Implement per-instance cert multi-format export

Author: webprofusion-chrisc

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagedCertificates.cs

@@ -2,14 +2,16 @@
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Diagnostics;
+using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
-using Certify.Models.Hub;
 using Certify.Models;
+using Certify.Models.Config;
+using Certify.Models.Hub;
 using Certify.Models.Providers;
 using Certify.Models.Reporting;
 using Certify.Models.Shared;
-using Certify.Models.Config;
+using Certify.Shared.Core.Utils.PKI;
 
 namespace Certify.Management
 {
@@ -531,6 +533,87 @@ public async Task<List<ActionStep>> GeneratePreview(ManagedCertificate item)
             return await new PreviewManager().GeneratePreview(item, serverProvider, this, _credentialsManager);
         }
 
+        /// <summary>
+        /// Prepare an export of a managed certificate in the given format (if certificate present)
+        /// </summary>
+        /// <param name="item"></param>
+        /// <returns></returns>
+        public async Task<ActionResult<byte[]>> ExportCertificate(string managedCertId, string format)
+        {
+            var item = await GetManagedCertificate(managedCertId);
+
+            if (string.IsNullOrEmpty(item?.CertificatePath) || !File.Exists(item?.CertificatePath))
+            {
+                return new ActionResult<byte[]>("Source certificate file is not present. Export cannot continue.", false);
+            }
+
+            if (string.IsNullOrWhiteSpace(format))
+            {
+                format = "pfx";
+            }
+
+            try
+            {
+                var pfxData = File.ReadAllBytes(item.CertificatePath);
+
+                var certPwd = "";
+
+                // if credential used for private key, check if we can decrypt that (unless we exporting PFX which is just a file copy)
+                if (!string.IsNullOrWhiteSpace(item.CertificatePasswordCredentialId) && format != "pfx")
+                {
+                    var cred = await GetCredentialsManager().GetUnlockedCredentialsDictionary(item.CertificatePasswordCredentialId);
+                    if (cred != null)
+                    {
+                        certPwd = cred["password"];
+                    }
+                    else
+                    {
+                        return new ActionResult<byte[]>($"Export - the credentials for this export could not be unlocked or were not accessible {item.CertificatePasswordCredentialId}.", false);
+                    }
+                }
+
+                byte[] result = [];
+
+                if (format == "pfx")
+                {
+                    result = pfxData;
+                }
+                else if (format == "pem_key")
+                {
+                    result = CertUtils.GetCertComponentsAsPEMBytes(pfxData, certPwd, ExportFlags.PrivateKey);
+                }
+                else if (format == "pem_fullchain")
+                {
+                    result = CertUtils.GetCertComponentsAsPEMBytes(pfxData, certPwd, ExportFlags.EndEntityCertificate | ExportFlags.IntermediateCertificates);
+                }
+                else if (format == "pem_fullchain_key")
+                {
+                    result = CertUtils.GetCertComponentsAsPEMBytes(pfxData, certPwd, ExportFlags.PrivateKey | ExportFlags.EndEntityCertificate | ExportFlags.IntermediateCertificates);
+                }
+                else if (format == "pem_fullchain_root")
+                {
+                    result = CertUtils.GetCertComponentsAsPEMBytes(pfxData, certPwd, ExportFlags.EndEntityCertificate | ExportFlags.IntermediateCertificates | ExportFlags.RootCertificate);
+                }
+                else if (format == "pem_fullchain_root_key")
+                {
+                    result = CertUtils.GetCertComponentsAsPEMBytes(pfxData, certPwd, ExportFlags.PrivateKey | ExportFlags.EndEntityCertificate | ExportFlags.IntermediateCertificates | ExportFlags.RootCertificate);
+                }
+
+                if (result.Length == 0)
+                {
+                    return new ActionResult<byte[]>($"Export - no files where selected for export or export could not be applied for source certificate.", false);
+                }
+                else
+                {
+                    return new ActionResult<byte[]> { Result = result, IsSuccess = true };
+                }
+            }
+            catch (Exception exp)
+            {
+                return new ActionResult<byte[]>($"Export - {exp}", false);
+            }
+        }
+
         public async Task<List<DnsZone>> GetDnsProviderZones(string providerTypeId, string credentialId)
         {
             var dnsHelper = new Core.Management.Challenges.DnsChallengeHelper(_credentialsManager);

src/Certify.Core/Management/CertifyManager/CertifyManager.ManagementHub.cs

@@ -142,6 +142,13 @@ private async Task<InstanceCommandResult> _managementServerClient_OnGetCommandRe
 
                 val = await GeneratePreview(managedCert);
             }
+            else if (arg.CommandType == ManagementHubCommands.ExportCertificate)
+            {
+                var args = JsonSerializer.Deserialize<KeyValuePair<string, string>[]>(arg.Value);
+                var managedCertIdArg = args.FirstOrDefault(a => a.Key == "managedCertId");
+                var format = args.FirstOrDefault(a => a.Key == "format");
+                val = await ExportCertificate(managedCertIdArg.Value, format.Value);
+            }
             else if (arg.CommandType == ManagementHubCommands.UpdateManagedItem)
             {
                 // update a single managed item 

src/Certify.Models/Hub/ManagementHubMessages.cs

@@ -19,6 +19,7 @@ public class ManagementHubCommands
         public const string GetManagedItem = "GetManagedItem";
         public const string GetManagedItemLog = "GetManagedItemLog";
         public const string GetManagedItemRenewalPreview = "GetManagedItemRenewalPreview";
+        public const string ExportCertificate = "ExportCertificate";
 
         public const string UpdateManagedItem = "UpdateManagedItem";
         public const string RemoveManagedItem = "RemoveManagedItem";