Updated all filepaths to work cross-platform; Removed references to Axis.Trust; Updated HTTP client to use PAM credentials; Removed redundant qualifiers

Author: Elena Fiocca

AxisIPCamera/AxisIPCamera.csproj

@@ -43,10 +43,6 @@
 	<None Update="Files\GetMQTTBinding.json">
 	  <CopyToOutputDirectory>Always</CopyToOutputDirectory>
 	</None>
-	
-	<None Update="Files\Axis.Trust">
-	  <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-	</None>
   </ItemGroup>
 
 </Project>

AxisIPCamera/Client/AxisHttpClient.cs

@@ -97,7 +97,7 @@ public AxisHttpClient(JobConfiguration config, CertificateStore store, IPAMSecre
                 string username = PAMUtilities.ResolvePAMField(resolver, Logger, "API Username", config.ServerUsername);
                 string password = PAMUtilities.ResolvePAMField(resolver, Logger, "API Password", config.ServerPassword);
 
-                options.Authenticator = new HttpBasicAuthenticator(config.ServerUsername, config.ServerPassword);
+                options.Authenticator = new HttpBasicAuthenticator(username, password);
 
                 // Add SSL validation
                 Logger.LogTrace("Validating connection to the device...");
@@ -575,8 +575,8 @@ public void SetCertUsageBinding(string alias, Constants.CertificateUsage certUsa
                     case Constants.CertificateUsage.Https:
                     {
                         Logger.LogTrace(
-                            $"Reading XML request body template from {assemblyPath}\\{Constants.SetHttpsTemplate}");
-                        var xmlTemplate = File.ReadAllText($"{assemblyPath}\\{Constants.SetHttpsTemplate}");
+                            $"Reading XML request body template from {Path.Combine(assemblyPath, Constants.SetHttpsTemplate)}");
+                        var xmlTemplate = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.SetHttpsTemplate)}");
                         body = xmlTemplate.Replace("{ALIAS}", alias);
 
                         httpResponse = ExecuteHttp(Constants.SoapApiEntryPoint, Method.Post, Constants.ApiType.Soap,
@@ -587,8 +587,8 @@ public void SetCertUsageBinding(string alias, Constants.CertificateUsage certUsa
                     case Constants.CertificateUsage.IEEE:
                     {
                         Logger.LogTrace(
-                            $"Reading XML request body template from {assemblyPath}\\{Constants.SetIEEETemplate}");
-                        var xmlTemplate = File.ReadAllText($"{assemblyPath}\\{Constants.SetIEEETemplate}");
+                            $"Reading XML request body template from {Path.Combine(assemblyPath, Constants.SetIEEETemplate)}");
+                        var xmlTemplate = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.SetIEEETemplate)}");
                         body = xmlTemplate.Replace("{ALIAS}", alias);
 
                         httpResponse = ExecuteHttp(Constants.SoapApiEntryPoint, Method.Post, Constants.ApiType.Soap,
@@ -600,8 +600,8 @@ public void SetCertUsageBinding(string alias, Constants.CertificateUsage certUsa
                     {
                         // Get the config info that is required for the request body used to set the binding
                         Logger.LogTrace(
-                            "Retrieve required MQTT configuration data required for the JSON request body to set the binding");
-                        var clientStatusBody = File.ReadAllText($"{assemblyPath}\\{Constants.GetMQTTTemplate}");
+                            $"Retrieve required MQTT configuration data required for the JSON request body to set the binding --- GET request body from {Path.Combine(assemblyPath, Constants.GetMQTTTemplate)}");
+                        var clientStatusBody = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.GetMQTTTemplate)}");
                         var clientStatusResponse = ExecuteHttp(Constants.CgiApiEntryPoint, Method.Post,
                             Constants.ApiType.Cgi,
                             clientStatusBody);
@@ -656,7 +656,9 @@ public void SetCertUsageBinding(string alias, Constants.CertificateUsage certUsa
                                     throw new Exception($"Unable to parse JSON response: {ex2.Message}");
                                 }
 
-                                var jsonTemplate = File.ReadAllText($"{assemblyPath}\\{Constants.SetMQTTTemplate}");
+                                Logger.LogTrace(
+                                    $"Reading JSON request body template from {Path.Combine(assemblyPath, Constants.SetMQTTTemplate)}");
+                                var jsonTemplate = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.SetMQTTTemplate)}");
                                 Logger.LogDebug("Client Status Return Values - ");
                                 Logger.LogDebug("API Version: " + clientStatusData.ApiVersion);
                                 Logger.LogDebug("Host: " + clientStatusData.Data.Config.Server.Host);
@@ -786,24 +788,24 @@ public string GetCertUsageBinding(Constants.CertificateUsage certUsage)
                 {
                     case Constants.CertificateUsage.Https:
                     {
-                        Logger.LogTrace($"Reading XML request body template from {assemblyPath}\\{Constants.GetHttpsTemplate}");
-                        body = File.ReadAllText($"{assemblyPath}\\{Constants.GetHttpsTemplate}");
+                        Logger.LogTrace($"Reading XML request body template from {Path.Combine(assemblyPath, Constants.GetHttpsTemplate)}");
+                        body = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.GetHttpsTemplate)}");
                         httpResponse = ExecuteHttp(Constants.SoapApiEntryPoint, Method.Post, Constants.ApiType.Soap,body);
 
                         break;
                     }
                     case Constants.CertificateUsage.IEEE:
                     {
-                        Logger.LogTrace($"Reading XML request body template from {assemblyPath}\\{Constants.GetIEEETemplate}");
-                        body = File.ReadAllText($"{assemblyPath}\\{Constants.GetIEEETemplate}");
+                        Logger.LogTrace($"Reading XML request body template from {Path.Combine(assemblyPath, Constants.GetIEEETemplate)}");
+                        body = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.GetIEEETemplate)}");
                         httpResponse = ExecuteHttp(Constants.SoapApiEntryPoint, Method.Post, Constants.ApiType.Soap,body);
 
                         break;
                     }
                     case Constants.CertificateUsage.MQTT:
                     {
-                        Logger.LogTrace($"Reading JSON request body template from {assemblyPath}\\{Constants.GetMQTTTemplate}");
-                        body = File.ReadAllText($"{assemblyPath}\\{Constants.GetMQTTTemplate}");
+                        Logger.LogTrace($"Reading JSON request body template from {Path.Combine(assemblyPath, Constants.GetMQTTTemplate)}");
+                        body = File.ReadAllText($"{Path.Combine(assemblyPath, Constants.GetMQTTTemplate)}");
                         httpResponse = ExecuteHttp(Constants.CgiApiEntryPoint, Method.Post, Constants.ApiType.Cgi,body);
 
                         break;

AxisIPCamera/Helpers/DeviceCertValidator.cs

@@ -12,6 +12,7 @@
 using System.Linq;
 using System.Net.Http;
 using System.Net.Security;
+using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.Extensions.Logging;
 
@@ -59,8 +60,13 @@ public static class DeviceCertValidator
                 logger.LogTrace($"Performing Cert Validator Check #1: Verify the TLS cert chain against custom chain of AXIS PKI certs...");
 
                 // Load custom trusted certs
-                string trustedRootCertPath = "C:\\Program Files\\Keyfactor\\Keyfactor Orchestrator\\extensions\\AxisIPCamera\\Files\\Axis.Root";
-                string trustedIntCertPath = "C:\\Program Files\\Keyfactor\\Keyfactor Orchestrator\\extensions\\AxisIPCamera\\Files\\Axis.Intermediate";
+                string basePath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location)!;
+                logger.LogTrace($"Base PATH for custom trusted certs: {basePath}");
+
+                string trustedRootCertPath = Path.Combine(basePath, "Files", "Axis.Root");
+                string trustedIntCertPath = Path.Combine(basePath, "Files", "Axis.Intermediate");
+                logger.LogTrace($"Combined PATH for custom trusted Root certs: {trustedRootCertPath}");
+                logger.LogTrace($"Combined PATH for custom trusted Intermediate certs: {trustedIntCertPath}");
 
                 X509CertificateParser parser = new X509CertificateParser();
                 var customChain = new List<X509Certificate> { };
@@ -207,6 +213,9 @@ public static class DeviceCertValidator
         private static bool VerifyAkiSkiChain(List<X509Certificate> customChain, ILogger logger)
         {
             logger.MethodEntry();
+
+            logger.LogTrace("Custom chain being validated includes: (1) Leaf cert from TLS session, (2) n-Intermediate certs from custom trust, &" +
+                            "n-Root certs from custom trust");
 
             for (int i = 0; i < customChain.Count - 1; i++)
             {

AxisIPCamera/Inventory.cs

@@ -179,7 +179,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
             {
                 // ** NOTE: If the cause of the submitInventory.Invoke exception is a communication issue between the Orchestrator server and the Command server, the job status returned here
                 //  may not be reflected in Keyfactor Command.
-                return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, 
+                return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, 
                     FailureMessage = $"Inventory Job Failed During Inventory Item Submission: {e2.Message} - Refer to logs for more detailed information." };
             }
         }

AxisIPCamera/Management.cs

@@ -197,17 +197,17 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                     }
                     default:
                         //Invalid OperationType.  Return error.  Should never happen though
-                        return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Unsupported operation: {config.OperationType.ToString()}" };
+                        return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Unsupported operation: {config.OperationType.ToString()}" };
                 }
             }
             catch (Exception ex)
             {
                 //Status: 2=Success, 3=Warning, 4=Error
-                return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Management Job Failed During '{config.OperationType.ToString()}' Operation: {ex.Message} - Refer to logs for more detailed information." };
+                return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Management Job Failed During '{config.OperationType.ToString()}' Operation: {ex.Message} - Refer to logs for more detailed information." };
             }
 
             //Status: 2=Success, 3=Warning, 4=Error
-            return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
+            return new JobResult() { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
         }
 
         /// <summary>

AxisIPCamera/Model/Constants.cs

@@ -38,12 +38,12 @@ public static class Constants
 
         // Below are the relative file paths to the SOAP and CGI API request body templates
         // ** NOTE: The 'Files' directory should be located in the same directory as the AxisIPCamera.dll
-        public static string GetHttpsTemplate = $"Files\\GetHttpsBinding.xml";
-        public static string GetIEEETemplate  = $"Files\\GetIEEEBinding.xml";
-        public static string GetMQTTTemplate  = $"Files\\GetMQTTBinding.json";
-        public static string SetHttpsTemplate = $"Files\\SetHttpsBinding.xml";
-        public static string SetIEEETemplate  = $"Files\\SetIEEEBinding.xml";
-        public static string SetMQTTTemplate  = $"Files\\SetMQTTBinding.json";
+        public static readonly string GetHttpsTemplate = $"{Path.Combine("Files","GetHttpsBinding.xml")}";
+        public static readonly string GetIEEETemplate  = $"{Path.Combine("Files","GetIEEEBinding.xml")}";
+        public static readonly string GetMQTTTemplate  = $"{Path.Combine("Files","GetMQTTBinding.json")}";
+        public static readonly string SetHttpsTemplate = $"{Path.Combine("Files", "SetHttpsBinding.xml")}";
+        public static readonly string SetIEEETemplate  = $"{Path.Combine("Files", "SetIEEEBinding.xml")}";
+        public static readonly string SetMQTTTemplate  = $"{Path.Combine("Files", "SetMQTTBinding.json")}";
 
         public enum CertificateUsage
         {

AxisIPCamera/Reenrollment.cs

@@ -15,6 +15,7 @@
 using Keyfactor.Logging;
 using Keyfactor.Extensions.Orchestrator.AxisIPCamera.Client;
 using Keyfactor.Extensions.Orchestrator.AxisIPCamera.Model;
+using Keyfactor.Orchestrators.Common.Enums;
 using Keyfactor.Orchestrators.Extensions;
 using Keyfactor.Orchestrators.Extensions.Interfaces;
 
@@ -173,12 +174,12 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
             catch (Exception ex)
             {
                 //Status: 2=Success, 3=Warning, 4=Error
-                return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, 
+                return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, 
                     FailureMessage = $"Reenrollment Job Failed: {ex.Message} - Refer to logs for more detailed information." };
             }
 
             //Status: 2=Success, 3=Warning, 4=Error
-            return new JobResult() { Result = Keyfactor.Orchestrators.Common.Enums.OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
+            return new JobResult() { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };
         }
     }
 }

docsource/content.md

@@ -44,10 +44,12 @@ To trust the device ID certificate, you must create a custom trust and add the r
 
 ### Steps to Create the Custom Trust:
 
-1. Once the DLLs from GitHub are installed, create two (2) files in `..\[AXIS IP Camera orchestrator extension folder name]\Files` folder with the below names:
-   * **Axis.Trust**
+1. Once the DLLs from GitHub are installed, create two (2) files in the sub-directory called "Files" with the below names (*Note: The "Files" folder should already exist):
+   * **Axis.Root**
    * **Axis.Intermediate**
 
+* **Default Path on Windows** - `C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions\[Axis IP Camera orchestrator extension folder]\Files`
+* **Default Path on Linux** - `/opt/keyfactor/orchestrator/extensions/[Axis IP Camera orchestrator extension folder]/Files`
 2. Copy and paste the PEM contents of the AXIS PKI root for the device ID cert configured for the HTTP server into the **Axis.Root** file
 3. Copy and paste the PEM contents of the AXIS PKI intermediate for the device ID configured for the HTTP server into the **Axis.Intermediate** file