Skip to content

Commit f5d4202

Browse files
Do not require store password for PEM inventory (#37) (#38)
Co-authored-by: Lee Fine <[email protected]>
1 parent 5c34321 commit f5d4202

11 files changed

+17
-14
lines changed

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
v2.4.0
2+
- Do not require store password for PEM inventory
3+
14
v2.3.1
25
- Bug fix: Discovery - ignore /proc folder for Linux servers
36

RemoteFile/ICertificateStoreSerializer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile
1414
{
1515
interface ICertificateStoreSerializer
1616
{
17-
Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler);
17+
Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey);
1818

1919
List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler);
2020

RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ public DERCertificateStoreSerializer(string storeProperties)
3838
LoadCustomProperties(storeProperties);
3939
}
4040

41-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
41+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
4242
{
4343
logger.MethodEntry(LogLevel.Debug);
4444

RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ public JKSCertificateStoreSerializer(string storeProperties)
3030
logger = LogHandler.GetClassLogger(this.GetType());
3131
}
3232

33-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
33+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
3434
{
3535
logger.MethodEntry(LogLevel.Debug);
3636

RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ public KDBCertificateStoreSerializer(string storeProperties)
2828
logger = LogHandler.GetClassLogger(this.GetType());
2929
}
3030

31-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
31+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
3232
{
3333
logger.MethodEntry(LogLevel.Debug);
3434

RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ public OraWltCertificateStoreSerializer(string storeProperties)
3434
LoadCustomProperties(storeProperties);
3535
}
3636

37-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
37+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
3838
{
3939
logger.MethodEntry(LogLevel.Debug);
4040

@@ -57,7 +57,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
5757
jksStore.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
5858

5959
JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);
60-
store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler);
60+
store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, includePrivateKey);
6161
}
6262
catch (Exception ex)
6363
{

RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ public PEMCertificateStoreSerializer(string storeProperties)
4949
LoadCustomProperties(storeProperties);
5050
}
5151

52-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
52+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
5353
{
5454
logger.MethodEntry(LogLevel.Debug);
5555

@@ -62,7 +62,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
6262
string storeContents = Encoding.ASCII.GetString(storeContentBytes);
6363
X509CertificateEntry[] certificates = GetCertificates(storeContents);
6464

65-
if (IsTrustStore)
65+
if (IsTrustStore || !includePrivateKey)
6666
{
6767
foreach(X509CertificateEntry certificate in certificates)
6868
{

RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ public PKCS12CertificateStoreSerializer(string storeProperties)
2525
logger = LogHandler.GetClassLogger(this.GetType());
2626
}
2727

28-
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
28+
public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
2929
{
3030
Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
3131
Pkcs12Store store = storeBuilder.Build();

RemoteFile/InventoryBase.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
4848
ApplicationSettings.Initialize(this.GetType().Assembly.Location);
4949
certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
5050
certificateStore.Initialize();
51-
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
51+
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, false);
5252

5353
List<X509Certificate2Collection> collections = certificateStore.GetCertificateChains();
5454

RemoteFile/ManagementBase.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
6767
else
6868
throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
6969
}
70-
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
70+
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
7171
certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword);
7272
certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
7373

@@ -82,7 +82,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
8282
}
8383
else
8484
{
85-
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
85+
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
8686
certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);
8787
certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
8888
}

0 commit comments

Comments
 (0)