public void ManageOdsAuthenticationCertStore() { try { string sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey"); using (var certificateManagement = new CertificateManagement()) { var authX509Certificate2 = certificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); if (authX509Certificate2 == null) { string agentId = Guid.NewGuid().ToString("D"); authX509Certificate2 = certificateManagement.CreateOmsSelfSignedCertificate(agentId, SentinelApiConfig.WorkspaceId); //TODO: Add in support for KeyVault if (certificateManagement.SaveCertificateToStore(authX509Certificate2, "MY", StoreLocation.LocalMachine)) { certificateManagement.RegisterWithOms(authX509Certificate2, SentinelApiConfig.WorkspaceId, sentinalAuthWorkspaceKey, SentinelApiConfig.OmsEndpointUri); SentinelApiConfig.CertificateThumbprint = authX509Certificate2.Thumbprint.ToLower(); SaveCurrentConfiguration(); authX509Certificate2 = null; } } } } catch (Exception e) { Console.WriteLine(e); } }
public void ManageOdsAuthenticationKeyVault() { string sentinalAuthCertEncoded = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wsid"); string sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey"); try { X509Certificate2 authX509Certificate2 = null; if (sentinalAuthCertEncoded == null) { using (var certificateManagement = new CertificateManagement()) { // Create a certificate to register with Oms string agentId = Guid.NewGuid().ToString("D"); authX509Certificate2 = certificateManagement.CreateOmsSelfSignedCertificate(agentId, SentinelApiConfig.WorkspaceId); // Register the certificate with Omc if (certificateManagement.SaveCertificateToStore(authX509Certificate2, "MY", StoreLocation.LocalMachine)) { certificateManagement.RegisterWithOms(authX509Certificate2, SentinelApiConfig.WorkspaceId, sentinalAuthWorkspaceKey, SentinelApiConfig.OmsEndpointUri); SentinelApiConfig.CertificateThumbprint = authX509Certificate2.Thumbprint.ToLower(); SaveCurrentConfiguration(); } // From byte array to string byte[] certByteArray = authX509Certificate2.GetRawCertData(); string certByteToStore = Encoding.Unicode.GetString(certByteArray, 0, certByteArray.Length); var result = KeyVault.StoreCertSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wsid", certByteToStore).ConfigureAwait(true); var AuthX509Certificate2 = new X509Certificate2(certByteArray, string.Empty, X509KeyStorageFlags.Exportable); } } else { // From string to byte array byte[] certFromKeyVault = Encoding.Unicode.GetBytes(sentinalAuthCertEncoded); authX509Certificate2 = new X509Certificate2(certFromKeyVault, string.Empty, X509KeyStorageFlags.MachineKeySet); } } catch (Exception e) { Console.WriteLine(e); } }