Keyfactor
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 134 additions & 2 deletions b/‎README.md‎
Lines changed: 134 additions & 2 deletions
diff --git a/‎RemoteFile/ApplicationSettings.cs‎
Lines changed: 48 additions & 19 deletions b/‎RemoteFile/ApplicationSettings.cs‎
Lines changed: 48 additions & 19 deletions
diff --git a/‎RemoteFile/ManagementBase.cs‎
Lines changed: 32 additions & 9 deletions b/‎RemoteFile/ManagementBase.cs‎
Lines changed: 32 additions & 9 deletions
diff --git a/‎RemoteFile/ReenrollmentBase.cs‎
Lines changed: 14 additions & 1 deletion b/‎RemoteFile/ReenrollmentBase.cs‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎RemoteFile/RemoteCertificateStore.cs‎
Lines changed: 44 additions & 1 deletion b/‎RemoteFile/RemoteCertificateStore.cs‎
Lines changed: 44 additions & 1 deletion
@@ -1,3 +1,7 @@
+v4.0.0
+- Added ability to run post job commands for Management-Add and ODKG jobs.
+- Bug Fix: Issue adding certificates without private keys introduced in 3.0.0
+
 v3.0.0
 - Added support for post quantum ML-DSA certificates for store types RFPEM, RFJKS, RFPkcs12, and RFDER
 - Added support for On Device Key Generation (ODKG)
 
@@ -13,6 +13,7 @@
 using Microsoft.Extensions.Logging;
 using Keyfactor.Logging;
 using System.Reflection;
+using Microsoft.PowerShell;
 
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile 
@@ -24,25 +25,25 @@ public class ApplicationSettings
         private const string DEFAULT_SUDO_IMPERSONATION_SETTING = "";
         private const int DEFAULT_SSH_PORT = 22;
 
-        private static Dictionary<string,string> configuration;
-
-        public static bool UseSudo { get { return configuration.ContainsKey("UseSudo") ? configuration["UseSudo"]?.ToUpper() == "Y" : false;  } }
-        public static bool CreateStoreIfMissing { get { return configuration.ContainsKey("CreateStoreIfMissing") ? configuration["CreateStoreIfMissing"]?.ToUpper() == "Y" : false; } }
-        public static bool UseNegotiate { get { return configuration.ContainsKey("UseNegotiate") ? configuration["UseNegotiate"]?.ToUpper() == "Y" : false; } }
-        public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"]) : string.Empty; } }
-        public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } }
-        public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } }
-        public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
-        public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"] : string.Empty; } }
-        public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToUpper() == "Y" : true; } }
+        private static Dictionary<string,object> configuration;
+
+        public static bool UseSudo { get { return configuration.ContainsKey("UseSudo") ? configuration["UseSudo"]?.ToString().ToUpper() == "Y" : false;  } }
+        public static bool CreateStoreIfMissing { get { return configuration.ContainsKey("CreateStoreIfMissing") ? configuration["CreateStoreIfMissing"]?.ToString().ToUpper() == "Y" : false; } }
+        public static bool UseNegotiate { get { return configuration.ContainsKey("UseNegotiate") ? configuration["UseNegotiate"]?.ToString().ToUpper() == "Y" : false; } }
+        public static string SeparateUploadFilePath { get { return configuration.ContainsKey("SeparateUploadFilePath") ? AddTrailingSlash(configuration["SeparateUploadFilePath"].ToString()) : string.Empty; } }
+        public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"].ToString() : DEFAULT_LINUX_PERMISSION_SETTING; } }
+        public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"].ToString() : DEFAULT_OWNER_SETTING; } }
+        public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"].ToString() : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
+        public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"].ToString() : string.Empty; } }
+        public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToString().ToUpper() == "Y" : true; } }
         public static int SSHPort
         {
             get
             {
-                if (configuration.ContainsKey("SSHPort") && !string.IsNullOrEmpty(configuration["SSHPort"]))
+                if (configuration.ContainsKey("SSHPort") && !string.IsNullOrEmpty(configuration["SSHPort"]?.ToString()))
                 {
                     int sshPort;
-                    if (int.TryParse(configuration["SSHPort"], out sshPort))
+                    if (int.TryParse(configuration["SSHPort"]?.ToString(), out sshPort))
                         return sshPort;
                     else
                         throw new RemoteFileException($"Invalid optional config.json SSHPort value of {configuration["SSHPort"]}.  If present, this must be an integer value.");
@@ -53,13 +54,27 @@ public static int SSHPort
                 }
             }
         }
+        public static List<PostJobCommand> PostJobCommands 
+        {
+            get
+            {
+                if (configuration.ContainsKey("PostJobCommands") && configuration["PostJobCommands"] != null)
+                {
+                    return JsonConvert.DeserializeObject<List<PostJobCommand>>(configuration["PostJobCommands"]?.ToString());
+                }
+                else
+                {
+                    return new List<PostJobCommand>();
+                }
+            }
+        }
 
         static ApplicationSettings()
         {
             ILogger logger = LogHandler.GetClassLogger<ApplicationSettings>();
             logger.MethodEntry(LogLevel.Debug);
 
-            configuration = new Dictionary<string, string>();
+            configuration = new Dictionary<string, object>();
             string configLocation = $"{Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location)}{Path.DirectorySeparatorChar}config.json";
             string configContents = string.Empty;
 
@@ -81,11 +96,18 @@ static ApplicationSettings()
                 return;
             }
 
-            configuration = JsonConvert.DeserializeObject<Dictionary<string, string>>(configContents);
+            try
+            {
+                configuration = JsonConvert.DeserializeObject<Dictionary<string, object>>(configContents);
+            }
+            catch (Exception ex)
+            {
+                throw new RemoteFileException(RemoteFileException.FlattenExceptionMessages(ex, "Error attempting to serialize config.json file.  Please review your config.json file for proper formatting."));
+            }
             ValidateConfiguration(logger);
 
             logger.LogDebug("Configuration Settings:");
-            foreach(KeyValuePair<string,string> keyValue in configuration)
+            foreach(KeyValuePair<string,object> keyValue in configuration)
             {
                 logger.LogDebug($"    {keyValue.Key}: {keyValue.Value}");
             }
@@ -95,11 +117,11 @@ static ApplicationSettings()
 
         private static void ValidateConfiguration(ILogger logger)
         {
-            if (!configuration.ContainsKey("UseSudo") || (configuration["UseSudo"].ToUpper() != "Y" && configuration["UseSudo"].ToUpper() != "N"))
+            if (!configuration.ContainsKey("UseSudo") || (configuration["UseSudo"]?.ToString().ToUpper() != "Y" && configuration["UseSudo"]?.ToString().ToUpper() != "N"))
                 logger.LogDebug($"Missing or invalid configuration parameter - UseSudo.  Will set to default value of 'False'");
-            if (!configuration.ContainsKey("CreateStoreIfMissing") || (configuration["CreateStoreIfMissing"].ToUpper() != "Y" && configuration["CreateStoreIfMissing"].ToUpper() != "N"))
+            if (!configuration.ContainsKey("CreateStoreIfMissing") || (configuration["CreateStoreIfMissing"]?.ToString().ToUpper() != "Y" && configuration["CreateStoreIfMissing"]?.ToString().ToUpper() != "N"))
                 logger.LogDebug($"Missing or invalid configuration parameter - CreateStoreIfMissing.  Will set to default value of 'False'");
-            if (!configuration.ContainsKey("UseNegotiate") || (configuration["UseNegotiate"].ToUpper() != "Y" && configuration["UseNegotiate"].ToUpper() != "N"))
+            if (!configuration.ContainsKey("UseNegotiate") || (configuration["UseNegotiate"]?.ToString().ToUpper() != "Y" && configuration["UseNegotiate"]?.ToString().ToUpper() != "N"))
                 logger.LogDebug($"Missing or invalid configuration parameter - UseNegotiate.  Will set to default value of 'False'");
             if (!configuration.ContainsKey("SeparateUploadFilePath"))
                 logger.LogDebug($"Missing configuration parameter - SeparateUploadFilePath.  Will set to default value of ''");
@@ -113,5 +135,12 @@ private static string AddTrailingSlash(string path)
         {
             return string.IsNullOrEmpty(path) ? path : path.Substring(path.Length - 1, 1) == @"/" ? path : path += @"/";
         }
+
+        public class PostJobCommand
+        {
+            public string Name { get; set; }
+            public string Environment { get; set; }
+            public string Command { get; set; }
+        }
     }
 }
@@ -15,6 +15,7 @@
 using Org.BouncyCastle.X509;
 using System;
 using System.IO;
+using System.Linq.Expressions;
 using static Org.BouncyCastle.Math.EC.ECCurve;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
@@ -55,7 +56,21 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         certificateStore.AddCertificate(config.JobCertificate.Alias ?? GetThumbprint(config.JobCertificate, logger), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword, RemoveRootCertificate);
                         certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
 
-                        logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
+                        try
+                        {
+                            if (!string.IsNullOrEmpty(PostJobApplicationRestart))
+                                certificateStore.RunPostJobCommand(PostJobApplicationRestart, config.CertificateStoreDetails.StorePath, certificateStoreSerializer.GetPrivateKeyPath());
+                        }
+                        catch (Exception ex)
+                        {
+                            logger.LogError($"Exception for {config.Capability} attempting post job command for {PostJobApplicationRestart}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}");
+                            return new JobResult() { Result = OrchestratorJobStatusJobResult.Warning, JobHistoryId = config.JobHistoryId, FailureMessage = RemoteFileException.FlattenExceptionMessages(ex, $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Certificate was successfully added to store, but post job command for {PostJobApplicationRestart} failed with:  ") };
+                        }
+                        finally
+                        {
+                            logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
+                        }
+
                         break;
 
                     case CertStoreOperationType.Remove:
@@ -112,17 +127,25 @@ private string GetThumbprint (ManagementJobCertificate jobCertificate, ILogger l
 
             string thumbprint = string.Empty;
 
-            using (MemoryStream ms = new MemoryStream(Convert.FromBase64String(jobCertificate.Contents)))
+            if (string.IsNullOrEmpty(jobCertificate.PrivateKeyPassword))
+            {
+                X509Certificate x = new X509Certificate(Convert.FromBase64String(jobCertificate.Contents));
+                thumbprint = x.Thumbprint();
+            }
+            else
             {
-                Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
-                Pkcs12Store store = storeBuilder.Build();
+                using (MemoryStream ms = new MemoryStream(Convert.FromBase64String(jobCertificate.Contents)))
+                {
+                    Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+                    Pkcs12Store store = storeBuilder.Build();
 
-                store.Load(ms, jobCertificate.PrivateKeyPassword.ToCharArray());
+                    store.Load(ms, jobCertificate.PrivateKeyPassword.ToCharArray());
 
-                foreach (string alias in store.Aliases)
-                {
-                    thumbprint = store.GetCertificate(alias).Certificate.Thumbprint();
-                    break;
+                    foreach (string alias in store.Aliases)
+                    {
+                        thumbprint = store.GetCertificate(alias).Certificate.Thumbprint();
+                        break;
+                    }
                 }
             }
 
 
@@ -104,7 +104,20 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
                 certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate);
                 certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
 
-                logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
+                try
+                {
+                    if (!string.IsNullOrEmpty(PostJobApplicationRestart))
+                        certificateStore.RunPostJobCommand(PostJobApplicationRestart, config.CertificateStoreDetails.StorePath, certificateStoreSerializer.GetPrivateKeyPath());
+                }
+                catch (Exception ex)
+                {
+                    logger.LogError($"Exception for {config.Capability} attempting post job command for {PostJobApplicationRestart}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}");
+                    return new JobResult() { Result = OrchestratorJobStatusJobResult.Warning, JobHistoryId = config.JobHistoryId, FailureMessage = RemoteFileException.FlattenExceptionMessages(ex, $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: Certificate was successfully added to store, but post job command for {PostJobApplicationRestart} failed with:  ") };
+                }
+                finally
+                {
+                    logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
+                }
             }
 
             catch (Exception ex)
 
@@ -25,6 +25,8 @@
 using static Keyfactor.Extensions.Orchestrator.RemoteFile.ReenrollmentBase;
 using static Keyfactor.PKI.PKIConstants.X509;
 using Keyfactor.PKI.PrivateKeys;
+using Keyfactor.PKI.CryptographicObjects.Formatters;
+using Org.BouncyCastle.X509;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -33,6 +35,8 @@ internal class RemoteCertificateStore
         private const string NO_EXTENSION = "noext";
         private const string FULL_SCAN = "fullscan";
         private const string LOCAL_MACHINE_SUFFIX = "|localmachine";
+        private const string POST_JOB_COMMAND_ARG1 = "%StorePath%";
+        private const string POST_JOB_COMMAND_ARG2 = "%SeparatePrivateKeyFilePath%";
 
         internal enum ServerTypeEnum
         {
@@ -263,7 +267,7 @@ internal void AddCertificate(string alias, string certificateEntry, bool overwri
                     RemoveRootCertificate(Convert.FromBase64String(certificateEntry), pfxPassword) : 
                     Convert.FromBase64String(certificateEntry);
 
-                using (MemoryStream ms = new MemoryStream(newCertBytes))
+                using (MemoryStream ms = new MemoryStream(string.IsNullOrEmpty(pfxPassword) ? ConvertDERToP12(newCertBytes) : newCertBytes))
                 {
                     newEntry.Load(ms, string.IsNullOrEmpty(pfxPassword) ? new char[0] : pfxPassword.ToCharArray());
                 }
@@ -370,6 +374,28 @@ internal string GenerateCSR(string subjectText, bool overwrite, string alias, Su
             return csr;
         }
 
+        internal void RunPostJobCommand(string applicationName, string storePath, string separatePrivateKeyFilePath)
+        {
+            string cmd = string.Empty;
+            try
+            {
+                cmd = ApplicationSettings.PostJobCommands.FirstOrDefault(p => p.Name == applicationName && p.Environment == ServerType.ToString())?.Command;
+            }
+            catch (Exception ex)
+            {
+                string errMessage = RemoteFileException.FlattenExceptionMessages(ex, "Error reading config.json PostJobCommands Setting: ");
+                logger.LogError(errMessage);
+                throw new RemoteFileException(errMessage);
+            }
+            if (string.IsNullOrEmpty(cmd))
+                throw new RemoteFileException($"Post job application {applicationName} command mapping not found in config.json.");
+
+            if (!string.IsNullOrEmpty(storePath)) cmd = cmd.Replace(POST_JOB_COMMAND_ARG1, storePath);
+            if (!string.IsNullOrEmpty(separatePrivateKeyFilePath)) cmd = cmd.Replace(POST_JOB_COMMAND_ARG2, separatePrivateKeyFilePath);
+
+            RemoteHandler.RunCommand(cmd, null, false, null);
+        }
+
         internal void Initialize(string sudoImpersonatedUser, bool useShellCommands)
         {
             logger.MethodEntry(LogLevel.Debug);
@@ -561,6 +587,23 @@ private string FormatPath(string path)
 
             return "'" + path + (path.Substring(path.Length - 1) == @"\" ? string.Empty : @"\") + "'";
         }
+
+        private byte[] ConvertDERToP12(byte[] cert)
+        {
+            X509Certificate x509Cert = new X509CertificateParser().ReadCertificate(cert);
+            Pkcs12Store store = new Pkcs12StoreBuilder().Build();
+            store.SetCertificateEntry("temp", new X509CertificateEntry(x509Cert));
+
+            using (var ms = new MemoryStream())
+            {
+                store.Save(
+                    ms,
+                    new char[] {},
+                    new SecureRandom()
+                );
+                return ms.ToArray();
+            }
+        }
     }
 
     class PathFile