Win cert changes (#49) (#50)

* Win cert changes (#49)

* Refactored code adding Windows cert store logic, including renaming IISU to WinIIS.

* Added PowerShell class to perform get-childitem from cert store

* Refactored code allowing multiple types of Cert Stores, including Win Cert and IIS (WebHosting) Cert Stores.

* Update generated README

* Fixed a problem adding certs to a cert store that had a space in the name (ie. Remote Desktop)

* Updated Change Log.

* Removed logging of PAM credentials which was logging the info in plain text. (#55)

* Created custom Configuration Property Parser  (#57)

* Created custom Configuration Property Parser so not to display or log passwords.

* Masked Private Ket Password

* Modified logging to write out as JSON object

* adding store-type definitions for `WinCert` and `IISU`

* Updated ReadMe to better reflect IISU and WinCert settings.

* Update generated README

* Updated Cert Stores and images

* Replaced Images

Author: fiddlermikey

CHANGELOG.md

@@ -1,6 +1,10 @@
-2.0.1
+2.1.0
 * Fixed issue that was occuring during renewal when there were bindings outside of http and https like net.tcp
 * Added PAM registration/initialization documentation in README.md
+* Resolved Null HostName error 
+* Added WinCert Cert Store Type
+* Added custom property parser to not show any passwords
+* Removed any password references in trace logs and output settings in JSON format
 
 2.0.0
 * Add support for reenrollment jobs (On Device Key Generation) with the ability to specify a cryptographic provider. Specification of cryptographic provider allows HSM (Hardware Security Module) use.

IISU/ClientPSCertStoreManager.cs

@@ -78,6 +78,7 @@ function InstallPfxToMachineStore([byte[]]$bytes, [string]$password, [string]$st
                             $certStore.Open(5)
                             $cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $bytes, $password, 18 <# Persist, Machine #>
                             $certStore.Add($cert)
+
                             $certStore.Close();
                         }";
 

IISU/ClientPSCertStoreReEnrollment.cs

@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS;
 using Keyfactor.Logging;
 using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
@@ -34,8 +33,8 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore
 {
     internal class ClientPSCertStoreReEnrollment
     {
-        private ILogger _logger;
-        private IPAMSecretResolver _resolver;
+        private readonly ILogger _logger;
+        private readonly IPAMSecretResolver _resolver;
 
         public ClientPSCertStoreReEnrollment(ILogger logger, IPAMSecretResolver resolver)
         {
@@ -59,8 +58,10 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit
                 JobProperties properties = JsonConvert.DeserializeObject<JobProperties>(config.CertificateStoreDetails.Properties,
                     new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate });
 
-                WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman"));
-                connectionInfo.IncludePortInSPN = properties.SpnPortFlag;
+                WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman"))
+                {
+                    IncludePortInSPN = properties.SpnPortFlag
+                };
                 var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
                 _logger.LogTrace($"Credentials: UserName:{serverUserName}");
 
@@ -91,7 +92,7 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit
                 Collection<PSObject> results;
 
                 // If the provider name is null, default it to the Microsoft CA
-                if (providerName == null) providerName = "Microsoft Strong Cryptographic Provider";
+                providerName ??= "Microsoft Strong Cryptographic Provider";
 
                 // Create the script file
                 ps.AddScript("$infFilename = New-TemporaryFile");

IISU/ClientPSIIManager.cs

@@ -50,8 +50,8 @@ internal class ClientPSIIManager
 
         private long JobHistoryID { get; set; }
 
-        private ILogger _logger;
-        private Runspace _runSpace;
+        private readonly ILogger _logger;
+        private readonly Runspace _runSpace;
 
         private PowerShell ps;
 
@@ -82,7 +82,7 @@ public ClientPSIIManager(ReenrollmentJobConfiguration config, string serverUsern
                 Port = config.JobProperties["Port"].ToString();
                 HostName = config.JobProperties["HostName"]?.ToString();
                 Protocol = config.JobProperties["Protocol"].ToString();
-                SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1);
+                SniFlag = config.JobProperties["SniFlag"]?.ToString()[..1];
                 IPAddress = config.JobProperties["IPAddress"].ToString();
 
                 PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password
@@ -119,7 +119,7 @@ public ClientPSIIManager(ManagementJobConfiguration config, string serverUsernam
                 Port = config.JobProperties["Port"].ToString();
                 HostName = config.JobProperties["HostName"]?.ToString();
                 Protocol = config.JobProperties["Protocol"].ToString();
-                SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1);
+                SniFlag = config.JobProperties["SniFlag"].ToString()?[..1];
                 IPAddress = config.JobProperties["IPAddress"].ToString();
 
                 PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password

IISU/ImplementedStoreTypes/Win/Inventory.cs

@@ -25,7 +25,7 @@
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
     public class Inventory : WinCertJobTypeBase, IInventoryJobExtension
     {
@@ -55,7 +55,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
             {
                 var inventoryItems = new List<CurrentInventoryItem>();
 
-                _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
+                _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config));
 
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);

IISU/ImplementedStoreTypes/Win/Management.cs

@@ -24,7 +24,7 @@
 using System.Net;
 using Keyfactor.Logging;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
     public class Management : WinCertJobTypeBase, IManagementJobExtension
     {
@@ -47,11 +47,13 @@ public Management(IPAMSecretResolver resolver)
 
         public JobResult ProcessJob(ManagementJobConfiguration config)
         {
-            _logger = LogHandler.GetClassLogger<Management>();
-            _logger.MethodEntry();
-
             try
             {
+                _logger = LogHandler.GetClassLogger<Management>();
+                _logger.MethodEntry();
+
+                _logger.LogTrace(JobConfigurationParser.ParseManagementJobConfiguration(config));
+
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);
 
@@ -112,56 +114,6 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
             }
         }
 
-        //private JobResult PerformManagement(ManagementJobConfiguration config)
-        //{
-        //    try
-        //    {
-        //        _logger.MethodEntry();
-
-        //        ServerUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
-        //        ServerPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);
-
-        //        var complete = new JobResult
-        //        {
-        //            Result = OrchestratorJobStatusJobResult.Failure,
-        //            JobHistoryId = config.JobHistoryId,
-        //            FailureMessage =
-        //                "Invalid Management Operation"
-        //        };
-
-        //        switch (config.OperationType)
-        //        {
-        //            case CertStoreOperationType.Add:
-        //                {
-        //                    _logger.LogTrace("Adding...");
-        //                    if (config.JobProperties.ContainsKey("RenewalThumbprint"))
-        //                    {
-        //                        _thumbprint = config.JobProperties["RenewalThumbprint"].ToString();
-        //                        _logger.LogTrace($"Found Thumbprint Will renew all cers with this Thumbprint: {_thumbprint}");
-        //                    }
-
-        //                    _logger.LogTrace("Before PerformAddition...");
-        //                    complete = performAddition(config);
-        //                    _logger.LogTrace("After PerformAddition...");
-
-        //                    break;
-        //                }
-        //            case CertStoreOperationType.Remove:
-        //                {
-        //                    break;
-        //                }
-        //        }
-
-        //        return complete;
-        //    }
-
-        //    catch (Exception e)
-        //    {
-        //        _logger.LogError($"Error Occurred in Management.PerformManagement: {e.Message}");
-        //        throw;
-        //    }
-        //}
-
         private JobResult performAddition(ManagementJobConfiguration config)
         {
             try

IISU/ImplementedStoreTypes/Win/ReEnrollment.cs

@@ -16,7 +16,7 @@
 using Keyfactor.Orchestrators.Extensions.Interfaces;
 using Microsoft.Extensions.Logging;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
     public class ReEnrollment : WinCertJobTypeBase, IReenrollmentJobExtension
     {

IISU/ImplementedStoreTypes/Win/WinInventory.cs

@@ -19,7 +19,7 @@
 using System.Management.Automation.Runspaces;
 using System.Text;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
     internal class WinInventory : ClientPSCertStoreInventory
     {

IISU/ImplementedStoreTypes/WinIIS/IISManager.cs

@@ -24,7 +24,7 @@
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
 {
     public class IISManager
     {
@@ -66,7 +66,7 @@ public IISManager(ReenrollmentJobConfiguration config, string serverUserName, st
                 Port = config.JobProperties["Port"].ToString();
                 HostName = config.JobProperties["HostName"]?.ToString();
                 Protocol = config.JobProperties["Protocol"].ToString();
-                SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1);
+                SniFlag = config.JobProperties["SniFlag"].ToString()?[..1];
                 IpAddress = config.JobProperties["IPAddress"].ToString();
 
                 PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password
@@ -105,7 +105,7 @@ public IISManager(ManagementJobConfiguration config, string serverUserName, stri
                 Port = config.JobProperties["Port"].ToString();
                 HostName = config.JobProperties["HostName"]?.ToString();
                 Protocol = config.JobProperties["Protocol"].ToString();
-                SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1);
+                SniFlag = config.JobProperties["SniFlag"].ToString()?[..1];
                 IpAddress = config.JobProperties["IPAddress"].ToString();
 
                 PrivateKeyPassword = config.JobCertificate.PrivateKeyPassword;

IISU/ImplementedStoreTypes/WinIIS/Inventory.cs

@@ -25,7 +25,7 @@
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
-namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS
+namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
 {
     public class Inventory : WinCertJobTypeBase, IInventoryJobExtension
     {
@@ -52,7 +52,9 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
             {
                 var inventoryItems = new List<CurrentInventoryItem>();
 
-                _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}");
+                string myConfig = config.ToString();
+
+                _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config));
 
                 string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername);
                 string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword);