ab#76170

Author: leefine02

RemoteFile/ApplicationSettings.cs

@@ -33,7 +33,6 @@ public class ApplicationSettings
         public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } }
         public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } }
         public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
-        public static bool CreateCSROnDevice { get { return configuration.ContainsKey("CreateCSROnDevice") ? configuration["CreateCSROnDevice"]?.ToUpper() == "Y" : false; } }
         public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"] : string.Empty; } }
         public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToUpper() == "Y" : true; } }
         public static int SSHPort

RemoteFile/ReenrollmentBase.cs

@@ -75,14 +75,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
                 // generate CSR and call back to enroll certificate
                 string csr = string.Empty;
                 AsymmetricAlgorithm privateKey;
-                if (CreateCSROnDevice)
-                {
-                    csr = certificateStore.GenerateCSROnDevice(SubjectText, config.Overwrite, config.Alias, KeyTypeEnum, KeySize, config.SANs, out privateKey);
-                }
-                else
-                {
-                    csr = certificateStore.GenerateCSR(SubjectText, config.Overwrite, config.Alias, KeyTypeEnum, KeySize, config.SANs, out privateKey);
-                }
+                csr = certificateStore.GenerateCSR(SubjectText, config.Overwrite, config.Alias, KeyTypeEnum, KeySize, config.SANs, out privateKey);
 
                 X509Certificate2 cert = submitReenrollment.Invoke(csr);
 

RemoteFile/RemoteCertificateStore.cs

@@ -349,15 +349,6 @@ internal static PathFile SplitStorePathFile(string pathFileName)
             }
         }
 
-        internal string GenerateCSROnDevice(string subjectText, bool overwrite, string alias, SupportedKeyTypeEnum keyType, int keySize, Dictionary<string, string[]> sans, out AsymmetricAlgorithm privateKey)
-        {
-            string csr = string.Empty;
-            privateKey = RSA.Create();
-
-
-            return csr;
-        }
-
         internal string GenerateCSR(string subjectText, bool overwrite, string alias, SupportedKeyTypeEnum keyType, int keySize, Dictionary<string, string[]> sans, out AsymmetricAlgorithm privateKey)
         {
             if (CertificateStore.ContainsAlias(alias) && !overwrite)
@@ -379,69 +370,6 @@ internal string GenerateCSR(string subjectText, bool overwrite, string alias, Su
             return csr;
         }
 
-        internal string GenerateCSROnDevice(string subjectText, bool overwrite, string alias, SupportedKeyTypeEnum keyType, int keySize, Dictionary<string, string[]> sans, out AsymmetricAlgorithm privateKey)
-        {
-            string path = ApplicationSettings.TempFilePathForODKG;
-            if (path.Substring(path.Length - 1, 1) != "/") path += "/";
-            string fileName = Guid.NewGuid().ToString();
-
-            System.Security.Cryptography.X509Certificates.X500DistinguishedName dn = new System.Security.Cryptography.X509Certificates.X500DistinguishedName(subjectText);
-            string opensslSubject = dn.Format(true).Replace("S=", "ST=");
-            opensslSubject = opensslSubject.Replace(System.Environment.NewLine, "/");
-            opensslSubject = "/" + opensslSubject.Substring(0, opensslSubject.Length - 1);
-
-            string cmd = $"openssl req -new -newkey REPLACE -nodes -keyout {path}{fileName}.key -out {path}{fileName}.csr -subj '{opensslSubject}'";
-            switch (keyType)
-            {
-                case SupportedKeyTypeEnum.RSA:
-                    cmd = cmd.Replace("REPLACE", $"rsa:{keySize.ToString()}");
-                    break;
-                case SupportedKeyTypeEnum.ECC:
-                    string algName = "prime256v1";
-                    switch (keySize)
-                    {
-                        case 384:
-                            algName = "secp384r1";
-                            break;
-                        case 521:
-                            algName = "secp521r1";
-                            break;
-                    }
-                    cmd = cmd.Replace("REPLACE", $"ec:<(openssl ecparam -name {algName})");
-                    break;
-            }
-
-            string csr = string.Empty;
-            
-            try
-            {
-                try
-                {
-                    RemoteHandler.RunCommand(cmd, null, ApplicationSettings.UseSudo, null);
-                }
-                catch (Exception ex)
-                {
-                    if (!ex.Message.Contains("----"))
-                        throw;
-                }
-
-                string privateKeyString = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".key"));
-                privateKey = keyType == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
-                privateKey.ImportFromPem(privateKeyString);
-
-                csr = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".csr"));
-            }
-            finally
-            {
-                if (RemoteHandler.DoesFileExist(path + fileName + ".key"))
-                    RemoteHandler.RemoveCertificateFile(path, fileName + ".key");
-                if (RemoteHandler.DoesFileExist(path + fileName + ".csr"))
-                    RemoteHandler.RemoveCertificateFile(path, fileName + ".csr");
-            }
-
-            return csr;
-        }
-
         internal void Initialize(string sudoImpersonatedUser, bool useShellCommands)
         {
             logger.MethodEntry(LogLevel.Debug);

RemoteFile/RemoteFileJobTypeBase.cs

@@ -69,10 +69,6 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi
                 false :
                 Convert.ToBoolean(properties.IncludePortInSPN.Value);
 
-            CreateCSROnDevice = properties.CreateCSROnDevice == null || string.IsNullOrEmpty(properties.CreateCSROnDevice.Value) ?
-                ApplicationSettings.CreateCSROnDevice :
-                Convert.ToBoolean(properties.CreateCSROnDevice.Value);
-
             UseShellCommands = properties.UseShellCommands == null || string.IsNullOrEmpty(properties.UseShellCommands.Value) ?
                 ApplicationSettings.UseShellCommands :
                 properties.UseShellCommands;
@@ -93,7 +89,6 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi
             logger.LogDebug($"RemoveRootCertificate: {RemoveRootCertificate}");
             logger.LogDebug($"SSHPort: {SSHPort}");
             logger.LogDebug($"IncludePortInSPN: {IncludePortInSPN}");
-            logger.LogDebug($"CreateCSROnDevice: {CreateCSROnDevice}");
             logger.LogDebug($"KeyType: {KeyType}");
             logger.LogDebug($"KeySize: {KeySize}");
             logger.LogDebug($"SubjectText: {SubjectText}");

RemoteFile/RemoteHandlers/SSHHandler.cs

@@ -27,6 +27,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers
 {
     class SSHHandler : BaseRemoteHandler
     {
+        private readonly string[] IgnoreErrors = { "Could not chdir to home directory" };
         private ConnectionInfo Connection { get; set; }
         private string SudoImpersonatedUser { get; set; }
         private bool IsStoreServerLinux { get; set; }
@@ -141,7 +142,7 @@ public override string RunCommand(string commandText, object[] arguments, bool w
                     command.Execute();
                     _logger.LogDebug($"SSH Results: {displayCommand}::: {command.Result}::: {command.Error}");
 
-                    if (!String.IsNullOrEmpty(command.Error))
+                    if (!String.IsNullOrEmpty(command.Error) && !IgnoreError(command.Error))
                         throw new ApplicationException(command.Error);
 
                     _logger.MethodExit(LogLevel.Debug);
@@ -514,5 +515,10 @@ private void CheckConnection()
                 throw;
             }
         }
+
+        private bool IgnoreError(string err)
+        {
+            return IgnoreErrors.Any(p => err.Contains(p, StringComparison.OrdinalIgnoreCase));
+        }
     }
 }