ab#52646

Keyfactor · Jun 3, 2024 · 62f18a1 · 62f18a1
1 parent c9061b8
commit 62f18a1
Show file tree

Hide file tree

Showing 2 changed files with 126 additions and 119 deletions.
diff --git a/F5WafOrchestrator/F5WAFExceptionHandler.cs b/F5WafOrchestrator/F5WAFExceptionHandler.cs
@@ -1,9 +1,16 @@
-// Copyright 2021 Keyfactor
-// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
-// and limitations under the License.
+// Copyright 2024 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 using System;
 

diff --git a/F5WafOrchestrator/F5WafClient.cs b/F5WafOrchestrator/F5WafClient.cs
@@ -331,7 +331,38 @@ public string GetHttpLoadBalancerFromF5(string f5Namespace, string certAlias)
 
         return rootObject.spec?.trusted_ca_url;
     }
-
+
+    public string GetNamespaces()
+    {
+        _logger.MethodEntry(LogLevel.Debug);
+
+        var response = F5Client.GetAsync($"/api/web/namespaces");
+        response.Wait();
+        var resp = response.Result.Content.ReadAsStringAsync();
+        resp.Wait();
+
+        //parse status code for error handling
+        string statusCode = string.Empty;
+        string[] respMessage = response.Result.ToString().Split(',');
+        for (int i = 0; i < respMessage.Length; i++)
+        {
+            if (respMessage[i].Contains("StatusCode:"))
+            {
+                statusCode = respMessage[i].Trim().Substring("StatsCode: ".Length).Trim();
+                break;
+            }
+        }
+
+        if (statusCode != "200")
+        {
+            throw new F5WAFException($"Error retrieving F5 certificate contents: {resp}");
+        }
+
+        _logger.MethodExit(LogLevel.Debug);
+
+        return resp.Result;
+    }
+
     public (IEnumerable<string>, IEnumerable<string>) TlsCertificateRetrievalProcess(string f5Namespace)
     {
         _logger.MethodEntry(LogLevel.Debug);
@@ -432,87 +463,6 @@ public string GetHttpLoadBalancerFromF5(string f5Namespace, string certAlias)
         return (certNames, encodedCerts);
     }
 
-    private string ConvertCertToPemFormat(string base64EncodedCertificate)
-    {
-        _logger.MethodEntry(LogLevel.Debug);
-
-        StringBuilder builder = new StringBuilder();
-
-        builder.Append("-----BEGIN CERTIFICATE-----\n");
-
-        // split base64 string into 64-character lines
-        for (int i = 0; i < base64EncodedCertificate.Length; i += 64)
-        {
-            int lineLength = Math.Min(64, base64EncodedCertificate.Length - i);
-            string line = base64EncodedCertificate.Substring(i, lineLength);
-            builder.Append(line + "\n"); 
-        }
-
-        builder.Append("-----END CERTIFICATE-----\n");
-
-        _logger.MethodExit(LogLevel.Debug);
-
-        return builder.ToString();
-    }
-
-    private string ConvertKeyToPemFormat(string base64EncodedCertificate)
-    {
-        _logger.MethodEntry(LogLevel.Debug);
-
-        StringBuilder builder = new StringBuilder();
-
-        builder.Append("-----BEGIN RSA PRIVATE KEY-----\n");
-
-        // split base64 string into 64-character lines
-        for (int i = 0; i < base64EncodedCertificate.Length; i += 64)
-        {
-            int lineLength = Math.Min(64, base64EncodedCertificate.Length - i);
-            string line = base64EncodedCertificate.Substring(i, lineLength);
-            builder.Append(line + "\n"); 
-        }
-
-        builder.Append("-----END RSA PRIVATE KEY-----\n");
-
-        _logger.MethodExit(LogLevel.Debug);
-
-        return builder.ToString();
-    }
-
-    public string ExtractEndEntityandCertChain(string pfxData, string password)
-    {
-        _logger.MethodEntry(LogLevel.Debug);
-
-        string endEntityandChain = "";
-
-        byte[] pfxBytes = Convert.FromBase64String(pfxData);
-
-        Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
-        Pkcs12Store store = storeBuilder.Build();
-        store.Load(new MemoryStream(pfxBytes), password.ToCharArray());
-
-        foreach (string alias in store.Aliases)
-        {
-            if (store.IsKeyEntry(alias))
-            {
-                X509CertificateEntry[] chain = store.GetCertificateChain(alias);
-                if (chain == null)
-                {
-                    throw new F5WAFException("No certificate chain found or no key entry exists.");
-                }
-                string[] pemCertificates = new string[chain.Length];
-                for (int i = 0; i < chain.Length; i++)
-                {
-                    pemCertificates[i] = ConvertCertToPemFormat(Convert.ToBase64String(chain[i].Certificate.GetEncoded()));
-                    endEntityandChain += pemCertificates[i];
-                }
-            }
-        }
-
-        _logger.MethodExit(LogLevel.Debug);
-
-        return endEntityandChain;
-    }
-
     public void AddTlsCertificate(string f5Namespace, PostRoot reqBody)
     {
         _logger.MethodEntry(LogLevel.Debug);
@@ -838,37 +788,6 @@ public void ReplaceCaCertificateInF5(string f5Namespace, CaPostRoot reqBody)
 
         _logger.MethodExit(LogLevel.Debug);
     }
-
-    public string GetNamespaces()
-    {
-        _logger.MethodEntry(LogLevel.Debug);
-
-        var response = F5Client.GetAsync($"/api/web/namespaces");
-        response.Wait();
-        var resp = response.Result.Content.ReadAsStringAsync();
-        resp.Wait();
-
-        //parse status code for error handling
-        string statusCode = string.Empty;
-        string[] respMessage = response.Result.ToString().Split(',');
-        for (int i = 0; i < respMessage.Length; i++)
-        {
-            if (respMessage[i].Contains("StatusCode:"))
-            {
-                statusCode = respMessage[i].Trim().Substring("StatsCode: ".Length).Trim();
-                break;
-            }
-        }
-
-        if (statusCode != "200")
-        {
-            throw new F5WAFException($"Error retrieving F5 certificate contents: {resp}");
-        }
-
-        _logger.MethodExit(LogLevel.Debug);
-
-        return resp.Result;
-    }
 
     public List<string> DiscoverNamespacesforCaStoreType()
     {
@@ -998,4 +917,85 @@ public bool JobCertIsAttachedToHttpLoadBalancer(string f5Namespace, string jobCe
 
         return false;
     }
+
+    private string ExtractEndEntityandCertChain(string pfxData, string password)
+    {
+        _logger.MethodEntry(LogLevel.Debug);
+
+        string endEntityandChain = "";
+
+        byte[] pfxBytes = Convert.FromBase64String(pfxData);
+
+        Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+        Pkcs12Store store = storeBuilder.Build();
+        store.Load(new MemoryStream(pfxBytes), password.ToCharArray());
+
+        foreach (string alias in store.Aliases)
+        {
+            if (store.IsKeyEntry(alias))
+            {
+                X509CertificateEntry[] chain = store.GetCertificateChain(alias);
+                if (chain == null)
+                {
+                    throw new F5WAFException("No certificate chain found or no key entry exists.");
+                }
+                string[] pemCertificates = new string[chain.Length];
+                for (int i = 0; i < chain.Length; i++)
+                {
+                    pemCertificates[i] = ConvertCertToPemFormat(Convert.ToBase64String(chain[i].Certificate.GetEncoded()));
+                    endEntityandChain += pemCertificates[i];
+                }
+            }
+        }
+
+        _logger.MethodExit(LogLevel.Debug);
+
+        return endEntityandChain;
+    }
+
+    private string ConvertCertToPemFormat(string base64EncodedCertificate)
+    {
+        _logger.MethodEntry(LogLevel.Debug);
+
+        StringBuilder builder = new StringBuilder();
+
+        builder.Append("-----BEGIN CERTIFICATE-----\n");
+
+        // split base64 string into 64-character lines
+        for (int i = 0; i < base64EncodedCertificate.Length; i += 64)
+        {
+            int lineLength = Math.Min(64, base64EncodedCertificate.Length - i);
+            string line = base64EncodedCertificate.Substring(i, lineLength);
+            builder.Append(line + "\n");
+        }
+
+        builder.Append("-----END CERTIFICATE-----\n");
+
+        _logger.MethodExit(LogLevel.Debug);
+
+        return builder.ToString();
+    }
+
+    private string ConvertKeyToPemFormat(string base64EncodedCertificate)
+    {
+        _logger.MethodEntry(LogLevel.Debug);
+
+        StringBuilder builder = new StringBuilder();
+
+        builder.Append("-----BEGIN RSA PRIVATE KEY-----\n");
+
+        // split base64 string into 64-character lines
+        for (int i = 0; i < base64EncodedCertificate.Length; i += 64)
+        {
+            int lineLength = Math.Min(64, base64EncodedCertificate.Length - i);
+            string line = base64EncodedCertificate.Substring(i, lineLength);
+            builder.Append(line + "\n");
+        }
+
+        builder.Append("-----END RSA PRIVATE KEY-----\n");
+
+        _logger.MethodExit(LogLevel.Debug);
+
+        return builder.ToString();
+    }
 }