ab#82394

Lee Fine · Lee Fine · commit b313b072f4c7 · 2026-02-26T15:35:34.000Z
diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs
@@ -54,7 +54,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         }
                         certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
                         certificateStore.AddCertificate(config.JobCertificate.Alias ?? GetThumbprint(config.JobCertificate, logger), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, RemoveRootCertificate);
-                        certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
+                        certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
 
                         try
                         {
@@ -83,7 +83,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         {
                             certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
                             certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);
-                            certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
+                            certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
                         }
                         logger.LogDebug($"END Delete Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
                         break;
diff --git a/RemoteFile/ReenrollmentBase.cs b/RemoteFile/ReenrollmentBase.cs
@@ -102,7 +102,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
 
                 // save certificate
                 certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate);
-                certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
+                certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
 
                 try
                 {
diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
@@ -27,6 +27,7 @@
 using Keyfactor.PKI.PrivateKeys;
 using Keyfactor.PKI.CryptographicObjects.Formatters;
 using Org.BouncyCastle.X509;
+using Org.BouncyCastle.Asn1.Pkcs;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -112,17 +113,50 @@ internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreS
         {
             logger.MethodEntry(LogLevel.Debug);
 
+            Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+            CertificateStore = storeBuilder.Build();
+
             byte[] byteContents = RemoteHandler.DownloadCertificateFile(StorePath + StoreFileName);
-            Pkcs12Store CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler, isInventory);
+            if (byteContents.Length < 5)
+                return;
+
+            CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler, isInventory);
 
             logger.MethodExit(LogLevel.Debug);
         }
 
-        internal Pkcs12Store GetCertificateStore()
+        internal Pkcs12Store GetCertificateStore(bool requiresLegacyEncryption)
         {
             logger.MethodEntry(LogLevel.Debug);
             logger.MethodExit(LogLevel.Debug);
 
+            if (requiresLegacyEncryption)
+            {
+                Pkcs12StoreBuilder builder = new Pkcs12StoreBuilder();
+                builder.SetKeyAlgorithm(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc);
+                builder.SetCertAlgorithm(PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc);
+
+                Pkcs12Store tempStore = builder.Build();
+
+                foreach (string alias in CertificateStore.Aliases)
+                {
+                    if (CertificateStore.IsKeyEntry(alias))
+                    {
+                        var keyEntry = CertificateStore.GetKey(alias);
+                        var certChain = CertificateStore.GetCertificateChain(alias);
+
+                        tempStore.SetKeyEntry(alias, keyEntry, certChain);
+                    }
+                    else if (CertificateStore.IsCertificateEntry(alias))
+                    {
+                        var certEntry = CertificateStore.GetCertificate(alias);
+                        tempStore.SetCertificateEntry(alias, certEntry);
+                    }
+                }
+
+                CertificateStore = tempStore;
+            }
+
             return CertificateStore;
         }
 
diff --git a/RemoteFile/RemoteFileJobTypeBase.cs b/RemoteFile/RemoteFileJobTypeBase.cs
@@ -30,6 +30,7 @@ public abstract class RemoteFileJobTypeBase
         internal bool CreateCSROnDevice { get; set; }
         internal bool UseShellCommands { get; set; }
         internal string PostJobApplicationRestart {  get; set; }
+        internal bool RequiresLegacyEncryption { get; set; }
         internal string KeyType { get; set; }
         internal int KeySize { get; set; }
         internal string SubjectText { get; set; }
@@ -78,6 +79,10 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi
                 null :
                 properties.PostJobApplicationRestart;
 
+            RequiresLegacyEncryption = properties.RequiresLegacyEncryption == null || string.IsNullOrEmpty(properties.RequiresLegacyEncryption.Value) ?
+                false :
+                properties.RequiresLegacyEncryption;
+
             if (config.JobProperties != null)
             {
                 KeyType = !config.JobProperties.ContainsKey("keyType") || config.JobProperties["keyType"] == null || string.IsNullOrEmpty(config.JobProperties["keyType"].ToString()) ? string.Empty : config.JobProperties["keyType"].ToString();

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`54`	`54`	`}`
`55`	`55`	`certificateStore.LoadCertificateStore(certificateStoreSerializer, false);`
`56`	`56`	`certificateStore.AddCertificate(config.JobCertificate.Alias ?? GetThumbprint(config.JobCertificate, logger), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, RemoveRootCertificate);`
`57`		`- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
	`57`	`+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
`58`	`58`
`59`	`59`	`try`
`60`	`60`	`{`
`@@ -83,7 +83,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`83`	`83`	`{`
`84`	`84`	`certificateStore.LoadCertificateStore(certificateStoreSerializer, false);`
`85`	`85`	`certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);`
`86`		`- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
	`86`	`+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
`87`	`87`	`}`
`88`	`88`	`logger.LogDebug($"END Delete Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");`
`89`	`89`	`break;`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm`
`102`	`102`
`103`	`103`	`// save certificate`
`104`	`104`	`certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate);`
`105`		`- certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
	`105`	`+ certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(RequiresLegacyEncryption), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));`
`106`	`106`
`107`	`107`	`try`
`108`	`108`	`{`