Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Export-VenafiCertificate doesn't support IncludePrivateKey with JKS format #26

Closed
harrisonmeister opened this issue Aug 19, 2021 · 0 comments · Fixed by #27
Closed

Export-VenafiCertificate doesn't support IncludePrivateKey with JKS format #26

harrisonmeister opened this issue Aug 19, 2021 · 0 comments · Fixed by #27

Comments

@harrisonmeister
Copy link
Contributor

Summary

The Export-VenafiCertificate function doesn't support IncludePrivateKey with the JKS format.

Environment

Windows

Operating System: 10.0.14393.0
VenafiTppPS version: 3.1.5
PowerShell version:  5.1.14393.3866 (Desktop)

Linux

Operating System: Linux 5.11.0-27-generic #29~20.04.1-Ubuntu SMP Wed Aug 11 15:58:17 UTC 2021
VenafiTppPS version: 3.1.5
PowerShell version:  7.1.4 (Core)

Steps to reproduce

On TPP (not VaaS), attempt to export a certificate with the following call:

$Certificate = Export-VenafiCertificate -Format "JKS" -CertificateId "Path\To\Your\Certificate" -FriendlyName "MyFriendlyName" -IncludePrivateKey -KeystorePassword $SecureKeyPass

Expected behavior

The docs state for IncludePrivateKey:

When the Format is Base64 (PKCS #8), PKCS #12, or JKS, you can specify whether to return the private key

I expect to receive a certificate response with the certificate in JKS format, including the private key.

Actual behavior

An error is received:

Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.

I think part of the issue that the $IncludePrivateKey property doesn't have the TppJks parameter set included here

Adding the parameter set is fine:

[Parameter(ParameterSetName = 'Tpp')]
[Parameter(ParameterSetName = 'TppJks')]
[switch] $IncludePrivateKey,

However in a trace when testing, to provide the IncludePrivateKey property in the request body, you have to specify the field Password and KeyStorePassword if you want the exported certificate to be in the JKS format:

image

In the above screenshot, Request 27 included the chain, but not the IncludePrivateKey property:

{
    "KeystorePassword":  "YOURPASSWORD",
    "CertificateDN":  "\\PATH\\Tp\\Certificate",
    "Format":  "JKS",
    "FriendlyName":  "MyFriendlyName",
    "IncludeChain":  true
}

In Request 36, you'll notice the body size increased from 3,270 to 6,230. The request for that included both the Password and IncludePrivateKey property:

{
    "Password":  "YOURPASSWORD",
    "KeystorePassword":  "YOURPASSWORD",
    "CertificateDN":  "\\PATH\\Tp\\Certificate",
    "Format":  "JKS",
    "FriendlyName":  "MyFriendlyName",
    "IncludeChain":  true,
    "IncludePrivateKey":  true
}

Screenshots

image
harrisonmeister added a commit to harrisonmeister/VenafiPS that referenced this issue Aug 19, 2021
@harrisonmeister
Add IncludePrivateKey support for JKS in Export-VenafiCertificate. Fixes
097f692 
 Venafi#26
@harrisonmeister harrisonmeister mentioned this issue Aug 19, 2021
Merged
gdbarron pushed a commit that referenced this issue Sep 8, 2021
@harrisonmeister
Various fixes for Exporting a certificate (#27)
f766beb 
* Mask CertficateData property in Write-VerboseWithSecret. Resolves #25

* Add IncludeChain support for JKS in Export-VenafiCertificate. Fixes #24

* Add IncludePrivateKey support for JKS in Export-VenafiCertificate. Fixes #26

* Update Export-VenafiCertificate example to correct function name

* Updates to Export-VenafiCertificate based on review feedback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Various fixes for Exporting a certificate harrisonmeister/VenafiPS
1 participant
@harrisonmeister