Skip to content

Commit 6adc2fb

Browse files
Merge 8755daf into b0b34a2
2 parents b0b34a2 + 8755daf commit 6adc2fb

13 files changed

Lines changed: 621 additions & 409 deletions

File tree

.github/workflows/keyfactor-bootstrap-workflow.yml renamed to .github/workflows/keyfactor-starter-workflow.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,10 @@ on:
1111

1212
jobs:
1313
call-starter-workflow:
14-
uses: keyfactor/actions/.github/workflows/starter.yml@v2
14+
uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
1515
secrets:
1616
token: ${{ secrets.V2BUILDTOKEN}}
1717
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
1818
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
1919
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
20+
scan_token: ${{ secrets.SAST_TOKEN }}

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
2.3.1
2+
* .Net 6 and .Net 8 Build Support
3+
* Documentation Updates
4+
15
2.3.0
26
* Added support for Template Only Commits
37
* Added support for Template Stack Commits

PaloAlto/Client/PaloAltoClient.cs

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@
2525
using Keyfactor.Extensions.Orchestrator.PaloAlto.Models.Responses;
2626
using Keyfactor.Logging;
2727
using Microsoft.Extensions.Logging;
28+
using Newtonsoft.Json;
29+
using Newtonsoft.Json.Linq;
2830

2931
namespace Keyfactor.Extensions.Orchestrator.PaloAlto.Client
3032
{
@@ -393,6 +395,59 @@ private void EnsureSuccessfulResponse(HttpResponseMessage response)
393395
_logger.LogError($"Error Occured in PaloAltoClient.EnsureSuccessfulResponse: {e.Message}");
394396
throw;
395397
}
398+
}
399+
400+
public string MaskSensitiveData(string json)
401+
{
402+
try
403+
{
404+
JObject jsonObject = JObject.Parse(json);
405+
406+
// Replace all keys named "Password" or similar
407+
MaskKey(jsonObject, "StorePassword");
408+
MaskKey(jsonObject, "ServerPassword");
409+
MaskKey(jsonObject, "PrivateKeyPassword");
410+
411+
return jsonObject.ToString(Newtonsoft.Json.Formatting.Indented);
412+
}
413+
catch (JsonException ex)
414+
{
415+
Console.WriteLine("Invalid JSON provided: " + ex.Message);
416+
return json; // Return the original JSON if parsing fails
417+
}
418+
}
419+
420+
private static void MaskKey(JObject jsonObject, string key)
421+
{
422+
foreach (var property in jsonObject.Properties())
423+
{
424+
if (property.Name.Equals(key, StringComparison.OrdinalIgnoreCase))
425+
{
426+
property.Value = "*****";
427+
}
428+
else if (property.Value.Type == JTokenType.Object)
429+
{
430+
MaskKey((JObject)property.Value, key);
431+
}
432+
else if (property.Value.Type == JTokenType.String)
433+
{
434+
// Optionally handle nested JSON strings
435+
string value = property.Value.ToString();
436+
if (value.StartsWith("{") && value.EndsWith("}"))
437+
{
438+
try
439+
{
440+
JObject nestedObject = JObject.Parse(value);
441+
MaskKey(nestedObject, key);
442+
property.Value = nestedObject.ToString(Newtonsoft.Json.Formatting.None);
443+
}
444+
catch
445+
{
446+
// Not a valid JSON string, skip
447+
}
448+
}
449+
}
450+
}
396451
}
397452
}
398453
}

PaloAlto/Jobs/Inventory.cs

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public Inventory(IPAMSecretResolver resolver)
4040
_resolver = resolver;
4141
}
4242

43+
private PaloAltoClient _client;
4344
private string ServerPassword { get; set; }
4445
private string ServerUserName { get; set; }
4546

@@ -79,25 +80,26 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
7980
config.JobHistoryId, ServerUserName, ServerPassword);
8081
if (!valid) return result;
8182

83+
//Get the list of certificates and Trusted Roots
84+
_client =
85+
new PaloAltoClient(config.CertificateStoreDetails.ClientMachine,
86+
ServerUserName, ServerPassword); //Api base URL Plus Key
87+
8288
_logger.LogTrace("Store Properties are Valid");
83-
_logger.LogTrace($"Inventory Config {JsonConvert.SerializeObject(config)}");
89+
_logger.LogTrace($"Inventory Config {_client.MaskSensitiveData(JsonConvert.SerializeObject(config))}");
8490
_logger.LogTrace(
8591
$"Client Machine: {config.CertificateStoreDetails.ClientMachine} ApiKey: {config.ServerPassword}");
8692

87-
//Get the list of certificates and Trusted Roots
88-
var client =
89-
new PaloAltoClient(config.CertificateStoreDetails.ClientMachine,
90-
ServerUserName, ServerPassword); //Api base URL Plus Key
9193
_logger.LogTrace("Inventory Palo Alto Client Created");
9294

9395
//Change the path if you are pointed to a Panorama Device
94-
var rawCertificatesResult = client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;
96+
var rawCertificatesResult = _client.GetCertificateList($"{config.CertificateStoreDetails.StorePath}/certificate/entry").Result;
9597

9698
var certificatesResult =
9799
rawCertificatesResult.CertificateResult.Entry.FindAll(c => c.PublicKey != null);
98100
LogResponse(certificatesResult); //Trace Write Certificate List Response from Palo Alto
99101

100-
var trustedRootPayload = client.GetTrustedRootList().Result;
102+
var trustedRootPayload = _client.GetTrustedRootList().Result;
101103
LogResponse(trustedRootPayload); //Trace Write Trusted Cert List Response from Palo Alto
102104

103105
var warningFlag = false;
@@ -133,7 +135,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
133135
try
134136
{
135137
_logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}");
136-
var certificatePem = client.GetCertificateByName(trustedRootCert.Name);
138+
var certificatePem = _client.GetCertificateByName(trustedRootCert.Name);
137139
_logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}");
138140
var bytes = Encoding.ASCII.GetBytes(certificatePem.Result);
139141
var cert = new X509Certificate2(bytes);

0 commit comments

Comments
 (0)