Skip to content

Commit 65aa09b

Browse files
Merge 4ec18f9 into b0b34a2
2 parents b0b34a2 + 4ec18f9 commit 65aa09b

7 files changed

Lines changed: 146 additions & 257 deletions

File tree

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
2.3.1
2+
* Fixed issue where trace logs had extra info in them
3+
* Fixed issue with chain support when pushing certs to palo
4+
15
2.3.0
26
* Added support for Template Only Commits
37
* Added support for Template Stack Commits

PaloAlto/Client/PaloAltoClient.cs

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@
2525
using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses;
2626
using Keyfactor.Logging;
2727
using Microsoft.Extensions.Logging;
28+
using Newtonsoft.Json;
29+
using Newtonsoft.Json.Linq;
2830

2931
namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Client
3032
{
@@ -393,6 +395,59 @@ private void EnsureSuccessfulResponse(HttpResponseMessage response)
393395
_logger.LogError($"Error Occured in PaloAltoClient.EnsureSuccessfulResponse: {e.Message}");
394396
throw;
395397
}
398+
}
399+
400+
public string MaskSensitiveData(string json)
401+
{
402+
try
403+
{
404+
JObject jsonObject = JObject.Parse(json);
405+
406+
// Replace all keys named "Password" or similar
407+
MaskKey(jsonObject, "StorePassword");
408+
MaskKey(jsonObject, "ServerPassword");
409+
MaskKey(jsonObject, "PrivateKeyPassword");
410+
411+
return jsonObject.ToString(Newtonsoft.Json.Formatting.Indented);
412+
}
413+
catch (JsonException ex)
414+
{
415+
Console.WriteLine("Invalid JSON provided: " + ex.Message);
416+
return json; // Return the original JSON if parsing fails
417+
}
418+
}
419+
420+
private static void MaskKey(JObject jsonObject, string key)
421+
{
422+
foreach (var property in jsonObject.Properties())
423+
{
424+
if (property.Name.Equals(key, StringComparison.OrdinalIgnoreCase))
425+
{
426+
property.Value = "*****";
427+
}
428+
else if (property.Value.Type == JTokenType.Object)
429+
{
430+
MaskKey((JObject)property.Value, key);
431+
}
432+
else if (property.Value.Type == JTokenType.String)
433+
{
434+
// Optionally handle nested JSON strings
435+
string value = property.Value.ToString();
436+
if (value.StartsWith("{") && value.EndsWith("}"))
437+
{
438+
try
439+
{
440+
JObject nestedObject = JObject.Parse(value);
441+
MaskKey(nestedObject, key);
442+
property.Value = nestedObject.ToString(Newtonsoft.Json.Formatting.None);
443+
}
444+
catch
445+
{
446+
// Not a valid JSON string, skip
447+
}
448+
}
449+
}
450+
}
396451
}
397452
}
398453
}

PaloAlto/Jobs/Inventory.cs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public Inventory(IPAMSecretResolver resolver)
4040
_resolver = resolver;
4141
}
4242

43+
private PaloAltoClient _client;
4344
private string ServerPassword { get; set; }
4445
private string ServerUserName { get; set; }
4546

@@ -79,25 +80,24 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
7980
config.JobHistoryId, ServerUserName, ServerPassword);
8081
if (!valid) return result;
8182

82-
_logger.LogTrace("Store Properties are Valid");
83-
_logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}");
84-
_logger.LogTrace(
85-
$"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}");
86-
8783
//Get the list of certificates and Trusted Roots
88-
var client =
84+
_client =
8985
new PaloAltoClient(config.CertificateStoreDetails.ClientMachine,
9086
ServerUserName, ServerPassword); //Api base URL Plus Key
87+
88+
_logger.LogTrace("Store Properties are Valid");
89+
_logger.LogTrace($"Inventory Config {_client.MaskSensitiveData(JsonConvert.SerializeObject(config))}");
90+
9191
_logger.LogTrace("Inventory Palo Alto Client Created");
9292

9393
//Change the path if you are pointed to a Panorama Device
94-
var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;
94+
var rawCertificatesResult = _client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;
9595

9696
var certificatesResult =
9797
rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null);
9898
LogResponse(certificatesResult); //Trace Write Certificate List Response from Palo Alto
9999

100-
var trustedRootPayload = client.GetTrustedRootList().Result;
100+
var trustedRootPayload = _client.GetTrustedRootList().Result;
101101
LogResponse(trustedRootPayload); //Trace Write Trusted Cert List Response from Palo Alto
102102

103103
var warningFlag = false;
@@ -133,7 +133,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
133133
try
134134
{
135135
_logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}");
136-
var certificatePem = client.GetCertificateByName(trustedRootCert.Name);
136+
var certificatePem = _client.GetCertificateByName(trustedRootCert.Name);
137137
_logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}");
138138
var bytes = Encoding.ASCII.GetBytes(certificatePem.Result);
139139
var cert = new X509Certificate2(bytes);
@@ -219,4 +219,4 @@ protected virtual CurrentInventoryItem BuildInventoryItem(string alias, string c
219219
}
220220
}
221221
}
222-
}
222+
}

0 commit comments

Comments
 (0)