Merge pull request #121 from Keyfactor/ab#63169-migrate-new-parameters

migration scripts for SSL Flags parameter
Keyfactor · Nov 25, 2024 · 124142b · 124142b
2 parents 0931a80 + 68865eb
commit 124142b
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 7 deletions.
diff --git a/Migration-Scripts/IISU Sni Flag 2.5 upgrade script.sql b/Migration-Scripts/IISU Sni Flag 2.5 upgrade script.sql
@@ -0,0 +1,80 @@
+SET NOCOUNT ON
+
+BEGIN TRY
+    BEGIN TRANSACTION
+
+    DECLARE @IISUShortName VARCHAR(50) = 'IISU'
+    DECLARE @SniFlagParameter VARCHAR(50) = 'SniFlag'
+
+    DECLARE @StoreTypeId INT
+
+    -- get store type id
+    SELECT @StoreTypeId = storetypes.[StoreType]
+    FROM [cms_agents].[CertStoreTypes] AS storetypes
+    WHERE @IISUShortName = storetypes.[ShortName]
+
+    -- get list of cert stores guids of that type
+    SELECT certstores.[Id]
+    INTO #StoreGuids
+    FROM [cms_agents].[CertStores] AS certstores
+    WHERE @StoreTypeId = certstores.[CertStoreType]
+
+    -- get list of certstoreinventoryitems matching on store guid
+    SELECT inventory.[Id], inventory.[EntryParameters]
+    INTO #InventoryItems
+    FROM [cms_agents].[CertStoreInventoryItems] AS inventory
+        INNER JOIN #StoreGuids ON #StoreGuids.[Id] = inventory.[CertStoreId]
+
+    -- update entry parameters to new setting
+    UPDATE [cms_agents].[CertStoreTypeEntryParameters]
+    SET [DisplayName] = 'SSL Flags',
+        [Type] = '0',
+        [DefaultValue] = '0',
+        [Options] = NULL
+    WHERE [StoreTypeId] = @StoreTypeId
+        AND [Name] = @SniFlagParameter
+
+    -- perform batch processing on certstoreinventoryitems to alter their EntryParameters to change the SNiFlag value to be a simple character instead of lots of text
+    -- replace 0 - No SNI
+    UPDATE inventoryitems
+    SET inventoryitems.[EntryParameters] = REPLACE(inventory.[EntryParameters], '0 - No SNI', '0')
+    FROM [cms_agents].[CertStoreInventoryItems] AS inventoryitems
+        INNER JOIN #InventoryItems ON inventoryitems.[Id] = #InventoryItems.[Id]
+    WHERE inventoryitems.[EntryParameters] LIKE '%0 - No SNI%'
+
+    -- replace 1 - SNI Enabled
+    UPDATE inventoryitems
+    SET inventoryitems.[EntryParameters] = REPLACE(inventory.[EntryParameters], '1 - SNI Enabled', '1')
+    FROM [cms_agents].[CertStoreInventoryItems] AS inventoryitems
+        INNER JOIN #InventoryItems ON inventoryitems.[Id] = #InventoryItems.[Id]
+    WHERE inventoryitems.[EntryParameters] LIKE '%1 - SNI Enabled%'
+
+    -- replace 2 - Non SNI Binding
+    UPDATE inventoryitems
+    SET inventoryitems.[EntryParameters] = REPLACE(inventory.[EntryParameters], '2 - Non SNI Binding', '2')
+    FROM [cms_agents].[CertStoreInventoryItems] AS inventoryitems
+        INNER JOIN #InventoryItems ON inventoryitems.[Id] = #InventoryItems.[Id]
+    WHERE inventoryitems.[EntryParameters] LIKE '%2 - Non SNI Binding%'
+
+    -- replace 3 - SNI Binding
+    UPDATE inventoryitems
+    SET inventoryitems.[EntryParameters] = REPLACE(inventory.[EntryParameters], '3 - SNI Binding', '3')
+    FROM [cms_agents].[CertStoreInventoryItems] AS inventoryitems
+        INNER JOIN #InventoryItems ON inventoryitems.[Id] = #InventoryItems.[Id]
+    WHERE inventoryitems.[EntryParameters] LIKE '%3 - SNI Binding%'
+
+    COMMIT TRANSACTION
+END TRY
+
+BEGIN CATCH
+    IF (@@TRANCOUNT > 0)
+    BEGIN
+        ROLLBACK TRANSACTION;
+    END
+
+    SELECT
+       ERROR_MESSAGE() AS ErrorMessage,
+       ERROR_SEVERITY() AS Severity,
+       ERROR_STATE() AS ErrorState;
+END CATCH
+
diff --git a/Migration-Scripts/Legacy-IIS/CreateIISUCertStoreType.sql b/Migration-Scripts/Legacy-IIS/CreateIISUCertStoreType.sql
@@ -358,14 +358,14 @@ BEGIN TRY
 		)
 		VALUES	
 		(
-			@current_storetype_id,  -- StoreTypeId
+			@current_storetype_id,	-- StoreTypeId
 			'SniFlag',				-- Name
-			'SNI Support',			-- DisplayName
-			2,					    -- Type
+			'SSL Flags',			-- DisplayName
+			0,						-- Type
 			14,						-- RequiredWhen
 			NULL,					-- DependsOn
-			'0 - No SNI',			-- DefaultValue
-			'0 - No SNI,1 - SNI Enabled,2 - Non SNI Binding,3 - SNI Binding'	-- Options
+			'0',					-- DefaultValue
+			NULL					-- Options
 		);
 
 	-- create Protocol entry parameter

diff --git a/README.md b/README.md
@@ -57,6 +57,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
 
 <details><summary>Windows Certificate (WinCert)</summary>
 
+
 ### WinCert
 
 The Windows Certificate Certificate Store Type, known by its short name 'WinCert,' enables the management of certificates within the Windows local machine certificate stores. This store type is a versatile option for general Windows certificate management and supports functionalities including inventory, add, remove, and reenrollment of certificates.
@@ -74,6 +75,7 @@ The store type represents the various certificate stores present on a Windows Se
 
 <details><summary>IIS Bound Certificate (IISU)</summary>
 
+
 ### IISU
 
 The IIS Bound Certificate Certificate Store Type, identified by its short name 'IISU,' is designed for the management of certificates bound to IIS (Internet Information Services) servers. This store type allows users to automate and streamline the process of adding, removing, and reenrolling certificates for IIS sites, making it significantly easier to manage web server certificates.
@@ -93,6 +95,7 @@ The IISU store type represents the IIS servers and their certificate bindings. I
 
 <details><summary>WinSql (WinSql)</summary>
 
+
 ### WinSql
 
 The WinSql Certificate Store Type, referred to by its short name 'WinSql,' is designed for the management of certificates used by SQL Server instances. This store type allows users to automate the process of adding, removing, reenrolling, and inventorying certificates associated with SQL Server, thereby simplifying the management of SSL/TLS certificates for database servers.
@@ -172,7 +175,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
     | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove |
     | Supports Discovery | 🔲 Unchecked |  Indicates that the Store Type supports Discovery |
-    | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+    | Supports Reenrollment | ✅ Checked |  Indicates that the Store Type supports Reenrollment |
     | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
     | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
     | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint |
@@ -253,7 +256,7 @@ The Windows Certificate Universal Orchestrator extension implements 3 Certificat
     | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add |
     | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove |
     | Supports Discovery | 🔲 Unchecked |  Indicates that the Store Type supports Discovery |
-    | Supports Reenrollment | 🔲 Unchecked |  Indicates that the Store Type supports Reenrollment |
+    | Supports Reenrollment | ✅ Checked |  Indicates that the Store Type supports Reenrollment |
     | Supports Create | 🔲 Unchecked |  Indicates that the Store Type supports store creation |
     | Needs Server | ✅ Checked | Determines if a target server name is required when creating store |
     | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint |