Merge branch 'dev_release_2.1' of https://github.com/Keyfactor/paloal…

…to-firewall-orchestrator into dev_release_2.1

CHANGELOG.md

@@ -1,3 +1,9 @@
+2.1.0
+* Support for Pan Level Certficates
+* Support for Pushing Entire Certificate Chain to Panorama
+* Auto Detection of Trusted Root Certificates
+* Fix Inventory Check For Private Key from Dummy to Anything
+
 2.0.1
 * Fix Epoch Time in Model from int to long to prevent inventory errors
 

PaloAlto/Jobs/Inventory.cs

@@ -111,10 +111,10 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
                         try
                         {
                             _logger.LogTrace(
-                                $"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PublicKey} Private Key: dummy (from PA API)");
+                                $"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PublicKey} Private Key: {c.PrivateKey?.Length > 0}");
                             var bindings =
                                 client.GetProfileByCertificate(config.CertificateStoreDetails.StorePath, c.Name).Result;
-                            return BuildInventoryItem(c.Name, c.PublicKey, c.PrivateKey == "dummy",bindings,false);
+                            return BuildInventoryItem(c.Name, c.PublicKey, c.PrivateKey?.Length>0,bindings,false);
                         }
                         catch
                         {

PaloAltoTestConsole/KeyfactorClient.cs

@@ -1,4 +1,18 @@
-using System;
+// Copyright 2023 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
 using System.Collections.Generic;
 using System.Text;
 using System.Threading.Tasks;
@@ -11,16 +25,15 @@ public class KeyfactorClient
     {
         public async Task<KeyfactorEnrollmentResult> EnrollCertificate(string commonName)
         {
-            var options = new RestClientOptions("https://URLToKeyfactor");
+            var options = new RestClientOptions("https://kfcommandurl.com");
             var client = new RestClient(options);
             var request = new RestRequest("/KeyfactorAPI/Enrollment/PFX", Method.Post);
             request.AddHeader("X-Keyfactor-Requested-With", "APIClient");
             request.AddHeader("x-certificateformat", "PFX");
-            request.AddHeader("Authorization", "Basic BasicAuthKey");
+            request.AddHeader("Authorization", "Basic fsadfsdafds=");
             request.AddHeader("Content-Type", "application/json");
             var enrollRequest = new KeyfactorEnrollmentRequest
             {
-                CustomFriendlyName = "2 Year Web Server",
                 Password = "sldfklsdfsldjfk",
                 PopulateMissingValuesFromAD = false,
                 Subject = $"CN={commonName}",
@@ -35,7 +48,7 @@ public async Task<KeyfactorEnrollmentResult> EnrollCertificate(string commonName
             sans.DNS = dnsList;
             enrollRequest.SANs = sans;
             request.AddBody(enrollRequest);
-            var response = await client.ExecuteAsync<KeyfactorEnrollmentResult>(request);
+            var response = await client.ExecutePostAsync<KeyfactorEnrollmentResult>(request);
             return response.Data;
 
         }

PaloAltoTestConsole/KeyfactorEnrollmentRequest.cs

@@ -1,4 +1,18 @@
-using System;
+// Copyright 2023 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
 using System.Collections.Generic;
 using System.Text;
 

PaloAltoTestConsole/KeyfactorEnrollmentResult.cs

@@ -1,4 +1,18 @@
-using System;
+// Copyright 2023 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+using System;
 using System.Collections.Generic;
 using System.Text;
 
@@ -13,6 +27,9 @@ public class CertificateInformation
         public int KeyfactorId { get; set; }
         public string Pkcs12Blob { get; set; }
         public object Password { get; set; }
+        public string WorkflowInstanceId { get; set; }
+        public int WorkflowReferenceId { get; set; }
+        public List<object> StoreIdsInvalidForRenewal { get; set; }
         public int KeyfactorRequestId { get; set; }
         public string RequestDisposition { get; set; }
         public string DispositionMessage { get; set; }
@@ -21,11 +38,14 @@ public class CertificateInformation
 
     public class Metadata
     {
+        public string OID { get; set; }
     }
 
     public class KeyfactorEnrollmentResult
     {
         public CertificateInformation CertificateInformation { get; set; }
         public Metadata Metadata { get; set; }
     }
+
+
 }

PaloAltoTestConsole/PanoramaMgmt.json

@@ -23,7 +23,6 @@
   "ServerPassword": "PasswordGoesHere",
   "UseSSL": true,
   "JobProperties": {
-    "Trusted Root": false,
     "TlsMinVersion": "TlsMinVersionGoesHere",
     "TLSMaxVersion": "TlsMaxVersionGoesHere",
     "TlsProfileName": "TlsProfileNameGoesHere"

PaloAltoTestConsole/Program.cs

@@ -34,7 +34,6 @@ internal class Program
         public static string ClientMachine { get; set; }
         public static string DeviceGroup { get; set; }
         public static string StorePath { get; set; }
-        public static string TrustedRoot { get; set; }
         public static string BindingName { get; set; }
         public static string TlsMinVersion { get; set; }
         public static string TlsMaxVersion { get; set; }
@@ -49,10 +48,10 @@ private static async Task Main(string[] args)
 
 
             var arguments = new Dictionary<string, string>();
-            Thread.Sleep(10000);
+            Thread.Sleep(20000);
             foreach (var argument in args)
             {
-                var splitted = argument.Split('=');
+                var splitted = argument.Split('=',2);
 
                 if (splitted.Length == 2) arguments[splitted[0]] = splitted[1];
             }
@@ -122,7 +121,6 @@ private static async Task Main(string[] args)
                             CertAlias = arguments["-certalias"];
                             TlsMinVersion = arguments["-tlsminversion"];
                             TlsMaxVersion= arguments["-tlsmaxversion"];
-                            TrustedRoot= arguments["-trustedroot"];
                             Overwrite = arguments["-overwrite"];
                         }
                         else
@@ -135,8 +133,6 @@ private static async Task Main(string[] args)
                             TlsMaxVersion = Console.ReadLine();
                             Console.WriteLine("Enter Cert Alias");
                             CertAlias = Console.ReadLine();
-                            Console.WriteLine("Trusted Root (True or False)?");
-                            TrustedRoot = Console.ReadLine();
                             Console.WriteLine("Overwrite (True or False)?");
                             Overwrite = Console.ReadLine();
                         }
@@ -219,11 +215,6 @@ public static InventoryJobConfiguration GetPanoramaInventoryJobConfiguration()
 
         public static ManagementJobConfiguration GetManagementJobConfiguration()
         {
-            var trustedRootReplaceString = "\"Trusted Root\": false";
-            if (TrustedRoot.ToUpper() == "TRUE")
-            {
-                trustedRootReplaceString = "\"Trusted Root\": true";
-            }
 
             var overWriteReplaceString = "\"Overwrite\": false";
             if (Overwrite.ToUpper() == "TRUE")
@@ -236,7 +227,7 @@ public static ManagementJobConfiguration GetManagementJobConfiguration()
                 .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias)
                 .Replace("ClientMachineGoesHere", ClientMachine).Replace("TlsProfileNameGoesHere", BindingName)
                 .Replace("TlsMaxVersionGoesHere", TlsMaxVersion).Replace("TlsMinVersionGoesHere", TlsMinVersion)
-                .Replace("\"Trusted Root\": false",trustedRootReplaceString).Replace("\"Overwrite\": false",overWriteReplaceString)
+                .Replace("\"Overwrite\": false",overWriteReplaceString)
                 .Replace("CertificateContentGoesHere", CertificateContent);
             var result =
                 JsonConvert.DeserializeObject<ManagementJobConfiguration>(fileContent);