Updates to SCript File. Changed Alias to include Site-Name

Author: Bob Pokorny

CHANGELOG.md

@@ -2,6 +2,7 @@
 * documentation updates for the 2.6 release
 * fix a naming typo in the 2.5 migration SQL script
 * update integration-manifest.json
+* Updated the Alias in IIS to also include Site-Name.  NOTE: Inventory will need to be performed prior to any management job to include new Alias format.
 
 2.6.0
 * Added the ability to run the extension in a Linux environment.  To utilize this change, for each Cert Store Types (WinCert/WinIIS/WinSQL), add ssh to the Custom Field <b>WinRM Protocol</b>.  When using ssh as a protocol, make sure to enter the appropriate ssh port number under WinRM Port.

IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs

@@ -16,8 +16,10 @@
 
 // 021225 rcp   2.6.0   Cleaned up and verified code
 
+using Markdig.Syntax;
 using System;
 using System.Collections.Generic;
+using System.Web.Services.Description;
 
 namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
 {
@@ -29,6 +31,12 @@ public class IISBindingInfo
         public string Port { get; set; }
         public string? HostName { get; set; }
         public string SniFlag { get; set; }
+        public string Thumbprint { get; private set; }
+
+        public IISBindingInfo()
+        {
+                
+        }
 
         public IISBindingInfo(Dictionary<string, object> bindingInfo)
         {
@@ -40,6 +48,26 @@ public IISBindingInfo(Dictionary<string, object> bindingInfo)
             SniFlag = MigrateSNIFlag(bindingInfo["SniFlag"].ToString());
         }
 
+        public static IISBindingInfo ParseAliaseBindingString(string alias)
+        {
+            if (string.IsNullOrWhiteSpace(alias))
+                throw new ArgumentException("Alias cannot be null or empty.", nameof(alias));
+
+            var parts = alias.Split(':');
+            if (parts.Length < 4 || parts.Length > 5)
+                throw new FormatException("Alias must be in the format of Thumbprint:IPAddress:Port[:Hostname]");
+
+            return new IISBindingInfo
+            {
+                Thumbprint = parts[0],
+                SiteName = parts[1],
+                IPAddress = parts[2],
+                Port = parts[3],
+                HostName = parts.Length == 5 ? parts[4] : null
+            };
+        }
+
+
         private string MigrateSNIFlag(string input)
         {
             if (int.TryParse(input, out int numericValue))

IISU/ImplementedStoreTypes/WinIIS/Inventory.cs

@@ -164,7 +164,7 @@ public List<CurrentInventoryItem> QueryIISCertificates(RemoteSettings settings)
                             new CurrentInventoryItem
                             {
                                 Certificates = new[] {cert.CertificateBase64 },
-                                Alias = cert.Thumbprint + ":" + cert.Binding?.ToString(),
+                                Alias = cert.Thumbprint + ":" + cert.SiteName + ":" + cert.Binding?.ToString(),
                                 PrivateKeyEntry = cert.HasPrivateKey,
                                 UseChainLevel = false,
                                 ItemStatus = OrchestratorInventoryItemStatus.Unknown,

IISU/ImplementedStoreTypes/WinIIS/Management.cs

@@ -139,12 +139,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                             {
                                 // Removing a certificate involves two steps: UnBind the certificate, then delete the cert from the store
 
+                                IISBindingInfo thisBinding = IISBindingInfo.ParseAliaseBindingString(config.JobCertificate.Alias);
                                 string thumbprint = config.JobCertificate.Alias.Split(':')[0];
                                 try
                                 {
-                                    if (WinIISBinding.UnBindCertificate(_psHelper, new IISBindingInfo(config.JobProperties)))
+                                    if (WinIISBinding.UnBindCertificate(_psHelper, thisBinding))
                                     {
-                                        complete = RemoveCertificate(thumbprint);
+                                        // This function will only remove the certificate from the store if not used by any other sites
+                                        RemoveIISCertificate(thisBinding.Thumbprint);
+
+                                        complete = new JobResult
+                                        {
+                                            Result = OrchestratorJobStatusJobResult.Success,
+                                            JobHistoryId = _jobHistoryID,
+                                            FailureMessage = ""
+                                        };
                                     }
                                 }
                                 catch (Exception ex)
@@ -228,8 +237,21 @@ public string AddCertificate(string certificateContents, string privateKeyPasswo
                 throw new Exception (failureMessage);
             }
 }
+        public void RemoveIISCertificate(string thumbprint)
+        {
+            _logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {_storePath}");
+
+            var parameters = new Dictionary<string, object>()
+                    {
+                        { "Thumbprint", thumbprint },
+                        { "StoreName", _storePath }
+                    };
+
+            _psHelper.ExecutePowerShell("Remove-KFIISCertificateIfUnused", parameters);
+
+        }
 
-        public JobResult RemoveCertificate(string thumbprint)
+        public JobResult RemoveCertificateORIG(string thumbprint)
         {
             try
             {

IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs

@@ -116,7 +116,6 @@ public static bool UnBindCertificate(PSHelper psHelper, IISBindingInfo bindingIn
 
                 if (results[0].BaseObject is bool success)
                 {
-                    _logger.LogTrace($"Returned from unbinding as {success}.");
                     return success;
                 }
                 else