Skip to content

Commit 6aa94b6

Browse files
leefine02leefine02
leefine02
authored and
leefine02
committed
1 parent 5b66542 commit 6aa94b6

File tree

2 files changed

+75
-68
lines changed

2 files changed

+75
-68
lines changed

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
v3.0.0
2+
- Added support for post quantum MLD-SA certificates for store types RFPEM, RFJKS, RFPkcs12, and RFDER
3+
- Added support for On Device Key Generation (ODKG) as well as On Orchestrator Key Generation (OOKG)
4+
- ODKG: uses OpenSSL to generate private key and CSR on the target device
5+
- OOKG: uses BouncyCastle libraries to generate the private key and CSR on the orchestrator
6+
- Removed FileTransferProtocol option from the config.json and store type custom fields. Integration will now always attempt SCP first and then SFTP (if SCP fails) for all file transfers.
7+
18
v2.12.0
29
- Added config.json setting and its override store level custom field - AllowShellCommands. If "N" (default "Y"), SFTP will be used to create stores and move files on Linux-based certificate store servers. No Linux shell commands will be used in the integration.
310

RemoteFile/ReenrollmentBase.cs

Lines changed: 68 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -41,74 +41,74 @@ public JobResult ProcessJobToDo(ReenrollmentJobConfiguration config, SubmitReenr
4141
{
4242
ILogger logger = LogHandler.GetClassLogger(this.GetType());
4343

44-
//ICertificateStoreSerializer certificateStoreSerializer = GetCertificateStoreSerializer(config.CertificateStoreDetails.Properties);
45-
46-
//try
47-
//{
48-
// SetJobProperties(config, config.CertificateStoreDetails, logger);
49-
50-
// string alias = "abcd";
51-
// string sans = "reenroll2.Keyfactor.com&reenroll1.keyfactor.com&reenroll3.Keyfactor.com";
52-
// bool overwrite = true;
53-
54-
// // validate parameters
55-
// string KeyTypes = string.Join(",", Enum.GetNames(typeof(SupportedKeyTypeEnum)));
56-
// if (!Enum.TryParse(KeyType.ToUpper(), out SupportedKeyTypeEnum KeyTypeEnum))
57-
// {
58-
// throw new RemoteFileException($"Unsupported KeyType value {KeyType}. Supported types are {KeyTypes}.");
59-
// }
60-
61-
// ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
62-
63-
// certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, fileTransferProtocol, SSHPort, IncludePortInSPN);
64-
// certificateStore.Initialize(SudoImpersonatedUser, UseShellCommands);
65-
66-
// PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
67-
68-
// if (!certificateStore.DoesStoreExist())
69-
// {
70-
// throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
71-
// }
72-
73-
// // generate CSR and call back to enroll certificate
74-
// string csr = string.Empty;
75-
// string pemPrivateKey = string.Empty;
76-
// if (CreateCSROnDevice)
77-
// {
78-
// csr = certificateStore.GenerateCSROnDevice(SubjectText, KeyTypeEnum, KeySize, new List<string>(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)), out pemPrivateKey);
79-
// }
80-
// else
81-
// {
82-
// csr = certificateStore.GenerateCSR(SubjectText, KeyTypeEnum, KeySize, new List<string>(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)));
83-
// }
84-
85-
// X509Certificate2 cert = submitReenrollment.Invoke(csr);
86-
// if (cert == null || String.IsNullOrEmpty(pemPrivateKey))
87-
// throw new RemoteFileException("Enrollment of CSR failed. Please check Keyfactor Command logs for more information on potential enrollment errors.");
88-
89-
// AsymmetricAlgorithm alg = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
90-
// alg.ImportEncryptedPkcs8PrivateKey(string.Empty, Keyfactor.PKI.PEM.PemUtilities.PEMToDER(pemPrivateKey), out _);
91-
// cert = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? cert.CopyWithPrivateKey((RSA)alg) : cert.CopyWithPrivateKey((ECDsa)alg);
92-
93-
// // save certificate
94-
// certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
95-
// certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), overwrite, null, RemoveRootCertificate);
96-
// certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
97-
98-
// logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
99-
//}
100-
101-
//catch (Exception ex)
102-
//{
103-
// string errorMessage = $"Exception for {config.Capability}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}";
104-
// logger.LogError(errorMessage);
105-
// return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: {errorMessage}" };
106-
//}
107-
//finally
108-
//{
109-
// if (certificateStore.RemoteHandler != null)
110-
// certificateStore.Terminate();
111-
//}
44+
ICertificateStoreSerializer certificateStoreSerializer = GetCertificateStoreSerializer(config.CertificateStoreDetails.Properties);
45+
46+
try
47+
{
48+
SetJobProperties(config, config.CertificateStoreDetails, logger);
49+
50+
string alias = config.;
51+
string sans = "reenroll2.Keyfactor.com&reenroll1.keyfactor.com&reenroll3.Keyfactor.com";
52+
bool overwrite = true;
53+
54+
// validate parameters
55+
string KeyTypes = string.Join(",", Enum.GetNames(typeof(SupportedKeyTypeEnum)));
56+
if (!Enum.TryParse(KeyType.ToUpper(), out SupportedKeyTypeEnum KeyTypeEnum))
57+
{
58+
throw new RemoteFileException($"Unsupported KeyType value {KeyType}. Supported types are {KeyTypes}.");
59+
}
60+
61+
ApplicationSettings.FileTransferProtocolEnum fileTransferProtocol = ApplicationSettings.FileTransferProtocol;
62+
63+
certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, fileTransferProtocol, SSHPort, IncludePortInSPN);
64+
certificateStore.Initialize(SudoImpersonatedUser, UseShellCommands);
65+
66+
PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
67+
68+
if (!certificateStore.DoesStoreExist())
69+
{
70+
throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
71+
}
72+
73+
// generate CSR and call back to enroll certificate
74+
string csr = string.Empty;
75+
string pemPrivateKey = string.Empty;
76+
if (CreateCSROnDevice)
77+
{
78+
csr = certificateStore.GenerateCSROnDevice(SubjectText, KeyTypeEnum, KeySize, new List<string>(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)), out pemPrivateKey);
79+
}
80+
else
81+
{
82+
csr = certificateStore.GenerateCSR(SubjectText, KeyTypeEnum, KeySize, new List<string>(sans.Split('&', StringSplitOptions.RemoveEmptyEntries)));
83+
}
84+
85+
X509Certificate2 cert = submitReenrollment.Invoke(csr);
86+
if (cert == null || String.IsNullOrEmpty(pemPrivateKey))
87+
throw new RemoteFileException("Enrollment of CSR failed. Please check Keyfactor Command logs for more information on potential enrollment errors.");
88+
89+
AsymmetricAlgorithm alg = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
90+
alg.ImportEncryptedPkcs8PrivateKey(string.Empty, Keyfactor.PKI.PEM.PemUtilities.PEMToDER(pemPrivateKey), out _);
91+
cert = KeyTypeEnum == SupportedKeyTypeEnum.RSA ? cert.CopyWithPrivateKey((RSA)alg) : cert.CopyWithPrivateKey((ECDsa)alg);
92+
93+
// save certificate
94+
certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
95+
certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), overwrite, null, RemoveRootCertificate);
96+
certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
97+
98+
logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
99+
}
100+
101+
catch (Exception ex)
102+
{
103+
string errorMessage = $"Exception for {config.Capability}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}";
104+
logger.LogError(errorMessage);
105+
return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: {errorMessage}" };
106+
}
107+
finally
108+
{
109+
if (certificateStore.RemoteHandler != null)
110+
certificateStore.Terminate();
111+
}
112112

113113
logger.LogDebug($"...End {config.Capability} job for job id {config.JobId}");
114114
return new JobResult() { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId };

0 commit comments

Comments
 (0)