Skip to content

Commit d69f33d

Browse files
doebrowskdoebrowsk
authored
Merge pull request #35 from Keyfactor/memory-stream-fix
Memory stream fix
2 parents 99d66e7 + c46ef75 commit d69f33d

File tree

3 files changed

+22
-10
lines changed

3 files changed

+22
-10
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
3.0.1
2+
* Fixed a bug where memory streams closed early before submitting certificates to ACM in Management Add jobs
3+
* Fixed a bug where ACM tags would be "set" even if none where entered, preventing a certificate from being added without tags
4+
15
3.0.0
26
* Upgrade to AWS SDK v4
37
* All interactions with AWS now target the Region specified in `Store Path` with no "default" Region considered

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -370,8 +370,8 @@ When migrating to the `AWS-ACM-v3` type please note that field usage has changed
370370

371371
Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form.
372372

373-
| Attribute | Description |
374-
| --------- | ----------- |
373+
| Attribute | Description |
374+
| --------- |---------------------------------------------------------|
375375
| Category | Select "AWS Certificate Manager v3" or the customized certificate store name from the previous step. |
376376
| Container | Optional container to associate certificate store with. |
377377
| Client Machine | This is a full AWS ARN specifying a Role. This is the Role that will be assumed in any Auth scenario performing Assume Role. This will dictate what certificates are usable by the orchestrator. A preceding [profile] name should be included if a Credential Profile is to be used in Default Sdk Auth. |

aws-acm-orchestrator/Jobs/Management.cs

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,7 @@ internal JobResult PerformAddition(AwsExtensionCredential awsCredentials, Manage
199199
Logger.LogTrace($"Got certPem {certPem}");
200200
//Create Memory Stream For Server Cert
201201
ImportCertificateRequest icr;
202+
ImportCertificateResponse IcrResponse;
202203
using (MemoryStream serverCertStream = CertStringToStream(certPem))
203204
{
204205
using (MemoryStream privateStream = CertStringToStream(privateKeyString))
@@ -211,17 +212,24 @@ internal JobResult PerformAddition(AwsExtensionCredential awsCredentials, Manage
211212
PrivateKey = privateStream,
212213
CertificateChain = chainStream
213214
};
215+
216+
icr.CertificateArn = config.JobCertificate.Alias?.Length >= 20 ? config.JobCertificate.Alias.Trim() : null; //If an arn is provided, use it, this will perform a renewal/replace
217+
Logger.LogTrace($"Certificate arn {icr.CertificateArn}");
218+
219+
if (acmTags != null && acmTags.Count > 0)
220+
{
221+
Logger.LogDebug($"Number of ACM tags added to certificate: {acmTags.Count}");
222+
icr.Tags = acmTags;
223+
}
224+
else
225+
{
226+
Logger.LogDebug("No ACM tags were added to the certificate");
227+
}
228+
229+
IcrResponse = AsyncHelpers.RunSync(() => AcmClient.ImportCertificateAsync(icr));
214230
}
215231
}
216232
}
217-
icr.CertificateArn = config.JobCertificate.Alias?.Length >= 20 ? config.JobCertificate.Alias.Trim() : null; //If an arn is provided, use it, this will perform a renewal/replace
218-
if (icr.CertificateArn == null )
219-
{
220-
icr.Tags = acmTags;
221-
}
222-
Logger.LogTrace($"Certificate arn {icr.CertificateArn}");
223-
224-
ImportCertificateResponse IcrResponse = AsyncHelpers.RunSync(() => AcmClient.ImportCertificateAsync(icr));
225233
Logger.LogTrace($"IcrResponse JSON: {JsonConvert.SerializeObject(IcrResponse)}");
226234
// Ensure 200 Response
227235
if (IcrResponse.HttpStatusCode == HttpStatusCode.OK)

0 commit comments

Comments
 (0)