public void ManageOdsAuthenticationCertStore()
{
try
{
string sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey");
using (var certificateManagement = new CertificateManagement())
{
var authX509Certificate2 = certificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine);
if (authX509Certificate2 == null)
{
string agentId = Guid.NewGuid().ToString("D");
authX509Certificate2 = certificateManagement.CreateOmsSelfSignedCertificate(agentId, SentinelApiConfig.WorkspaceId);
//TODO: Add in support for KeyVault
if (certificateManagement.SaveCertificateToStore(authX509Certificate2, "MY", StoreLocation.LocalMachine))
{
certificateManagement.RegisterWithOms(authX509Certificate2, SentinelApiConfig.WorkspaceId, sentinalAuthWorkspaceKey,
SentinelApiConfig.OmsEndpointUri);
SentinelApiConfig.CertificateThumbprint = authX509Certificate2.Thumbprint.ToLower();
SaveCurrentConfiguration();
authX509Certificate2 = null;
}
}
}
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
public void ManageOdsAuthenticationKeyVault()
{
string sentinalAuthCertEncoded = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wsid");
string sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey");
try
{
X509Certificate2 authX509Certificate2 = null;
if (sentinalAuthCertEncoded == null)
{
using (var certificateManagement = new CertificateManagement())
{
// Create a certificate to register with Oms
string agentId = Guid.NewGuid().ToString("D");
authX509Certificate2 = certificateManagement.CreateOmsSelfSignedCertificate(agentId, SentinelApiConfig.WorkspaceId);
// Register the certificate with Omc
if (certificateManagement.SaveCertificateToStore(authX509Certificate2, "MY", StoreLocation.LocalMachine))
{
certificateManagement.RegisterWithOms(authX509Certificate2, SentinelApiConfig.WorkspaceId, sentinalAuthWorkspaceKey,
SentinelApiConfig.OmsEndpointUri);
SentinelApiConfig.CertificateThumbprint = authX509Certificate2.Thumbprint.ToLower();
SaveCurrentConfiguration();
}
// From byte array to string
byte[] certByteArray = authX509Certificate2.GetRawCertData();
string certByteToStore = Encoding.Unicode.GetString(certByteArray, 0, certByteArray.Length);
var result = KeyVault.StoreCertSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wsid", certByteToStore).ConfigureAwait(true);
var AuthX509Certificate2 = new X509Certificate2(certByteArray, string.Empty, X509KeyStorageFlags.Exportable);
}
}
else
{
// From string to byte array
byte[] certFromKeyVault = Encoding.Unicode.GetBytes(sentinalAuthCertEncoded);
authX509Certificate2 = new X509Certificate2(certFromKeyVault, string.Empty, X509KeyStorageFlags.MachineKeySet);
}
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
