public void Install(PrivateKey pk, Crt crt, IEnumerable<PKI.Crt> chain,
IPkiTool cp)
{
AssertNotDisposed();
string pkPem;
using (var ms = new MemoryStream())
{
cp.ExportPrivateKey(pk, EncodingFormat.PEM, ms);
pkPem = Encoding.UTF8.GetString(ms.ToArray());
}
string crtPem;
using (var ms = new MemoryStream())
{
cp.ExportCertificate(crt, EncodingFormat.PEM, ms);
crtPem = Encoding.UTF8.GetString(ms.ToArray());
}
string chainPem = null;
if (chain != null)
{
using (var ms = new MemoryStream())
{
foreach (var c in chain)
{
cp.ExportCertificate(c, EncodingFormat.PEM, ms);
}
chainPem = Encoding.UTF8.GetString(ms.ToArray());
}
}
using (var client = new AmazonIdentityManagementServiceClient(
CommonParams.ResolveCredentials(),
CommonParams.RegionEndpoint))
{
var iamRequ = new UploadServerCertificateRequest
{
PrivateKey = pkPem,
CertificateBody = crtPem,
CertificateChain = chainPem,
ServerCertificateName = this.ServerCertificateName,
Path = this.Path
};
var iamResp = client.UploadServerCertificate(iamRequ);
// TODO: any checks we should do?
}
}
public abstract void ExportCertificate(Crt cert, EncodingFormat fmt, Stream target);
public void Uninstall(PrivateKey pk, Crt crt, IEnumerable<PKI.Crt> chain,
IPkiTool cp)
{
AssertNotDisposed();
using (var client = new AmazonIdentityManagementServiceClient(
CommonParams.ResolveCredentials(),
CommonParams.RegionEndpoint))
{
var iamRequ = new DeleteServerCertificateRequest
{
ServerCertificateName = this.ServerCertificateName,
};
var iamResp = client.DeleteServerCertificate(iamRequ);
// TODO: any checks we should do?
}
}
protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Certificates == null || v.Certificates.Count < 1)
throw new InvalidOperationException("No certificates found");
var ci = v.Certificates.GetByRef(CertificateRef, throwOnMissing: false);
if (ci == null)
throw new Exception("Unable to find a Certificate for the given reference");
IssuerCertificateInfo ici = null;
if (!string.IsNullOrEmpty(ci.IssuerSerialNumber))
v.IssuerCertificates.TryGetValue(ci.IssuerSerialNumber, out ici);
PrivateKey pk = null;
Crt crt = null;
Crt issCrt = null;
var keyAsset = vlt.GetAsset(Vault.VaultAssetType.KeyPem, ci.KeyPemFile);
var crtAsset = vlt.GetAsset(Vault.VaultAssetType.CrtPem, ci.CrtPemFile);
var issCrtAsset = ici != null
? vlt.GetAsset(Vault.VaultAssetType.IssuerPem, ici.CrtPemFile)
: null;
// Resolve details from inline or profile attributes
string installerName = null;
IReadOnlyDictionary<string, object> installerParams = null;
IReadOnlyDictionary<string, object> cliInstallerParams = null;
if (InstallerParameters?.Count > 0)
cliInstallerParams = (IReadOnlyDictionary<string, object>
)PoshHelper.Convert<string, object>(InstallerParameters);
if (!string.IsNullOrEmpty(InstallerProfileRef))
{
var ppi = v.InstallerProfiles.GetByRef(InstallerProfileRef, throwOnMissing: false);
if (ppi == null)
throw new ItemNotFoundException("no Installer profile found for the given reference")
.With(nameof(InstallerProfileRef), InstallerProfileRef);
var ppAsset = vlt.GetAsset(Vault.VaultAssetType.InstallerConfigInfo,
ppi.Id.ToString());
InstallerProfile ip;
using (var s = vlt.LoadAsset(ppAsset))
{
ip = JsonHelper.Load<InstallerProfile>(s);
}
installerName = ip.InstallerProvider;
installerParams = ip.InstanceParameters;
if (cliInstallerParams != null)
{
WriteVerbose("Override Installer parameters specified");
if (installerParams?.Count == 0)
{
WriteVerbose("Profile does not define any parameters, using override parameters only");
installerParams = cliInstallerParams;
}
else
{
WriteVerbose("Merging Installer override parameters with profile");
var mergedParams = new Dictionary<string, object>();
foreach (var kv in ip.InstanceParameters)
mergedParams[kv.Key] = kv.Value;
foreach (var kv in cliInstallerParams)
mergedParams[kv.Key] = kv.Value;
installerParams = mergedParams;
}
}
}
else
{
installerName = Installer;
installerParams = cliInstallerParams;
}
using (var pki = PkiHelper.GetPkiTool(v.PkiTool))
{
// Load the Private Key
// TODO: This is UGLY, but it works for now!
using (var s = vlt.LoadAsset(keyAsset))
{
try
{
pk = pki.ImportPrivateKey<RsaPrivateKey>(EncodingFormat.PEM, s);
}
catch { }
}
if (pk == null)
{
using (var s = vlt.LoadAsset(keyAsset))
{
try
{
pk = pki.ImportPrivateKey<EcKeyPair>(EncodingFormat.PEM, s);
}
catch { }
}
}
if (pk == null)
{
throw new NotSupportedException("unknown or unsupported private key format");
}
// Load the Certificate
using (var s = vlt.LoadAsset(crtAsset))
{
crt = pki.ImportCertificate(EncodingFormat.PEM, s);
}
// Load the Issuer Certificate
if (issCrtAsset != null)
{
using (var s = vlt.LoadAsset(issCrtAsset))
{
issCrt = pki.ImportCertificate(EncodingFormat.PEM, s);
}
}
// Finally, instantiate and invoke the installer
var installerProvider = InstallerExtManager.GetProvider(installerName);
using (var installer = installerProvider.GetInstaller(installerParams))
{
var chain = new Crt[0];
if (issCrt != null)
chain = new[] { issCrt };
installer.Install(pk, crt, chain, pki);
}
}
//try
//{
//}
//catch (AcmeClient.AcmeWebException ex)
//{
// ThrowTerminatingError(PoshHelper.CreateErrorRecord(ex, ci));
// return;
//}
}
}