You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure if I'm understanding this incorrectly but I'm trying to modify this plugin to
Support Reenrollment by generating the private key and CSR in the orchestrator memory and calling SubmitReenrollmentCSR.Invoke
Aligning with the existing keystore types that are currently supported [JKS, PKCS12, PFX]
Create a new keystore everytime
To achieve this I convert the PEM content into a Pkcs12Blob and wrote an additional AddCertificate function like this (entryContents is the base64 encoded pkcs12blob):
publicstringAddCertificate(stringalias,stringpfxPassword,stringentryContents){
logger.MethodEntry();//logger.LogTrace("converting base64 encoded jks store to binary.");//var jksBytes = Convert.FromBase64String(storeFileContent);//pass null jksBytes to force creation of new JKSbyte[]jksBytes=null;varnewCertBytes= Convert.FromBase64String(entryContents);
logger.LogTrace("adding the new certificate, and getting the new JKS store bytes.");varnewJksBytes= AddOrRemoveCert(alias, pfxPassword, newCertBytes, jksBytes, pfxPassword);return Convert.ToBase64String(newJksBytes);}
I haven't modified the AddOrRemoveCert method.
While stepping through this in a unit test, this part of the function gets correctly executed because jksBytes is null:
if(createdNewStore){// If createdNewStore is true, create a new store
logger.LogDebug("Created new JKS store, setting key entry for alias '{Alias}'", al);
newJksStore.SetKeyEntry(alias,
keyEntry.Key,string.IsNullOrEmpty(existingStorePassword)? Array.Empty<char>(): existingStorePassword.ToCharArray(),
certificates.ToArray());}
This always gets executed, returning the existingJksStore (which is null on purpose in our case):
using(varoutStream=new MemoryStream()){
logger.LogDebug("Saving existing JKS store to outStream");
existingJksStore.Save(outStream,string.IsNullOrEmpty(existingStorePassword)? Array.Empty<char>(): existingStorePassword.ToCharArray());
logger.LogDebug("Returning updated JKS store as byte[]");return outStream.ToArray();}
The text was updated successfully, but these errors were encountered:
hashicorp-vault-orchestrator/hashicorp-vault-orchestrator/FileStores/JksFileStore.cs
Line 221 in 20a84ef
I'm not sure if I'm understanding this incorrectly but I'm trying to modify this plugin to
To achieve this I convert the PEM content into a Pkcs12Blob and wrote an additional AddCertificate function like this (entryContents is the base64 encoded pkcs12blob):
I haven't modified the AddOrRemoveCert method.
While stepping through this in a unit test, this part of the function gets correctly executed because jksBytes is null:
But newJksStore never gets returned from this. After the foreach loop at https://github.com/Keyfactor/hashicorp-vault-orchestrator/blob/main/hashicorp-vault-orchestrator/FileStores/JksFileStore.cs#L204
This always gets executed, returning the existingJksStore (which is null on purpose in our case):
The text was updated successfully, but these errors were encountered: