Drfwsupport (#21)

* new binding version * Fixed Logging Issue * cert store updated * Additional logging when session times out --------- Co-authored-by: Keyfactor <[email protected]>
Keyfactor · Jul 9, 2024 · 7a04d7a · 7a04d7a
1 parent e2d0ec4
commit 7a04d7a
Show file tree

Hide file tree

Showing 85 changed files with 4,497 additions and 4,293 deletions.
diff --git a/.gitignore b/.gitignore
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,19 +1,26 @@
-2.1.1
-* Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert.
-
-2.1.0
-* Support for Pan Level Certficates
-* Support for Pushing Entire Certificate Chain to Panorama
-* Auto Detection of Trusted Root Certificates
-* Fix Inventory Check For Private Key from Dummy to Anything
-
-2.0.1
-* Fix Epoch Time in Model from int to long to prevent inventory errors
-
-2.0.0
-* Support for Panorama or Firewall connectivity
-* Commits changes to the Individual Firewall
-* Support for Panorama push to firewalls
-
-1.0.3
-* Added PAM Support for Orchestrator
+2.2.0
+* Removed support for binding cert to new binding location, can only update certs that are previously bound
+* Support for replacing certs on all binding locations both Panorama and Firewalls as long as it was there before
+* Support for Virtual Systems on Firewalls, tested with only Azure Virtual Version of Firewall
+* Support for Virtual Systems on Panorama Templates
+
+2.1.1
+* Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert.
+
+2.1.0
+* Support for Pan Level Certficates
+* Support for Pushing Entire Certificate Chain to Panorama
+* Auto Detection of Trusted Root Certificates
+* Fix Inventory Check For Private Key from Dummy to Anything
+
+2.0.1
+* Fix Epoch Time in Model from int to long to prevent inventory errors
+
+2.0.0
+* Support for Panorama or Firewall connectivity
+* Commits changes to the Individual Firewall
+* Support for Panorama push to firewalls
+
+1.0.3
+* Added PAM Support for Orchestrator
+
diff --git a/LICENSE b/LICENSE
diff --git a/PaloAlto.sln b/PaloAlto.sln
@@ -1,45 +1,45 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30717.126
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAlto", "PaloAlto\PaloAlto.csproj", "{33FBC5A1-3466-4F10-B9A6-7186F804A65A}"
-EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}"
-	ProjectSection(SolutionItems) = preProject
-		CHANGELOG.md = CHANGELOG.md
-		integration-manifest.json = integration-manifest.json
-		.github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml
-		README.md = README.md
-		README.md.tpl = README.md.tpl
-	EndProjectSection
-EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{6302034E-DF8C-4B65-AC36-CED24C068999}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAltoTestConsole", "PaloAltoTestConsole\PaloAltoTestConsole.csproj", "{FFF21E91-1820-4090-922B-A78D5CC38D7B}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.Build.0 = Release|Any CPU
-		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{6302034E-DF8C-4B65-AC36-CED24C068999} = {1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {E0FA12DA-6B82-4E64-928A-BB9965E636C1}
-	EndGlobalSection
-EndGlobal
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30717.126
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAlto", "PaloAlto\PaloAlto.csproj", "{33FBC5A1-3466-4F10-B9A6-7186F804A65A}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}"
+	ProjectSection(SolutionItems) = preProject
+		CHANGELOG.md = CHANGELOG.md
+		integration-manifest.json = integration-manifest.json
+		.github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml
+		README.md = README.md
+		README.md.tpl = README.md.tpl
+	EndProjectSection
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{6302034E-DF8C-4B65-AC36-CED24C068999}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAltoTestConsole", "PaloAltoTestConsole\PaloAltoTestConsole.csproj", "{FFF21E91-1820-4090-922B-A78D5CC38D7B}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{6302034E-DF8C-4B65-AC36-CED24C068999} = {1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E0FA12DA-6B82-4E64-928A-BB9965E636C1}
+	EndGlobalSection
+EndGlobal
diff --git a/PaloAlto/Client/PaloAltoClient.cs b/PaloAlto/Client/PaloAltoClient.cs
@@ -17,11 +17,10 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Reflection;
-using System.Text.RegularExpressions;
+using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Serialization;
-using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Requests;
 using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses;
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
@@ -137,25 +136,6 @@ public async Task<CommitResponse> GetCommitAllResponse(string deviceGroup)
             }
         }
 
-        public async Task<ErrorSuccessResponse> SubmitEditProfile(EditProfileRequest request, string templateName, string storePath)
-        {
-            try
-            {
-                var editXml =
-                    $"<entry name=\"{request.Name}\"><protocol-settings><min-version>{request.ProtocolSettings.MinVersion.Text}</min-version><max-version>{request.ProtocolSettings.MaxVersion.Text}</max-version></protocol-settings><certificate>{request.Certificate}</certificate></entry>";
-
-                string uri=
-                        $@"/api/?type=config&action=edit&xpath={storePath}/ssl-tls-service-profile/entry[@name='{request.Name}']&element={editXml}&key={ApiKey}&target-tpl={GetTemplateName(storePath)}";
-
-                var response = await GetXmlResponseAsync<ErrorSuccessResponse>(await HttpClient.GetAsync(uri));
-                return response;
-            }
-            catch (Exception e)
-            {
-                _logger.LogError($"Error Occured in PaloAltoClient.SubmitDeleteCertificate: {e.Message}");
-                throw;
-            }
-        }
 
         private string GetTemplateName(string storePath)
         {
@@ -172,22 +152,6 @@ private string GetTemplateName(string storePath)
             return templateName;
         }
 
-        public async Task<GetProfileByCertificateResponse> GetProfileByCertificate(string storePath, string certificate)
-        {
-            try
-            {
-                var xPath = $"{storePath}/ssl-tls-service-profile/entry[./certificate='{certificate}']";
-                var uri = $"/api/?type=config&action=get&target-tpl={GetTemplateName(storePath)}&xpath={xPath}&key={ApiKey}";
-                var response =
-                    await GetXmlResponseAsync<GetProfileByCertificateResponse>(await HttpClient.GetAsync(uri));
-                return response;
-            }
-            catch (Exception e)
-            {
-                _logger.LogError($"Error Occured in PaloAltoClient.GetProfileByCertificate: {e.Message}");
-                throw;
-            }
-        }
 
         public async Task<AuthenticationResponse> GetAuthenticationResponse()
         {
@@ -233,6 +197,7 @@ public async Task<string> GetCertificateByName(string name)
             }
         }
 
+
         public async Task<ErrorSuccessResponse> SubmitDeleteCertificate(string name, string storePath)
         {
             try
@@ -261,10 +226,11 @@ public async Task<ErrorSuccessResponse> SubmitDeleteTrustedRoot(string name, str
             }
         }
 
+
         public async Task<ErrorSuccessResponse> SubmitSetTrustedRoot(string name, string storePath)
         {
             try
-            {
+            {
                 string uri = $@"/api/?type=config&action=set&xpath={storePath}/ssl-decrypt&element=<trusted-root-CA><member>{name}</member></trusted-root-CA>&key={ApiKey}&target-tpl={GetTemplateName(storePath)}";
                 return await GetXmlResponseAsync<ErrorSuccessResponse>(await HttpClient.GetAsync(uri));
             }
@@ -273,16 +239,40 @@ public async Task<ErrorSuccessResponse> SubmitSetTrustedRoot(string name, string
                 _logger.LogError($"Error Occured in PaloAltoClient.SubmitSetTrustedRoot: {e.Message}");
                 throw;
             }
+        }
+
+        public async Task<ErrorSuccessResponse> SetPanoramaTarget(string storePath)
+        {
+            try
+            {
+                string uri = $"/api/?type=op&cmd=<set><system><setting><target><template><name>{GetTemplateName(storePath)}</name><vsys>{GetVirtualSystemFromPath(storePath)}</vsys></template></target></setting></system></set>&key={ApiKey}";
+                return await GetXmlResponseAsync<ErrorSuccessResponse>(await HttpClient.GetAsync(uri));
+            }
+            catch (Exception e)
+            {
+                _logger.LogError($"Error Occured in PaloAltoClient.SubmitSetTrustedRoot: {e.Message}");
+                throw;
+            }
         }
 
+
         public async Task<ErrorSuccessResponse> ImportCertificate(string name, string passPhrase, byte[] bytes,
             string includeKey, string category, string storePath)
         {
             try
             {
                 var templateName=GetTemplateName(storePath);
-                var uri =
-                    $@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&target-tpl={templateName}&target-tpl-vsys=&vsys&key={ApiKey}";
+                var vsys = GetVirtualSystemFromPath(storePath);
+                string uri;
+                if (!Validators.IsValidPanoramaVsysFormat(storePath))
+                {
+                    uri =$@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&target-tpl={templateName}&vsys={vsys}&key={ApiKey}";
+                }
+                else
+                {
+                    uri = $@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&key={ApiKey}";
+                }
+
                 var boundary = $"--------------------------{Guid.NewGuid():N}";
                 var requestContent = new MultipartFormDataContent();
                 requestContent.Headers.Remove("Content-Type");
@@ -304,7 +294,20 @@ public async Task<ErrorSuccessResponse> ImportCertificate(string name, string pa
             }
         }
 
+        static string GetVirtualSystemFromPath(string path)
+        {
+            string pattern = @"vsys/entry\[@name='([^']*)'\]";
+
+            Match match = Regex.Match(path, pattern);
 
+            if (match.Success)
+            {
+                string vsysName = match.Groups[1].Value;
+                return vsysName;
+            }
+
+            return "";
+        }
         public async Task<T> GetXmlResponseAsync<T>(HttpResponseMessage response)
         {
             try
@@ -340,6 +343,8 @@ public async Task<string> GetResponseAsync(HttpResponseMessage response)
             }
         }
 
+
+
         private void EnsureSuccessfulResponse(HttpResponseMessage response)
         {
             try

diff --git a/PaloAlto/JobProperties.cs b/PaloAlto/JobProperties.cs
@@ -1,28 +1,28 @@
-// Copyright 2023 Keyfactor
-// 
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// 
-//     http://www.apache.org/licenses/LICENSE-2.0
-// 
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-using System.ComponentModel;
-using Newtonsoft.Json;
-
-namespace Keyfactor.Extensions.Orchestrator.PaloAlto
-{
-    public class JobProperties
-    {
-        [JsonProperty("DeviceGroup")]
-        [DefaultValue("")]
-        public string DeviceGroup { get; set; }
-
-
-    }
-}
+// Copyright 2023 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.ComponentModel;
+using Newtonsoft.Json;
+
+namespace Keyfactor.Extensions.Orchestrator.PaloAlto
+{
+    public class JobProperties
+    {
+        [JsonProperty("DeviceGroup")]
+        [DefaultValue("")]
+        public string DeviceGroup { get; set; }
+
+
+    }
+}