diff --git a/CHANGELOG.md b/CHANGELOG.md index 41759cdb..36ef7240 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +v4.0.1 +- Bug Fix: Error running ODKG jobs found in v4.0.0 + v4.0.0 - Added ability to run post job commands for Management-Add and ODKG jobs. - Added "+" as an allowed character for store paths and file names diff --git a/RemoteFile/ReenrollmentBase.cs b/RemoteFile/ReenrollmentBase.cs index 96d14010..78b7134f 100644 --- a/RemoteFile/ReenrollmentBase.cs +++ b/RemoteFile/ReenrollmentBase.cs @@ -101,7 +101,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm } // save certificate - certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate); + certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx, "password")), config.Overwrite, "password", RemoveRootCertificate); certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler)); try diff --git a/docsource/images/RFJKS-basic-store-type-dialog.png b/docsource/images/RFJKS-basic-store-type-dialog.png index bb13f7b7..da3ec217 100644 Binary files a/docsource/images/RFJKS-basic-store-type-dialog.png and b/docsource/images/RFJKS-basic-store-type-dialog.png differ diff --git a/scripts/store_types/bash/curl_create_store_types.sh b/scripts/store_types/bash/curl_create_store_types.sh new file mode 100755 index 00000000..16756bde --- /dev/null +++ b/scripts/store_types/bash/curl_create_store_types.sh @@ -0,0 +1,677 @@ +#!/usr/bin/env bash + +# Creates all 6 store types via the Keyfactor Command REST API using curl. +# +# Authentication (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN +# +# Always required: +# KEYFACTOR_HOSTNAME Command hostname (e.g. my-command.example.com) +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +if [ -z "${KEYFACTOR_HOSTNAME}" ]; then + echo "ERROR: KEYFACTOR_HOSTNAME is required" + exit 1 +fi + +BASE_URL="https://${KEYFACTOR_HOSTNAME}/keyfactorapi" + +# --------------------------------------------------------------------------- +# Resolve auth +# --------------------------------------------------------------------------- +if [ -n "${KEYFACTOR_AUTH_ACCESS_TOKEN}" ]; then + BEARER_TOKEN="${KEYFACTOR_AUTH_ACCESS_TOKEN}" +elif [ -n "${KEYFACTOR_AUTH_CLIENT_ID}" ] && [ -n "${KEYFACTOR_AUTH_CLIENT_SECRET}" ] && [ -n "${KEYFACTOR_AUTH_TOKEN_URL}" ]; then + echo "Fetching OAuth token..." + BEARER_TOKEN=$(curl -s -X POST "${KEYFACTOR_AUTH_TOKEN_URL}" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + --data-urlencode "grant_type=client_credentials" \ + --data-urlencode "client_id=${KEYFACTOR_AUTH_CLIENT_ID}" \ + --data-urlencode "client_secret=${KEYFACTOR_AUTH_CLIENT_SECRET}" | jq -r '.access_token') + if [ -z "${BEARER_TOKEN}" ] || [ "${BEARER_TOKEN}" = "null" ]; then + echo "ERROR: Failed to fetch OAuth token from ${KEYFACTOR_AUTH_TOKEN_URL}" + exit 1 + fi +elif [ -n "${KEYFACTOR_USERNAME}" ] && [ -n "${KEYFACTOR_PASSWORD}" ] && [ -n "${KEYFACTOR_DOMAIN}" ]; then + BEARER_TOKEN="" +else + echo "ERROR: Authentication required. Set one of:" + echo " KEYFACTOR_AUTH_ACCESS_TOKEN" + echo " KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET + KEYFACTOR_AUTH_TOKEN_URL" + echo " KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN" + exit 1 +fi + +if [ -n "${BEARER_TOKEN}" ]; then + CURL_AUTH=("-H" "Authorization: Bearer ${BEARER_TOKEN}") +else + CURL_AUTH=("-u" "${KEYFACTOR_USERNAME}@${KEYFACTOR_DOMAIN}:${KEYFACTOR_PASSWORD}") +fi + +create_store_type() { + local name="$1" + local body="$2" + echo "Creating ${name} store type..." + response=$(curl -s -o /dev/null -w "%{http_code}" \ + -X POST "${BASE_URL}/certificatestoretypes" \ + -H "Content-Type: application/json" \ + -H "x-keyfactor-requested-with: APIClient" \ + "${CURL_AUTH[@]}" \ + -d "${body}") + if [ "$response" = "200" ] || [ "$response" = "201" ]; then + echo " OK (HTTP ${response})" + else + echo " FAILED (HTTP ${response})" + fi +} + +# --------------------------------------------------------------------------- +# RFJKS — The IP address or DNS of the server hosting the certificate store. For more information, see [Client Machine ](#client-machine-instructions) +# --------------------------------------------------------------------------- +create_store_type "RFJKS" '{ + "Name": "RFJKS", + "ShortName": "RFJKS", + "Capability": "RFJKS", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache Tomcat Restart,Jetty Restart" + } + ], + "EntryParameters": [], + "StorePathDescription": "The full path and file name, including file extension if one exists where the certificate store file is located. For Linux orchestrated servers, StorePath will begin with a forward slash (i.e. /folder/path/storename.ext). For Windows orchestrated servers, it should begin with a drive letter (i.e. c:\\folder\\path\\storename.ext)." +}' + +# --------------------------------------------------------------------------- +# RFPEM — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +create_store_type "RFPEM" '{ + "Name": "RFPEM", + "ShortName": "RFPEM", + "Capability": "RFPEM", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value'", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "IsTrustStore", + "DisplayName": "Trust Store", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "IncludesChain", + "DisplayName": "Store Includes Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "SeparatePrivateKeyFilePath", + "DisplayName": "Separate Private Key File Location", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "IgnorePrivateKeyOnInventory", + "DisplayName": "Ignore Private Key On Inventory", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache HTTPD Restart,NGNIX Restart,HAProxy Restart,Envoy Proxy Restart" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.ext) for Windows orchestrated servers. Example: '/folder/path/storename.pem' or 'c:\\folder\\path\\storename.pem'." +}' + +# --------------------------------------------------------------------------- +# RFPkcs12 — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +create_store_type "RFPkcs12" '{ + "Name": "RFPkcs12", + "ShortName": "RFPkcs12", + "Capability": "RFPkcs12", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." +}' + +# --------------------------------------------------------------------------- +# RFDER — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +create_store_type "RFDER" '{ + "Name": "RFDER", + "ShortName": "RFDER", + "Capability": "RFDER", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SeparatePrivateKeyFilePath", + "DisplayName": "Separate Private Key File Location", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.der) for Windows orchestrated servers. Example: '/folder/path/storename.der' or 'c:\\folder\\path\\storename.der'." +}' + +# --------------------------------------------------------------------------- +# RFKDB — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +create_store_type "RFKDB" '{ + "Name": "RFKDB", + "ShortName": "RFKDB", + "Capability": "RFKDB", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.kdb) for Windows orchestrated servers. Example: '/folder/path/storename.kdb' or 'c:\\folder\\path\\storename.kdb'." +}' + +# --------------------------------------------------------------------------- +# RFORA — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +create_store_type "RFORA" '{ + "Name": "RFORA", + "ShortName": "RFORA", + "Capability": "RFORA", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "WorkFolder", + "DisplayName": "Location to use for creation/removal of work files", + "Required": true, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name of the Oracle Wallet, including the 'eWallet.p12' file name by convention. Example: '/path/to/eWallet.p12' or 'c:\\path\\to\\eWallet.p12'." +}' + + +echo "Completed." diff --git a/scripts/store_types/bash/kfutil_create_store_types.sh b/scripts/store_types/bash/kfutil_create_store_types.sh new file mode 100755 index 00000000..941e62de --- /dev/null +++ b/scripts/store_types/bash/kfutil_create_store_types.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# Creates all 6 store types using kfutil. +# kfutil reads definitions from the Keyfactor integration catalog. +# +# Auth environment variables (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_HOSTNAME + KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD +# + KEYFACTOR_DOMAIN +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +if ! command -v kfutil &> /dev/null; then + echo "kfutil could not be found. Please install kfutil" + echo "See https://github.com/Keyfactor/kfutil#quickstart" + exit 1 +fi + +if [ -z "$KEYFACTOR_HOSTNAME" ]; then + echo "KEYFACTOR_HOSTNAME not set — launching kfutil login" + kfutil login +fi + +kfutil store-types create --name "RFJKS" +kfutil store-types create --name "RFPEM" +kfutil store-types create --name "RFPkcs12" +kfutil store-types create --name "RFDER" +kfutil store-types create --name "RFKDB" +kfutil store-types create --name "RFORA" + +echo "Done. All store types created." diff --git a/scripts/store_types/powershell/kfutil_create_store_types.ps1 b/scripts/store_types/powershell/kfutil_create_store_types.ps1 new file mode 100644 index 00000000..236a5e81 --- /dev/null +++ b/scripts/store_types/powershell/kfutil_create_store_types.ps1 @@ -0,0 +1,34 @@ +# Creates all 6 store types using kfutil. +# kfutil reads definitions from the Keyfactor integration catalog. +# +# Auth environment variables (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_HOSTNAME + KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD +# + KEYFACTOR_DOMAIN +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +# Uncomment if kfutil is not in your PATH +# Set-Alias -Name kfutil -Value 'C:\Program Files\Keyfactor\kfutil\kfutil.exe' + +if ($null -eq (Get-Command "kfutil" -ErrorAction SilentlyContinue)) { + Write-Host "kfutil could not be found. Please install kfutil" + Write-Host "See https://github.com/Keyfactor/kfutil#quickstart" + exit 1 +} + +if (-not $env:KEYFACTOR_HOSTNAME) { + Write-Host "KEYFACTOR_HOSTNAME not set — launching kfutil login" + & kfutil login +} + +& kfutil store-types create --name "RFJKS" +& kfutil store-types create --name "RFPEM" +& kfutil store-types create --name "RFPkcs12" +& kfutil store-types create --name "RFDER" +& kfutil store-types create --name "RFKDB" +& kfutil store-types create --name "RFORA" + +Write-Host "Done. All store types created." diff --git a/scripts/store_types/powershell/restmethod_create_store_types.ps1 b/scripts/store_types/powershell/restmethod_create_store_types.ps1 new file mode 100644 index 00000000..9671a177 --- /dev/null +++ b/scripts/store_types/powershell/restmethod_create_store_types.ps1 @@ -0,0 +1,681 @@ +# Creates all 6 store types via the Keyfactor Command REST API +# using PowerShell Invoke-RestMethod. +# +# Authentication (first matching method is used): +# OAuth access token: KEYFACTOR_AUTH_ACCESS_TOKEN +# OAuth client creds: KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET +# + KEYFACTOR_AUTH_TOKEN_URL +# Basic auth (AD): KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN +# +# Always required: +# KEYFACTOR_HOSTNAME Command hostname (e.g. my-command.example.com) +# +# Auto-generated by doctool generate-store-type-scripts — do not edit by hand. + +if (-not $env:KEYFACTOR_HOSTNAME) { + Write-Error "KEYFACTOR_HOSTNAME is required" + exit 1 +} + +$uri = "https://$($env:KEYFACTOR_HOSTNAME)/keyfactorapi/certificatestoretypes" +$headers = @{ + 'Content-Type' = "application/json" + 'x-keyfactor-requested-with' = "APIClient" +} + +# --------------------------------------------------------------------------- +# Resolve auth +# --------------------------------------------------------------------------- +if ($env:KEYFACTOR_AUTH_ACCESS_TOKEN) { + $headers['Authorization'] = "Bearer $($env:KEYFACTOR_AUTH_ACCESS_TOKEN)" +} elseif ($env:KEYFACTOR_AUTH_CLIENT_ID -and $env:KEYFACTOR_AUTH_CLIENT_SECRET -and $env:KEYFACTOR_AUTH_TOKEN_URL) { + Write-Host "Fetching OAuth token..." + $tokenBody = @{ + grant_type = 'client_credentials' + client_id = $env:KEYFACTOR_AUTH_CLIENT_ID + client_secret = $env:KEYFACTOR_AUTH_CLIENT_SECRET + } + $tokenResp = Invoke-RestMethod -Method Post -Uri $env:KEYFACTOR_AUTH_TOKEN_URL -Body $tokenBody + $headers['Authorization'] = "Bearer $($tokenResp.access_token)" +} elseif ($env:KEYFACTOR_USERNAME -and $env:KEYFACTOR_PASSWORD -and $env:KEYFACTOR_DOMAIN) { + $cred = [System.Convert]::ToBase64String( + [System.Text.Encoding]::ASCII.GetBytes( + "$($env:KEYFACTOR_USERNAME)@$($env:KEYFACTOR_DOMAIN):$($env:KEYFACTOR_PASSWORD)")) + $headers['Authorization'] = "Basic $cred" +} else { + Write-Error ("Authentication required. Set one of:`n" + + " KEYFACTOR_AUTH_ACCESS_TOKEN`n" + + " KEYFACTOR_AUTH_CLIENT_ID + KEYFACTOR_AUTH_CLIENT_SECRET + KEYFACTOR_AUTH_TOKEN_URL`n" + + " KEYFACTOR_USERNAME + KEYFACTOR_PASSWORD + KEYFACTOR_DOMAIN") + exit 1 +} + +function New-StoreType { + param([string]$Name, [string]$Body) + Write-Host "Creating $Name store type..." + try { + Invoke-RestMethod -Method Post -Uri $uri -Headers $headers -Body $Body -ContentType "application/json" | Out-Null + Write-Host " OK" + } catch { + Write-Warning " FAILED: $($_.Exception.Message)" + } +} + +# --------------------------------------------------------------------------- +# RFJKS — The IP address or DNS of the server hosting the certificate store. For more information, see [Client Machine ](#client-machine-instructions) +# --------------------------------------------------------------------------- +New-StoreType "RFJKS" @' +{ + "Name": "RFJKS", + "ShortName": "RFJKS", + "Capability": "RFJKS", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache Tomcat Restart,Jetty Restart" + } + ], + "EntryParameters": [], + "StorePathDescription": "The full path and file name, including file extension if one exists where the certificate store file is located. For Linux orchestrated servers, StorePath will begin with a forward slash (i.e. /folder/path/storename.ext). For Windows orchestrated servers, it should begin with a drive letter (i.e. c:\\folder\\path\\storename.ext)." +} +'@ + +# --------------------------------------------------------------------------- +# RFPEM — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +New-StoreType "RFPEM" @' +{ + "Name": "RFPEM", + "ShortName": "RFPEM", + "Capability": "RFPEM", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store. For stores with PKCS#8 private keys, set the password for encrypted private keys (BEGIN ENCRYPTED PRIVATE KEY) or 'No Value' for unencrypted private keys (BEGIN PRIVATE KEY). If managing a store with a PKCS#1 private key (BEGIN RSA PRIVATE KEY), this value MUST be set to 'No Value'", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "IsTrustStore", + "DisplayName": "Trust Store", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "IncludesChain", + "DisplayName": "Store Includes Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "SeparatePrivateKeyFilePath", + "DisplayName": "Separate Private Key File Location", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "IgnorePrivateKeyOnInventory", + "DisplayName": "Ignore Private Key On Inventory", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "false" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + }, + { + "Name": "PostJobApplicationRestart", + "DisplayName": "Post Job Application Restart", + "Required": false, + "DependsOn": "", + "Type": "MultipleChoice", + "DefaultValue": "Apache HTTPD Restart,NGNIX Restart,HAProxy Restart,Envoy Proxy Restart" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.ext) for Windows orchestrated servers. Example: '/folder/path/storename.pem' or 'c:\\folder\\path\\storename.pem'." +} +'@ + +# --------------------------------------------------------------------------- +# RFPkcs12 — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +New-StoreType "RFPkcs12" @' +{ + "Name": "RFPkcs12", + "ShortName": "RFPkcs12", + "Capability": "RFPkcs12", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.p12) for Windows orchestrated servers. Example: '/folder/path/storename.p12' or 'c:\\folder\\path\\storename.p12'." +} +'@ + +# --------------------------------------------------------------------------- +# RFDER — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +New-StoreType "RFDER" @' +{ + "Name": "RFDER", + "ShortName": "RFDER", + "Capability": "RFDER", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": true, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SeparatePrivateKeyFilePath", + "DisplayName": "Separate Private Key File Location", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.der) for Windows orchestrated servers. Example: '/folder/path/storename.der' or 'c:\\folder\\path\\storename.der'." +} +'@ + +# --------------------------------------------------------------------------- +# RFKDB — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +New-StoreType "RFKDB" @' +{ + "Name": "RFKDB", + "ShortName": "RFKDB", + "Capability": "RFKDB", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name, including file extension if applicable, beginning with a forward slash (/) for Linux orchestrated servers or a drive letter (i.e., c:\\folder\\path\\storename.kdb) for Windows orchestrated servers. Example: '/folder/path/storename.kdb' or 'c:\\folder\\path\\storename.kdb'." +} +'@ + +# --------------------------------------------------------------------------- +# RFORA — The Client Machine field should contain the DNS name or IP address of the remote orchestrated server for Linux orchestrated servers, formatted as a URL (protocol://dns-or-ip:port) for Windows orchestrated servers, or '1.1.1.1|LocalMachine' for local agents. Example: 'https://myserver.mydomain.com:5986' or '1.1.1.1|LocalMachine' for local access. +# --------------------------------------------------------------------------- +New-StoreType "RFORA" @' +{ + "Name": "RFORA", + "ShortName": "RFORA", + "Capability": "RFORA", + "ServerRequired": true, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required", + "PowerShell": false, + "PrivateKeyAllowed": "Optional", + "SupportedOperations": { + "Add": true, + "Create": true, + "Discovery": true, + "Enrollment": false, + "Remove": true + }, + "PasswordOptions": { + "Style": "Default", + "EntrySupported": false, + "StoreRequired": true, + "StorePassword": { + "Description": "Password used to secure the Certificate Store", + "IsPAMEligible": true + } + }, + "Properties": [ + { + "Name": "LinuxFilePermissionsOnStoreCreation", + "DisplayName": "Linux File Permissions on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "LinuxFileOwnerOnStoreCreation", + "DisplayName": "Linux File Owner on Store Creation", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "SudoImpersonatingUser", + "DisplayName": "Sudo Impersonating User", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "WorkFolder", + "DisplayName": "Location to use for creation/removal of work files", + "Required": true, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "RemoveRootCertificate", + "DisplayName": "Remove Root Certificate from Chain", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "IncludePortInSPN", + "DisplayName": "Include Port in SPN for WinRM", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "False" + }, + { + "Name": "SSHPort", + "DisplayName": "SSH Port", + "Required": false, + "DependsOn": "", + "Type": "String", + "DefaultValue": "" + }, + { + "Name": "UseShellCommands", + "DisplayName": "Use Shell Commands", + "Required": false, + "DependsOn": "", + "Type": "Bool", + "DefaultValue": "True" + } + ], + "EntryParameters": [], + "StorePathDescription": "The Store Path field should contain the full path and file name of the Oracle Wallet, including the 'eWallet.p12' file name by convention. Example: '/path/to/eWallet.p12' or 'c:\\path\\to\\eWallet.p12'." +} +'@ + + +Write-Host "Completed."