diff --git a/.gitignore b/.gitignore index 5fe514d..5802f6e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,351 +1,351 @@ -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore - -# User-specific files -*.rsuser -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Mono auto generated files -mono_crash.* - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -[Aa][Rr][Mm]/ -[Aa][Rr][Mm]64/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ -[Ll]ogs/ - -# Visual Studio 2015/2017 cache/options directory -.vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -#wwwroot/ - -# Visual Studio 2017 auto generated files -Generated\ Files/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUnit -*.VisualState.xml -TestResult.xml -nunit-*.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# Benchmark Results -BenchmarkDotNet.Artifacts/ - -# .NET Core -project.lock.json -project.fragment.lock.json -artifacts/ - -# StyleCop -StyleCopReport.xml - -# Files built by Visual Studio -*_i.c -*_p.c -*_h.h -*.ilk -*.meta -*.obj -*.iobj -*.pch -*.pdb -*.ipdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*_wpftmp.csproj -*.log -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# Visual Studio Trace Files -*.e2e - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper -*.DotSettings.user - -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# AxoCover is a Code Coverage Tool -.axoCover/* -!.axoCover/settings.json - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# Note: Comment the next line if you want to checkin your web deploy settings, -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# NuGet Symbol Packages -*.snupkg -# The packages folder can be ignored because of Package Restore -**/[Pp]ackages/* -# except build/, which is used as an MSBuild target. -!**/[Pp]ackages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/[Pp]ackages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt -*.appx -*.appxbundle -*.appxupload - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!?*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Including strong name files can present a security risk -# (https://github.com/github/gitignore/pull/2483#issue-259490424) -#*.snk - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm -ServiceFabricBackup/ -*.rptproj.bak - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings -*.rptproj.rsuser -*- [Bb]ackup.rdl -*- [Bb]ackup ([0-9]).rdl -*- [Bb]ackup ([0-9][0-9]).rdl - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# CodeRush personal settings -.cr/personal - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Tabs Studio -*.tss - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs - -# OpenCover UI analysis results -OpenCover/ - -# Azure Stream Analytics local run output -ASALocalRun/ - -# MSBuild Binary and Structured Log -*.binlog - -# NVidia Nsight GPU debugger configuration file -*.nvuser - -# MFractors (Xamarin productivity tool) working folder -.mfractor/ - -# Local History for Visual Studio -.localhistory/ - -# BeatPulse healthcheck temp database -healthchecksdb - -# Backup folder for Package Reference Convert tool in Visual Studio 2017 -MigrationBackup/ - -# Ionide (cross platform F# VS Code tools) working folder -.ionide/ -/PaloAltoTestConsole/hashicorp-vault-pam.dll +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ +/PaloAltoTestConsole/hashicorp-vault-pam.dll diff --git a/CHANGELOG.md b/CHANGELOG.md index 39733b5..928f530 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,26 @@ -2.1.1 -* Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert. - -2.1.0 -* Support for Pan Level Certficates -* Support for Pushing Entire Certificate Chain to Panorama -* Auto Detection of Trusted Root Certificates -* Fix Inventory Check For Private Key from Dummy to Anything - -2.0.1 -* Fix Epoch Time in Model from int to long to prevent inventory errors - -2.0.0 -* Support for Panorama or Firewall connectivity -* Commits changes to the Individual Firewall -* Support for Panorama push to firewalls - -1.0.3 -* Added PAM Support for Orchestrator +2.2.0 +* Removed support for binding cert to new binding location, can only update certs that are previously bound +* Support for replacing certs on all binding locations both Panorama and Firewalls as long as it was there before +* Support for Virtual Systems on Firewalls, tested with only Azure Virtual Version of Firewall +* Support for Virtual Systems on Panorama Templates + +2.1.1 +* Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert. + +2.1.0 +* Support for Pan Level Certficates +* Support for Pushing Entire Certificate Chain to Panorama +* Auto Detection of Trusted Root Certificates +* Fix Inventory Check For Private Key from Dummy to Anything + +2.0.1 +* Fix Epoch Time in Model from int to long to prevent inventory errors + +2.0.0 +* Support for Panorama or Firewall connectivity +* Commits changes to the Individual Firewall +* Support for Panorama push to firewalls + +1.0.3 +* Added PAM Support for Orchestrator + diff --git a/LICENSE b/LICENSE index 261eeb9..29f81d8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,201 +1,201 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/PaloAlto.sln b/PaloAlto.sln index e8d498c..a0c394f 100644 --- a/PaloAlto.sln +++ b/PaloAlto.sln @@ -1,45 +1,45 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.30717.126 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAlto", "PaloAlto\PaloAlto.csproj", "{33FBC5A1-3466-4F10-B9A6-7186F804A65A}" -EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}" - ProjectSection(SolutionItems) = preProject - CHANGELOG.md = CHANGELOG.md - integration-manifest.json = integration-manifest.json - .github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml - README.md = README.md - README.md.tpl = README.md.tpl - EndProjectSection -EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{6302034E-DF8C-4B65-AC36-CED24C068999}" -EndProject -Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAltoTestConsole", "PaloAltoTestConsole\PaloAltoTestConsole.csproj", "{FFF21E91-1820-4090-922B-A78D5CC38D7B}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Any CPU = Debug|Any CPU - Release|Any CPU = Release|Any CPU - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.Build.0 = Debug|Any CPU - {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.ActiveCfg = Release|Any CPU - {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.Build.0 = Release|Any CPU - {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU - {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.ActiveCfg = Release|Any CPU - {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.Build.0 = Release|Any CPU - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(NestedProjects) = preSolution - {6302034E-DF8C-4B65-AC36-CED24C068999} = {1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6} - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {E0FA12DA-6B82-4E64-928A-BB9965E636C1} - EndGlobalSection -EndGlobal + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.30717.126 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAlto", "PaloAlto\PaloAlto.csproj", "{33FBC5A1-3466-4F10-B9A6-7186F804A65A}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6}" + ProjectSection(SolutionItems) = preProject + CHANGELOG.md = CHANGELOG.md + integration-manifest.json = integration-manifest.json + .github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml + README.md = README.md + README.md.tpl = README.md.tpl + EndProjectSection +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{6302034E-DF8C-4B65-AC36-CED24C068999}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAltoTestConsole", "PaloAltoTestConsole\PaloAltoTestConsole.csproj", "{FFF21E91-1820-4090-922B-A78D5CC38D7B}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Debug|Any CPU.Build.0 = Debug|Any CPU + {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.ActiveCfg = Release|Any CPU + {33FBC5A1-3466-4F10-B9A6-7186F804A65A}.Release|Any CPU.Build.0 = Release|Any CPU + {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Debug|Any CPU.Build.0 = Debug|Any CPU + {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.ActiveCfg = Release|Any CPU + {FFF21E91-1820-4090-922B-A78D5CC38D7B}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {6302034E-DF8C-4B65-AC36-CED24C068999} = {1A6C93E7-24FD-47FD-883D-EDABF5CEE4C6} + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {E0FA12DA-6B82-4E64-928A-BB9965E636C1} + EndGlobalSection +EndGlobal diff --git a/PaloAlto/Client/PaloAltoClient.cs b/PaloAlto/Client/PaloAltoClient.cs index 81bd464..a9f7569 100644 --- a/PaloAlto/Client/PaloAltoClient.cs +++ b/PaloAlto/Client/PaloAltoClient.cs @@ -17,11 +17,10 @@ using System.Net.Http; using System.Net.Http.Headers; using System.Reflection; -using System.Text.RegularExpressions; +using System.Text.RegularExpressions; using System.Threading.Tasks; using System.Xml; using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Requests; using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses; using Keyfactor.Logging; using Microsoft.Extensions.Logging; @@ -137,25 +136,6 @@ public async Task GetCommitAllResponse(string deviceGroup) } } - public async Task SubmitEditProfile(EditProfileRequest request, string templateName, string storePath) - { - try - { - var editXml = - $"{request.ProtocolSettings.MinVersion.Text}{request.ProtocolSettings.MaxVersion.Text}{request.Certificate}"; - - string uri= - $@"/api/?type=config&action=edit&xpath={storePath}/ssl-tls-service-profile/entry[@name='{request.Name}']&element={editXml}&key={ApiKey}&target-tpl={GetTemplateName(storePath)}"; - - var response = await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); - return response; - } - catch (Exception e) - { - _logger.LogError($"Error Occured in PaloAltoClient.SubmitDeleteCertificate: {e.Message}"); - throw; - } - } private string GetTemplateName(string storePath) { @@ -172,22 +152,6 @@ private string GetTemplateName(string storePath) return templateName; } - public async Task GetProfileByCertificate(string storePath, string certificate) - { - try - { - var xPath = $"{storePath}/ssl-tls-service-profile/entry[./certificate='{certificate}']"; - var uri = $"/api/?type=config&action=get&target-tpl={GetTemplateName(storePath)}&xpath={xPath}&key={ApiKey}"; - var response = - await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); - return response; - } - catch (Exception e) - { - _logger.LogError($"Error Occured in PaloAltoClient.GetProfileByCertificate: {e.Message}"); - throw; - } - } public async Task GetAuthenticationResponse() { @@ -233,6 +197,7 @@ public async Task GetCertificateByName(string name) } } + public async Task SubmitDeleteCertificate(string name, string storePath) { try @@ -261,10 +226,11 @@ public async Task SubmitDeleteTrustedRoot(string name, str } } + public async Task SubmitSetTrustedRoot(string name, string storePath) { try - { + { string uri = $@"/api/?type=config&action=set&xpath={storePath}/ssl-decrypt&element={name}&key={ApiKey}&target-tpl={GetTemplateName(storePath)}"; return await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); } @@ -273,16 +239,40 @@ public async Task SubmitSetTrustedRoot(string name, string _logger.LogError($"Error Occured in PaloAltoClient.SubmitSetTrustedRoot: {e.Message}"); throw; } + } + + public async Task SetPanoramaTarget(string storePath) + { + try + { + string uri = $"/api/?type=op&cmd=&key={ApiKey}"; + return await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); + } + catch (Exception e) + { + _logger.LogError($"Error Occured in PaloAltoClient.SubmitSetTrustedRoot: {e.Message}"); + throw; + } } + public async Task ImportCertificate(string name, string passPhrase, byte[] bytes, string includeKey, string category, string storePath) { try { var templateName=GetTemplateName(storePath); - var uri = - $@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&target-tpl={templateName}&target-tpl-vsys=&vsys&key={ApiKey}"; + var vsys = GetVirtualSystemFromPath(storePath); + string uri; + if (!Validators.IsValidPanoramaVsysFormat(storePath)) + { + uri =$@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&target-tpl={templateName}&vsys={vsys}&key={ApiKey}"; + } + else + { + uri = $@"/api/?type=import&category={category}&certificate-name={name}&format=pem&include-key={includeKey}&passphrase={passPhrase}&key={ApiKey}"; + } + var boundary = $"--------------------------{Guid.NewGuid():N}"; var requestContent = new MultipartFormDataContent(); requestContent.Headers.Remove("Content-Type"); @@ -304,7 +294,20 @@ public async Task ImportCertificate(string name, string pa } } + static string GetVirtualSystemFromPath(string path) + { + string pattern = @"vsys/entry\[@name='([^']*)'\]"; + + Match match = Regex.Match(path, pattern); + if (match.Success) + { + string vsysName = match.Groups[1].Value; + return vsysName; + } + + return ""; + } public async Task GetXmlResponseAsync(HttpResponseMessage response) { try @@ -340,6 +343,8 @@ public async Task GetResponseAsync(HttpResponseMessage response) } } + + private void EnsureSuccessfulResponse(HttpResponseMessage response) { try diff --git a/PaloAlto/JobProperties.cs b/PaloAlto/JobProperties.cs index 3f0b5aa..c421a17 100644 --- a/PaloAlto/JobProperties.cs +++ b/PaloAlto/JobProperties.cs @@ -1,28 +1,28 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.ComponentModel; -using Newtonsoft.Json; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto -{ - public class JobProperties - { - [JsonProperty("DeviceGroup")] - [DefaultValue("")] - public string DeviceGroup { get; set; } - - - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.ComponentModel; +using Newtonsoft.Json; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto +{ + public class JobProperties + { + [JsonProperty("DeviceGroup")] + [DefaultValue("")] + public string DeviceGroup { get; set; } + + + } +} diff --git a/PaloAlto/Jobs/Inventory.cs b/PaloAlto/Jobs/Inventory.cs index 74d343d..60a3206 100644 --- a/PaloAlto/Jobs/Inventory.cs +++ b/PaloAlto/Jobs/Inventory.cs @@ -1,232 +1,221 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Collections.Generic; -using System.IO; -using System.Linq; -using System.Security.Cryptography.X509Certificates; -using System.Text; -using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Client; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses; -using Keyfactor.Logging; -using Keyfactor.Orchestrators.Common.Enums; -using Keyfactor.Orchestrators.Extensions; -using Keyfactor.Orchestrators.Extensions.Interfaces; -using Microsoft.Extensions.Logging; -using Newtonsoft.Json; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs -{ - public class Inventory : IInventoryJobExtension - { - private ILogger _logger; - - private readonly IPAMSecretResolver _resolver; - - public Inventory(IPAMSecretResolver resolver) - { - _resolver = resolver; - } - - private string ServerPassword { get; set; } - private string ServerUserName { get; set; } - - private JobProperties StoreProperties { get; set; } - - public string ExtensionName => "PaloAlto"; - - public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration, - SubmitInventoryUpdate submitInventoryUpdate) - { - _logger = LogHandler.GetClassLogger(); - _logger.MethodEntry(LogLevel.Debug); - StoreProperties = JsonConvert.DeserializeObject( - jobConfiguration.CertificateStoreDetails.Properties, - new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); - - return PerformInventory(jobConfiguration, submitInventoryUpdate); - } - - public string ResolvePamField(string name, string value) - { - _logger.LogTrace($"Attempting to resolved PAM eligible field {name}"); - return _resolver.Resolve(value); - } - - private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInventoryUpdate submitInventory) - { - try - { - _logger.MethodEntry(LogLevel.Debug); - ServerPassword = ResolvePamField("ServerPassword", config.ServerPassword); - ServerUserName = ResolvePamField("ServerUserName", config.ServerUsername); - - var (valid, result) = Validators.ValidateStoreProperties(StoreProperties, - config.CertificateStoreDetails.StorePath, config.CertificateStoreDetails.ClientMachine, - config.JobHistoryId, ServerUserName, ServerPassword); - if (!valid) return result; - - _logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}"); - _logger.LogTrace( - $"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}"); - - //Get the list of certificates and Trusted Roots - var client = - new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, - ServerUserName, ServerPassword); //Api base URL Plus Key - _logger.LogTrace("Inventory Palo Alto Client Created"); - - //Change the path if you are pointed to a Panorama Device - var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result; - - var certificatesResult = - rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null); - LogResponse(certificatesResult); //Trace Write Certificate List Response from Palo Alto - - var trustedRootPayload = client.GetTrustedRootList().Result; - LogResponse(trustedRootPayload); //Trace Write Trusted Cert List Response from Palo Alto - - var warningFlag = false; - var sb = new StringBuilder(); - sb.Append(""); - - var inventoryItems = new List(); - - inventoryItems.AddRange(certificatesResult.Select( - c => - { - try - { - _logger.LogTrace( - $"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PublicKey} Private Key: {c.PrivateKey?.Length > 0}"); - var bindings = - client.GetProfileByCertificate(config.CertificateStoreDetails.StorePath, c.Name).Result; - return BuildInventoryItem(c.Name, c.PublicKey, c.PrivateKey?.Length>0,bindings,false); - } - catch - { - _logger.LogWarning( - $"Could not fetch the certificate: {c.Name} associated with issuer {c.Issuer}."); - sb.Append( - $"Could not fetch the certificate: {c.Name} associated with issuer {c.Issuer}.{Environment.NewLine}"); - warningFlag = true; - return new CurrentInventoryItem(); - } - }).Where(acsii => acsii?.Certificates != null).ToList()); - - - foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry) - try - { - _logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}"); - var certificatePem = client.GetCertificateByName(trustedRootCert.Name); - var bytes = Encoding.ASCII.GetBytes(certificatePem.Result); - var cert = new X509Certificate2(bytes); - _logger.LogTrace( - $"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}"); - var bindings = - client.GetProfileByCertificate(config.CertificateStoreDetails.StorePath, trustedRootCert.Name).Result; - inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey,bindings,true)); - } - catch - { - _logger.LogWarning( - $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}."); - sb.Append( - $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}"); - warningFlag = true; - } - - _logger.LogTrace("Submitting Inventory To Keyfactor via submitInventory.Invoke"); - submitInventory.Invoke(inventoryItems); - _logger.LogTrace("Submitted Inventory To Keyfactor via submitInventory.Invoke"); - - _logger.MethodExit(LogLevel.Debug); - return ReturnJobResult(config, warningFlag, sb); - } - catch (Exception e) - { - _logger.LogError($"PerformInventory Error: {e.Message}"); - throw; - } - } - - private JobResult ReturnJobResult(InventoryJobConfiguration config, bool warningFlag, StringBuilder sb) - { - if (warningFlag) - { - _logger.LogTrace("Found Warning"); - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Warning, - JobHistoryId = config.JobHistoryId, - FailureMessage = sb.ToString() - }; - } - - _logger.LogTrace("Return Success"); - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Success, - JobHistoryId = config.JobHistoryId, - FailureMessage = sb.ToString() - }; - } - - private void LogResponse(T content) - { - var resWriter = new StringWriter(); - var resSerializer = new XmlSerializer(typeof(T)); - resSerializer.Serialize(resWriter, content); - _logger.LogTrace($"Serialized Xml Response {resWriter}"); - } - - protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string certPem, bool privateKey, GetProfileByCertificateResponse bindings,bool trustedRoot) - { - try - { - _logger.MethodEntry(); - - //Add Entry Params so the show up in the UI Inventory Store Popup - var siteSettingsDict = new Dictionary - { - { "TlsProfileName", string.IsNullOrEmpty(bindings.Result?.Entry?.Name)?"":bindings.Result?.Entry?.Name}, - { "TlsMinVersion", string.IsNullOrEmpty(bindings.Result?.Entry?.ProtocolSettings?.MinVersion?.Text)?"":bindings.Result?.Entry?.ProtocolSettings?.MinVersion?.Text}, - { "TlsMaxVersion", string.IsNullOrEmpty(bindings.Result?.Entry?.ProtocolSettings?.MaxVersion?.Text)?"":bindings.Result?.Entry?.ProtocolSettings?.MaxVersion?.Text }, - { "Trusted Root", trustedRoot}, - }; - - _logger.LogTrace($"Alias: {alias} Pem: {certPem} PrivateKey: {privateKey}"); - var acsi = new CurrentInventoryItem - { - Alias = alias, - Certificates = new[] {certPem}, - ItemStatus = OrchestratorInventoryItemStatus.Unknown, - PrivateKeyEntry = privateKey, - UseChainLevel = false, - Parameters = siteSettingsDict - }; - - return acsi; - } - catch (Exception e) - { - _logger.LogError($"Error Occurred in Inventory.BuildInventoryItem: {e.Message}"); - throw; - } - } - } +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using System.Xml.Serialization; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Keyfactor.Orchestrators.Extensions.Interfaces; +using Microsoft.Extensions.Logging; +using Newtonsoft.Json; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs +{ + public class Inventory : IInventoryJobExtension + { + private ILogger _logger; + + private readonly IPAMSecretResolver _resolver; + + public Inventory(IPAMSecretResolver resolver) + { + _resolver = resolver; + } + + private string ServerPassword { get; set; } + private string ServerUserName { get; set; } + + private JobProperties StoreProperties { get; set; } + + public string ExtensionName => "PaloAlto"; + + public JobResult ProcessJob(InventoryJobConfiguration jobConfiguration, + SubmitInventoryUpdate submitInventoryUpdate) + { + _logger = LogHandler.GetClassLogger(); + _logger.MethodEntry(LogLevel.Debug); + StoreProperties = JsonConvert.DeserializeObject( + jobConfiguration.CertificateStoreDetails.Properties, + new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); + + return PerformInventory(jobConfiguration, submitInventoryUpdate); + } + + public string ResolvePamField(string name, string value) + { + _logger.LogTrace($"Attempting to resolved PAM eligible field {name}"); + return _resolver.Resolve(value); + } + + private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInventoryUpdate submitInventory) + { + try + { + _logger.MethodEntry(LogLevel.Debug); + ServerPassword = ResolvePamField("ServerPassword", config.ServerPassword); + ServerUserName = ResolvePamField("ServerUserName", config.ServerUsername); + _logger.LogTrace("Got Server User Name and Password"); + + var (valid, result) = Validators.ValidateStoreProperties(StoreProperties, + config.CertificateStoreDetails.StorePath, config.CertificateStoreDetails.ClientMachine, + config.JobHistoryId, ServerUserName, ServerPassword); + if (!valid) return result; + + _logger.LogTrace("Store Properties are Valid"); + _logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}"); + _logger.LogTrace( + $"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}"); + + //Get the list of certificates and Trusted Roots + var client = + new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, + ServerUserName, ServerPassword); //Api base URL Plus Key + _logger.LogTrace("Inventory Palo Alto Client Created"); + + //Change the path if you are pointed to a Panorama Device + var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result; + + var certificatesResult = + rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null); + LogResponse(certificatesResult); //Trace Write Certificate List Response from Palo Alto + + var trustedRootPayload = client.GetTrustedRootList().Result; + LogResponse(trustedRootPayload); //Trace Write Trusted Cert List Response from Palo Alto + + var warningFlag = false; + var sb = new StringBuilder(); + sb.Append(""); + + var inventoryItems = new List(); + + inventoryItems.AddRange(certificatesResult.Select( + c => + { + try + { + _logger.LogTrace( + $"Building Cert List Inventory Item Alias: {c.Name} Pem: {c.PublicKey} Private Key: {c.PrivateKey?.Length > 0}"); + + return BuildInventoryItem(c.Name, c.PublicKey, c.PrivateKey?.Length>0, false); + } + catch(Exception e) + { + _logger.LogWarning( + $"Could not fetch the certificate: {c.Name} associated with issuer {c.Issuer} error {LogHandler.FlattenException(e)}."); + sb.Append( + $"Could not fetch the certificate: {c.Name} associated with issuer {c.Issuer}.{Environment.NewLine}"); + warningFlag = true; + return new CurrentInventoryItem(); + } + }).Where(acsii => acsii?.Certificates != null).ToList()); + + + foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry) + try + { + _logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}"); + var certificatePem = client.GetCertificateByName(trustedRootCert.Name); + _logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}"); + var bytes = Encoding.ASCII.GetBytes(certificatePem.Result); + var cert = new X509Certificate2(bytes); + _logger.LogTrace( + $"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}"); + inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey, true)); + } + catch(Exception e) + { + _logger.LogWarning( + $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer} error {LogHandler.FlattenException(e)}."); + sb.Append( + $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}"); + warningFlag = true; + } + + _logger.LogTrace("Submitting Inventory To Keyfactor via submitInventory.Invoke"); + submitInventory.Invoke(inventoryItems); + _logger.LogTrace("Submitted Inventory To Keyfactor via submitInventory.Invoke"); + + _logger.MethodExit(LogLevel.Debug); + return ReturnJobResult(config, warningFlag, sb); + } + catch (Exception e) + { + _logger.LogError($"PerformInventory Error: {e.Message}"); + throw; + } + } + + private JobResult ReturnJobResult(InventoryJobConfiguration config, bool warningFlag, StringBuilder sb) + { + if (warningFlag) + { + _logger.LogTrace("Found Warning"); + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Warning, + JobHistoryId = config.JobHistoryId, + FailureMessage = sb.ToString() + }; + } + + _logger.LogTrace("Return Success"); + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Success, + JobHistoryId = config.JobHistoryId, + FailureMessage = sb.ToString() + }; + } + + private void LogResponse(T content) + { + var resWriter = new StringWriter(); + var resSerializer = new XmlSerializer(typeof(T)); + resSerializer.Serialize(resWriter, content); + _logger.LogTrace($"Serialized Xml Response {resWriter}"); + } + + protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string certPem, bool privateKey,bool trustedRoot) + { + try + { + _logger.MethodEntry(); + + _logger.LogTrace($"Alias: {alias} Pem: {certPem} PrivateKey: {privateKey}"); + var acsi = new CurrentInventoryItem + { + Alias = alias, + Certificates = new[] {certPem}, + ItemStatus = OrchestratorInventoryItemStatus.Unknown, + PrivateKeyEntry = privateKey, + UseChainLevel = false + }; + + return acsi; + } + catch (Exception e) + { + _logger.LogError($"Error Occurred in Inventory.BuildInventoryItem: {e.Message}"); + throw; + } + } + } } \ No newline at end of file diff --git a/PaloAlto/Jobs/Management.cs b/PaloAlto/Jobs/Management.cs index 4ea8067..c5b0dc1 100644 --- a/PaloAlto/Jobs/Management.cs +++ b/PaloAlto/Jobs/Management.cs @@ -1,250 +1,294 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; using System.Collections.Generic; -using System.IO; -using System.Linq; +using System.IO; +using System.Linq; using System.Security.Cryptography.X509Certificates; -using System.Text; -using System.Threading; -using System.Threading.Tasks; -using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Client; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Requests; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; -using Keyfactor.Logging; -using Keyfactor.Orchestrators.Common.Enums; -using Keyfactor.Orchestrators.Extensions; -using Keyfactor.Orchestrators.Extensions.Interfaces; -using Microsoft.Extensions.Logging; -using Newtonsoft.Json; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.OpenSsl; -using Org.BouncyCastle.Pkcs; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs -{ - public class Management : IManagementJobExtension - { - private static readonly string certStart = "-----BEGIN CERTIFICATE-----\n"; - private static readonly string certEnd = "\n-----END CERTIFICATE-----"; - - private static readonly Func Pemify = ss => - ss.Length <= 64 ? ss : ss.Substring(0, 64) + "\n" + Pemify(ss.Substring(64)); - - private readonly IPAMSecretResolver _resolver; - - private ILogger _logger; - - public Management(IPAMSecretResolver resolver) - { - _resolver = resolver; - _logger = LogHandler.GetClassLogger(); - _logger.LogTrace("Initialized Management with IPAMSecretResolver."); - } - - private string ServerPassword { get; set; } - - private JobProperties StoreProperties { get; set; } - private JobEntryParams JobEntryParams { get; set; } - - private string ServerUserName { get; set; } - - protected internal virtual AsymmetricKeyEntry KeyEntry { get; set; } - - public string ExtensionName => "PaloAlto"; - - public JobResult ProcessJob(ManagementJobConfiguration jobConfiguration) - { - _logger = LogHandler.GetClassLogger(); - _logger.LogTrace($"Processing job with configuration: {JsonConvert.SerializeObject(jobConfiguration)}"); - StoreProperties = JsonConvert.DeserializeObject( - jobConfiguration.CertificateStoreDetails.Properties, - new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); - var json = JsonConvert.SerializeObject(jobConfiguration.JobProperties, Formatting.Indented); - - _logger.LogTrace($"Job Properties: {json}"); - - JobEntryParams = JsonConvert.DeserializeObject( - json, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); - - - - _logger.MethodExit(); - return PerformManagement(jobConfiguration); - } - - private string ResolvePamField(string name, string value) - { - _logger.LogTrace($"Attempting to resolved PAM eligible field {name}"); - - return _resolver.Resolve(value); - } - - private JobResult PerformManagement(ManagementJobConfiguration config) - { - try - { - _logger.MethodEntry(); - ServerPassword = ResolvePamField("ServerPassword", config.ServerPassword); - ServerUserName = ResolvePamField("ServerUserName", config.ServerUsername); - - _logger.LogTrace("Validating Store Properties"); - - var (valid, result) = Validators.ValidateStoreProperties(StoreProperties, - config.CertificateStoreDetails.StorePath, config.CertificateStoreDetails.ClientMachine, - config.JobHistoryId, ServerUserName, ServerPassword); - - _logger.LogTrace($"Validated Store Properties and valid={valid}"); - - if (!valid) return result; - - var complete = new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = - "Invalid Management Operation" - }; - - if (config.OperationType.ToString() == "Add") - { - _logger.LogTrace("Adding..."); - _logger.LogTrace($"Add Config Json {JsonConvert.SerializeObject(config)}"); - complete = PerformAddition(config); - _logger.LogTrace("Finished Adding..."); - } - else if (config.OperationType.ToString() == "Remove") - { - _logger.LogTrace("Removing..."); - _logger.LogTrace($"Remove Config Json {JsonConvert.SerializeObject(config)}"); - complete = PerformRemoval(config); - _logger.LogTrace("Finished Removing..."); - } - - return complete; - } - catch (Exception e) - { - _logger.LogError($"Error Occurred in Management.PerformManagement: {e.Message}"); - throw; - } - } - - - private JobResult PerformRemoval(ManagementJobConfiguration config) - { - //Temporarily only performing additions - try - { - var warnings = string.Empty; - - _logger.MethodEntry(); - _logger.LogTrace( - $"Credentials JSON: Url: {config.CertificateStoreDetails.ClientMachine} Password: {config.ServerPassword}"); - var client = - new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, - ServerUserName, ServerPassword); //Api base URL Plus Key - - _logger.LogTrace( - $"Alias to Remove From Palo Alto: {config.JobCertificate.Alias}"); +using System.Text; +using System.Text.RegularExpressions; +using System.Threading; +using System.Xml.Serialization; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Client; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Keyfactor.Orchestrators.Extensions.Interfaces; +using Microsoft.Extensions.Logging; +using Newtonsoft.Json; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.OpenSsl; +using Org.BouncyCastle.Pkcs; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs +{ + public class Management : IManagementJobExtension + { + private static readonly string certStart = "-----BEGIN CERTIFICATE-----\n"; + private static readonly string certEnd = "\n-----END CERTIFICATE-----"; + + private static readonly Func Pemify = ss => + ss.Length <= 64 ? ss : ss.Substring(0, 64) + "\n" + Pemify(ss.Substring(64)); + + private readonly IPAMSecretResolver _resolver; + + private ILogger _logger; + + public Management(IPAMSecretResolver resolver) + { + _resolver = resolver; + _logger = LogHandler.GetClassLogger(); + _logger.LogTrace("Initialized Management with IPAMSecretResolver."); + } + + private string ServerPassword { get; set; } + + private JobProperties StoreProperties { get; set; } + + private string ServerUserName { get; set; } + + protected internal virtual AsymmetricKeyEntry KeyEntry { get; set; } + + public string ExtensionName => "PaloAlto"; + + public JobResult ProcessJob(ManagementJobConfiguration jobConfiguration) + { + _logger = LogHandler.GetClassLogger(); + _logger.LogTrace($"Processing job with configuration: {JsonConvert.SerializeObject(jobConfiguration)}"); + StoreProperties = JsonConvert.DeserializeObject( + jobConfiguration.CertificateStoreDetails.Properties, + new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); + + return PerformManagement(jobConfiguration); + } + + private string ResolvePamField(string name, string value) + { + _logger.LogTrace($"Attempting to resolved PAM eligible field {name}"); + + return _resolver.Resolve(value); + } + + private JobResult PerformManagement(ManagementJobConfiguration config) + { + try + { + _logger.MethodEntry(); + ServerPassword = ResolvePamField("ServerPassword", config.ServerPassword); + ServerUserName = ResolvePamField("ServerUserName", config.ServerUsername); + + _logger.LogTrace("Validating Store Properties for Management Job"); + + var (valid, result) = Validators.ValidateStoreProperties(StoreProperties, + config.CertificateStoreDetails.StorePath, config.CertificateStoreDetails.ClientMachine, + config.JobHistoryId, ServerUserName, ServerPassword); + + _logger.LogTrace($"Validated Store Properties and valid={valid}"); + + if (!valid) return result; + _logger.LogTrace("Validated Store Properties for Management Job"); + + var complete = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = + "Invalid Management Operation" + }; + + if (config.OperationType.ToString() == "Add") + { + _logger.LogTrace("Adding..."); + _logger.LogTrace($"Add Config Json {JsonConvert.SerializeObject(config)}"); + complete = PerformAddition(config); + _logger.LogTrace("Finished Perform Addition Function"); + + } + else if (config.OperationType.ToString() == "Remove") + { + _logger.LogTrace("Removing..."); + _logger.LogTrace($"Remove Config Json {JsonConvert.SerializeObject(config)}"); + complete = PerformRemoval(config); + _logger.LogTrace("Finished Perform Removal Function"); + + } + + return complete; + } + catch (Exception e) + { + _logger.LogError($"Error Occurred in Management.PerformManagement: {e.Message}"); + throw; + } + } + + + private JobResult PerformRemoval(ManagementJobConfiguration config) + { + //Temporarily only performing additions + try + { + var warnings = string.Empty; + + _logger.MethodEntry(); + _logger.LogTrace( + $"Credentials JSON: Url: {config.CertificateStoreDetails.ClientMachine} Password: {config.ServerPassword}"); + var client = + new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, + ServerUserName, ServerPassword); //Api base URL Plus Key + _logger.LogTrace("Palo Alto Client Created"); + + if (!SetPanoramaTarget(config, client)) + { + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = "Failed To Set Target for Panorama" + }; + } + + _logger.LogTrace( + + $"Alias to Remove From Palo Alto: {config.JobCertificate.Alias}"); if (!DeleteCertificate(config, client, warnings, out var deleteResult)) return deleteResult; - _logger.LogTrace("Committing Changes"); - warnings = CommitChanges(config, client, warnings); - _logger.LogTrace("Committed Changes"); - if (warnings.Length > 0) - { - _logger.LogTrace("Warnings Found"); - deleteResult.FailureMessage = warnings; - deleteResult.Result = OrchestratorJobStatusJobResult.Warning; + _logger.LogTrace("Attempting to Commit Changes for Removal Job..."); + warnings = CommitChanges(config, client, warnings); + _logger.LogTrace("Finished Committing Changes....."); + + if (warnings?.Length > 0) + + { + _logger.LogTrace("Warnings Found"); + deleteResult.FailureMessage = warnings; + deleteResult.Result = OrchestratorJobStatusJobResult.Warning; + } + + return deleteResult; + } + catch (Exception e) + { + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = $"PerformRemoval: {LogHandler.FlattenException(e)}" + }; + } + } + + + private bool SetPanoramaTarget(ManagementJobConfiguration config, PaloAltoClient client) + { + _logger.MethodEntry(); + if (Validators.IsValidPanoramaVsysFormat(config.CertificateStoreDetails.StorePath)) + { + _logger.LogTrace("Trying to Set Panorama Target for Template Vsys Configuration"); + var targetResult = client.SetPanoramaTarget(config.CertificateStoreDetails.StorePath).Result; + _logger.LogTrace("Completed Set Panorama Target for Template Vsys Configuration"); + if (targetResult != null && targetResult.Status.Equals("error", StringComparison.CurrentCultureIgnoreCase)) + { + { + var error = targetResult.LineMsg != null ? Validators.BuildPaloError(targetResult):"Could not retrieve error results"; + _logger.LogTrace($"Could not set target for Panorama vsys {error}"); + return false; + } + } + } + _logger.MethodExit(); + return true; + } + + private bool IsPanoramaDevice(ManagementJobConfiguration config) + { + _logger.MethodEntry(); + + return config.CertificateStoreDetails.StorePath.Length > 1; + } + + private bool CheckForDuplicate(ManagementJobConfiguration config, PaloAltoClient client, string certificateName) + { + _logger.MethodEntry(); + try + { + + _logger.MethodEntry(); + _logger.LogTrace("Getting list to check for duplicates"); + var rawCertificatesResult = client.GetCertificateList( + $"{config.CertificateStoreDetails.StorePath}/certificate/entry[@name='{certificateName}']") + .Result; + _logger.LogTrace("Got list to check for duplicates"); + + var certificatesResult = + rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null); + _logger.LogTrace("Searched for duplicates in the list"); + _logger.MethodExit(); - return deleteResult; - } - catch (Exception e) - { - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = $"PerformRemoval: {LogHandler.FlattenException(e)}" - }; - } - } - - private bool IsPanoramaDevice(ManagementJobConfiguration config) - { - _logger.MethodEntry(); - return config.CertificateStoreDetails.StorePath.Length > 1; - } - - private bool CheckForDuplicate(ManagementJobConfiguration config, PaloAltoClient client, string certificateName) - { - _logger.MethodEntry(); - try - { - _logger.LogTrace("checking for cert list"); - var rawCertificatesResult = client.GetCertificateList( - $"{config.CertificateStoreDetails.StorePath}/certificate/entry[@name='{certificateName}']") - .Result; - LogResponse(rawCertificatesResult); - _logger.LogTrace("Checked for cert list"); - var certificatesResult = - rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null); - _logger.MethodExit(); - return certificatesResult.Count > 0; - - } - catch (Exception e) - { - _logger.LogTrace( - $"Error Checking for Duplicate Cert in Management.CheckForDuplicate {LogHandler.FlattenException(e)}"); - throw; - } - } - - private JobResult PerformAddition(ManagementJobConfiguration config) - { - //Temporarily only performing additions - try - { - _logger.MethodEntry(); - var warnings = string.Empty; - var success = false; - - //Store path is "/" for direct integration with Firewall or the Template Name for integration with Panorama - if (config.CertificateStoreDetails.StorePath.Length > 0) - { - _logger.LogTrace( - $"Credentials JSON: Url: {config.CertificateStoreDetails.ClientMachine} Server UserName: {config.ServerUsername}"); - - var client = - new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, - ServerUserName, ServerPassword); //Api base URL Plus Key - _logger.LogTrace( - "Palo Alto Client Created"); - - var duplicate = CheckForDuplicate(config, client, config.JobCertificate.Alias); - _logger.LogTrace($"Duplicate? = {duplicate}"); - - //Check for Duplicate already in Palo Alto, if there, make sure the Overwrite flag is checked before replacing - if (duplicate && config.Overwrite || !duplicate) - { - _logger.LogTrace("Either not a duplicate or overwrite was chosen...."); - + return certificatesResult.Count > 0; + + } + catch (Exception e) + { + _logger.LogTrace( + $"Error Checking for Duplicate Cert in Management.CheckForDuplicate {LogHandler.FlattenException(e)}"); + throw; + } + } + + private JobResult PerformAddition(ManagementJobConfiguration config) + { + //Temporarily only performing additions + try + { + _logger.MethodEntry(); + var warnings = string.Empty; + + if (config.CertificateStoreDetails.StorePath.Length > 0) + { + _logger.LogTrace( + $"Credentials JSON: Url: {config.CertificateStoreDetails.ClientMachine} Server UserName: {config.ServerUsername}"); + + var client = + new PaloAltoClient(config.CertificateStoreDetails.ClientMachine, + ServerUserName, ServerPassword); //Api base URL Plus Key + _logger.LogTrace( + "Palo Alto Client Created"); + + if (!SetPanoramaTarget(config, client)) + { + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = "Failed To Set Target for Panorama" + }; + } + + _logger.LogTrace( + "Finished SetPanoramaTarget Function."); + + var duplicate = CheckForDuplicate(config, client, config.JobCertificate.Alias); + _logger.LogTrace($"Duplicate? = {duplicate}"); + + //Check for Duplicate already in Palo Alto, if there, make sure the Overwrite flag is checked before replacing + if (duplicate && config.Overwrite || !duplicate) + { + _logger.LogTrace("Either not a duplicate or overwrite was chosen...."); + _logger.LogTrace($"Found Private Key {config.JobCertificate.PrivateKeyPassword}"); if (string.IsNullOrWhiteSpace(config.JobCertificate.Alias)) @@ -253,47 +297,69 @@ private JobResult PerformAddition(ManagementJobConfiguration config) var certPem = GetPemFile(config); _logger.LogTrace($"Got certPem {certPem}"); - _logger.LogTrace("About to check chain info"); - //1. Get the chain in a list starting with root first, any intermediate then leaf - var orderedChainList = GetCertificateChain(config.JobCertificate?.Contents, config.JobCertificate?.PrivateKeyPassword); - _logger.LogTrace("Checked chain info"); - var alias = config.JobCertificate.Alias; - _logger.LogTrace($"Alias {alias}"); - //1. If the leaf cert is a duplicate then you rename the cert and update it. So you don't have to delete tls profile and cause downtime - if (duplicate) - { - _logger.LogTrace("Duplicate!"); - alias = GenerateName(alias); //fix name length - _logger.LogTrace($"New Alias {alias}"); - } + //1. Get the chain in a list starting with root first, any intermediate then leaf + var orderedChainList = GetCertificateChain(config.JobCertificate.Contents, config.JobCertificate.PrivateKeyPassword); + var alias = config.JobCertificate?.Alias; + _logger.LogTrace($"Alias {alias}"); + //2. Check palo alto for existing thumbprints of anything in the chain - _logger.LogTrace("Checking for existing thumbprints of anything in the chain"); var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result; - LogResponse(rawCertificatesResult); - _logger.LogTrace("Checked for existing thumbprints of anything in the chain"); - List certificates = new List(); + _logger.LogTrace("Got Raw Certificate Results"); ErrorSuccessResponse content = null; string errorMsg = string.Empty; + var caDict = new Dictionary(); + //1. Get a list of CAs with Thumbprints returned from The Palo Alto Device + if (rawCertificatesResult != null) + { + _logger.LogTrace("Logging Raw Certificate Results"); + LogResponse(rawCertificatesResult); + foreach (var cert in rawCertificatesResult.CertificateResult.Entry) + { + if (cert.PublicKey != null && cert.Ca.Equals("yes",StringComparison.CurrentCultureIgnoreCase)) + { + var pemContent = cert.PublicKey; + pemContent = Regex.Replace(pemContent, "-----BEGIN CERTIFICATE-----", string.Empty); + pemContent = Regex.Replace(pemContent, "-----END CERTIFICATE-----", string.Empty); + _logger.LogTrace(pemContent); + + // Convert the PEM string to a byte array + var certBytes = Convert.FromBase64String(pemContent); + // Create an X509Certificate2 object from the byte array + X509Certificate2 certificate = new X509Certificate2(certBytes); + + if (certificate.Thumbprint != null && !caDict.ContainsKey(certificate.Thumbprint)) + { + _logger.LogTrace($"Adding Thumbprint To Dictionary {certificate.Thumbprint} for {certificate.Subject}"); + caDict.Add(certificate.Thumbprint, cert.Name); + } + } + } + } + foreach (var cert in orderedChainList) { //root and intermediate just upload the cert from the chain no private key - if (((cert.type == "root" || cert.type == "intermediate") && !ThumbprintFound(cert.certificate.Thumbprint, certificates, rawCertificatesResult))) + if (((cert.type == "root" || cert.type == "intermediate") && !caDict.ContainsKey(cert.certificate?.Thumbprint ?? string.Empty))) { - var certName = BuildName(cert); + _logger.LogTrace("Found a root or intermediate cert that was not in the dictionary, Generating name based on subject"); + var certName = GenerateCaCertName(cert); + _logger.LogTrace($"Generated Cert Name {certName}"); + var importResult = client.ImportCertificate(certName, config.JobCertificate.PrivateKeyPassword, Encoding.UTF8.GetBytes(ExportToPem(cert.certificate)), "no", "certificate", config.CertificateStoreDetails.StorePath); content = importResult.Result; + _logger.LogTrace("Logging import result content."); LogResponse(content); - - + //Set as trusted Root if you successfully imported the root certificate if (content != null && content.Status.ToUpper() != "ERROR") { + _logger.LogTrace("Attempting to set cert to Trusted Root if type is root"); ErrorSuccessResponse rootResponse = null; if (cert.type == "root") rootResponse = SetTrustedRoot(certName, client, config.CertificateStoreDetails.StorePath); @@ -307,30 +373,18 @@ private JobResult PerformAddition(ManagementJobConfiguration config) //Leafs need the keypair only put leaf out there if root and intermediate succeeded if (cert.type == "leaf" && errorMsg.Length == 0) { + _logger.LogTrace("Found Leaf Certificate"); var type = string.IsNullOrWhiteSpace(config.JobCertificate.PrivateKeyPassword) ? "certificate" : "keypair"; + _logger.LogTrace($"Certificate Type of {type}"); var importResult = client.ImportCertificate(alias, config.JobCertificate.PrivateKeyPassword, Encoding.UTF8.GetBytes(certPem), "yes", type, config.CertificateStoreDetails.StorePath); + _logger.LogTrace("Finished Import About to Log Results..."); content = importResult.Result; LogResponse(content); + _logger.LogTrace("Finished Logging Import Results..."); - //If 1. was successful, then set trusted root, bindings then commit - if (content != null && content.Status.ToUpper() == "SUCCESS") - { - //3. Check if Bindings were added in the entry params and if so bind the cert to a tls profile in palo - var bindingsValidation = Validators.ValidateBindings(JobEntryParams); - if (string.IsNullOrEmpty(bindingsValidation)) - { - var bindingsResponse = SetBindings(config, client, - config.CertificateStoreDetails.StorePath,alias); - if (bindingsResponse.Result.Status.ToUpper() == "ERROR") - warnings += - $"Could not Set The Bindings. There was an error calling out to bindings in the device. {Validators.BuildPaloError(bindingsResponse.Result)}"; - } - if (errorMsg.Length == 0) - success = true; - } } if (content != null) @@ -339,75 +393,55 @@ private JobResult PerformAddition(ManagementJobConfiguration config) } } - //4. Try to commit to firewall or Palo Alto then Push to the devices if (errorMsg.Length == 0) + { + _logger.LogTrace("Attempting to Commit Changes, no errors were found"); warnings = CommitChanges(config, client, warnings); + } - return ReturnJobResult(config, warnings, success, errorMsg); - } - - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = - $"Duplicate alias {config.JobCertificate.Alias} found in Palo Alto, to overwrite use the overwrite flag." - }; - } - - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = - "Store Path needs to either be / for Firewall Integration or Template Name for Panorama" - }; - } - catch (Exception e) - { - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = - $"Management/Add {e.Message}" - }; - } + return ReturnJobResult(config, warnings,true, errorMsg); + + } + + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = + $"Duplicate alias {config.JobCertificate.Alias} found in Palo Alto, to overwrite use the overwrite flag." + }; + } + + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = + "Store Path needs to either be / for Firewall Integration or Template Name for Panorama" + }; + } + catch (Exception e) + { + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = + $"Management/Add {e.Message}" + }; + } } - private static string BuildName((X509Certificate2 certificate, string type) cert) + private string GenerateCaCertName((X509Certificate2 certificate, string type) cert) { - string subject = cert.certificate?.Subject; - string commonName = null; - - // Find the common name in the subject string - if (subject != null) - { - int startIndex = subject.IndexOf("CN=", StringComparison.Ordinal); - - if (startIndex >= 0) - { - startIndex += 3; // Move startIndex to the beginning of the common name value - int endIndex = subject.IndexOf(',', startIndex); // Find the end of the common name value - - if (endIndex < 0) - { - // If no comma is found, the common name extends to the end of the string - endIndex = subject.Length; - } - - // Extract the common name value - commonName = subject.Substring(startIndex, endIndex - startIndex); - } - } - - // Replace spaces with underscores - commonName = commonName?.Replace(" ", "_"); - - //Only 31 characters allowed for cert name - return DateTime.Now.ToString("yyyyMM") + "_" + RightTrimAfter(commonName, 23); - + DateTime currentDateTime = DateTime.UtcNow; + int unixTimestamp = (int) (currentDateTime.Subtract(new DateTime(1970, 1, 1))).TotalSeconds; + var isCa = PKI.Extensions.X509Extentions.IsCaCertificate(cert.certificate); + _logger.LogTrace($"Ca Certificate? {isCa}"); + var cn = GetCommonName(cert.certificate?.SubjectName.Name); + var certName = RightTrimAfter(unixTimestamp + "_" + cn.Replace(' ', '_'), 31); + return certName; } public static string RightTrimAfter(string input, int maxLength) @@ -426,264 +460,229 @@ public static string RightTrimAfter(string input, int maxLength) } } - public static string GenerateName(string name) + + private bool DeleteCertificate(ManagementJobConfiguration config, PaloAltoClient client, string warnings, + out JobResult deleteResult) + { + if (!SetPanoramaTarget(config, client)) + { + deleteResult = ReturnJobResult(config, warnings, false,"Could Not Set Panorama Target"); + return false; + } + + var delResponse = client.SubmitDeleteCertificate(config.JobCertificate.Alias, + config.CertificateStoreDetails.StorePath).Result; + if (delResponse.Status.ToUpper() == "ERROR") + { + var msg = Validators.BuildPaloError(delResponse); + if (msg.Contains("trusted-root-CA")) //Can't delete because Trusted Root + { + var delTrustedResponse = client.SubmitDeleteTrustedRoot(config.JobCertificate.Alias, + config.CertificateStoreDetails.StorePath).Result; + if (delTrustedResponse.Status.ToUpper() == "ERROR") + { + { + deleteResult = ReturnJobResult(config, warnings, false, + Validators.BuildPaloError(delTrustedResponse)); + return false; + } + } + + var delRespTryTwo = client + .SubmitDeleteCertificate(config.JobCertificate.Alias, config.CertificateStoreDetails.StorePath).Result; + if (delRespTryTwo.Status.ToUpper() == "ERROR") + { + { + deleteResult = ReturnJobResult(config, warnings, false, Validators.BuildPaloError(delResponse)); + return false; + } + } + } + else + { + //Delete Failed Return Error + { + deleteResult = ReturnJobResult(config, warnings, false, Validators.BuildPaloError(delResponse)); + return false; + } + } + } + + deleteResult = ReturnJobResult(config, warnings, true, Validators.BuildPaloError(delResponse)); + return true; + } + + private static JobResult ReturnJobResult(ManagementJobConfiguration config, string warnings, bool success, + string errorMessage) + { + if (warnings.Length > 0) + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Warning, + JobHistoryId = config.JobHistoryId, + FailureMessage = warnings + }; + + if (success) + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Success, + JobHistoryId = config.JobHistoryId, + FailureMessage = "" + }; + + return new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId, + FailureMessage = $"Result returned error {errorMessage}" + }; + } + + private void LogResponse(T content) { - string currentTime = DateTime.Now.ToString("yyMMddHHmmss"); + var resWriter = new StringWriter(); + var resSerializer = new XmlSerializer(typeof(T)); + resSerializer.Serialize(resWriter, content); + _logger.LogTrace($"Serialized Xml Response {resWriter}"); + } + + private string GetPemFile(ManagementJobConfiguration config) + { + // Load PFX + var pfxBytes = Convert.FromBase64String(config.JobCertificate.Contents); + Pkcs12Store p; + using (var pfxBytesMemoryStream = new MemoryStream(pfxBytes)) + { + p = new Pkcs12Store(pfxBytesMemoryStream, + config.JobCertificate?.PrivateKeyPassword?.ToCharArray()); + } + + _logger.LogTrace( + $"Created Pkcs12Store containing Alias {config.JobCertificate.Alias} Contains Alias is {p.ContainsAlias(config.JobCertificate.Alias)}"); - // Trim the name to 18 characters - string trimmedName = name.Length > 18 ? name.Substring(0, 18) : name; + // Extract private key + string alias; + string privateKeyString; + using (var memoryStream = new MemoryStream()) + { + using (TextWriter streamWriter = new StreamWriter(memoryStream)) + { + _logger.LogTrace("Extracting Private Key..."); + var pemWriter = new PemWriter(streamWriter); + _logger.LogTrace("Created pemWriter..."); + alias = p.Aliases.Cast().SingleOrDefault(a => p.IsKeyEntry(a)); + _logger.LogTrace($"Alias = {alias}"); + var publicKey = p.GetCertificate(alias).Certificate.GetPublicKey(); + _logger.LogTrace($"publicKey = {publicKey}"); + KeyEntry = p.GetKey(alias); + _logger.LogTrace($"KeyEntry = {KeyEntry}"); + if (KeyEntry == null) throw new Exception("Unable to retrieve private key"); + + var privateKey = KeyEntry.Key; + _logger.LogTrace($"privateKey = {privateKey}"); + var keyPair = new AsymmetricCipherKeyPair(publicKey, privateKey); + + pemWriter.WriteObject(keyPair.Private); + streamWriter.Flush(); + privateKeyString = Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim() + .Replace("\r", "").Replace("\0", ""); + _logger.LogTrace($"Got Private Key String {privateKeyString}"); + memoryStream.Close(); + streamWriter.Close(); + _logger.LogTrace("Finished Extracting Private Key..."); + } + } - // Append underscore and current time - string generatedName = trimmedName + "_" + currentTime; + var pubCertPem = + Pemify(Convert.ToBase64String(p.GetCertificate(alias).Certificate.GetEncoded())); + _logger.LogTrace($"Public cert Pem {pubCertPem}"); - return generatedName; + var certPem = privateKeyString + certStart + pubCertPem + certEnd; + return certPem; } - private static bool DeleteCertificate(ManagementJobConfiguration config, PaloAltoClient client, string warnings, - out JobResult deleteResult) - { - var delResponse = client.SubmitDeleteCertificate(config.JobCertificate.Alias, - config.CertificateStoreDetails.StorePath).Result; - if (delResponse.Status.ToUpper() == "ERROR") - { - var msg = Validators.BuildPaloError(delResponse); - if (msg.Contains("trusted-root-CA")) //Can't delete because Trusted Root - { - var delTrustedResponse = client.SubmitDeleteTrustedRoot(config.JobCertificate.Alias, - config.CertificateStoreDetails.StorePath).Result; - if (delTrustedResponse.Status.ToUpper() == "ERROR") - { - { - deleteResult = ReturnJobResult(config, warnings, false, - Validators.BuildPaloError(delTrustedResponse)); - return false; - } - } - - var delRespTryTwo = client - .SubmitDeleteCertificate(config.JobCertificate.Alias, config.CertificateStoreDetails.StorePath).Result; - if (delRespTryTwo.Status.ToUpper() == "ERROR") - { - { - deleteResult = ReturnJobResult(config, warnings, false, Validators.BuildPaloError(delResponse)); - return false; - } - } - } - else - { - //Delete Failed Return Error - { - deleteResult = ReturnJobResult(config, warnings, false, Validators.BuildPaloError(delResponse)); - return false; - } - } - } - - deleteResult = ReturnJobResult(config, warnings, true, Validators.BuildPaloError(delResponse)); - return true; - } - - private static JobResult ReturnJobResult(ManagementJobConfiguration config, string warnings, bool success, - string errorMessage) - { - if (warnings.Length > 0) - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Warning, - JobHistoryId = config.JobHistoryId, - FailureMessage = warnings - }; - - if (success) - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Success, - JobHistoryId = config.JobHistoryId, - FailureMessage = "" - }; - - return new JobResult - { - Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId, - FailureMessage = $"Result returned error {errorMessage}" - }; - } - - private void LogResponse(T content) - { - var resWriter = new StringWriter(); - var resSerializer = new XmlSerializer(typeof(T)); - resSerializer.Serialize(resWriter, content); - _logger.LogTrace($"Serialized Xml Response {resWriter}"); - } - - private string GetPemFile(ManagementJobConfiguration config) - { - // Load PFX - var pfxBytes = Convert.FromBase64String(config.JobCertificate.Contents); - Pkcs12Store p; - using (var pfxBytesMemoryStream = new MemoryStream(pfxBytes)) - { - p = new Pkcs12Store(pfxBytesMemoryStream, - config.JobCertificate?.PrivateKeyPassword?.ToCharArray()); - } - - _logger.LogTrace( - $"Created Pkcs12Store containing Alias {config.JobCertificate.Alias} Contains Alias is {p.ContainsAlias(config.JobCertificate.Alias)}"); - - // Extract private key - string alias; - string privateKeyString; - using (var memoryStream = new MemoryStream()) - { - using (TextWriter streamWriter = new StreamWriter(memoryStream)) - { - _logger.LogTrace("Extracting Private Key..."); - var pemWriter = new PemWriter(streamWriter); - _logger.LogTrace("Created pemWriter..."); - alias = p.Aliases.Cast().SingleOrDefault(a => p.IsKeyEntry(a)); - _logger.LogTrace($"Alias = {alias}"); - var publicKey = p.GetCertificate(alias).Certificate.GetPublicKey(); - _logger.LogTrace($"publicKey = {publicKey}"); - KeyEntry = p.GetKey(alias); - _logger.LogTrace($"KeyEntry = {KeyEntry}"); - if (KeyEntry == null) throw new Exception("Unable to retrieve private key"); - - var privateKey = KeyEntry.Key; - _logger.LogTrace($"privateKey = {privateKey}"); - var keyPair = new AsymmetricCipherKeyPair(publicKey, privateKey); - - pemWriter.WriteObject(keyPair.Private); - streamWriter.Flush(); - privateKeyString = Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim() - .Replace("\r", "").Replace("\0", ""); - _logger.LogTrace($"Got Private Key String {privateKeyString}"); - memoryStream.Close(); - streamWriter.Close(); - _logger.LogTrace("Finished Extracting Private Key..."); - } - } - - var pubCertPem = - Pemify(Convert.ToBase64String(p.GetCertificate(alias).Certificate.GetEncoded())); - _logger.LogTrace($"Public cert Pem {pubCertPem}"); - - var certPem = privateKeyString + certStart + pubCertPem + certEnd; - return certPem; - } - - private string CommitChanges(ManagementJobConfiguration config, PaloAltoClient client, string warnings) - { - var commitResponse = client.GetCommitResponse(); - if (commitResponse.Result.Status == "success") - { - //Check to see if it is a Panorama instance (not "/" or empty store path) if Panorama, push to corresponding firewall devices - var deviceGroup = StoreProperties?.DeviceGroup; - - //If there is a template and device group then push to all firewall devices because it is Panorama - if (IsPanoramaDevice(config) && deviceGroup?.Length > 0) - { - Thread.Sleep(120000); //Some delay built in so pushes to devices work - var commitAllResponse = client.GetCommitAllResponse(deviceGroup); - if (commitAllResponse.Result.Status != "success") - warnings += $"The push to firewall devices failed. {commitAllResponse.Result.Text}"; - } - } - else - { - warnings += $"The commit to the device failed. {commitResponse.Result.Text}"; - } - - return warnings; - } - - private Task SetBindings(ManagementJobConfiguration config, PaloAltoClient client, - string templateName,string aliasName) - { - //Handle the Profile Bindings - try - { - var profileRequest = new EditProfileRequest - { - Name = JobEntryParams.TlsProfileName, - Certificate = aliasName - }; - var pMinVersion = new ProfileMinVersion { Text = JobEntryParams.TlsMinVersion }; - var pMaxVersion = new ProfileMaxVersion { Text = JobEntryParams.TlsMaxVersion }; - var pSettings = new ProfileProtocolSettings { MinVersion = pMinVersion, MaxVersion = pMaxVersion }; - profileRequest.ProtocolSettings = pSettings; - - var reqWriter = new StringWriter(); - var reqSerializer = new XmlSerializer(typeof(EditProfileRequest)); - reqSerializer.Serialize(reqWriter, profileRequest); - _logger.LogTrace($"Profile Request {reqWriter}"); - - return client.SubmitEditProfile(profileRequest, templateName, config.CertificateStoreDetails.StorePath); - } - catch (Exception e) - { - _logger.LogError($"Error Occurred in Management.SetBindings {LogHandler.FlattenException(e)}"); - throw; - } + private string CommitChanges(ManagementJobConfiguration config, PaloAltoClient client, string warnings) + { + _logger.MethodEntry(); + var commitResponse = client.GetCommitResponse().Result; + _logger.LogTrace("Got client commit response, attempting to log it"); + LogResponse(commitResponse); + if (commitResponse.Status == "success") + { + _logger.LogTrace("Commit response shows success"); + //Check to see if it is a Panorama instance (not "/" or empty store path) if Panorama, push to corresponding firewall devices + var deviceGroup = StoreProperties?.DeviceGroup; + _logger.LogTrace($"Device Group {deviceGroup}"); + + //If there is a template and device group then push to all firewall devices because it is Panorama + if (IsPanoramaDevice(config) && deviceGroup?.Length > 0) + { + _logger.LogTrace("It is a panorama device, build some delay in there so it works, pan issue."); + Thread.Sleep(120000); //Some delay built in so pushes to devices work + _logger.LogTrace("Done sleeping"); + var commitAllResponse = client.GetCommitAllResponse(deviceGroup).Result; + _logger.LogTrace("Logging commit response from panorama."); + LogResponse(commitAllResponse); + if (commitAllResponse.Status != "success") + warnings += $"The push to firewall devices failed. {commitAllResponse.Text}"; + } + } + else + { + warnings += $"The commit to the device failed. {commitResponse.Text}"; + } + + return warnings; } + private List<(X509Certificate2 certificate, string type)> GetCertificateChain(string jobCertificate, string password) { _logger.MethodEntry(); - // Decode the base64-encoded chain to get the bytes + _logger.LogTrace("Decode the base64-encoded chain to get the bytes"); + byte[] certificateChainBytes = Convert.FromBase64String(jobCertificate); _logger.LogTrace($"Cert Chain Bytes: {certificateChainBytes}"); - // Create a collection to hold the certificates + _logger.LogTrace("Create a collection to hold the certificates"); X509Certificate2Collection certificateCollection = new X509Certificate2Collection(); - _logger.LogTrace($"Created certificate collection"); + _logger.LogTrace("Load the certificates from the byte array"); + certificateCollection.Import(certificateChainBytes, password, X509KeyStorageFlags.Exportable); - // Load the certificates from the byte array - certificateCollection.Import(certificateChainBytes, password, X509KeyStorageFlags.Exportable); - - _logger.LogTrace($"Imported collection"); - - // Identify the root certificate + _logger.LogTrace("Identify the root certificate"); X509Certificate2 rootCertificate = FindRootCertificate(certificateCollection); - _logger.LogTrace("Found Root Certificate"); - - // Create a list to hold the ordered certificates - List<(X509Certificate2 certificate, string certType)> orderedCertificates = new List<(X509Certificate2, string)>(); - - _logger.LogTrace("Created a list to hold the ordered certificates"); + _logger.LogTrace("Create a list to hold the ordered certificates"); + List<(X509Certificate2 certificate, string certType)> orderedCertificates = new List<(X509Certificate2, string)>(); - // Add the root certificate to the ordered list - if (rootCertificate != null) - orderedCertificates.Add((rootCertificate, "root")); - - _logger.LogTrace("Added Root To Collection"); + _logger.LogTrace("Add the root certificate to the ordered list"); + if (rootCertificate != null) + orderedCertificates.Add((rootCertificate, "root")); - // Add intermediate certificates to the ordered list and mark them as intermediate + _logger.LogTrace("Add intermediate certificates to the ordered list and mark them as intermediate"); foreach (X509Certificate2 certificate in certificateCollection) { - _logger.LogTrace("In loop to Add intermediate certificates to the ordered list and mark them as intermediate"); - // Exclude root certificate + + _logger.LogTrace("Exclude root certificate"); if (!certificate.Equals(rootCertificate)) - { - _logger.LogTrace("Excluded root certificate"); - // Check if the certificate is not the leaf certificate + { + _logger.LogTrace("Check if the certificate is not the leaf certificate"); + bool isLeaf = true; foreach (X509Certificate2 potentialIssuer in certificateCollection) { _logger.LogTrace("Check if the certificate is not the leaf certificate"); if (certificate?.Subject == potentialIssuer?.Issuer && potentialIssuer!=null && !potentialIssuer.Equals(certificate)) - { + { _logger.LogTrace("Leaf is false"); isLeaf = false; break; } } - // If the certificate is not the leaf certificate, add it as an intermediate certificate + _logger.LogTrace("If the certificate is not the leaf certificate, add it as an intermediate certificate"); if (!isLeaf) { _logger.LogTrace("If the certificate is not the leaf certificate, add it as an intermediate certificate"); @@ -692,12 +691,12 @@ private Task SetBindings(ManagementJobConfiguration config } } - // Add leaf certificates to the ordered list + _logger.LogTrace("Add leaf certificates to the ordered list"); foreach (X509Certificate2 certificate in certificateCollection) { _logger.LogTrace("Check for add leaf certificates to the ordered list"); if (!orderedCertificates.Exists(c => c.certificate != null && c.certificate.Equals(certificate))) - { + { _logger.LogTrace("Added leaf certificates to the ordered list"); orderedCertificates.Add((certificate, "leaf")); } @@ -712,169 +711,98 @@ private X509Certificate2 FindRootCertificate(X509Certificate2Collection certific _logger.MethodEntry(); foreach (X509Certificate2 certificate in certificates) { - _logger.LogTrace("Looping through all the certs to find the root"); - if (IsRootCertificate(certificate, certificates)) - { - _logger.LogTrace("Found Root"); + { + _logger.MethodExit(); return certificate; } } + + _logger.LogTrace("Return null if no root certificate is found"); _logger.MethodExit(); - // Return null if no root certificate is found return null; } + private string GetCommonName(string subject) + { + _logger.MethodEntry(); + _logger.LogTrace($"Subject {subject}"); + // Split the subject into parts + var parts = subject.Split(','); + + // Iterate over the parts to find the CN + foreach (var part in parts) + { + if (part.Trim().StartsWith("CN=", StringComparison.OrdinalIgnoreCase)) + { + return part.Trim().Substring(3).Trim(); + } + } + _logger.MethodExit(); + return null; // Return null if CN is not found + + } + private bool IsRootCertificate(X509Certificate2 certificate, X509Certificate2Collection certificates) { _logger.MethodEntry(); // Check if the certificate is self-signed - if (certificate?.Subject == certificate?.Issuer) + if (certificate.Subject == certificate.Issuer) { - _logger.LogTrace("Subject is equal to issuer"); // Check if there is no issuer in the collection with a matching subject foreach (X509Certificate2 issuerCertificate in certificates) { - _logger.LogTrace("Checking if there is no issuer in the collection with matching subject"); - if (issuerCertificate.Subject == certificate?.Subject && !issuerCertificate.Equals(certificate)) - { - _logger.LogTrace("Subject equal cert subject and issuer cert not equal to certificate"); + if (issuerCertificate.Subject == certificate.Subject && !issuerCertificate.Equals(certificate)) + { + _logger.LogTrace("false"); _logger.MethodExit(); return false; } } + _logger.LogTrace("true"); _logger.MethodExit(); return true; } + _logger.LogTrace("false"); + _logger.MethodExit(); return false; } - private string[] ExtractCertificateData(string text) - { - _logger.MethodEntry(); - List certDataList = new List(); - int startIndex = 0; - - while (startIndex != -1) - { - startIndex = text.IndexOf("-----BEGIN CERTIFICATE-----", startIndex, StringComparison.Ordinal); - if (startIndex != -1) - { - int endIndex = text.IndexOf("-----END CERTIFICATE-----", startIndex, StringComparison.Ordinal); - if (endIndex != -1) - { - int length = endIndex - startIndex - "-----BEGIN CERTIFICATE-----".Length; - if (length >= 0) - { - certDataList.Add(text.Substring(startIndex + "-----BEGIN CERTIFICATE-----".Length, length)); - startIndex = endIndex + "-----END CERTIFICATE-----".Length; - } - else - { - break; - } - } - else - { - break; - } - } - } - _logger.LogTrace($"Cert Data List: {certDataList?.Count}"); - _logger.MethodExit(); - return certDataList.ToArray(); - } - public string ExportToPem(X509Certificate2 certificate) + private string ExportToPem(X509Certificate2 certificate) { _logger.MethodEntry(); StringBuilder builder = new StringBuilder(); builder.AppendLine("-----BEGIN CERTIFICATE-----"); builder.AppendLine(Convert.ToBase64String(certificate.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); - builder.AppendLine("-----END CERTIFICATE-----"); - _logger.LogTrace($"String builder results: {builder?.ToString()}"); + builder.AppendLine("-----END CERTIFICATE-----"); + _logger.LogTrace(builder.ToString()); _logger.MethodExit(); return builder.ToString(); } - private string RemoveWhitespace(string input) - { - _logger.MethodEntry(); - StringBuilder sb = new StringBuilder(); - foreach (char c in input) - { - if (!char.IsWhiteSpace(c)) - { - sb.Append(c); - } - } - _logger.LogTrace($"String builder results: {sb?.ToString()}"); - _logger.MethodExit(); - return sb.ToString(); - } - - private bool ThumbprintFound(string thumbprintToSearch, List certificates, CertificateListResponse rawCertificatesResult) + + private ErrorSuccessResponse SetTrustedRoot(string jobCertificateAlias, PaloAltoClient client, + string templateName) { _logger.MethodEntry(); - foreach (var responseItem in rawCertificatesResult.CertificateResult.Entry) - { - _logger.LogTrace("Looping through Thumbprints"); - string[] certDataArray = null; - if (responseItem?.PublicKey != null) - { - certDataArray = ExtractCertificateData(responseItem.PublicKey); - } - else - { - // Handle the case where PublicKey is null - _logger.LogTrace("PublicKey is not available."); - } - _logger.LogTrace("Got CertData Array"); - if (certDataArray != null) - { - // Remove whitespace characters and parse each certificate - foreach (string certData in certDataArray) - { - _logger.LogTrace("Inside removing whitespace"); - byte[] rawData = Convert.FromBase64String(RemoveWhitespace(certData)); - _logger.LogTrace("Converted From Base64"); - X509Certificate2 cert = new X509Certificate2(rawData); - _logger.LogTrace("Adding to collection"); - certificates.Add(cert); - _logger.LogTrace("Added to collection"); - } - } - } - _logger.LogTrace("Finding Cert"); - X509Certificate2 foundCertificate = certificates.FirstOrDefault(cert => cert.Thumbprint != null && cert.Thumbprint.Equals(thumbprintToSearch, StringComparison.OrdinalIgnoreCase)); - _logger.LogTrace($"Found cert {foundCertificate}"); - _logger.MethodExit(); - if (foundCertificate != null) - return true; - return false; - } - - private ErrorSuccessResponse SetTrustedRoot(string jobCertificateAlias, PaloAltoClient client, - string templateName) - { - _logger.MethodEntry(); - try - { - _logger.LogTrace("Setting Trusted Root"); - var result = client.SubmitSetTrustedRoot(jobCertificateAlias, templateName); - _logger.LogTrace("Trusted Root Set"); - _logger.LogTrace(result.Result.LineMsg.Line.Count > 0 - ? $"Set Trusted Root Response {string.Join(" ,", result.Result.LineMsg.Line)}" - : $"Set Trusted Root Response {result.Result.LineMsg.StringMsg}"); - _logger.MethodExit(); - return result.Result; - } - catch (Exception e) - { - _logger.LogError($"Error Occurred in Management.SetTrustedRoot {LogHandler.FlattenException(e)}"); - throw; - } - } - } + try + { + _logger.LogTrace("Setting Trusted Root"); + var result = client.SubmitSetTrustedRoot(jobCertificateAlias, templateName); + _logger.LogTrace("Trusted Root Set"); + _logger.LogTrace(result.Result.LineMsg.Line.Count > 0 + ? $"Set Trusted Root Response {string.Join(" ,", result.Result.LineMsg.Line)}" + : $"Set Trusted Root Response {result.Result.LineMsg.StringMsg}"); + _logger.MethodExit(); + return result.Result; + } + catch (Exception e) + { + _logger.LogError($"Error Occurred in Management.SetTrustedRoot {LogHandler.FlattenException(e)}"); + throw; + } + } + } } \ No newline at end of file diff --git a/PaloAlto/Models/Requests/CreateCertificateRequest.cs b/PaloAlto/Models/Requests/CreateCertificateRequest.cs index 40c03aa..bc713a2 100644 --- a/PaloAlto/Models/Requests/CreateCertificateRequest.cs +++ b/PaloAlto/Models/Requests/CreateCertificateRequest.cs @@ -1,27 +1,27 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Collections.Generic; -using Newtonsoft.Json; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Requests -{ - public class CreateCertificateRequest - { - [JsonProperty("hostnames")] public List Hostnames { get; set; } - [JsonProperty("requested_validity")] public int RequestedValidity { get; set; } - [JsonProperty("request_type")] public string RequestType { get; set; } - [JsonProperty("csr")] public string Csr { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Collections.Generic; +using Newtonsoft.Json; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Requests +{ + public class CreateCertificateRequest + { + [JsonProperty("hostnames")] public List Hostnames { get; set; } + [JsonProperty("requested_validity")] public int RequestedValidity { get; set; } + [JsonProperty("request_type")] public string RequestType { get; set; } + [JsonProperty("csr")] public string Csr { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/CertificateListResponse.cs b/PaloAlto/Models/Responses/CertificateListResponse.cs index 886baae..6186ba7 100644 --- a/PaloAlto/Models/Responses/CertificateListResponse.cs +++ b/PaloAlto/Models/Responses/CertificateListResponse.cs @@ -1,36 +1,36 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - [XmlRoot(ElementName = "response")] - public class CertificateListResponse - { - - [XmlElement(ElementName = "result")] - public CertificateResult CertificateResult { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlAttribute(AttributeName = "code")] - public int Code { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + [XmlRoot(ElementName = "response")] + public class CertificateListResponse + { + + [XmlElement(ElementName = "result")] + public CertificateResult CertificateResult { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlAttribute(AttributeName = "code")] + public int Code { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/ErrorSuccessResponse.cs b/PaloAlto/Models/Responses/ErrorSuccessResponse.cs index 854d14d..1f8214c 100644 --- a/PaloAlto/Models/Responses/ErrorSuccessResponse.cs +++ b/PaloAlto/Models/Responses/ErrorSuccessResponse.cs @@ -1,47 +1,47 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Collections.Generic; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - [XmlRoot(ElementName = "msg")] - public class Msg - { - - [XmlElement(ElementName = "line")] - public List Line { get; set; } - - [XmlText] - public string StringMsg { get; set; } - } - - [XmlRoot(ElementName = "response")] - public class ErrorSuccessResponse - { - - [XmlElement(ElementName = "msg",IsNullable = true)] - public Msg LineMsg { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlAttribute(AttributeName = "code")] - public int Code { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Collections.Generic; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + [XmlRoot(ElementName = "msg")] + public class Msg + { + + [XmlElement(ElementName = "line")] + public List Line { get; set; } + + [XmlText] + public string StringMsg { get; set; } + } + + [XmlRoot(ElementName = "response")] + public class ErrorSuccessResponse + { + + [XmlElement(ElementName = "msg",IsNullable = true)] + public Msg LineMsg { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlAttribute(AttributeName = "code")] + public int Code { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/GetProfileByCertificateResponse.cs b/PaloAlto/Models/Responses/GetProfileByCertificateResponse.cs index ba64745..4501076 100644 --- a/PaloAlto/Models/Responses/GetProfileByCertificateResponse.cs +++ b/PaloAlto/Models/Responses/GetProfileByCertificateResponse.cs @@ -1,34 +1,34 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - [XmlRoot(ElementName = "response")] - public class GetProfileByCertificateResponse - { - [XmlElement(ElementName = "result")] - public ProfileResult Result { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlAttribute(AttributeName = "code")] - public int Code { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + [XmlRoot(ElementName = "response")] + public class GetProfileByCertificateResponse + { + [XmlElement(ElementName = "result")] + public ProfileResult Result { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlAttribute(AttributeName = "code")] + public int Code { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/ImportCertificateResponse.cs b/PaloAlto/Models/Responses/ImportCertificateResponse.cs index 056f433..1cca204 100644 --- a/PaloAlto/Models/Responses/ImportCertificateResponse.cs +++ b/PaloAlto/Models/Responses/ImportCertificateResponse.cs @@ -1,33 +1,33 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - - [XmlRoot(ElementName = "response")] - public class ImportCertificateResponse - { - - [XmlElement(ElementName = "result")] - public string Result { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + + [XmlRoot(ElementName = "response")] + public class ImportCertificateResponse + { + + [XmlElement(ElementName = "result")] + public string Result { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/NamedListResponse.cs b/PaloAlto/Models/Responses/NamedListResponse.cs index 4160681..2d92585 100644 --- a/PaloAlto/Models/Responses/NamedListResponse.cs +++ b/PaloAlto/Models/Responses/NamedListResponse.cs @@ -1,33 +1,33 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - [XmlRoot(ElementName = "response")] - public class NamedListResponse - { - - [XmlElement(ElementName = "result")] - public NamedListResult Result { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlAttribute(AttributeName = "code")] - public int Code { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + [XmlRoot(ElementName = "response")] + public class NamedListResponse + { + + [XmlElement(ElementName = "result")] + public NamedListResult Result { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlAttribute(AttributeName = "code")] + public int Code { get; set; } + } +} diff --git a/PaloAlto/Models/Responses/TrustedRootListResponse.cs b/PaloAlto/Models/Responses/TrustedRootListResponse.cs index 4bc41a7..fa6bbbe 100644 --- a/PaloAlto/Models/Responses/TrustedRootListResponse.cs +++ b/PaloAlto/Models/Responses/TrustedRootListResponse.cs @@ -1,36 +1,36 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses -{ - [XmlRoot(ElementName = "response")] - public class TrustedRootListResponse - { - - [XmlElement(ElementName = "result")] - public TrustedRootResult TrustedRootResult { get; set; } - - [XmlAttribute(AttributeName = "status")] - public string Status { get; set; } - - [XmlAttribute(AttributeName = "code")] - public int Code { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses +{ + [XmlRoot(ElementName = "response")] + public class TrustedRootListResponse + { + + [XmlElement(ElementName = "result")] + public TrustedRootResult TrustedRootResult { get; set; } + + [XmlAttribute(AttributeName = "status")] + public string Status { get; set; } + + [XmlAttribute(AttributeName = "code")] + public int Code { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Algorithm.cs b/PaloAlto/Models/SupportingObjects/Algorithm.cs index ed0dcc4..0e435d2 100644 --- a/PaloAlto/Models/SupportingObjects/Algorithm.cs +++ b/PaloAlto/Models/SupportingObjects/Algorithm.cs @@ -1,43 +1,43 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "algorithm")] - public class Algorithm - { - - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "algorithm")] + public class Algorithm + { + + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Ca.cs b/PaloAlto/Models/SupportingObjects/Ca.cs index 7043e2f..dfed0b2 100644 --- a/PaloAlto/Models/SupportingObjects/Ca.cs +++ b/PaloAlto/Models/SupportingObjects/Ca.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "ca")] - public class Ca - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "ca")] + public class Ca + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Certificate.cs b/PaloAlto/Models/SupportingObjects/Certificate.cs index 7682500..8104283 100644 --- a/PaloAlto/Models/SupportingObjects/Certificate.cs +++ b/PaloAlto/Models/SupportingObjects/Certificate.cs @@ -1,47 +1,47 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Collections.Generic; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "certificate")] - public class Certificate - { - - [XmlElement(ElementName = "entry")] - public List Entry { get; set; } - - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "certificate")] + public class Certificate + { + + [XmlElement(ElementName = "entry")] + public List Entry { get; set; } + + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/CertificateEntry.cs b/PaloAlto/Models/SupportingObjects/CertificateEntry.cs index f7dafce..2a0f22a 100644 --- a/PaloAlto/Models/SupportingObjects/CertificateEntry.cs +++ b/PaloAlto/Models/SupportingObjects/CertificateEntry.cs @@ -1,89 +1,89 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "entry")] - public class CertificateEntry - { - - [XmlElement(ElementName = "subject-hash")] - public SubjectHash SubjectHash { get; set; } - - [XmlElement(ElementName = "issuer-hash")] - public IssuerHash IssuerHash { get; set; } - - [XmlElement(ElementName = "not-valid-before")] - public NotValidBefore NotValidBefore { get; set; } - - [XmlElement(ElementName = "issuer")] - public Issuer Issuer { get; set; } - - [XmlElement(ElementName = "not-valid-after")] - public NotValidAfter NotValidAfter { get; set; } - - [XmlElement(ElementName = "common-name")] - public CommonName CommonName { get; set; } - - [XmlElement(ElementName = "expiry-epoch")] - public ExpiryEpoch ExpiryEpoch { get; set; } - - [XmlElement(ElementName = "ca")] - public Ca Ca { get; set; } - - [XmlElement(ElementName = "subject")] - public Subject Subject { get; set; } - - [XmlElement(ElementName = "public-key")] - public PublicKey PublicKey { get; set; } - - [XmlElement(ElementName = "algorithm")] - public Algorithm Algorithm { get; set; } - - [XmlElement(ElementName = "private-key")] - public string PrivateKey { get; set; } - - [XmlElement(ElementName = "common-name-int")] - public string CommonNameInt { get; set; } - - [XmlElement(ElementName = "subject-int")] - public string SubjectInt { get; set; } - - [XmlAttribute(AttributeName = "name")] - public string Name { get; set; } - - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "entry")] + public class CertificateEntry + { + + [XmlElement(ElementName = "subject-hash")] + public SubjectHash SubjectHash { get; set; } + + [XmlElement(ElementName = "issuer-hash")] + public IssuerHash IssuerHash { get; set; } + + [XmlElement(ElementName = "not-valid-before")] + public NotValidBefore NotValidBefore { get; set; } + + [XmlElement(ElementName = "issuer")] + public Issuer Issuer { get; set; } + + [XmlElement(ElementName = "not-valid-after")] + public NotValidAfter NotValidAfter { get; set; } + + [XmlElement(ElementName = "common-name")] + public CommonName CommonName { get; set; } + + [XmlElement(ElementName = "expiry-epoch")] + public ExpiryEpoch ExpiryEpoch { get; set; } + + [XmlElement(ElementName = "ca")] + public Ca Ca { get; set; } + + [XmlElement(ElementName = "subject")] + public Subject Subject { get; set; } + + [XmlElement(ElementName = "public-key")] + public PublicKey PublicKey { get; set; } + + [XmlElement(ElementName = "algorithm")] + public Algorithm Algorithm { get; set; } + + [XmlElement(ElementName = "private-key")] + public string PrivateKey { get; set; } + + [XmlElement(ElementName = "common-name-int")] + public string CommonNameInt { get; set; } + + [XmlElement(ElementName = "subject-int")] + public string SubjectInt { get; set; } + + [XmlAttribute(AttributeName = "name")] + public string Name { get; set; } + + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/CertificateResult.cs b/PaloAlto/Models/SupportingObjects/CertificateResult.cs index 6495965..b93d240 100644 --- a/PaloAlto/Models/SupportingObjects/CertificateResult.cs +++ b/PaloAlto/Models/SupportingObjects/CertificateResult.cs @@ -1,36 +1,36 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Collections.Generic; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "result")] - public class CertificateResult - { - - [XmlElement(ElementName = "entry")] - public List Entry { get; set; } - - [XmlAttribute(AttributeName = "total-count")] - public int TotalCount { get; set; } - - [XmlAttribute(AttributeName = "count")] - public int Count { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Collections.Generic; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "result")] + public class CertificateResult + { + + [XmlElement(ElementName = "entry")] + public List Entry { get; set; } + + [XmlAttribute(AttributeName = "total-count")] + public int TotalCount { get; set; } + + [XmlAttribute(AttributeName = "count")] + public int Count { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/CommonName.cs b/PaloAlto/Models/SupportingObjects/CommonName.cs index 6b7edfc..32cbcfb 100644 --- a/PaloAlto/Models/SupportingObjects/CommonName.cs +++ b/PaloAlto/Models/SupportingObjects/CommonName.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "common-name")] - public class CommonName - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "common-name")] + public class CommonName + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Entry.cs b/PaloAlto/Models/SupportingObjects/Entry.cs index 821523e..4644ef7 100644 --- a/PaloAlto/Models/SupportingObjects/Entry.cs +++ b/PaloAlto/Models/SupportingObjects/Entry.cs @@ -1,71 +1,71 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "entry")] - public class Entry - { - - [XmlElement(ElementName = "subject-hash")] - public string SubjectHash { get; set; } - - [XmlElement(ElementName = "issuer-hash")] - public string IssuerHash { get; set; } - - [XmlElement(ElementName = "not-valid-before")] - public string NotValidBefore { get; set; } - - [XmlElement(ElementName = "issuer")] - public string Issuer { get; set; } - - [XmlElement(ElementName = "not-valid-after")] - public string NotValidAfter { get; set; } - - [XmlElement(ElementName = "common-name")] - public string CommonName { get; set; } - - [XmlElement(ElementName = "expiry-epoch")] - public long ExpiryEpoch { get; set; } - - [XmlElement(ElementName = "ca")] - public string Ca { get; set; } - - [XmlElement(ElementName = "subject")] - public string Subject { get; set; } - - [XmlElement(ElementName = "public-key")] - public string PublicKey { get; set; } - - [XmlElement(ElementName = "algorithm")] - public string Algorithm { get; set; } - - [XmlElement(ElementName = "private-key")] - public string PrivateKey { get; set; } - - [XmlElement(ElementName = "common-name-int")] - public string CommonNameInt { get; set; } - - [XmlElement(ElementName = "subject-int")] - public string SubjectInt { get; set; } - - [XmlAttribute(AttributeName = "name")] - public string Name { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "entry")] + public class Entry + { + + [XmlElement(ElementName = "subject-hash")] + public string SubjectHash { get; set; } + + [XmlElement(ElementName = "issuer-hash")] + public string IssuerHash { get; set; } + + [XmlElement(ElementName = "not-valid-before")] + public string NotValidBefore { get; set; } + + [XmlElement(ElementName = "issuer")] + public string Issuer { get; set; } + + [XmlElement(ElementName = "not-valid-after")] + public string NotValidAfter { get; set; } + + [XmlElement(ElementName = "common-name")] + public string CommonName { get; set; } + + [XmlElement(ElementName = "expiry-epoch")] + public long ExpiryEpoch { get; set; } + + [XmlElement(ElementName = "ca")] + public string Ca { get; set; } + + [XmlElement(ElementName = "subject")] + public string Subject { get; set; } + + [XmlElement(ElementName = "public-key")] + public string PublicKey { get; set; } + + [XmlElement(ElementName = "algorithm")] + public string Algorithm { get; set; } + + [XmlElement(ElementName = "private-key")] + public string PrivateKey { get; set; } + + [XmlElement(ElementName = "common-name-int")] + public string CommonNameInt { get; set; } + + [XmlElement(ElementName = "subject-int")] + public string SubjectInt { get; set; } + + [XmlAttribute(AttributeName = "name")] + public string Name { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/ExpiryEpoch.cs b/PaloAlto/Models/SupportingObjects/ExpiryEpoch.cs index a81244d..a64efdb 100644 --- a/PaloAlto/Models/SupportingObjects/ExpiryEpoch.cs +++ b/PaloAlto/Models/SupportingObjects/ExpiryEpoch.cs @@ -1,41 +1,41 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "expiry-epoch")] - public class ExpiryEpoch - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - public double Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "expiry-epoch")] + public class ExpiryEpoch + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + public double Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Issuer.cs b/PaloAlto/Models/SupportingObjects/Issuer.cs index 63fd9b2..d8238af 100644 --- a/PaloAlto/Models/SupportingObjects/Issuer.cs +++ b/PaloAlto/Models/SupportingObjects/Issuer.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "issuer")] - public class Issuer - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "issuer")] + public class Issuer + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/IssuerHash.cs b/PaloAlto/Models/SupportingObjects/IssuerHash.cs index ecdc825..e9d8f19 100644 --- a/PaloAlto/Models/SupportingObjects/IssuerHash.cs +++ b/PaloAlto/Models/SupportingObjects/IssuerHash.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "issuer-hash")] - public class IssuerHash - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "issuer-hash")] + public class IssuerHash + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/NamedListEntry.cs b/PaloAlto/Models/SupportingObjects/NamedListEntry.cs index 167457b..5287175 100644 --- a/PaloAlto/Models/SupportingObjects/NamedListEntry.cs +++ b/PaloAlto/Models/SupportingObjects/NamedListEntry.cs @@ -1,26 +1,26 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "entry")] - public class NamedListEntry - { - - [XmlAttribute(AttributeName = "name")] - public string Name { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "entry")] + public class NamedListEntry + { + + [XmlAttribute(AttributeName = "name")] + public string Name { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/NamedListResult.cs b/PaloAlto/Models/SupportingObjects/NamedListResult.cs index 8506a03..939bdaf 100644 --- a/PaloAlto/Models/SupportingObjects/NamedListResult.cs +++ b/PaloAlto/Models/SupportingObjects/NamedListResult.cs @@ -1,33 +1,33 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Collections.Generic; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "result")] - public class NamedListResult - { - - [XmlElement(ElementName = "entry")] - public List Entry { get; set; } - - [XmlAttribute(AttributeName = "total-count")] - public int TotalCount { get; set; } - - [XmlAttribute(AttributeName = "count")] - public int Count { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Collections.Generic; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "result")] + public class NamedListResult + { + + [XmlElement(ElementName = "entry")] + public List Entry { get; set; } + + [XmlAttribute(AttributeName = "total-count")] + public int TotalCount { get; set; } + + [XmlAttribute(AttributeName = "count")] + public int Count { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/NotValidAfter.cs b/PaloAlto/Models/SupportingObjects/NotValidAfter.cs index aaf477d..6cd9321 100644 --- a/PaloAlto/Models/SupportingObjects/NotValidAfter.cs +++ b/PaloAlto/Models/SupportingObjects/NotValidAfter.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "not-valid-after")] - public class NotValidAfter - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "not-valid-after")] + public class NotValidAfter + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/NotValidBefore.cs b/PaloAlto/Models/SupportingObjects/NotValidBefore.cs index 53893df..196f600 100644 --- a/PaloAlto/Models/SupportingObjects/NotValidBefore.cs +++ b/PaloAlto/Models/SupportingObjects/NotValidBefore.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "not-valid-before")] - public class NotValidBefore - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "not-valid-before")] + public class NotValidBefore + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/PublicKey.cs b/PaloAlto/Models/SupportingObjects/PublicKey.cs index 7dc86d6..36639bd 100644 --- a/PaloAlto/Models/SupportingObjects/PublicKey.cs +++ b/PaloAlto/Models/SupportingObjects/PublicKey.cs @@ -1,43 +1,43 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "public-key")] - public class PublicKey - { - - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "public-key")] + public class PublicKey + { + + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/Subject.cs b/PaloAlto/Models/SupportingObjects/Subject.cs index b762ad0..490b61a 100644 --- a/PaloAlto/Models/SupportingObjects/Subject.cs +++ b/PaloAlto/Models/SupportingObjects/Subject.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "subject")] - public class Subject - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "subject")] + public class Subject + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/SubjectHash.cs b/PaloAlto/Models/SupportingObjects/SubjectHash.cs index e1fd2a6..ada5d89 100644 --- a/PaloAlto/Models/SupportingObjects/SubjectHash.cs +++ b/PaloAlto/Models/SupportingObjects/SubjectHash.cs @@ -1,42 +1,42 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "subject-hash")] - public class SubjectHash - { - [XmlAttribute(AttributeName = "admin")] - public string Admin { get; set; } - - [XmlAttribute(AttributeName = "dirtyId")] - public int DirtyId { get; set; } - - [XmlIgnore] - public DateTime Time { get; set; } - - [XmlElement("Time")] - public string DateTimeString - { - get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); - set => this.Time = DateTime.Parse(value); - } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "subject-hash")] + public class SubjectHash + { + [XmlAttribute(AttributeName = "admin")] + public string Admin { get; set; } + + [XmlAttribute(AttributeName = "dirtyId")] + public int DirtyId { get; set; } + + [XmlIgnore] + public DateTime Time { get; set; } + + [XmlElement("Time")] + public string DateTimeString + { + get => this.Time.ToString("yyyy-MM-dd HH:mm:ss"); + set => this.Time = DateTime.Parse(value); + } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/TrustedRootCa.cs b/PaloAlto/Models/SupportingObjects/TrustedRootCa.cs index 8903889..fc9eb73 100644 --- a/PaloAlto/Models/SupportingObjects/TrustedRootCa.cs +++ b/PaloAlto/Models/SupportingObjects/TrustedRootCa.cs @@ -1,27 +1,27 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Collections.Generic; -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "trusted-root-ca")] - public class TrustedRootCa - { - - [XmlElement(ElementName = "entry")] - public List Entry { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Collections.Generic; +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "trusted-root-ca")] + public class TrustedRootCa + { + + [XmlElement(ElementName = "entry")] + public List Entry { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/TrustedRootEntry.cs b/PaloAlto/Models/SupportingObjects/TrustedRootEntry.cs index 6f7974c..ee18090 100644 --- a/PaloAlto/Models/SupportingObjects/TrustedRootEntry.cs +++ b/PaloAlto/Models/SupportingObjects/TrustedRootEntry.cs @@ -1,53 +1,53 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "entry")] - public class TrustedRootEntry - { - - [XmlElement(ElementName = "filename")] - public string Filename { get; set; } - - [XmlElement(ElementName = "subject")] - public string Subject { get; set; } - - [XmlElement(ElementName = "common-name")] - public string CommonName { get; set; } - - [XmlElement(ElementName = "issuer")] - public string Issuer { get; set; } - - [XmlElement(ElementName = "serial-number")] - public string SerialNumber { get; set; } - - [XmlElement(ElementName = "not-valid-after")] - public string NotValidAfter { get; set; } - - [XmlElement(ElementName = "not-valid-before")] - public string NotValidBefore { get; set; } - - [XmlElement(ElementName = "expiry-epoch")] - public double ExpiryEpoch { get; set; } - - [XmlAttribute(AttributeName = "name")] - public string Name { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "entry")] + public class TrustedRootEntry + { + + [XmlElement(ElementName = "filename")] + public string Filename { get; set; } + + [XmlElement(ElementName = "subject")] + public string Subject { get; set; } + + [XmlElement(ElementName = "common-name")] + public string CommonName { get; set; } + + [XmlElement(ElementName = "issuer")] + public string Issuer { get; set; } + + [XmlElement(ElementName = "serial-number")] + public string SerialNumber { get; set; } + + [XmlElement(ElementName = "not-valid-after")] + public string NotValidAfter { get; set; } + + [XmlElement(ElementName = "not-valid-before")] + public string NotValidBefore { get; set; } + + [XmlElement(ElementName = "expiry-epoch")] + public double ExpiryEpoch { get; set; } + + [XmlAttribute(AttributeName = "name")] + public string Name { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/Models/SupportingObjects/TrustedRootResult.cs b/PaloAlto/Models/SupportingObjects/TrustedRootResult.cs index 4131c88..8c0ccf6 100644 --- a/PaloAlto/Models/SupportingObjects/TrustedRootResult.cs +++ b/PaloAlto/Models/SupportingObjects/TrustedRootResult.cs @@ -1,35 +1,35 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System.Xml.Serialization; - -namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects -{ - [XmlRoot(ElementName = "result")] - public class TrustedRootResult - { - - [XmlElement(ElementName = "trusted-root-ca")] - public TrustedRootCa TrustedRootCa { get; set; } - - [XmlAttribute(AttributeName = "total-count")] - public int TotalCount { get; set; } - - [XmlAttribute(AttributeName = "count")] - public int Count { get; set; } - - [XmlText] - public string Text { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Xml.Serialization; + +namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Models.SupportingObjects +{ + [XmlRoot(ElementName = "result")] + public class TrustedRootResult + { + + [XmlElement(ElementName = "trusted-root-ca")] + public TrustedRootCa TrustedRootCa { get; set; } + + [XmlAttribute(AttributeName = "total-count")] + public int TotalCount { get; set; } + + [XmlAttribute(AttributeName = "count")] + public int Count { get; set; } + + [XmlText] + public string Text { get; set; } + } +} diff --git a/PaloAlto/PaloAlto.csproj b/PaloAlto/PaloAlto.csproj index 65bfebc..af55d40 100644 --- a/PaloAlto/PaloAlto.csproj +++ b/PaloAlto/PaloAlto.csproj @@ -26,7 +26,7 @@ - + diff --git a/PaloAlto/Validators.cs b/PaloAlto/Validators.cs index 3fb7602..25523f7 100644 --- a/PaloAlto/Validators.cs +++ b/PaloAlto/Validators.cs @@ -13,7 +13,7 @@ // limitations under the License. using System.Linq; -using System.Text.RegularExpressions; +using System.Text.RegularExpressions; using Keyfactor.Extensions.Orchestrator.PaloAlto.Client; using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses; using Keyfactor.Orchestrators.Common.Enums; @@ -23,19 +23,7 @@ namespace Keyfactor.Extensions.Orchestrator.PaloAlto { public class Validators { - public static string ValidateBindings(JobEntryParams jobEntryParams) - { - var warnings = string.Empty; - - if (string.IsNullOrEmpty(jobEntryParams.TlsProfileName)) warnings += "You are missing the TlsProfileName, "; - - if (string.IsNullOrEmpty(jobEntryParams.TlsMinVersion)) warnings += "You are missing the TlsMin Field, "; - - if (string.IsNullOrEmpty(jobEntryParams.TlsMinVersion)) warnings += "You are missing the TlsMax Field, "; - - return warnings; - } - + public static string BuildPaloError(ErrorSuccessResponse bindingsResponseResult) { var errorResponse = string.Empty; @@ -69,16 +57,23 @@ static bool IsValidPanoramaFormat(string input) return regex.IsMatch(input); } + static bool IsValidFirewallVsysFormat(string input) + { + string pattern = @"^/config/devices/entry\[@name='localhost\.localdomain'\]/vsys/entry\[@name='[^']+'\]$"; + return Regex.IsMatch(input, pattern); + + } + public static (bool valid, JobResult result) ValidateStoreProperties(JobProperties storeProperties, string storePath,string clientMachine,long jobHistoryId, string serverUserName, string serverPassword) { var errors = string.Empty; //Check path Validity for either panorama shared location or firewall shared location or panorama level certificates - if (storePath != "/config/panorama" && storePath != "/config/shared" && !IsValidPanoramaFormat(storePath)) + if (storePath != "/config/panorama" && storePath != "/config/shared" && !IsValidPanoramaFormat(storePath) && !IsValidFirewallVsysFormat(storePath) && !(IsValidPanoramaVsysFormat(storePath))) { errors += - "Path is invalid needs to be /config/panorama, /config/shared or in format of /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='TemplateName']/config/shared."; + "Path is invalid needs to be /config/panorama, /config/shared or in format of /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='TemplateName']/config/shared or /config/devices/entry/template/entry[@name='TemplateName']/config/devices/entry/vsys/entry[@name='VsysName']"; } // If it is a firewall (store path of /) then you don't need the Group Name @@ -138,5 +133,11 @@ public static (bool valid, JobResult result) ValidateStoreProperties(JobProperti return (true, new JobResult()); } + + public static bool IsValidPanoramaVsysFormat(string storePath) + { + string pattern = @"^/config/devices/entry/template/entry\[@name='[^']+'\]/config/devices/entry/vsys/entry\[@name='[^']+'\]$"; + return Regex.IsMatch(storePath, pattern); + } } } diff --git a/PaloAlto/manifest.json b/PaloAlto/manifest.json index 5384161..63d18a2 100644 --- a/PaloAlto/manifest.json +++ b/PaloAlto/manifest.json @@ -1,14 +1,14 @@ -{ - "extensions": { - "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { - "CertStores.PaloAlto.Inventory": { - "assemblypath": "PaloAlto.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs.Inventory" - }, - "CertStores.PaloAlto.Management": { - "assemblypath": "PaloAlto.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs.Management" - } - } - } -} +{ + "extensions": { + "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { + "CertStores.PaloAlto.Inventory": { + "assemblypath": "PaloAlto.dll", + "TypeFullName": "Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs.Inventory" + }, + "CertStores.PaloAlto.Management": { + "assemblypath": "PaloAlto.dll", + "TypeFullName": "Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs.Management" + } + } + } +} diff --git a/PaloAltoTestConsole/FirewallInventory.json b/PaloAltoTestConsole/FirewallInventory.json index f4b3049..baf9ac9 100644 --- a/PaloAltoTestConsole/FirewallInventory.json +++ b/PaloAltoTestConsole/FirewallInventory.json @@ -1,21 +1,21 @@ -{ - "LastInventory": [], - "CertificateStoreDetails": { - "ClientMachine": "ClientMachineGoesHere", - "StorePath": "/", - "StorePassword": "", - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"\"}", - "Type": 105 - }, - "JobCancelled": false, - "ServerError": null, - "JobHistoryId": 22892, - "RequestStatus": 1, - "ServerUsername": "UserNameGoesHere", - "ServerPassword": "PasswordGoesHere", - "UseSSL": true, - "JobProperties": null, - "JobTypeId": "00000000-0000-0000-0000-000000000000", - "JobId": "ffca3981-adb2-4a7f-af09-4d0e1ac380b1", - "Capability": "CertStores.PaloAlto.Inventory" +{ + "LastInventory": [], + "CertificateStoreDetails": { + "ClientMachine": "ClientMachineGoesHere", + "StorePath": "/", + "StorePassword": "", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"\"}", + "Type": 105 + }, + "JobCancelled": false, + "ServerError": null, + "JobHistoryId": 22892, + "RequestStatus": 1, + "ServerUsername": "UserNameGoesHere", + "ServerPassword": "PasswordGoesHere", + "UseSSL": true, + "JobProperties": null, + "JobTypeId": "00000000-0000-0000-0000-000000000000", + "JobId": "ffca3981-adb2-4a7f-af09-4d0e1ac380b1", + "Capability": "CertStores.PaloAlto.Inventory" } \ No newline at end of file diff --git a/PaloAltoTestConsole/KeyfactorClient.cs b/PaloAltoTestConsole/KeyfactorClient.cs index ea705d6..5e2b9a5 100644 --- a/PaloAltoTestConsole/KeyfactorClient.cs +++ b/PaloAltoTestConsole/KeyfactorClient.cs @@ -1,57 +1,58 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Collections.Generic; -using System.Text; -using System.Threading.Tasks; -using RestSharp; - - -namespace PaloAltoTestConsole -{ - public class KeyfactorClient - { - public async Task EnrollCertificate(string commonName) - { - var options = new RestClientOptions("https://kfcommandurl.com"); - var client = new RestClient(options); - var request = new RestRequest("/KeyfactorAPI/Enrollment/PFX", Method.Post); - request.AddHeader("X-Keyfactor-Requested-With", "APIClient"); - request.AddHeader("x-certificateformat", "PFX"); - request.AddHeader("Authorization", "Basic fsadfsdafds="); - request.AddHeader("Content-Type", "application/json"); - var enrollRequest = new KeyfactorEnrollmentRequest - { - Password = "sldfklsdfsldjfk", - PopulateMissingValuesFromAD = false, - Subject = $"CN={commonName}", - IncludeChain = true, - RenewalCertificateId = 0, - CertificateAuthority = "DC-CA.Command.local\\CommandCA1", - Timestamp = DateTime.Now, - Template = "2YearTestWebServer" - }; - SANs sans = new SANs(); - List dnsList = new List { $"{commonName}" }; - sans.DNS = dnsList; - enrollRequest.SANs = sans; - request.AddBody(enrollRequest); - var response = await client.ExecutePostAsync(request); - return response.Data; - - } - - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Threading.Tasks; +using RestSharp; + + +namespace PaloAltoTestConsole +{ + public class KeyfactorClient + { + public async Task EnrollCertificate(string commonName) + { + var options = new RestClientOptions("https://bhillkf10.kfdelivery.com"); + var client = new RestClient(options); + var request = new RestRequest("/KeyfactorAPI/Enrollment/PFX", Method.Post); + request.AddHeader("X-Keyfactor-Requested-With", "APIClient"); + request.AddHeader("x-certificateformat", "PFX"); + request.AddHeader("Authorization", "Basic Q29tbWFuZFxLRkFkbWluOldoNUcyVGM2VkJZalNNcEM="); + request.AddHeader("Content-Type", "application/json"); + var enrollRequest = new KeyfactorEnrollmentRequest + { + Password = "sldfklsdfsldjfk", + PopulateMissingValuesFromAD = false, + Subject = $"CN={commonName},C=US", + IncludeChain = true, + RenewalCertificateId = 0, + CertificateAuthority = "DC-CA.Command.local\\CommandCA1", + //CertificateAuthority = "brian-ejbca.kfdelivery.com\\MyPKISubCA-G1", + Timestamp = DateTime.Now, + Template = "2YearTestWebServer" + //Template= "TLS Server Bhill_TLS Server BHill" + }; + SANs sans = new SANs(); + List dnsList = new List { $"{commonName}" }; + sans.DNS = dnsList; + enrollRequest.SANs = sans; + request.AddBody(enrollRequest); + var response = await client.ExecutePostAsync(request); + return response.Data; + + } + + } +} diff --git a/PaloAltoTestConsole/KeyfactorEnrollmentRequest.cs b/PaloAltoTestConsole/KeyfactorEnrollmentRequest.cs index 28c3623..124d736 100644 --- a/PaloAltoTestConsole/KeyfactorEnrollmentRequest.cs +++ b/PaloAltoTestConsole/KeyfactorEnrollmentRequest.cs @@ -1,39 +1,39 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Collections.Generic; -using System.Text; - -namespace PaloAltoTestConsole -{ - public class KeyfactorEnrollmentRequest - { - public string CustomFriendlyName { get; set; } - public string Password { get; set; } - public bool PopulateMissingValuesFromAD { get; set; } - public string Subject { get; set; } - public bool IncludeChain { get; set; } - public int RenewalCertificateId { get; set; } - public string CertificateAuthority { get; set; } - public DateTime Timestamp { get; set; } - public string Template { get; set; } - public SANs SANs { get; set; } - } - - public class SANs - { - public List DNS { get; set; } - } -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Text; + +namespace PaloAltoTestConsole +{ + public class KeyfactorEnrollmentRequest + { + public string CustomFriendlyName { get; set; } + public string Password { get; set; } + public bool PopulateMissingValuesFromAD { get; set; } + public string Subject { get; set; } + public bool IncludeChain { get; set; } + public int RenewalCertificateId { get; set; } + public string CertificateAuthority { get; set; } + public DateTime Timestamp { get; set; } + public string Template { get; set; } + public SANs SANs { get; set; } + } + + public class SANs + { + public List DNS { get; set; } + } +} diff --git a/PaloAltoTestConsole/KeyfactorEnrollmentResult.cs b/PaloAltoTestConsole/KeyfactorEnrollmentResult.cs index 1224392..9472129 100644 --- a/PaloAltoTestConsole/KeyfactorEnrollmentResult.cs +++ b/PaloAltoTestConsole/KeyfactorEnrollmentResult.cs @@ -1,51 +1,51 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License - -using System; -using System.Collections.Generic; -using System.Text; - -namespace PaloAltoTestConsole -{ - // Root myDeserializedClass = JsonConvert.DeserializeObject(myJsonResponse); - public class CertificateInformation - { - public string SerialNumber { get; set; } - public string IssuerDN { get; set; } - public string Thumbprint { get; set; } - public int KeyfactorId { get; set; } - public string Pkcs12Blob { get; set; } - public object Password { get; set; } - public string WorkflowInstanceId { get; set; } - public int WorkflowReferenceId { get; set; } - public List StoreIdsInvalidForRenewal { get; set; } - public int KeyfactorRequestId { get; set; } - public string RequestDisposition { get; set; } - public string DispositionMessage { get; set; } - public object EnrollmentContext { get; set; } - } - - public class Metadata - { - public string OID { get; set; } - } - - public class KeyfactorEnrollmentResult - { - public CertificateInformation CertificateInformation { get; set; } - public Metadata Metadata { get; set; } - } - - -} +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License + +using System; +using System.Collections.Generic; +using System.Text; + +namespace PaloAltoTestConsole +{ + // Root myDeserializedClass = JsonConvert.DeserializeObject(myJsonResponse); + public class CertificateInformation + { + public string SerialNumber { get; set; } + public string IssuerDN { get; set; } + public string Thumbprint { get; set; } + public int KeyfactorId { get; set; } + public string Pkcs12Blob { get; set; } + public object Password { get; set; } + public string WorkflowInstanceId { get; set; } + public int WorkflowReferenceId { get; set; } + public List StoreIdsInvalidForRenewal { get; set; } + public int KeyfactorRequestId { get; set; } + public string RequestDisposition { get; set; } + public string DispositionMessage { get; set; } + public object EnrollmentContext { get; set; } + } + + public class Metadata + { + public string OID { get; set; } + } + + public class KeyfactorEnrollmentResult + { + public CertificateInformation CertificateInformation { get; set; } + public Metadata Metadata { get; set; } + } + + +} diff --git a/PaloAltoTestConsole/ManagementRemove.json b/PaloAltoTestConsole/ManagementRemove.json index 42035ce..3e5ea30 100644 --- a/PaloAltoTestConsole/ManagementRemove.json +++ b/PaloAltoTestConsole/ManagementRemove.json @@ -1,34 +1,30 @@ -{ - "LastInventory": [], - "CertificateStoreDetails": { - "ClientMachine": "ClientMachineGoesHere", - "StorePath": "TemplateNameGoesHere", - "StorePassword": null, - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", - "Type": 105 - }, - "OperationType": 3, - "Overwrite": false, - "JobCertificate": { - "Thumbprint": null, - "Contents": "", - "Alias": "AliasGoesHere", - "PrivateKeyPassword": null - }, - "JobCancelled": false, - "ServerError": null, - "JobHistoryId": 22908, - "RequestStatus": 1, - "ServerUsername": "UserNameGoesHere", - "ServerPassword": "PasswordGoesHere", - "UseSSL": true, - "JobProperties": { - "Trusted Root": false, - "TlsMinVersion": "TlsMinVersionGoesHere", - "TLSMaxVersion": "TlsMaxVersionGoesHere", - "TlsProfileName": "ProfileNameGoesHere" - }, - "JobTypeId": "00000000-0000-0000-0000-000000000000", - "JobId": "ba6248e2-eb3f-4403-9974-8df0e9f15f98", - "Capability": "CertStores.PaloAlto.Management" +{ + "LastInventory": [], + "CertificateStoreDetails": { + "ClientMachine": "ClientMachineGoesHere", + "StorePath": "TemplateNameGoesHere", + "StorePassword": null, + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Type": 105 + }, + "OperationType": 3, + "Overwrite": false, + "JobCertificate": { + "Thumbprint": null, + "Contents": "", + "Alias": "AliasGoesHere", + "PrivateKeyPassword": null + }, + "JobCancelled": false, + "ServerError": null, + "JobHistoryId": 22908, + "RequestStatus": 1, + "ServerUsername": "UserNameGoesHere", + "ServerPassword": "PasswordGoesHere", + "UseSSL": true, + "JobProperties": { + }, + "JobTypeId": "00000000-0000-0000-0000-000000000000", + "JobId": "ba6248e2-eb3f-4403-9974-8df0e9f15f98", + "Capability": "CertStores.PaloAlto.Management" } \ No newline at end of file diff --git a/PaloAltoTestConsole/PaloAltoTestConsole.csproj b/PaloAltoTestConsole/PaloAltoTestConsole.csproj index 9a87bea..6a3f5fe 100644 --- a/PaloAltoTestConsole/PaloAltoTestConsole.csproj +++ b/PaloAltoTestConsole/PaloAltoTestConsole.csproj @@ -1,32 +1,35 @@ - - - - Exe - netcoreapp3.1 - - - - - - - - - - - - - - Always - - - Always - - - Always - - - Always - - - - + + + + Exe + netcoreapp3.1 + + + + + + + + + + + + + + Always + + + Always + + + Always + + + Always + + + Always + + + + diff --git a/PaloAltoTestConsole/PanoramaInventory.json b/PaloAltoTestConsole/PanoramaInventory.json index 73f1111..446f942 100644 --- a/PaloAltoTestConsole/PanoramaInventory.json +++ b/PaloAltoTestConsole/PanoramaInventory.json @@ -1,260 +1,260 @@ -{ - "LastInventory": [ - { - "Alias": "GeaugaRoof", - "PrivateKeyEntry": false, - "Thumbprints": [ - "B8D46056C088892258A894EBCB599BC539A9724C" - ] - }, - { - "Alias": "NewCert", - "PrivateKeyEntry": false, - "Thumbprints": [ - "1958A89E0CA8C9A54849D738709A4FE1ED870855" - ] - }, - { - "Alias": "brian", - "PrivateKeyEntry": false, - "Thumbprints": [ - "634FB01FFBACCBB9EC9E8DF29AE067F73A40A991" - ] - }, - { - "Alias": "hello", - "PrivateKeyEntry": false, - "Thumbprints": [ - "869F410795AC751EE2D8E6B391DABC408CA384F0" - ] - }, - { - "Alias": "evan", - "PrivateKeyEntry": false, - "Thumbprints": [ - "75D738EB5E2CB49AEBF12DCC899A92BD084FB475" - ] - }, - { - "Alias": "darrius", - "PrivateKeyEntry": false, - "Thumbprints": [ - "29C4E2C4C1C4036CAB0F23B78EEC17FAE158A8F1" - ] - }, - { - "Alias": "face", - "PrivateKeyEntry": false, - "Thumbprints": [ - "B43991B7D02C9B9604D3E2DC37F161357CAD2EE8" - ] - }, - { - "Alias": "ac", - "PrivateKeyEntry": false, - "Thumbprints": [ - "C9DD4A1D8C203E0707B30C82DF6D814E098DCD70" - ] - }, - { - "Alias": "palodemocert", - "PrivateKeyEntry": false, - "Thumbprints": [ - "C552053047ECA29524031745174E0800C1525282" - ] - }, - { - "Alias": "palocommitall", - "PrivateKeyEntry": false, - "Thumbprints": [ - "F53CB33F74A8EE262110E2C302C4051FC73504ED" - ] - }, - { - "Alias": "newpanoramacert", - "PrivateKeyEntry": false, - "Thumbprints": [ - "D72A8BDF3EE7C1848FF05882CA71E1C12466E124" - ] - }, - { - "Alias": "tscommit", - "PrivateKeyEntry": false, - "Thumbprints": [ - "EABF46E628B18400BCB4B89ADCC34B340E8BEA1A" - ] - }, - { - "Alias": "trycommitnow", - "PrivateKeyEntry": false, - "Thumbprints": [ - "B5DCFE076FB571CA22B36BC6205B9C7A9063EC52" - ] - }, - { - "Alias": "OGCommit", - "PrivateKeyEntry": false, - "Thumbprints": [ - "7765061EEC4E83FE7DF37C624774E89A486D1576" - ] - }, - { - "Alias": "committodevices2", - "PrivateKeyEntry": false, - "Thumbprints": [ - "6506124604691F8B68064EA095B1635C72A9A07A" - ] - }, - { - "Alias": "committodevices1", - "PrivateKeyEntry": false, - "Thumbprints": [ - "970D8EEB0F99D711322717B9CA5FDD2B93859BD7" - ] - }, - { - "Alias": "AnotherCommit", - "PrivateKeyEntry": false, - "Thumbprints": [ - "C156B89D1E0984140212DA28F26A0D313E3183C0" - ] - }, - { - "Alias": "sleepy1", - "PrivateKeyEntry": false, - "Thumbprints": [ - "8FADE71D3B92BF90BBC975B931A55E55D272F7F8" - ] - }, - { - "Alias": "Sleepy120", - "PrivateKeyEntry": false, - "Thumbprints": [ - "FC0510BEF565F43653D8EFDA7277A08E2D4EAFA5" - ] - }, - { - "Alias": "120try2", - "PrivateKeyEntry": false, - "Thumbprints": [ - "B2C5FE62DD08B021BE9E45FF97F3A8E1D2550A81" - ] - }, - { - "Alias": "120Try3", - "PrivateKeyEntry": false, - "Thumbprints": [ - "8B9AB8305EB2C34C0E876FE58DEDC96B1106987C" - ] - }, - { - "Alias": "pfxEnrollTest", - "PrivateKeyEntry": false, - "Thumbprints": [ - "A668CD6908CF4373F7582103CFF204ACC64C8EB3" - ] - }, - { - "Alias": "BindingsTest2", - "PrivateKeyEntry": false, - "Thumbprints": [ - "C33F39D4DA97EF4FFB98464AAC6072A30C22A1B8" - ] - }, - { - "Alias": "BindingsTest3", - "PrivateKeyEntry": false, - "Thumbprints": [ - "FC14DEAB5F79EF137C8DECF2F0903F13C5DB2C75" - ] - }, - { - "Alias": "BindingsCert", - "PrivateKeyEntry": false, - "Thumbprints": [ - "30724888B219D726FDA20CEC51C6FF2EAF995140" - ] - }, - { - "Alias": "BrianHill33", - "PrivateKeyEntry": false, - "Thumbprints": [ - "A9E0FF9319DC17820E0804D74CE6BE819C3CA06D" - ] - }, - { - "Alias": "PaloBindingsTest", - "PrivateKeyEntry": false, - "Thumbprints": [ - "48AB8F689A34C7D891C403CBDDD11710B347F4EE" - ] - }, - { - "Alias": "TestBindingsName", - "PrivateKeyEntry": false, - "Thumbprints": [ - "A1E76DDB960797EDBCFBD403AC6466720B8E4642" - ] - }, - { - "Alias": "BrianBinder", - "PrivateKeyEntry": false, - "Thumbprints": [ - "50CB0A34E63D25509B8CF6045F868DDD9ED6CF70" - ] - }, - { - "Alias": "BenderBinder", - "PrivateKeyEntry": false, - "Thumbprints": [ - "B30E73266B6F3669DC8AA6859DFF5E64090D2495" - ] - }, - { - "Alias": "BryceAlexander", - "PrivateKeyEntry": false, - "Thumbprints": [ - "00D132EDEC0BA3CB9623FACAF9176C5E52B77A8C" - ] - }, - { - "Alias": "SpeakerCert", - "PrivateKeyEntry": false, - "Thumbprints": [ - "5BD66F21A08CDC287A9BF2BAA538BF33D229FBAA" - ] - }, - { - "Alias": "CertAndBindingsToPA", - "PrivateKeyEntry": false, - "Thumbprints": [ - "72434177210E3D1C63A08E0C26C7A74F7AA4F057" - ] - }, - { - "Alias": "BindingsPlugTest", - "PrivateKeyEntry": false, - "Thumbprints": [ - "A3FD156359129C8F8667879C6360EC2DF38FFDBE" - ] - } - ], - "CertificateStoreDetails": { - "ClientMachine": "ClientMachineGoesHere", - "StorePath": "TemplateNameGoesHere", - "StorePassword": "", - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", - "Type": 105 - }, - "JobCancelled": false, - "ServerError": null, - "JobHistoryId": 22881, - "RequestStatus": 1, - "ServerUsername": "UserNameGoesHere", - "ServerPassword": "PasswordGoesHere", - "UseSSL": true, - "JobProperties": null, - "JobTypeId": "00000000-0000-0000-0000-000000000000", - "JobId": "c7785480-8b15-4e12-b55d-3f73735cad6b", - "Capability": "CertStores.PaloAlto.Inventory" +{ + "LastInventory": [ + { + "Alias": "GeaugaRoof", + "PrivateKeyEntry": false, + "Thumbprints": [ + "B8D46056C088892258A894EBCB599BC539A9724C" + ] + }, + { + "Alias": "NewCert", + "PrivateKeyEntry": false, + "Thumbprints": [ + "1958A89E0CA8C9A54849D738709A4FE1ED870855" + ] + }, + { + "Alias": "brian", + "PrivateKeyEntry": false, + "Thumbprints": [ + "634FB01FFBACCBB9EC9E8DF29AE067F73A40A991" + ] + }, + { + "Alias": "hello", + "PrivateKeyEntry": false, + "Thumbprints": [ + "869F410795AC751EE2D8E6B391DABC408CA384F0" + ] + }, + { + "Alias": "evan", + "PrivateKeyEntry": false, + "Thumbprints": [ + "75D738EB5E2CB49AEBF12DCC899A92BD084FB475" + ] + }, + { + "Alias": "darrius", + "PrivateKeyEntry": false, + "Thumbprints": [ + "29C4E2C4C1C4036CAB0F23B78EEC17FAE158A8F1" + ] + }, + { + "Alias": "face", + "PrivateKeyEntry": false, + "Thumbprints": [ + "B43991B7D02C9B9604D3E2DC37F161357CAD2EE8" + ] + }, + { + "Alias": "ac", + "PrivateKeyEntry": false, + "Thumbprints": [ + "C9DD4A1D8C203E0707B30C82DF6D814E098DCD70" + ] + }, + { + "Alias": "palodemocert", + "PrivateKeyEntry": false, + "Thumbprints": [ + "C552053047ECA29524031745174E0800C1525282" + ] + }, + { + "Alias": "palocommitall", + "PrivateKeyEntry": false, + "Thumbprints": [ + "F53CB33F74A8EE262110E2C302C4051FC73504ED" + ] + }, + { + "Alias": "newpanoramacert", + "PrivateKeyEntry": false, + "Thumbprints": [ + "D72A8BDF3EE7C1848FF05882CA71E1C12466E124" + ] + }, + { + "Alias": "tscommit", + "PrivateKeyEntry": false, + "Thumbprints": [ + "EABF46E628B18400BCB4B89ADCC34B340E8BEA1A" + ] + }, + { + "Alias": "trycommitnow", + "PrivateKeyEntry": false, + "Thumbprints": [ + "B5DCFE076FB571CA22B36BC6205B9C7A9063EC52" + ] + }, + { + "Alias": "OGCommit", + "PrivateKeyEntry": false, + "Thumbprints": [ + "7765061EEC4E83FE7DF37C624774E89A486D1576" + ] + }, + { + "Alias": "committodevices2", + "PrivateKeyEntry": false, + "Thumbprints": [ + "6506124604691F8B68064EA095B1635C72A9A07A" + ] + }, + { + "Alias": "committodevices1", + "PrivateKeyEntry": false, + "Thumbprints": [ + "970D8EEB0F99D711322717B9CA5FDD2B93859BD7" + ] + }, + { + "Alias": "AnotherCommit", + "PrivateKeyEntry": false, + "Thumbprints": [ + "C156B89D1E0984140212DA28F26A0D313E3183C0" + ] + }, + { + "Alias": "sleepy1", + "PrivateKeyEntry": false, + "Thumbprints": [ + "8FADE71D3B92BF90BBC975B931A55E55D272F7F8" + ] + }, + { + "Alias": "Sleepy120", + "PrivateKeyEntry": false, + "Thumbprints": [ + "FC0510BEF565F43653D8EFDA7277A08E2D4EAFA5" + ] + }, + { + "Alias": "120try2", + "PrivateKeyEntry": false, + "Thumbprints": [ + "B2C5FE62DD08B021BE9E45FF97F3A8E1D2550A81" + ] + }, + { + "Alias": "120Try3", + "PrivateKeyEntry": false, + "Thumbprints": [ + "8B9AB8305EB2C34C0E876FE58DEDC96B1106987C" + ] + }, + { + "Alias": "pfxEnrollTest", + "PrivateKeyEntry": false, + "Thumbprints": [ + "A668CD6908CF4373F7582103CFF204ACC64C8EB3" + ] + }, + { + "Alias": "BindingsTest2", + "PrivateKeyEntry": false, + "Thumbprints": [ + "C33F39D4DA97EF4FFB98464AAC6072A30C22A1B8" + ] + }, + { + "Alias": "BindingsTest3", + "PrivateKeyEntry": false, + "Thumbprints": [ + "FC14DEAB5F79EF137C8DECF2F0903F13C5DB2C75" + ] + }, + { + "Alias": "BindingsCert", + "PrivateKeyEntry": false, + "Thumbprints": [ + "30724888B219D726FDA20CEC51C6FF2EAF995140" + ] + }, + { + "Alias": "BrianHill33", + "PrivateKeyEntry": false, + "Thumbprints": [ + "A9E0FF9319DC17820E0804D74CE6BE819C3CA06D" + ] + }, + { + "Alias": "PaloBindingsTest", + "PrivateKeyEntry": false, + "Thumbprints": [ + "48AB8F689A34C7D891C403CBDDD11710B347F4EE" + ] + }, + { + "Alias": "TestBindingsName", + "PrivateKeyEntry": false, + "Thumbprints": [ + "A1E76DDB960797EDBCFBD403AC6466720B8E4642" + ] + }, + { + "Alias": "BrianBinder", + "PrivateKeyEntry": false, + "Thumbprints": [ + "50CB0A34E63D25509B8CF6045F868DDD9ED6CF70" + ] + }, + { + "Alias": "BenderBinder", + "PrivateKeyEntry": false, + "Thumbprints": [ + "B30E73266B6F3669DC8AA6859DFF5E64090D2495" + ] + }, + { + "Alias": "BryceAlexander", + "PrivateKeyEntry": false, + "Thumbprints": [ + "00D132EDEC0BA3CB9623FACAF9176C5E52B77A8C" + ] + }, + { + "Alias": "SpeakerCert", + "PrivateKeyEntry": false, + "Thumbprints": [ + "5BD66F21A08CDC287A9BF2BAA538BF33D229FBAA" + ] + }, + { + "Alias": "CertAndBindingsToPA", + "PrivateKeyEntry": false, + "Thumbprints": [ + "72434177210E3D1C63A08E0C26C7A74F7AA4F057" + ] + }, + { + "Alias": "BindingsPlugTest", + "PrivateKeyEntry": false, + "Thumbprints": [ + "A3FD156359129C8F8667879C6360EC2DF38FFDBE" + ] + } + ], + "CertificateStoreDetails": { + "ClientMachine": "ClientMachineGoesHere", + "StorePath": "TemplateNameGoesHere", + "StorePassword": "", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Type": 105 + }, + "JobCancelled": false, + "ServerError": null, + "JobHistoryId": 22881, + "RequestStatus": 1, + "ServerUsername": "UserNameGoesHere", + "ServerPassword": "PasswordGoesHere", + "UseSSL": true, + "JobProperties": null, + "JobTypeId": "00000000-0000-0000-0000-000000000000", + "JobId": "c7785480-8b15-4e12-b55d-3f73735cad6b", + "Capability": "CertStores.PaloAlto.Inventory" } \ No newline at end of file diff --git a/PaloAltoTestConsole/PanoramaMgmt.json b/PaloAltoTestConsole/PanoramaMgmt.json index a4bafa9..e4f2ec9 100644 --- a/PaloAltoTestConsole/PanoramaMgmt.json +++ b/PaloAltoTestConsole/PanoramaMgmt.json @@ -1,33 +1,30 @@ -{ - "LastInventory": [], - "CertificateStoreDetails": { - "ClientMachine": "ClientMachineGoesHere", - "StorePath": "TemplateNameGoesHere", - "StorePassword": null, - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", - "Type": 105 - }, - "OperationType": 2, - "Overwrite": false, - "JobCertificate": { - "Thumbprint": null, - "Contents": "CertificateContentGoesHere", - "Alias": "AliasGoesHere", - "PrivateKeyPassword": "sldfklsdfsldjfk" - }, - "JobCancelled": false, - "ServerError": null, - "JobHistoryId": 22907, - "RequestStatus": 1, - "ServerUsername": "UserNameGoesHere", - "ServerPassword": "PasswordGoesHere", - "UseSSL": true, - "JobProperties": { - "TlsMinVersion": "TlsMinVersionGoesHere", - "TLSMaxVersion": "TlsMaxVersionGoesHere", - "TlsProfileName": "TlsProfileNameGoesHere" - }, - "JobTypeId": "00000000-0000-0000-0000-000000000000", - "JobId": "6808e1a2-04bb-4008-89fc-649662c0cd2b", - "Capability": "CertStores.PaloAlto.Management" +{ + "LastInventory": [], + "CertificateStoreDetails": { + "ClientMachine": "ClientMachineGoesHere", + "StorePath": "TemplateNameGoesHere", + "StorePassword": null, + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Type": 105 + }, + "OperationType": 2, + "Overwrite": false, + "JobCertificate": { + "Thumbprint": null, + "Contents": "CertificateContentGoesHere", + "Alias": "AliasGoesHere", + "PrivateKeyPassword": "sldfklsdfsldjfk" + }, + "JobCancelled": false, + "ServerError": null, + "JobHistoryId": 22907, + "RequestStatus": 1, + "ServerUsername": "UserNameGoesHere", + "ServerPassword": "PasswordGoesHere", + "UseSSL": true, + "JobProperties": { + }, + "JobTypeId": "00000000-0000-0000-0000-000000000000", + "JobId": "6808e1a2-04bb-4008-89fc-649662c0cd2b", + "Capability": "CertStores.PaloAlto.Management" } \ No newline at end of file diff --git a/PaloAltoTestConsole/Program.cs b/PaloAltoTestConsole/Program.cs index c4c5f52..d83e589 100644 --- a/PaloAltoTestConsole/Program.cs +++ b/PaloAltoTestConsole/Program.cs @@ -1,249 +1,235 @@ -// Copyright 2023 Keyfactor -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -using System; -using System.Collections.Generic; -using System.IO; -using System.Threading; -using System.Threading.Tasks; -using Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs; -using Keyfactor.Orchestrators.Extensions; -using Keyfactor.Orchestrators.Extensions.Interfaces; -using Moq; -using Newtonsoft.Json; - -namespace PaloAltoTestConsole -{ - internal class Program - { - public static string UserName { get; set; } - public static string Password { get; set; } - public static string CaseName { get; set; } - public static string CertAlias { get; set; } - public static string ClientMachine { get; set; } - public static string DeviceGroup { get; set; } - public static string StorePath { get; set; } - public static string BindingName { get; set; } - public static string TlsMinVersion { get; set; } - public static string TlsMaxVersion { get; set; } - public static string Overwrite { get; set; } - public static string ManagementType { get; set; } - public static string CertificateContent { get; set; } - -#pragma warning disable 1998 - private static async Task Main(string[] args) -#pragma warning restore 1998 - { - - - var arguments = new Dictionary(); - Thread.Sleep(20000); - foreach (var argument in args) - { - var splitted = argument.Split('=',2); - - if (splitted.Length == 2) arguments[splitted[0]] = splitted[1]; - } - if (args.Length > 0) - { - CaseName = arguments["-casename"]; - UserName = arguments["-user"]; - Password = arguments["-password"]; - StorePath = arguments["-storepath"]; - DeviceGroup = arguments["-devicegroup"]; - ClientMachine = arguments["-clientmachine"]; - } - else - { - Console.WriteLine("Enter The Case Name Inventory or Management"); - CaseName = Console.ReadLine(); - Console.WriteLine("Enter User Name"); - UserName = Console.ReadLine(); - Console.WriteLine("Enter The Password"); - Password = Console.ReadLine(); - Console.WriteLine("Enter Store Path"); - StorePath = Console.ReadLine(); - Console.WriteLine("Enter DeviceGroup"); - DeviceGroup = Console.ReadLine(); - Console.WriteLine("Enter ClientMachine"); - ClientMachine = Console.ReadLine(); - } - - //Determine if this is a firewall or Panorama Instance - var isPanorama = !Convert.ToBoolean(StorePath == "/"); - - // Display message to user to provide parameters. - Console.WriteLine("Running"); - - switch (CaseName) - { - case "Inventory": - Console.WriteLine("Running Inventory"); - InventoryJobConfiguration invJobConfig; - invJobConfig = isPanorama - ? GetPanoramaInventoryJobConfiguration() - : GetInventoryJobConfiguration(); - Console.WriteLine("Got Inventory Config"); - SubmitInventoryUpdate sui = GetItems; - var secretResolver = new Mock(); - secretResolver.Setup(m => m.Resolve(It.Is(s => s == invJobConfig.ServerUsername))) - .Returns(() => invJobConfig.ServerUsername); - secretResolver.Setup(m => m.Resolve(It.Is(s => s == invJobConfig.ServerPassword))) - .Returns(() => invJobConfig.ServerPassword); - var inv = new Inventory(secretResolver.Object); - Console.WriteLine("Created Inventory Object With Constructor"); - var invResponse = inv.ProcessJob(invJobConfig, sui); - Console.WriteLine("Back From Inventory"); - Console.Write(JsonConvert.SerializeObject(invResponse)); - Console.ReadLine(); - break; - case "Management": - Console.WriteLine("Select Management Type Add or Remove"); - string mgmtType; - mgmtType = args.Length == 0 ? Console.ReadLine() : arguments["-managementtype"]; - - if (mgmtType?.ToUpper() == "ADD") - { - if (args.Length > 0) - { - BindingName = arguments["-bindingname"]; - CertAlias = arguments["-certalias"]; - TlsMinVersion = arguments["-tlsminversion"]; - TlsMaxVersion= arguments["-tlsmaxversion"]; - Overwrite = arguments["-overwrite"]; - } - else - { - Console.WriteLine("Enter Binding Name"); - BindingName = Console.ReadLine(); - Console.WriteLine("Enter Tls Min Version"); - TlsMinVersion = Console.ReadLine(); - Console.WriteLine("Enter Tls Max Version"); - TlsMaxVersion = Console.ReadLine(); - Console.WriteLine("Enter Cert Alias"); - CertAlias = Console.ReadLine(); - Console.WriteLine("Overwrite (True or False)?"); - Overwrite = Console.ReadLine(); - } - - Console.WriteLine("Start Generated Cert in KF API"); - var client = new KeyfactorClient(); - var kfResult = client.EnrollCertificate($"www.{CertAlias}.com").Result; - CertificateContent = kfResult.CertificateInformation.Pkcs12Blob; - Console.WriteLine("End Generated Cert in KF API"); - - var jobConfiguration = GetManagementJobConfiguration(); - var mgmtSecretResolver = new Mock(); - mgmtSecretResolver - .Setup(m => m.Resolve(It.Is(s => s == jobConfiguration.ServerUsername))) - .Returns(() => jobConfiguration.ServerUsername); - mgmtSecretResolver - .Setup(m => m.Resolve(It.Is(s => s == jobConfiguration.ServerPassword))) - .Returns(() => jobConfiguration.ServerPassword); - var mgmt = new Management(mgmtSecretResolver.Object); - - var result = mgmt.ProcessJob(jobConfiguration); - Console.Write(JsonConvert.SerializeObject(result)); - Console.ReadLine(); - } - - if (mgmtType.ToUpper() == "REMOVE") - { - if (args.Length > 0) - { - CertAlias = arguments["-certalias"]; - } - else - { - Console.WriteLine("Enter Cert Alias"); - CertAlias = Console.ReadLine(); - } - - var jobConfig = GetRemoveJobConfiguration(); - - var mgmtSecretResolver = new Mock(); - mgmtSecretResolver.Setup(m => m.Resolve(It.Is(s => s == jobConfig.ServerUsername))) - .Returns(() => jobConfig.ServerUsername); - mgmtSecretResolver.Setup(m => m.Resolve(It.Is(s => s == jobConfig.ServerPassword))) - .Returns(() => jobConfig.ServerPassword); - var mgmt = new Management(mgmtSecretResolver.Object); - var result = mgmt.ProcessJob(jobConfig); - Thread.Sleep(5000); - Console.Write(JsonConvert.SerializeObject(result)); - Console.ReadLine(); - } - - break; - } - } - - - public static bool GetItems(IEnumerable items) - { - return true; - } - - public static InventoryJobConfiguration GetInventoryJobConfiguration() - { - var fileContent = File.ReadAllText("FirewallInventory.json").Replace("UserNameGoesHere", UserName) - .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine); - var result = - JsonConvert.DeserializeObject(fileContent); - return result; - } - - public static InventoryJobConfiguration GetPanoramaInventoryJobConfiguration() - { - var fileContent = File.ReadAllText("PanoramaInventory.json").Replace("UserNameGoesHere", UserName) - .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) - .Replace("ClientMachineGoesHere", ClientMachine).Replace("DeviceGroupGoesHere", DeviceGroup); - var result = - JsonConvert.DeserializeObject(fileContent); - return result; - } - - public static ManagementJobConfiguration GetManagementJobConfiguration() - { - - var overWriteReplaceString = "\"Overwrite\": false"; - if (Overwrite.ToUpper() == "TRUE") - { - overWriteReplaceString = "\"Overwrite\": true"; - } - - var fileContent = File.ReadAllText("PanoramaMgmt.json").Replace("UserNameGoesHere", UserName) - .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) - .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias) - .Replace("ClientMachineGoesHere", ClientMachine).Replace("TlsProfileNameGoesHere", BindingName) - .Replace("TlsMaxVersionGoesHere", TlsMaxVersion).Replace("TlsMinVersionGoesHere", TlsMinVersion) - .Replace("\"Overwrite\": false",overWriteReplaceString) - .Replace("CertificateContentGoesHere", CertificateContent); - var result = - JsonConvert.DeserializeObject(fileContent); - return result; - } - - public static ManagementJobConfiguration GetRemoveJobConfiguration() - { - var fileContent = File.ReadAllText("ManagementRemove.json").Replace("UserNameGoesHere", UserName) - .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) - .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias) - .Replace("ClientMachineGoesHere", ClientMachine).Replace("TlsProfileNameGoesHere", BindingName) - .Replace("TlsMaxVersionGoesHere", TlsMaxVersion).Replace("TlsMinVersionGoesHere", TlsMinVersion); - var result = - JsonConvert.DeserializeObject(fileContent); - return result; - } - } +// Copyright 2023 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.IO; +using System.Threading; +using System.Threading.Tasks; +using Keyfactor.Extensions.Orchestrator.PaloAlto.Jobs; +using Keyfactor.Orchestrators.Extensions; +using Keyfactor.Orchestrators.Extensions.Interfaces; +using Moq; +using Newtonsoft.Json; + +namespace PaloAltoTestConsole +{ + internal class Program + { + public static string UserName { get; set; } + public static string Password { get; set; } + public static string CaseName { get; set; } + public static string CertAlias { get; set; } + public static string ClientMachine { get; set; } + public static string DeviceGroup { get; set; } + public static string StorePath { get; set; } + public static string Overwrite { get; set; } + public static string ManagementType { get; set; } + public static string CertificateContent { get; set; } + +#pragma warning disable 1998 + private static async Task Main(string[] args) +#pragma warning restore 1998 + { + + + var arguments = new Dictionary(); + Thread.Sleep(20000); + foreach (var argument in args) + { + var splitted = argument.Split('=',2); + + if (splitted.Length == 2) arguments[splitted[0]] = splitted[1]; + } + if (args.Length > 0) + { + CaseName = arguments["-casename"]; + UserName = arguments["-user"]; + Password = arguments["-password"]; + StorePath = arguments["-storepath"]; + DeviceGroup = arguments["-devicegroup"]; + ClientMachine = arguments["-clientmachine"]; + } + else + { + Console.WriteLine("Enter The Case Name Inventory or Management"); + CaseName = Console.ReadLine(); + Console.WriteLine("Enter User Name"); + UserName = Console.ReadLine(); + Console.WriteLine("Enter The Password"); + Password = Console.ReadLine(); + Console.WriteLine("Enter Store Path"); + StorePath = Console.ReadLine(); + Console.WriteLine("Enter DeviceGroup"); + DeviceGroup = Console.ReadLine(); + Console.WriteLine("Enter ClientMachine"); + ClientMachine = Console.ReadLine(); + } + + //Determine if this is a firewall or Panorama Instance + var isPanorama = !Convert.ToBoolean(StorePath == "/"); + + // Display message to user to provide parameters. + Console.WriteLine("Running"); + + switch (CaseName) + { + case "Inventory": + Console.WriteLine("Running Inventory"); + InventoryJobConfiguration invJobConfig; + invJobConfig = isPanorama + ? GetPanoramaInventoryJobConfiguration() + : GetInventoryJobConfiguration(); + Console.WriteLine("Got Inventory Config"); + SubmitInventoryUpdate sui = GetItems; + var secretResolver = new Mock(); + secretResolver.Setup(m => m.Resolve(It.Is(s => s == invJobConfig.ServerUsername))) + .Returns(() => invJobConfig.ServerUsername); + secretResolver.Setup(m => m.Resolve(It.Is(s => s == invJobConfig.ServerPassword))) + .Returns(() => invJobConfig.ServerPassword); + var inv = new Inventory(secretResolver.Object); + Console.WriteLine("Created Inventory Object With Constructor"); + var invResponse = inv.ProcessJob(invJobConfig, sui); + Console.WriteLine("Back From Inventory"); + Console.Write(JsonConvert.SerializeObject(invResponse)); + Console.ReadLine(); + break; + case "Management": + Console.WriteLine("Select Management Type Add or Remove"); + string mgmtType; + mgmtType = args.Length == 0 ? Console.ReadLine() : arguments["-managementtype"]; + + if (mgmtType?.ToUpper() == "ADD") + { + if (args.Length > 0) + { + CertAlias = arguments["-certalias"]; + Overwrite = arguments["-overwrite"]; + } + else + { + Console.WriteLine("Enter Cert Alias"); + CertAlias = Console.ReadLine(); + Console.WriteLine("Overwrite (True or False)?"); + Overwrite = Console.ReadLine(); + } + + Console.WriteLine("Start Generated Cert in KF API"); + var client = new KeyfactorClient(); + var kfResult = client.EnrollCertificate($"www.{CertAlias}.com").Result; + CertificateContent = kfResult.CertificateInformation.Pkcs12Blob; + Console.WriteLine("End Generated Cert in KF API"); + + var jobConfiguration = GetManagementJobConfiguration(); + var mgmtSecretResolver = new Mock(); + mgmtSecretResolver + .Setup(m => m.Resolve(It.Is(s => s == jobConfiguration.ServerUsername))) + .Returns(() => jobConfiguration.ServerUsername); + mgmtSecretResolver + .Setup(m => m.Resolve(It.Is(s => s == jobConfiguration.ServerPassword))) + .Returns(() => jobConfiguration.ServerPassword); + var mgmt = new Management(mgmtSecretResolver.Object); + + var result = mgmt.ProcessJob(jobConfiguration); + Console.Write(JsonConvert.SerializeObject(result)); + Console.ReadLine(); + } + + if (mgmtType.ToUpper() == "REMOVE") + { + if (args.Length > 0) + { + CertAlias = arguments["-certalias"]; + } + else + { + Console.WriteLine("Enter Cert Alias"); + CertAlias = Console.ReadLine(); + } + + var jobConfig = GetRemoveJobConfiguration(); + + var mgmtSecretResolver = new Mock(); + mgmtSecretResolver.Setup(m => m.Resolve(It.Is(s => s == jobConfig.ServerUsername))) + .Returns(() => jobConfig.ServerUsername); + mgmtSecretResolver.Setup(m => m.Resolve(It.Is(s => s == jobConfig.ServerPassword))) + .Returns(() => jobConfig.ServerPassword); + var mgmt = new Management(mgmtSecretResolver.Object); + var result = mgmt.ProcessJob(jobConfig); + Thread.Sleep(5000); + Console.Write(JsonConvert.SerializeObject(result)); + Console.ReadLine(); + } + + break; + } + } + + + public static bool GetItems(IEnumerable items) + { + return true; + } + + public static InventoryJobConfiguration GetInventoryJobConfiguration() + { + var fileContent = File.ReadAllText("FirewallInventory.json").Replace("UserNameGoesHere", UserName) + .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine); + var result = + JsonConvert.DeserializeObject(fileContent); + return result; + } + + public static InventoryJobConfiguration GetPanoramaInventoryJobConfiguration() + { + var fileContent = File.ReadAllText("PanoramaInventory.json").Replace("UserNameGoesHere", UserName) + .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) + .Replace("ClientMachineGoesHere", ClientMachine).Replace("DeviceGroupGoesHere", DeviceGroup); + var result = + JsonConvert.DeserializeObject(fileContent); + return result; + } + + public static ManagementJobConfiguration GetManagementJobConfiguration() + { + + var overWriteReplaceString = "\"Overwrite\": false"; + if (Overwrite.ToUpper() == "TRUE") + { + overWriteReplaceString = "\"Overwrite\": true"; + } + + var fileContent = File.ReadAllText("PanoramaMgmt.json").Replace("UserNameGoesHere", UserName) + .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) + .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias) + .Replace("ClientMachineGoesHere", ClientMachine) + .Replace("\"Overwrite\": false",overWriteReplaceString) + .Replace("CertificateContentGoesHere", CertificateContent); + var result = + JsonConvert.DeserializeObject(fileContent); + return result; + } + + public static ManagementJobConfiguration GetRemoveJobConfiguration() + { + var fileContent = File.ReadAllText("ManagementRemove.json").Replace("UserNameGoesHere", UserName) + .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) + .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias) + .Replace("ClientMachineGoesHere", ClientMachine); + var result = + JsonConvert.DeserializeObject(fileContent); + return result; + } + } } \ No newline at end of file diff --git a/PaloAltoTestConsole/RunTest.bat b/PaloAltoTestConsole/RunTest.bat index 7bdd29b..3528f46 100644 --- a/PaloAltoTestConsole/RunTest.bat +++ b/PaloAltoTestConsole/RunTest.bat @@ -1,484 +1,580 @@ -@echo off - -cd C:\Users\bhill\source\repos\paloalto-firewall-orchestrator\PaloAltoTestConsole\bin\Debug\netcoreapp3.1 -set FWMachine=urlToFW -set FWApiUser=someuser -set FWApiPassword=PWToFirewall -set PAMachine=urlToPan -set PAApiUser=PanUser -set PAApiPassword=PanPassword - - -goto :PAN - -echo *********************************** -echo Starting Single Firewall Test Cases -echo *********************************** - -set clientmachine=%FWMachine% -set password=%FWApiPassword% -set user=%FWApiUser% -set storepath=/config/shared - -echo *********************************** -echo Starting Management Test Cases -echo *********************************** -set casename=Management - - -set cert=%random% -set casename=Management -set mgt=add -set overwrite=false - -echo ************************************************************************************************************************ -echo TC1 %mgt% with no biding information. Should do the %mgt% and add anything in the chain -echo ************************************************************************************************************************ -echo overwrite: %overwrite% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - - -set mgt=remove -set trusted=false -set overwrite=false - -echo: -echo ******************************************************************************************************* -echo TC2 %mgt% missing bindings. Should %mgt% the cert since there are no dependencies -echo ******************************************************************************************************* -echo overwrite: %overwrite% -echo trusted: %trusted% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set cert=%random% -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=FirewallOnlyBinding - -echo: -echo ***************************************************************************************************************** -echo TC3 %mgt% with biding information. Should do the %mgt% and bind to the tls profile, no overwrite is trusted root -echo ***************************************************************************************************************** -echo overwrite: %overwrite% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -trustedroot=%trusted% -overwrite=%overwrite% - - -set mgt=remove -set overwrite=true -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=FirewallOnlyBinding - -echo: -echo ************************************************************************************************************** -echo TC4 Case Try to remove a bound cert, should not be allowed unless you want to delete the binding too not good -echo ************************************************************************************************************** -echo overwrite: %overwrite% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - - -set mgt=add -set overwrite=true -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=FirewallOnlyBinding - -echo: -echo *************************************************************************************************************** -echo TC5 %mgt% with biding information. Should do the %mgt% and bind to the tls profile, with overwrite,rename cert -echo *************************************************************************************************************** -echo overwrite: %overwrite% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=FirewallOnlyBinding - -echo: -echo ************************************************************************************************************* -echo TC6 Case No Overwrite with biding information. Should warn the user that the need the overwrite flag checked -echo ************************************************************************************************************* -echo overwrite: %overwrite% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set storepath=/config -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=FirewallOnlyBinding - -echo: -echo *************************************************** -echo TC7 Invalid Store Path - Job should fail with error -echo **************************************************** -echo overwrite: %overwrite% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -echo: -echo: -echo *********************************** -echo Starting Inventory Test Cases -echo *********************************** -set storepath=/config/shared -set casename=Inventory - -echo: -echo *************************************************************************************** -echo TC8 Firewall Inventory against firewall should return job status of "2" with no errors -echo *************************************************************************************** -echo overwrite: %overwrite% -echo trusted: %trusted% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo binding name: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% - -echo: -echo ********************************************* -echo Starting Panorama Shared Template Test Cases -echo ********************************************* - -set clientmachine=%PAMachine% -set password=%PAApiPassword% -set user=%PAApiUser% -echo: -echo *********************************** -echo Starting Management Test Cases -echo *********************************** -set casename=Management - - -set cert=%random% -::Palo Alto Firewall Test Cases Start Here -set storepath=CertificatesTemplate1 -set casename=Management -set mgt=add -set overwrite=false -set devicegroup=Group1 -echo: -echo ************************************************************************************************************* -echo TC10 Invalid store path Test, should return a list of valid templates panorama templates to use and error out -echo ************************************************************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set casename=Management -set mgt=add -set overwrite=false -set storepath="/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared" -set devicegroup=Broup2 -echo: -echo ********************************************************************************************** -echo TC11 Invalid Group Name, should return a list of valid Groups in panorama to use and error out -echo ********************************************************************************************** -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set cert=%random% -set devicegroup=Group1 -set mgt=add -set overwrite=false - -echo: -echo ************************************************************************************ -echo TC12 %mgt% certificate no overwrite, should %mgt% to Panorama and push to firewalls -echo ************************************************************************************ -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set mgt=remove -set overwrite=false -echo: -echo ************************************************************************************* -echo TC13 %mgt% certificate no overwrite, should %mgt% from Panorama and push to firewalls -echo ************************************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set cert=%random% -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=TestBindings -echo: -echo ********************************************************************************************************* -echo TC17 %mgt% with Bindings not trusted, no overwrite, should %mgt% to Panorama, Bind and push to firewalls -echo ********************************************************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set cert=OverwriteCertPA -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=TestBindings -echo: -echo ********************************************************************************************************* -echo TC18 %mgt% with Bindings not trusted, no overwrite, should %mgt% to Panorama, Bind and push to firewalls -echo ********************************************************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set mgt=add -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=TestBindings -echo: -echo ************************************************************************************************** -echo TC19 %mgt% with Bindings not trusted, no overwrite, should warn user that they need overwrite flag -echo ************************************************************************************************** -echo this is prep for TC20 and TC21 -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set mgt=remove -set overwrite=false -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=TestBindings -echo: -echo *********************************************************************************************** -echo TC20 %mgt% with Bindings not allow should error out, can't delete cert without deleting binding -echo *********************************************************************************************** -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - - -set mgt=add -set overwrite=true -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=TestBindings -echo: -echo ************************************************************************************************ -echo TC21 %mgt%, Overwrite with Bindings not trusted, no overwrite, should overwrite cert and binding -echo ************************************************************************************************ -echo overwrite: %overwrite% -echo store path: %storepath% -echo group name: %devicegroup% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% -echo: -echo: -echo *********************************** -echo Starting Inventory Test Cases -echo *********************************** - - -set casename=Inventory -echo: -echo ************************************************************************* -echo TC22 Inventory Panorama Certificates from Trusted Root and Cert Locations -echo ************************************************************************* -echo overwrite: %overwrite% -echo trusted: %trusted% -echo store path: %storepath% -echo group name: %devicegroup% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% - -:PAN - -echo: -echo ********************************************* -echo Starting Panorama Level certs Test Cases -echo ********************************************* - -set clientmachine=%PAMachine% -set password=%PAApiPassword% -set user=%PAApiUser% -echo: -echo *********************************** -echo Starting Management Test Cases -echo *********************************** -set casename=Management - -set cert=%random% -set storepath=/config/panorama -set casename=Management -set mgt=add -set overwrite=false -echo: -echo **************************************************** -echo TC22 Install Certificate Pan Level with No Bindings -echo **************************************************** -echo overwrite: %overwrite% -echo store path: %storepath% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -echo: -echo ************************************************************* -echo TC23 Duplicate Certificate No overwrite flag should warn user -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set overwrite=true - -echo: -echo ************************************************************* -echo TC24 Duplicate Certificate overwrite flag renames certificate -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set mgt=remove - -echo: -echo ************************************************************* -echo TC25 Delete unbound certificate should delete this. -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - -set cert=%random% -set mgt=add -set overwrite=true -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=PanLevelBindings - -echo: -echo ************************************************************* -echo TC26 Create Certificate and Bind To TLS Profile -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% - -set mgt=remove - -echo: -echo ************************************************************* -echo TC27 Delete bound certificate should warn user can't do this -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% - - -set mgt=add -set overwrite=true -set tlsmin=tls1-2 -set tlsmax=max -set bindingname=PanLevelBindings - -echo: -echo ************************************************************* -echo TC28 Replace bound certificate, should rename and rebind -echo ************************************************************* -echo overwrite: %overwrite% -echo store path: %storepath% -echo tlsmin: %tlsmin% -echo tlsmax: %tlsmax% -echo bindingname: %bindingname% -echo cert name: %cert% - -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion=%tlsmin% -tlsmaxversion=%tlsmax% -bindingname=%bindingname% -overwrite=%overwrite% -@pause +@echo off + +cd C:\Users\asdf\source\repos\paloalto-firewall-orchestrator\PaloAltoTestConsole\bin\Debug\netcoreapp3.1 +set FWMachine=asfd +set FWApiUser=asfd +set FWApiPassword=asfdsdfa +set PAMachine=afsd +set PAApiUser=bhisadfll +set PAApiPassword=adfssadf + +GOTO:PANTemplateVsys +echo *********************************** +echo Starting Single Firewall Test Cases +echo *********************************** + +set clientmachine=%FWMachine% +set password=%FWApiPassword% +set user=%FWApiUser% +set storepath=/config/shared + +echo *********************************** +echo Starting Management Test Cases +echo *********************************** +set casename=Management + + +set cert=%random% +set casename=Management +set mgt=add +set overwrite=false + +echo ************************************************************************************************************************ +echo TC1 %mgt%. Should do the %mgt% and add anything in the chain +echo ************************************************************************************************************************ +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove +set trusted=false +set overwrite=false + +echo: +echo ******************************************************************************************************* +echo TC2 %mgt% unbound Cert. Should %mgt% the cert since there are no dependencies +echo ******************************************************************************************************* +echo overwrite: %overwrite% +echo trusted: %trusted% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove +set overwrite=true + +echo: +echo ************************************************************************************************************** +echo TC3 Case Try to remove a bound cert, should not be allowed unless you want to delete the binding too not good +echo ************************************************************************************************************** +echo overwrite: %overwrite% +set /p cert=Please enter bound cert name: +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=false + +echo: +echo ************************************************************************************************************* +echo TC4 Case No Overwrite with biding information. Should warn the user that the need the overwrite flag checked +echo ************************************************************************************************************* +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +echo: +echo *************************************************** +echo TC5 Invalid Store Path - Job should fail with error +echo **************************************************** +set storepath=/config +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=true + +echo: +echo ************************************************************************************************************* +echo TC6 Replace Bound Certificate +echo ************************************************************************************************************* +echo overwrite: %overwrite% +set /p cert=Please enter bound cert name: +set storepath=/config/shared +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +echo: +echo: +echo *********************************** +echo Starting Inventory Test Cases +echo *********************************** +set storepath=/config/shared +set casename=Inventory + +echo: +echo *************************************************************************************** +echo TC6 Firewall Inventory against firewall should return job status of "2" with no errors +echo *************************************************************************************** +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% + + +:firewallvsys +echo *********************************** +echo Starting Firewall Vsys Test Cases +echo *********************************** + +set clientmachine=%FWMachine% +set password=%FWApiPassword% +set user=%FWApiUser% +set storepath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] + + +echo *********************************** +echo Starting Management Test Cases +echo *********************************** +set casename=Management + + +set cert=%random% +set casename=Management +set mgt=add +set overwrite=false + +echo ************************************************************************************************************************ +echo TC7 %mgt%. Should do the %mgt% and add anything in the chain +echo ************************************************************************************************************************ +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove +set trusted=false +set overwrite=false + +echo: +echo ******************************************************************************************************* +echo TC8 %mgt% unbound Cert. Should %mgt% the cert since there are no dependencies +echo ******************************************************************************************************* +echo overwrite: %overwrite% +echo trusted: %trusted% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove +set overwrite=true + +echo: +echo ************************************************************************************************************** +echo TC9 Case Try to remove a bound cert, should not be allowed unless you want to delete the binding too not good +echo ************************************************************************************************************** +echo overwrite: %overwrite% +set /p cert=Please enter bound cert name: +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=false + +echo: +echo ************************************************************************************************************* +echo TC10 Case No Overwrite with biding information. Should warn the user that the need the overwrite flag checked +echo ************************************************************************************************************* +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +echo: +echo *************************************************** +echo TC11 Invalid Store Path - Job should fail with error +echo **************************************************** +set storepath=/config +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=true + +echo: +echo ************************************************************************************************************* +echo TC12 Replace Bound Certificate +echo ************************************************************************************************************* +echo overwrite: %overwrite% +set /p cert=Please enter bound cert name: +set storepath=/config/shared +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +echo: +echo: +echo *********************************** +echo Starting Inventory Test Cases +echo *********************************** +set storepath=/config/shared +set casename=Inventory + +echo: +echo *************************************************************************************** +echo TC13 Firewall Inventory against firewall should return job status of "2" with no errors +echo *************************************************************************************** +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% + +echo: +echo ********************************************* +echo Starting Panorama Shared Template Test Cases +echo ********************************************* + +:PANTemplates + +set clientmachine=%PAMachine% +set password=%PAApiPassword% +set user=%PAApiUser% +echo: +echo *********************************** +echo Starting Management Test Cases +echo *********************************** +set casename=Management + + +set cert=%random% +set storepath=CertificatesTemplate1 +set casename=Management +set mgt=add +set overwrite=false +set devicegroup=Group1 +echo: +echo ************************************************************************************************************* +echo TC14 Invalid store path Test, should return a list of valid templates panorama templates to use and error out +echo ************************************************************************************************************* +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set casename=Management +set mgt=add +set overwrite=false +set storepath="/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared" +set devicegroup=Broup2 +echo: +echo ********************************************************************************************** +echo TC15 Invalid Group Name, should return a list of valid Groups in panorama to use and error out +echo ********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set cert=%random% +set devicegroup=Group1 +set mgt=add +set overwrite=false + +echo: +echo ************************************************************************************ +echo TC16 %mgt% certificate no overwrite, should %mgt% to Panorama and push to firewalls +echo ************************************************************************************ +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=true +echo: +echo *************************************************** +echo TC17 %mgt%, Overwrite should overwrite unbound cert +echo **************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=remove +set overwrite=false +echo: +echo *********************************************************************************************** +echo TC18 %mgt% no bindings, should allow this +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=add +set overwrite=true +echo: +echo *********************************************************************************************** +echo TC19 %mgt% add with overwrite bound cert +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +set /p cert=Please enter bound cert name: +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=remove +set overwrite=false +echo: +echo *********************************************************************************************** +echo TC20 %mgt% with Bindings not allow should error out, can't delete cert without deleting binding +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +echo: +echo: +echo *********************************** +echo Starting Inventory Test Cases +echo *********************************** + + +set casename=Inventory +echo: +echo ************************************************************************* +echo TC21 Inventory Panorama Certificates from Trusted Root and Cert Locations +echo ************************************************************************* +echo overwrite: %overwrite% +echo trusted: %trusted% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% + +:PANTemplateVsys + +echo ************************************** +echo Starting Pan Template Vsys Test Cases +echo ************************************** + + +set clientmachine=%PAMachine% +set password=%PAApiPassword% +set user=%PAApiUser% +echo: +echo *********************************** +echo Starting Management Test Cases +echo *********************************** + +set cert=%random% +set storepath=/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2'] +set casename=Management +set cert=%random% +set devicegroup=Group1 +set mgt=add +set overwrite=false + +echo: +echo ************************************************************************************ +echo TC16 %mgt% certificate no overwrite, should %mgt% to Panorama and push to firewalls +echo ************************************************************************************ +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=add +set overwrite=true +echo: +echo *************************************************** +echo TC17 %mgt%, Overwrite should overwrite unbound cert +echo **************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=remove +set overwrite=false +echo: +echo *********************************************************************************************** +echo TC18 %mgt% no bindings, should allow this +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=add +set overwrite=true +echo: +echo *********************************************************************************************** +echo TC19 %mgt% add with overwrite bound cert +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +set /p cert=Please enter bound cert name: +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set mgt=remove +set overwrite=false +echo: +echo *********************************************************************************************** +echo TC20 %mgt% with Bindings not allow should error out, can't delete cert without deleting binding +echo *********************************************************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +echo: +echo: +echo *********************************** +echo Starting Inventory Test Cases +echo *********************************** + + +set casename=Inventory +echo: +echo ************************************************************************* +echo TC21 Inventory Panorama Certificates from Trusted Root and Cert Locations +echo ************************************************************************* +echo overwrite: %overwrite% +echo trusted: %trusted% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% + +:PAN + +echo: +echo ********************************************* +echo Starting Panorama Level certs Test Cases +echo ********************************************* + +set clientmachine=%PAMachine% +set password=%PAApiPassword% +set user=%PAApiUser% +echo: +echo *********************************** +echo Starting Management Test Cases +echo *********************************** +set casename=Management + +set cert=%random% +set storepath=/config/panorama +set casename=Management +set mgt=add +set overwrite=false +echo: +echo **************************************************** +echo TC22 Install Certificate Pan Level with No Bindings +echo **************************************************** +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +echo: +echo ************************************************************* +echo TC23 Duplicate Certificate No overwrite flag should warn user +echo ************************************************************* +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set overwrite=true + +echo: +echo ************************************************************* +echo TC24 Duplicate Certificate overwrite flag replaces certificate +echo ************************************************************* +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove + +echo: +echo ************************************************************* +echo TC25 Delete unbound certificate should delete this. +echo ************************************************************* +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + +set storepath=/config/panorama +set casename=Management +set mgt=add +set overwrite=true +echo: +echo **************************************************** +echo TC26 Add Bound Certifcate with Overwrite +echo **************************************************** +set /p cert=Please enter bound cert name: +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% + + +set mgt=remove +echo: +echo ************************************************************* +echo TC27 Delete bound certificate should warn user can't do this +echo ************************************************************* +echo overwrite: %overwrite% +echo store path: %storepath% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% + +@pause diff --git a/README.md b/README.md index dd5c1e2..a6eb8b4 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,11 @@ This text would be entered in as the value for the __Server Password__, instead --- +## Release 2.2 Update on Entry Params +**Important Note** Entry params are no longer used. This version of the extension will only update certs on existing bindings and not add a cert to a new binding location. This was done to simplify the process since there are so many binding locations and reference issues. + +**Important Note** Please review the new path considerations in the store section. It explains how the paths work for Panorama and the Firewalls. 'locahost.localdomain' will always be that constant value. + ## CERT STORE SETUP AND GENERAL PERMISSIONS
Cert Store Type Configuration @@ -129,12 +134,7 @@ ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes DeviceGroup |Device Group |String | |Unchecked |No |Device Group on Panorama that changes will be pushed to. #### ENTRY PARAMETERS FOR STORE TYPE -NAME | DISPLAY NAME | TYPE | DEFAULT VALUE | DEPENDS ON | REQUIRED WHEN |DESCRIPTION ---------------|-----------------|----------------|-------------- |-------------|---------------|-------------- -TlsMinVersion |TLS Min Version |Multiple Choice | |Unchecked |No |Min TLS Version for the Binding (,tls1-0,tls1-1,tls1-2) note first multiple choice item is empty -TlsMaxVersion |TLS Max Version |Multiple Choice | |Unchecked |No |Max TLS Version for the Binding (,tls1-0,tls1-1,tls1-2,max) note first multiple choice item is empty -TlsProfileName|TLS Profile Name |String | |Unchecked |No |Name of the binding to deploy certificate to -ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection +The entry parameters for this version have been eliminated. It will not longer support new bindings but will just update existing bindings when the certificate is replaced.
@@ -148,13 +148,125 @@ CONFIG ELEMENT |DESCRIPTION Category |The type of certificate store to be configured. Select category based on the display name configured above "PaloAlto". Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. Client Machine |The hostname of the Panorama or Firewall. Sample is "palourl.cloudapp.azure.com". -Store Path | **Panorama Level Certs:**
/config/panorama
**Firewall Certs:**
/config/shared
**Panorama Template Certs:**
/config
/devices
/entry[@name='localhost.localdomain']
/template
/entry[@name='CertificatesTemplate']
/config
/shared
if using Panorama Templates where 'CertificateTemplate' is the actual name of the template +Store Path | See Store Path Explanation Section Below Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. Use SSL |This should be checked. User |ApiUser Setup for either Panorama or the Firewall Device Password |Api Password Setup for the user above +### Store Path Explanation +**Important Note** The store path permutations are show below + +#### FIREWALL SHARED SYSTEM PATH +_________________________________ +**Path Example** /config/shared + +**/config**: +This indicates that the path is within the configuration section of the firewall device. It contains all the configuration settings and parameters for the device. + +**/shared**: +This section specifies that the path is within the shared settings. Shared settings are common configurations that can be used across multiple virtual systems (vsys) or contexts within the firewall. +_________________________________ + + + + +#### FIREWALL VIRTUAL SYSTEM PATH +_________________________________ +**Path Example**: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] + +**/config**: +This indicates that the path is within the configuration section of the firewall device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices. In the context of a single firewall, this generally refers to the firewall itself. + +**/entry[@name='localhost.localdomain']**: +The entry tag with the attribute @name='localhost.localdomain' identifies a specific device by its name. In this case, it refers to the device named "localhost.localdomain," which is a default or placeholder name for the firewall device. + +**/vsys**: +This section specifies that the path is within the virtual systems (vsys) section. Virtual systems allow multiple virtualized instances of firewall configurations within a single physical firewall. + +**/entry[@name='vsys1']**: +The entry tag with the attribute @name='vsys1' identifies a specific virtual system by its name. In this case, it refers to a virtual system named "vsys1." +_________________________________ + + + + +#### PANORAMA SHARED TEMPLATE PATH +_________________________________ +**Path Example**: /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared + +**/config**: +This section indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices managed by Panorama. Panorama can manage multiple devices, such as firewalls. + +**/entry[@name='localhost.localdomain']**: +The entry tag with the attribute @name='localhost.localdomain' identifies a specific device by its name. In this case, it refers to the device named "localhost.localdomain," which is a default or placeholder name for the device. + +**/template**: +This section indicates that the path is within the templates section. Templates in Panorama are used to define configuration settings that can be applied to multiple devices. + +**/entry[@name='CertificatesTemplate']**: +The entry tag with the attribute @name='CertificatesTemplate' identifies a specific template by its name. In this case, it refers to a template named "CertificatesTemplate." + +**/config/shared**: +This part of the path indicates that the configuration settings within this template are shared settings. Shared settings are common configurations that can be used across multiple devices or contexts within the Panorama management system. +_________________________________ + + + + +#### PANORAMA VIRTUAL SYSTEM PATH +__________________________________ +**Path Example**: /config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2'] + +**/config**: +This indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices managed by Panorama. Panorama can manage multiple devices, such as firewalls. + +**/entry**: +This is a generic entry point under devices. However, since it does not have a @name attribute specified at this level, it applies to the broader device category. + +**/template**: +This section indicates that the path is within the templates section. Templates in Panorama are used to define configuration settings that can be applied to multiple devices. + +**/entry[@name='CertificatesTemplate']**: +The entry tag with the attribute @name='CertificatesTemplate' identifies a specific template by its name. In this case, it refers to a template named "CertificatesTemplate." + +**/config/devices**: +This part of the path specifies that the configuration settings within this template apply to devices. + +**/entry**: +This again specifies a generic entry point under devices in the context of the template. This would typically be further defined by specific device attributes, but here it leads to the virtual systems (vsys) section. + +**/vsys**: +This section specifies that the path is within the virtual systems (vsys) section. Virtual systems allow multiple virtualized instances of firewall configurations within a single physical firewall. + +**/entry[@name='vsys2']**: +The entry tag with the attribute @name='vsys2' identifies a specific virtual system by its name. In this case, it refers to a virtual system named "vsys2." +__________________________________ + + + + +#### PANORAMA LEVEL +__________________________________ +**Path Example**: /config/panorama + +**/config**: +This indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/panorama**: +This section specifies that the path is within the Panorama-specific configuration settings. This part of the configuration contains settings that are specific to the Panorama management system itself, rather than the devices it manages. +__________________________________ +
@@ -174,31 +286,36 @@ Rest Api |Objects/Devices,Panorama/Scheduled Config Push,Panorama/Templates Case Number|Case Name|Store Path|Enrollment Params|Expected Results|Passed|Screenshots -------|----------|------------------|--------------------|----------------------------|----|-------- -TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
TC1|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) -TC2|Firewall Remove No Bindings|/config/shared|**Alias**:
TC1|Cert Removed From Firewall|True|![](images/TC2.gif) -TC3|Firewall Enroll Bindings|/config/shared|**Alias**:
TC3
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
FirewallOnlyBinding|Cert added to Firewall and Bound to TLS Profile|True|![](images/TC3.gif) -TC4|Firewall Remove Bound Certificate|/config/shared|N/A|Will not Remove Bound certificate Error Occurs|True|![](images/TC4.gif) -TC5|Firewall One Click Renew Bound Cert|/config/shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC5.gif) -TC6|Firewall Configure Renew Bound Cert|/config/shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC6.gif) -TC7|Firewall Invalid Store Path|/config|N/A|Errors out with Invalid path.|True|![](images/TC7.gif) -TC8|Firewall Inventory|/config/shared|N/A|Job Completes with Inventory of certificates from Firewall.|True|![](images/TC8.gif) -TC9|Panorama Template Enroll No Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC9|Cert and Chain Installed on Panorama Template and pushed to the firewall.|True|![](images/TC9.gif) -TC10|Panorama Template Remove No Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC9|Cert Removed From Panorama and pushed to firewalls|True|![](images/TC10.gif) -TC11|Panorama Template Enroll Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC11
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
TestBindings|Cert added to Pan Template, Bound to TLS Profile and pushed to firewalls|True|![](images/TC11.gif) -TC12|Panorama Template Remove Bound Certificate|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Will Not Remove Certificate because it is bound. Error will show.|True|![](images/TC12.gif) -TC13|Panorama Template One Click Renew Bound Cert|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Renews cert create with new name bind. Leave old one around. Push to Firewalls|True|![](images/TC13.gif) -TC14|Panorama Template Configure Renew Bound Cert|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC14.gif) -TC15|Panorama Template Invalid **Template** in Store Path|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate1']
/config/
shared|N/A|Errors out saying template does not exist|True|![](images/TC15.gif) -TC16|Panorama Template Invalid Store Path|/config
/devices[@name=
'CertificatesTemplate1']
/config
/shared|N/A|Errors out saying invalid path|True|![](images/TC16.gif) -TC17|Panorama Template Inventory|/config
/devices
/entry
[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/
shared|N/A|Job Completes with Inventory of certificates from Panorama Template.|True|![](images/TC17.gif) -TC18|Panorama Enroll No Bindings|/config/panorama|**Alias**:
TC18|Cert and Chain Installed on Panorama|True|![](images/TC18.gif) -TC19|Panorama Remove No Bindings|/config/panorama|**Alias**:
TC19|Cert Removed From Panorama|True|![](images/TC19.gif) -TC20|Panorama Add Bindings|/config/panorama|**Alias**:
TC20
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
PanLevelBindings|Cert added to Panorama and Bound to TLS Profile|True|![](images/TC20.gif) -TC21|Panorama Remove Bound Certificate|/config/panorama|N/A|Will not Remove Bound certificate Error Occurs|True|![](images/TC21.gif) -TC22|Panorama One Click Renew Bound Cert|/config/panorama|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC22.gif) -TC23|Panorama Configure Renew Bound Cert|/config/panorama|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC23.gif) -TC24|Panorama Invalid Store Path|/panorama|N/A|Errors out with Invalid path.|True|![](images/TC24.gif) -TC25|Panorama Inventory|/config/panorama|N/A|Job Completes with Inventory of certificates from Panorama.|True|![](images/TC25.gif) - +TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
false|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) +TC2|Firewall Replace No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
true|Cert and Chain Installed on Firewall|True|![](images/TC2.gif) +TC3|Firewall Remove Bound Certificate|/config/shared|**Alias**:
0.13757535891685202
**Overwrite**:
false|Cert will **not** be removed because bound|True|![](images/TC3.gif) +TC4|Firewall Enroll Bindings|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
false|Will not replace cert since Overwrite=false|True|![](images/TC4.gif) +TC5|Firewall Replace Bound Certificate|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
true|Will replace cert bindings get automatically updated since Overwrite=true|True|![](images/TC5.gif) +TC6|Firewall Inventory|/config/shared|N/A|Inventory will finish and certs from shared location inventoried.|True|![](images/TC6.gif) +TC7|Firewall Inventory With Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will Inventory all certificates from vsys1 on firewall|True|![](images/TC7.gif) +TC8|Firewall Enroll cert and chain to Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
www.ejbcacertandchain.com|Cert is installed along with chain.|True|![](images/TC8.gif) +TC9|Firewall Remove unbound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will remove cert from test case 8 from Firewall Virtual System|True|![](images/TC9.gif) +TC10|Firewall Remove bound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##|Cert will not be removed because it is bound.|True|![](images/TC10.gif) +TC11|Firewall Replace without Overwrite on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|User is warned Overwrite needs checked.|True|![](images/TC11.gif) +TC12|Firewall Renew cert on Shared and Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] and /config/shared|**Alias**:
www.renewtester.com|Cert renewed on vsys and shared locations|True|![](images/TC12.gif) +TC13|Firewall Replace bound cert on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|Cert will be replaced and binding updated on vsys.|True|![](images/TC13.gif) +TC14|Panorama Template Enroll Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is enrolled to shared location for template|True|![](images/TC14.gif) +TC15|Panorama Template Replace Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com
**Overwrite**:
true|Certificate is replaced in shared location for template|True|![](images/TC15.gif) +TC16|Panorama Template Remove unbound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is removed from shared location for template|True|![](images/TC16.gif) +TC17|Panorama Template Replace bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest
**Overwrite**:
true|Certificate is replaced, binding updated in shared location for template|True|![](images/TC17.gif) +TC18|Panorama Template Remove bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest|Certificate is not removed because it is bound|True|![](images/TC18.gif) +TC19|Panorama Template Shared Inventory|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|N/A|Certificates are inventoried from this location|True|![](images/TC19.gif) +TC20|Panorama Template Virtual System Inventory|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|N/A|Certificates are inventoried from this template vsys location|True|![](images/TC20.gif) +TC21|Panorama Template Virtual System Enroll Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is enrolled to vsys2 location for template|True|![](images/TC21.gif) +TC22|Panorama Template Virtual System Replace unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is replaced in vsys2 location for template|True|![](images/TC22.gif) +TC23|Panorama Template Virtual System Remove unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is removed in vsys2 location for template|True|![](images/TC23.gif) +TC24|Panorama Template Virtual System Renew bound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is renewed, binding updated in vsys2 location for template|True|![](images/TC24.gif) +TC25|Panorama Level Inventory|/config/panorama|N/A|Certificates are inventoried from this location|True|![](images/TC25.gif) +TC26|Panorama Level Enroll Cert and Chain|/config/panorama|**Alias**:
www.panlevelcertandchain.com|Panorama Level Install Cert and Chain|True|![](images/TC26.gif) +TC27|Panorama Level Enroll Cert overwrite warning|/config/panorama|**Alias**:
www.panlevelcertandchain.com
**Overwrite**:
false|Cert is not installed warned Overwrite is needed|True|![](images/TC27.gif) +TC28|Panorama Level Replace Cert|/config/panorama|**Alias**:
www.panlevelcertandchain.com
**Overwrite**:
true|Cert is replaced because Overwrite was used|True|![](images/TC28.gif) +TC29|Panorama Level Remove unbound Cert|/config/panorama|N/A|Cert is removed because not bound|True|![](images/TC28.gif) +TC30|Panorama Level Replace bound Cert|/config/panorama|**Alias**:
PanoramaNoPK
**Overwrite**:
true|Cert is replaced, binding updated|True|![](images/TC30.gif) +TC31|Firewall previous version cert store settings|/config/shared|**Alias**:
www.extraparams.com
**Overwrite**:
false|Cert is still installed because it ignores extra params|True|![](images/TC31.gif)
diff --git a/images/InventoryLocation1.gif b/images/InventoryLocation1.gif new file mode 100644 index 0000000..5a9fb6a Binary files /dev/null and b/images/InventoryLocation1.gif differ diff --git a/images/InventoryLocation2.gif b/images/InventoryLocation2.gif new file mode 100644 index 0000000..d7b0945 Binary files /dev/null and b/images/InventoryLocation2.gif differ diff --git a/images/TC1.gif b/images/TC1.gif index 16c3757..534fd98 100644 Binary files a/images/TC1.gif and b/images/TC1.gif differ diff --git a/images/TC10.gif b/images/TC10.gif index 2759461..1f318ba 100644 Binary files a/images/TC10.gif and b/images/TC10.gif differ diff --git a/images/TC11.gif b/images/TC11.gif index d5ecc03..c408c28 100644 Binary files a/images/TC11.gif and b/images/TC11.gif differ diff --git a/images/TC12.gif b/images/TC12.gif index 3a85c23..ce4b0a7 100644 Binary files a/images/TC12.gif and b/images/TC12.gif differ diff --git a/images/TC13.gif b/images/TC13.gif index 903781a..6c12a4d 100644 Binary files a/images/TC13.gif and b/images/TC13.gif differ diff --git a/images/TC14.gif b/images/TC14.gif index 233a863..d5cb2ae 100644 Binary files a/images/TC14.gif and b/images/TC14.gif differ diff --git a/images/TC15.gif b/images/TC15.gif index be19fe5..983ede6 100644 Binary files a/images/TC15.gif and b/images/TC15.gif differ diff --git a/images/TC16.gif b/images/TC16.gif index 407577c..5207e5f 100644 Binary files a/images/TC16.gif and b/images/TC16.gif differ diff --git a/images/TC17.gif b/images/TC17.gif index c298f6a..4818cf1 100644 Binary files a/images/TC17.gif and b/images/TC17.gif differ diff --git a/images/TC18.gif b/images/TC18.gif index 2cfdadb..c33f75e 100644 Binary files a/images/TC18.gif and b/images/TC18.gif differ diff --git a/images/TC19.gif b/images/TC19.gif index 05d45f8..5e53a73 100644 Binary files a/images/TC19.gif and b/images/TC19.gif differ diff --git a/images/TC2.gif b/images/TC2.gif index 4de64e3..0619556 100644 Binary files a/images/TC2.gif and b/images/TC2.gif differ diff --git a/images/TC20.gif b/images/TC20.gif index 593cd36..21b2321 100644 Binary files a/images/TC20.gif and b/images/TC20.gif differ diff --git a/images/TC21.gif b/images/TC21.gif index 047cce2..b5ff669 100644 Binary files a/images/TC21.gif and b/images/TC21.gif differ diff --git a/images/TC22.gif b/images/TC22.gif index 5e07538..0ecf119 100644 Binary files a/images/TC22.gif and b/images/TC22.gif differ diff --git a/images/TC23.gif b/images/TC23.gif index 7695cc5..3b118b2 100644 Binary files a/images/TC23.gif and b/images/TC23.gif differ diff --git a/images/TC24.gif b/images/TC24.gif index 355d3cc..b592051 100644 Binary files a/images/TC24.gif and b/images/TC24.gif differ diff --git a/images/TC25.gif b/images/TC25.gif index a40a8f0..ff11e65 100644 Binary files a/images/TC25.gif and b/images/TC25.gif differ diff --git a/images/TC26.gif b/images/TC26.gif new file mode 100644 index 0000000..8fce263 Binary files /dev/null and b/images/TC26.gif differ diff --git a/images/TC27.gif b/images/TC27.gif new file mode 100644 index 0000000..c4ff2a8 Binary files /dev/null and b/images/TC27.gif differ diff --git a/images/TC28.gif b/images/TC28.gif new file mode 100644 index 0000000..e54f455 Binary files /dev/null and b/images/TC28.gif differ diff --git a/images/TC29.gif b/images/TC29.gif new file mode 100644 index 0000000..c95cc55 Binary files /dev/null and b/images/TC29.gif differ diff --git a/images/TC3.gif b/images/TC3.gif index f47a783..d73aa30 100644 Binary files a/images/TC3.gif and b/images/TC3.gif differ diff --git a/images/TC30.gif b/images/TC30.gif new file mode 100644 index 0000000..ea6ae43 Binary files /dev/null and b/images/TC30.gif differ diff --git a/images/TC31.gif b/images/TC31.gif new file mode 100644 index 0000000..74da844 Binary files /dev/null and b/images/TC31.gif differ diff --git a/images/TC4.gif b/images/TC4.gif index ca1e6bc..8c2d73e 100644 Binary files a/images/TC4.gif and b/images/TC4.gif differ diff --git a/images/TC5.gif b/images/TC5.gif index 12239e7..05e9878 100644 Binary files a/images/TC5.gif and b/images/TC5.gif differ diff --git a/images/TC6.gif b/images/TC6.gif index 1718971..80a25cd 100644 Binary files a/images/TC6.gif and b/images/TC6.gif differ diff --git a/images/TC7.gif b/images/TC7.gif index dd2f89b..d26342b 100644 Binary files a/images/TC7.gif and b/images/TC7.gif differ diff --git a/images/TC8.gif b/images/TC8.gif index 4dbd838..e3d7095 100644 Binary files a/images/TC8.gif and b/images/TC8.gif differ diff --git a/images/TC9.gif b/images/TC9.gif index a60b6a7..e5391db 100644 Binary files a/images/TC9.gif and b/images/TC9.gif differ diff --git a/integration-manifest.json b/integration-manifest.json index 64b7e52..96ab28e 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,135 +1,96 @@ -{ - "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", - "integration_type": "orchestrator", - "name": "Palo Alto Orchestrator", - "status": "production", - "update_catalog": true, - "link_github": true, - "support_level": "kf-supported", - "description": "The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.", - "about": { - "orchestrator": { - "UOFramework": "10.1", - "pam_support": true, - "win": { - "supportsCreateStore": false, - "supportsDiscovery": false, - "supportsManagementAdd": true, - "supportsManagementRemove": true, - "supportsReenrollment": false, - "supportsInventory": true, - "platformSupport": "Unused" - }, - "linux": { - "supportsCreateStore": false, - "supportsDiscovery": false, - "supportsManagementAdd": false, - "supportsManagementRemove": false, - "supportsReenrollment": false, - "supportsInventory": false, - "platformSupport": "Unused" - }, - "store_types": [ - { - "Name": "PaloAlto", - "ShortName": "PaloAlto", - "Capability": "PaloAlto", - "LocalStore": false, - "SupportedOperations": { - "Add": true, - "Create": false, - "Discovery": false, - "Enrollment": false, - "Remove": true - }, - "Properties": [ - { - "Name": "ServerUsername", - "DisplayName": "Server Username", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerPassword", - "DisplayName": "Server Password", - "Type": "Secret", - "DependsOn": null, - "DefaultValue": null, - "Required": false - }, - { - "Name": "ServerUseSsl", - "DisplayName": "Use SSL", - "Type": "Bool", - "DependsOn": null, - "DefaultValue": "true", - "Required": true - }, - { - "Name": "DeviceGroup", - "DisplayName": "Device Group", - "Type": "String", - "DependsOn": null, - "DefaultValue": null, - "Required": false - } - ], - "EntryParameters": [ - { - "Name": "TlsMinVersion", - "DisplayName": "TLS Min Version", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",tls1-0,tls1-1,tls1-2" - }, - { - "Name": "TLSMaxVersion", - "DisplayName": "TLS Max Version", - "Type": "MultipleChoice", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - }, - "Options": ",tls1-0,tls1-1,tls1-2,max" - }, - { - "Name": "TlsProfileName", - "DisplayName": "TLS Profile Name", - "Type": "String", - "RequiredWhen": { - "HasPrivateKey": false, - "OnAdd": false, - "OnRemove": false, - "OnReenrollment": false - } - } - ], - "PasswordOptions": { - "EntrySupported": false, - "StoreRequired": false, - "Style": "Default" - }, - "PrivateKeyAllowed": "Optional", - "JobProperties": [ - "TlsMinVersion", - "TLSMaxVersion", - "TlsProfileName" - ], - "ServerRequired": true, - "PowerShell": false, - "BlueprintAllowed": false, - "CustomAliasAllowed": "Required" - } - ] - } - } -} +{ +"$schema": "https://keyfactor.github.io/integration-manifest-schema.json", +"integration_type": "orchestrator", +"name": "Palo Alto Orchestrator", +"status": "production", +"update_catalog": true, +"link_github": true, +"support_level": "kf-supported", +"description": "The Palo Alto Orchestrator remotely manages certificates on either the Palo Alto PA-VM Firewall Device or the Panorama. If using Panorama, it will push changes to all the devices from Panorama. It supports adding certificates with or without private keys. Palo Alto does not support incremental certificate inventory. If you have large numbers of certificates in your environment it is recommended to limit the frequency of inventory jobs to 30 minutes or more.", +"about": { +"orchestrator": { +"UOFramework": "10.1", +"pam_support": true, +"win": { +"supportsCreateStore": false, +"supportsDiscovery": false, +"supportsManagementAdd": true, +"supportsManagementRemove": true, +"supportsReenrollment": false, +"supportsInventory": true, +"platformSupport": "Unused" +}, +"linux": { +"supportsCreateStore": false, +"supportsDiscovery": false, +"supportsManagementAdd": false, +"supportsManagementRemove": false, +"supportsReenrollment": false, +"supportsInventory": false, +"platformSupport": "Unused" +}, +"store_types": [ +{ +"Name": "PaloAlto", +"ShortName": "PaloAlto", +"Capability": "PaloAlto", +"LocalStore": false, +"SupportedOperations": { +"Add": true, +"Create": false, +"Discovery": false, +"Enrollment": false, +"Remove": true +}, +"Properties": [ +{ +"Name": "ServerUsername", +"DisplayName": "Server Username", +"Type": "Secret", +"DependsOn": null, +"DefaultValue": null, +"Required": false +}, +{ +"Name": "ServerPassword", +"DisplayName": "Server Password", +"Type": "Secret", +"DependsOn": null, +"DefaultValue": null, +"Required": false +}, +{ +"Name": "ServerUseSsl", +"DisplayName": "Use SSL", +"Type": "Bool", +"DependsOn": null, +"DefaultValue": "true", +"Required": true +}, +{ +"Name": "DeviceGroup", +"DisplayName": "Device Group", +"Type": "String", +"DependsOn": null, +"DefaultValue": null, +"Required": false +} +], +"EntryParameters": [], +"PasswordOptions": { +"EntrySupported": false, +"StoreRequired": false, +"Style": "Default" +}, +"PrivateKeyAllowed": "Optional", +"JobProperties": [ +], +"ServerRequired": true, +"PowerShell": false, +"BlueprintAllowed": false, +"CustomAliasAllowed": "Required" +} +] +} +} +} \ No newline at end of file diff --git a/readme-src/readme-pam-support.md b/readme-src/readme-pam-support.md index 532fda3..d684d56 100644 --- a/readme-src/readme-pam-support.md +++ b/readme-src/readme-pam-support.md @@ -1,4 +1,4 @@ -|Name|Description| -|----|-----------| -|ServerPassword|Key obtained from Palo Alto API to authenticate the server hosting the store| - +|Name|Description| +|----|-----------| +|ServerPassword|Key obtained from Palo Alto API to authenticate the server hosting the store| + diff --git a/readme_source.md b/readme_source.md index ac4e97c..6c63cf5 100644 --- a/readme_source.md +++ b/readme_source.md @@ -1,103 +1,220 @@ -## CERT STORE SETUP AND GENERAL PERMISSIONS -
- Cert Store Type Configuration - -In Keyfactor Command create a new Certificate Store Type similar to the one below: - -#### STORE TYPE CONFIGURATION -SETTING TAB | CONFIG ELEMENT | DESCRIPTION -------|-----------|------------------ -Basic |Name |Descriptive name for the Store Type. PaloAlto can be used. -Basic |Short Name |The short name that identifies the registered functionality of the orchestrator. Must be PaloAlto -Basic |Custom Capability|You can leave this unchecked and use the default. -Basic |Job Types |Inventory, Add, and Remove are the supported job types. -Basic |Needs Server |Must be checked -Basic |Blueprint Allowed |Unchecked -Basic |Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. -Basic |Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. -Advanced |Store Path Type| Determines how the user will enter the store path when setting up the cert store. Freeform -Advanced |Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Required -Advanced |Private Key Handling |Determines how the orchestrator deals with private keys. Optional -Advanced |PFX Password Style |Determines password style for the PFX Password. Default - -#### CUSTOM FIELDS FOR STORE TYPE -NAME | DISPLAY NAME | TYPE | DEFAULT VALUE | DEPENDS ON | REQUIRED |DESCRIPTION ---------------|-----------------|-------|--------------|-------------|---------|-------------- -ServerUsername|Server Username |Secret | |Unchecked |Yes |Palo Alto Api User Name -ServerPassword|Server Password |Secret | |Unchecked |Yes |Palo Alto Api Password -ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection -DeviceGroup |Device Group |String | |Unchecked |No |Device Group on Panorama that changes will be pushed to. - -#### ENTRY PARAMETERS FOR STORE TYPE -NAME | DISPLAY NAME | TYPE | DEFAULT VALUE | DEPENDS ON | REQUIRED WHEN |DESCRIPTION ---------------|-----------------|----------------|-------------- |-------------|---------------|-------------- -TlsMinVersion |TLS Min Version |Multiple Choice | |Unchecked |No |Min TLS Version for the Binding (,tls1-0,tls1-1,tls1-2) note first multiple choice item is empty -TlsMaxVersion |TLS Max Version |Multiple Choice | |Unchecked |No |Max TLS Version for the Binding (,tls1-0,tls1-1,tls1-2,max) note first multiple choice item is empty -TlsProfileName|TLS Profile Name |String | |Unchecked |No |Name of the binding to deploy certificate to -ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection - -
- -
-PaloAlto Certificate Store -In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. - -#### STORE CONFIGURATION -CONFIG ELEMENT |DESCRIPTION -----------------|--------------- -Category |The type of certificate store to be configured. Select category based on the display name configured above "PaloAlto". -Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. -Client Machine |The hostname of the Panorama or Firewall. Sample is "palourl.cloudapp.azure.com". -Store Path | **Panorama Level Certs:**
/config/panorama
**Firewall Certs:**
/config/shared
**Panorama Template Certs:**
/config
/devices
/entry[@name='localhost.localdomain']
/template
/entry[@name='CertificatesTemplate']
/config
/shared
if using Panorama Templates where 'CertificateTemplate' is the actual name of the template -Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. -Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. -Use SSL |This should be checked. -User |ApiUser Setup for either Panorama or the Firewall Device -Password |Api Password Setup for the user above - -
- -
-API User Setup Permissions in Panorama or Firewall Required - -Tab | Security Items ---------------|-------------------------- -Xml Api |Report,Log,Configuration,Operational Requests,Commit,Export,Import -Rest Api |Objects/Devices,Panorama/Scheduled Config Push,Panorama/Templates,Panorama/Template Stacks,Panorama/Device Groups,System/Configuration,Plugins/Plugins -*** - -
- -## Test Cases -
-Firewall, Panorama Template and Panorama Level - -Case Number|Case Name|Store Path|Enrollment Params|Expected Results|Passed|Screenshots --------|----------|------------------|--------------------|----------------------------|----|-------- -TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
TC1|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) -TC2|Firewall Remove No Bindings|/config/shared|**Alias**:
TC1|Cert Removed From Firewall|True|![](images/TC2.gif) -TC3|Firewall Enroll Bindings|/config/shared|**Alias**:
TC3
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
FirewallOnlyBinding|Cert added to Firewall and Bound to TLS Profile|True|![](images/TC3.gif) -TC4|Firewall Remove Bound Certificate|/config/shared|N/A|Will not Remove Bound certificate Error Occurs|True|![](images/TC4.gif) -TC5|Firewall One Click Renew Bound Cert|/config/shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC5.gif) -TC6|Firewall Configure Renew Bound Cert|/config/shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC6.gif) -TC7|Firewall Invalid Store Path|/config|N/A|Errors out with Invalid path.|True|![](images/TC7.gif) -TC8|Firewall Inventory|/config/shared|N/A|Job Completes with Inventory of certificates from Firewall.|True|![](images/TC8.gif) -TC9|Panorama Template Enroll No Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC9|Cert and Chain Installed on Panorama Template and pushed to the firewall.|True|![](images/TC9.gif) -TC10|Panorama Template Remove No Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC9|Cert Removed From Panorama and pushed to firewalls|True|![](images/TC10.gif) -TC11|Panorama Template Enroll Bindings|/config
/devices
/entry[@name=
'localhost.localdomain']
/template/entry[@name=
'CertificatesTemplate']
/config
/shared|**Alias**:
TC11
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
TestBindings|Cert added to Pan Template, Bound to TLS Profile and pushed to firewalls|True|![](images/TC11.gif) -TC12|Panorama Template Remove Bound Certificate|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Will Not Remove Certificate because it is bound. Error will show.|True|![](images/TC12.gif) -TC13|Panorama Template One Click Renew Bound Cert|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Renews cert create with new name bind. Leave old one around. Push to Firewalls|True|![](images/TC13.gif) -TC14|Panorama Template Configure Renew Bound Cert|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config/
shared|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC14.gif) -TC15|Panorama Template Invalid **Template** in Store Path|/config
/devices
/entry[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate1']
/config/
shared|N/A|Errors out saying template does not exist|True|![](images/TC15.gif) -TC16|Panorama Template Invalid Store Path|/config
/devices[@name=
'CertificatesTemplate1']
/config
/shared|N/A|Errors out saying invalid path|True|![](images/TC16.gif) -TC17|Panorama Template Inventory|/config
/devices
/entry
[@name=
'localhost.localdomain']
/template
/entry[@name=
'CertificatesTemplate']
/config
/
shared|N/A|Job Completes with Inventory of certificates from Panorama Template.|True|![](images/TC17.gif) -TC18|Panorama Enroll No Bindings|/config/panorama|**Alias**:
TC18|Cert and Chain Installed on Panorama|True|![](images/TC18.gif) -TC19|Panorama Remove No Bindings|/config/panorama|**Alias**:
TC19|Cert Removed From Panorama|True|![](images/TC19.gif) -TC20|Panorama Add Bindings|/config/panorama|**Alias**:
TC20
**TLS Min Version**:
tls1-0
**TLS Max Version**:
max
**TLS Profile Name**:
PanLevelBindings|Cert added to Panorama and Bound to TLS Profile|True|![](images/TC20.gif) -TC21|Panorama Remove Bound Certificate|/config/panorama|N/A|Will not Remove Bound certificate Error Occurs|True|![](images/TC21.gif) -TC22|Panorama One Click Renew Bound Cert|/config/panorama|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC22.gif) -TC23|Panorama Configure Renew Bound Cert|/config/panorama|N/A|Renews cert create with new name bind. Leave old one around.|True|![](images/TC23.gif) -TC24|Panorama Invalid Store Path|/panorama|N/A|Errors out with Invalid path.|True|![](images/TC24.gif) -TC25|Panorama Inventory|/config/panorama|N/A|Job Completes with Inventory of certificates from Panorama.|True|![](images/TC25.gif) - +## Release 2.2 Update on Entry Params +**Important Note** Entry params are no longer used. This version of the extension will only update certs on existing bindings and not add a cert to a new binding location. This was done to simplify the process since there are so many binding locations and reference issues. + +**Important Note** Please review the new path considerations in the store section. It explains how the paths work for Panorama and the Firewalls. 'locahost.localdomain' will always be that constant value. + +## CERT STORE SETUP AND GENERAL PERMISSIONS +
+ Cert Store Type Configuration + +In Keyfactor Command create a new Certificate Store Type similar to the one below: + +#### STORE TYPE CONFIGURATION +SETTING TAB | CONFIG ELEMENT | DESCRIPTION +------|-----------|------------------ +Basic |Name |Descriptive name for the Store Type. PaloAlto can be used. +Basic |Short Name |The short name that identifies the registered functionality of the orchestrator. Must be PaloAlto +Basic |Custom Capability|You can leave this unchecked and use the default. +Basic |Job Types |Inventory, Add, and Remove are the supported job types. +Basic |Needs Server |Must be checked +Basic |Blueprint Allowed |Unchecked +Basic |Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. +Basic |Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. +Advanced |Store Path Type| Determines how the user will enter the store path when setting up the cert store. Freeform +Advanced |Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Required +Advanced |Private Key Handling |Determines how the orchestrator deals with private keys. Optional +Advanced |PFX Password Style |Determines password style for the PFX Password. Default + +#### CUSTOM FIELDS FOR STORE TYPE +NAME | DISPLAY NAME | TYPE | DEFAULT VALUE | DEPENDS ON | REQUIRED |DESCRIPTION +--------------|-----------------|-------|--------------|-------------|---------|-------------- +ServerUsername|Server Username |Secret | |Unchecked |Yes |Palo Alto Api User Name +ServerPassword|Server Password |Secret | |Unchecked |Yes |Palo Alto Api Password +ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection +DeviceGroup |Device Group |String | |Unchecked |No |Device Group on Panorama that changes will be pushed to. + +#### ENTRY PARAMETERS FOR STORE TYPE +The entry parameters for this version have been eliminated. It will not longer support new bindings but will just update existing bindings when the certificate is replaced. + +
+ +
+PaloAlto Certificate Store +In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. + +#### STORE CONFIGURATION +CONFIG ELEMENT |DESCRIPTION +----------------|--------------- +Category |The type of certificate store to be configured. Select category based on the display name configured above "PaloAlto". +Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. +Client Machine |The hostname of the Panorama or Firewall. Sample is "palourl.cloudapp.azure.com". +Store Path | See Store Path Explanation Section Below +Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. +Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. +Use SSL |This should be checked. +User |ApiUser Setup for either Panorama or the Firewall Device +Password |Api Password Setup for the user above + +### Store Path Explanation +**Important Note** The store path permutations are show below + +#### FIREWALL SHARED SYSTEM PATH +_________________________________ +**Path Example** /config/shared + +**/config**: +This indicates that the path is within the configuration section of the firewall device. It contains all the configuration settings and parameters for the device. + +**/shared**: +This section specifies that the path is within the shared settings. Shared settings are common configurations that can be used across multiple virtual systems (vsys) or contexts within the firewall. +_________________________________ + + + + +#### FIREWALL VIRTUAL SYSTEM PATH +_________________________________ +**Path Example**: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] + +**/config**: +This indicates that the path is within the configuration section of the firewall device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices. In the context of a single firewall, this generally refers to the firewall itself. + +**/entry[@name='localhost.localdomain']**: +The entry tag with the attribute @name='localhost.localdomain' identifies a specific device by its name. In this case, it refers to the device named "localhost.localdomain," which is a default or placeholder name for the firewall device. + +**/vsys**: +This section specifies that the path is within the virtual systems (vsys) section. Virtual systems allow multiple virtualized instances of firewall configurations within a single physical firewall. + +**/entry[@name='vsys1']**: +The entry tag with the attribute @name='vsys1' identifies a specific virtual system by its name. In this case, it refers to a virtual system named "vsys1." +_________________________________ + + + + +#### PANORAMA SHARED TEMPLATE PATH +_________________________________ +**Path Example**: /config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared + +**/config**: +This section indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices managed by Panorama. Panorama can manage multiple devices, such as firewalls. + +**/entry[@name='localhost.localdomain']**: +The entry tag with the attribute @name='localhost.localdomain' identifies a specific device by its name. In this case, it refers to the device named "localhost.localdomain," which is a default or placeholder name for the device. + +**/template**: +This section indicates that the path is within the templates section. Templates in Panorama are used to define configuration settings that can be applied to multiple devices. + +**/entry[@name='CertificatesTemplate']**: +The entry tag with the attribute @name='CertificatesTemplate' identifies a specific template by its name. In this case, it refers to a template named "CertificatesTemplate." + +**/config/shared**: +This part of the path indicates that the configuration settings within this template are shared settings. Shared settings are common configurations that can be used across multiple devices or contexts within the Panorama management system. +_________________________________ + + + + +#### PANORAMA VIRTUAL SYSTEM PATH +__________________________________ +**Path Example**: /config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2'] + +**/config**: +This indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/devices**: +This part specifies that the configuration relates to devices managed by Panorama. Panorama can manage multiple devices, such as firewalls. + +**/entry**: +This is a generic entry point under devices. However, since it does not have a @name attribute specified at this level, it applies to the broader device category. + +**/template**: +This section indicates that the path is within the templates section. Templates in Panorama are used to define configuration settings that can be applied to multiple devices. + +**/entry[@name='CertificatesTemplate']**: +The entry tag with the attribute @name='CertificatesTemplate' identifies a specific template by its name. In this case, it refers to a template named "CertificatesTemplate." + +**/config/devices**: +This part of the path specifies that the configuration settings within this template apply to devices. + +**/entry**: +This again specifies a generic entry point under devices in the context of the template. This would typically be further defined by specific device attributes, but here it leads to the virtual systems (vsys) section. + +**/vsys**: +This section specifies that the path is within the virtual systems (vsys) section. Virtual systems allow multiple virtualized instances of firewall configurations within a single physical firewall. + +**/entry[@name='vsys2']**: +The entry tag with the attribute @name='vsys2' identifies a specific virtual system by its name. In this case, it refers to a virtual system named "vsys2." +__________________________________ + + + + +#### PANORAMA LEVEL +__________________________________ +**Path Example**: /config/panorama + +**/config**: +This indicates that the path is within the configuration section of the Panorama device. It contains all the configuration settings and parameters for the device. + +**/panorama**: +This section specifies that the path is within the Panorama-specific configuration settings. This part of the configuration contains settings that are specific to the Panorama management system itself, rather than the devices it manages. +__________________________________ + +
+ +
+API User Setup Permissions in Panorama or Firewall Required + +Tab | Security Items +--------------|-------------------------- +Xml Api |Report,Log,Configuration,Operational Requests,Commit,Export,Import +Rest Api |Objects/Devices,Panorama/Scheduled Config Push,Panorama/Templates,Panorama/Template Stacks,Panorama/Device Groups,System/Configuration,Plugins/Plugins +*** + +
+ +## Test Cases +
+Firewall, Panorama Template and Panorama Level + +Case Number|Case Name|Store Path|Enrollment Params|Expected Results|Passed|Screenshots +-------|----------|------------------|--------------------|----------------------------|----|-------- +TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
false|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) +TC2|Firewall Replace No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
true|Cert and Chain Installed on Firewall|True|![](images/TC2.gif) +TC3|Firewall Remove Bound Certificate|/config/shared|**Alias**:
0.13757535891685202
**Overwrite**:
false|Cert will **not** be removed because bound|True|![](images/TC3.gif) +TC4|Firewall Enroll Bindings|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
false|Will not replace cert since Overwrite=false|True|![](images/TC4.gif) +TC5|Firewall Replace Bound Certificate|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
true|Will replace cert bindings get automatically updated since Overwrite=true|True|![](images/TC5.gif) +TC6|Firewall Inventory|/config/shared|N/A|Inventory will finish and certs from shared location inventoried.|True|![](images/TC6.gif) +TC7|Firewall Inventory With Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will Inventory all certificates from vsys1 on firewall|True|![](images/TC7.gif) +TC8|Firewall Enroll cert and chain to Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
www.ejbcacertandchain.com|Cert is installed along with chain.|True|![](images/TC8.gif) +TC9|Firewall Remove unbound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will remove cert from test case 8 from Firewall Virtual System|True|![](images/TC9.gif) +TC10|Firewall Remove bound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##|Cert will not be removed because it is bound.|True|![](images/TC10.gif) +TC11|Firewall Replace without Overwrite on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|User is warned Overwrite needs checked.|True|![](images/TC11.gif) +TC12|Firewall Renew cert on Shared and Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] and /config/shared|**Alias**:
www.renewtester.com|Cert renewed on vsys and shared locations|True|![](images/TC12.gif) +TC13|Firewall Replace bound cert on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|Cert will be replaced and binding updated on vsys.|True|![](images/TC13.gif) +TC14|Panorama Template Enroll Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is enrolled to shared location for template|True|![](images/TC14.gif) +TC15|Panorama Template Replace Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com
**Overwrite**:
true|Certificate is replaced in shared location for template|True|![](images/TC15.gif) +TC16|Panorama Template Remove unbound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is removed from shared location for template|True|![](images/TC16.gif) +TC17|Panorama Template Replace bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest
**Overwrite**:
true|Certificate is replaced, binding updated in shared location for template|True|![](images/TC17.gif) +TC18|Panorama Template Remove bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest|Certificate is not removed because it is bound|True|![](images/TC18.gif) +TC19|Panorama Template Shared Inventory|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|N/A|Certificates are inventoried from this location|True|![](images/TC19.gif) +TC20|Panorama Template Virtual System Inventory|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|N/A|Certificates are inventoried from this template vsys location|True|![](images/TC20.gif) +TC21|Panorama Template Virtual System Enroll Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is enrolled to vsys2 location for template|True|![](images/TC21.gif) +TC22|Panorama Template Virtual System Replace unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is replaced in vsys2 location for template|True|![](images/TC22.gif) +TC23|Panorama Template Virtual System Remove unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is removed in vsys2 location for template|True|![](images/TC23.gif) +TC24|Panorama Template Virtual System Renew bound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is renewed, binding updated in vsys2 location for template|True|![](images/TC24.gif) +TC25|Panorama Level Inventory|/config/panorama|N/A|Certificates are inventoried from this location|True|![](images/TC25.gif) +TC26|Panorama Level Enroll Cert and Chain|/config/panorama|**Alias**:
www.panlevelcertandchain.com|Panorama Level Install Cert and Chain|True|![](images/TC26.gif) +TC27|Panorama Level Enroll Cert overwrite warning|/config/panorama|**Alias**:
www.panlevelcertandchain.com
**Overwrite**:
false|Cert is not installed warned Overwrite is needed|True|![](images/TC27.gif) +TC28|Panorama Level Replace Cert|/config/panorama|**Alias**:
www.panlevelcertandchain.com
**Overwrite**:
true|Cert is replaced because Overwrite was used|True|![](images/TC28.gif) +TC29|Panorama Level Remove unbound Cert|/config/panorama|N/A|Cert is removed because not bound|True|![](images/TC28.gif) +TC30|Panorama Level Replace bound Cert|/config/panorama|**Alias**:
PanoramaNoPK
**Overwrite**:
true|Cert is replaced, binding updated|True|![](images/TC30.gif) +TC31|Firewall previous version cert store settings|/config/shared|**Alias**:
www.extraparams.com
**Overwrite**:
false|Cert is still installed because it ignores extra params|True|![](images/TC31.gif)
\ No newline at end of file