Skip to content

Commit

Permalink
Make Trusted Cert Inventory Optional to save time, most users I have …
Browse files Browse the repository at this point in the history 
…talked to don't care about inventoring these and they take a ton of time.
  • Loading branch information
@bhillkeyfactor
bhillkeyfactor committed Oct 29, 2024
1 parent 9d21b2c commit 2ff520d
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 23 deletions.
4 changes: 3 additions & 1 deletion PaloAlto/JobProperties.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ public class JobProperties
[DefaultValue("")]
public string DeviceGroup { get; set; }


[JsonProperty("InventoryTrustedCerts")]
[DefaultValue(false)]
public bool InventoryTrustedCerts { get; set; }
}
}
45 changes: 23 additions & 22 deletions PaloAlto/Jobs/Inventory.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,28 +127,29 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
}
}).Where(acsii => acsii?.Certificates != null).ToList());


foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry)
try
{
_logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}");
var certificatePem = client.GetCertificateByName(trustedRootCert.Name);
_logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}");
var bytes = Encoding.ASCII.GetBytes(certificatePem.Result);
var cert = new X509Certificate2(bytes);
_logger.LogTrace(
$"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}");
inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey, true));
}
catch(Exception e)
{
_logger.LogWarning(
$"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer} error {LogHandler.FlattenException(e)}.");
sb.Append(
$"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}");
warningFlag = true;
}

if (StoreProperties.InventoryTrustedCerts)
{
foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry)
try
{
_logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}");
var certificatePem = client.GetCertificateByName(trustedRootCert.Name);
_logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}");
var bytes = Encoding.ASCII.GetBytes(certificatePem.Result);
var cert = new X509Certificate2(bytes);
_logger.LogTrace(
$"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}");
inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey, true));
}
catch (Exception e)
{
_logger.LogWarning(
$"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer} error {LogHandler.FlattenException(e)}.");
sb.Append(
$"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}");
warningFlag = true;
}
}
_logger.LogTrace("Submitting Inventory To Keyfactor via submitInventory.Invoke");
submitInventory.Invoke(inventoryItems);
_logger.LogTrace("Submitted Inventory To Keyfactor via submitInventory.Invoke");
Expand Down

0 comments on commit 2ff520d

Please sign in to comment.