Keyfactor · doebrowsk · Dec 17, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024
diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
@@ -11,7 +11,7 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.1
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,29 +1,2 @@
-2.2.1
-* Fixed URL Encoding on Palo Username and Pwd that caused invalid credentials error
-
-2.2.0
-* Removed support for binding cert to new binding location, can only update certs that are previously bound
-* Support for replacing certs on all binding locations both Panorama and Firewalls as long as it was there before
-* Support for Virtual Systems on Firewalls, tested with only Azure Virtual Version of Firewall
-* Support for Virtual Systems on Panorama Templates
-
-2.1.1
-* Bug - Add Renew Failure Object Reference Error when Adding/Renewing a cert.
-
-2.1.0
-* Support for Pan Level Certficates
-* Support for Pushing Entire Certificate Chain to Panorama
-* Auto Detection of Trusted Root Certificates
-* Fix Inventory Check For Private Key from Dummy to Anything
-
-2.0.1
-* Fix Epoch Time in Model from int to long to prevent inventory errors
-
-2.0.0
-* Support for Panorama or Firewall connectivity
-* Commits changes to the Individual Firewall
-* Support for Panorama push to firewalls
-
-1.0.3
-* Added PAM Support for Orchestrator
-
+1.0.0
+* Initial Release
diff --git a/FortiWeb/Client/FortiWebClient.cs b/FortiWeb/Client/FortiWebClient.cs
@@ -36,6 +36,26 @@ public class FortiWebClient
     {
         private readonly ILogger _logger;
 
+        public string GenerateApiKey(string username, string password, string vdom)
+        {
+            // Create the object
+            var data = new
+            {
+                username = username,
+                password = password,
+                vdom = vdom
+            };
+
+            // Convert the object to a JSON string
+            string jsonString = JsonConvert.SerializeObject(data);
+
+            // Convert the JSON string to a byte array
+            byte[] byteArray = Encoding.UTF8.GetBytes(jsonString);
+
+            // Base64 encode the byte array
+            return Convert.ToBase64String(byteArray);
+        }
+
         public FortiWebClient(string url, string userName, string password, string apiKey)
         {
             _logger = LogHandler.GetClassLogger<FortiWebClient>();
@@ -50,6 +70,12 @@ public FortiWebClient(string url, string userName, string password, string apiKe
             ApiKey=apiKey;
         }
 
+
+        public FortiWebClient()
+        {
+            _logger = LogHandler.GetClassLogger<FortiWebClient>();
+        }
+
         private string ApiKey { get; }
 
         private HttpClient HttpClient { get; }

diff --git a/FortiWeb/JobProperties.cs b/FortiWeb/JobProperties.cs
@@ -19,9 +19,9 @@ namespace Keyfactor.Extensions.Orchestrator.FortiWeb
 {
     public class JobProperties
     {
-        [JsonProperty("ApiKey")]
+        [JsonProperty("ADom")]
         [DefaultValue("")]
-        public string ApiKey { get; set; }
+        public string ADom { get; set; }
 
 
     }

diff --git a/FortiWeb/Jobs/Inventory.cs b/FortiWeb/Jobs/Inventory.cs
@@ -80,9 +80,12 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
                 _logger.LogTrace(
                     $"Client Machine: {config.CertificateStoreDetails.ClientMachine}");
 
+                var apiClient = new FortiWebClient();
+                var apiKey = apiClient.GenerateApiKey(ServerUserName, ServerPassword, StoreProperties.ADom);
+
                 var client =
                     new FortiWebClient(config.CertificateStoreDetails.ClientMachine,
-                        ServerUserName, ServerPassword, StoreProperties.ApiKey); //Api base URL Plus Key
+                        ServerUserName, ServerPassword, apiKey); //Api base URL Plus Key
                 _logger.LogTrace("Inventory FotiWeb Client Created");
 
                 var cliCertResults = client.GetCertificateInventory(config.CertificateStoreDetails.ClientMachine, 22, ServerUserName, ServerPassword);

diff --git a/FortiWeb/Jobs/Management.cs b/FortiWeb/Jobs/Management.cs
@@ -135,9 +135,12 @@ private JobResult PerformAddition(ManagementJobConfiguration config)
                 _logger.LogTrace(
                     $"Credentials JSON: Url: {config.CertificateStoreDetails.ClientMachine} Server UserName: {config.ServerUsername}");
 
+                var apiClient = new FortiWebClient();
+                var apiKey = apiClient.GenerateApiKey(ServerUserName, ServerPassword, StoreProperties.ADom);
+
                 var client =
                     new FortiWebClient(config.CertificateStoreDetails.ClientMachine,
-                        ServerUserName, ServerPassword, StoreProperties.ApiKey); //Api base URL Plus Key
+                        ServerUserName, ServerPassword, apiKey); //Api base URL Plus Key
                 _logger.LogTrace(
                     "FortiWeb Client Created");
 

diff --git a/FortiWeb/Validators.cs b/FortiWeb/Validators.cs
@@ -25,9 +25,9 @@ public static (bool valid, JobResult result) ValidateStoreProperties(JobProperti
         {
             var errors = string.Empty;
 
-            if (string.IsNullOrEmpty(storeProperties?.ApiKey))
+            if (string.IsNullOrEmpty(storeProperties?.ADom))
             {
-                errors += "You need to specify an ApiKey for FortiWeb.";
+                errors += "You need to specify an ADom for FortiWeb.";
             }
 
             var hasErrors = (errors.Length > 0);

diff --git a/FortiWebTestConsole/FortiWebInventory.json b/FortiWebTestConsole/FortiWebInventory.json
@@ -243,7 +243,7 @@
     "ClientMachine": "ClientMachineGoesHere",
     "StorePath": "TemplateNameGoesHere",
     "StorePassword": "",
-    "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"ApiKey\":\"ApiKeyGoesHere\"}",
+    "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"ADom\":\"ADomGoesHere\"}",
     "Type": 105
   },
   "JobCancelled": false,

diff --git a/FortiWebTestConsole/FortiWebMgmt.json b/FortiWebTestConsole/FortiWebMgmt.json
@@ -4,7 +4,7 @@
     "ClientMachine": "ClientMachineGoesHere",
     "StorePath": "TemplateNameGoesHere",
     "StorePassword": null,
-    "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"ApiKey\":\"ApiKeyGoesHere\"}",
+    "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"ADom\":\"ADomGoesHere\"}",
     "Type": 105
   },
   "OperationType": 2,

diff --git a/FortiWebTestConsole/Program.cs b/FortiWebTestConsole/Program.cs
@@ -32,14 +32,14 @@
         public static string CaseName { get; set; }
         public static string CertAlias { get; set; }
         public static string ClientMachine { get; set; }
-        public static string ApiKey { get; set; }
+        public static string ADom { get; set; }
         public static string StorePath { get; set; }
         public static string Overwrite { get; set; }
         public static string ManagementType { get; set; }
        public static string CertificateContent { get; set; }


        private static async Task Main(string[] args)
        {


@@ -57,7 +57,7 @@
                 UserName = arguments["-user"];
                 Password = arguments["-password"];
                 StorePath = arguments["-storepath"];
-                ApiKey = arguments["-apikey"];
+                ADom = arguments["-adom"];
                 ClientMachine = arguments["-clientmachine"];
             }
             else
@@ -71,7 +71,7 @@
                 Console.WriteLine("Enter Store Path");
                 StorePath = Console.ReadLine();
                 Console.WriteLine("Enter ApiKey");
-                ApiKey = Console.ReadLine();
+                ADom = Console.ReadLine();
                 Console.WriteLine("Enter ClientMachine");
                 ClientMachine = Console.ReadLine();
             }
@@ -156,7 +156,7 @@
         public static InventoryJobConfiguration GetInventoryJobConfiguration()
         {
             var fileContent = File.ReadAllText("FortiWebInventory.json").Replace("UserNameGoesHere", UserName)
-                .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine).Replace("ApiKeyGoesHere", ApiKey);
+                .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine).Replace("ADomGoesHere", ADom);
             var result =
                 JsonConvert.DeserializeObject<InventoryJobConfiguration>(fileContent);
             return result;
@@ -174,7 +174,7 @@
 
             var fileContent = File.ReadAllText("FortiWebMgmt.json").Replace("UserNameGoesHere", UserName)
                 .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath)
-                .Replace("ApiKeyGoesHere", ApiKey).Replace("AliasGoesHere", CertAlias)
+                .Replace("ADomGoesHere", ADom).Replace("AliasGoesHere", CertAlias)
                 .Replace("ClientMachineGoesHere", ClientMachine)
                 .Replace("\"Overwrite\": false",overWriteReplaceString)
                 .Replace("CertificateContentGoesHere", CertificateContent);

diff --git a/FortiWebTestConsole/RunTest.bat b/FortiWebTestConsole/RunTest.bat
@@ -4,7 +4,7 @@ cd C:\Users\bhill\source\repos\fortinet-fortiweb-orchestrator\FortiWebTestConsol
 set FortiWebMachine=11.22.38.208:8443
 set FortiWebUser=dasklfa
 set FortiWebPassword=asdfsa
-set FortiWebApiKey=eyJ
+set ADom=eyJ
 
 set clientmachine=%FortiWebMachine%
 set password=%FortiWebPassword%
@@ -28,7 +28,7 @@ echo ***************************************************************************
 echo overwrite: %overwrite%
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
 
 
 set overwrite=true
@@ -41,7 +41,7 @@ echo overwrite: %overwrite%
 echo trusted: %trusted%
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
 
 :TC3
 set mgt=add
@@ -55,7 +55,7 @@ echo overwrite: %overwrite%
 set /p cert=Please enter multi policy bound cert name:
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
 
 :TC4
 set mgt=add
@@ -69,7 +69,7 @@ echo overwrite: %overwrite%
 set /p cert=Please enter single policy bound cert name:
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
 
 
 :TC5
@@ -84,7 +84,7 @@ echo overwrite: %overwrite%
 set /p cert=Please enter single policy bound cert name:
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite%
 
 :TC6
 echo:
@@ -102,7 +102,7 @@ echo ***************************************************************************
 echo overwrite: %overwrite%
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname%
 
 :TC7
 echo:
@@ -121,6 +121,6 @@ echo ***************************************************************************
 echo overwrite: %overwrite%
 echo cert name: %cert%
 
-FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -apikey=%FortiWebApiKey% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname%
+FortiWebTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -adom=%ADom% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname%
 
 @pause