From 0101f528f80738e1b2eb48411e3192ae59e48c99 Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 30 Jun 2023 10:58:32 -0400 Subject: [PATCH 01/42] add comments --- .../CertCentralCAConnector.cs | 104 +++++++++++++++++- 1 file changed, 103 insertions(+), 1 deletion(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 2881854..dabc244 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -41,6 +41,17 @@ public void Initialize(ICAConnectorConfigProvider configProvider, ICertificateDa _config = JsonConvert.DeserializeObject(rawConfig); } + /// + /// Enroll for a certificate + /// + /// The CSR for the certificate request + /// The subject string + /// The list of SANs + /// Collection of product information and options. Includes both product-level config options as well as custom enrollment fields. + /// The format of the request + /// The type of enrollment (new, renew, reissue) + /// The result of the enrollment + /// public async Task Enroll(string csr, string subject, Dictionary san, EnrollmentProductInfo productInfo, RequestFormat requestFormat, EnrollmentType enrollmentType) { _logger.MethodEntry(LogLevel.Trace); @@ -206,6 +217,8 @@ public async Task Enroll(string csr, string subject, Dictionar var renewWindow = (productInfo.ProductParameters.ContainsKey(CertCentralConstants.Config.RENEWAL_WINDOW)) ? int.Parse(productInfo.ProductParameters[CertCentralConstants.Config.RENEWAL_WINDOW]) : 90; string priorCertSnString = null; string priorCertReqID = null; + + // Current gateway core leaves it up to the integration to determine if it is a renewal or a reissue if (enrollmentType == EnrollmentType.RenewOrReissue) { //// Determine if we're going to do a renew or a reissue. @@ -272,6 +285,10 @@ public async Task Enroll(string csr, string subject, Dictionar } } + /// + /// Get the annotations for the CA Connector-level configuration fields + /// + /// public Dictionary GetCAConnectorAnnotations() { return new Dictionary() @@ -303,6 +320,10 @@ public Dictionary GetCAConnectorAnnotations() }; } + /// + /// Get the list of valid product IDs from DigiCert + /// + /// public List GetProductIds() { try @@ -329,6 +350,12 @@ public List GetProductIds() } } + + /// + /// Retrieve a single record from DigiCert + /// + /// The gateway request ID of the record to retrieve, in the format 'orderID-certID' + /// public async Task GetSingleRecord(string caRequestID) { _logger.MethodEntry(LogLevel.Trace); @@ -372,6 +399,10 @@ public async Task GetSingleRecord(string caRequestID) }; } + /// + /// Get the annotations for the product-level configuration fields + /// + /// public Dictionary GetTemplateParameterAnnotations() { return new Dictionary() @@ -403,6 +434,11 @@ public Dictionary GetTemplateParameterAnnotations() }; } + /// + /// Verify connectivity with the DigiCert web service + /// + /// + /// public async Task Ping() { _logger.MethodEntry(LogLevel.Trace); @@ -428,6 +464,15 @@ public async Task Ping() _logger.MethodExit(LogLevel.Trace); } + /// + /// Revoke either a single certificate or an order, depending on your configuration settings + /// + /// + /// + /// + /// + /// + /// public async Task Revoke(string caRequestID, string hexSerialNumber, uint revocationReason) { _logger.MethodEntry(LogLevel.Trace); @@ -477,6 +522,15 @@ public async Task Revoke(string caRequestID, string hexSerialNumber, uint r return (int)RequestDisposition.REVOKED; } + /// + /// Perform an inventory of DigiCert certs + /// + /// Buffer to return retrieved certs in + /// DateTime of the last sync performed + /// If true, return all certs from DigiCert. If false, only return certs that are new or changed status since the lastSync time. + /// + /// + /// public async Task Synchronize(BlockingCollection blockingBuffer, DateTime? lastSync, bool fullSync, CancellationToken cancelToken) { _logger.MethodEntry(LogLevel.Trace); @@ -582,6 +636,11 @@ public async Task Synchronize(BlockingCollection blockin _logger.MethodExit(LogLevel.Trace); } + /// + /// Validate CA Connection-level configuration fields + /// + /// + /// public async Task ValidateCAConnectionInfo(Dictionary connectionInfo) { _logger.MethodEntry(LogLevel.Trace); @@ -631,6 +690,13 @@ private void ThrowValidationException(List errors) throw new ArgumentException(string.Join("\n", errors)); } + /// + /// Validate product-level configuration fields + /// + /// + /// + /// + /// public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Dictionary connectionInfo) { _logger.MethodEntry(LogLevel.Trace); @@ -821,6 +887,12 @@ private async Task ExtractEnrollmentResult(CertCentralClient c }; } + /// + /// Convert DigiCert status string into a RequestDisposition code + /// + /// + /// + /// private int GetCertificateStatusFromCA(string status, int orderId) { switch (status) @@ -851,6 +923,13 @@ private int GetCertificateStatusFromCA(string status, int orderId) } } + /// + /// Get the list of reissues for a given order + /// + /// + /// + /// + /// private List GetReissues(CertCentralClient digiClient, int orderId) { _logger.LogTrace($"Getting Reissues for order {orderId}"); @@ -879,6 +958,13 @@ private List GetReissues(CertCentralClient digiClient, int orderId) return reissueCerts; } + /// + /// Get the list of duplicate certs for a given order + /// + /// + /// + /// + /// private List GetDuplicates(CertCentralClient digiClient, int orderId) { _logger.LogTrace($"Getting Duplicates for order {orderId}"); @@ -977,6 +1063,11 @@ private async Task Reissue(CertCentralClient client, Enrollmen return await ExtractEnrollmentResult(client, client.ReissueCertificate(reissueRequest), commonName); } + /// + /// Verify that the given product ID is valid + /// + /// + /// private void CheckProductExistence(string productId) { // Check that the product type is still valid. @@ -1023,7 +1114,11 @@ string FormatSyncDate(DateTime? syncTime) return date + "+" + time; } - + /// + /// Get all of the certs for a given order, including reissues and duplicates, in CAConnectorCertificate form + /// + /// + /// private List GetAllConnectorCertsForOrder(string caRequestID) { _logger.MethodEntry(LogLevel.Trace); @@ -1071,6 +1166,13 @@ private List GetAllConnectorCertsForOrder(string caReque } return certList; } + + /// + /// Get all of the certs for a given order, including reissues and duplicates, in StatusOrder form + /// + /// + /// + /// private List GetAllCertsForOrder(int orderId) { CertCentralClient client = CertCentralClientUtilities.BuildCertCentralClient(_config); From 347b7104cc5d5e7c93f8ba2cf5d732e75e945608 Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 30 Jun 2023 12:39:22 -0400 Subject: [PATCH 02/42] add release_dir to manifest --- integration-manifest.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/integration-manifest.json b/integration-manifest.json index f9c7984..e0ca91a 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -7,5 +7,6 @@ "link_github": false, "update_catalog": false, "description": "DigiCert CertCentral plugin for the AnyCA Gateway framework", - "gateway_framework": "1.0.0" + "gateway_framework": "1.0.0", + "release_dir": "digicert-certcentral-anycagateway/bin/Release/net6.0" } From f2b8ea96fd8eaa214eb4aa671853ed44f2908b9f Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 30 Jun 2023 12:54:21 -0400 Subject: [PATCH 03/42] package reference --- Keyfactor.AnyGateway.ICAConnector.dll | Bin 0 -> 15360 bytes .../digicert-certcentral-anycagateway.csproj | 7 ++++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Keyfactor.AnyGateway.ICAConnector.dll diff --git a/Keyfactor.AnyGateway.ICAConnector.dll b/Keyfactor.AnyGateway.ICAConnector.dll new file mode 100644 index 0000000000000000000000000000000000000000..aee346c9eaa0a4332adc1a8181fc18a2fa0bd519 GIT binary patch literal 15360 zcmeHOdw5jUwO{AVBa;Au1VMoSho?xwNO+2fk{1s_z$64kEtyPCl99C0fQW+le)0*?!?^RcROnwP{irUU_((B*yYSgb4;!nW zoz&Qo$XZ>QbbBV&X~koyR61w1*jA=HWhGKp?b-&bGu>)OhYc&5>X=?vN3_}qP*>ko zt!{4zY4W5Y#t@=8kVKU9E9c^Fsj{HsvZ-*hl<~_o017!@0cyU2XoURucZXFfv>JBT za=97b5EqWR`iX`fCHlKq%Y!cJ5%4RthS8k8H3$BVN)Xh^SRLHptX_vtMyBHWQuv`81-&lZXmM>XWUI z_xtQ|OCx8SG|H(pr_C^kiUNJ0K{MC~NWqz?8#&vc0#|1{SI#_2rZm~sZP0^8iS@uc zA6`mFiiwU41KJMoZ_aXA@JEcgfMXKs>aq;leu}13KGGt(Y=LJ5&C02Q%11%m(=KAM z4*7J^{ni#=2;IX3#oIomSzN>&ncLAb4~+5N0fFF+G%Z`mnyy7F(zGY2HPry0!d7re zpF2L~;bR!37Ex}SCMtg$@nXLYx;5cc z*Owc=dGq4L@9Iv^7|?Q*XXok?_z|+DSOa|m7DyPcmmfabb=q{#00w4#w5w<~ z3pihZ*YJAr!1I@pSrILF*8~wxT_5Rr4-{>E{aF*Bf*#6}p+)}Q$QtR#E9&MyfK(yz3PD0{2NpkKG6yDu4 zwYE<5Vlx@!-*fLO)<(WW5r3mi>q2?7x<#7`c+?t~ zcvWp)s$1{@ef!i#kKWZ~5v`XM<3_&YU7WyFZt!yN#_f0d&P6C}+`hojuxrM>*yTO8 zb+SJk30_|IO-CW;&Fzz%ujn{2G)(KjS!}Zw>uL&ZpikiD=Z5Ud{}J?6(Y2L*d5`Kt zxkp2sm&~?r)OuB(4lUC}PV7cc(q)`gDu+vd`Jp>+GOHcs-9kTh??R=-!UKnYFhWnre=Q}nUBF)eWOefv_hw^bXL^-}bSIbPG_r{jk^d=&2f{5=U@K@T_b z`I0EQRYNZ@;P1oJydHTH*hM=Qc_K*QB6Ir?*SFqTc>k;l9~&>f{j-|JcwiyWoRJsK zCyv%osBm63-X8#i;9P9bLH(>Mz*dH}rcT0`uXX@uie2Y=cuypCnKQ8c6=jj5i~6|I z)MDE^Z!DVeN7EYuhO}r#$1082MwEBlI8vg)Qo%E~+aD1I#Gy?z$DaIEaX*tiGL<_z(E*3Tlzg}7BtLvl9LA~yzrtd2S?SK@WSD0z3s6e^F}jT?aZ#D zRN~$&@Z9D7wm|;lCe0<1Een_AImHQ_1<2ZiQ#THl-gAi;>ziY@uJ)A?7@K1S>PW#| z=Y@J+VBGDy%JuU5Gxfnbf$@I52H9PhPpj?N9kBR*cu0pVff48v$a&{FgPv4b)Ls9) zs_*f$kcuhs&AdK+V9KkPPVg{769*6L#1%R$tphKNITT-)tnCa^rIL%(qnqb7P9;R|`hN3Q-uew%pWyzT;h3UHo(FRTAqt>+@lzjayt7q)4}G`wCs@Uk1oJNqeTza?iSJ%ov_)4l7) z!vg_r3S{oq=Q~*CiQ&F~y}TBC|L#hyu@!s&FPr}kxL;1_lc3<?@1(mkci4 z9oj>#lR0+gzj{&b_3$41+~KXkfk(bG(ZkF>A9&<5c?T-Z>0T7dtd8x|Agd_3MSEeu zN$f4ob-&F^92{S(^3tS}H+C23Q}0A|8GD^$#LLYel>acQD_S3vr+4W7JSJYwbdBn5 zksF2z@q2@|NNCQK4aJEa*YWrG8=~X)ShMapCu;~|^}Ow^!}6k6I(3LvdC>|vE;&o= zn2Y^}PFAn^Z6T2jaJ&RI``C+#{flqW zL(kg3c;jekI4CXWM?}Qmb6vFIV?{*dWE~d|^knt8?GC^RiGqz@uNbKci9nwKX1sgI zdmcREKbd1(Y;k7NA1b>EW3@_u*Q%sy9N?dCdDQ&O9HS-Cd?Hm=Sgr%5Jp z=F|z`2`X*KdDM%CqQyVUfB#an_;8_TFb|0DU`cf9xxVzxaG*~i*7LIX^W~KuK#W)=t?XEqIcRu8Td*Nwd1}Zd3pTV(@OU&k zR-gm!NZTI*yOSgJ1IeVWZJs@%`lVWbj)N!qdD-=^4ESr8c^$iFgr=Bun{Ie={mIt=g-?$|4 zo$>{L8TIH1H+N6`bU|bMv0Fcy_VX83z5A;l)DHP#*=^BZ{^x6NZ+gR?Rk6P0)auK( z{@23AH`fI}STKLYH$MB!jXl5p+zoFOE&0=*fB*XBNAA1#%bz)G(j5Du7v8*RZgs=i z)ds0Z#L<(s%!|&B&YeBCQl=n8Nyx4*BAT)TuYz$u4bQw&8giLLsy)jCoOc2derU@2 z23mmve#=Btmakt~i~D)tKgO7+R43Cd;Q2D~-7x;PLYN`?(3nf3_e<}HO!=J+yhGge zDfo`W7hTFPYZxJ(Mx?K4xHHdRn8)==P>mo=8-f*~FuiMDSP-TsO)e)ROkWiGb#pu9 z5n{m3=%HJkU;k{7QSdw%#t8Z@1{LBm zJ|pO}=Dvba7-vwpsbS`dfRF3mj4(HpPC`5Q+Spf63F#!^9!FgzjRv;|*2fj>LtkZF z2aV@L+^!5OkL&J*O(Kit3pc4yaSMdo;nXceyGG+a&?}4wymFJ2uMqjoLiY#XM(u&% zJD`6Kvc787WGn$hx6Bs&R^jk;qsM6KKe2Ed=s2Nw2D$tmF}(?8)_H)M`U{O4ATfxk zDdovRTOeWkBTa*vjM1RJ{dE?*_sWyr2|t8>bBcrRWAN(L4tIsI7u=T=7uiKzw|Wwq z(Up;}&=GJSJKR8IFXrOD$*S(&NWcivg;NxFvH2KgZs=6SZ8ML6d(7dA(I29bgBLbO z8%MyEO;_A}Gh!6bGY+@HECF}v$*S&}&^RMPGiE66E1@aiUU0Y$;4Gx8d9lDIj*8&U zm?<1a`%T2jI>kj;vxq)+IMytp`{cpk%1AU)hu<=vSD~!bM%I9f%<`=ar3%G~Uxw1J z9gh7nl&+7ecI=m7RC}u8*e}EAU58`86w@8ERUP}Km>T&vzCgVjei=@|IZiwHWjK9X zaWV$ZD103VeLZ+9R)@L{gsw7fH%dM3;o#Q|&KG73!W0 zzGhe+_h#rVjT;eu*N|yO{eh4XF-)0Q;SLq(+?s+RsC&{u9Se>Dw{|Q&nryGSmiWzepAqaNC1;ksYAZAPLgxs14E6 zkc4Rnwi0AWvCMMQDIX8N>Rr)G!iB`^qXhIB8Uy+(suam7LeHg%=6S|Ylv|B2fF7aU zLiY&0N9Z>|1IG72ze)Q<@|4h@3w=@OA)#-9{#&4sYUy>X&lR-8D5TYNIp{jN8nltF z!47gHP}6V4vXXHWs1=h^w=+Sr_ceRdxY*4x=-jqp@)Q$ z!L1CTme5H;mkO;C+AK6Cv|s2>p#wtq2;D1mpU{Is4+$l#pV!F}+AOqR=z!3@LMb3R zLYE3{7TPa#r_ceRdxY*4x=-jqp@)R_huF@5(7i$r3Z<~v7rInvv(OJY(kOsW5IGdt z9&_gPcWEXU{)aNzZJquSo)0UD7rC{f@E;3$EDTf z!Rd(i`p`_!n_q74dQP~4B#q2ISg$4j-U|b2n|8G5Yzds$Yw}z_LH?9?wH4XKGkMHt5 zr-8P_lHK;EO{%`CCY?$tkJQF;F{(LQ5Th1q=*{Nr&ZzIaY;?JuvNMS|wZYX5y{R}Q zW7(V(;>0lF>!e+8$J3csBtLeALVk{&&Boeo0hKSw=j!b(>CH9)liir;v|R}G-KiY2 zY_PGnOWBb^T`GgQ?X*)lVeNcYWZYw|I=hf;$v&M~RMN z*%Z%FqAh`Ts)f#bZcJzL#99*$xh$msAwJL|Fu$FFE^GfU4R~|>Tc1w4AJ4d!J zgPEp8HjyW*%4Y4(mSk^ZBB!f1#xlUY41dCC_oOqMeH*U+GT>>lGgT00xhB)Ztser0Vs*VdhdAJZ9MsN5rF>g{A~tCX^Sy^Gmd zZ-Xmp(p|loM0-c>SXEf>sb0Ur2`kA1xkO8XlY(FCmw4K1?Y3BVGS|ebNFpUqkjKbM zqk1frp0!xUiEI{4-22K@B9}n=*~Y=0ig#qvDK6XCZPsD+xDnsjk+EZlSx?|#jXG1n zHSLn-XqDaD7K_7+(W+GMa)eY*tT(z+3&m(_GD&KoIOf51cTzT%k`=Wg(b{UKWKd4g zx#2Hf<94zUD>6kjQclWzD2bCE>g_fsw~8@;#njueY+9KeBpf8jcuUb~h6(P%vO$vO z$l@p@_&(8!@p(f-I7vm^OJ;d`ZcgU5exA^!T~0PjA5>v$GsRf?}o#E==YxkNn6<91!tnspW2=v$e>u9NP9H?}0= z_MmFDdhLu?uTmF+6?>_#?ge+0_v!4h$5FR6XQwzP38Y55vkSpzuZwXW1BfdAV{DZj z7_t`=NG4j%;4Mso)ES^>EGxl3SUOnZB?XmLvtkaz<{d~`@ffeb=|gRE(v4GeZcdD0 z!$*>(j5;+LLZkvlp1294>BcV{v{Lu>3Fm4x!5V40+fUO748 zxY$7GloEtYAfnxSuATJND<7-7bM~5>4tyy$mih0W{&-hs^-YtX8(s0~ zrz%2^lwa`1JD>mEn5%yB=17--tl9C9+=SyBY7KBHYj5kUq zh2WgeB|?>wL?SaBodQ*ez+&k%v$&WWOF@( zS$OZk7Npt?7Y4#5Ck5Hv!2lC9pdcQe3Gy;#r~rd3ol!a)%}15aH%f;VkFj0M|x}iwjS*&><90C@z*>#ut~4C@DiP7L_h4vJ7quxMf2vvvg7E2*ngS z*h{DKcuVUH__)jrn{aFyd!`Hp6W%Su*K`M3<_-iZRBFLP3WHNH;SrG(7Z>3XrxLHK z@k(jBL6iRGUWVwy!^xb5a~D=to?dzS?9&%S=SM5c7tNo)&|YLOSR^l2@UIF6o|E{R zz*F34j^2=ob*)LK>bAyhIfftwrF*gl9^OuhuBmIR!LhKatE^XQtw!@%a_1`41 z_-35$@c$$6WH)l6mFuuAJx!wq=?y!&ZN*ZpRxFvcayas4t(0xI+O7PLCpcZ(87qzx zLJmq+ygQpqcUu1LZzYf{ZB9v&An{^P;=LDM;ecWvo?N}L`J$GKKGo5DF?Q9Ki(5P5 z$m`kLdhXb=ZCg!k-LmB?DChhy1-ID6Ws6ILFZX{gRLv&%vNoAKCzeQ2XBJNawk-z` zuKi>hSxc4L{|V)Hd)^^t$W1WAUW%;!1ugnqJNcT#u6^`i@zqkv)Ke%NA)PJ z#DChX0lyM-nfk9AdOY~YBkCzvWfoN?I!mlz3FEHjz!Bh9i!a`G;~h>0b`p3~WW#0( zC&IKSO_f%SsEt9IMSToeJAvAiW8}eL1cnV@^0WD1ORpi377kZ52y;Kalgbkke3q1Q#Hy-kE8iphXU9MRPJ9u6eY$-_M zs7V94YLkN`gK@Dn*5>iF$~_5dY^4`{DU00N7W=HhJz8Rkdt`fYP#YH5CR<`jH?VMj zo#3j_qL-FC8a=r8LYhEbmw4D6sqagE0X`4!R9s*1sM*FE+*zBiRk-&$BTyqFSeuMC zuD@%ckri|a^rX+z;I`3YqKqEbi-b2XVXdzw^p!zxek@eteavk6GOp>+ - + + + ..\Keyfactor.AnyGateway.ICAConnector.dll + + + From 382cf67d394ec18ba819cde8e4c5e902020d16c0 Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 30 Jun 2023 12:57:08 -0400 Subject: [PATCH 04/42] package reference --- Keyfactor.AnyGateway.ICAConnector.dll | Bin 0 -> 15360 bytes .../digicert-certcentral-anycagateway.csproj | 7 ++++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Keyfactor.AnyGateway.ICAConnector.dll diff --git a/Keyfactor.AnyGateway.ICAConnector.dll b/Keyfactor.AnyGateway.ICAConnector.dll new file mode 100644 index 0000000000000000000000000000000000000000..aee346c9eaa0a4332adc1a8181fc18a2fa0bd519 GIT binary patch literal 15360 zcmeHOdw5jUwO{AVBa;Au1VMoSho?xwNO+2fk{1s_z$64kEtyPCl99C0fQW+le)0*?!?^RcROnwP{irUU_((B*yYSgb4;!nW zoz&Qo$XZ>QbbBV&X~koyR61w1*jA=HWhGKp?b-&bGu>)OhYc&5>X=?vN3_}qP*>ko zt!{4zY4W5Y#t@=8kVKU9E9c^Fsj{HsvZ-*hl<~_o017!@0cyU2XoURucZXFfv>JBT za=97b5EqWR`iX`fCHlKq%Y!cJ5%4RthS8k8H3$BVN)Xh^SRLHptX_vtMyBHWQuv`81-&lZXmM>XWUI z_xtQ|OCx8SG|H(pr_C^kiUNJ0K{MC~NWqz?8#&vc0#|1{SI#_2rZm~sZP0^8iS@uc zA6`mFiiwU41KJMoZ_aXA@JEcgfMXKs>aq;leu}13KGGt(Y=LJ5&C02Q%11%m(=KAM z4*7J^{ni#=2;IX3#oIomSzN>&ncLAb4~+5N0fFF+G%Z`mnyy7F(zGY2HPry0!d7re zpF2L~;bR!37Ex}SCMtg$@nXLYx;5cc z*Owc=dGq4L@9Iv^7|?Q*XXok?_z|+DSOa|m7DyPcmmfabb=q{#00w4#w5w<~ z3pihZ*YJAr!1I@pSrILF*8~wxT_5Rr4-{>E{aF*Bf*#6}p+)}Q$QtR#E9&MyfK(yz3PD0{2NpkKG6yDu4 zwYE<5Vlx@!-*fLO)<(WW5r3mi>q2?7x<#7`c+?t~ zcvWp)s$1{@ef!i#kKWZ~5v`XM<3_&YU7WyFZt!yN#_f0d&P6C}+`hojuxrM>*yTO8 zb+SJk30_|IO-CW;&Fzz%ujn{2G)(KjS!}Zw>uL&ZpikiD=Z5Ud{}J?6(Y2L*d5`Kt zxkp2sm&~?r)OuB(4lUC}PV7cc(q)`gDu+vd`Jp>+GOHcs-9kTh??R=-!UKnYFhWnre=Q}nUBF)eWOefv_hw^bXL^-}bSIbPG_r{jk^d=&2f{5=U@K@T_b z`I0EQRYNZ@;P1oJydHTH*hM=Qc_K*QB6Ir?*SFqTc>k;l9~&>f{j-|JcwiyWoRJsK zCyv%osBm63-X8#i;9P9bLH(>Mz*dH}rcT0`uXX@uie2Y=cuypCnKQ8c6=jj5i~6|I z)MDE^Z!DVeN7EYuhO}r#$1082MwEBlI8vg)Qo%E~+aD1I#Gy?z$DaIEaX*tiGL<_z(E*3Tlzg}7BtLvl9LA~yzrtd2S?SK@WSD0z3s6e^F}jT?aZ#D zRN~$&@Z9D7wm|;lCe0<1Een_AImHQ_1<2ZiQ#THl-gAi;>ziY@uJ)A?7@K1S>PW#| z=Y@J+VBGDy%JuU5Gxfnbf$@I52H9PhPpj?N9kBR*cu0pVff48v$a&{FgPv4b)Ls9) zs_*f$kcuhs&AdK+V9KkPPVg{769*6L#1%R$tphKNITT-)tnCa^rIL%(qnqb7P9;R|`hN3Q-uew%pWyzT;h3UHo(FRTAqt>+@lzjayt7q)4}G`wCs@Uk1oJNqeTza?iSJ%ov_)4l7) z!vg_r3S{oq=Q~*CiQ&F~y}TBC|L#hyu@!s&FPr}kxL;1_lc3<?@1(mkci4 z9oj>#lR0+gzj{&b_3$41+~KXkfk(bG(ZkF>A9&<5c?T-Z>0T7dtd8x|Agd_3MSEeu zN$f4ob-&F^92{S(^3tS}H+C23Q}0A|8GD^$#LLYel>acQD_S3vr+4W7JSJYwbdBn5 zksF2z@q2@|NNCQK4aJEa*YWrG8=~X)ShMapCu;~|^}Ow^!}6k6I(3LvdC>|vE;&o= zn2Y^}PFAn^Z6T2jaJ&RI``C+#{flqW zL(kg3c;jekI4CXWM?}Qmb6vFIV?{*dWE~d|^knt8?GC^RiGqz@uNbKci9nwKX1sgI zdmcREKbd1(Y;k7NA1b>EW3@_u*Q%sy9N?dCdDQ&O9HS-Cd?Hm=Sgr%5Jp z=F|z`2`X*KdDM%CqQyVUfB#an_;8_TFb|0DU`cf9xxVzxaG*~i*7LIX^W~KuK#W)=t?XEqIcRu8Td*Nwd1}Zd3pTV(@OU&k zR-gm!NZTI*yOSgJ1IeVWZJs@%`lVWbj)N!qdD-=^4ESr8c^$iFgr=Bun{Ie={mIt=g-?$|4 zo$>{L8TIH1H+N6`bU|bMv0Fcy_VX83z5A;l)DHP#*=^BZ{^x6NZ+gR?Rk6P0)auK( z{@23AH`fI}STKLYH$MB!jXl5p+zoFOE&0=*fB*XBNAA1#%bz)G(j5Du7v8*RZgs=i z)ds0Z#L<(s%!|&B&YeBCQl=n8Nyx4*BAT)TuYz$u4bQw&8giLLsy)jCoOc2derU@2 z23mmve#=Btmakt~i~D)tKgO7+R43Cd;Q2D~-7x;PLYN`?(3nf3_e<}HO!=J+yhGge zDfo`W7hTFPYZxJ(Mx?K4xHHdRn8)==P>mo=8-f*~FuiMDSP-TsO)e)ROkWiGb#pu9 z5n{m3=%HJkU;k{7QSdw%#t8Z@1{LBm zJ|pO}=Dvba7-vwpsbS`dfRF3mj4(HpPC`5Q+Spf63F#!^9!FgzjRv;|*2fj>LtkZF z2aV@L+^!5OkL&J*O(Kit3pc4yaSMdo;nXceyGG+a&?}4wymFJ2uMqjoLiY#XM(u&% zJD`6Kvc787WGn$hx6Bs&R^jk;qsM6KKe2Ed=s2Nw2D$tmF}(?8)_H)M`U{O4ATfxk zDdovRTOeWkBTa*vjM1RJ{dE?*_sWyr2|t8>bBcrRWAN(L4tIsI7u=T=7uiKzw|Wwq z(Up;}&=GJSJKR8IFXrOD$*S(&NWcivg;NxFvH2KgZs=6SZ8ML6d(7dA(I29bgBLbO z8%MyEO;_A}Gh!6bGY+@HECF}v$*S&}&^RMPGiE66E1@aiUU0Y$;4Gx8d9lDIj*8&U zm?<1a`%T2jI>kj;vxq)+IMytp`{cpk%1AU)hu<=vSD~!bM%I9f%<`=ar3%G~Uxw1J z9gh7nl&+7ecI=m7RC}u8*e}EAU58`86w@8ERUP}Km>T&vzCgVjei=@|IZiwHWjK9X zaWV$ZD103VeLZ+9R)@L{gsw7fH%dM3;o#Q|&KG73!W0 zzGhe+_h#rVjT;eu*N|yO{eh4XF-)0Q;SLq(+?s+RsC&{u9Se>Dw{|Q&nryGSmiWzepAqaNC1;ksYAZAPLgxs14E6 zkc4Rnwi0AWvCMMQDIX8N>Rr)G!iB`^qXhIB8Uy+(suam7LeHg%=6S|Ylv|B2fF7aU zLiY&0N9Z>|1IG72ze)Q<@|4h@3w=@OA)#-9{#&4sYUy>X&lR-8D5TYNIp{jN8nltF z!47gHP}6V4vXXHWs1=h^w=+Sr_ceRdxY*4x=-jqp@)Q$ z!L1CTme5H;mkO;C+AK6Cv|s2>p#wtq2;D1mpU{Is4+$l#pV!F}+AOqR=z!3@LMb3R zLYE3{7TPa#r_ceRdxY*4x=-jqp@)R_huF@5(7i$r3Z<~v7rInvv(OJY(kOsW5IGdt z9&_gPcWEXU{)aNzZJquSo)0UD7rC{f@E;3$EDTf z!Rd(i`p`_!n_q74dQP~4B#q2ISg$4j-U|b2n|8G5Yzds$Yw}z_LH?9?wH4XKGkMHt5 zr-8P_lHK;EO{%`CCY?$tkJQF;F{(LQ5Th1q=*{Nr&ZzIaY;?JuvNMS|wZYX5y{R}Q zW7(V(;>0lF>!e+8$J3csBtLeALVk{&&Boeo0hKSw=j!b(>CH9)liir;v|R}G-KiY2 zY_PGnOWBb^T`GgQ?X*)lVeNcYWZYw|I=hf;$v&M~RMN z*%Z%FqAh`Ts)f#bZcJzL#99*$xh$msAwJL|Fu$FFE^GfU4R~|>Tc1w4AJ4d!J zgPEp8HjyW*%4Y4(mSk^ZBB!f1#xlUY41dCC_oOqMeH*U+GT>>lGgT00xhB)Ztser0Vs*VdhdAJZ9MsN5rF>g{A~tCX^Sy^Gmd zZ-Xmp(p|loM0-c>SXEf>sb0Ur2`kA1xkO8XlY(FCmw4K1?Y3BVGS|ebNFpUqkjKbM zqk1frp0!xUiEI{4-22K@B9}n=*~Y=0ig#qvDK6XCZPsD+xDnsjk+EZlSx?|#jXG1n zHSLn-XqDaD7K_7+(W+GMa)eY*tT(z+3&m(_GD&KoIOf51cTzT%k`=Wg(b{UKWKd4g zx#2Hf<94zUD>6kjQclWzD2bCE>g_fsw~8@;#njueY+9KeBpf8jcuUb~h6(P%vO$vO z$l@p@_&(8!@p(f-I7vm^OJ;d`ZcgU5exA^!T~0PjA5>v$GsRf?}o#E==YxkNn6<91!tnspW2=v$e>u9NP9H?}0= z_MmFDdhLu?uTmF+6?>_#?ge+0_v!4h$5FR6XQwzP38Y55vkSpzuZwXW1BfdAV{DZj z7_t`=NG4j%;4Mso)ES^>EGxl3SUOnZB?XmLvtkaz<{d~`@ffeb=|gRE(v4GeZcdD0 z!$*>(j5;+LLZkvlp1294>BcV{v{Lu>3Fm4x!5V40+fUO748 zxY$7GloEtYAfnxSuATJND<7-7bM~5>4tyy$mih0W{&-hs^-YtX8(s0~ zrz%2^lwa`1JD>mEn5%yB=17--tl9C9+=SyBY7KBHYj5kUq zh2WgeB|?>wL?SaBodQ*ez+&k%v$&WWOF@( zS$OZk7Npt?7Y4#5Ck5Hv!2lC9pdcQe3Gy;#r~rd3ol!a)%}15aH%f;VkFj0M|x}iwjS*&><90C@z*>#ut~4C@DiP7L_h4vJ7quxMf2vvvg7E2*ngS z*h{DKcuVUH__)jrn{aFyd!`Hp6W%Su*K`M3<_-iZRBFLP3WHNH;SrG(7Z>3XrxLHK z@k(jBL6iRGUWVwy!^xb5a~D=to?dzS?9&%S=SM5c7tNo)&|YLOSR^l2@UIF6o|E{R zz*F34j^2=ob*)LK>bAyhIfftwrF*gl9^OuhuBmIR!LhKatE^XQtw!@%a_1`41 z_-35$@c$$6WH)l6mFuuAJx!wq=?y!&ZN*ZpRxFvcayas4t(0xI+O7PLCpcZ(87qzx zLJmq+ygQpqcUu1LZzYf{ZB9v&An{^P;=LDM;ecWvo?N}L`J$GKKGo5DF?Q9Ki(5P5 z$m`kLdhXb=ZCg!k-LmB?DChhy1-ID6Ws6ILFZX{gRLv&%vNoAKCzeQ2XBJNawk-z` zuKi>hSxc4L{|V)Hd)^^t$W1WAUW%;!1ugnqJNcT#u6^`i@zqkv)Ke%NA)PJ z#DChX0lyM-nfk9AdOY~YBkCzvWfoN?I!mlz3FEHjz!Bh9i!a`G;~h>0b`p3~WW#0( zC&IKSO_f%SsEt9IMSToeJAvAiW8}eL1cnV@^0WD1ORpi377kZ52y;Kalgbkke3q1Q#Hy-kE8iphXU9MRPJ9u6eY$-_M zs7V94YLkN`gK@Dn*5>iF$~_5dY^4`{DU00N7W=HhJz8Rkdt`fYP#YH5CR<`jH?VMj zo#3j_qL-FC8a=r8LYhEbmw4D6sqagE0X`4!R9s*1sM*FE+*zBiRk-&$BTyqFSeuMC zuD@%ckri|a^rX+z;I`3YqKqEbi-b2XVXdzw^p!zxek@eteavk6GOp>+ - + + + ..\Keyfactor.AnyGateway.ICAConnector.dll + + + From c94f7d938b4e09ffb6cb37861ed627be0c4f21dd Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 11 Jul 2023 10:42:43 -0400 Subject: [PATCH 05/42] Change status codes to EndEntityStatus codes --- .../CertCentralCAConnector.cs | 82 +++++++++++-------- .../digicert-certcentral-anycagateway.csproj | 11 +-- 2 files changed, 49 insertions(+), 44 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index dabc244..e691694 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -4,6 +4,7 @@ using Keyfactor.Extensions.CAGateway.DigiCert.Client; using Keyfactor.Extensions.CAGateway.DigiCert.Models; using Keyfactor.Logging; +using Keyfactor.PKI.Enums; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; @@ -375,7 +376,7 @@ public async Task GetSingleRecord(string caRequestID) string certificate = null; int status = GetCertificateStatusFromCA(certToCheck.status, orderId); - if (status == (int)RequestDisposition.ISSUED || status == (int)RequestDisposition.REVOKED || status == (int)RequestDisposition.UNKNOWN) + if (status == (int)EndEntityStatus.GENERATED || status == (int)EndEntityStatus.REVOKED) { // We have a status where there may be a cert to download, try to download it CertificateChainResponse certificateChainResponse = client.GetCertificateChain(new CertificateChainRequest(certId)); @@ -519,7 +520,7 @@ public async Task Revoke(string caRequestID, string hexSerialNumber, uint r _logger.LogError(errMsg); throw new Exception(errMsg); } - return (int)RequestDisposition.REVOKED; + return (int)EndEntityStatus.REVOKED; } /// @@ -768,7 +769,7 @@ private async Task NewCertificate(CertCentralClient client, Or /// private async Task ExtractEnrollmentResult(CertCentralClient client, OrderResponse orderResponse, string commonName) { - int status = (int)RequestDisposition.UNKNOWN; + int status = 0; string statusMessage = null; string certificate = null; string caRequestID = null; @@ -777,7 +778,7 @@ private async Task ExtractEnrollmentResult(CertCentralClient c { _logger.LogError($"Error from CertCentral client: {orderResponse.Errors.First().message}"); - status = (int)RequestDisposition.FAILED; + status = (int)EndEntityStatus.FAILED; statusMessage = orderResponse.Errors[0].message; } else if (orderResponse.Status == CertCentralBaseResponse.StatusType.SUCCESS) @@ -837,12 +838,12 @@ private async Task ExtractEnrollmentResult(CertCentralClient c caRequestID = orderResponse.OrderId.ToString(); if (updateStatusResponse.Errors.Any(x => x.code == "access_denied|invalid_approver")) { - status = (int)RequestDisposition.EXTERNAL_VALIDATION; + status = (int)EndEntityStatus.EXTERNALVALIDATION; statusMessage = errors; } else { - status = (int)RequestDisposition.FAILED; + status = (int)EndEntityStatus.FAILED; statusMessage = $"Approval of order '{orderResponse.OrderId}' failed. Check the gateway logs for more details."; } } @@ -864,7 +865,7 @@ private async Task ExtractEnrollmentResult(CertCentralClient c catch (Exception getRecordEx) { _logger.LogWarning($"Unable to retrieve certificate {order.certificate.id} for order {order.id}: {getRecordEx.Message}"); - status = (int)RequestDisposition.UNKNOWN; + status = (int)EndEntityStatus.INPROCESS; statusMessage = $"Post-submission approval of order {order.id} was successful, but pickup failed"; } } @@ -873,8 +874,7 @@ private async Task ExtractEnrollmentResult(CertCentralClient c else { _logger.LogWarning("The request disposition is for this enrollment could not be determined."); - status = (int)RequestDisposition.UNKNOWN; - statusMessage = "The request disposition could not be determined."; + throw new Exception($"The request disposition is for this enrollment could not be determined."); } } } @@ -888,7 +888,7 @@ private async Task ExtractEnrollmentResult(CertCentralClient c } /// - /// Convert DigiCert status string into a RequestDisposition code + /// Convert DigiCert status string into a EndEntityStatus code /// /// /// @@ -900,26 +900,29 @@ private int GetCertificateStatusFromCA(string status, int orderId) case "issued": case "approved": case "expired": - return (int)RequestDisposition.ISSUED; + return (int)EndEntityStatus.GENERATED; case "processing": case "reissue_pending": case "pending": // Pending from DigiCert means it will be issued after validation - return (int)RequestDisposition.EXTERNAL_VALIDATION; + case "waiting_pickup": + return (int)EndEntityStatus.EXTERNALVALIDATION; case "denied": - return (int)RequestDisposition.DENIED; + case "rejected": + case "canceled": + return (int)EndEntityStatus.FAILED; case "revoked": - return (int)RequestDisposition.REVOKED; + return (int)EndEntityStatus.REVOKED; case "needs_approval": // This indicates that the request has to be approved through DigiCert, which is a misconfiguration _logger.LogWarning($"Order {orderId} needs to be approved in the DigiCert portal prior to issuance"); - return (int)RequestDisposition.EXTERNAL_VALIDATION; + return (int)EndEntityStatus.EXTERNALVALIDATION; default: - _logger.LogWarning($"Order {orderId} has unexpected status {status}"); - return (int)RequestDisposition.UNKNOWN; + _logger.LogError($"Order {orderId} has unexpected status {status}"); + throw new Exception($"Order {orderId} has unknown status {status}"); } } @@ -1138,31 +1141,38 @@ private List GetAllConnectorCertsForOrder(string caReque foreach (var cert in orderCerts) { - string certificate = null; - string caReqId = cert.order_id + "-" + cert.certificate_id; - int status = GetCertificateStatusFromCA(cert.status, orderId); - if (status == (int)RequestDisposition.ISSUED || status == (int)RequestDisposition.REVOKED || status == (int)RequestDisposition.UNKNOWN) + try { - // We have a status where there may be a cert to download, try to download it - CertificateChainResponse certificateChainResponse = client.GetCertificateChain(new CertificateChainRequest(certId)); - if (certificateChainResponse.Status == CertCentralBaseResponse.StatusType.SUCCESS) + string certificate = null; + string caReqId = cert.order_id + "-" + cert.certificate_id; + int status = GetCertificateStatusFromCA(cert.status, orderId); + if (status == (int)EndEntityStatus.GENERATED || status == (int)EndEntityStatus.REVOKED) { - certificate = certificateChainResponse.Intermediates[0].PEM; + // We have a status where there may be a cert to download, try to download it + CertificateChainResponse certificateChainResponse = client.GetCertificateChain(new CertificateChainRequest(certId)); + if (certificateChainResponse.Status == CertCentralBaseResponse.StatusType.SUCCESS) + { + certificate = certificateChainResponse.Intermediates[0].PEM; + } + else + { + throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}"); + } } - else + var connCert = new CAConnectorCertificate { - _logger.LogWarning($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}"); - } + CARequestID = caReqId, + Certificate = certificate, + Status = status, + ProductID = orderResponse.product.name_id, + RevocationDate = GetRevocationDate(orderResponse) + }; + certList.Add(connCert); } - var connCert = new CAConnectorCertificate + catch (Exception ex) { - CARequestID = caReqId, - Certificate = certificate, - Status = status, - ProductID = orderResponse.product.name_id, - RevocationDate = GetRevocationDate(orderResponse) - }; - certList.Add(connCert); + _logger.LogWarning($"Error processing cert {cert.order_id}-{cert.certificate_id}: {ex.Message}. Skipping record."); + } } return certList; } diff --git a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj b/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj index 7f095c1..3dd2a72 100644 --- a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj +++ b/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj @@ -9,16 +9,11 @@ - + + - + - - - ..\Keyfactor.AnyGateway.ICAConnector.dll - - - From 813a0a819c76e9debc26adb4270bae2cfb8e1fdf Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 11 Jul 2023 13:02:25 -0400 Subject: [PATCH 06/42] If digicert returns multiple identical certs (same order/cert ID pair), only return one of them --- .../CertCentralCAConnector.cs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index e691694..1d4543b 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -936,6 +936,7 @@ private int GetCertificateStatusFromCA(string status, int orderId) private List GetReissues(CertCentralClient digiClient, int orderId) { _logger.LogTrace($"Getting Reissues for order {orderId}"); + List reqIds = new List(); List reissueCerts = new List(); ListReissueResponse reissueResponse = digiClient.ListReissues(new ListReissueRequest(orderId)); if (reissueResponse.Status == CertCentralBaseResponse.StatusType.ERROR) @@ -1222,7 +1223,18 @@ private List GetAllCertsForOrder(int orderId) { orderCerts.AddRange(dupeCerts); } - return orderCerts; + List retCerts = new List(); + List reqIds = new List(); + foreach (var cert in orderCerts) + { + string req = $"{cert.order_id}-{cert.certificate_id}"; + if (!reqIds.Contains(req)) + { + reqIds.Add(req); + retCerts.Add(cert); + } + } + return retCerts; } } } \ No newline at end of file From 1b3ceb06fe9d395cd9dc1dbc925e174ab5ba9ed3 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 26 Jul 2023 12:06:41 -0400 Subject: [PATCH 07/42] Renew/reissue check added, parameter data types specified --- .../CertCentralCAConnector.cs | 89 +++++++++++++------ 1 file changed, 64 insertions(+), 25 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 1d4543b..c151331 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -60,7 +60,12 @@ public async Task Enroll(string csr, string subject, Dictionar CertCentralCertType certType = CertCentralCertType.GetAllTypes(_config).FirstOrDefault(x => x.ProductCode.Equals(productInfo.ProductID)); OrderRequest orderRequest = new OrderRequest(certType); - var days = (productInfo.ProductParameters.ContainsKey("LifetimeDays")) ? int.Parse(productInfo.ProductParameters["LifetimeDays"]) : 365; + //var days = (productInfo.ProductParameters.ContainsKey("LifetimeDays") && !st) ? int.Parse(productInfo.ProductParameters["LifetimeDays"]) : 365; + var days = 365; + if (productInfo.ProductParameters.ContainsKey("LifetimeDays") && !string.IsNullOrEmpty(productInfo.ProductParameters["LifetimeDays"])) + { + days = int.Parse(productInfo.ProductParameters["LifetimeDays"]); + } int validityYears = 0; DateTime? customExpirationDate = null; switch (days) @@ -107,7 +112,10 @@ public async Task Enroll(string csr, string subject, Dictionar if (productInfo.ProductParameters.TryGetValue(CertCentralConstants.RequestAttributes.ORGANIZATION_NAME, out string orgName)) { // If org name is provided as a parameter, it overrides whatever is in the CSR - organization = orgName; + if (!string.IsNullOrEmpty(orgName)) + { + organization = orgName; + } } string signatureHash = certType.signatureAlgorithm; @@ -158,8 +166,11 @@ public async Task Enroll(string csr, string subject, Dictionar } // Get CA Cert ID (if present) - string caCertId = (productInfo.ProductParameters.ContainsKey("CACertId")) ? (string)productInfo.ProductParameters["CACertId"] : null; - + string caCertId = null; + if (productInfo.ProductParameters.ContainsKey("CACertId") && !string.IsNullOrEmpty(productInfo.ProductParameters["CACertId"])) + { + caCertId = (string)productInfo.ProductParameters["CACertId"]; + } // Set up request orderRequest.Certificate.CommonName = commonName; orderRequest.Certificate.CSR = csr; @@ -215,7 +226,11 @@ public async Task Enroll(string csr, string subject, Dictionar orderRequest.ValidityYears = validityYears; } - var renewWindow = (productInfo.ProductParameters.ContainsKey(CertCentralConstants.Config.RENEWAL_WINDOW)) ? int.Parse(productInfo.ProductParameters[CertCentralConstants.Config.RENEWAL_WINDOW]) : 90; + var renewWindow = 90; + if (productInfo.ProductParameters.ContainsKey(CertCentralConstants.Config.RENEWAL_WINDOW) && !string.IsNullOrEmpty(productInfo.ProductParameters[CertCentralConstants.Config.RENEWAL_WINDOW])) + { + renewWindow = int.Parse(productInfo.ProductParameters[CertCentralConstants.Config.RENEWAL_WINDOW]); + } string priorCertSnString = null; string priorCertReqID = null; @@ -223,24 +238,34 @@ public async Task Enroll(string csr, string subject, Dictionar if (enrollmentType == EnrollmentType.RenewOrReissue) { //// Determine if we're going to do a renew or a reissue. - //string priorCertSnString = productInfo.ProductParameters["PriorCertSN"]; - //_logger.LogTrace($"Attempting to retrieve the certificate with serial number {priorCertSnString}."); - //byte[] priorCertSn = DataConversion.HexToBytes(priorCertSnString); - //CAConnectorCertificate anyGatewayCertificate = _certificateDataReader.(priorCertSn); - //if (anyGatewayCertificate == null) - //{ - // throw new Exception($"No certificate with serial number '{priorCertSnString}' could be found."); - //} - enrollmentType = EnrollmentType.Renew; + priorCertSnString = productInfo.ProductParameters["PriorCertSN"]; + _logger.LogTrace($"Attempting to retrieve the certificate with serial number {priorCertSnString}."); + var reqId = _certificateDataReader.GetRequestIDBySerialNumber(priorCertSnString).Result; + if (string.IsNullOrEmpty(reqId)) + { + throw new Exception($"No certificate with serial number '{priorCertSnString}' could be found."); + } + var expDate = _certificateDataReader.GetExpirationDateByRequestId(reqId); + var renewCutoff = DateTime.Now.AddDays(renewWindow * -1); + + if (expDate > renewCutoff) + { + _logger.LogTrace($"Certificate with serial number {priorCertSnString} is within renewal window"); + enrollmentType = EnrollmentType.Renew; + } + else + { + _logger.LogTrace($"Certificate with serial number {priorCertSnString} is not within renewal window. Reissuing..."); + enrollmentType = EnrollmentType.Reissue; + } } // Check if the order has more validity in it (multi-year cert). If so, do a reissue instead of a renew if (enrollmentType == EnrollmentType.Renew) { // Get the old cert so we can properly construct the request. - priorCertSnString = productInfo.ProductParameters["PriorCertSN"]; - _logger.LogTrace($"Attempting to retrieve the certificate with serial number {priorCertSnString}."); + _logger.LogTrace($"Checking for additional order validity."); priorCertReqID = await _certificateDataReader.GetRequestIDBySerialNumber(priorCertSnString); if (string.IsNullOrEmpty(priorCertReqID)) { @@ -263,8 +288,13 @@ public async Task Enroll(string csr, string subject, Dictionar if (certOrder.order_valid_till.HasValue && certOrder.order_valid_till.Value.AddDays(renewWindow * -1) > DateTime.UtcNow) { + _logger.LogTrace($"Additional order validity found. Reissuing cert with new expiration."); enrollmentType = EnrollmentType.Reissue; } + else + { + _logger.LogTrace($"No additional order validity found. Renewing certificate."); + } } @@ -298,25 +328,29 @@ public Dictionary GetCAConnectorAnnotations() { Comments = "API Key for connecting to DigiCert", Hidden = true, - DefaultValue = "" + DefaultValue = "", + Type = "String" }, [CertCentralConstants.Config.DIVISION_ID] = new PropertyConfigInfo() { Comments = "Division ID to use for retrieving product details (only if account is configured with per-divison product settings)", Hidden = false, - DefaultValue = "" + DefaultValue = "", + Type = "Number" }, [CertCentralConstants.Config.REGION] = new PropertyConfigInfo() { Comments = "The geographic region that your DigiCert CertCentral account is in. Valid options are US and EU.", Hidden = false, - DefaultValue = "US" + DefaultValue = "US", + Type = "String" }, [CertCentralConstants.Config.REVOKE_CERT] = new PropertyConfigInfo() { Comments = "Default DigiCert behavior on revocation requests is to revoke the entire order. If this value is changed to 'true', revocation requests will instead just revoke the individual certificate.", Hidden = false, - DefaultValue = "false" + DefaultValue = false, + Type = "Boolean" } }; } @@ -342,7 +376,8 @@ public List GetProductIds() throw new Exception("Unable to retrieve product list"); } - return productTypesResponse.Products.Select(x => x.NameId).ToList(); } + return productTypesResponse.Products.Select(x => x.NameId).ToList(); + } catch (Exception ex) { // Swallow exceptions and return an empty string. @@ -412,25 +447,29 @@ public Dictionary GetTemplateParameterAnnotations() { Comments = "OPTIONAL: The number of days of validity to use when requesting certs. If not provided, default is 365.", Hidden = false, - DefaultValue = "365" + DefaultValue = 365, + Type = "Number" }, [CertCentralConstants.Config.CA_CERT_ID] = new PropertyConfigInfo() { Comments = "OPTIONAL: ID of issuing CA to use by DigiCert. If not provided, the default for your account will be used.", Hidden = false, - DefaultValue = "" + DefaultValue = "", + Type = "String" }, [CertCentralConstants.RequestAttributes.ORGANIZATION_NAME] = new PropertyConfigInfo() { Comments = "OPTIONAL: For requests that will not have a subject (such as ACME) you can use this field to provide the organization name. Value supplied here will override any CSR values, so do not include this field if you want the organization from the CSR to be used.", Hidden = false, - DefaultValue = "" + DefaultValue = "", + Type = "String" }, [CertCentralConstants.Config.RENEWAL_WINDOW] = new PropertyConfigInfo() { Comments = "OPTIONAL: The number of days from certificate expiration that the gateway should do a renewal rather than a reissue. If not provided, default is 90.", Hidden = false, - DefaultValue = "90" + DefaultValue = 90, + Type = "Number" } }; } From 4f08099d400b5a4c4781854e3e2410688d598f7f Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 22 Aug 2023 10:25:55 -0400 Subject: [PATCH 08/42] Don't throw exceptions when unable to retreive product IDs --- .../CertCentralCAConnector.cs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index c151331..0d05a09 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -373,7 +373,8 @@ public List GetProductIds() // If we couldn't get the types, return an empty comment. if (productTypesResponse.Status != CertCentralBaseResponse.StatusType.SUCCESS) { - throw new Exception("Unable to retrieve product list"); + _logger.LogError($"Unable to retrieve product list: {productTypesResponse.Errors[0]}"); + return new List(); } return productTypesResponse.Products.Select(x => x.NameId).ToList(); @@ -382,7 +383,7 @@ public List GetProductIds() { // Swallow exceptions and return an empty string. _logger.LogError($"Unable to retrieve product list: {ex.Message}"); - throw; + return new List(); } } @@ -591,6 +592,9 @@ public async Task Synchronize(BlockingCollection blockin if (fullSync) { + long time = DateTime.Now.Ticks; + long starttime = time; + _logger.LogDebug($"SYNC: Starting sync at time {time}"); ListCertificateOrdersResponse ordersResponse = client.ListAllCertificateOrders(); if (ordersResponse.Status == CertCentralBaseResponse.StatusType.ERROR) { @@ -600,6 +604,7 @@ public async Task Synchronize(BlockingCollection blockin } else { + _logger.LogDebug($"SYNC: Found {ordersResponse.orders.Count} records"); foreach (var orderDetails in ordersResponse.orders) { List orderCerts = new List(); @@ -607,7 +612,9 @@ public async Task Synchronize(BlockingCollection blockin { cancelToken.ThrowIfCancellationRequested(); string caReqId = orderDetails.id + "-" + orderDetails.certificate.id; + _logger.LogDebug($"SYNC: Retrieving certs for order id {orderDetails.id}"); orderCerts = GetAllConnectorCertsForOrder(caReqId); + _logger.LogDebug($"SYNC: Retrieved {orderCerts.Count} certs at time {DateTime.Now.Ticks}"); } catch { @@ -623,6 +630,7 @@ public async Task Synchronize(BlockingCollection blockin } } + _logger.LogDebug($"SYNC: Complete after {DateTime.Now.Ticks - starttime} ticks"); } } else From 94a7cb2e2801f52bfeb89372f01652da5ef0f7db Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 23 Aug 2023 09:27:46 -0400 Subject: [PATCH 09/42] Prevent duplicate certs from syncing --- .../API/StatusChanges.cs | 3 ++ .../CertCentralCAConnector.cs | 34 +++++++++++++++---- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/digicert-certcentral-anycagateway/API/StatusChanges.cs b/digicert-certcentral-anycagateway/API/StatusChanges.cs index 0b9a2cf..eaced16 100644 --- a/digicert-certcentral-anycagateway/API/StatusChanges.cs +++ b/digicert-certcentral-anycagateway/API/StatusChanges.cs @@ -27,6 +27,9 @@ public class StatusOrder [JsonProperty("status")] public string status { get; set; } + + [JsonIgnore] + public string serialNum { get; set; } } public class StatusChangesResponse : CertCentralBaseResponse diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 0d05a09..4bf7879 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -1000,7 +1000,8 @@ private List GetReissues(CertCentralClient digiClient, int orderId) { order_id = orderId, certificate_id = reissueCert.id, - status = reissueCert.status + status = reissueCert.status, + serialNum = reissueCert.serial_number }; reissueCerts.Add(reissueStatusOrder); } @@ -1035,7 +1036,8 @@ private List GetDuplicates(CertCentralClient digiClient, int orderI { order_id = orderId, certificate_id = dupeCert.id, - status = dupeCert.status + status = dupeCert.status, + serialNum = dupeCert.serial_number }; dupeCerts.Add(dupeStatusOrder); } @@ -1258,10 +1260,13 @@ private List GetAllCertsForOrder(int orderId) { order_id = orderId, certificate_id = orderResponse.certificate.id, - status = orderStatusString + status = orderStatusString, + serialNum = orderResponse.certificate.serial_number + }; + List orderCerts = new List + { + primary }; - List orderCerts = new List(); - orderCerts.Add(primary); if (reissueCerts?.Count > 0) { orderCerts.AddRange(reissueCerts); @@ -1272,13 +1277,28 @@ private List GetAllCertsForOrder(int orderId) } List retCerts = new List(); List reqIds = new List(); + List serNums = new List(); foreach (var cert in orderCerts) { string req = $"{cert.order_id}-{cert.certificate_id}"; + + // Listing reissues/duplicates can also return the primary certificate. This check insures that only one copy of the primary certificate gets added to the sync list. if (!reqIds.Contains(req)) { - reqIds.Add(req); - retCerts.Add(cert); + // This is actually caused by an issue in the DigiCert API. For some orders (but not all), retrieving the reissued/duplicate certificates on an order + // instead just retrieves multiple copies of the primary certificate on that order. Since the gateway database must have unique certificates + // (serial number column is unique), we work around this by only syncing the primary cert in these cases. Other orders that correctly retrieve the + // reissued/duplicate certificates will pass this check. + if (!serNums.Contains(req)) + { + reqIds.Add(req); + retCerts.Add(cert); + serNums.Add(cert.serialNum); + } + else + { + _logger.LogWarning($"Duplicate certificate serial numbers found. Only one will be synced. Order ID: {cert.order_id}"); + } } } return retCerts; From 4008aee015bd5d3e5c958e654b25e0c715b5ec0d Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 23 Aug 2023 13:28:28 +0000 Subject: [PATCH 10/42] Update generated README --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 036f8e3..7e18ce1 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,6 @@ DigiCert CertCentral plugin for the AnyCA Gateway framework This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. - - ## Support for digicert-certcentral-anycagateway digicert-certcentral-anycagateway is open source and community supported, meaning that there is **no SLA** applicable for these tools. @@ -19,7 +17,6 @@ digicert-certcentral-anycagateway is open source and community supported, meanin ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. - --- From ab2e40299bc8a323c0dcd12ddeed961388d134ec Mon Sep 17 00:00:00 2001 From: David Galey Date: Mon, 16 Oct 2023 13:05:01 -0400 Subject: [PATCH 11/42] Error update --- digicert-certcentral-anycagateway/CertCentralCAConnector.cs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 4bf7879..c485d67 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -1,5 +1,6 @@ using Keyfactor.AnyGateway.Extensions; using Keyfactor.Common; +using Keyfactor.Common.Exceptions; using Keyfactor.Extensions.CAGateway.DigiCert.API; using Keyfactor.Extensions.CAGateway.DigiCert.Client; using Keyfactor.Extensions.CAGateway.DigiCert.Models; @@ -723,7 +724,7 @@ public async Task ValidateCAConnectionInfo(Dictionary connection if (domains.Status == CertCentralBaseResponse.StatusType.ERROR) { _logger.LogError($"Error from CertCentral client: {domains.Errors[0].message}"); - errors.Add("Error grabbing DigiCert domains"); + errors.Add("Error grabbing DigiCert domains. See log file for details."); } _logger.MethodExit(LogLevel.Trace); // We cannot proceed if there are any errors. @@ -735,7 +736,8 @@ public async Task ValidateCAConnectionInfo(Dictionary connection private void ThrowValidationException(List errors) { - throw new ArgumentException(string.Join("\n", errors)); + string validationMsg = $"Validation errors:\n{string.Join("\n", errors)}"; + throw new KeyfactorException(validationMsg, unchecked((uint)HRESULTs.INVALID_DATA)); } /// From a9d979b042d0733811dbc2f968043be8d0cdb496 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 16 Nov 2023 06:16:23 -0500 Subject: [PATCH 12/42] update package reference and object names --- .../CertCentralCAConnector.cs | 32 +++++++++---------- .../digicert-certcentral-anycagateway.csproj | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index c485d67..fe3c3fc 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -24,7 +24,7 @@ namespace Keyfactor.Extensions.CAGateway.DigiCert { - public class CertCentralCAConnector : ICAConnector + public class CertCentralCAConnector : IAnyCAPlugin { private CertCentralConfig _config; private readonly ILogger _logger; @@ -36,7 +36,7 @@ public CertCentralCAConnector() { _logger = LogHandler.GetClassLogger(); } - public void Initialize(ICAConnectorConfigProvider configProvider, ICertificateDataReader certificateDataReader) + public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader) { _certificateDataReader = certificateDataReader; string rawConfig = JsonConvert.SerializeObject(configProvider.CAConnectionData); @@ -394,7 +394,7 @@ public List GetProductIds() /// /// The gateway request ID of the record to retrieve, in the format 'orderID-certID' /// - public async Task GetSingleRecord(string caRequestID) + public async Task GetSingleRecord(string caRequestID) { _logger.MethodEntry(LogLevel.Trace); // Split ca request id into order and cert id @@ -427,7 +427,7 @@ public async Task GetSingleRecord(string caRequestID) } } _logger.MethodExit(LogLevel.Trace); - return new CAConnectorCertificate + return new AnyCAPluginCertificate { CARequestID = caRequestID, Certificate = certificate, @@ -573,7 +573,7 @@ public async Task Revoke(string caRequestID, string hexSerialNumber, uint r /// /// /// - public async Task Synchronize(BlockingCollection blockingBuffer, DateTime? lastSync, bool fullSync, CancellationToken cancelToken) + public async Task Synchronize(BlockingCollection blockingBuffer, DateTime? lastSync, bool fullSync, CancellationToken cancelToken) { _logger.MethodEntry(LogLevel.Trace); @@ -582,7 +582,7 @@ public async Task Synchronize(BlockingCollection blockin string lastSyncFormat = FormatSyncDate(lastSync); string todaySyncFormat = FormatSyncDate(utcDate); - List certs = new List(); + List certs = new List(); List certsToSync = new List(); _logger.LogDebug("Attempting to create a CertCentral client"); @@ -608,7 +608,7 @@ public async Task Synchronize(BlockingCollection blockin _logger.LogDebug($"SYNC: Found {ordersResponse.orders.Count} records"); foreach (var orderDetails in ordersResponse.orders) { - List orderCerts = new List(); + List orderCerts = new List(); try { cancelToken.ThrowIfCancellationRequested(); @@ -648,7 +648,7 @@ public async Task Synchronize(BlockingCollection blockin int orderCount = statusChangesResponse.orders.Count; foreach (var order in statusChangesResponse.orders) { - List orderCerts = new List(); + List orderCerts = new List(); try { cancelToken.ThrowIfCancellationRequested(); @@ -737,7 +737,7 @@ public async Task ValidateCAConnectionInfo(Dictionary connection private void ThrowValidationException(List errors) { string validationMsg = $"Validation errors:\n{string.Join("\n", errors)}"; - throw new KeyfactorException(validationMsg, unchecked((uint)HRESULTs.INVALID_DATA)); + throw new AnyCAValidationException(validationMsg); } /// @@ -770,14 +770,14 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction CertificateTypesResponse productIdResponse = client.GetAllCertificateTypes(); if (productIdResponse.Status != CertCentralBaseResponse.StatusType.SUCCESS) { - throw new Exception($"The product types could not be retrieved from the server. The following errors occurred: {string.Join(" ", productIdResponse.Errors.Select(x => x.message))}"); + throw new AnyCAValidationException($"The product types could not be retrieved from the server. The following errors occurred: {string.Join(" ", productIdResponse.Errors.Select(x => x.message))}"); } // Get product and check if it exists. var product = productIdResponse.Products.FirstOrDefault(x => x.NameId.Equals(productId, StringComparison.InvariantCultureIgnoreCase)); if (product == null) { - throw new Exception($"The product ID '{productId}' does not exist. The following product IDs are valid: {string.Join(", ", productIdResponse.Products.Select(x => x.NameId))}"); + throw new AnyCAValidationException($"The product ID '{productId}' does not exist. The following product IDs are valid: {string.Join(", ", productIdResponse.Products.Select(x => x.NameId))}"); } // Get product ID details. @@ -793,7 +793,7 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction CertificateTypeDetailsResponse details = client.GetCertificateTypeDetails(detailsRequest); if (details.Errors.Any()) { - throw new Exception($"Validation of '{productId}' failed for the following reasons: {string.Join(" ", details.Errors.Select(x => x.message))}."); + throw new AnyCAValidationException($"Validation of '{productId}' failed for the following reasons: {string.Join(" ", details.Errors.Select(x => x.message))}."); } _logger.MethodExit(LogLevel.Trace); } @@ -906,7 +906,7 @@ private async Task ExtractEnrollmentResult(CertCentralClient c caRequestID = $"{order.id}-{order.certificate.id}"; try { - CAConnectorCertificate connCert = await GetSingleRecord($"{order.id}-{order.certificate.id}"); + AnyCAPluginCertificate connCert = await GetSingleRecord($"{order.id}-{order.certificate.id}"); certificate = connCert.Certificate; status = connCert.Status; statusMessage = $"Post-submission approval of order {order.id} returned success"; @@ -1174,7 +1174,7 @@ string FormatSyncDate(DateTime? syncTime) /// /// /// - private List GetAllConnectorCertsForOrder(string caRequestID) + private List GetAllConnectorCertsForOrder(string caRequestID) { _logger.MethodEntry(LogLevel.Trace); // Split ca request id into order and cert id @@ -1189,7 +1189,7 @@ private List GetAllConnectorCertsForOrder(string caReque var orderCerts = GetAllCertsForOrder(orderId); - List certList = new List(); + List certList = new List(); foreach (var cert in orderCerts) { @@ -1211,7 +1211,7 @@ private List GetAllConnectorCertsForOrder(string caReque throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}"); } } - var connCert = new CAConnectorCertificate + var connCert = new AnyCAPluginCertificate { CARequestID = caReqId, Certificate = certificate, diff --git a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj b/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj index 3dd2a72..c96dcd7 100644 --- a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj +++ b/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj @@ -9,7 +9,7 @@ - + From 8c59dae9c8b7d4329ca0855075aff12806cce6cb Mon Sep 17 00:00:00 2001 From: Mikey Henderson Date: Thu, 16 Nov 2023 10:40:15 -0800 Subject: [PATCH 13/42] Remove unused cert-store-merge step --- .github/workflows/keyfactor-integrations-workflow.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/keyfactor-integrations-workflow.yml b/.github/workflows/keyfactor-integrations-workflow.yml index 088548d..b779b53 100644 --- a/.github/workflows/keyfactor-integrations-workflow.yml +++ b/.github/workflows/keyfactor-integrations-workflow.yml @@ -31,10 +31,3 @@ jobs: uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main secrets: token: ${{ secrets.SDK_SYNC_PAT }} - - call-update-store-types-workflow: - needs: call-assign-from-json-workflow - if: needs.call-assign-from-json-workflow.outputs.integration_type == 'orchestrator' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') - uses: Keyfactor/actions/.github/workflows/update-store-types.yml@main - secrets: - token: ${{ secrets.UPDATE_STORE_TYPES }} From bf52f55f979a3df1ddb5c2ec9d5849da60eee641 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Jan 2024 11:07:06 -0500 Subject: [PATCH 14/42] readme update --- readme_source.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme_source.md b/readme_source.md index 101b084..c0d1cd8 100644 --- a/readme_source.md +++ b/readme_source.md @@ -17,7 +17,7 @@ In order to enroll for certificates the Keyfactor Command server must trust the ```json { "extensions": { - "Keyfactor.AnyGateway.Extensions.ICAConnector": { + "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { "DigiCertCAConnector": { "assemblypath": "../DigiCertCAGateway.dll", "TypeFullName": "Keyfactor.Extensions.CAGateway.DigiCert.CertCentralCAConnector" From 98ad09066251f2a495411d0cfbdf778eeffc1196 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Tue, 2 Jan 2024 16:07:22 +0000 Subject: [PATCH 15/42] Update generated README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7e18ce1..97dffe9 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This repository contains an AnyGateway CA Connector, which is a plugin to the Ke ## Support for digicert-certcentral-anycagateway -digicert-certcentral-anycagateway is open source and community supported, meaning that there is **no SLA** applicable for these tools. +digicert-certcentral-anycagateway is open source and community supported, meaning that there is no support guaranteed from Keyfactor Support for these tools. ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. @@ -52,7 +52,7 @@ In order to enroll for certificates the Keyfactor Command server must trust the ```json { "extensions": { - "Keyfactor.AnyGateway.Extensions.ICAConnector": { + "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { "DigiCertCAConnector": { "assemblypath": "../DigiCertCAGateway.dll", "TypeFullName": "Keyfactor.Extensions.CAGateway.DigiCert.CertCentralCAConnector" From 768ab96688a5689c60a7ef46bbed5be37065f7a0 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 2 Jan 2024 15:33:58 -0500 Subject: [PATCH 16/42] fix unit conversion --- .../CertCentralCAConnector.cs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index fe3c3fc..3f8a512 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -786,8 +786,14 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction detailsRequest.ContainerId = null; if (connectionInfo.ContainsKey(CertCentralConstants.Config.DIVISION_ID)) { - int.TryParse((string)connectionInfo[CertCentralConstants.Config.DIVISION_ID], out int divId); - detailsRequest.ContainerId = divId; + if (int.TryParse($"{connectionInfo[CertCentralConstants.Config.DIVISION_ID]}", out int divId)) + { + detailsRequest.ContainerId = divId; + } + else + { + throw new AnyCAValidationException($"Unable to parse division ID '{connectionInfo[CertCentralConstants.Config.DIVISION_ID]}'. Check that this is a valid division ID."); + } } CertificateTypeDetailsResponse details = client.GetCertificateTypeDetails(detailsRequest); From 48a3fe7f42081ef7ba4e4bceecd1ae1830f0d240 Mon Sep 17 00:00:00 2001 From: Dave Galey <89407235+dgaley@users.noreply.github.com> Date: Mon, 11 Mar 2024 11:20:43 -0400 Subject: [PATCH 17/42] Add Enabled config flag Allows for creating the CA prior to having config info available, creating with Enabled = false skips config validation. --- .../CertCentralCAConnector.cs | 29 +++++++++++++++++++ .../CertCentralConfig.cs | 1 + .../Constants.cs | 1 + 3 files changed, 31 insertions(+) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 3f8a512..6590a53 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -352,6 +352,13 @@ public Dictionary GetCAConnectorAnnotations() Hidden = false, DefaultValue = false, Type = "Boolean" + }, + [CertCentralConstants.Config.ENABLED] = new PropertyConfigInfo() + { + Comments = "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.", + Hidden = false, + DefaultValue = true, + Type = "Boolean" } }; } @@ -484,6 +491,14 @@ public Dictionary GetTemplateParameterAnnotations() public async Task Ping() { _logger.MethodEntry(LogLevel.Trace); + if (!_config.Enabled) + { + _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping connectivity test..."); + _logger.MethodExit(LogLevel.Trace); + return; + } + + try { CertCentralClient client = CertCentralClientUtilities.BuildCertCentralClient(_config); @@ -693,6 +708,20 @@ public async Task Synchronize(BlockingCollection blockin public async Task ValidateCAConnectionInfo(Dictionary connectionInfo) { _logger.MethodEntry(LogLevel.Trace); + try + { + if (!(bool)connectionInfo[CertCentralConstants.Config.ENABLED]) + { + _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...") + _logger.MethodExit(LogLevel.Trace); + return; + } + } + catch (Exception ex) + { + _logger.LogError($"Exception: {LogHandler.FlattenException(ex)}"); + } + List errors = new List(); _logger.LogTrace("Checking the API Key."); diff --git a/digicert-certcentral-anycagateway/CertCentralConfig.cs b/digicert-certcentral-anycagateway/CertCentralConfig.cs index b29af9e..04415e5 100644 --- a/digicert-certcentral-anycagateway/CertCentralConfig.cs +++ b/digicert-certcentral-anycagateway/CertCentralConfig.cs @@ -12,5 +12,6 @@ public class CertCentralConfig public string Region { get; set; } = "US"; public int? DivisionId { get; set; } public bool? RevokeCertificateOnly { get; set; } + public bool Enabled { get; set; } = true; } } diff --git a/digicert-certcentral-anycagateway/Constants.cs b/digicert-certcentral-anycagateway/Constants.cs index 9e7a527..25964b4 100644 --- a/digicert-certcentral-anycagateway/Constants.cs +++ b/digicert-certcentral-anycagateway/Constants.cs @@ -26,6 +26,7 @@ public class Config public const string CA_CERT_ID = "CACertId"; public const string RENEWAL_WINDOW = "RenewalWindowDays"; public const string REVOKE_CERT = "RevokeCertificateOnly"; + public const string ENABLED = "Enabled"; } public class RequestAttributes From 61fd7e023c8da62f07be3a690e0d116894730ed2 Mon Sep 17 00:00:00 2001 From: Dave Galey <89407235+dgaley@users.noreply.github.com> Date: Mon, 11 Mar 2024 11:25:55 -0400 Subject: [PATCH 18/42] Update CertCentralCAConnector.cs --- digicert-certcentral-anycagateway/CertCentralCAConnector.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 6590a53..6e56096 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -712,7 +712,7 @@ public async Task ValidateCAConnectionInfo(Dictionary connection { if (!(bool)connectionInfo[CertCentralConstants.Config.ENABLED]) { - _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...") + _logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation..."); _logger.MethodExit(LogLevel.Trace); return; } From ac791a7563dce2ebc297694d0c4569b24b9ab545 Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 19 Apr 2024 02:10:27 -0400 Subject: [PATCH 19/42] Port sync CA filter from DCOM gateway --- .../API/ListCertificateOrders.cs | 12 ++++- .../API/OrderCertificate.cs | 5 +- .../CertCentralCAConnector.cs | 50 +++++++++++++++++-- .../CertCentralConfig.cs | 8 +++ .../Client/CertCentralClient.cs | 6 ++- 5 files changed, 72 insertions(+), 9 deletions(-) diff --git a/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs b/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs index 3ca84cb..3a5dafe 100644 --- a/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs +++ b/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs @@ -12,12 +12,13 @@ namespace Keyfactor.Extensions.CAGateway.DigiCert.API { public class ListCertificateOrdersRequest : CertCentralBaseRequest { - public ListCertificateOrdersRequest() + public ListCertificateOrdersRequest(bool ignoreExpired = false) { this.Resource = "services/v2/order/certificate"; this.Method = "GET"; this.limit = 1000; this.offset = 0; + this.ignoreExpired = ignoreExpired; } [JsonProperty("limit")] @@ -26,6 +27,9 @@ public ListCertificateOrdersRequest() [JsonProperty("offset")] public int offset { get; set; } + public bool ignoreExpired { get; set; } + public int expiredWindow { get; set; } = 0; + public new string BuildParameters() { StringBuilder sbParamters = new StringBuilder(); @@ -33,6 +37,12 @@ public ListCertificateOrdersRequest() sbParamters.Append("limit=").Append(this.limit.ToString()); sbParamters.Append("&offset=").Append(HttpUtility.UrlEncode(this.offset.ToString())); + if (ignoreExpired) + { + DateTime cutoffDate = DateTime.Today.AddDays(-1 - expiredWindow); + sbParamters.Append("&filters[valid_till]=>").Append(cutoffDate.ToString("yyyy-MM-dd")); + } + return sbParamters.ToString(); } } diff --git a/digicert-certcentral-anycagateway/API/OrderCertificate.cs b/digicert-certcentral-anycagateway/API/OrderCertificate.cs index 16b57d2..0bed442 100644 --- a/digicert-certcentral-anycagateway/API/OrderCertificate.cs +++ b/digicert-certcentral-anycagateway/API/OrderCertificate.cs @@ -12,7 +12,7 @@ namespace Keyfactor.Extensions.CAGateway.DigiCert.API { - public class OrderRequest : CertCentralBaseRequest + public class OrderRequest : CertCentralBaseRequest { public OrderRequest(CertCentralCertType certType) { @@ -57,6 +57,9 @@ public OrderRequest(CertCentralCertType certType) [JsonProperty("custom_fields")] public List CustomFields { get; set; } + [JsonProperty("skip_approval")] + public bool SkipApproval { get; set; } + public void SetOrganization(int? organizationId) { if (organizationId.HasValue) diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs index 6e56096..6a0c211 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAConnector.cs @@ -301,6 +301,8 @@ public async Task Enroll(string csr, string subject, Dictionar _logger.LogTrace("Making request to Enroll"); + orderRequest.SkipApproval = true; + switch (enrollmentType) { case EnrollmentType.New: @@ -426,7 +428,14 @@ public async Task GetSingleRecord(string caRequestID) CertificateChainResponse certificateChainResponse = client.GetCertificateChain(new CertificateChainRequest(certId)); if (certificateChainResponse.Status == CertCentralBaseResponse.StatusType.SUCCESS) { - certificate = certificateChainResponse.Intermediates[0].PEM; + if (certificateChainResponse.Intermediates.Count > 0) + { + certificate = certificateChainResponse.Intermediates[0].PEM; + } + else + { + throw new Exception($"No PEM certificate returned for certificate {certId} in order {orderId}. This could be due to a certificate that provisioned via an alternative method, such as a physical token."); + } } else { @@ -553,10 +562,12 @@ public async Task Revoke(string caRequestID, string hexSerialNumber, uint r RevokeCertificateResponse revokeResponse; if (_config.RevokeCertificateOnly.HasValue && _config.RevokeCertificateOnly.Value) { + _logger.LogInformation($"Attempting to revoke certificate with CA Request Id {caRequestID} and serial number {hexSerialNumber}. RevokeCertificateOnly is true, so revoking single certificate."); revokeResponse = client.RevokeCertificate(new RevokeCertificateRequest(certId) { comments = Conversions.RevokeReasonToString(revocationReason) }); } else { + _logger.LogInformation($"Attempting to revoke certificate with CA Request Id {caRequestID} and serial number {hexSerialNumber}. RevokeCertificateOnly is false, so revoking the entire order."); revokeResponse = client.RevokeCertificate(new RevokeCertificateByOrderRequest(orderResponse.id) { comments = Conversions.RevokeReasonToString(revocationReason) }); } @@ -606,12 +617,27 @@ public async Task Synchronize(BlockingCollection blockin List skippedOrders = new List(); int certCount = 0; + string syncCAstring = string.Join(",", _config.SyncCAFilter ?? new List()); + _logger.LogTrace($"Sync CAs: {syncCAstring}"); + List caList = _config.SyncCAFilter ?? new List(); + caList.ForEach(c => c.ToUpper()); + + if (fullSync) { + bool ignoreExpired = false; int expiredWindow = 0; + if (_config.FilterExpiredOrders.HasValue && _config.FilterExpiredOrders.Value) + { + ignoreExpired = true; + if (_config.SyncExpirationDays.HasValue) + { + expiredWindow = _config.SyncExpirationDays.Value; + } + } long time = DateTime.Now.Ticks; long starttime = time; _logger.LogDebug($"SYNC: Starting sync at time {time}"); - ListCertificateOrdersResponse ordersResponse = client.ListAllCertificateOrders(); + ListCertificateOrdersResponse ordersResponse = client.ListAllCertificateOrders(ignoreExpired, expiredWindow); if (ordersResponse.Status == CertCentralBaseResponse.StatusType.ERROR) { Error error = ordersResponse.Errors[0]; @@ -629,7 +655,11 @@ public async Task Synchronize(BlockingCollection blockin cancelToken.ThrowIfCancellationRequested(); string caReqId = orderDetails.id + "-" + orderDetails.certificate.id; _logger.LogDebug($"SYNC: Retrieving certs for order id {orderDetails.id}"); - orderCerts = GetAllConnectorCertsForOrder(caReqId); + orderCerts = GetAllConnectorCertsForOrder(caReqId, caList); + if (orderCerts == null || orderCerts.Count == 0) + { + continue; + } _logger.LogDebug($"SYNC: Retrieved {orderCerts.Count} certs at time {DateTime.Now.Ticks}"); } catch @@ -668,7 +698,11 @@ public async Task Synchronize(BlockingCollection blockin { cancelToken.ThrowIfCancellationRequested(); string caReqId = order.order_id + "-" + order.certificate_id; - orderCerts = GetAllConnectorCertsForOrder(caReqId); + orderCerts = GetAllConnectorCertsForOrder(caReqId, caList); + if (orderCerts == null || orderCerts.Count > 0) + { + continue; + } } catch { @@ -1209,7 +1243,7 @@ string FormatSyncDate(DateTime? syncTime) /// /// /// - private List GetAllConnectorCertsForOrder(string caRequestID) + private List GetAllConnectorCertsForOrder(string caRequestID, List caFilterIds) { _logger.MethodEntry(LogLevel.Trace); // Split ca request id into order and cert id @@ -1222,6 +1256,12 @@ private List GetAllConnectorCertsForOrder(string caReque CertCentralClient client = CertCentralClientUtilities.BuildCertCentralClient(_config); ViewCertificateOrderResponse orderResponse = client.ViewCertificateOrder(new ViewCertificateOrderRequest((uint)orderId)); + if (caFilterIds != null && caFilterIds.Count > 0 && !caFilterIds.Contains(orderResponse.certificate.ca_cert.Id.ToUpper())) + { + _logger.LogTrace($"Found order ID {orderId} that does not match SyncCAFilter. CA ID: {orderResponse.certificate.ca_cert.Id} Skipping..."); + return null; + } + var orderCerts = GetAllCertsForOrder(orderId); List certList = new List(); diff --git a/digicert-certcentral-anycagateway/CertCentralConfig.cs b/digicert-certcentral-anycagateway/CertCentralConfig.cs index 04415e5..61c03fd 100644 --- a/digicert-certcentral-anycagateway/CertCentralConfig.cs +++ b/digicert-certcentral-anycagateway/CertCentralConfig.cs @@ -8,10 +8,18 @@ namespace Keyfactor.Extensions.CAGateway.DigiCert { public class CertCentralConfig { + + public CertCentralConfig() + { + SyncCAFilter = new List(); + } public string APIKey { get; set; } public string Region { get; set; } = "US"; public int? DivisionId { get; set; } public bool? RevokeCertificateOnly { get; set; } public bool Enabled { get; set; } = true; + public List SyncCAFilter { get; set; } + public bool? FilterExpiredOrders { get; set; } + public int? SyncExpirationDays { get; set; } } } diff --git a/digicert-certcentral-anycagateway/Client/CertCentralClient.cs b/digicert-certcentral-anycagateway/Client/CertCentralClient.cs index e02a790..ae1e5b4 100644 --- a/digicert-certcentral-anycagateway/Client/CertCentralClient.cs +++ b/digicert-certcentral-anycagateway/Client/CertCentralClient.cs @@ -473,7 +473,7 @@ public DownloadCertificateByFormatResponse DownloadCertificateByFormat(DownloadC return dlCertificateRequestResponse; } - public ListCertificateOrdersResponse ListAllCertificateOrders() + public ListCertificateOrdersResponse ListAllCertificateOrders(bool ignoreExpired = false, int expiredWindow = 0) { int batch = 1000; ListCertificateOrdersResponse totalResponse = new ListCertificateOrdersResponse(); @@ -483,7 +483,9 @@ public ListCertificateOrdersResponse ListAllCertificateOrders() ListCertificateOrdersRequest request = new ListCertificateOrdersRequest() { limit = batch, - offset = totalResponse.orders.Count + offset = totalResponse.orders.Count, + ignoreExpired = ignoreExpired, + expiredWindow = expiredWindow }; CertCentralResponse response = Request(request, request.BuildParameters()); From 5bd813c95ac16cda3f41e1e8e93060d49b2148c1 Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 19 Apr 2024 02:26:26 -0400 Subject: [PATCH 20/42] Project rename --- digicert-certcentral-anycagateway.sln | 2 +- .../API/CertCentralAPIBase.cs | 4 ++-- .../API/CertificateChain.cs | 2 +- .../API/CertificateTypeDetails.cs | 2 +- .../API/CertificateTypes.cs | 2 +- .../API/CheckDCV.cs | 2 +- .../API/DownloadCertificateByFormat.cs | 2 +- .../API/ListCertificateOrders.cs | 4 ++-- .../API/ListContainers.cs | 2 +- .../API/ListDomains.cs | 4 ++-- .../API/ListDuplicates.cs | 4 ++-- .../API/ListMetadata.cs | 2 +- .../API/ListOrganizations.cs | 2 +- .../API/ListReissues.cs | 4 ++-- .../API/ListRequests.cs | 4 ++-- .../API/OrderCertificate.cs | 4 ++-- digicert-certcentral-anycagateway/API/Reissue.cs | 4 ++-- .../API/RevokeCertificate.cs | 2 +- .../API/StatusChanges.cs | 2 +- .../API/UpdateRequestStatus.cs | 2 +- .../API/ViewCertificateOrder.cs | 4 ++-- ...tralCAConnector.cs => CertCentralCAPlugin.cs} | 16 ++++++++-------- .../CertCentralConfig.cs | 2 +- .../Client/CertCentralClient.cs | 6 +++--- .../Client/CertCentralClientUtilities.cs | 4 ++-- .../Client/Conversions.cs | 2 +- digicert-certcentral-anycagateway/Constants.cs | 2 +- .../Models/CertCentralCertType.cs | 6 +++--- .../Models/CertificateOrder.cs | 2 +- .../Models/Contact.cs | 2 +- .../Models/Error.cs | 2 +- .../Models/IdInformation.cs | 2 +- .../Models/Product.cs | 2 +- .../Models/RequestSummary.cs | 2 +- digicert-certcentral-anycagateway/Utilities.cs | 2 +- ...proj => digicert-certcentral-caplugin.csproj} | 4 ++-- 36 files changed, 58 insertions(+), 58 deletions(-) rename digicert-certcentral-anycagateway/{CertCentralCAConnector.cs => CertCentralCAPlugin.cs} (99%) rename digicert-certcentral-anycagateway/{digicert-certcentral-anycagateway.csproj => digicert-certcentral-caplugin.csproj} (83%) diff --git a/digicert-certcentral-anycagateway.sln b/digicert-certcentral-anycagateway.sln index 7031118..9b27dac 100644 --- a/digicert-certcentral-anycagateway.sln +++ b/digicert-certcentral-anycagateway.sln @@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 17 VisualStudioVersion = 17.6.33815.320 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "digicert-certcentral-anycagateway", "digicert-certcentral-anycagateway\digicert-certcentral-anycagateway.csproj", "{434D1E74-8EE7-4CC6-BAEC-62D224022F5F}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "digicert-certcentral-caplugin", "digicert-certcentral-anycagateway\digicert-certcentral-caplugin.csproj", "{434D1E74-8EE7-4CC6-BAEC-62D224022F5F}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution diff --git a/digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs b/digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs index 4fc46b0..f920e5e 100644 --- a/digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs +++ b/digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public abstract class CertCentralBaseResponse { diff --git a/digicert-certcentral-anycagateway/API/CertificateChain.cs b/digicert-certcentral-anycagateway/API/CertificateChain.cs index 2e0fd50..f4f2c8a 100644 --- a/digicert-certcentral-anycagateway/API/CertificateChain.cs +++ b/digicert-certcentral-anycagateway/API/CertificateChain.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class CertificateChainRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs b/digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs index 60a439b..0a18667 100644 --- a/digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs +++ b/digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs @@ -7,7 +7,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { /// /// Request to get the details for a specific certificate type. diff --git a/digicert-certcentral-anycagateway/API/CertificateTypes.cs b/digicert-certcentral-anycagateway/API/CertificateTypes.cs index 6dc3b81..6b14338 100644 --- a/digicert-certcentral-anycagateway/API/CertificateTypes.cs +++ b/digicert-certcentral-anycagateway/API/CertificateTypes.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { /// /// Request to get a certificate type. diff --git a/digicert-certcentral-anycagateway/API/CheckDCV.cs b/digicert-certcentral-anycagateway/API/CheckDCV.cs index f9ce0d8..63f6d37 100644 --- a/digicert-certcentral-anycagateway/API/CheckDCV.cs +++ b/digicert-certcentral-anycagateway/API/CheckDCV.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class DVCheckDCVRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs b/digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs index d9b4c72..fbe0fe2 100644 --- a/digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs +++ b/digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs @@ -4,7 +4,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class DownloadCertificateByFormatRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs b/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs index 3a5dafe..b9d670e 100644 --- a/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs +++ b/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -8,7 +8,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListCertificateOrdersRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListContainers.cs b/digicert-certcentral-anycagateway/API/ListContainers.cs index eaaf2d1..dc1e72f 100644 --- a/digicert-certcentral-anycagateway/API/ListContainers.cs +++ b/digicert-certcentral-anycagateway/API/ListContainers.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { /// /// Request to get the containers available. diff --git a/digicert-certcentral-anycagateway/API/ListDomains.cs b/digicert-certcentral-anycagateway/API/ListDomains.cs index 58f848a..5023746 100644 --- a/digicert-certcentral-anycagateway/API/ListDomains.cs +++ b/digicert-certcentral-anycagateway/API/ListDomains.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Microsoft.VisualBasic; using Newtonsoft.Json; @@ -9,7 +9,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListDomainsRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListDuplicates.cs b/digicert-certcentral-anycagateway/API/ListDuplicates.cs index 2c0e8c6..d91c324 100644 --- a/digicert-certcentral-anycagateway/API/ListDuplicates.cs +++ b/digicert-certcentral-anycagateway/API/ListDuplicates.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; @@ -8,7 +8,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListDuplicatesRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListMetadata.cs b/digicert-certcentral-anycagateway/API/ListMetadata.cs index 6c4616b..d9713fc 100644 --- a/digicert-certcentral-anycagateway/API/ListMetadata.cs +++ b/digicert-certcentral-anycagateway/API/ListMetadata.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { /// /// Request to get the metadata fields available. diff --git a/digicert-certcentral-anycagateway/API/ListOrganizations.cs b/digicert-certcentral-anycagateway/API/ListOrganizations.cs index 7fe32af..4e225ff 100644 --- a/digicert-certcentral-anycagateway/API/ListOrganizations.cs +++ b/digicert-certcentral-anycagateway/API/ListOrganizations.cs @@ -7,7 +7,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListOrganizationsRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListReissues.cs b/digicert-certcentral-anycagateway/API/ListReissues.cs index e3fdf6c..e81b0ee 100644 --- a/digicert-certcentral-anycagateway/API/ListReissues.cs +++ b/digicert-certcentral-anycagateway/API/ListReissues.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListReissueRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ListRequests.cs b/digicert-certcentral-anycagateway/API/ListRequests.cs index a9d76e6..b692bc7 100644 --- a/digicert-certcentral-anycagateway/API/ListRequests.cs +++ b/digicert-certcentral-anycagateway/API/ListRequests.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -8,7 +8,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ListRequestsRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/OrderCertificate.cs b/digicert-certcentral-anycagateway/API/OrderCertificate.cs index 0bed442..9f82ea8 100644 --- a/digicert-certcentral-anycagateway/API/OrderCertificate.cs +++ b/digicert-certcentral-anycagateway/API/OrderCertificate.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Microsoft.VisualBasic; using Newtonsoft.Json; @@ -10,7 +10,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class OrderRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/Reissue.cs b/digicert-certcentral-anycagateway/API/Reissue.cs index 696390c..432ea3b 100644 --- a/digicert-certcentral-anycagateway/API/Reissue.cs +++ b/digicert-certcentral-anycagateway/API/Reissue.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { [Serializable] public class ReissueRequest : CertCentralBaseRequest diff --git a/digicert-certcentral-anycagateway/API/RevokeCertificate.cs b/digicert-certcentral-anycagateway/API/RevokeCertificate.cs index 6d180cf..11cbe09 100644 --- a/digicert-certcentral-anycagateway/API/RevokeCertificate.cs +++ b/digicert-certcentral-anycagateway/API/RevokeCertificate.cs @@ -7,7 +7,7 @@ using System.Threading.Tasks; using System.Web; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class RevokeCertificateRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/StatusChanges.cs b/digicert-certcentral-anycagateway/API/StatusChanges.cs index eaced16..c277224 100644 --- a/digicert-certcentral-anycagateway/API/StatusChanges.cs +++ b/digicert-certcentral-anycagateway/API/StatusChanges.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class StatusChangesRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs b/digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs index 66113d2..93ab5c3 100644 --- a/digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs +++ b/digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class UpdateRequestStatusRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs b/digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs index 3a423f0..a61f326 100644 --- a/digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs +++ b/digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs @@ -1,4 +1,4 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Newtonsoft.Json; using System; @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.API +namespace Keyfactor.Extensions.CAPlugin.DigiCert.API { public class ViewCertificateOrderRequest : CertCentralBaseRequest { diff --git a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs b/digicert-certcentral-anycagateway/CertCentralCAPlugin.cs similarity index 99% rename from digicert-certcentral-anycagateway/CertCentralCAConnector.cs rename to digicert-certcentral-anycagateway/CertCentralCAPlugin.cs index 6a0c211..646d81a 100644 --- a/digicert-certcentral-anycagateway/CertCentralCAConnector.cs +++ b/digicert-certcentral-anycagateway/CertCentralCAPlugin.cs @@ -1,9 +1,9 @@ using Keyfactor.AnyGateway.Extensions; using Keyfactor.Common; using Keyfactor.Common.Exceptions; -using Keyfactor.Extensions.CAGateway.DigiCert.API; -using Keyfactor.Extensions.CAGateway.DigiCert.Client; -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.API; +using Keyfactor.Extensions.CAPlugin.DigiCert.Client; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Keyfactor.Logging; using Keyfactor.PKI.Enums; @@ -20,11 +20,11 @@ using static Keyfactor.PKI.PKIConstants.Microsoft; -using CertCentralConstants = Keyfactor.Extensions.CAGateway.DigiCert.Constants; +using CertCentralConstants = Keyfactor.Extensions.CAPlugin.DigiCert.Constants; -namespace Keyfactor.Extensions.CAGateway.DigiCert +namespace Keyfactor.Extensions.CAPlugin.DigiCert { - public class CertCentralCAConnector : IAnyCAPlugin + public class CertCentralCAPlugin : IAnyCAPlugin { private CertCentralConfig _config; private readonly ILogger _logger; @@ -32,9 +32,9 @@ public class CertCentralCAConnector : IAnyCAPlugin private Dictionary DCVTokens { get; } = new Dictionary(); - public CertCentralCAConnector() + public CertCentralCAPlugin() { - _logger = LogHandler.GetClassLogger(); + _logger = LogHandler.GetClassLogger(); } public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader) { diff --git a/digicert-certcentral-anycagateway/CertCentralConfig.cs b/digicert-certcentral-anycagateway/CertCentralConfig.cs index 61c03fd..ed0320f 100644 --- a/digicert-certcentral-anycagateway/CertCentralConfig.cs +++ b/digicert-certcentral-anycagateway/CertCentralConfig.cs @@ -4,7 +4,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert +namespace Keyfactor.Extensions.CAPlugin.DigiCert { public class CertCentralConfig { diff --git a/digicert-certcentral-anycagateway/Client/CertCentralClient.cs b/digicert-certcentral-anycagateway/Client/CertCentralClient.cs index ae1e5b4..c700a3c 100644 --- a/digicert-certcentral-anycagateway/Client/CertCentralClient.cs +++ b/digicert-certcentral-anycagateway/Client/CertCentralClient.cs @@ -1,5 +1,5 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.API; -using Keyfactor.Extensions.CAGateway.DigiCert.Models; +using Keyfactor.Extensions.CAPlugin.DigiCert.API; +using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Keyfactor.Logging; using Microsoft.Extensions.Logging; using Newtonsoft.Json; @@ -14,7 +14,7 @@ using static Keyfactor.PKI.X509.X509Utilities; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Client +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Client { public class CertCentralCredentials { diff --git a/digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs b/digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs index ab62f24..597bd0b 100644 --- a/digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs +++ b/digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Client +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Client { /// /// Static class containing some utility methods for the cert central client. @@ -17,7 +17,7 @@ public static class CertCentralClientUtilities /// /// Private instance of the logger. /// - private static ILogger Logger => LogHandler.GetClassLogger(); + private static ILogger Logger => LogHandler.GetClassLogger(); /// /// Uses the to build a DigiCert client. diff --git a/digicert-certcentral-anycagateway/Client/Conversions.cs b/digicert-certcentral-anycagateway/Client/Conversions.cs index 2d9cbe8..a53c0e9 100644 --- a/digicert-certcentral-anycagateway/Client/Conversions.cs +++ b/digicert-certcentral-anycagateway/Client/Conversions.cs @@ -10,7 +10,7 @@ using System.Text.RegularExpressions; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Client +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Client { public class Conversions { diff --git a/digicert-certcentral-anycagateway/Constants.cs b/digicert-certcentral-anycagateway/Constants.cs index 25964b4..44aa10b 100644 --- a/digicert-certcentral-anycagateway/Constants.cs +++ b/digicert-certcentral-anycagateway/Constants.cs @@ -4,7 +4,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert +namespace Keyfactor.Extensions.CAPlugin.DigiCert { public class Constants { diff --git a/digicert-certcentral-anycagateway/Models/CertCentralCertType.cs b/digicert-certcentral-anycagateway/Models/CertCentralCertType.cs index f804aa5..ce3882d 100644 --- a/digicert-certcentral-anycagateway/Models/CertCentralCertType.cs +++ b/digicert-certcentral-anycagateway/Models/CertCentralCertType.cs @@ -1,5 +1,5 @@ -using Keyfactor.Extensions.CAGateway.DigiCert.API; -using Keyfactor.Extensions.CAGateway.DigiCert.Client; +using Keyfactor.Extensions.CAPlugin.DigiCert.API; +using Keyfactor.Extensions.CAPlugin.DigiCert.Client; using Keyfactor.Logging; using Microsoft.Extensions.Logging; @@ -9,7 +9,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class CertCentralCertType { diff --git a/digicert-certcentral-anycagateway/Models/CertificateOrder.cs b/digicert-certcentral-anycagateway/Models/CertificateOrder.cs index 6cd0569..a06f04c 100644 --- a/digicert-certcentral-anycagateway/Models/CertificateOrder.cs +++ b/digicert-certcentral-anycagateway/Models/CertificateOrder.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class CertificateOrder { diff --git a/digicert-certcentral-anycagateway/Models/Contact.cs b/digicert-certcentral-anycagateway/Models/Contact.cs index 3106b92..82601b0 100644 --- a/digicert-certcentral-anycagateway/Models/Contact.cs +++ b/digicert-certcentral-anycagateway/Models/Contact.cs @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class User : Contact { diff --git a/digicert-certcentral-anycagateway/Models/Error.cs b/digicert-certcentral-anycagateway/Models/Error.cs index 1ebf365..e963096 100644 --- a/digicert-certcentral-anycagateway/Models/Error.cs +++ b/digicert-certcentral-anycagateway/Models/Error.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class Error { diff --git a/digicert-certcentral-anycagateway/Models/IdInformation.cs b/digicert-certcentral-anycagateway/Models/IdInformation.cs index 90d91fc..506aff3 100644 --- a/digicert-certcentral-anycagateway/Models/IdInformation.cs +++ b/digicert-certcentral-anycagateway/Models/IdInformation.cs @@ -7,7 +7,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class IdInformation { diff --git a/digicert-certcentral-anycagateway/Models/Product.cs b/digicert-certcentral-anycagateway/Models/Product.cs index 901049c..d866b33 100644 --- a/digicert-certcentral-anycagateway/Models/Product.cs +++ b/digicert-certcentral-anycagateway/Models/Product.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class Product { diff --git a/digicert-certcentral-anycagateway/Models/RequestSummary.cs b/digicert-certcentral-anycagateway/Models/RequestSummary.cs index aafc83e..1c015ba 100644 --- a/digicert-certcentral-anycagateway/Models/RequestSummary.cs +++ b/digicert-certcentral-anycagateway/Models/RequestSummary.cs @@ -6,7 +6,7 @@ using System.Text; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert.Models +namespace Keyfactor.Extensions.CAPlugin.DigiCert.Models { public class RequestSummary { diff --git a/digicert-certcentral-anycagateway/Utilities.cs b/digicert-certcentral-anycagateway/Utilities.cs index a7e6f0f..ef6a598 100644 --- a/digicert-certcentral-anycagateway/Utilities.cs +++ b/digicert-certcentral-anycagateway/Utilities.cs @@ -5,7 +5,7 @@ using System.Text.RegularExpressions; using System.Threading.Tasks; -namespace Keyfactor.Extensions.CAGateway.DigiCert +namespace Keyfactor.Extensions.CAPlugin.DigiCert { public static class Utilities { diff --git a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj b/digicert-certcentral-anycagateway/digicert-certcentral-caplugin.csproj similarity index 83% rename from digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj rename to digicert-certcentral-anycagateway/digicert-certcentral-caplugin.csproj index c96dcd7..95884fa 100644 --- a/digicert-certcentral-anycagateway/digicert-certcentral-anycagateway.csproj +++ b/digicert-certcentral-anycagateway/digicert-certcentral-caplugin.csproj @@ -2,10 +2,10 @@ net6.0 - Keyfactor.Extensions.CAGateway.DigiCert + Keyfactor.Extensions.CAPlugin.DigiCert enable disable - DigicertCAGateway + DigicertCAPlugin From b2e44937e02191d3c4e2307dda6122a0e0161e6f Mon Sep 17 00:00:00 2001 From: David Galey Date: Fri, 19 Apr 2024 02:37:41 -0400 Subject: [PATCH 21/42] Directory/solution rename --- ...anycagateway.sln => digicert-certcentral-caplugin.sln | 9 ++++++++- .../API/CertCentralAPIBase.cs | 0 .../API/CertificateChain.cs | 0 .../API/CertificateTypeDetails.cs | 0 .../API/CertificateTypes.cs | 0 .../API/CheckDCV.cs | 0 .../API/DownloadCertificateByFormat.cs | 0 .../API/ListCertificateOrders.cs | 0 .../API/ListContainers.cs | 0 .../API/ListDomains.cs | 0 .../API/ListDuplicates.cs | 0 .../API/ListMetadata.cs | 0 .../API/ListOrganizations.cs | 0 .../API/ListReissues.cs | 0 .../API/ListRequests.cs | 0 .../API/OrderCertificate.cs | 0 .../API/Reissue.cs | 0 .../API/RevokeCertificate.cs | 0 .../API/StatusChanges.cs | 0 .../API/UpdateRequestStatus.cs | 0 .../API/ViewCertificateOrder.cs | 0 .../CertCentralCAPlugin.cs | 0 .../CertCentralConfig.cs | 0 .../Client/CertCentralClient.cs | 0 .../Client/CertCentralClientUtilities.cs | 0 .../Client/Conversions.cs | 0 .../Constants.cs | 0 .../Models/CertCentralCertType.cs | 0 .../Models/CertificateOrder.cs | 0 .../Models/Contact.cs | 0 .../Models/Error.cs | 0 .../Models/IdInformation.cs | 0 .../Models/Product.cs | 0 .../Models/RequestSummary.cs | 0 .../Utilities.cs | 0 .../digicert-certcentral-caplugin.csproj | 0 integration-manifest.json | 6 +++--- 37 files changed, 11 insertions(+), 4 deletions(-) rename digicert-certcentral-anycagateway.sln => digicert-certcentral-caplugin.sln (69%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/CertCentralAPIBase.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/CertificateChain.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/CertificateTypeDetails.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/CertificateTypes.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/CheckDCV.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/DownloadCertificateByFormat.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListCertificateOrders.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListContainers.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListDomains.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListDuplicates.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListMetadata.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListOrganizations.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListReissues.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ListRequests.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/OrderCertificate.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/Reissue.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/RevokeCertificate.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/StatusChanges.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/UpdateRequestStatus.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/API/ViewCertificateOrder.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/CertCentralCAPlugin.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/CertCentralConfig.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Client/CertCentralClient.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Client/CertCentralClientUtilities.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Client/Conversions.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Constants.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/CertCentralCertType.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/CertificateOrder.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/Contact.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/Error.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/IdInformation.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/Product.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Models/RequestSummary.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/Utilities.cs (100%) rename {digicert-certcentral-anycagateway => digicert-certcentral-caplugin}/digicert-certcentral-caplugin.csproj (100%) diff --git a/digicert-certcentral-anycagateway.sln b/digicert-certcentral-caplugin.sln similarity index 69% rename from digicert-certcentral-anycagateway.sln rename to digicert-certcentral-caplugin.sln index 9b27dac..5425d02 100644 --- a/digicert-certcentral-anycagateway.sln +++ b/digicert-certcentral-caplugin.sln @@ -3,7 +3,14 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 17 VisualStudioVersion = 17.6.33815.320 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "digicert-certcentral-caplugin", "digicert-certcentral-anycagateway\digicert-certcentral-caplugin.csproj", "{434D1E74-8EE7-4CC6-BAEC-62D224022F5F}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "digicert-certcentral-caplugin", "digicert-certcentral-caplugin\digicert-certcentral-caplugin.csproj", "{434D1E74-8EE7-4CC6-BAEC-62D224022F5F}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A6058317-1B5E-4E7C-9669-B3A6C0E605BB}" + ProjectSection(SolutionItems) = preProject + CHANGELOG.md = CHANGELOG.md + integration-manifest.json = integration-manifest.json + readme_source.md = readme_source.md + EndProjectSection EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution diff --git a/digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs b/digicert-certcentral-caplugin/API/CertCentralAPIBase.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/CertCentralAPIBase.cs rename to digicert-certcentral-caplugin/API/CertCentralAPIBase.cs diff --git a/digicert-certcentral-anycagateway/API/CertificateChain.cs b/digicert-certcentral-caplugin/API/CertificateChain.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/CertificateChain.cs rename to digicert-certcentral-caplugin/API/CertificateChain.cs diff --git a/digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs b/digicert-certcentral-caplugin/API/CertificateTypeDetails.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/CertificateTypeDetails.cs rename to digicert-certcentral-caplugin/API/CertificateTypeDetails.cs diff --git a/digicert-certcentral-anycagateway/API/CertificateTypes.cs b/digicert-certcentral-caplugin/API/CertificateTypes.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/CertificateTypes.cs rename to digicert-certcentral-caplugin/API/CertificateTypes.cs diff --git a/digicert-certcentral-anycagateway/API/CheckDCV.cs b/digicert-certcentral-caplugin/API/CheckDCV.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/CheckDCV.cs rename to digicert-certcentral-caplugin/API/CheckDCV.cs diff --git a/digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs b/digicert-certcentral-caplugin/API/DownloadCertificateByFormat.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/DownloadCertificateByFormat.cs rename to digicert-certcentral-caplugin/API/DownloadCertificateByFormat.cs diff --git a/digicert-certcentral-anycagateway/API/ListCertificateOrders.cs b/digicert-certcentral-caplugin/API/ListCertificateOrders.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListCertificateOrders.cs rename to digicert-certcentral-caplugin/API/ListCertificateOrders.cs diff --git a/digicert-certcentral-anycagateway/API/ListContainers.cs b/digicert-certcentral-caplugin/API/ListContainers.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListContainers.cs rename to digicert-certcentral-caplugin/API/ListContainers.cs diff --git a/digicert-certcentral-anycagateway/API/ListDomains.cs b/digicert-certcentral-caplugin/API/ListDomains.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListDomains.cs rename to digicert-certcentral-caplugin/API/ListDomains.cs diff --git a/digicert-certcentral-anycagateway/API/ListDuplicates.cs b/digicert-certcentral-caplugin/API/ListDuplicates.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListDuplicates.cs rename to digicert-certcentral-caplugin/API/ListDuplicates.cs diff --git a/digicert-certcentral-anycagateway/API/ListMetadata.cs b/digicert-certcentral-caplugin/API/ListMetadata.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListMetadata.cs rename to digicert-certcentral-caplugin/API/ListMetadata.cs diff --git a/digicert-certcentral-anycagateway/API/ListOrganizations.cs b/digicert-certcentral-caplugin/API/ListOrganizations.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListOrganizations.cs rename to digicert-certcentral-caplugin/API/ListOrganizations.cs diff --git a/digicert-certcentral-anycagateway/API/ListReissues.cs b/digicert-certcentral-caplugin/API/ListReissues.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListReissues.cs rename to digicert-certcentral-caplugin/API/ListReissues.cs diff --git a/digicert-certcentral-anycagateway/API/ListRequests.cs b/digicert-certcentral-caplugin/API/ListRequests.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ListRequests.cs rename to digicert-certcentral-caplugin/API/ListRequests.cs diff --git a/digicert-certcentral-anycagateway/API/OrderCertificate.cs b/digicert-certcentral-caplugin/API/OrderCertificate.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/OrderCertificate.cs rename to digicert-certcentral-caplugin/API/OrderCertificate.cs diff --git a/digicert-certcentral-anycagateway/API/Reissue.cs b/digicert-certcentral-caplugin/API/Reissue.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/Reissue.cs rename to digicert-certcentral-caplugin/API/Reissue.cs diff --git a/digicert-certcentral-anycagateway/API/RevokeCertificate.cs b/digicert-certcentral-caplugin/API/RevokeCertificate.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/RevokeCertificate.cs rename to digicert-certcentral-caplugin/API/RevokeCertificate.cs diff --git a/digicert-certcentral-anycagateway/API/StatusChanges.cs b/digicert-certcentral-caplugin/API/StatusChanges.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/StatusChanges.cs rename to digicert-certcentral-caplugin/API/StatusChanges.cs diff --git a/digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs b/digicert-certcentral-caplugin/API/UpdateRequestStatus.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/UpdateRequestStatus.cs rename to digicert-certcentral-caplugin/API/UpdateRequestStatus.cs diff --git a/digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs b/digicert-certcentral-caplugin/API/ViewCertificateOrder.cs similarity index 100% rename from digicert-certcentral-anycagateway/API/ViewCertificateOrder.cs rename to digicert-certcentral-caplugin/API/ViewCertificateOrder.cs diff --git a/digicert-certcentral-anycagateway/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs similarity index 100% rename from digicert-certcentral-anycagateway/CertCentralCAPlugin.cs rename to digicert-certcentral-caplugin/CertCentralCAPlugin.cs diff --git a/digicert-certcentral-anycagateway/CertCentralConfig.cs b/digicert-certcentral-caplugin/CertCentralConfig.cs similarity index 100% rename from digicert-certcentral-anycagateway/CertCentralConfig.cs rename to digicert-certcentral-caplugin/CertCentralConfig.cs diff --git a/digicert-certcentral-anycagateway/Client/CertCentralClient.cs b/digicert-certcentral-caplugin/Client/CertCentralClient.cs similarity index 100% rename from digicert-certcentral-anycagateway/Client/CertCentralClient.cs rename to digicert-certcentral-caplugin/Client/CertCentralClient.cs diff --git a/digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs b/digicert-certcentral-caplugin/Client/CertCentralClientUtilities.cs similarity index 100% rename from digicert-certcentral-anycagateway/Client/CertCentralClientUtilities.cs rename to digicert-certcentral-caplugin/Client/CertCentralClientUtilities.cs diff --git a/digicert-certcentral-anycagateway/Client/Conversions.cs b/digicert-certcentral-caplugin/Client/Conversions.cs similarity index 100% rename from digicert-certcentral-anycagateway/Client/Conversions.cs rename to digicert-certcentral-caplugin/Client/Conversions.cs diff --git a/digicert-certcentral-anycagateway/Constants.cs b/digicert-certcentral-caplugin/Constants.cs similarity index 100% rename from digicert-certcentral-anycagateway/Constants.cs rename to digicert-certcentral-caplugin/Constants.cs diff --git a/digicert-certcentral-anycagateway/Models/CertCentralCertType.cs b/digicert-certcentral-caplugin/Models/CertCentralCertType.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/CertCentralCertType.cs rename to digicert-certcentral-caplugin/Models/CertCentralCertType.cs diff --git a/digicert-certcentral-anycagateway/Models/CertificateOrder.cs b/digicert-certcentral-caplugin/Models/CertificateOrder.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/CertificateOrder.cs rename to digicert-certcentral-caplugin/Models/CertificateOrder.cs diff --git a/digicert-certcentral-anycagateway/Models/Contact.cs b/digicert-certcentral-caplugin/Models/Contact.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/Contact.cs rename to digicert-certcentral-caplugin/Models/Contact.cs diff --git a/digicert-certcentral-anycagateway/Models/Error.cs b/digicert-certcentral-caplugin/Models/Error.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/Error.cs rename to digicert-certcentral-caplugin/Models/Error.cs diff --git a/digicert-certcentral-anycagateway/Models/IdInformation.cs b/digicert-certcentral-caplugin/Models/IdInformation.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/IdInformation.cs rename to digicert-certcentral-caplugin/Models/IdInformation.cs diff --git a/digicert-certcentral-anycagateway/Models/Product.cs b/digicert-certcentral-caplugin/Models/Product.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/Product.cs rename to digicert-certcentral-caplugin/Models/Product.cs diff --git a/digicert-certcentral-anycagateway/Models/RequestSummary.cs b/digicert-certcentral-caplugin/Models/RequestSummary.cs similarity index 100% rename from digicert-certcentral-anycagateway/Models/RequestSummary.cs rename to digicert-certcentral-caplugin/Models/RequestSummary.cs diff --git a/digicert-certcentral-anycagateway/Utilities.cs b/digicert-certcentral-caplugin/Utilities.cs similarity index 100% rename from digicert-certcentral-anycagateway/Utilities.cs rename to digicert-certcentral-caplugin/Utilities.cs diff --git a/digicert-certcentral-anycagateway/digicert-certcentral-caplugin.csproj b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj similarity index 100% rename from digicert-certcentral-anycagateway/digicert-certcentral-caplugin.csproj rename to digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj diff --git a/integration-manifest.json b/integration-manifest.json index e0ca91a..066b46b 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,12 +1,12 @@ { "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "ca-gateway", - "name": "digicert-certcentral-anycagateway", + "name": "digicert-certcentral-caplugin", "status": "prototype", "support_level": "community", "link_github": false, "update_catalog": false, - "description": "DigiCert CertCentral plugin for the AnyCA Gateway framework", + "description": "DigiCert CertCentral plugin for the AnyCA REST Gateway framework", "gateway_framework": "1.0.0", - "release_dir": "digicert-certcentral-anycagateway/bin/Release/net6.0" + "release_dir": "digicert-certcentral-caplugin/bin/Release/net6.0" } From 96d6b23d97ebf6c6a1ab46063616d297ff932c59 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Fri, 19 Apr 2024 06:38:36 +0000 Subject: [PATCH 22/42] Update generated README --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 97dffe9..a15fda9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# digicert-certcentral-anycagateway +# digicert-certcentral-caplugin -DigiCert CertCentral plugin for the AnyCA Gateway framework +DigiCert CertCentral plugin for the AnyCA REST Gateway framework #### Integration status: Prototype - Demonstration quality. Not for use in customer environments. @@ -10,9 +10,9 @@ DigiCert CertCentral plugin for the AnyCA Gateway framework This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. -## Support for digicert-certcentral-anycagateway +## Support for digicert-certcentral-caplugin -digicert-certcentral-anycagateway is open source and community supported, meaning that there is no support guaranteed from Keyfactor Support for these tools. +digicert-certcentral-caplugin is open source and community supported, meaning that there is no support guaranteed from Keyfactor Support for these tools. ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. From 222f5fa0d6f811cb30f7cead213a88dcb7ab3c16 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 8 May 2024 12:43:01 -0400 Subject: [PATCH 23/42] readme fixes --- readme_source.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/readme_source.md b/readme_source.md index c0d1cd8..f383da0 100644 --- a/readme_source.md +++ b/readme_source.md @@ -1,5 +1,5 @@ # Introduction -This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. +This AnyCA Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites ## Certificate Chain @@ -10,19 +10,19 @@ In order to enroll for certificates the Keyfactor Command server must trust the # Install * Download latest successful build from [GitHub Releases](../../releases/latest) -* Copy DigiCertCAGateway.dll and DigiCertCAGateway.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +* Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory * Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors * If the manifest.json file or the Connectors folder do not exist, create them. - ```json +```json { "extensions": { "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { - "DigiCertCAConnector": { - "assemblypath": "../DigiCertCAGateway.dll", - "TypeFullName": "Keyfactor.Extensions.CAGateway.DigiCert.CertCentralCAConnector" + "CertCentralCAPlugin": { + "assemblypath": "../DigicertCAPlugin.dll", + "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" } } } } - ``` +``` From 805fe935733c28334e3479d4a3aa48ecdc9c153e Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 8 May 2024 16:43:32 +0000 Subject: [PATCH 24/42] Update generated README --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a15fda9..57b52f3 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This gateway was compiled against version 1.0.0 of the AnyGateway Framework. Yo # Introduction -This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. +This AnyCA Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites ## Certificate Chain @@ -45,20 +45,20 @@ In order to enroll for certificates the Keyfactor Command server must trust the # Install * Download latest successful build from [GitHub Releases](../../releases/latest) -* Copy DigiCertCAGateway.dll and DigiCertCAGateway.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +* Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory * Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors * If the manifest.json file or the Connectors folder do not exist, create them. - ```json +```json { "extensions": { "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { - "DigiCertCAConnector": { - "assemblypath": "../DigiCertCAGateway.dll", - "TypeFullName": "Keyfactor.Extensions.CAGateway.DigiCert.CertCentralCAConnector" + "CertCentralCAPlugin": { + "assemblypath": "../DigicertCAPlugin.dll", + "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" } } } } - ``` +``` From ed77ae2c448c67b08c0515d8990b3998954b4627 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 30 May 2024 14:20:15 -0400 Subject: [PATCH 25/42] Readme updates --- readme_source.md | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/readme_source.md b/readme_source.md index f383da0..14f5293 100644 --- a/readme_source.md +++ b/readme_source.md @@ -1,18 +1,21 @@ -# Introduction -This AnyCA Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. +# Introduction +This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites ## Certificate Chain In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store +## Compatibility +The DigiCert AnyCA plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2 and later -# Install -* Download latest successful build from [GitHub Releases](../../releases/latest) -* Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +## Installation +1. Download latest successful build from [GitHub Releases](../../releases/latest) -* Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors +2. Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory + +3. Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors * If the manifest.json file or the Connectors folder do not exist, create them. ```json { @@ -26,3 +29,29 @@ In order to enroll for certificates the Keyfactor Command server must trust the } } ``` + +4. Restart the AnyCA Gateway service + +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the GoDaddy plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. + + +## Configuration + +1. Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, using the following information to configure the CA Connection section: + + * Enabled - whether the DigiCert gateway should be enabled or not. Should almost always be set to 'true' + * APIKey - the API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. + * Region - (Optional) The geographic region associated with your DigiCert account. Valid values are US and EU. If not provided, default of US is used. + * DivisionId - (Optional) If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for enrollment. Otherwise, omit this setting. NOTE: Division ID is currently only use for product type lookups, it will not affect any other gateway functionality + * RevokeCertificateOnly - (Optional) By default, when revoking a certificate through DigiCert, the entire order gets revoked. Set this value to 'true' if you want to only revoke individual certificates instead. + * SyncCAFilter - (Optional) If you list one or more issuing CA IDs here from DigiCert, the sync process will only return certs issued by one of those CAs. Leave this option out to sync all certs from all CAs. + * FilterExpiredOrders - (Optional) If set to 'true', syncing will apply a filter to NOT return certs that are not expired, or only recently expired. See the next configuration value to set that window. Setting this to 'false' will return all certs regardless of expiration. + * SyncExpirationDays - (Optional) Only used if FilterExpiredOrders is set to 'true'. Specifies the number of days in the past to sync expired certs. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days. The default value if not specified is 0, meaning sync would not return any certs expired before the current day. + + +2. Follow the official AnyCA Gateway REST documentation to define one or more Certificate Profiles. These are what will show up as Templates in Keyfactor Command. You need at least one profile for each product type you wish to be able to enroll for. It is recommended to include the product type in the profile name to make them easier to identify. Use the following information to configure each profile: + + * LifetimeDays - (Optional) The number of days of validity to use when requesting certs. If not specified, the default of 365 will be used. NOTE FOR RENEWALS: If the LifetimeDays value is evenly divisible by 365, when a certificate is renewed, the lifetime will be treated as years instead of days, so the new certificate's expiration will be the same month and day as the original certificate (assuming you are renewing close enough to expiration that the new expiration date fits within the maximum validity) + * CACertId - (Optional) ID of issuing CA to be used by DigiCert. If not specified, the default for your account will be used. + * Organization-Name - (Optional) If specified, will override any organzation name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. + * RenewalWindowDays - (Optional) The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expired in more than 90 days will be treated as a reissue. From 6f96cdba05e1aaf4752a587eff0ea374244dc5d3 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 30 May 2024 14:20:40 -0400 Subject: [PATCH 26/42] readme fix --- readme_source.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme_source.md b/readme_source.md index 14f5293..755a948 100644 --- a/readme_source.md +++ b/readme_source.md @@ -32,7 +32,7 @@ The DigiCert AnyCA plugin is compatible with the Keyfactor AnyCA Gateway REST 24 4. Restart the AnyCA Gateway service -5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the GoDaddy plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. ## Configuration From 91922a44bed2f34d4aa1e32ee07131ce7e36f71a Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 30 May 2024 18:20:58 +0000 Subject: [PATCH 27/42] Update generated README --- README.md | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 57b52f3..6473e76 100644 --- a/README.md +++ b/README.md @@ -33,21 +33,24 @@ This gateway was compiled against version 1.0.0 of the AnyGateway Framework. Yo --- -# Introduction -This AnyCA Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. +# Introduction +This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites ## Certificate Chain In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store +## Compatibility +The DigiCert AnyCA plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2 and later -# Install -* Download latest successful build from [GitHub Releases](../../releases/latest) -* Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +## Installation +1. Download latest successful build from [GitHub Releases](../../releases/latest) -* Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors +2. Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory + +3. Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors * If the manifest.json file or the Connectors folder do not exist, create them. ```json { @@ -62,3 +65,29 @@ In order to enroll for certificates the Keyfactor Command server must trust the } ``` +4. Restart the AnyCA Gateway service + +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. + + +## Configuration + +1. Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, using the following information to configure the CA Connection section: + + * Enabled - whether the DigiCert gateway should be enabled or not. Should almost always be set to 'true' + * APIKey - the API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. + * Region - (Optional) The geographic region associated with your DigiCert account. Valid values are US and EU. If not provided, default of US is used. + * DivisionId - (Optional) If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for enrollment. Otherwise, omit this setting. NOTE: Division ID is currently only use for product type lookups, it will not affect any other gateway functionality + * RevokeCertificateOnly - (Optional) By default, when revoking a certificate through DigiCert, the entire order gets revoked. Set this value to 'true' if you want to only revoke individual certificates instead. + * SyncCAFilter - (Optional) If you list one or more issuing CA IDs here from DigiCert, the sync process will only return certs issued by one of those CAs. Leave this option out to sync all certs from all CAs. + * FilterExpiredOrders - (Optional) If set to 'true', syncing will apply a filter to NOT return certs that are not expired, or only recently expired. See the next configuration value to set that window. Setting this to 'false' will return all certs regardless of expiration. + * SyncExpirationDays - (Optional) Only used if FilterExpiredOrders is set to 'true'. Specifies the number of days in the past to sync expired certs. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days. The default value if not specified is 0, meaning sync would not return any certs expired before the current day. + + +2. Follow the official AnyCA Gateway REST documentation to define one or more Certificate Profiles. These are what will show up as Templates in Keyfactor Command. You need at least one profile for each product type you wish to be able to enroll for. It is recommended to include the product type in the profile name to make them easier to identify. Use the following information to configure each profile: + + * LifetimeDays - (Optional) The number of days of validity to use when requesting certs. If not specified, the default of 365 will be used. NOTE FOR RENEWALS: If the LifetimeDays value is evenly divisible by 365, when a certificate is renewed, the lifetime will be treated as years instead of days, so the new certificate's expiration will be the same month and day as the original certificate (assuming you are renewing close enough to expiration that the new expiration date fits within the maximum validity) + * CACertId - (Optional) ID of issuing CA to be used by DigiCert. If not specified, the default for your account will be used. + * Organization-Name - (Optional) If specified, will override any organzation name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. + * RenewalWindowDays - (Optional) The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expired in more than 90 days will be treated as a reissue. + From 48c12bf72579b31bbd72762acde0749f36acc29c Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 30 May 2024 14:26:58 -0400 Subject: [PATCH 28/42] package updates --- digicert-certcentral-caplugin/CertCentralCAPlugin.cs | 1 + .../digicert-certcentral-caplugin.csproj | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs index 646d81a..a617eca 100644 --- a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs +++ b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs @@ -6,6 +6,7 @@ using Keyfactor.Extensions.CAPlugin.DigiCert.Models; using Keyfactor.Logging; using Keyfactor.PKI.Enums; +using Keyfactor.PKI.Enums.EJBCA; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; diff --git a/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj index 95884fa..7ca00b6 100644 --- a/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj +++ b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj @@ -9,10 +9,10 @@ - - + + - + From 6d113d02978faee70e46ec923c6449c2e7702d91 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 30 May 2024 14:29:03 -0400 Subject: [PATCH 29/42] update manifest --- integration-manifest.json | 2 +- readme_source.md | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/integration-manifest.json b/integration-manifest.json index 066b46b..5f90fbc 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -7,6 +7,6 @@ "link_github": false, "update_catalog": false, "description": "DigiCert CertCentral plugin for the AnyCA REST Gateway framework", - "gateway_framework": "1.0.0", + "gateway_framework": "24.2.0", "release_dir": "digicert-certcentral-caplugin/bin/Release/net6.0" } diff --git a/readme_source.md b/readme_source.md index 755a948..128aec4 100644 --- a/readme_source.md +++ b/readme_source.md @@ -6,10 +6,6 @@ This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronizatio In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store -## Compatibility -The DigiCert AnyCA plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2 and later - - ## Installation 1. Download latest successful build from [GitHub Releases](../../releases/latest) From 726f581824a93eb199065fad2e7b3f2f387bbb1a Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 30 May 2024 18:29:24 +0000 Subject: [PATCH 30/42] Update generated README --- README.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index 6473e76..b870eda 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ digicert-certcentral-caplugin is open source and community supported, meaning th ## Keyfactor AnyGateway Framework Supported -This gateway was compiled against version 1.0.0 of the AnyGateway Framework. You will need at least this version of the AnyGateway Framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. +This gateway was compiled against version 24.2.0 of the AnyGateway Framework. You will need at least this version of the AnyGateway Framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. @@ -41,10 +41,6 @@ This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronizatio In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store -## Compatibility -The DigiCert AnyCA plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2 and later - - ## Installation 1. Download latest successful build from [GitHub Releases](../../releases/latest) From 24a276118d24dea7bf95bd20f4e2f89a8116d00c Mon Sep 17 00:00:00 2001 From: Mikey Henderson <4452096+fiddlermikey@users.noreply.github.com> Date: Thu, 30 May 2024 13:51:12 -0700 Subject: [PATCH 31/42] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e69de29..f180664 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -0,0 +1,2 @@ +### 2.0.0 +* Initial Public Release From d1b8e471b217a1f2afe1f1512747adab62a9c19f Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Thu, 30 May 2024 14:18:16 -0700 Subject: [PATCH 32/42] update workflow to bootstrap update to production values in manifest --- .../keyfactor-bootstrap-workflow.yml | 19 +++++++++++ .../keyfactor-integrations-workflow.yml | 33 ------------------- integration-manifest.json | 4 +-- 3 files changed, 21 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/keyfactor-bootstrap-workflow.yml delete mode 100644 .github/workflows/keyfactor-integrations-workflow.yml diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml new file mode 100644 index 0000000..6d8de53 --- /dev/null +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -0,0 +1,19 @@ +name: Keyfactor Bootstrap Workflow + +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' + +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v2 + secrets: + token: ${{ secrets.V2BUILDTOKEN}} + APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} diff --git a/.github/workflows/keyfactor-integrations-workflow.yml b/.github/workflows/keyfactor-integrations-workflow.yml deleted file mode 100644 index b779b53..0000000 --- a/.github/workflows/keyfactor-integrations-workflow.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Starter Workflow -on: [workflow_dispatch, push, pull_request] - -jobs: - call-create-github-release-workflow: - uses: Keyfactor/actions/.github/workflows/github-release.yml@main - - call-assign-from-json-workflow: - uses: Keyfactor/actions/.github/workflows/assign-env-from-json.yml@main - - call-dotnet-build-and-release-workflow: - needs: [call-create-github-release-workflow, call-assign-from-json-workflow] - uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main - with: - release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} - release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }} - - secrets: - token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} - - call-generate-readme-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main - secrets: - token: ${{ secrets.APPROVE_README_PUSH }} - - call-update-catalog-workflow: - needs: call-assign-from-json-workflow - if: needs.call-assign-from-json-workflow.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') - uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main - secrets: - token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/integration-manifest.json b/integration-manifest.json index 5f90fbc..27ef1d9 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -2,8 +2,8 @@ "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "ca-gateway", "name": "digicert-certcentral-caplugin", - "status": "prototype", - "support_level": "community", + "status": "production", + "support_level": "kf-supported", "link_github": false, "update_catalog": false, "description": "DigiCert CertCentral plugin for the AnyCA REST Gateway framework", From 57e83a41a9f84d790c96e635573a4705bd95cf27 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 30 May 2024 22:08:18 +0000 Subject: [PATCH 33/42] Update generated README --- README.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b870eda..4bf4492 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,22 @@ + # digicert-certcentral-caplugin DigiCert CertCentral plugin for the AnyCA REST Gateway framework -#### Integration status: Prototype - Demonstration quality. Not for use in customer environments. - - -## About the Keyfactor AnyGateway CA Connector +#### Integration status: Production - Ready for use in production environments. -This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. +## About the Keyfactor AnyCA Gateway DCOM Connector +This repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. ## Support for digicert-certcentral-caplugin -digicert-certcentral-caplugin is open source and community supported, meaning that there is no support guaranteed from Keyfactor Support for these tools. +digicert-certcentral-caplugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. +--- + --- @@ -23,10 +24,16 @@ digicert-certcentral-caplugin is open source and community supported, meaning th +## Keyfactor AnyCA Gateway Framework Supported +The Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command. -## Keyfactor AnyGateway Framework Supported -This gateway was compiled against version 24.2.0 of the AnyGateway Framework. You will need at least this version of the AnyGateway Framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. + + +This gateway extension was compiled against version 24.2.0 of the AnyCA Gateway DCOM Framework. You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. + + +[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm) @@ -87,3 +94,4 @@ In order to enroll for certificates the Keyfactor Command server must trust the * Organization-Name - (Optional) If specified, will override any organzation name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. * RenewalWindowDays - (Optional) The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expired in more than 90 days will be treated as a reissue. + From 9e2667a047e0e2b42b6c9cb177a5624dff384683 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Mon, 3 Jun 2024 15:49:11 -0700 Subject: [PATCH 34/42] update type, prep for catalog update --- integration-manifest.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/integration-manifest.json b/integration-manifest.json index 27ef1d9..f5b11e0 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,11 +1,11 @@ { "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", - "integration_type": "ca-gateway", + "integration_type": "anyca-plugin", "name": "digicert-certcentral-caplugin", "status": "production", "support_level": "kf-supported", - "link_github": false, - "update_catalog": false, + "link_github": true, + "update_catalog": true, "description": "DigiCert CertCentral plugin for the AnyCA REST Gateway framework", "gateway_framework": "24.2.0", "release_dir": "digicert-certcentral-caplugin/bin/Release/net6.0" From 37737c879c287055cb0d38fe946652e096cc6aae Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Mon, 3 Jun 2024 22:49:49 +0000 Subject: [PATCH 35/42] Update generated README --- README.md | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 4bf4492..b8a89d1 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ DigiCert CertCentral plugin for the AnyCA REST Gateway framework #### Integration status: Production - Ready for use in production environments. -## About the Keyfactor AnyCA Gateway DCOM Connector +## About the Keyfactor + -This repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. ## Support for digicert-certcentral-caplugin @@ -22,24 +22,6 @@ digicert-certcentral-caplugin is supported by Keyfactor for Keyfactor customers. - - -## Keyfactor AnyCA Gateway Framework Supported -The Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command. - - - - -This gateway extension was compiled against version 24.2.0 of the AnyCA Gateway DCOM Framework. You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly. - - -[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm) - - - ---- - - # Introduction This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites From a9b9e32a160ed5e15164559e068ae201981dadc3 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Mon, 3 Jun 2024 15:57:04 -0700 Subject: [PATCH 36/42] minor update to integration name --- integration-manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-manifest.json b/integration-manifest.json index f5b11e0..62f97bf 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,7 +1,7 @@ { "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "anyca-plugin", - "name": "digicert-certcentral-caplugin", + "name": "DigiCert CertCentral AnyCA REST Gateway Plugin", "status": "production", "support_level": "kf-supported", "link_github": true, From c019e4cfc40c136df2314d3a4408c6f90c4e1f4e Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Mon, 3 Jun 2024 23:02:18 +0000 Subject: [PATCH 37/42] Update generated README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b8a89d1..39f3d34 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# digicert-certcentral-caplugin +# DigiCert CertCentral AnyCA REST Gateway Plugin DigiCert CertCentral plugin for the AnyCA REST Gateway framework @@ -9,9 +9,9 @@ DigiCert CertCentral plugin for the AnyCA REST Gateway framework -## Support for digicert-certcentral-caplugin +## Support for DigiCert CertCentral AnyCA REST Gateway Plugin -digicert-certcentral-caplugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com +DigiCert CertCentral AnyCA REST Gateway Plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. From fa61e0be7f1c0a2e45c0aee64489812e3a47c842 Mon Sep 17 00:00:00 2001 From: Mikey Henderson <4452096+fiddlermikey@users.noreply.github.com> Date: Tue, 4 Jun 2024 11:55:17 -0700 Subject: [PATCH 38/42] Fix md rendering (#10) * debug md rendering issues * Update generated README --- README.md | 4 +++- readme_source.md | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 39f3d34..13c2b59 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,9 @@ DigiCert CertCentral AnyCA REST Gateway Plugin is supported by Keyfactor for Key -# Introduction + +# Introduction + This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites diff --git a/readme_source.md b/readme_source.md index 128aec4..659b7ef 100644 --- a/readme_source.md +++ b/readme_source.md @@ -1,4 +1,6 @@ -# Introduction + +# Introduction + This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites From 8ff0de5fd9575998cd2695b87070620b01ac27cc Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 6 Jun 2024 13:49:56 -0400 Subject: [PATCH 39/42] update readme --- readme_source.md | 58 ++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/readme_source.md b/readme_source.md index 659b7ef..67e1d16 100644 --- a/readme_source.md +++ b/readme_source.md @@ -17,39 +17,43 @@ In order to enroll for certificates the Keyfactor Command server must trust the * If the manifest.json file or the Connectors folder do not exist, create them. ```json { - "extensions": { - "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { - "CertCentralCAPlugin": { - "assemblypath": "../DigicertCAPlugin.dll", - "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" - } - } - } + "extensions": { + "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { + "CertCentralCAPlugin": { + "assemblypath": "../DigicertCAPlugin.dll", + "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" + } + } + } } ``` 4. Restart the AnyCA Gateway service -5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. CAPlugin Type should now be listed as CertCentralCA. ## Configuration -1. Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, using the following information to configure the CA Connection section: - - * Enabled - whether the DigiCert gateway should be enabled or not. Should almost always be set to 'true' - * APIKey - the API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. - * Region - (Optional) The geographic region associated with your DigiCert account. Valid values are US and EU. If not provided, default of US is used. - * DivisionId - (Optional) If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for enrollment. Otherwise, omit this setting. NOTE: Division ID is currently only use for product type lookups, it will not affect any other gateway functionality - * RevokeCertificateOnly - (Optional) By default, when revoking a certificate through DigiCert, the entire order gets revoked. Set this value to 'true' if you want to only revoke individual certificates instead. - * SyncCAFilter - (Optional) If you list one or more issuing CA IDs here from DigiCert, the sync process will only return certs issued by one of those CAs. Leave this option out to sync all certs from all CAs. - * FilterExpiredOrders - (Optional) If set to 'true', syncing will apply a filter to NOT return certs that are not expired, or only recently expired. See the next configuration value to set that window. Setting this to 'false' will return all certs regardless of expiration. - * SyncExpirationDays - (Optional) Only used if FilterExpiredOrders is set to 'true'. Specifies the number of days in the past to sync expired certs. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days. The default value if not specified is 0, meaning sync would not return any certs expired before the current day. - - -2. Follow the official AnyCA Gateway REST documentation to define one or more Certificate Profiles. These are what will show up as Templates in Keyfactor Command. You need at least one profile for each product type you wish to be able to enroll for. It is recommended to include the product type in the profile name to make them easier to identify. Use the following information to configure each profile: - - * LifetimeDays - (Optional) The number of days of validity to use when requesting certs. If not specified, the default of 365 will be used. NOTE FOR RENEWALS: If the LifetimeDays value is evenly divisible by 365, when a certificate is renewed, the lifetime will be treated as years instead of days, so the new certificate's expiration will be the same month and day as the original certificate (assuming you are renewing close enough to expiration that the new expiration date fits within the maximum validity) - * CACertId - (Optional) ID of issuing CA to be used by DigiCert. If not specified, the default for your account will be used. - * Organization-Name - (Optional) If specified, will override any organzation name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. - * RenewalWindowDays - (Optional) The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expired in more than 90 days will be treated as a reissue. +1. Follow the [official Keyfactor AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm#Add_or_Edit_a_Certificate_Authority) to define a new Certificate Authority, using the following information to configure the CA Connection section: + +SETTING | REQUIRED? | DESCRIPTION +--|--|-- +Enabled | Yes | Enables the DigiCert gateway functionality. Should almost always be set to 'true' +APIKey | Yes | The API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. +Region | No | The geographic region associated with your DigiCert account. Valid values are US and EU. Default if not provided is US. +DivisionId | No | If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for product type lookups. +RevokeCertificateOnly | No | If set to 'true', revoke operations will only revoke the individual certificate in question rather than the entire DigiCert order. Default if not provided is 'false'. +SyncCAFilter | No | If you list one or more DigiCert issuing CA IDs here (comma-separated if more than one), the sync process will only return certs issued by one of those CAs. Leave this option empty to sync all certs from all CAs. +FilterExpiredOrders | No | If set to 'true', syncing will not return certs that are expired more than a specified number of days. The number of days is specified by the SyncExpirationDays config option. Default value is 'false'. +SyncExpirationDays | No | Only used if FilterExpiredOrders is 'true', otherwise ignored. Sets the number of days a cert has to be expired for the sync process to no longer sync it. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days, but not ones older than that. Default value is 0, meaning sync would not return any certs expired before the current day. + +2. After saving the CA configuration, Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm#Certificate_Profile) to define one or more Certificate Profiles. +3. Edit your newly configured CA, and you should now be able to modify the Templates tab. You need at least one template for each product type you wish to be able to enroll for. It is recommended to include the product type in the template name to make them easier to identify. Use the following information to configure the parameters for each template: + +SETTING | REQUIRED? | DESCRIPTION +--|--|-- +LifetimeDays | No | The number of days of validity to use when requesting certs. Default if not provided is 365. NOTE FOR RENEWALS: If the value of LifetimeDays is evenly divisible by 365, the expiration day and month of the new cert will be set to the same values as the old cert if possible, to avoid renewal date drift. +CACertId | No | The ID of the issuing CA to be used by DigiCert. If not specified, the default for your account will be used. +Organization-Name | No | If specified, this value will override any organization name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. +RenewalWindowDays | No | The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expire in more than 90 days will be treated as a reissue request. From a8b3f0bee186838297248b51d6bedd6644f31e71 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 6 Jun 2024 17:50:31 +0000 Subject: [PATCH 40/42] Update generated README --- README.md | 58 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 13c2b59..9c5c118 100644 --- a/README.md +++ b/README.md @@ -41,41 +41,45 @@ In order to enroll for certificates the Keyfactor Command server must trust the * If the manifest.json file or the Connectors folder do not exist, create them. ```json { - "extensions": { - "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { - "CertCentralCAPlugin": { - "assemblypath": "../DigicertCAPlugin.dll", - "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" - } - } - } + "extensions": { + "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": { + "CertCentralCAPlugin": { + "assemblypath": "../DigicertCAPlugin.dll", + "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin" + } + } + } } ``` 4. Restart the AnyCA Gateway service -5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. +5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. CAPlugin Type should now be listed as CertCentralCA. ## Configuration -1. Follow the official AnyCA Gateway REST documentation to define a new Certificate Authority, using the following information to configure the CA Connection section: - - * Enabled - whether the DigiCert gateway should be enabled or not. Should almost always be set to 'true' - * APIKey - the API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. - * Region - (Optional) The geographic region associated with your DigiCert account. Valid values are US and EU. If not provided, default of US is used. - * DivisionId - (Optional) If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for enrollment. Otherwise, omit this setting. NOTE: Division ID is currently only use for product type lookups, it will not affect any other gateway functionality - * RevokeCertificateOnly - (Optional) By default, when revoking a certificate through DigiCert, the entire order gets revoked. Set this value to 'true' if you want to only revoke individual certificates instead. - * SyncCAFilter - (Optional) If you list one or more issuing CA IDs here from DigiCert, the sync process will only return certs issued by one of those CAs. Leave this option out to sync all certs from all CAs. - * FilterExpiredOrders - (Optional) If set to 'true', syncing will apply a filter to NOT return certs that are not expired, or only recently expired. See the next configuration value to set that window. Setting this to 'false' will return all certs regardless of expiration. - * SyncExpirationDays - (Optional) Only used if FilterExpiredOrders is set to 'true'. Specifies the number of days in the past to sync expired certs. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days. The default value if not specified is 0, meaning sync would not return any certs expired before the current day. - - -2. Follow the official AnyCA Gateway REST documentation to define one or more Certificate Profiles. These are what will show up as Templates in Keyfactor Command. You need at least one profile for each product type you wish to be able to enroll for. It is recommended to include the product type in the profile name to make them easier to identify. Use the following information to configure each profile: - - * LifetimeDays - (Optional) The number of days of validity to use when requesting certs. If not specified, the default of 365 will be used. NOTE FOR RENEWALS: If the LifetimeDays value is evenly divisible by 365, when a certificate is renewed, the lifetime will be treated as years instead of days, so the new certificate's expiration will be the same month and day as the original certificate (assuming you are renewing close enough to expiration that the new expiration date fits within the maximum validity) - * CACertId - (Optional) ID of issuing CA to be used by DigiCert. If not specified, the default for your account will be used. - * Organization-Name - (Optional) If specified, will override any organzation name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. - * RenewalWindowDays - (Optional) The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expired in more than 90 days will be treated as a reissue. +1. Follow the [official Keyfactor AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm#Add_or_Edit_a_Certificate_Authority) to define a new Certificate Authority, using the following information to configure the CA Connection section: + +SETTING | REQUIRED? | DESCRIPTION +--|--|-- +Enabled | Yes | Enables the DigiCert gateway functionality. Should almost always be set to 'true' +APIKey | Yes | The API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal. +Region | No | The geographic region associated with your DigiCert account. Valid values are US and EU. Default if not provided is US. +DivisionId | No | If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for product type lookups. +RevokeCertificateOnly | No | If set to 'true', revoke operations will only revoke the individual certificate in question rather than the entire DigiCert order. Default if not provided is 'false'. +SyncCAFilter | No | If you list one or more DigiCert issuing CA IDs here (comma-separated if more than one), the sync process will only return certs issued by one of those CAs. Leave this option empty to sync all certs from all CAs. +FilterExpiredOrders | No | If set to 'true', syncing will not return certs that are expired more than a specified number of days. The number of days is specified by the SyncExpirationDays config option. Default value is 'false'. +SyncExpirationDays | No | Only used if FilterExpiredOrders is 'true', otherwise ignored. Sets the number of days a cert has to be expired for the sync process to no longer sync it. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days, but not ones older than that. Default value is 0, meaning sync would not return any certs expired before the current day. + +2. After saving the CA configuration, Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm#Certificate_Profile) to define one or more Certificate Profiles. +3. Edit your newly configured CA, and you should now be able to modify the Templates tab. You need at least one template for each product type you wish to be able to enroll for. It is recommended to include the product type in the template name to make them easier to identify. Use the following information to configure the parameters for each template: + +SETTING | REQUIRED? | DESCRIPTION +--|--|-- +LifetimeDays | No | The number of days of validity to use when requesting certs. Default if not provided is 365. NOTE FOR RENEWALS: If the value of LifetimeDays is evenly divisible by 365, the expiration day and month of the new cert will be set to the same values as the old cert if possible, to avoid renewal date drift. +CACertId | No | The ID of the issuing CA to be used by DigiCert. If not specified, the default for your account will be used. +Organization-Name | No | If specified, this value will override any organization name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject. +RenewalWindowDays | No | The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expire in more than 90 days will be treated as a reissue request. From 98de45ae43076712da2c32bf1b8b57cdff656332 Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 6 Jun 2024 15:19:04 -0400 Subject: [PATCH 41/42] readme updates --- readme_source.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/readme_source.md b/readme_source.md index 67e1d16..f436883 100644 --- a/readme_source.md +++ b/readme_source.md @@ -4,17 +4,17 @@ This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites -## Certificate Chain +## Prerequisite: Certificate Chain -In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store +In order to request certificates from the Keyfactor AnyGateway, the Keyfactor Command server must trust the certificate chain of trust. To ensure trust is established, download your Root and/or Subordinate CA certificates from DigiCert and import them into the appropriate local certificate stores on the Keyfactor AnyGateway and Command servers. More information can be found in the [AnyCA Gateway REST Install Guide](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/Preparing.htm) ## Installation 1. Download latest successful build from [GitHub Releases](../../releases/latest) -2. Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +2. Extract the .zip file, and from it, copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions' directory + +3. Within the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors' folder, update the manifest.json file to contain the following: -3. Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors - * If the manifest.json file or the Connectors folder do not exist, create them. ```json { "extensions": { @@ -28,6 +28,8 @@ In order to enroll for certificates the Keyfactor Command server must trust the } ``` +NOTE: If the Connectors folder and/or the manifest.json file do not exist, they must be manually created + 4. Restart the AnyCA Gateway service 5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. CAPlugin Type should now be listed as CertCentralCA. From bd0041e705a01597f53e4ac28b25e454fed0aa3e Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 6 Jun 2024 19:19:39 +0000 Subject: [PATCH 42/42] Update generated README --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9c5c118..0b77ee8 100644 --- a/README.md +++ b/README.md @@ -28,17 +28,17 @@ DigiCert CertCentral AnyCA REST Gateway Plugin is supported by Keyfactor for Key This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering. # Prerequisites -## Certificate Chain +## Prerequisite: Certificate Chain -In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store +In order to request certificates from the Keyfactor AnyGateway, the Keyfactor Command server must trust the certificate chain of trust. To ensure trust is established, download your Root and/or Subordinate CA certificates from DigiCert and import them into the appropriate local certificate stores on the Keyfactor AnyGateway and Command servers. More information can be found in the [AnyCA Gateway REST Install Guide](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/Preparing.htm) ## Installation 1. Download latest successful build from [GitHub Releases](../../releases/latest) -2. Copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions directory +2. Extract the .zip file, and from it, copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions' directory + +3. Within the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors' folder, update the manifest.json file to contain the following: -3. Update the manifest.json file located in Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors - * If the manifest.json file or the Connectors folder do not exist, create them. ```json { "extensions": { @@ -52,6 +52,8 @@ In order to enroll for certificates the Keyfactor Command server must trust the } ``` +NOTE: If the Connectors folder and/or the manifest.json file do not exist, they must be manually created + 4. Restart the AnyCA Gateway service 5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. CAPlugin Type should now be listed as CertCentralCA.