integration-manifest.json.
 
diff --git a/RemoteFile/InventoryBase.cs b/RemoteFile/InventoryBase.cs
@@ -55,7 +55,13 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                     false :
                     Convert.ToBoolean(properties.IncludePortInSPN.Value);
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
+                ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
+                if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
+                {
+                    Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
+                }
+
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
                 certificateStore.LoadCertificateStore(certificateStoreSerializer, true);
 
diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs
@@ -57,7 +57,13 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                     false :
                     Convert.ToBoolean(properties.IncludePortInSPN.Value);
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
+                ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
+                if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
+                {
+                    Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
+                }
+
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
 
                 PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
diff --git a/RemoteFile/ReenrollmentBase.cs b/RemoteFile/ReenrollmentBase.cs
@@ -93,7 +93,13 @@ public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenr
                     throw new RemoteFileException($"Unsupported KeyType value {keyType}.  Supported types are {keyTypes}.");
                 }
 
-                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, includePortInSPN);
+                ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
+                if (properties.FileTransferProtocol != null && !string.IsNullOrEmpty(properties.FileTransferProtocol.Value))
+                {
+                    Enum.TryParse(properties.FileTransferProtocol.Value, out fileTransferProtocol);
+                }
+
+                certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, fileTransferProtocol, includePortInSPN);
                 certificateStore.Initialize(sudoImpersonatedUser);
 
                 PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
@@ -54,6 +54,7 @@ internal enum ServerTypeEnum
         internal ServerTypeEnum ServerType { get; set; }
         internal List<string> DiscoveredStores { get; set; }
         internal string UploadFilePath { get; set; }
+        internal ApplicationSettings.FileTransferProtocolEnum FileTransferProtocol { get; set; }
         internal bool IncludePortInSPN { get; set; }
         
         private Pkcs12Store CertificateStore;
@@ -62,7 +63,7 @@ internal enum ServerTypeEnum
 
         internal RemoteCertificateStore() { }
 
-        internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, bool includePortInSPN)
+        internal RemoteCertificateStore(string server, string serverId, string serverPassword, string storeFileAndPath, string storePassword, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, bool includePortInSPN)
         {
             logger = LogHandler.GetClassLogger(this.GetType());
             logger.MethodEntry(LogLevel.Debug);
@@ -78,6 +79,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
             StorePassword = storePassword;
             ServerType = StorePath.Substring(0, 1) == "/" ? ServerTypeEnum.Linux : ServerTypeEnum.Windows;
             UploadFilePath = !string.IsNullOrEmpty(ApplicationSettings.SeparateUploadFilePath) && ServerType == ServerTypeEnum.Linux ? ApplicationSettings.SeparateUploadFilePath : StorePath;
+            FileTransferProtocol = fileTransferProtocol;
             IncludePortInSPN = includePortInSPN;
             logger.LogDebug($"UploadFilePath: {UploadFilePath}");
 
@@ -454,7 +456,7 @@ internal void Initialize(string sudoImpersonatedUser)
             bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);
 
             if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
-                RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux, sudoImpersonatedUser) as IRemoteHandler;
+                RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux, FileTransferProtocol, sudoImpersonatedUser) as IRemoteHandler;
             else
                 RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal, IncludePortInSPN);
 
diff --git a/RemoteFile/RemoteHandlers/SSHHandler.cs b/RemoteFile/RemoteHandlers/SSHHandler.cs
@@ -28,17 +28,19 @@ class SSHHandler : BaseRemoteHandler
     {
         private ConnectionInfo Connection { get; set; }
         private string SudoImpersonatedUser { get; set; }
+        private ApplicationSettings.FileTransferProtocolEnum FileTransferProtocol { get; set; }
         private bool IsStoreServerLinux { get; set; }
         private string UserId { get; set; }
         private string Password { get; set; }
         private SshClient sshClient;
 
-        internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, string sudoImpersonatedUser)
+        internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, string sudoImpersonatedUser)
         {
             _logger.MethodEntry(LogLevel.Debug);
             
             Server = server;
             SudoImpersonatedUser = sudoImpersonatedUser;
+            FileTransferProtocol = fileTransferProtocol;
             IsStoreServerLinux = isStoreServerLinux;
             UserId = serverLogin;
             Password = serverPassword;
@@ -167,7 +169,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]
 
             bool scpError = false;
 
-            if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both || ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)
+            if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both || FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)
             {
                 using (ScpClient client = new ScpClient(Connection))
                 {
@@ -186,7 +188,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]
                         scpError = true;
                         _logger.LogError("Exception during SCP upload...");
                         _logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
-                        if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)
+                        if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)
                             _logger.LogDebug($"SCP upload failed.  Attempting with SFTP protocol...");
                         else
                             throw new RemoteFileException("Error attempting SCP file transfer to {Connection.Host} using login {Connection.Username} and connection method {Connection.AuthenticationMethods[0].Name}.  Please contact your company's system administrator to verify connection and permission settings.", ex);
@@ -198,7 +200,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]
                 }
             }
 
-            if ((ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) || ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)
+            if ((FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) || FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)
             {
                 using (SftpClient client = new SftpClient(Connection))
                 {
@@ -256,7 +258,7 @@ public override byte[] DownloadCertificateFile(string path)
 
             bool scpError = false;
 
-            if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both || ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)
+            if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both || FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)
             {
                 using (ScpClient client = new ScpClient(Connection))
                 {
@@ -276,7 +278,7 @@ public override byte[] DownloadCertificateFile(string path)
                         scpError = true;
                         _logger.LogError("Exception during SCP download...");
                         _logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
-                        if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)
+                        if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)
                             _logger.LogDebug($"SCP download failed.  Attempting with SFTP protocol...");
                         else
                             throw new RemoteFileException($"Error attempting SCP file transfer from {Connection.Host} using login {Connection.Username} and connection method {Connection.AuthenticationMethods[0].Name}.  Please contact your company's system administrator to verify connection and permission settings.", ex);
@@ -288,7 +290,7 @@ public override byte[] DownloadCertificateFile(string path)
                 }
             }
 
-            if ((ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) || ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)
+            if ((FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) || FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)
             {
                 using (SftpClient client = new SftpClient(Connection))
                 {
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -105,6 +105,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],
@@ -237,6 +246,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],
@@ -333,6 +351,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],
@@ -438,6 +465,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],
@@ -534,6 +570,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],
@@ -639,6 +684,15 @@
                       "Type": "Bool",
                       "DefaultValue": "False",
                       "Description": "Internally set the -IncludePortInSPN option when creating the remote PowerShell connection. Needed for some Kerberos configurations."
+                    },
+                    {
+                      "Name": "FileTransferProtocol",
+                      "DisplayName": "File Transfer Protocol to Use",
+                      "Required": false,
+                      "DependsOn": "",
+                      "Type": "MultipleChoice",
+                      "DefaultValue": "SCP,SFTP,Both",
+                      "Description": "Which protocol should be used when uploading/downloading files - SCP, SFTP, or Both (try one, and then if necessary, the other)."
                     }
                   ],
                     "EntryParameters": [],

Original file line number	Diff line number	Diff line change
`@@ -28,17 +28,19 @@ class SSHHandler : BaseRemoteHandler`
`28`	`28`	`{`
`29`	`29`	`private ConnectionInfo Connection { get; set; }`
`30`	`30`	`private string SudoImpersonatedUser { get; set; }`
	`31`	`+ private ApplicationSettings.FileTransferProtocolEnum FileTransferProtocol { get; set; }`
`31`	`32`	`private bool IsStoreServerLinux { get; set; }`
`32`	`33`	`private string UserId { get; set; }`
`33`	`34`	`private string Password { get; set; }`
`34`	`35`	`private SshClient sshClient;`
`35`	`36`
`36`		`- internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, string sudoImpersonatedUser)`
	`37`	`+ internal SSHHandler(string server, string serverLogin, string serverPassword, bool isStoreServerLinux, ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol, string sudoImpersonatedUser)`
`37`	`38`	`{`
`38`	`39`	`_logger.MethodEntry(LogLevel.Debug);`
`39`	`40`
`40`	`41`	`Server = server;`
`41`	`42`	`SudoImpersonatedUser = sudoImpersonatedUser;`
	`43`	`+ FileTransferProtocol = fileTransferProtocol;`
`42`	`44`	`IsStoreServerLinux = isStoreServerLinux;`
`43`	`45`	`UserId = serverLogin;`
`44`	`46`	`Password = serverPassword;`
`@@ -167,7 +169,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]`
`167`	`169`
`168`	`170`	`bool scpError = false;`
`169`	`171`
`170`		`- if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both \|\| ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)`
	`172`	`+ if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both \|\| FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)`
`171`	`173`	`{`
`172`	`174`	`using (ScpClient client = new ScpClient(Connection))`
`173`	`175`	`{`
`@@ -186,7 +188,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]`
`186`	`188`	`scpError = true;`
`187`	`189`	`_logger.LogError("Exception during SCP upload...");`
`188`	`190`	`_logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");`
`189`		`- if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)`
	`191`	`+ if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)`
`190`	`192`	`_logger.LogDebug($"SCP upload failed. Attempting with SFTP protocol...");`
`191`	`193`	`else`
`192`	`194`	`throw new RemoteFileException("Error attempting SCP file transfer to {Connection.Host} using login {Connection.Username} and connection method {Connection.AuthenticationMethods[0].Name}. Please contact your company's system administrator to verify connection and permission settings.", ex);`
`@@ -198,7 +200,7 @@ public override void UploadCertificateFile(string path, string fileName, byte[]`
`198`	`200`	`}`
`199`	`201`	`}`
`200`	`202`
`201`		`- if ((ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) \|\| ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)`
	`203`	`+ if ((FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) \|\| FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)`
`202`	`204`	`{`
`203`	`205`	`using (SftpClient client = new SftpClient(Connection))`
`204`	`206`	`{`
`@@ -256,7 +258,7 @@ public override byte[] DownloadCertificateFile(string path)`
`256`	`258`
`257`	`259`	`bool scpError = false;`
`258`	`260`
`259`		`- if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both \|\| ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)`
	`261`	`+ if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both \|\| FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SCP)`
`260`	`262`	`{`
`261`	`263`	`using (ScpClient client = new ScpClient(Connection))`
`262`	`264`	`{`
`@@ -276,7 +278,7 @@ public override byte[] DownloadCertificateFile(string path)`
`276`	`278`	`scpError = true;`
`277`	`279`	`_logger.LogError("Exception during SCP download...");`
`278`	`280`	`_logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");`
`279`		`- if (ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)`
	`281`	`+ if (FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both)`
`280`	`282`	`_logger.LogDebug($"SCP download failed. Attempting with SFTP protocol...");`
`281`	`283`	`else`
`282`	`284`	`throw new RemoteFileException($"Error attempting SCP file transfer from {Connection.Host} using login {Connection.Username} and connection method {Connection.AuthenticationMethods[0].Name}. Please contact your company's system administrator to verify connection and permission settings.", ex);`
`@@ -288,7 +290,7 @@ public override byte[] DownloadCertificateFile(string path)`
`288`	`290`	`}`
`289`	`291`	`}`
`290`	`292`
`291`		`- if ((ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) \|\| ApplicationSettings.FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)`
	`293`	`+ if ((FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.Both && scpError) \|\| FileTransferProtocol == ApplicationSettings.FileTransferProtocolEnum.SFTP)`
`292`	`294`	`{`
`293`	`295`	`using (SftpClient client = new SftpClient(Connection))`
`294`	`296`	`{`