ab#55979

RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs

@@ -33,15 +33,15 @@ namespace Keyfactor.Extensions.Orchestrator.RemoteFile.PEM
     class PEMCertificateStoreSerializer : ICertificateStoreSerializer
     {
         string[] PrivateKeyDelimetersPkcs8 = new string[] { "-----BEGIN PRIVATE KEY-----", "-----BEGIN ENCRYPTED PRIVATE KEY-----" };
-        string[] PrivateKeyDelimetersPkcs1 = new string[] { "-----BEGIN RSA PRIVATE KEY-----" };
+        string[] PrivateKeyDelimetersRSA = new string[] { "-----BEGIN RSA PRIVATE KEY-----", "-----BEGIN ENCRYPTED RSA PRIVATE KEY-----", "-----BEGIN RSA ENCRYPTED PRIVATE KEY-----" };
         string[] PrivateKeyDelimetersEC = new string[] { "-----BEGIN EC PRIVATE KEY-----", "-----BEGIN EC ENCRYPTED PRIVATE KEY-----", "-----BEGIN ENCRYPTED EC PRIVATE KEY-----" };
         string CertDelimBeg = "-----BEGIN CERTIFICATE-----";
         string CertDelimEnd = "-----END CERTIFICATE-----";
 
         private enum PrivateKeyTypeEnum
         {
             EC,
-            PKCS1,
+            RSA,
             PKCS8
         }
 
@@ -80,9 +80,6 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
                 PrivateKeyTypeEnum privateKeyType;
                 AsymmetricKeyEntry keyEntry = GetPrivateKey(storeContents, storePassword ?? string.Empty, remoteHandler, out privateKeyType);
 
-                if (privateKeyType == PrivateKeyTypeEnum.PKCS1 && !string.IsNullOrEmpty(storePassword))
-                    throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
-
                 store.SetKeyEntry(CertificateConverterFactory.FromBouncyCastleCertificate(certificates[0].Certificate).ToX509Certificate2().Thumbprint, keyEntry, certificates);
             }
 
@@ -121,15 +118,9 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
             else
             {
                 string storeContents = Encoding.ASCII.GetString(remoteHandler.DownloadCertificateFile(storePath + storeFileName));
-                PrivateKeyTypeEnum privateKeyType = PrivateKeyTypeEnum.PKCS8;
-                try
-                {
-                    GetPrivateKey(storeContents, storePassword, remoteHandler, out privateKeyType);
-                }
-                catch (RemoteFileException) { }
 
-                if (privateKeyType == PrivateKeyTypeEnum.PKCS1 && !string.IsNullOrEmpty(storePassword))
-                    throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
+                PrivateKeyTypeEnum privateKeyType = PrivateKeyTypeEnum.PKCS8;
+                GetPrivateKey(storeContents, storePassword, remoteHandler, out privateKeyType);
 
                 bool keyEntryProcessed = false;
                 foreach (string alias in certificateStore.Aliases)
@@ -144,12 +135,18 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
 
                     X509CertificateEntry[] chainEntries = certificateStore.GetCertificateChain(alias);
                     CertificateConverter certConverter = CertificateConverterFactory.FromBouncyCastleCertificate(chainEntries[0].Certificate);
-                    ECDiffieHellman
+
                     AsymmetricKeyParameter privateKey = certificateStore.GetKey(alias).Key;
-                    X509CertificateEntry[] certEntries = certificateStore.GetCertificateChain(alias);
-                    AsymmetricKeyParameter publicKey = certEntries[0].Certificate.GetPublicKey();
+                    AsymmetricKeyParameter publicKey = chainEntries[0].Certificate.GetPublicKey();
 
-                    if (isRSAPrivateKey)
+                    if (privateKeyType == PrivateKeyTypeEnum.PKCS8)
+                    {
+                        PrivateKeyConverter keyConverter = PrivateKeyConverterFactory.FromBCKeyPair(privateKey, publicKey, false);
+
+                        byte[] privateKeyBytes = string.IsNullOrEmpty(storePassword) ? keyConverter.ToPkcs8BlobUnencrypted() : keyConverter.ToPkcs8Blob(storePassword);
+                        keyString = PemUtilities.DERToPEM(privateKeyBytes, string.IsNullOrEmpty(storePassword) ? PemUtilities.PemObjectType.PrivateKey : PemUtilities.PemObjectType.EncryptedPrivateKey);
+                    }
+                    else
                     {
                         TextWriter textWriter = new StringWriter();
                         PemWriter pemWriter = new PemWriter(textWriter);
@@ -158,13 +155,6 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
 
                         keyString = textWriter.ToString();
                     }
-                    else
-                    {
-                        PrivateKeyConverter keyConverter = PrivateKeyConverterFactory.FromBCKeyPair(privateKey, publicKey, false);
-
-                        byte[] privateKeyBytes = string.IsNullOrEmpty(storePassword) ? keyConverter.ToPkcs8BlobUnencrypted() : keyConverter.ToPkcs8Blob(storePassword);
-                        keyString = PemUtilities.DERToPEM(privateKeyBytes, string.IsNullOrEmpty(storePassword) ? PemUtilities.PemObjectType.PrivateKey : PemUtilities.PemObjectType.EncryptedPrivateKey);
-                    }
 
                     pemString = certConverter.ToPEM(true);
                     if (string.IsNullOrEmpty(SeparatePrivateKeyFilePath))
@@ -239,7 +229,7 @@ private X509CertificateEntry[] GetCertificates(string certificates)
             return certificateEntries.ToArray();
         }
 
-        private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassword, IRemoteHandler remoteHandler, out PrivateKeyTypeEnum? privateKeyType)
+        private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassword, IRemoteHandler remoteHandler, out PrivateKeyTypeEnum privateKeyType)
         {
             logger.MethodEntry(LogLevel.Debug);