updated manifest, added additional logging, and wrapped private key in PEM headers before submitting.

Author: joevanwanzeeleKF

alteon-orchestrator/Jobs/Management.cs

@@ -69,13 +69,13 @@ protected virtual async Task<JobResult> PerformAddition(string alias, string pfx
 
             byte[] bytes;
             X509Certificate2 x509;
-            string pemCert, pemKey;
+            string pemCert, privateKeyString;
 
             try
             {
                 bytes = Convert.FromBase64String(entryContents);
                 x509 = new X509Certificate2(bytes, pfxPassword, X509KeyStorageFlags.Exportable);
-                (pemCert, pemKey) = GetPemFromPfx(bytes, pfxPassword.ToCharArray());
+                (pemCert, privateKeyString) = GetPemFromPfx(bytes, pfxPassword.ToCharArray());
             }
             catch (Exception ex)
             {
@@ -87,17 +87,21 @@ protected virtual async Task<JobResult> PerformAddition(string alias, string pfx
 
             if (x509.PrivateKey != null)
             {
+                logger.LogTrace($"Private key is present, setting cert type to {AlteonCertTypes.CERTIFICATE_AND_KEY}");
                 certType = AlteonCertTypes.CERTIFICATE_AND_KEY; // we import as a pair
             }
             else
             {
                 if (x509.Subject == x509.Issuer)
                 {
+                    logger.LogTrace($"Subject = {x509.Issuer}, importing as a trusted CA certificate");
                     certType = AlteonCertTypes.TRUSTED_CA; // we import as a trusted ca
                 }
                 // else we import as intermediate ca (default)                
             }
 
+            logger.LogTrace($"determined type to be {certType}");
+
             if (!string.IsNullOrWhiteSpace(pfxPassword)) // This is a PFX Entry
             {
                 if (string.IsNullOrWhiteSpace(alias))
@@ -113,8 +117,7 @@ protected virtual async Task<JobResult> PerformAddition(string alias, string pfx
                         // add key and cert separately.  
                         // this needs to be done in the following order: key, then cert (per Alteon support)                        
                         logger.LogTrace($"adding key and then certificate for certificate with alias {alias}");
-
-                        await aClient.AddCertificate(alias, pfxPassword, pemKey, AlteonCertTypes.KEY_ONLY);
+                        await aClient.AddCertificate(alias, pfxPassword, Pemify(privateKeyString), AlteonCertTypes.KEY_ONLY);
                         await aClient.AddCertificate(alias, pfxPassword, pemCert, AlteonCertTypes.CERT_ONLY);
                     }
                     else
@@ -130,6 +133,7 @@ protected virtual async Task<JobResult> PerformAddition(string alias, string pfx
 
                     if (ex.InnerException != null)
                         complete.FailureMessage += " - " + ex.InnerException.Message;
+                    logger.LogError($"an error occurred when attempting to add certificate: {ex.Message}");
                 }
             }
 
@@ -215,6 +219,11 @@ string Pemify(string ss)
                 throw;
             }
         }
-        
+
+        private string Pemify(string ss)
+        {
+            return ss.Length <= 64 ? ss : ss.Substring(0, 64) + "\n" + Pemify(ss.Substring(64));
+        }
+
     }
 }

integration-manifest.json

@@ -12,6 +12,20 @@
     "orchestrator": {
       "keyfactor_platform_version": "10.4",
       "UOFramework": "10.4",
+      "store_types": [
+        {
+          "Name": "Alteon Load Balancer",
+          "ShortName": "AlteonLB",
+          "SupportedOperations": {
+            "Inventory": true,
+            "Add": true,
+            "Remove": true
+          },
+          "ServerRequired": true,
+          "CustomAliasAllowed": "Optional",
+          "PrivateKeyAllowed": "Optional"
+        }
+      ],
       "win": {
         "supportsCreateStore": false,
         "supportsDiscovery": false,