Skip to content

Commit 49ae841

Browse files
author
Bob Pokorny
committed
Updates to SCript File. Changed Alias to include Site-Name
1 parent 763c694 commit 49ae841

File tree

6 files changed

+124
-199
lines changed

6 files changed

+124
-199
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
* documentation updates for the 2.6 release
33
* fix a naming typo in the 2.5 migration SQL script
44
* update integration-manifest.json
5+
* Updated the Alias in IIS to also include Site-Name. NOTE: Inventory will need to be performed prior to any management job to include new Alias format.
56

67
2.6.0
78
* Added the ability to run the extension in a Linux environment. To utilize this change, for each Cert Store Types (WinCert/WinIIS/WinSQL), add ssh to the Custom Field <b>WinRM Protocol</b>. When using ssh as a protocol, make sure to enter the appropriate ssh port number under WinRM Port.

IISU/ImplementedStoreTypes/WinIIS/IISBindingInfo.cs

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,10 @@
1616

1717
// 021225 rcp 2.6.0 Cleaned up and verified code
1818

19+
using Markdig.Syntax;
1920
using System;
2021
using System.Collections.Generic;
22+
using System.Web.Services.Description;
2123

2224
namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
2325
{
@@ -29,6 +31,12 @@ public class IISBindingInfo
2931
public string Port { get; set; }
3032
public string? HostName { get; set; }
3133
public string SniFlag { get; set; }
34+
public string Thumbprint { get; private set; }
35+
36+
public IISBindingInfo()
37+
{
38+
39+
}
3240

3341
public IISBindingInfo(Dictionary<string, object> bindingInfo)
3442
{
@@ -40,6 +48,26 @@ public IISBindingInfo(Dictionary<string, object> bindingInfo)
4048
SniFlag = MigrateSNIFlag(bindingInfo["SniFlag"].ToString());
4149
}
4250

51+
public static IISBindingInfo ParseAliaseBindingString(string alias)
52+
{
53+
if (string.IsNullOrWhiteSpace(alias))
54+
throw new ArgumentException("Alias cannot be null or empty.", nameof(alias));
55+
56+
var parts = alias.Split(':');
57+
if (parts.Length < 4 || parts.Length > 5)
58+
throw new FormatException("Alias must be in the format of Thumbprint:IPAddress:Port[:Hostname]");
59+
60+
return new IISBindingInfo
61+
{
62+
Thumbprint = parts[0],
63+
SiteName = parts[1],
64+
IPAddress = parts[2],
65+
Port = parts[3],
66+
HostName = parts.Length == 5 ? parts[4] : null
67+
};
68+
}
69+
70+
4371
private string MigrateSNIFlag(string input)
4472
{
4573
if (int.TryParse(input, out int numericValue))

IISU/ImplementedStoreTypes/WinIIS/Inventory.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,7 @@ public List<CurrentInventoryItem> QueryIISCertificates(RemoteSettings settings)
164164
new CurrentInventoryItem
165165
{
166166
Certificates = new[] {cert.CertificateBase64 },
167-
Alias = cert.Thumbprint + ":" + cert.Binding?.ToString(),
167+
Alias = cert.Thumbprint + ":" + cert.SiteName + ":" + cert.Binding?.ToString(),
168168
PrivateKeyEntry = cert.HasPrivateKey,
169169
UseChainLevel = false,
170170
ItemStatus = OrchestratorInventoryItemStatus.Unknown,

IISU/ImplementedStoreTypes/WinIIS/Management.cs

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -139,12 +139,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
139139
{
140140
// Removing a certificate involves two steps: UnBind the certificate, then delete the cert from the store
141141

142+
IISBindingInfo thisBinding = IISBindingInfo.ParseAliaseBindingString(config.JobCertificate.Alias);
142143
string thumbprint = config.JobCertificate.Alias.Split(':')[0];
143144
try
144145
{
145-
if (WinIISBinding.UnBindCertificate(_psHelper, new IISBindingInfo(config.JobProperties)))
146+
if (WinIISBinding.UnBindCertificate(_psHelper, thisBinding))
146147
{
147-
complete = RemoveCertificate(thumbprint);
148+
// This function will only remove the certificate from the store if not used by any other sites
149+
RemoveIISCertificate(thisBinding.Thumbprint);
150+
151+
complete = new JobResult
152+
{
153+
Result = OrchestratorJobStatusJobResult.Success,
154+
JobHistoryId = _jobHistoryID,
155+
FailureMessage = ""
156+
};
148157
}
149158
}
150159
catch (Exception ex)
@@ -228,8 +237,21 @@ public string AddCertificate(string certificateContents, string privateKeyPasswo
228237
throw new Exception (failureMessage);
229238
}
230239
}
240+
public void RemoveIISCertificate(string thumbprint)
241+
{
242+
_logger.LogTrace($"Attempting to remove thumbprint {thumbprint} from store {_storePath}");
243+
244+
var parameters = new Dictionary<string, object>()
245+
{
246+
{ "Thumbprint", thumbprint },
247+
{ "StoreName", _storePath }
248+
};
249+
250+
_psHelper.ExecutePowerShell("Remove-KFIISCertificateIfUnused", parameters);
251+
252+
}
231253

232-
public JobResult RemoveCertificate(string thumbprint)
254+
public JobResult RemoveCertificateORIG(string thumbprint)
233255
{
234256
try
235257
{

IISU/ImplementedStoreTypes/WinIIS/WinIISBinding.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,6 @@ public static bool UnBindCertificate(PSHelper psHelper, IISBindingInfo bindingIn
116116

117117
if (results[0].BaseObject is bool success)
118118
{
119-
_logger.LogTrace($"Returned from unbinding as {success}.");
120119
return success;
121120
}
122121
else

0 commit comments

Comments
 (0)