Release 2.1

Author: leefine02

CHANGELOG.md

@@ -1,3 +1,11 @@
+v2.1
+- New RFDER certificate store type added
+- RFPEM modified to now support PKCS#1 private key formats (BEGIN RSA PRIVATE KEY)
+- Added support for rsa-sha2-256 HostKeyAlgorithm for SSH "handshake" when connecting to Linux managed servers
+- Added new optional certificate store type custom field to specify separate file owner when creating certificate stores during Management-Create jobs
+- Bug fix: Java-based applications were not recognizing trust entries added to java keystores of type PKCS12
+- Bug fix: File download operations for Windows managed servers were still using the credentials from the orchestrator service instead of from the certificate store
+
 v2.0
 - Added PAM support
 

Certificate Store Type CURL Scripts/DER.curl

@@ -0,0 +1,56 @@
+###CURL script to create DER certificate store type
+
+###Replacement Variables - Manually replace these before running###
+# {URL} - Base URL for your Keyfactor deployment
+# {UserName} - User name with access to run Keyfactor APIs
+# {UserPassword} - Password for the UserName above
+
+curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: application/json" -H "x-keyfactor-requested-with: APIClient" -u {UserName}:{UserPassword} -d '{
+  "Name": "RFDER",
+  "ShortName": "RFDER",
+  "Capability": "RFDER",
+  "ServerRequired": true,
+  "BlueprintAllowed": false,
+  "CustomAliasAllowed": "Forbidden",
+  "PowerShell": false,
+  "PrivateKeyAllowed": "Optional",
+  "SupportedOperations": {
+    "Add": true,
+    "Create": true,
+    "Discovery": true,
+    "Enrollment": false,
+    "Remove": true
+  },
+  "PasswordOptions": {
+    "Style": "Default",
+    "EntrySupported": false,
+    "StoreRequired": true
+  },
+  "Properties": [
+    {
+      "Name": "LinuxFilePermissionsOnStoreCreation",
+      "DisplayName": "Linux File Permissions on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    },
+    {
+      "Name": "LinuxFileOwnerOnStoreCreation",
+      "DisplayName": "Linux File Owner on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    },
+    {
+      "Name": "SeparatePrivateKeyFilePath",
+      "DisplayName": "Separate Private Key File Location",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    }
+  ],
+  "EntryParameters": []
+}'

Certificate Store Type CURL Scripts/JKS.curl

@@ -34,7 +34,15 @@ curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: applicat
       "DependsOn": "",
       "Type": "String",
       "DefaultValue": ""
-    }
+    },
+    {
+      "Name": "LinuxFileOwnerOnStoreCreation",
+      "DisplayName": "Linux File Owner on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    }  
   ],
   "EntryParameters": []
 }'

Certificate Store Type CURL Scripts/KDB.curl

@@ -34,7 +34,15 @@ curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: applicat
       "DependsOn": "",
       "Type": "String",
       "DefaultValue": ""
-    }
+    },
+    {
+      "Name": "LinuxFileOwnerOnStoreCreation",
+      "DisplayName": "Linux File Owner on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    }  
   ],
   "EntryParameters": []
 }'

Certificate Store Type CURL Scripts/PEM.curl

@@ -35,6 +35,14 @@ curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: applicat
       "Type": "String",
       "DefaultValue": ""
     },
+    {
+      "Name": "LinuxFileOwnerOnStoreCreation",
+      "DisplayName": "Linux File Owner on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    },
     {
       "Name": "IsTrustStore",
       "DisplayName": "Trust Store",
@@ -58,6 +66,14 @@ curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: applicat
       "DependsOn": "",
       "Type": "String",
       "DefaultValue": ""
+    },
+    {
+      "Name": "IsRSAPrivateKey"
+      "DisplayName": "Is RSA Private Key",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "Bool",
+      "DefaultValue": false
     }
   ],
   "EntryParameters": []

Certificate Store Type CURL Scripts/PKCS12.curl

@@ -34,7 +34,15 @@ curl -X POST {URL}/keyfactorapi/certificatestoretypes -H "Content-Type: applicat
       "DependsOn": "",
       "Type": "String",
       "DefaultValue": ""
-    }
+    },
+    {
+      "Name": "LinuxFileOwnerOnStoreCreation",
+      "DisplayName": "Linux File Owner on Store Creation",
+      "Required": false,
+      "DependsOn": "",
+      "Type": "String",
+      "DefaultValue": ""
+    }    
   ],
   "EntryParameters": []
 }'

README.md

@@ -1,4 +1,11 @@
-using System;
+// Copyright 2021 Keyfactor
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+// and limitations under the License.
+
+using System;
 using System.Collections.Generic;
 using System.IO;
 
@@ -19,6 +26,7 @@ public enum FileTransferProtocolEnum
         }
 
         private const string DEFAULT_LINUX_PERMISSION_SETTING = "600";
+        private const string DEFAULT_OWNER_SETTING = "";
 
         private static Dictionary<string,string> configuration;
 
@@ -27,6 +35,7 @@ public enum FileTransferProtocolEnum
         public static bool UseNegotiate { get { return configuration.ContainsKey("UseNegotiate") ? configuration["UseNegotiate"]?.ToUpper() == "Y" : false; } }
         public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"]) : string.Empty; } }
         public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } }
+        public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } }
         public static FileTransferProtocolEnum FileTransferProtocol 
         { 
             get 
@@ -95,6 +104,8 @@ private static void ValidateConfiguration(ILogger logger)
                 logger.LogDebug($"Missing configuration parameter - SeparateUploadFilePath.  Will set to default value of ''");
             if (!configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation"))
                 logger.LogDebug($"Missing configuration parameter - DefaultLinuxPermissionsOnStoreCreation.  Will set to default value of '{DEFAULT_LINUX_PERMISSION_SETTING}'");
+            if (!configuration.ContainsKey("DefaultOwnerOnStoreCreation"))
+                logger.LogDebug($"Missing configuration parameter - DefaultOwnerOnStoreCreation.  Will set to default value of '{DEFAULT_OWNER_SETTING}'");
             if (!configuration.ContainsKey("FileTransferProtocol"))
                 logger.LogDebug($"Missing configuration parameter - FileTransferProtocol.  Will set to default value of 'SCP'");
         }