Do not require store password for PEM inventory (#37) (#38)

fiddlermikey · leefine02 · web-flow · commit f5d42023a158 · 2023-09-26T09:44:10.000-07:00
Co-authored-by: Lee Fine &lt;50836957+leefine02@users.noreply.github.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+v2.4.0
+- Do not require store password for PEM inventory
+
 v2.3.1
 - Bug fix: Discovery - ignore /proc folder for Linux servers
 
diff --git a/RemoteFile/ICertificateStoreSerializer.cs b/RemoteFile/ICertificateStoreSerializer.cs
@@ -14,7 +14,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     interface ICertificateStoreSerializer
     {
-        Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler);
+        Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey);
 
         List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler);
 
diff --git a/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs
@@ -38,7 +38,7 @@ public DERCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
diff --git a/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/JKS/JKSCertificateStoreSerializer.cs
@@ -30,7 +30,7 @@ public JKSCertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
diff --git a/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs
@@ -28,7 +28,7 @@ public KDBCertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
diff --git a/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs
@@ -34,7 +34,7 @@ public OraWltCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -57,7 +57,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
                 jksStore.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
 
                 JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);
-                store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler);
+                store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, includePrivateKey);
             }
             catch (Exception ex)
             {
diff --git a/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
@@ -49,7 +49,7 @@ public PEMCertificateStoreSerializer(string storeProperties)
             LoadCustomProperties(storeProperties);
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -62,7 +62,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
             string storeContents = Encoding.ASCII.GetString(storeContentBytes);
             X509CertificateEntry[] certificates = GetCertificates(storeContents);
 
-            if (IsTrustStore)
+            if (IsTrustStore || !includePrivateKey)
             {
                 foreach(X509CertificateEntry certificate in certificates)
                 {
diff --git a/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs b/RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
@@ -25,7 +25,7 @@ public PKCS12CertificateStoreSerializer(string storeProperties)
             logger = LogHandler.GetClassLogger(this.GetType());
         }
 
-        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)
+        public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)
         {
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
             Pkcs12Store store = storeBuilder.Build();
diff --git a/RemoteFile/InventoryBase.cs b/RemoteFile/InventoryBase.cs
@@ -48,7 +48,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                 ApplicationSettings.Initialize(this.GetType().Assembly.Location);
                 certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
                 certificateStore.Initialize();
-                certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, false);
 
                 List<X509Certificate2Collection> collections = certificateStore.GetCertificateChains();
 
diff --git a/RemoteFile/ManagementBase.cs b/RemoteFile/ManagementBase.cs
@@ -67,7 +67,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                             else
                                 throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");
                         }
-                        certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                        certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
                         certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword);
                         certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
 
@@ -82,7 +82,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         }
                         else
                         {
-                            certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);
+                            certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
                             certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);
                             certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));
                         }
diff --git a/RemoteFile/RemoteCertificateStore.cs b/RemoteFile/RemoteCertificateStore.cs
@@ -96,7 +96,7 @@ internal RemoteCertificateStore(string server, string serverId, string serverPas
             logger.MethodExit(LogLevel.Debug);
         }
 
-        internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties)
+        internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreSerializer, string storeProperties, bool includePrivateKey)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -107,7 +107,7 @@ internal void LoadCertificateStore(ICertificateStoreSerializer certificateStoreS
             if (byteContents.Length < 5)
                 return;
 
-            CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler);
+            CertificateStore = certificateStoreSerializer.DeserializeRemoteCertificateStore(byteContents, StorePath, StorePassword, RemoteHandler, includePrivateKey);
 
             logger.MethodExit(LogLevel.Debug);
         }

-Original file line number
+Diff line change
@@ @@ -1,3 +1,6 @@ @@
 +v2.4.0
 +- Do not require store password for PEM inventory
++
 v2.3.1
 - Bug fix: Discovery - ignore /proc folder for Linux servers
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile`
`14`	`14`	`{`
`15`	`15`	`interface ICertificateStoreSerializer`
`16`	`16`	`{`
`17`		`- Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler);`
	`17`	`+ Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey);`
`18`	`18`
`19`	`19`	`List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler);`
`20`	`20`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public DERCertificateStoreSerializer(string storeProperties)`
`38`	`38`	`LoadCustomProperties(storeProperties);`
`39`	`39`	`}`
`40`	`40`
`41`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`41`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`42`	`42`	`{`
`43`	`43`	`logger.MethodEntry(LogLevel.Debug);`
`44`	`44`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public JKSCertificateStoreSerializer(string storeProperties)`
`30`	`30`	`logger = LogHandler.GetClassLogger(this.GetType());`
`31`	`31`	`}`
`32`	`32`
`33`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`33`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`34`	`34`	`{`
`35`	`35`	`logger.MethodEntry(LogLevel.Debug);`
`36`	`36`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public KDBCertificateStoreSerializer(string storeProperties)`
`28`	`28`	`logger = LogHandler.GetClassLogger(this.GetType());`
`29`	`29`	`}`
`30`	`30`
`31`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`31`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`32`	`32`	`{`
`33`	`33`	`logger.MethodEntry(LogLevel.Debug);`
`34`	`34`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ public OraWltCertificateStoreSerializer(string storeProperties)`
`34`	`34`	`LoadCustomProperties(storeProperties);`
`35`	`35`	`}`
`36`	`36`
`37`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`37`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`38`	`38`	`{`
`39`	`39`	`logger.MethodEntry(LogLevel.Debug);`
`40`	`40`
`@@ -57,7 +57,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s`
`57`	`57`	`jksStore.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());`
`58`	`58`
`59`	`59`	`JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);`
`60`		`- store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler);`
	`60`	`+ store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, includePrivateKey);`
`61`	`61`	`}`
`62`	`62`	`catch (Exception ex)`
`63`	`63`	`{`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ public PEMCertificateStoreSerializer(string storeProperties)`
`49`	`49`	`LoadCustomProperties(storeProperties);`
`50`	`50`	`}`
`51`	`51`
`52`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`52`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`53`	`53`	`{`
`54`	`54`	`logger.MethodEntry(LogLevel.Debug);`
`55`	`55`
`@@ -62,7 +62,7 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s`
`62`	`62`	`string storeContents = Encoding.ASCII.GetString(storeContentBytes);`
`63`	`63`	`X509CertificateEntry[] certificates = GetCertificates(storeContents);`
`64`	`64`
`65`		`- if (IsTrustStore)`
	`65`	`+ if (IsTrustStore \|\| !includePrivateKey)`
`66`	`66`	`{`
`67`	`67`	`foreach(X509CertificateEntry certificate in certificates)`
`68`	`68`	`{`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public PKCS12CertificateStoreSerializer(string storeProperties)`
`25`	`25`	`logger = LogHandler.GetClassLogger(this.GetType());`
`26`	`26`	`}`
`27`	`27`
`28`		`- public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler)`
	`28`	`+ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool includePrivateKey)`
`29`	`29`	`{`
`30`	`30`	`Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();`
`31`	`31`	`Pkcs12Store store = storeBuilder.Build();`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`67`	`67`	`else`
`68`	`68`	`throw new RemoteFileException($"Certificate store {config.CertificateStoreDetails.StorePath} does not exist on server {config.CertificateStoreDetails.ClientMachine}.");`
`69`	`69`	`}`
`70`		`- certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);`
	`70`	`+ certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);`
`71`	`71`	`certificateStore.AddCertificate((config.JobCertificate.Alias ?? new X509Certificate2(Convert.FromBase64String(config.JobCertificate.Contents), config.JobCertificate.PrivateKeyPassword).Thumbprint), config.JobCertificate.Contents, config.Overwrite, config.JobCertificate.PrivateKeyPassword);`
`72`	`72`	`certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));`
`73`	`73`
`@@ -82,7 +82,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`82`	`82`	`}`
`83`	`83`	`else`
`84`	`84`	`{`
`85`		`- certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties);`
	`85`	`+ certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);`
`86`	`86`	`certificateStore.DeleteCertificateByAlias(config.JobCertificate.Alias);`
`87`	`87`	`certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));`
`88`	`88`	`}`