Keyfactor
diff --git a/‎.github/workflows/keyfactor-starter-workflow.yml
+2-1 b/‎.github/workflows/keyfactor-starter-workflow.yml
+2-1
diff --git a/‎CHANGELOG.md
+7 b/‎CHANGELOG.md
+7
diff --git a/‎README.md
+1,139-343 b/‎README.md
+1,139-343
diff --git a/‎RemoteFile/Discovery.cs
+3-1 b/‎RemoteFile/Discovery.cs
+3-1
diff --git a/‎RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs
+4-4 b/‎RemoteFile/ImplementedStoreTypes/KDB/KDBCertificateStoreSerializer.cs
+4-4
diff --git a/‎RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs
+4-4 b/‎RemoteFile/ImplementedStoreTypes/OraWlt/OraWltCertificateStoreSerializer.cs
+4-4
diff --git a/‎RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
+31-13 b/‎RemoteFile/ImplementedStoreTypes/PEM/PEMCertificateStoreSerializer.cs
+31-13
diff --git a/‎RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
+62-4 b/‎RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
+62-4
diff --git a/‎RemoteFile/InventoryBase.cs
+1-1 b/‎RemoteFile/InventoryBase.cs
+1-1
diff --git a/‎RemoteFile/ManagementBase.cs
+1-1 b/‎RemoteFile/ManagementBase.cs
+1-1
diff --git a/‎RemoteFile/Models/SerializedStoreInfo.cs
+1-1 b/‎RemoteFile/Models/SerializedStoreInfo.cs
+1-1
diff --git a/‎RemoteFile/RemoteCertificateStore.cs
+9-3 b/‎RemoteFile/RemoteCertificateStore.cs
+9-3
@@ -11,9 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    uses: keyfactor/actions/.github/workflows/starter.yml@3.1.1
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
@@ -1,3 +1,10 @@
+v2.9.0
+- Modify Discovery on Linux servers to filter out ignored folders when searching using the Find command rather than eliminating them after.  This was done to eliminate permissions errors.
+- Deprecated isRSAPrivateKey custom property on RFPEM certificate store type.  Integration now reads the existing private key to determin if it is formatted as PKCS#1 or PKCS#8 and, on renewal, keeps the format the same.  For new PEM certificate stores/certificates, PKCS#8 will always be used.  PLEASE NOTE, for existing certificate stores that already have isRSAPrivateKey defined, this setting will be ignored.
+- Modified RFPkcs12 store type to handle single store certificate stores with no friendly name/alias
+- Modify to create 2 builds - one for .net6 and one for .net8
+- Update README to new DocTool format
+
 v2.8.1
 - Fixed issue were sensitive information could be exposed at debug logging level
 
 
@@ -16,6 +16,7 @@
 
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using static Keyfactor.PKI.PKIConstants.Microsoft;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -67,7 +68,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd
                 if (filesTosearch.Length == 0)
                     filesTosearch = new string[] { "*" };
 
-                locations = certificateStore.FindStores(directoriesToSearch, extensionsToSearch, filesTosearch, includeSymLinks);
+                locations = certificateStore.FindStores(directoriesToSearch, extensionsToSearch, filesTosearch, ignoredDirs, includeSymLinks);
+
                 foreach (string ignoredDir in ignoredDirs)
                 {
                     locations = locations.Where(p => !p.StartsWith(ignoredDir) && !p.ToLower().StartsWith("find:")).ToList();
 
@@ -51,9 +51,9 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
                 byte[] storeBytes = remoteHandler.DownloadCertificateFile($"{storePath}{tempCertFile}");
                 store.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
             }
-            catch (Exception ex)
+            catch (Exception)
             {
-                throw ex;
+                throw;
             }
             finally
             {
@@ -90,9 +90,9 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
                 storeInfo.Add(new SerializedStoreInfo() { Contents = storeContents, FilePath = storePath+storeFileName });
                 return storeInfo;
             }
-            catch (Exception ex)
+            catch (Exception)
             {
-                throw ex;
+                throw;
             }
             finally
             {
 
@@ -59,9 +59,9 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
                 JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);
                 store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, isInventory);
             }
-            catch (Exception ex)
+            catch (Exception)
             {
-                throw ex;
+                throw;
             }
             finally
             {
@@ -101,9 +101,9 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
                 storeInfo.Add(new SerializedStoreInfo() { Contents = storeContents, FilePath = storePath+storeFileName });
                 return storeInfo;
             }
-            catch (Exception ex)
+            catch (Exception)
             {
-                throw ex;
+                throw;
             }
             finally
             {
 
@@ -39,7 +39,6 @@ class PEMCertificateStoreSerializer : ICertificateStoreSerializer
         private bool IsTrustStore { get; set; }
         private bool IncludesChain { get; set; }
         private string SeparatePrivateKeyFilePath { get; set; }
-        private bool IsRSAPrivateKey { get; set; }
         private bool IgnorePrivateKeyOnInventory { get; set; }
 
         private ILogger logger;
@@ -53,9 +52,6 @@ public PEMCertificateStoreSerializer(string storeProperties)
         public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, string storePath, string storePassword, IRemoteHandler remoteHandler, bool isInventory)
         {
             logger.MethodEntry(LogLevel.Debug);
-
-            if (IsRSAPrivateKey && !string.IsNullOrEmpty(storePassword))
-                throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
 
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
             Pkcs12Store store = storeBuilder.Build();
@@ -72,7 +68,12 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s
             }
             else
             {
-                AsymmetricKeyEntry keyEntry = GetPrivateKey(storeContents, storePassword ?? string.Empty, remoteHandler);
+                bool isRSAPrivateKey = false;
+                AsymmetricKeyEntry keyEntry = GetPrivateKey(storeContents, storePassword ?? string.Empty, remoteHandler, out isRSAPrivateKey);
+
+                if (isRSAPrivateKey && !string.IsNullOrEmpty(storePassword))
+                    throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
+
                 store.SetKeyEntry(CertificateConverterFactory.FromBouncyCastleCertificate(certificates[0].Certificate).ToX509Certificate2().Thumbprint, keyEntry, certificates);
             }
 
@@ -93,9 +94,6 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
         {
             logger.MethodEntry(LogLevel.Debug);
 
-            if (IsRSAPrivateKey && !string.IsNullOrEmpty(storePassword))
-                throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
-
             string pemString = string.Empty;
             string keyString = string.Empty;
             List<SerializedStoreInfo> storeInfo = new List<SerializedStoreInfo>();
@@ -113,6 +111,17 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
             }
             else
             {
+                string storeContents = Encoding.ASCII.GetString(remoteHandler.DownloadCertificateFile(storePath + storeFileName));
+                bool isRSAPrivateKey = false;
+                try
+                {
+                    GetPrivateKey(storeContents, storePassword, remoteHandler, out isRSAPrivateKey);
+                }
+                catch (RemoteFileException) { }
+
+                if (isRSAPrivateKey && !string.IsNullOrEmpty(storePassword))
+                    throw new RemoteFileException($"Certificate store with an RSA Private Key cannot contain a store password.  Invalid store format not supported.");
+
                 bool keyEntryProcessed = false;
                 foreach (string alias in certificateStore.Aliases)
                 {
@@ -131,7 +140,7 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer
                     X509CertificateEntry[] certEntries = certificateStore.GetCertificateChain(alias);
                     AsymmetricKeyParameter publicKey = certEntries[0].Certificate.GetPublicKey();
 
-                    if (IsRSAPrivateKey)
+                    if (isRSAPrivateKey)
                     {
                         TextWriter textWriter = new StringWriter();
                         PemWriter pemWriter = new PemWriter(textWriter);
@@ -185,7 +194,6 @@ private void LoadCustomProperties(string storeProperties)
             IsTrustStore = properties.IsTrustStore == null || string.IsNullOrEmpty(properties.IsTrustStore.Value) ? false : bool.Parse(properties.IsTrustStore.Value);
             IncludesChain = properties.IncludesChain == null || string.IsNullOrEmpty(properties.IncludesChain.Value) ? false : bool.Parse(properties.IncludesChain.Value);
             SeparatePrivateKeyFilePath = properties.SeparatePrivateKeyFilePath == null || string.IsNullOrEmpty(properties.SeparatePrivateKeyFilePath.Value) ? String.Empty : properties.SeparatePrivateKeyFilePath.Value;
-            IsRSAPrivateKey = properties.IsRSAPrivateKey == null || string.IsNullOrEmpty(properties.IsRSAPrivateKey.Value) ? false : bool.Parse(properties.IsRSAPrivateKey.Value);
             IgnorePrivateKeyOnInventory = properties.IgnorePrivateKeyOnInventory == null || string.IsNullOrEmpty(properties.IgnorePrivateKeyOnInventory.Value) ? false : bool.Parse(properties.IgnorePrivateKeyOnInventory.Value);
 
             logger.MethodExit(LogLevel.Debug);
@@ -222,7 +230,7 @@ private X509CertificateEntry[] GetCertificates(string certificates)
             return certificateEntries.ToArray();
         }
 
-        private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassword, IRemoteHandler remoteHandler)
+        private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassword, IRemoteHandler remoteHandler, out bool isRSA)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -231,8 +239,18 @@ private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassw
                 storeContents = Encoding.ASCII.GetString(remoteHandler.DownloadCertificateFile(SeparatePrivateKeyFilePath));
             }
 
+            isRSA = false;
+            foreach (string begDelim in PrivateKeyDelimetersPkcs1)
+            {
+                if (storeContents.Contains(begDelim))
+                {
+                    isRSA = true;
+                    break;
+                }
+            }
+
             string privateKey = string.Empty;
-            foreach (string begDelim in IsRSAPrivateKey ? PrivateKeyDelimetersPkcs1 : PrivateKeyDelimetersPkcs8)
+            foreach (string begDelim in isRSA ? PrivateKeyDelimetersPkcs1 : PrivateKeyDelimetersPkcs8)
             {
                 string endDelim = begDelim.Replace("BEGIN", "END");
 
@@ -252,7 +270,7 @@ private AsymmetricKeyEntry GetPrivateKey(string storeContents, string storePassw
                 throw new RemoteFileException("Invalid private key: No private key or invalid private key format found.");
 
             PrivateKeyConverter c;
-            if (IsRSAPrivateKey)
+            if (isRSA)
             {
                 RSA rsa = RSA.Create();
                 int bytesRead;
 
@@ -5,6 +5,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 // and limitations under the License.
 
+using System;
 using System.IO;
 using System.Collections.Generic;
 using Keyfactor.Extensions.Orchestrator.RemoteFile.RemoteHandlers;
@@ -13,12 +14,15 @@
 using Org.BouncyCastle.Pkcs;
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
+using System.Linq;
+using Keyfactor.PKI.Extensions;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.PKCS12
 {
     class PKCS12CertificateStoreSerializer : ICertificateStoreSerializer
     {
         private ILogger logger;
+        private bool HasEmptyAliases { get; set; }
 
         public PKCS12CertificateStoreSerializer(string storeProperties)
         {
@@ -28,21 +32,46 @@ public PKCS12CertificateStoreSerializer(string storeProperties)
         public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword, IRemoteHandler remoteHandler, bool isInventory)
         {
             Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
-            Pkcs12Store store = storeBuilder.Build();
+            Pkcs12Store workingStore = storeBuilder.Build();
+            Pkcs12Store returnStore = storeBuilder.Build();
 
             using (MemoryStream ms = new MemoryStream(storeContents))
             {
-                store.Load(ms, string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
+                workingStore.Load(ms, string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());
             }
 
-            return store;
+            if (workingStore.Aliases.Where(p => string.IsNullOrEmpty(p)).Count() > 0 && workingStore.Aliases.Where(p => !string.IsNullOrEmpty(p)).Count() > 0)
+                throw new Exception("Certificate store contains entries with both empty and non-empty friendly names.  This configuration is not supported in this store type.");
+
+            HasEmptyAliases = workingStore.Aliases.Where(p => string.IsNullOrEmpty(p)).Count() > 0;
+
+            returnStore = ConvertAliases(workingStore, true);
+
+            return returnStore;
         }
 
         public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler)
         {
+            Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+            Pkcs12Store workingStore = storeBuilder.Build();
+
+            foreach (string alias in certificateStore.Aliases)
+            {
+                if (certificateStore.IsKeyEntry(alias))
+                {
+                    workingStore.SetKeyEntry(alias, certificateStore.GetKey(alias), certificateStore.GetCertificateChain(alias));
+                }
+                else
+                {
+                    workingStore.SetCertificateEntry(alias, certificateStore.GetCertificate(alias));
+                }
+            }
+
+            Pkcs12Store outputCertificateStore = ConvertAliases(workingStore, false);
+
             using (MemoryStream outStream = new MemoryStream())
             {
-                certificateStore.Save(outStream, string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom());
+                outputCertificateStore.Save(outStream, string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom());
 
                 List<SerializedStoreInfo> storeInfo = new List<SerializedStoreInfo>();
                 storeInfo.Add(new SerializedStoreInfo() { FilePath = storePath+storeFileName, Contents = outStream.ToArray() });
@@ -55,5 +84,34 @@ public string GetPrivateKeyPath()
         {
             return null;
         }
+
+        private Pkcs12Store ConvertAliases(Pkcs12Store workingStore, bool useThumbprintAsAlias)
+        {
+            Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
+            Pkcs12Store returnStore = storeBuilder.Build();
+
+            if (HasEmptyAliases)
+            {
+                foreach (string alias in workingStore.Aliases)
+                {
+                    if (workingStore.IsKeyEntry(alias))
+                    {
+                        X509CertificateEntry cert = workingStore.GetCertificate(alias);
+                        returnStore.SetKeyEntry(useThumbprintAsAlias ? cert.Certificate.Thumbprint() : string.Empty, workingStore.GetKey(alias), workingStore.GetCertificateChain(alias));
+                    }
+                    else
+                    {
+                        X509CertificateEntry cert = workingStore.GetCertificate(alias);
+                        returnStore.SetCertificateEntry(cert.Certificate.Thumbprint(), cert);
+                    }
+                }
+            }
+            else
+            {
+                returnStore = workingStore;
+            }
+
+            return returnStore;
+        }
     }
 }
@@ -31,7 +31,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
             logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
             logger.LogDebug($"Server: { config.CertificateStoreDetails.ClientMachine }");
             logger.LogDebug($"Store Path: { config.CertificateStoreDetails.StorePath }");
-            logger.LogDebug($"Job Properties:"); 
+            logger.LogDebug($"Job Properties:");
             foreach (KeyValuePair<string, object> keyValue in config.JobProperties ?? new Dictionary<string,object>())
             {
                 logger.LogDebug($"    {keyValue.Key}: {keyValue.Value}");
 
@@ -30,7 +30,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
             ILogger logger = LogHandler.GetClassLogger(this.GetType());
             logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");
             logger.LogDebug($"Server: {config.CertificateStoreDetails.ClientMachine}");
-            logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}"); 
+            logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}");
             logger.LogDebug($"Job Properties:");
             foreach (KeyValuePair<string, object> keyValue in config.JobProperties == null ? new Dictionary<string, object>() : config.JobProperties)
             {
 
@@ -9,7 +9,7 @@
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile.Models
 {
-    class SerializedStoreInfo : X509Certificate2
+    internal class SerializedStoreInfo
     {
         public string FilePath { get; set; }
 
 
@@ -137,7 +137,7 @@ internal void Terminate()
             logger.MethodExit(LogLevel.Debug);
         }
 
-        internal List<string> FindStores(string[] paths, string[] extensions, string[] files, bool includeSymLinks)
+        internal List<string> FindStores(string[] paths, string[] extensions, string[] files, string[] ignoredDirs, bool includeSymLinks)
         {
             logger.MethodEntry(LogLevel.Debug);
 
@@ -153,7 +153,7 @@ internal List<string> FindStores(string[] paths, string[] extensions, string[] f
             if (DiscoveredStores != null)
                 return DiscoveredStores;
 
-            return ServerType == ServerTypeEnum.Linux ? FindStoresLinux(paths, extensions, files, includeSymLinks) : FindStoresWindows(paths, extensions, files);
+            return ServerType == ServerTypeEnum.Linux ? FindStoresLinux(paths, extensions, files, ignoredDirs, includeSymLinks) : FindStoresWindows(paths, extensions, files);
         }
 
         internal List<X509Certificate2Collection> GetCertificateChains()
@@ -511,14 +511,20 @@ private bool IsValueSafeRegex(string value)
             return regex.IsMatch(value);
         }
 
-        private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, bool includeSymLinks)
+        private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, string[] ignoredDirs, bool includeSymLinks)
         {
             logger.MethodEntry(LogLevel.Debug);
 
             try
             {
                 string concatPaths = string.Join(" ", paths);
                 string command = $"find {concatPaths} -path /proc -prune -o ";
+
+                foreach (string ignoredDir in ignoredDirs)
+                {
+                    command += $"-path {ignoredDir} -prune -o ";
+                }
+
                 if (!includeSymLinks)
                     command += " -type f ";
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`
`17`	`17`	`using Microsoft.Extensions.Logging;`
`18`	`18`	`using Newtonsoft.Json;`
	`19`	`+using static Keyfactor.PKI.PKIConstants.Microsoft;`
`19`	`20`
`20`	`21`	`namespace Keyfactor.Extensions.Orchestrator.RemoteFile`
`21`	`22`	`{`
`@@ -67,7 +68,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd`
`67`	`68`	`if (filesTosearch.Length == 0)`
`68`	`69`	`filesTosearch = new string[] { "*" };`
`69`	`70`
`70`		`- locations = certificateStore.FindStores(directoriesToSearch, extensionsToSearch, filesTosearch, includeSymLinks);`
	`71`	`+ locations = certificateStore.FindStores(directoriesToSearch, extensionsToSearch, filesTosearch, ignoredDirs, includeSymLinks);`
	`72`	`+`
`71`	`73`	`foreach (string ignoredDir in ignoredDirs)`
`72`	`74`	`{`
`73`	`75`	`locations = locations.Where(p => !p.StartsWith(ignoredDir) && !p.ToLower().StartsWith("find:")).ToList();`
Original file line number	Diff line number	Diff line change
`@@ -51,9 +51,9 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s`
`51`	`51`	`byte[] storeBytes = remoteHandler.DownloadCertificateFile($"{storePath}{tempCertFile}");`
`52`	`52`	`store.Load(new MemoryStream(storeBytes), string.IsNullOrEmpty(storePassword) ? new char[0] : storePassword.ToCharArray());`
`53`	`53`	`}`
`54`		`- catch (Exception ex)`
	`54`	`+ catch (Exception)`
`55`	`55`	`{`
`56`		`- throw ex;`
	`56`	`+ throw;`
`57`	`57`	`}`
`58`	`58`	`finally`
`59`	`59`	`{`
`@@ -90,9 +90,9 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer`
`90`	`90`	`storeInfo.Add(new SerializedStoreInfo() { Contents = storeContents, FilePath = storePath+storeFileName });`
`91`	`91`	`return storeInfo;`
`92`	`92`	`}`
`93`		`- catch (Exception ex)`
	`93`	`+ catch (Exception)`
`94`	`94`	`{`
`95`		`- throw ex;`
	`95`	`+ throw;`
`96`	`96`	`}`
`97`	`97`	`finally`
`98`	`98`	`{`
Original file line number	Diff line number	Diff line change
`@@ -59,9 +59,9 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContentBytes, s`
`59`	`59`	`JKSCertificateStoreSerializer serializer = new JKSCertificateStoreSerializer(String.Empty);`
`60`	`60`	`store = serializer.DeserializeRemoteCertificateStore(storeBytes, $"{WorkFolder}{tempStoreFileJKS}", storePassword, remoteHandler, isInventory);`
`61`	`61`	`}`
`62`		`- catch (Exception ex)`
	`62`	`+ catch (Exception)`
`63`	`63`	`{`
`64`		`- throw ex;`
	`64`	`+ throw;`
`65`	`65`	`}`
`66`	`66`	`finally`
`67`	`67`	`{`
`@@ -101,9 +101,9 @@ public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store cer`
`101`	`101`	`storeInfo.Add(new SerializedStoreInfo() { Contents = storeContents, FilePath = storePath+storeFileName });`
`102`	`102`	`return storeInfo;`
`103`	`103`	`}`
`104`		`- catch (Exception ex)`
	`104`	`+ catch (Exception)`
`105`	`105`	`{`
`106`		`- throw ex;`
	`106`	`+ throw;`
`107`	`107`	`}`
`108`	`108`	`finally`
`109`	`109`	`{`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd`
`31`	`31`	`logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");`
`32`	`32`	`logger.LogDebug($"Server: { config.CertificateStoreDetails.ClientMachine }");`
`33`	`33`	`logger.LogDebug($"Store Path: { config.CertificateStoreDetails.StorePath }");`
`34`		`- logger.LogDebug($"Job Properties:");`
	`34`	`+ logger.LogDebug($"Job Properties:");`
`35`	`35`	`foreach (KeyValuePair<string, object> keyValue in config.JobProperties ?? new Dictionary<string,object>())`
`36`	`36`	`{`
`37`	`37`	`logger.LogDebug($" {keyValue.Key}: {keyValue.Value}");`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)`
`30`	`30`	`ILogger logger = LogHandler.GetClassLogger(this.GetType());`
`31`	`31`	`logger.LogDebug($"Begin {config.Capability} for job id {config.JobId}...");`
`32`	`32`	`logger.LogDebug($"Server: {config.CertificateStoreDetails.ClientMachine}");`
`33`		`- logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}");`
	`33`	`+ logger.LogDebug($"Store Path: {config.CertificateStoreDetails.StorePath}");`
`34`	`34`	`logger.LogDebug($"Job Properties:");`
`35`	`35`	`foreach (KeyValuePair<string, object> keyValue in config.JobProperties == null ? new Dictionary<string, object>() : config.JobProperties)`
`36`	`36`	`{`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`
`10`	`10`	`namespace Keyfactor.Extensions.Orchestrator.RemoteFile.Models`
`11`	`11`	`{`
`12`		`- class SerializedStoreInfo : X509Certificate2`
	`12`	`+ internal class SerializedStoreInfo`
`13`	`13`	`{`
`14`	`14`	`public string FilePath { get; set; }`
`15`	`15`
Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ internal void Terminate()`
`137`	`137`	`logger.MethodExit(LogLevel.Debug);`
`138`	`138`	`}`
`139`	`139`
`140`		`- internal List<string> FindStores(string[] paths, string[] extensions, string[] files, bool includeSymLinks)`
	`140`	`+ internal List<string> FindStores(string[] paths, string[] extensions, string[] files, string[] ignoredDirs, bool includeSymLinks)`
`141`	`141`	`{`
`142`	`142`	`logger.MethodEntry(LogLevel.Debug);`
`143`	`143`
`@@ -153,7 +153,7 @@ internal List<string> FindStores(string[] paths, string[] extensions, string[] f`
`153`	`153`	`if (DiscoveredStores != null)`
`154`	`154`	`return DiscoveredStores;`
`155`	`155`
`156`		`- return ServerType == ServerTypeEnum.Linux ? FindStoresLinux(paths, extensions, files, includeSymLinks) : FindStoresWindows(paths, extensions, files);`
	`156`	`+ return ServerType == ServerTypeEnum.Linux ? FindStoresLinux(paths, extensions, files, ignoredDirs, includeSymLinks) : FindStoresWindows(paths, extensions, files);`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`internal List<X509Certificate2Collection> GetCertificateChains()`
`@@ -511,14 +511,20 @@ private bool IsValueSafeRegex(string value)`
`511`	`511`	`return regex.IsMatch(value);`
`512`	`512`	`}`
`513`	`513`
`514`		`- private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, bool includeSymLinks)`
	`514`	`+ private List<string> FindStoresLinux(string[] paths, string[] extensions, string[] fileNames, string[] ignoredDirs, bool includeSymLinks)`
`515`	`515`	`{`
`516`	`516`	`logger.MethodEntry(LogLevel.Debug);`
`517`	`517`
`518`	`518`	`try`
`519`	`519`	`{`
`520`	`520`	`string concatPaths = string.Join(" ", paths);`
`521`	`521`	`string command = $"find {concatPaths} -path /proc -prune -o ";`
	`522`	`+`
	`523`	`+ foreach (string ignoredDir in ignoredDirs)`
	`524`	`+ {`
	`525`	`+ command += $"-path {ignoredDir} -prune -o ";`
	`526`	`+ }`
	`527`	`+`
`522`	`528`	`if (!includeSymLinks)`
`523`	`529`	`command += " -type f ";`
`524`	`530`