Merge 3.0.0 to main

CHANGELOG.md

@@ -1,3 +1,9 @@
+v3.0.0
+- Added support for post quantum ML-DSA certificates for store types RFPEM, RFJKS, RFPkcs12, and RFDER
+- Added support for On Device Key Generation (ODKG)
+- Removed FileTransferProtocol option from the config.json and store type custom fields.  Integration will now always attempt SCP first and then SFTP (if SCP fails) for all file transfers.
+- Removed .net8/.net6 dual build capabilities.  3.0 and later releases .net8 only due to mandatory use of later Keyfactor libraries that have minimum requirements of .net8.
+
 v2.12.0
 - Added config.json setting and its override store level custom field - AllowShellCommands.  If "N" (default "Y"), SFTP will be used to create stores and move files on Linux-based certificate store servers.  No Linux shell commands will be used in the integration.
 

RemoteFile.UnitTests/RemoteFile.UnitTests.csproj

@@ -1,16 +1,19 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net6.0</TargetFramework>
+        <TargetFramework>net8.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
 
         <IsPackable>false</IsPackable>
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0"/>
-        <PackageReference Include="xunit" Version="2.4.1"/>
+        <PackageReference Include="BouncyCastle.Cryptography" Version="2.6.2" />
+        <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="1.0.0" />
+        <PackageReference Include="Keyfactor.PKI" Version="8.1.1" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
+        <PackageReference Include="xunit" Version="2.4.1" />
         <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
             <PrivateAssets>all</PrivateAssets>

RemoteFile/ApplicationSettings.cs

@@ -19,13 +19,6 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
     public class ApplicationSettings
     {
-        public enum FileTransferProtocolEnum
-        {
-            SCP,
-            SFTP,
-            Both
-        }
-
         private const string DEFAULT_LINUX_PERMISSION_SETTING = "";
         private const string DEFAULT_OWNER_SETTING = "";
         private const string DEFAULT_SUDO_IMPERSONATION_SETTING = "";
@@ -40,7 +33,6 @@ public enum FileTransferProtocolEnum
         public static string DefaultLinuxPermissionsOnStoreCreation { get { return configuration.ContainsKey("DefaultLinuxPermissionsOnStoreCreation") ? configuration["DefaultLinuxPermissionsOnStoreCreation"] : DEFAULT_LINUX_PERMISSION_SETTING; } }
         public static string DefaultOwnerOnStoreCreation { get { return configuration.ContainsKey("DefaultOwnerOnStoreCreation") ? configuration["DefaultOwnerOnStoreCreation"] : DEFAULT_OWNER_SETTING; } }
         public static string DefaultSudoImpersonatedUser { get { return configuration.ContainsKey("DefaultSudoImpersonatedUser") ? configuration["DefaultSudoImpersonatedUser"] : DEFAULT_SUDO_IMPERSONATION_SETTING; } }
-        public static bool CreateCSROnDevice { get { return configuration.ContainsKey("CreateCSROnDevice") ? configuration["CreateCSROnDevice"]?.ToUpper() == "Y" : false; } }
         public static string TempFilePathForODKG { get { return configuration.ContainsKey("TempFilePathForODKG") ? configuration["TempFilePathForODKG"] : string.Empty; } }
         public static bool UseShellCommands { get { return configuration.ContainsKey("UseShellCommands") ? configuration["UseShellCommands"]?.ToUpper() == "Y" : true; } }
         public static int SSHPort
@@ -61,34 +53,6 @@ public static int SSHPort
                 }
             }
         }
-        public static FileTransferProtocolEnum FileTransferProtocol 
-        { 
-            get 
-            {
-                ILogger logger = LogHandler.GetClassLogger<ApplicationSettings>();
-
-                string protocolNames = string.Empty;
-                foreach (string protocolName in Enum.GetNames(typeof(FileTransferProtocolEnum)))
-                {
-                    protocolNames += protocolName + ", ";
-                }
-                protocolNames = protocolNames.Substring(0, protocolNames.Length - 2);
-                string? protocolValue = configuration["FileTransferProtocol"];
-
-                if (!PropertyUtilities.TryEnumParse(protocolValue, out bool isFlagCombination, out FileTransferProtocolEnum protocol))
-                    throw new RemoteFileException($"Invalid optional config.json FileTransferProtocol option of {protocolValue}.  If present, must be one of these values: {protocolNames}.");
-
-                // Issue: If received a comma-delimited list ("SCP,SFTP,Both"), it's treating it as a flag combination (i.e. mapping it to 0+1+2=3)
-                // If this happens, we want to default it to Both so it's resolved as a valid mapping.
-                if (isFlagCombination)
-                {
-                    logger.LogWarning($"FileTransferProtocol config value {protocolValue} mapped to a flag combination. Setting FileTransferProtocol explicitly to Both.");
-                    protocol = FileTransferProtocolEnum.Both;
-                }
-
-                return protocol; 
-            }
-        }
 
         static ApplicationSettings()
         {
@@ -143,8 +107,6 @@ private static void ValidateConfiguration(ILogger logger)
                 logger.LogDebug($"Missing configuration parameter - DefaultLinuxPermissionsOnStoreCreation.  Will set to default value of '{DEFAULT_LINUX_PERMISSION_SETTING}'");
             if (!configuration.ContainsKey("DefaultOwnerOnStoreCreation"))
                 logger.LogDebug($"Missing configuration parameter - DefaultOwnerOnStoreCreation.  Will set to default value of '{DEFAULT_OWNER_SETTING}'");
-            if (!configuration.ContainsKey("FileTransferProtocol"))
-                logger.LogDebug($"Missing configuration parameter - FileTransferProtocol.  Will set to default value of 'SCP'");
         }
 
         private static string AddTrailingSlash(string path)

RemoteFile/ImplementedStoreTypes/DER/DERCertificateStoreSerializer.cs

@@ -5,24 +5,22 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 // and limitations under the License.
 
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-
-using Newtonsoft.Json;
-
+using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
+using Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers;
 using Keyfactor.Logging;
+using Keyfactor.PKI.CryptographicObjects.Formatters;
 using Keyfactor.PKI.PrivateKeys;
 using Keyfactor.PKI.X509;
-using Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers;
-using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
-
 using Microsoft.Extensions.Logging;
-
+using Newtonsoft.Json;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Tls;
 using Org.BouncyCastle.X509;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.DER
 {
@@ -94,8 +92,7 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
                         throw new RemoteFileException($"DER certificate store has a private key at {SeparatePrivateKeyFilePath}, but no private key was passed with the certificate to this job.");
                 }
 
-                CertificateConverter certConverter = CertificateConverterFactory.FromBouncyCastleCertificate(certificateStore.GetCertificate(alias).Certificate);
-                certificateBytes = certConverter.ToDER(string.IsNullOrEmpty(storePassword) ? string.Empty : storePassword);
+                certificateBytes = CryptographicObjectFormatter.DER.Format(certificateStore.GetCertificate(alias).Certificate);
 
                 if (!string.IsNullOrEmpty(SeparatePrivateKeyFilePath))
                 {