From 1bba8f5f4d5b1da59a3375851a9d687f1a855abe Mon Sep 17 00:00:00 2001 From: leefine02 Date: Tue, 19 Sep 2023 19:38:27 +0000 Subject: [PATCH] Do not require store password for PEM inventory --- CHANGELOG.md | 3 +++ RemoteFile/ICertificateStoreSerializer.cs | 2 +- .../DER/DERCertificateStoreSerializer.cs | 2 +- .../JKS/JKSCertificateStoreSerializer.cs | 2 +- .../KDB/KDBCertificateStoreSerializer.cs | 2 +- .../OraWlt/OraWltCertificateStoreSerializer.cs | 4 ++-- .../PEM/PEMCertificateStoreSerializer.cs | 4 ++-- .../PKCS12/PKCS12CertificateStoreSerializer.cs | 2 +- RemoteFile/InventoryBase.cs | 2 +- RemoteFile/ManagementBase.cs | 4 ++-- RemoteFile/RemoteCertificateStore.cs | 4 ++-- 11 files changed, 17 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e39b5703..23bf01ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +v2.4.0 +- Do not require store password for PEM inventory + v2.3.1 - Bug fix: Discovery - ignore /proc folder for Linux servers diff --git a/RemoteFile/ICertificateStoreSerializer.cs b/RemoteFile/ICertificateStoreSerializer.cs index 79f0ffbf..6b7a1bce 100644 --- a/RemoteFile/ICertificateStoreSerializer.cs +++ b/RemoteFile/ICertificateStoreSerializer.cs @@ -14,7 +14,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile { interface ICertificateStoreSerializer { - Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler); + Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey); List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler); diff --git a/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs index 5b971c6b..f52385a6 100644 --- a/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs @@ -38,7 +38,7 @@ public DERCertificateStoreSerializer(string storeProperties) LoadCustomProperties(storeProperties); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); diff --git a/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs index 87d62ddc..8ba0619d 100644 --- a/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs @@ -30,7 +30,7 @@ public JKSCertificateStoreSerializer(string storeProperties) logger = LogHandler.GetClassLogger(this.GetType()); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); diff --git a/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs index 8a5c4f87..bc64702b 100644 --- a/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs @@ -28,7 +28,7 @@ public KDBCertificateStoreSerializer(string storeProperties) logger = LogHandler.GetClassLogger(this.GetType()); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); diff --git a/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs index d867e3ef..f0bbf08d 100644 --- a/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs @@ -34,7 +34,7 @@ public OraWltCertificateStoreSerializer(string storeProperties) LoadCustomProperties(storeProperties); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); @@ -57,7 +57,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s jksStore.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray()); JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty); - store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler); + store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, includePrivateKey); } catch (Exception ex) { diff --git a/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs index 99a354a2..a317fed7 100644 --- a/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs @@ -49,7 +49,7 @@ public PEMCertificateStoreSerializer(string storeProperties) LoadCustomProperties(storeProperties); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); @@ -62,7 +62,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s string storeContents = Encoding.ASCII.GetString(storeContentBytes); X509CertificateEntry[] certificates = GetCertificates(storeContents); - if (IsTrustStore) + if (IsTrustStore || !includePrivateKey) { foreach(X509CertificateEntry certificate in certificates) { diff --git a/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs index 426e6621..562de30f 100644 --- a/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs +++ b/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs @@ -25,7 +25,7 @@ public PKCS12CertificateStoreSerializer(string storeProperties) logger = LogHandler.GetClassLogger(this.GetType()); } - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler) + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey) { Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); Pkcs12Store store = storeBuilder.Build(); diff --git a/RemoteFile/InventoryBase.cs b/RemoteFile/InventoryBase.cs index 9306e742..f23e6da9 100644 --- a/RemoteFile/InventoryBase.cs +++ b/RemoteFile/InventoryBase.cs @@ -48,7 +48,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd ApplicationSettings.Initialize(this.GetType().Assembly.Location); certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties); certificateStore.Initialize(); - certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties); + certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, false); List collections = certificateStore.GetCertificateChains(); diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs index 35b106f2..4b172d1b 100644 --- a/RemoteFile/ManagementBase.cs +++ b/RemoteFile/ManagementBase.cs @@ -67,7 +67,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config) else throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}."); } - certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties); + certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true); certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword); certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler)); @@ -82,7 +82,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config) } else { - certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties); + certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true); certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias); certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler)); } diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs index 8e7ab26b..19064905 100644 --- a/RemoteFile/RemoteCertificateStore.cs +++ b/RemoteFile/RemoteCertificateStore.cs @@ -96,7 +96,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas logger.MethodExit(LogLevel.Debug); } - internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties) + internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties, bool includePrivateKey) { logger.MethodEntry(LogLevel.Debug); @@ -107,7 +107,7 @@ internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreS if (byteContents.Length < 5) return; - CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler); + CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler, includePrivateKey); logger.MethodExit(LogLevel.Debug); }