Exemple #1
0
        private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt)
        {
            var scriptsAndContent = new List <EncryptedContent>();

            if (tasks?.Any() == true)
            {
                foreach (var t in tasks)
                {
                    foreach (var p in t.Parameters)
                    {
                        if (!string.IsNullOrEmpty(p.Value))
                        {
                            if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1)
                            {
                                if (File.Exists(p.Value))
                                {
                                    var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt);
                                    var content        = new EncryptedContent {
                                        Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes
                                    };
                                    scriptsAndContent.Add(content);
                                }
                            }
                        }
                    }
                }
            }
            return(scriptsAndContent);
        }
Exemple #2
0
        private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt)
        {
            var scriptsAndContent = new List <EncryptedContent>();

            if (tasks?.Any() == true)
            {
                foreach (var t in tasks)
                {
                    foreach (var p in t.Parameters)
                    {
                        if (!string.IsNullOrEmpty(p.Value))
                        {
                            if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1)
                            {
                                if (File.Exists(p.Value))
                                {
                                    try
                                    {
                                        var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt);
                                        var content        = new EncryptedContent {
                                            Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes
                                        };
                                        scriptsAndContent.Add(content);
                                    }
                                    catch (Exception exp)
                                    {
                                        // TODO: log errors and inform user - one or more script or file assets exists but is not readable
                                        System.Diagnostics.Debug.WriteLine("GetTaskScriptsAndContent: file content is not accessible - " + exp);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return(scriptsAndContent);
        }
Exemple #3
0
        /// <summary>
        /// Export the managed certificates and related settings for the given filter
        /// </summary>
        /// <param name="filter"></param>
        /// <returns>Package of exported settings</returns>
        public async Task <ImportExportPackage> PerformExport(ManagedCertificateFilter filter, ExportSettings settings, bool isPreview)
        {
            var salt = Guid.NewGuid().ToString();

            var export = new ImportExportPackage
            {
                SourceName           = Environment.MachineName,
                ExportDate           = DateTime.Now,
                SystemVersion        = Certify.Management.Util.GetAppVersion(),
                EncryptionSalt       = salt,
                EncryptionValidation = new EncryptedContent
                {
                    Content = EncryptBytes(Encoding.ASCII.GetBytes("Secret"), settings.EncryptionSecret, salt),
                    Scheme  = EncryptionScheme
                }
            };

            // export managed certs, related certificate files, stored credentials

            // deployment tasks with local script or path references will need to copy the scripts separately. Need a summary of items to copy.

            var managedCerts = await _itemManager.GetAll(filter);

            export.Content = new ImportExportContent
            {
                ManagedCertificates    = managedCerts,
                CertificateFiles       = new List <EncryptedContent>(),
                Scripts                = new List <EncryptedContent>(),
                CertificateAuthorities = new List <CertificateAuthority>(),
                StoredCredentials      = new List <StoredCredential>()
            };


            // for each managed cert, export the current certificate files (if present)
            foreach (var c in managedCerts)
            {
                if (!string.IsNullOrEmpty(c.CertificatePath) && System.IO.File.Exists(c.CertificatePath))
                {
                    var certBytes = System.IO.File.ReadAllBytes(c.CertificatePath);

                    var encryptedBytes = EncryptBytes(certBytes, settings.EncryptionSecret, export.EncryptionSalt);
                    var content        = new EncryptedContent {
                        Filename = c.CertificatePath, Scheme = EncryptionScheme, Content = encryptedBytes
                    };

                    export.Content.CertificateFiles.Add(content);
                }

                if (c.PreRequestTasks?.Any() == true)
                {
                    export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PreRequestTasks, settings.EncryptionSecret, export.EncryptionSalt));
                }

                if (c.PostRequestTasks?.Any() == true)
                {
                    export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PostRequestTasks, settings.EncryptionSecret, export.EncryptionSalt));
                }
            }


            // for each managed cert, check used stored credentials (DNS challenges or deployment tasks)
            var allCredentials = await _credentialsManager.GetCredentials();

            var usedCredentials = new List <StoredCredential>();

            if (settings.ExportAllStoredCredentials)
            {
                usedCredentials.AddRange(allCredentials);
            }
            else
            {
                foreach (var c in managedCerts)
                {
                    // gather credentials used by cert
                    if (c.CertificatePasswordCredentialId != null)
                    {
                        if (!usedCredentials.Any(u => u.StorageKey == c.CertificatePasswordCredentialId))
                        {
                            usedCredentials.Add(allCredentials.Find(a => a.StorageKey == c.CertificatePasswordCredentialId));
                        }
                    }

                    // gather credentials used by tasks
                    var allTasks = new List <Config.DeploymentTaskConfig>();

                    if (c.PreRequestTasks != null)
                    {
                        allTasks.AddRange(c.PreRequestTasks);
                    }

                    if (c.PostRequestTasks != null)
                    {
                        allTasks.AddRange(c.PostRequestTasks);
                    }

                    if (allTasks.Any())
                    {
                        var usedTaskCredentials = allTasks
                                                  .Select(t => t.ChallengeCredentialKey)
                                                  .Distinct()
                                                  .Where(t => allCredentials.Any(ac => ac.StorageKey == t));

                        foreach (var used in usedTaskCredentials)
                        {
                            if (!usedCredentials.Any(u => u.StorageKey == used))
                            {
                                usedCredentials.Add(allCredentials.FirstOrDefault(u => u.StorageKey == used));
                            }
                        }
                    }
                }
            }

            // decrypt each used stored credential, re-encrypt and base64 encode secret
            foreach (var c in usedCredentials)
            {
                var decrypted = await _credentialsManager.GetUnlockedCredential(c.StorageKey);

                if (decrypted != null)
                {
                    var encBytes = EncryptBytes(Encoding.UTF8.GetBytes(decrypted), settings.EncryptionSecret, export.EncryptionSalt);
                    c.Secret = Convert.ToBase64String(encBytes);
                }
            }

            export.Content.StoredCredentials = usedCredentials;

            // for each managed cert, check and summarise used local scripts

            // copy acme-dns settings

            // export acme accounts?
            return(export);
        }