Skip to content

Commit

Permalink
ab#59979
Browse files Browse the repository at this point in the history
  • Loading branch information
leefine02 authored and leefine02 committed Jul 5, 2024
1 parent c1f1b20 commit e0cbf97
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 24 deletions.
33 changes: 20 additions & 13 deletions RemoteFile/ReenrollmentBase.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,11 @@
using Keyfactor.Logging;
using Keyfactor.Orchestrators.Extensions;
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.PKI.PEM;

using Microsoft.Extensions.Logging;

using Newtonsoft.Json;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Pkcs;
using System.Security.Cryptography;

namespace Keyfactor.Extensions.Orchestrator.RemoteFile
Expand Down Expand Up @@ -108,26 +102,39 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
}

X509Certificate2 cert = submitReenrollment.Invoke(csr);
if (cert == null)
throw new RemoteFileException("Enrollment of CSR failed. Please check Keyfactor Command logs for more information on potential enrollment errors.");

if (!string.IsNullOrEmpty(pemPrivateKey))
{
RSA rsa = RSA.Create();
rsa.ImportEncryptedPkcs8PrivateKey(string.Empty, Convert.FromBase64String(pemPrivateKey), out _);
cert = cert.CopyWithPrivateKey(rsa);
if (keyTypeEnum == SupportedKeyTypeEnum.RSA)
{
RSA rsa = RSA.Create();
rsa.ImportEncryptedPkcs8PrivateKey(string.Empty, Keyfactor.PKI.PEM.PemUtilities.PEMToDER(pemPrivateKey), out _);
cert = cert.CopyWithPrivateKey(rsa);
}
else
{
ECCurve ec = ECCurve.CreateFromValue("1.3.132.0.34");
ECDsa e = ECDsa.Create(ec);
e.ImportECPrivateKey(Keyfactor.PKI.PEM.PemUtilities.PEMToDER(pemPrivateKey), out _);
cert = cert.CopyWithPrivateKey(e);
}
}

// save certificate
certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, false);
certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Cert)), overwrite, null);
certificateStore.AddCertificate((alias ?? cert.Thumbprint), Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), overwrite, null);
certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, storePassword, certificateStore.RemoteHandler));

logger.LogDebug($"END add Operation for {config.CertificateStoreDetails.StorePath} on {config.CertificateStoreDetails.ClientMachine}.");
}

catch (Exception ex)
{
logger.LogError($"Exception for {config.Capability}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}");
return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = RemoteFileException.FlattenExceptionMessages(ex, $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}:") };
string errorMessage = $"Exception for {config.Capability}: {RemoteFileException.FlattenExceptionMessages(ex, string.Empty)} for job id {config.JobId}";
logger.LogError(errorMessage);
return new JobResult() { Result = OrchestratorJobStatusJobResult.Failure, JobHistoryId = config.JobHistoryId, FailureMessage = $"Site {config.CertificateStoreDetails.StorePath} on server {config.CertificateStoreDetails.ClientMachine}: {errorMessage}" };
}
finally
{
Expand Down
28 changes: 17 additions & 11 deletions RemoteFile/RemoteCertificateStore.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,7 +390,7 @@ internal string GenerateCSROnDevice(string subjectText, SupportedKeyTypeEnum key
string fileName = Guid.NewGuid().ToString();

X500DistinguishedName dn = new X500DistinguishedName(subjectText);
string opensslSubject = dn.Format(true);
string opensslSubject = dn.Format(true).Replace("S=","ST=");
opensslSubject = opensslSubject.Replace(System.Environment.NewLine, "/");
opensslSubject = "/" + opensslSubject.Substring(0, opensslSubject.Length - 1);

Expand Down Expand Up @@ -419,19 +419,25 @@ internal string GenerateCSROnDevice(string subjectText, SupportedKeyTypeEnum key
privateKey = string.Empty;
try
{
RemoteHandler.RunCommand(cmd, null, ApplicationSettings.UseSudo, null);
privateKey = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + "key"));
csr = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + "csr"));
}
catch (Exception ex)
{
if (!ex.Message.Contains("----") || !ex.Message.Contains("++++"))
throw;
try
{
RemoteHandler.RunCommand(cmd, null, ApplicationSettings.UseSudo, null);
}
catch (Exception ex)
{
if (!ex.Message.Contains("----"))
throw;
}

privateKey = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".key"));
csr = Encoding.UTF8.GetString(RemoteHandler.DownloadCertificateFile(path + fileName + ".csr"));
}
finally
{
RemoteHandler.RemoveCertificateFile(path, fileName + "key");
RemoteHandler.RemoveCertificateFile(path, fileName + "csr");
if (RemoteHandler.DoesFileExist(path + fileName + ".key"))
RemoteHandler.RemoveCertificateFile(path, fileName + ".key");
if (RemoteHandler.DoesFileExist(path + fileName + ".csr"))
RemoteHandler.RemoveCertificateFile(path, fileName + ".csr");
}

return csr;
Expand Down

0 comments on commit e0cbf97

Please sign in to comment.