Skip to content

Commit

Permalink
Merge branch 'ab#55565' into release-2.6
Browse files Browse the repository at this point in the history
  • Loading branch information
@fiddlermikey
fiddlermikey authored Apr 17, 2024
2 parents 8748d2a + 11cb684 commit 0d78768
Show file tree
Hide file tree
Showing 6 changed files with 242 additions and 40 deletions.
17 changes: 11 additions & 6 deletions RemoteFile/RemoteCertificateStore.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,16 @@
using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
using Keyfactor.Logging;
using System.Management.Automation;
using System.Runtime.InteropServices;
using Microsoft.CodeAnalysis.CSharp.Syntax;

namespace Keyfactor.Extensions.Orchestrator.RemoteFile
{
internal class RemoteCertificateStore
{
private const string NO_EXTENSION = "noext";
private const string FULL_SCAN = "fullscan";
private const string LOCAL_MACHINE_SUFFIX = "|localmachine";

internal enum ServerTypeEnum
{
Expand Down Expand Up @@ -340,10 +343,12 @@ internal void Initialize(string sudoImpersonatedUser)
{
logger.MethodEntry(LogLevel.Debug);

if (ServerType == ServerTypeEnum.Linux)
RemoteHandler = new SSHHandler(Server, ServerId, ServerPassword, sudoImpersonatedUser);
bool treatAsLocal = Server.ToLower().EndsWith(LOCAL_MACHINE_SUFFIX);

if (ServerType == ServerTypeEnum.Linux || RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
RemoteHandler = treatAsLocal ? new LinuxLocalHandler() as IRemoteHandler : new SSHHandler(Server, ServerId, ServerPassword, ServerType == ServerTypeEnum.Linux) as IRemoteHandler;
else
RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword);
RemoteHandler = new WinRMHandler(Server, ServerId, ServerPassword, treatAsLocal);

RemoteHandler.Initialize();

Expand Down Expand Up @@ -389,10 +394,10 @@ private List<string> FindStoresLinux(string[] paths, string[] extensions, string
{
foreach (string fileName in fileNames)
{
command += (command.IndexOf("-iname") == -1 ? string.Empty : "-or ");
command += $"-iname '{fileName.Trim()}";
command += (command.IndexOf("-name") == -1 ? string.Empty : "-or ");
command += $"-name '{fileName.Trim()}";
if (extension.ToLower() == NO_EXTENSION)
command += $"' ! -iname '*.*' ";
command += $"' ! -name '*.*' ";
else
command += $".{extension.Trim()}' ";
}
Expand Down
9 changes: 9 additions & 0 deletions RemoteFile/RemoteFile.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,22 @@
<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
<DebugType>none</DebugType>
</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
<DebugType>none</DebugType>
</PropertyGroup>

<ItemGroup>
<Compile Remove="ImplementedStoreTypes\JKS\JksStore.cs" />
<Compile Remove="RemoteHandlers\SSHHelper.cs" />
</ItemGroup>

<ItemGroup>
<PackageReference Include="BouncyCastle.Cryptography" Version="2.3.0" />
<PackageReference Include="CliWrap" Version="3.6.6" />
<PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
<PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
<PackageReference Include="Keyfactor.PKI" Version="5.0.0" />
Expand Down
9 changes: 9 additions & 0 deletions RemoteFile/RemoteHandlers/BaseRemoteHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
using Keyfactor.Logging;

using Microsoft.Extensions.Logging;
using System.Text.RegularExpressions;

namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
{
Expand All @@ -16,6 +17,7 @@ abstract class BaseRemoteHandler : IRemoteHandler
internal ILogger _logger;
internal const string PASSWORD_MASK_VALUE = "[PASSWORD]";
internal const int PASSWORD_LENGTH_MAX = 100;
internal const string LINUX_PERMISSION_REGEXP = "^[0-7]{3}$";

public string Server { get; set; }

Expand All @@ -24,6 +26,13 @@ public BaseRemoteHandler()
_logger = LogHandler.GetClassLogger(this.GetType());
}

public static void AreLinuxPermissionsValid(string permissions)
{
Regex regex = new Regex(LINUX_PERMISSION_REGEXP);
if (!regex.IsMatch(permissions))
throw new RemoteFileException($"Invalid format for Linux file permissions. This value must be exactly 3 digits long with each digit between 0-7 but found {permissions} instead.");
}

public abstract void Initialize();

public abstract void Terminate();
Expand Down
166 changes: 166 additions & 0 deletions RemoteFile/RemoteHandlers/LinuxLocalHandler.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
// Copyright 2021 Keyfactor
// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
// and limitations under the License.

using System;
using System.IO;
using System.Security.Cryptography;

using CliWrap;
using CliWrap.Buffered;

using Renci.SshNet;

using Microsoft.Extensions.Logging;

using Keyfactor.Logging;
using Keyfactor.PKI.PrivateKeys;
using Keyfactor.PKI.PEM;

namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
{
class LinuxLocalHandler : BaseRemoteHandler
{
private Command BaseCommand { get; set; }

internal LinuxLocalHandler()
{
_logger.MethodEntry(LogLevel.Debug);
_logger.MethodExit(LogLevel.Debug);
}

public override void Initialize()
{
_logger.MethodEntry(LogLevel.Debug);

BaseCommand = Cli.Wrap("/bin/bash");

_logger.MethodExit(LogLevel.Debug);
}

public override void Terminate()
{
_logger.MethodEntry(LogLevel.Debug);
_logger.MethodExit(LogLevel.Debug);
}

public override string RunCommand(string commandText, object[] arguments, bool withSudo, string[] passwordsToMaskInLog)
{
_logger.MethodEntry(LogLevel.Debug);

string sudo = $"echo -e '\n' | sudo -i -S ";

try
{
if (withSudo)
commandText = sudo + commandText;

string displayCommand = commandText;
if (passwordsToMaskInLog != null)
{
foreach (string password in passwordsToMaskInLog)
displayCommand = displayCommand.Replace(password, PASSWORD_MASK_VALUE);
}

_logger.LogDebug($"RunCommand: {displayCommand}");

Command cmd = BaseCommand.WithArguments($@"-c ""{commandText}""");
BufferedCommandResult result = cmd.ExecuteBufferedAsync().GetAwaiter().GetResult();
_logger.LogDebug($"Linux Local Results: {displayCommand}::: {result.StandardOutput}::: {result.StandardError}");

if (!String.IsNullOrEmpty(result.StandardError))
throw new ApplicationException(result.StandardError);

_logger.MethodExit(LogLevel.Debug);

return result.StandardOutput;
}
catch (Exception ex)
{
_logger.LogError($"Exception during RunCommand...{RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
throw ex;
}
}

public override void UploadCertificateFile(string path, string fileName, byte[] certBytes)
{
_logger.MethodEntry(LogLevel.Debug);
_logger.LogDebug($"UploadCertificateFile: {path}{fileName}");

string uploadPath = path+fileName;

try
{
File.WriteAllBytes(uploadPath, certBytes);
}
catch (Exception ex)
{
_logger.LogError($"Error attempting upload file to {uploadPath}...");
_logger.LogError($"Upload Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
throw new RemoteFileException($"Error attempting upload file to {uploadPath}.", ex);
}

_logger.MethodExit(LogLevel.Debug);
}

public override byte[] DownloadCertificateFile(string path)
{
_logger.MethodEntry(LogLevel.Debug);
_logger.LogDebug($"DownloadCertificateFile: {path}");

byte[] rtnStore = new byte[] { };

try
{
rtnStore = File.ReadAllBytes(path);
}
catch (Exception ex)
{
_logger.LogError($"Error attempting download file {path}...");
_logger.LogError($"Download Exception: {RemoteFileException.FlattenExceptionMessages(ex, ex.Message)}");
throw new RemoteFileException($"Error attempting download file {path}.", ex);
}

_logger.MethodExit(LogLevel.Debug);

return rtnStore;
}

public override void CreateEmptyStoreFile(string path, string linuxFilePermissions, string linuxFileOwner)
{
_logger.MethodEntry(LogLevel.Debug);
string[] linuxGroupOwner = linuxFileOwner.Split(":");
string linuxFileGroup = linuxFileOwner;

if (linuxGroupOwner.Length == 2)
{
linuxFileOwner = linuxGroupOwner[0];
linuxFileGroup = linuxGroupOwner[1];
}

AreLinuxPermissionsValid(linuxFilePermissions);
RunCommand($"install -m {linuxFilePermissions} -o {linuxFileOwner} -g {linuxFileGroup} /dev/null {path}", null, ApplicationSettings.UseSudo, null);

_logger.MethodExit(LogLevel.Debug);
}

public override bool DoesFileExist(string path)
{
_logger.MethodEntry(LogLevel.Debug);
_logger.LogDebug($"DoesFileExist: {path}");

return File.Exists(path);
}

public override void RemoveCertificateFile(string path, string fileName)
{
_logger.LogDebug($"RemoveCertificateFile: {path} {fileName}");

RunCommand($"rm {path}{fileName}", null, ApplicationSettings.UseSudo, null);
}
}
}
Loading

0 comments on commit 0d78768

Please sign in to comment.