private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt)
{
var scriptsAndContent = new List <EncryptedContent>();
if (tasks?.Any() == true)
{
foreach (var t in tasks)
{
foreach (var p in t.Parameters)
{
if (!string.IsNullOrEmpty(p.Value))
{
if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1)
{
if (File.Exists(p.Value))
{
var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt);
var content = new EncryptedContent {
Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes
};
scriptsAndContent.Add(content);
}
}
}
}
}
}
return(scriptsAndContent);
}
private IEnumerable <EncryptedContent> GetTaskScriptsAndContent(ObservableCollection <DeploymentTaskConfig> tasks, string secret, string salt)
{
var scriptsAndContent = new List <EncryptedContent>();
if (tasks?.Any() == true)
{
foreach (var t in tasks)
{
foreach (var p in t.Parameters)
{
if (!string.IsNullOrEmpty(p.Value))
{
if (p.Value.IndexOfAny(Path.GetInvalidPathChars()) == -1)
{
if (File.Exists(p.Value))
{
try
{
var encryptedBytes = EncryptBytes(File.ReadAllBytes(p.Value), secret, salt);
var content = new EncryptedContent {
Filename = p.Value, Scheme = EncryptionScheme, Content = encryptedBytes
};
scriptsAndContent.Add(content);
}
catch (Exception exp)
{
// TODO: log errors and inform user - one or more script or file assets exists but is not readable
System.Diagnostics.Debug.WriteLine("GetTaskScriptsAndContent: file content is not accessible - " + exp);
}
}
}
}
}
}
}
return(scriptsAndContent);
}
/// <summary>
/// Export the managed certificates and related settings for the given filter
/// </summary>
/// <param name="filter"></param>
/// <returns>Package of exported settings</returns>
public async Task <ImportExportPackage> PerformExport(ManagedCertificateFilter filter, ExportSettings settings, bool isPreview)
{
var salt = Guid.NewGuid().ToString();
var export = new ImportExportPackage
{
SourceName = Environment.MachineName,
ExportDate = DateTime.Now,
SystemVersion = Certify.Management.Util.GetAppVersion(),
EncryptionSalt = salt,
EncryptionValidation = new EncryptedContent
{
Content = EncryptBytes(Encoding.ASCII.GetBytes("Secret"), settings.EncryptionSecret, salt),
Scheme = EncryptionScheme
}
};
// export managed certs, related certificate files, stored credentials
// deployment tasks with local script or path references will need to copy the scripts separately. Need a summary of items to copy.
var managedCerts = await _itemManager.GetAll(filter);
export.Content = new ImportExportContent
{
ManagedCertificates = managedCerts,
CertificateFiles = new List <EncryptedContent>(),
Scripts = new List <EncryptedContent>(),
CertificateAuthorities = new List <CertificateAuthority>(),
StoredCredentials = new List <StoredCredential>()
};
// for each managed cert, export the current certificate files (if present)
foreach (var c in managedCerts)
{
if (!string.IsNullOrEmpty(c.CertificatePath) && System.IO.File.Exists(c.CertificatePath))
{
var certBytes = System.IO.File.ReadAllBytes(c.CertificatePath);
var encryptedBytes = EncryptBytes(certBytes, settings.EncryptionSecret, export.EncryptionSalt);
var content = new EncryptedContent {
Filename = c.CertificatePath, Scheme = EncryptionScheme, Content = encryptedBytes
};
export.Content.CertificateFiles.Add(content);
}
if (c.PreRequestTasks?.Any() == true)
{
export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PreRequestTasks, settings.EncryptionSecret, export.EncryptionSalt));
}
if (c.PostRequestTasks?.Any() == true)
{
export.Content.Scripts.AddRange(GetTaskScriptsAndContent(c.PostRequestTasks, settings.EncryptionSecret, export.EncryptionSalt));
}
}
// for each managed cert, check used stored credentials (DNS challenges or deployment tasks)
var allCredentials = await _credentialsManager.GetCredentials();
var usedCredentials = new List <StoredCredential>();
if (settings.ExportAllStoredCredentials)
{
usedCredentials.AddRange(allCredentials);
}
else
{
foreach (var c in managedCerts)
{
// gather credentials used by cert
if (c.CertificatePasswordCredentialId != null)
{
if (!usedCredentials.Any(u => u.StorageKey == c.CertificatePasswordCredentialId))
{
usedCredentials.Add(allCredentials.Find(a => a.StorageKey == c.CertificatePasswordCredentialId));
}
}
// gather credentials used by tasks
var allTasks = new List <Config.DeploymentTaskConfig>();
if (c.PreRequestTasks != null)
{
allTasks.AddRange(c.PreRequestTasks);
}
if (c.PostRequestTasks != null)
{
allTasks.AddRange(c.PostRequestTasks);
}
if (allTasks.Any())
{
var usedTaskCredentials = allTasks
.Select(t => t.ChallengeCredentialKey)
.Distinct()
.Where(t => allCredentials.Any(ac => ac.StorageKey == t));
foreach (var used in usedTaskCredentials)
{
if (!usedCredentials.Any(u => u.StorageKey == used))
{
usedCredentials.Add(allCredentials.FirstOrDefault(u => u.StorageKey == used));
}
}
}
}
}
// decrypt each used stored credential, re-encrypt and base64 encode secret
foreach (var c in usedCredentials)
{
var decrypted = await _credentialsManager.GetUnlockedCredential(c.StorageKey);
if (decrypted != null)
{
var encBytes = EncryptBytes(Encoding.UTF8.GetBytes(decrypted), settings.EncryptionSecret, export.EncryptionSalt);
c.Secret = Convert.ToBase64String(encBytes);
}
}
export.Content.StoredCredentials = usedCredentials;
// for each managed cert, check and summarise used local scripts
// copy acme-dns settings
// export acme accounts?
return(export);
}
