55// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
66// and limitations under the License.
77
8- using System ;
9- using System . Collections . Generic ;
10- using System . Text ;
11- using System . IO ;
12-
13- using Newtonsoft . Json ;
14-
8+ using Keyfactor . Extensions . Orchestrator . RemoteFile . Models ;
9+ using Keyfactor . Extensions . Orchestrator . RemoteFile . RemoteHandlers ;
1510using Keyfactor . Logging ;
16- using Keyfactor . PKI . PrivateKeys ;
17- using Keyfactor . PKI . X509 ;
11+ using Keyfactor . PKI . CryptographicObjects . Formatters ;
12+ using Keyfactor . PKI . Extensions ;
1813using Keyfactor . PKI . PEM ;
19- using Keyfactor . Extensions . Orchestrator . RemoteFile . RemoteHandlers ;
20- using Keyfactor . Extensions . Orchestrator . RemoteFile . Models ;
21-
14+ using Keyfactor . PKI . PrivateKeys ;
2215using Microsoft . Extensions . Logging ;
23-
24- using Org . BouncyCastle . Math ;
16+ using Newtonsoft . Json ;
17+ using Org . BouncyCastle . Asn1 . X9 ;
2518using Org . BouncyCastle . Crypto ;
19+ using Org . BouncyCastle . Crypto . Parameters ;
20+ using Org . BouncyCastle . Math ;
21+ using Org . BouncyCastle . OpenSsl ;
2622using Org . BouncyCastle . Pkcs ;
2723using Org . BouncyCastle . X509 ;
24+ using System ;
25+ using System . Collections . Generic ;
26+ using System . IO ;
27+ using System . Linq ;
2828using System . Security . Cryptography ;
29- using Org . BouncyCastle . OpenSsl ;
30- using Org . BouncyCastle . Crypto . Parameters ;
31- using Org . BouncyCastle . Asn1 . X9 ;
29+ using System . Text ;
3230
3331namespace Keyfactor . Extensions . Orchestrator . RemoteFile . PEM
3432{
@@ -37,8 +35,6 @@ class PEMCertificateStoreSerializer : ICertificateStoreSerializer
3735 string [ ] PrivateKeyDelimetersPkcs8 = new string [ ] { "-----BEGIN PRIVATE KEY-----" , "-----BEGIN ENCRYPTED PRIVATE KEY-----" } ;
3836 string [ ] PrivateKeyDelimetersRSA = new string [ ] { "-----BEGIN RSA PRIVATE KEY-----" } ;
3937 string [ ] PrivateKeyDelimetersEC = new string [ ] { "-----BEGIN EC PRIVATE KEY-----" } ;
40- string CertDelimBeg = "-----BEGIN CERTIFICATE-----" ;
41- string CertDelimEnd = "-----END CERTIFICATE-----" ;
4238
4339 private enum PrivateKeyTypeEnum
4440 {
@@ -74,15 +70,15 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
7470 {
7571 foreach ( X509CertificateEntry certificate in certificates )
7672 {
77- store . SetCertificateEntry ( CertificateConverterFactory . FromBouncyCastleCertificate ( certificate . Certificate ) . ToX509Certificate2 ( ) . Thumbprint , certificate ) ;
73+ store . SetCertificateEntry ( certificate . Certificate . Thumbprint ( ) , certificate ) ;
7874 }
7975 }
8076 else
8177 {
8278 PrivateKeyTypeEnum privateKeyType ;
8379 AsymmetricKeyEntry keyEntry = GetPrivateKey ( storeContents , storePassword ?? string . Empty , remoteHandler , out privateKeyType ) ;
8480
85- store . SetKeyEntry ( CertificateConverterFactory . FromBouncyCastleCertificate ( certificates [ 0 ] . Certificate ) . ToX509Certificate2 ( ) . Thumbprint , keyEntry , certificates ) ;
81+ store . SetKeyEntry ( certificates [ 0 ] . Certificate . Thumbprint ( ) , keyEntry , certificates ) ;
8682 }
8783
8884 // Second Pkcs12Store necessary because of an obscure BC bug where creating a Pkcs12Store without .Load (code above using "Set" methods only) does not set all internal hashtables necessary to avoid an error later
@@ -113,8 +109,7 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
113109 if ( certificateStore . IsKeyEntry ( alias ) )
114110 throw new RemoteFileException ( "Cannot add a certificate with a private key to a PEM trust store." ) ;
115111
116- CertificateConverter certConverter = CertificateConverterFactory . FromBouncyCastleCertificate ( certificateStore . GetCertificate ( alias ) . Certificate ) ;
117- pemString += certConverter . ToPEM ( true ) ;
112+ pemString += CryptographicObjectFormatter . PEM . Format ( certificateStore . GetCertificate ( alias ) . Certificate , false ) ;
118113 }
119114 }
120115 else
@@ -140,44 +135,29 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
140135 throw new RemoteFileException ( "No private key found. Private key must be present to add entry to a non-Trust PEM certificate store." ) ;
141136
142137 X509CertificateEntry [ ] chainEntries = certificateStore . GetCertificateChain ( alias ) ;
143- CertificateConverter certConverter = CertificateConverterFactory . FromBouncyCastleCertificate ( chainEntries [ 0 ] . Certificate ) ;
138+ X509Certificate endCertificate = chainEntries [ 0 ] . Certificate ;
144139
145140 AsymmetricKeyParameter privateKey = certificateStore . GetKey ( alias ) . Key ;
146- AsymmetricKeyParameter publicKey = chainEntries [ 0 ] . Certificate . GetPublicKey ( ) ;
141+ PrivateKeyConverter keyConverter = PrivateKeyConverterFactory . FromBCPrivateKeyAndCert ( privateKey , endCertificate ) ;
147142
148- if ( privateKeyType == PrivateKeyTypeEnum . PKCS8 )
149- {
150- PrivateKeyConverter keyConverter = PrivateKeyConverterFactory . FromBCKeyPair ( privateKey , publicKey , false ) ;
143+ keyString = CryptographicObjectFormatter . PEM . Format ( keyConverter , storePassword ) ;
144+ pemString = string . IsNullOrEmpty ( SeparatePrivateKeyFilePath )
145+ ? CryptographicObjectFormatter . PEM . Format ( endCertificate , keyConverter , storePassword , false )
146+ : CryptographicObjectFormatter . PEM . Format ( endCertificate , false ) ;
151147
152- byte [ ] privateKeyBytes = string . IsNullOrEmpty ( storePassword ) ? keyConverter . ToPkcs8BlobUnencrypted ( ) : keyConverter . ToPkcs8Blob ( storePassword ) ;
153- keyString = PemUtilities . DERToPEM ( privateKeyBytes , string . IsNullOrEmpty ( storePassword ) ? PemUtilities . PemObjectType . PrivateKey : PemUtilities . PemObjectType . EncryptedPrivateKey ) ;
154- }
155- else
148+ if ( ! IncludesChain )
156149 {
157- TextWriter textWriter = new StringWriter ( ) ;
158- PemWriter pemWriter = new PemWriter ( textWriter ) ;
159- pemWriter . WriteObject ( privateKey ) ;
160- pemWriter . Writer . Flush ( ) ;
161-
162- keyString = textWriter . ToString ( ) ;
150+ continue ;
163151 }
164152
165- pemString = certConverter . ToPEM ( true ) ;
166- if ( string . IsNullOrEmpty ( SeparatePrivateKeyFilePath ) )
167- pemString += keyString ;
168-
169- if ( IncludesChain )
153+ for ( int i = 1 ; i < chainEntries . Length ; i ++ )
170154 {
171- for ( int i = 1 ; i < chainEntries . Length ; i ++ )
172- {
173- CertificateConverter chainConverter = CertificateConverterFactory . FromBouncyCastleCertificate ( chainEntries [ i ] . Certificate ) ;
174- pemString += chainConverter . ToPEM ( true ) ;
175- }
155+ pemString += CryptographicObjectFormatter . PEM . Format ( chainEntries [ i ] . Certificate , false ) ;
176156 }
177157 }
178158 }
179159
180- storeInfo . Add ( new SerializedStoreInfo ( ) { FilePath = storePath + storeFileName , Contents = Encoding . ASCII . GetBytes ( pemString ) } ) ;
160+ storeInfo . Add ( new SerializedStoreInfo ( ) { FilePath = storePath + storeFileName , Contents = Encoding . ASCII . GetBytes ( pemString ) } ) ;
181161 if ( ! string . IsNullOrEmpty ( SeparatePrivateKeyFilePath ) )
182162 storeInfo . Add ( new SerializedStoreInfo ( ) { FilePath = SeparatePrivateKeyFilePath , Contents = Encoding . ASCII . GetBytes ( keyString ) } ) ;
183163
@@ -215,18 +195,10 @@ private X509CertificateEntry[] GetCertificates(string certificates)
215195
216196 try
217197 {
218- while ( certificates . Contains ( CertDelimBeg ) )
219- {
220- int certStart = certificates . IndexOf ( CertDelimBeg ) ;
221- int certLength = certificates . IndexOf ( CertDelimEnd ) + CertDelimEnd . Length - certStart ;
222- string certificate = certificates . Substring ( certStart , certLength ) ;
223-
224- CertificateConverter c2 = CertificateConverterFactory . FromPEM ( Encoding . ASCII . GetBytes ( certificate . Replace ( CertDelimBeg , string . Empty ) . Replace ( CertDelimEnd , string . Empty ) ) ) ;
225- X509Certificate bcCert = c2 . ToBouncyCastleCertificate ( ) ;
226- certificateEntries . Add ( new X509CertificateEntry ( bcCert ) ) ;
227-
228- certificates = certificates . Substring ( certStart + certLength - 1 ) ;
229- }
198+ IEnumerable < string > pemCertificates = PemUtilities . SplitCollection ( certificates ) ;
199+ certificateEntries . AddRange ( pemCertificates . Select ( cert =>
200+ new X509CertificateEntry ( new X509Certificate ( CryptographicObjectFormatter . DER . Format ( cert ) ) ) )
201+ ) ;
230202 }
231203 catch ( Exception ex )
232204 {
0 commit comments