Do not require store password for PEM inventory

CHANGELOG.md

@@ -1,3 +1,6 @@
+v2.4.0
+- Do not require store password for PEM inventory
+
 v2.3.1
 - Bug fix: Discovery - ignore /proc folder for Linux servers
 

RemoteFile/ICertificateStoreSerializer.cs

@@ -14,7 +14,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     interface ICertificateStoreSerializer
     {
-        Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler);
+        Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey);
 
         List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler);
 

RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs

@@ -38,7 +38,7 @@ public DERCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 

RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs

@@ -30,7 +30,7 @@ public JKSCertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 

RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs

@@ -28,7 +28,7 @@ public KDBCertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 

RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs

@@ -34,7 +34,7 @@ public OraWltCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -57,7 +57,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
                 jksStore.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
 
                 JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);
-                store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler);
+                store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, includePrivateKey);
             }
             catch (Exception ex)
             {

RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs

@@ -49,7 +49,7 @@ public PEMCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -62,7 +62,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
             string storeContents = Encoding.ASCII.GetString(storeContentBytes);
             X509CertificateEntry[] certificates = GetCertificates(storeContents);
 
-            if (IsTrustStore)
+            if (IsTrustStore || !includePrivateKey)
             {
                 foreach(X509CertificateEntry certificate in certificates)
                 {

RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs

@@ -25,7 +25,7 @@ public PKCS12CertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
             Pkcs12Store store = storeBuilder.Build();

RemoteFile/InventoryBase.cs

@@ -48,7 +48,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                 ApplicationSettings.Initialize(this.GetType().Assembly.Location);
                 certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
                 certificateStore.Initialize();
-                certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, false);
 
                 List<X509Certificate2Collection> collections = certificateStore.GetCertificateChains();
 

RemoteFile/ManagementBase.cs

@@ -67,7 +67,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                             else
                                 throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
                         }
-                        certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                        certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
                         certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword);
                         certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
 
@@ -82,7 +82,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         }
                         else
                         {
-                            certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                            certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
                             certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);
                             certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
                         }

RemoteFile/RemoteCertificateStore.cs

@@ -96,7 +96,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
             logger.MethodExit(LogLevel.Debug);
         }
 
-        internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties)
+        internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -107,7 +107,7 @@ internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreS
             if (byteContents.Length < 5)
                 return;
 
-            CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler);
+            CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler, includePrivateKey);
 
             logger.MethodExit(LogLevel.Debug);
         }