private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt) { var scriptsAndContent = new List <EncryptedContent>(); if (tasks?.Any() == true) { foreach (var t in tasks) { foreach (var p in t.Parameters) { if (!string.IsNullOrEmpty(p.Value)) { if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1) { if (File.Exists(p.Value)) { var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt); var content = new EncryptedContent { Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes }; scriptsAndContent.Add(content); } } } } } } return(scriptsAndContent); }
private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt) { var scriptsAndContent = new List <EncryptedContent>(); if (tasks?.Any() == true) { foreach (var t in tasks) { foreach (var p in t.Parameters) { if (!string.IsNullOrEmpty(p.Value)) { if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1) { if (File.Exists(p.Value)) { try { var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt); var content = new EncryptedContent { Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes }; scriptsAndContent.Add(content); } catch (Exception exp) { // TODO: log errors and inform user - one or more script or file assets exists but is not readable System.Diagnostics.Debug.WriteLine("GetTaskScriptsAndContent: file content is not accessible - " + exp); } } } } } } } return(scriptsAndContent); }
/// <summary> /// Export the managed certificates and related settings for the given filter /// </summary> /// <param name="filter"></param> /// <returns>Package of exported settings</returns> public async Task <ImportExportPackage> PerformExport(ManagedCertificateFilter filter, ExportSettings settings, bool isPreview) { var salt = Guid.NewGuid().ToString(); var export = new ImportExportPackage { SourceName = Environment.MachineName, ExportDate = DateTime.Now, SystemVersion = Certify.Management.Util.GetAppVersion(), EncryptionSalt = salt, EncryptionValidation = new EncryptedContent { Content = EncryptBytes(Encoding.ASCII.GetBytes("Secret"), settings.EncryptionSecret, salt), Scheme = EncryptionScheme } }; // export managed certs, related certificate files, stored credentials // deployment tasks with local script or path references will need to copy the scripts separately. Need a summary of items to copy. var managedCerts = await _itemManager.GetAll(filter); export.Content = new ImportExportContent { ManagedCertificates = managedCerts, CertificateFiles = new List <EncryptedContent>(), Scripts = new List <EncryptedContent>(), CertificateAuthorities = new List <CertificateAuthority>(), StoredCredentials = new List <StoredCredential>() }; // for each managed cert, export the current certificate files (if present) foreach (var c in managedCerts) { if (!string.IsNullOrEmpty(c.CertificatePath) && System.IO.File.Exists(c.CertificatePath)) { var certBytes = System.IO.File.ReadAllBytes(c.CertificatePath); var encryptedBytes = EncryptBytes(certBytes, settings.EncryptionSecret, export.EncryptionSalt); var content = new EncryptedContent { Filename = c.CertificatePath, Scheme = EncryptionScheme, Content = encryptedBytes }; export.Content.CertificateFiles.Add(content); } if (c.PreRequestTasks?.Any() == true) { export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PreRequestTasks, settings.EncryptionSecret, export.EncryptionSalt)); } if (c.PostRequestTasks?.Any() == true) { export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PostRequestTasks, settings.EncryptionSecret, export.EncryptionSalt)); } } // for each managed cert, check used stored credentials (DNS challenges or deployment tasks) var allCredentials = await _credentialsManager.GetCredentials(); var usedCredentials = new List <StoredCredential>(); if (settings.ExportAllStoredCredentials) { usedCredentials.AddRange(allCredentials); } else { foreach (var c in managedCerts) { // gather credentials used by cert if (c.CertificatePasswordCredentialId != null) { if (!usedCredentials.Any(u => u.StorageKey == c.CertificatePasswordCredentialId)) { usedCredentials.Add(allCredentials.Find(a => a.StorageKey == c.CertificatePasswordCredentialId)); } } // gather credentials used by tasks var allTasks = new List <Config.DeploymentTaskConfig>(); if (c.PreRequestTasks != null) { allTasks.AddRange(c.PreRequestTasks); } if (c.PostRequestTasks != null) { allTasks.AddRange(c.PostRequestTasks); } if (allTasks.Any()) { var usedTaskCredentials = allTasks .Select(t => t.ChallengeCredentialKey) .Distinct() .Where(t => allCredentials.Any(ac => ac.StorageKey == t)); foreach (var used in usedTaskCredentials) { if (!usedCredentials.Any(u => u.StorageKey == used)) { usedCredentials.Add(allCredentials.FirstOrDefault(u => u.StorageKey == used)); } } } } } // decrypt each used stored credential, re-encrypt and base64 encode secret foreach (var c in usedCredentials) { var decrypted = await _credentialsManager.GetUnlockedCredential(c.StorageKey); if (decrypted != null) { var encBytes = EncryptBytes(Encoding.UTF8.GetBytes(decrypted), settings.EncryptionSecret, export.EncryptionSalt); c.Secret = Convert.ToBase64String(encBytes); } } export.Content.StoredCredentials = usedCredentials; // for each managed cert, check and summarise used local scripts // copy acme-dns settings // export acme accounts? return(export); }