protected override void ProcessRecord()
{
using (var vlt = Util.VaultHelper.GetVault(VaultProfile))
{
vlt.OpenStorage();
var v = vlt.LoadVault();
if (v.Registrations == null || v.Registrations.Count < 1)
throw new InvalidOperationException("No registrations found");
var ri = v.Registrations[0];
var r = ri.Registration;
if (v.Identifiers == null || v.Identifiers.Count < 1)
throw new InvalidOperationException("No identifiers found");
var ii = v.Identifiers.GetByRef(IdentifierRef, throwOnMissing: false);
if (ii == null)
throw new Exception("Unable to find an Identifier for the given reference");
var ci = new CertificateInfo
{
Id = EntityHelper.NewId(),
Alias = Alias,
Label = Label,
Memo = Memo,
IdentifierRef = ii.Id,
IdentifierDns = ii.Dns,
};
if (Generate)
{
Func<string, string> csrDtlValue = x => null;
Func<string, IEnumerable<string>> csrDtlValues = x => null;
if (CsrDetails != null)
{
csrDtlValue = x => CsrDetails.ContainsKey(x)
? CsrDetails[x] as string : null;
csrDtlValues = x => !string.IsNullOrEmpty(csrDtlValue(x))
? Regex.Split(csrDtlValue(x).Trim(), "[\\s,;]+") : null;
}
var csrDetails = new CsrDetails
{
// Common Name is always pulled from associated Identifier
CommonName = ii.Dns,
// Remaining elements will be used if defined
AlternativeNames /**/ = csrDtlValues(nameof(PKI.CsrDetails.AlternativeNames)),
Country /**/ = csrDtlValue(nameof(PKI.CsrDetails.Country )),
Description /**/ = csrDtlValue(nameof(PKI.CsrDetails.Description )),
Email /**/ = csrDtlValue(nameof(PKI.CsrDetails.Email )),
GivenName /**/ = csrDtlValue(nameof(PKI.CsrDetails.GivenName )),
Initials /**/ = csrDtlValue(nameof(PKI.CsrDetails.Initials )),
Locality /**/ = csrDtlValue(nameof(PKI.CsrDetails.Locality )),
Organization /**/ = csrDtlValue(nameof(PKI.CsrDetails.Organization )),
OrganizationUnit /**/ = csrDtlValue(nameof(PKI.CsrDetails.OrganizationUnit )),
SerialNumber /**/ = csrDtlValue(nameof(PKI.CsrDetails.SerialNumber )),
StateOrProvince /**/ = csrDtlValue(nameof(PKI.CsrDetails.StateOrProvince )),
Surname /**/ = csrDtlValue(nameof(PKI.CsrDetails.Surname )),
Title /**/ = csrDtlValue(nameof(PKI.CsrDetails.Title )),
UniqueIdentifier /**/ = csrDtlValue(nameof(PKI.CsrDetails.UniqueIdentifier )),
};
if (AlternativeIdentifierRefs != null)
{
if (csrDetails.AlternativeNames != null)
throw new Exception("Alternative names already specified manually")
.With(nameof(csrDetails.AlternativeNames),
string.Join(",", csrDetails.AlternativeNames));
csrDetails.AlternativeNames = AlternativeIdentifierRefs.Select(alternativeIdentifierRef =>
{
var altId = v.Identifiers.GetByRef($"{alternativeIdentifierRef}", throwOnMissing: false);
if (altId == null)
throw new Exception("Unable to find an Identifier for the given Alternative Identifier reference")
.With(nameof(alternativeIdentifierRef), alternativeIdentifierRef)
.With(nameof(AlternativeIdentifierRefs),
string.Join(",", AlternativeIdentifierRefs));
return altId.Dns;
});
ci.AlternativeIdentifierDns = csrDetails.AlternativeNames.ToArray();
}
ci.GenerateDetailsFile = $"{ci.Id}-gen.json";
var asset = vlt.CreateAsset(VaultAssetType.CsrDetails, ci.GenerateDetailsFile);
using (var s = vlt.SaveAsset(asset))
{
JsonHelper.Save(s, csrDetails);
}
}
else
{
if (!File.Exists(KeyPemFile))
throw new FileNotFoundException("Missing specified RSA Key file path");
if (!File.Exists(CsrPemFile))
throw new FileNotFoundException("Missing specified CSR details file path");
var keyPemFile = $"{ci.Id}-key.pem";
var csrPemFile = $"{ci.Id}-csr.pem";
var keyAsset = vlt.CreateAsset(VaultAssetType.KeyPem, keyPemFile, true);
var csrAsset = vlt.CreateAsset(VaultAssetType.CsrPem, csrPemFile);
using (Stream fs = new FileStream(KeyPemFile, FileMode.Open),
s = vlt.SaveAsset(keyAsset))
{
fs.CopyTo(s);
}
using (Stream fs = new FileStream(CsrPemFile, FileMode.Open),
s = vlt.SaveAsset(csrAsset))
{
fs.CopyTo(s);
}
ci.KeyPemFile = keyPemFile;
ci.CsrPemFile = csrPemFile;
}
if (v.Certificates == null)
v.Certificates = new EntityDictionary<CertificateInfo>();
v.Certificates.Add(ci);
vlt.SaveVault(v);
WriteObject(ci);
}
}