Implement per instance import/export

Author: webprofusion-chrisc

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs

@@ -7,6 +7,7 @@
 using Certify.Locales;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Models.Hub;
 using Certify.Shared.Core.Utils;
 
@@ -330,6 +331,22 @@ public async Task<InstanceCommandResult> PerformHubCommandWithResult(InstanceCom
 
                 val = await GetDomainOptionsFromSite(serverType, itemArg.Value);
             }
+            else if (arg.CommandType == ManagementHubCommands.PerformImport)
+            {
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var requestArg = args.FirstOrDefault(a => a.Key == "importRequest");
+                var importRequest = JsonSerializer.Deserialize<ImportRequest>(requestArg.Value);
+
+                val = await PerformImport(importRequest);
+            }
+            else if (arg.CommandType == ManagementHubCommands.PerformExport)
+            {
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var requestArg = args.FirstOrDefault(a => a.Key == "exportRequest");
+                var exportRequest = JsonSerializer.Deserialize<ExportRequest>(requestArg.Value);
+
+                val = await PerformExport(exportRequest);
+            }
             else if (arg.CommandType == ManagementHubCommands.Reconnect)
             {
                 await _managementServerClient.Disconnect();

src/Certify.Core/Management/MigrationManager.cs

@@ -26,6 +26,7 @@ public class MigrationManager
         private IManagedItemStore _itemManager;
         private ICredentialsManager _credentialsManager;
         private List<ITargetWebServer> _targetServers;
+        private string _encryptionScheme = "default";
 
         public MigrationManager(IManagedItemStore itemManager, ICredentialsManager credentialsManager, List<ITargetWebServer> targetServers)
         {
@@ -227,32 +228,61 @@ private IEnumerable<EncryptedContent> GetTaskScriptsAndContent(ObservableCollect
 
         private Aes GetAlg(string secret, string salt)
         {
-            var saltBytes = Encoding.ASCII.GetBytes(salt);
-            var key = new Rfc2898DeriveBytes(secret, saltBytes);
+#if NET9_0_OR_GREATER
+            if (_encryptionScheme == "default")
+            {
+                var saltBytes = Encoding.ASCII.GetBytes(salt);
+#pragma warning disable SYSLIB0041 // Type or member is obsolete
+                var key = new Rfc2898DeriveBytes(secret, saltBytes);
+#pragma warning restore SYSLIB0041 // Type or member is obsolete
+
+                var aesAlg = Aes.Create();
+                aesAlg.Mode = CipherMode.CBC;
+                aesAlg.Padding = PaddingMode.PKCS7;
+
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+                aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);
+
+                return aesAlg;
+            }
+            else
+            {
 
-            var aesAlg = Aes.Create();
-            aesAlg.Mode = CipherMode.CBC;
-            aesAlg.Padding = PaddingMode.PKCS7;
+                var saltBytes = Encoding.ASCII.GetBytes(salt);
+                var key = new Rfc2898DeriveBytes(secret, saltBytes, 600000, HashAlgorithmName.SHA256);
 
-            aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
-            aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);
+                var aesAlg = Aes.Create();
+                aesAlg.Mode = CipherMode.CBC;
+                aesAlg.Padding = PaddingMode.PKCS7;
 
-            return aesAlg;
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+                aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);
+
+                return aesAlg;
+            }
+#else
+             var saltBytes = Encoding.ASCII.GetBytes(salt);
+             var key = new Rfc2898DeriveBytes(secret, saltBytes);
+
+             var aesAlg = Aes.Create();
+             aesAlg.Mode = CipherMode.CBC;
+             aesAlg.Padding = PaddingMode.PKCS7;
+
+             aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+             aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);
+
+             return aesAlg;
+#endif
         }
 
         public byte[] EncryptBytes(byte[] source, string secret, string salt)
         {
-            using (var rmCrypto = GetAlg(secret, salt))
-            {
-                using (var memoryStream = new MemoryStream())
-                using (var cryptoStream = new CryptoStream(memoryStream, rmCrypto.CreateEncryptor(), CryptoStreamMode.Write))
-                {
-                    cryptoStream.Write(source, 0, source.Length);
-                    cryptoStream.FlushFinalBlock();
-                    cryptoStream.Close();
-                    return memoryStream.ToArray();
-                }
-            }
+            using var rmCrypto = GetAlg(secret, salt);
+            using var memoryStream = new MemoryStream();
+            using var cryptoStream = new CryptoStream(memoryStream, rmCrypto.CreateEncryptor(), CryptoStreamMode.Write);
+            cryptoStream.Write(source, 0, source.Length);
+            cryptoStream.FlushFinalBlock();
+            return memoryStream.ToArray();
         }
 
         public byte[] DecryptBytes(byte[] source, string secret, string salt)
@@ -261,30 +291,12 @@ public byte[] DecryptBytes(byte[] source, string secret, string salt)
             {
                 using (var decryptor = rmCrypto.CreateDecryptor())
                 {
-                    using (var memoryStream = new MemoryStream(source))
-                    {
-                        using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
-                        {
-                            var decryptedBytes = new byte[source.Length];
-
-                            var totalRead = 0;
-                            while (totalRead < source.Length)
-                            {
-                                var bytesRead = cryptoStream.Read(decryptedBytes, totalRead, source.Length - totalRead);
-                                if (bytesRead == 0)
-                                {
-                                    break;
-                                }
-
-                                totalRead += bytesRead;
-                            }
+                    using var memoryStream = new MemoryStream(source);
+                    using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
+                    using var resultStream = new MemoryStream();
+                    cryptoStream.CopyTo(resultStream);
 
-                            memoryStream.Close();
-                            cryptoStream.Close();
-
-                            return decryptedBytes;
-                        }
-                    }
+                    return resultStream.ToArray();
                 }
             }
         }

src/Certify.Models/Hub/ManagementHubMessages.cs

@@ -48,6 +48,9 @@ public class ManagementHubCommands
         public const string GetTargetServiceItems = "GetTargetServiceItems";
         public const string GetTargetServiceItemIdentifiers = "GetTargetServiceItemIdentifiers";
 
+        public const string PerformImport = "PerformImport";
+        public const string PerformExport = "PerformExport";
+
         public const string Reconnect = "Reconnect";
 
         /// <summary>

src/Certify.Server/Certify.Server.Hub.Api.Client/Certify.Server.Hub.Api.Client.cs

@@ -4740,9 +4740,9 @@ public virtual async System.Threading.Tasks.Task<HubHealth> GetHealthAsync(Syste
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body)
+        public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformInstanceExportAsync(string instanceId, ExportRequest body)
         {
-            return PerformExportAsync(body, System.Threading.CancellationToken.None);
+            return PerformInstanceExportAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -4751,8 +4751,11 @@ public virtual System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsy
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExportAsync(ExportRequest body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformInstanceExportAsync(string instanceId, ExportRequest body, System.Threading.CancellationToken cancellationToken)
         {
+            if (instanceId == null)
+                throw new System.ArgumentNullException("instanceId");
+
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
@@ -4768,8 +4771,10 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/system/system/migration/export"
-                    urlBuilder_.Append("api/v1/system/system/migration/export");
+                    // Operation Path: "api/v1/system/{instanceId}/system/migration/export"
+                    urlBuilder_.Append("api/v1/system/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/system/migration/export");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 
@@ -4828,9 +4833,9 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body)
+        public virtual System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformInstanceImportAsync(string instanceId, ImportRequest body)
         {
-            return PerformImportAsync(body, System.Threading.CancellationToken.None);
+            return PerformInstanceImportAsync(instanceId, body, System.Threading.CancellationToken.None);
         }
 
         /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
@@ -4839,8 +4844,11 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
         /// </summary>
         /// <returns>OK</returns>
         /// <exception cref="ApiException">A server side error occurred.</exception>
-        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformImportAsync(ImportRequest body, System.Threading.CancellationToken cancellationToken)
+        public virtual async System.Threading.Tasks.Task<System.Collections.Generic.ICollection<ActionStep>> PerformInstanceImportAsync(string instanceId, ImportRequest body, System.Threading.CancellationToken cancellationToken)
         {
+            if (instanceId == null)
+                throw new System.ArgumentNullException("instanceId");
+
             var client_ = _httpClient;
             var disposeClient_ = false;
             try
@@ -4856,8 +4864,10 @@ public virtual async System.Threading.Tasks.Task<ImportExportPackage> PerformExp
 
                     var urlBuilder_ = new System.Text.StringBuilder();
                     if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
-                    // Operation Path: "api/v1/system/system/migration/import"
-                    urlBuilder_.Append("api/v1/system/system/migration/import");
+                    // Operation Path: "api/v1/system/{instanceId}/system/migration/import"
+                    urlBuilder_.Append("api/v1/system/");
+                    urlBuilder_.Append(System.Uri.EscapeDataString(ConvertToString(instanceId, System.Globalization.CultureInfo.InvariantCulture)));
+                    urlBuilder_.Append("/system/migration/import");
 
                     PrepareRequest(client_, request_, urlBuilder_);
 

src/Certify.Server/Certify.Server.Hub.Api/Controllers/v1/SystemController.cs

@@ -1,5 +1,6 @@
 using Certify.Client;
 using Certify.Models.Hub;
+using Certify.Server.Hub.Api.Services;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Certify.Server.Hub.Api.Controllers
@@ -16,15 +17,18 @@ public partial class SystemController : ApiControllerBase
 
         private readonly ICertifyInternalApiClient _client;
 
+        private ManagementAPI _mgmtAPI;
+
         /// <summary>
         /// Constructor
         /// </summary>
         /// <param name="logger"></param>
         /// <param name="client"></param>
-        public SystemController(ILogger<SystemController> logger, ICertifyInternalApiClient client)
+        public SystemController(ILogger<SystemController> logger, ICertifyInternalApiClient client, ManagementAPI mgmtApi)
         {
             _logger = logger;
             _client = client;
+            _mgmtAPI = mgmtApi;
         }
 
         /// <summary>

src/Certify.Server/Certify.Server.Hub.Api/Services/ManagementAPI.cs

@@ -1,7 +1,9 @@
 using System.Text.Json;
+using System.Threading.Tasks;
 using Certify.Client;
 using Certify.Models;
 using Certify.Models.Config;
+using Certify.Models.Config.Migration;
 using Certify.Models.Hub;
 using Certify.Models.Providers;
 using Certify.Models.Reporting;
@@ -384,6 +386,26 @@ internal async Task PerformManagedCertificateRequest(string instanceId, string m
 
             await SendCommandWithNoResult(instanceId, cmd);
         }
+
+        internal async Task<List<ActionStep>> PerformInstanceImport(string instanceId, ImportRequest importRequest, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("importRequest", JsonSerializer.Serialize(importRequest))
+                };
+
+            return await PerformInstanceCommandTaskWithResult<List<ActionStep>>(instanceId, args, ManagementHubCommands.PerformImport) ?? [];
+        }
+
+        internal async Task<Models.Config.Migration.ImportExportPackage> PerformInstanceExport(string instanceId, ExportRequest exportRequest, AuthContext? currentAuthContext)
+        {
+            var args = new KeyValuePair<string, string>[] {
+                    new("instanceId", instanceId) ,
+                    new("exportRequest", JsonSerializer.Serialize(exportRequest))
+                };
+
+            return await PerformInstanceCommandTaskWithResult<Models.Config.Migration.ImportExportPackage>(instanceId, args, ManagementHubCommands.PerformExport);
+        }
     }
 }
 

src/Certify.SourceGenerators/ApiMethods.cs

@@ -237,6 +237,22 @@ public static List<GeneratedAPI> GetApiDefinitions()
                             { "request", "Certify.Models.Hub.ManagedChallengeRequest" }
                         }
                     },
+                     new() {
+                        OperationName = "PerformExport",
+                        OperationMethod = HttpPost,
+                        Comment = "Perform an export of all settings",
+                        ServiceAPIRoute = "system/migration/export",
+                        ReturnType = "Models.Config.Migration.ImportExportPackage",
+                        Params = new Dictionary<string, string> { { "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } }
+                    },
+                     new() {
+                         OperationName = "PerformImport",
+                         OperationMethod = HttpPost,
+                         Comment = "Perform an import of all settings",
+                         ServiceAPIRoute = "system/migration/import",
+                         ReturnType = "ICollection<ActionStep>", 
+                         Params = new Dictionary<string, string> { { "importRequest", "Certify.Models.Config.Migration.ImportRequest" } }
+                     },
                     /* per instance API, via management hub */
                     new() {
                         OperationName = "GetAcmeAccounts",
@@ -432,26 +448,26 @@ public static List<GeneratedAPI> GetApiDefinitions()
                         ReturnType = "Models.Config.ActionResult",
                         Params = new Dictionary<string, string> { { "instanceId", "string" }, { "managedCertId", "string" } }
                     },
-                    // TODO
+
                     new() {
-                        OperationName = "PerformExport",
+                        OperationName = "PerformInstanceExport",
                         OperationMethod = HttpPost,
                         Comment = "Perform an export of all settings",
+                        UseManagementAPI = true,
                         PublicAPIController = "System",
-                        PublicAPIRoute = "system/migration/export",
-                        ServiceAPIRoute = "system/migration/export",
+                        PublicAPIRoute = "{instanceId}/system/migration/export",
                         ReturnType = "Models.Config.Migration.ImportExportPackage",
-                        Params = new Dictionary<string, string> { { "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } }
+                        Params = new Dictionary<string, string> {  { "instanceId", "string" }, { "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } }
                     },
                      new() {
-                         OperationName = "PerformImport",
+                         OperationName = "PerformInstanceImport",
                          OperationMethod = HttpPost,
                          Comment = "Perform an import of all settings",
+                         UseManagementAPI = true,
                          PublicAPIController = "System",
-                         PublicAPIRoute = "system/migration/import",
-                         ServiceAPIRoute = "system/migration/import",
+                         PublicAPIRoute = "{instanceId}/system/migration/import",
                          ReturnType = "ICollection<ActionStep>",
-                         Params = new Dictionary<string, string> { { "importRequest", "Certify.Models.Config.Migration.ImportRequest" } }
+                         Params = new Dictionary<string, string> {  { "instanceId", "string" }, { "importRequest", "Certify.Models.Config.Migration.ImportRequest" } }
                      },
                 };
         }

src/Certify.SourceGenerators/PublicAPISourceGenerator.cs

@@ -64,12 +64,12 @@ public void Initialize(IncrementalGeneratorInitializationContext context)
                     var apiParamCall = paramSet.Any() ? string.Join(", ", paramSet.Select(p => $"{p.Key}")) : "";
                     var apiParamCallWithoutAuthContext = config.Params.Any() ? string.Join(", ", config.Params.Select(p => $"{p.Key}")) : "";
 
-                    if (assemblyName.EndsWith("Hub.Api") && config.PublicAPIController != null)
+                    if (assemblyName.EndsWith("Hub.Api") && !string.IsNullOrEmpty(config.PublicAPIController))
                     {
                         ImplementPublicAPI(spc, config, apiParamDeclWithoutAuthContext, apiParamDecl, apiParamCall);
                     }
 
-                    if (assemblyName.EndsWith("Certify.UI.Blazor"))
+                    if (assemblyName.EndsWith("Certify.UI.Blazor") && !string.IsNullOrEmpty(config.PublicAPIController))
                     {
                         ImplementAppModel(spc, config, apiParamDeclWithoutAuthContext, apiParamCallWithoutAuthContext);
                     }