Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ab#67251 #31

Merged
merged 4 commits into from
Jan 31, 2025
Merged

Ab#67251 #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6f0a465
Chain issue Fixes
bhillkeyfactor Jan 23, 2025
ffdda5a
Fix for Chain Issues
bhillkeyfactor Jan 24, 2025
f4ea8e0
Update Inventory.cs
bhillkeyfactor Jan 30, 2025
4ec18f9
Update CHANGELOG.md
bhillkeyfactor Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
2.3.1
* Fixed issue where trace logs had extra info in them
* Fixed issue with chain support when pushing certs to palo

2.3.0
* Added support for Template Only Commits
* Added support for Template Stack Commits
Expand Down
55 changes: 55 additions & 0 deletions PaloAlto/Client/PaloAltoClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses;
using Keyfactor.Logging;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;

namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Client
{
Expand Down Expand Up @@ -393,6 +395,59 @@ private void EnsureSuccessfulResponse(HttpResponseMessage response)
_logger.LogError($"Error Occured in PaloAltoClient.EnsureSuccessfulResponse: {e.Message}");
throw;
}
}

public string MaskSensitiveData(string json)
{
try
{
JObject jsonObject = JObject.Parse(json);

// Replace all keys named "Password" or similar
MaskKey(jsonObject, "StorePassword");
MaskKey(jsonObject, "ServerPassword");
MaskKey(jsonObject, "PrivateKeyPassword");

return jsonObject.ToString(Newtonsoft.Json.Formatting.Indented);
}
catch (JsonException ex)
{
Console.WriteLine("Invalid JSON provided: " + ex.Message);
return json; // Return the original JSON if parsing fails
}
}

private static void MaskKey(JObject jsonObject, string key)
{
foreach (var property in jsonObject.Properties())
{
if (property.Name.Equals(key, StringComparison.OrdinalIgnoreCase))
{
property.Value = "*****";
}
else if (property.Value.Type == JTokenType.Object)
{
MaskKey((JObject)property.Value, key);
}
else if (property.Value.Type == JTokenType.String)
{
// Optionally handle nested JSON strings
string value = property.Value.ToString();
if (value.StartsWith("{") && value.EndsWith("}"))
{
try
{
JObject nestedObject = JObject.Parse(value);
MaskKey(nestedObject, key);
property.Value = nestedObject.ToString(Newtonsoft.Json.Formatting.None);
}
catch
{
// Not a valid JSON string, skip
}
}
}
}
}
}
}
20 changes: 10 additions & 10 deletions PaloAlto/Jobs/Inventory.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public Inventory(IPAMSecretResolver resolver)
_resolver = resolver;
}

private PaloAltoClient _client;
private string ServerPassword { get; set; }
private string ServerUserName { get; set; }

Expand Down Expand Up @@ -79,25 +80,24 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
config.JobHistoryId, ServerUserName, ServerPassword);
if (!valid) return result;

_logger.LogTrace("Store Properties are Valid");
_logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}");
_logger.LogTrace(
$"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}");

//Get the list of certificates and Trusted Roots
var client =
_client =
new PaloAltoClient(config.CertificateStoreDetails.ClientMachine,
ServerUserName, ServerPassword); //Api base URL Plus Key

_logger.LogTrace("Store Properties are Valid");
_logger.LogTrace($"Inventory Config {_client.MaskSensitiveData(JsonConvert.SerializeObject(config))}");

_logger.LogTrace("Inventory Palo Alto Client Created");

//Change the path if you are pointed to a Panorama Device
var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;
var rawCertificatesResult = _client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;

var certificatesResult =
rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null);
LogResponse(certificatesResult); //Trace Write Certificate List Response from Palo Alto

var trustedRootPayload = client.GetTrustedRootList().Result;
var trustedRootPayload = _client.GetTrustedRootList().Result;
LogResponse(trustedRootPayload); //Trace Write Trusted Cert List Response from Palo Alto

var warningFlag = false;
Expand Down Expand Up @@ -133,7 +133,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
try
{
_logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}");
var certificatePem = client.GetCertificateByName(trustedRootCert.Name);
var certificatePem = _client.GetCertificateByName(trustedRootCert.Name);
_logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}");
var bytes = Encoding.ASCII.GetBytes(certificatePem.Result);
var cert = new X509Certificate2(bytes);
Expand Down Expand Up @@ -219,4 +219,4 @@ protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string c
}
}
}
}
}
Loading
Loading