Skip to content

Commit 7504596

Browse files
leefine02leefine02
leefine02
authored and
leefine02
committed
1 parent e13b387 commit 7504596

File tree

1 file changed

+64
-60
lines changed

1 file changed

+64
-60
lines changed

RemoteFile/RemoteCertificateStore.cs

Lines changed: 64 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
using System.Text.RegularExpressions;
2525
using static Keyfactor.Extensions.Orchestrator.RemoteFile.ReenrollmentBase;
2626
using static Keyfactor.PKI.PKIConstants.X509;
27+
using Keyfactor.PKI.PrivateKeys;
2728

2829
namespace Keyfactor.Extensions.Orchestrator.RemoteFile
2930
{
@@ -374,69 +375,72 @@ internal string GenerateCSR(string subjectText, bool overwrite, string alias, Su
374375
string csr = PemUtilities.DERToPEM(generator.CreatePKCS10Request(), PKI.PEM.PemUtilities.PemObjectType.CertRequest);
375376

376377
privateKey = generator.GetRequestPrivateKey().ToNetPrivateKey();
378+
379+
return csr;
380+
}
381+
382+
internal string GenerateCSROnDevice(string subjectText, bool overwrite, string alias, SupportedKeyTypeEnum keyType, int keySize, Dictionary<string, string[]> sans, out AsymmetricAlgorithm privateKey)
383+
{
384+
string path = ApplicationSettings.TempFilePathForODKG;
385+
if (path.Substring(path.Length - 1, 1) != "/") path += "/";
386+
string fileName = Guid.NewGuid().ToString();
387+
388+
System.Security.Cryptography.X509Certificates.X500DistinguishedName dn = new System.Security.Cryptography.X509Certificates.X500DistinguishedName(subjectText);
389+
string opensslSubject = dn.Format(true).Replace("S=", "ST=");
390+
opensslSubject = opensslSubject.Replace(System.Environment.NewLine, "/");
391+
opensslSubject = "/" + opensslSubject.Substring(0, opensslSubject.Length - 1);
392+
393+
string cmd = $"openssl req -new -newkey REPLACE -nodes -keyout {path}{fileName}.key -out {path}{fileName}.csr -subj '{opensslSubject}'";
394+
switch (keyType)
395+
{
396+
case SupportedKeyTypeEnum.RSA:
397+
cmd = cmd.Replace("REPLACE", $"rsa:{keySize.ToString()}");
398+
break;
399+
case SupportedKeyTypeEnum.ECC:
400+
string algName = "prime256v1";
401+
switch (keySize)
402+
{
403+
case 384:
404+
algName = "secp384r1";
405+
break;
406+
case 521:
407+
algName = "secp521r1";
408+
break;
409+
}
410+
cmd = cmd.Replace("REPLACE", $"ec:<(openssl ecparam -name {algName})");
411+
break;
412+
}
413+
414+
string csr = string.Empty;
415+
416+
try
417+
{
418+
try
419+
{
420+
RemoteHandler.RunCommand(cmd, null, ApplicationSettings.UseSudo, null);
421+
}
422+
catch (Exception ex)
423+
{
424+
if (!ex.Message.Contains("----"))
425+
throw;
426+
}
427+
428+
string privateKeyString = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".key"));
429+
privateKey = keyType == SupportedKeyTypeEnum.RSA ? RSA.Create() : ECDsa.Create();
430+
privateKey.ImportFromPem(privateKeyString);
431+
432+
csr = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".csr"));
433+
}
434+
finally
435+
{
436+
if (RemoteHandler.DoesFileExist(path + fileName + ".key"))
437+
RemoteHandler.RemoveCertificateFile(path, fileName + ".key");
438+
if (RemoteHandler.DoesFileExist(path + fileName + ".csr"))
439+
RemoteHandler.RemoveCertificateFile(path, fileName + ".csr");
440+
}
377441

378442
return csr;
379443
}
380-
381-
//internal string GenerateCSROnDevice(string subjectText, SupportedKeyTypeEnum keyType, int keySize, List<string> sans, out string privateKey)
382-
//{
383-
// string path = ApplicationSettings.TempFilePathForODKG;
384-
// if (path.Substring(path.Length - 1, 1) != "/") path += "/";
385-
// string fileName = Guid.NewGuid().ToString();
386-
387-
// X500DistinguishedName dn = new X500DistinguishedName(subjectText);
388-
// string opensslSubject = dn.Format(true).Replace("S=","ST=");
389-
// opensslSubject = opensslSubject.Replace(System.Environment.NewLine, "/");
390-
// opensslSubject = "/" + opensslSubject.Substring(0, opensslSubject.Length - 1);
391-
392-
// string cmd = $"openssl req -new -newkey REPLACE -nodes -keyout {path}{fileName}.key -out {path}{fileName}.csr -subj '{opensslSubject}'";
393-
// switch (keyType)
394-
// {
395-
// case SupportedKeyTypeEnum.RSA:
396-
// cmd = cmd.Replace("REPLACE", $"rsa:{keySize.ToString()}");
397-
// break;
398-
// case SupportedKeyTypeEnum.ECC:
399-
// string algName = "prime256v1";
400-
// switch (keySize)
401-
// {
402-
// case 384:
403-
// algName = "secp384r1";
404-
// break;
405-
// case 521:
406-
// algName = "secp521r1";
407-
// break;
408-
// }
409-
// cmd = cmd.Replace("REPLACE", $"ec:<(openssl ecparam -name {algName})");
410-
// break;
411-
// }
412-
413-
// string csr = string.Empty;
414-
// privateKey = string.Empty;
415-
// try
416-
// {
417-
// try
418-
// {
419-
// RemoteHandler.RunCommand(cmd, null, ApplicationSettings.UseSudo, null);
420-
// }
421-
// catch (Exception ex)
422-
// {
423-
// if (!ex.Message.Contains("----"))
424-
// throw;
425-
// }
426-
427-
// privateKey = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".key"));
428-
// csr = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".csr"));
429-
// }
430-
// finally
431-
// {
432-
// if (RemoteHandler.DoesFileExist(path + fileName + ".key"))
433-
// RemoteHandler.RemoveCertificateFile(path, fileName + ".key");
434-
// if (RemoteHandler.DoesFileExist(path + fileName + ".csr"))
435-
// RemoteHandler.RemoveCertificateFile(path, fileName + ".csr");
436-
// }
437-
438-
// return csr;
439-
//}
440444

441445
internal void Initialize(string sudoImpersonatedUser, bool useShellCommands)
442446
{

0 commit comments

Comments
 (0)