ab#76170

Author: leefine02

RemoteFile/ReenrollmentBase.cs

@@ -53,6 +53,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
 
                 certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, UserName, UserPassword, config.CertificateStoreDetails.StorePath, StorePassword, SSHPort, IncludePortInSPN);
                 certificateStore.Initialize(SudoImpersonatedUser, UseShellCommands);
+                certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
 
                 if (!certificateStore.DoesStoreExist())
                 {
@@ -107,7 +108,6 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
                 }
 
                 // save certificate
-                certificateStore.LoadCertificateStore(certificateStoreSerializer, false);
                 certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate);
                 certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));
 

RemoteFile/RemoteCertificateStore.cs

@@ -9,6 +9,7 @@
 using Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers;
 using Keyfactor.Logging;
 using Keyfactor.PKI.X509;
+using Keyfactor.PKI.PEM;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 using Org.BouncyCastle.Pkcs;
@@ -352,6 +353,7 @@ internal string GenerateCSROnDevice(string subjectText, bool overwrite, string a
             string csr = string.Empty;
             privateKey = RSA.Create();
 
+
             return csr;
         }
 
@@ -361,40 +363,21 @@ internal string GenerateCSR(string subjectText, bool overwrite, string alias, Su
             {
                 throw new RemoteFileException($"Alias {alias} already exists in store {StorePath + StoreFileName} and overwrite is set to False.  Please try again with overwrite set to True if you wish to replace this entry.");
             }
-            
-            IEnumerable<KeyValuePair<SubjectAltNameElementType, string>> sansList =
-                sans.SelectMany(
-                    kvp =>
-                        kvp.Value.Select(
-                            v => new KeyValuePair<SubjectAltNameElementType, string>(
-                                Enum.Parse<SubjectAltNameElementType>(kvp.Key, ignoreCase: true),
-                                v
-                            )
-                        )
-                );
-            
-            string keyAlgorithm = string.Empty;
-            switch (keyType)
-            {
-                case SupportedKeyTypeEnum.RSA:
-                    keyAlgorithm = "SHA256withRSA";
-                    break;
-                case SupportedKeyTypeEnum.ECC:
-                    keyAlgorithm = "SHA256withECDSA";
-                    if (keySize == 384) keyAlgorithm = "SHA384withECDSA";
-                    if (keySize == 521) keyAlgorithm = "SHA512withECDSA";
-                    break;
-            }
 
-            RequestGenerator generator = new RequestGenerator(keyAlgorithm, keySize);
-            generator.SANs = sansList;
+            List<string> sansList = sans
+                .SelectMany(san => san.Value.Select(value => $"{san.Key}={value}"))
+                .ToList();
+
+            RequestGenerator generator = new RequestGenerator(keyType.ToString(), keySize);
+            generator.SANs = X509Utilities.ParseSANs(sansList);
             generator.Subject = subjectText;
-            string csr = System.Text.Encoding.ASCII.GetString(generator.CreatePKCS10Request());
+            string csr = PemUtilities.DERToPEM(generator.CreatePKCS10Request(), PKI.PEM.PemUtilities.PemObjectType.CertRequest);
+
             privateKey = generator.GetRequestPrivateKey().ToNetPrivateKey();
 
             return csr;
         }
-
+        
         //internal string GenerateCSROnDevice(string subjectText, SupportedKeyTypeEnum keyType, int keySize, List<string> sans, out string privateKey)
         //{
         //    string path = ApplicationSettings.TempFilePathForODKG;

RemoteFile/RemoteFileJobTypeBase.cs

@@ -80,6 +80,7 @@ internal void SetJobProperties(JobConfiguration config, CertificateStore certifi
             if (config.JobProperties != null)
             {
                 KeyType = !config.JobProperties.ContainsKey("keyType") || config.JobProperties["keyType"] == null || string.IsNullOrEmpty(config.JobProperties["keyType"].ToString()) ? string.Empty : config.JobProperties["keyType"].ToString();
+                if (KeyType == "ECDSA") KeyType = "ECC";
                 KeySize = !config.JobProperties.ContainsKey("keySize") || config.JobProperties["keySize"] == null || string.IsNullOrEmpty(config.JobProperties["keySize"].ToString()) || !int.TryParse(config.JobProperties["keySize"].ToString(), out int notUsed2) ? 2048 : Convert.ToInt32(config.JobProperties["keySize"]);
                 SubjectText = !config.JobProperties.ContainsKey("subjectText") || config.JobProperties["subjectText"] == null || string.IsNullOrEmpty(config.JobProperties["subjectText"].ToString()) ? string.Empty : config.JobProperties["subjectText"].ToString();
             }