merge release 1.1.0 to main

.github/workflows/keyfactor-bootstrap-workflow.yml → .github/workflows/keyfactor-starter-workflow.yml

@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.2.0
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

BoschIPCamera/BoschIPCamera - Backup.csproj

@@ -1,9 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.BoschIPCamera</RootNamespace>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">

BoschIPCamera/BoschIPCamera.csproj

@@ -1,9 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <RootNamespace>Keyfactor.Extensions.Orchestrator.BoschIPCamera</RootNamespace>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+    <ImplicitUsings>disable</ImplicitUsings>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">

CHANGELOG.md

@@ -1,3 +1,7 @@
+1.1.0
+- Added .net6/8 dual build
+- Modifications to support doctool for README
+
 1.0.4
 - Initial Public release
 

docsource/bipcamera.md

@@ -0,0 +1 @@
+## Overview

docsource/content.md

@@ -0,0 +1,50 @@
+## Overview
+
+The Bosch IP Camera Orchestrator remotely manages certificates on the camera.
+
+## Requirements
+
+1. Out of the box, the camera comes with three accounts. You need an account created that has "service" level access:
+![](docsource/images/Bosch_Security_Systems.gif)
+2. Currently supports Bosch firmware version 7.10.0095 - 7.82. Has not been tested with any other firmeware version.
+
+## Usage
+
+**Reenrollment**
+
+**Important!** When using Reenrollment, the subject needs to include the Camera's serial number as an element. The Camera automatically adds this to the CSR it generates, and Keyfactor will not enroll the CSR unless it is included.
+For example, with a serial number of '1234' and a desired subject of CN=mycert, the Subject entered for a reenrollment should read:
+Subject:  `SERIALNUMBER=1234,CN=mycert`
+The serial number is entered as the Store Path on the Certificate Store, and should be copied and entered as mentioned when running a reenrollment job.
+
+| Reenrollment Field | Value | Description |
+|-|-|-|
+| Subject Name | `SERIALNUMBER=xxxx,CN=mycert,O=...` etc. | Comma-separated list of subject elements. Must include `SERIALNUMBER=` as described above. |
+| Alias | Alias | The certificate Alias, and name to be assigned on the camera. Will allow for overwriting existing certs with the same name. |
+| Certificate Usage | Select one, or blank | The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later. |
+| Name (Alias) | Alias | The certificate Alias, entered again. |
+| Overwrite | True, or False | Select `True` if using an existing Alias name to remove and replace an existing certificate. |
+
+![](docsource/images/reenrollment-example.png)
+
+Running a Reenrollment job to issue a new certificate on the camera can happen in two ways. 
+##### Manual Reenrollment Scheduling
+Right click on the cert store and chooose Reenrollment. In the dialog box, type "SERIALNUMBER=xxxx,CN=Test" and click Done. A job will be created in the job queue that will perform on camera CSR that will be signed by a CA integrated with Keyfactor and then uploaded to the camera. Once complete, the camera will be rebooted. 
+##### Automated Reenrollment Scheduling with Expiration Alerts
+Start by installing the ExperationAlertHandler.ps1 on the Command server.
+
+__Keyfactor Command before version 11__: copy the PowerShell to the ExtensionLibrary folder in the install location, typically `C:\Program Files\Keyfactor\ExtensionLibrary`
+
+__Keyfactor Command version 11+__: upload the script using the API [documented here](https://software.keyfactor.com/Core-OnPrem/v11.5/Content/ReferenceGuide/PowerShellScripts.htm) so it can be used in an Expiration Alert Handler
+
+After installing the PowerShell script, create a collection for each certificate type (or one for all cert types) used on cameras. Create an expiration alert and configure the Event Handler similar to the one below.
+
+##### Event Handler Configuration 
+Parameter Name	|Type           |Value
+----------------|---------------|------------
+DN	    |Token  |dn
+Host    |Value  |FDDN of keyfactor server. Example: https://customer.keyfactor.com
+Locations   |Token |locations:certstore
+ScriptName  |Script |ExpirationAlertHandler.ps1
+
+![](docsource/images/ExpirationAlerts.gif)

integration-manifest.json

@@ -6,68 +6,63 @@
   "update_catalog": true,
   "link_github": true,
   "support_level": "kf-supported",
-  "release_dir": "BoschIPCamera/bin/Release/netcoreapp3.1",
+  "release_dir": "BoschIPCamera/bin/Release",
+  "release_project": "BoschIPCamera/BoschIPCamera.csproj",
   "description": "Bosch IP Camera Orchestrator for Inventory and Reenrollment (on-device keygen) for existing and new certificates",
   "about": {
     "orchestrator": {
       "UOFramework": "10.1",
       "keyfactor_platform_version": "9.10",
       "pam_support": false,
-      "win": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": false,
-        "supportsManagementRemove": false,
-        "supportsReenrollment": true,
-        "supportsInventory": true,
-        "platformSupport": "Unused"
-      },
-      "linux": {
-        "supportsCreateStore": false,
-        "supportsDiscovery": false,
-        "supportsManagementAdd": false,
-        "supportsManagementRemove": false,
-        "supportsReenrollment": false,
-        "supportsInventory": false,
-        "platformSupport": "Unused"
-      },
       "store_types": [
         {
           "Name": "Bosch IP Camera",
           "ShortName": "BIPCamera",
           "Capability": "BIPCamera",
-          "LocalStore": false,
+          "PrivateKeyAllowed": "Optional",
+          "ServerRequired": true,
+          "PowerShell": false,
+          "BlueprintAllowed": true,
+          "CustomAliasAllowed": "Required",
           "SupportedOperations": {
-            "Add": true,
+            "Add": false,
             "Create": false,
             "Discovery": false,
             "Enrollment": true,
-            "Remove": true
+            "Remove": false
+          },
+          "PasswordOptions": {
+            "EntrySupported": false,
+            "StoreRequired": false,
+            "Style": "Default"
           },
           "Properties": [
             {
               "Name": "ServerUsername",
               "DisplayName": "Server Username",
               "Type": "Secret",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "Description": "Enter the username of the configured \"service\" user on the camera"
             },
             {
               "Name": "ServerPassword",
               "DisplayName": "Server Password",
               "Type": "Secret",
-              "DependsOn": null,
-              "DefaultValue": null,
-              "Required": false
+              "DependsOn": "",
+              "DefaultValue": "",
+              "Required": false,
+              "Description": "Enter the password of the configured \"service\" user on the camera"
             },
             {
               "Name": "ServerUseSsl",
               "DisplayName": "Use SSL",
               "Type": "Bool",
-              "DependsOn": null,
+              "DependsOn": "",
               "DefaultValue": "true",
-              "Required": true
+              "Required": true,
+              "Description": "Select True or False depending on if SSL (HTTPS) should be used to communicate with the camera."
             }
           ],
           "EntryParameters": [
@@ -81,7 +76,8 @@
                 "OnRemove": false,
                 "OnReenrollment": false
               },
-              "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client"
+              "Options": ",HTTPS,EAP-TLS-client,TLS-DATE-client",
+              "Description": "The Certificate Usage to assign to the cert after upload. Can be left blank to be assigned later."
             },
             {
               "Name": "Name",
@@ -92,7 +88,8 @@
                 "OnAdd": false,
                 "OnRemove": false,
                 "OnReenrollment": true
-              }
+              },
+              "Description": "The certificate Alias, entered again."
             },
             {
               "Name": "Overwrite",
@@ -104,19 +101,12 @@
                 "OnRemove": false,
                 "OnReenrollment": false
               },
-              "DefaultValue": "false"
+              "DefaultValue": "false",
+              "Description": "Select `True` if using an existing Alias name to remove and replace an existing certificate."
             }
           ],
-          "PasswordOptions": {
-            "EntrySupported": false,
-            "StoreRequired": false,
-            "Style": "Default"
-          },
-          "PrivateKeyAllowed": "Optional",
-          "ServerRequired": true,
-          "PowerShell": false,
-          "BlueprintAllowed": true,
-          "CustomAliasAllowed": "Required"
+          "ClientMachineDescription": "The IP address of the Camera. Sample is \"192.167.231.174:44444\". Include the port if necessary.",
+          "StorePathDescription": "Enter the Serial Number of the camera e.g. `068745431065110085`"
         }
       ]
     }