Release 2.0.1

CHANGELOG.md

@@ -1,2 +1,6 @@
 ### 2.0.0
 * Initial Public Release
+
+### 2.0.1
+* Add configuration fields to support sync filtering
+* Bug fixes around SAN processing

digicert-certcentral-caplugin/CertCentralCAPlugin.cs

@@ -58,6 +58,14 @@
 		public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionary<string, string[]> san, EnrollmentProductInfo productInfo, RequestFormat requestFormat, EnrollmentType enrollmentType)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
+
+			_logger.LogDebug($"Enrolling for certificate with subject {subject}");
+			foreach (var sanlist in san)
+			{
+				string sans = string.Join(",", sanlist.Value);
+				_logger.LogDebug($"SANs type \"{sanlist.Key}\": {sans}");
+			}
+
 			OrderResponse orderResponse = new OrderResponse();
 			CertCentralCertType certType = CertCentralCertType.GetAllTypes(_config).FirstOrDefault(x => x.ProductCode.Equals(productInfo.ProductID));
 			OrderRequest orderRequest = new OrderRequest(certType);
@@ -88,6 +96,11 @@
 				dnsNames = new List<string>(san["Dns"]);
 			}
 
+			if (san.ContainsKey("dnsname"))
+			{
+				dnsNames = new List<string>(san["dnsname"]);
+			}
+
 			X509Name subjectParsed = null;
 			string commonName = null, organization = null, orgUnit = null;
 			try
@@ -356,6 +369,28 @@
 					DefaultValue = false,
 					Type = "Boolean"
 				},
+
+				[CertCentralConstants.Config.SYNC_CA_FILTER] = new PropertyConfigInfo()
+				{
+					Comments = "If you list one or more CA IDs here (comma-separated), the sync process will only sync records from those CAs. If you want to sync all CA IDs, leave this field empty.",
+					Hidden = false,
+					DefaultValue = "",
+					Type = "String"
+				},
+				[CertCentralConstants.Config.FILTER_EXPIRED] = new PropertyConfigInfo()
+				{
+					Comments = "If set to 'true', syncing will apply a filter to not return orders that are expired for longer than specified in SyncExpirationDays.",
+					Hidden = false,
+					DefaultValue = false,
+					Type = "Boolean"
+				},
+				[CertCentralConstants.Config.SYNC_EXPIRATION_DAYS] = new PropertyConfigInfo()
+				{
+					Comments = "If FilterExpiredOrders is set to true, this setting determines how many days in the past to still return expired orders. For example, a value of 30 means the sync will return any certs that expired within the past 30 days. A value of 0 means the sync will not return any certs that expired before the current day. This value is ignored if FilterExpiredOrders is false.",
+					Hidden = false,
+					DefaultValue = 30,
+					Type = "Number"
+				},
 				[CertCentralConstants.Config.ENABLED] = new PropertyConfigInfo()
 				{
 					Comments = "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.",
@@ -404,7 +439,7 @@
 		/// </summary>
 		/// <param name="caRequestID">The gateway request ID of the record to retrieve, in the format 'orderID-certID'</param>
 		/// <returns></returns>
 		public async Task<AnyCAPluginCertificate> GetSingleRecord(string caRequestID)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			// Split ca request id into order and cert id
@@ -498,7 +533,7 @@
 		/// </summary>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task Ping()
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			if (!_config.Enabled)
@@ -540,7 +575,7 @@
 		/// <returns></returns>
 		/// <exception cref="COMException"></exception>
 		/// <exception cref="Exception"></exception>
 		public async Task<int> Revoke(string caRequestID, string hexSerialNumber, uint revocationReason)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			int orderId = Int32.Parse(caRequestID.Substring(0, caRequestID.IndexOf('-')));
@@ -600,7 +635,7 @@
 		/// <param name="cancelToken"></param>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockingBuffer, DateTime? lastSync, bool fullSync, CancellationToken cancelToken)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 
@@ -618,9 +653,10 @@
 			List<string> skippedOrders = new List<string>();
 			int certCount = 0;
 
-			string syncCAstring = string.Join(",", _config.SyncCAFilter ?? new List<string>());
+			string syncCAstring = _config.SyncCAFilter ?? string.Empty;
 			_logger.LogTrace($"Sync CAs: {syncCAstring}");
-			List<string> caList = _config.SyncCAFilter ?? new List<string>();
+			List<string> caList = _config.SyncCAs;
+
 			caList.ForEach(c => c.ToUpper());
 
 
@@ -740,7 +776,7 @@
 		/// </summary>
 		/// <param name="connectionInfo"></param>
 		/// <returns></returns>
 		public async Task ValidateCAConnectionInfo(Dictionary<string, object> connectionInfo)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			try
@@ -811,7 +847,7 @@
 		/// <param name="connectionInfo"></param>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Dictionary<string, object> connectionInfo)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			// Set up.

digicert-certcentral-caplugin/CertCentralConfig.cs

@@ -11,14 +11,29 @@ public class CertCentralConfig
 
 		public CertCentralConfig()
 		{
-			SyncCAFilter = new List<string>();
+
 		}
 		public string APIKey { get; set; }
 		public string Region { get; set; } = "US";
 		public int? DivisionId { get; set; }
 		public bool? RevokeCertificateOnly { get; set; }
 		public bool Enabled { get; set; } = true;
-		public List<string> SyncCAFilter { get; set; }
+		public string SyncCAFilter { get; set; }
+		public List<string> SyncCAs
+		{
+			get
+			{
+				if (!string.IsNullOrEmpty(SyncCAFilter))
+				{
+					return SyncCAFilter.Split(',').ToList();
+				}
+				else
+				{
+					return new List<string>();
+				}	
+			}
+		}
+
 		public bool? FilterExpiredOrders { get; set; }
 		public int? SyncExpirationDays { get; set; }
 	}

digicert-certcentral-caplugin/Constants.cs

@@ -27,6 +27,9 @@ public class Config
 			public const string RENEWAL_WINDOW = "RenewalWindowDays";
 			public const string REVOKE_CERT = "RevokeCertificateOnly";
 			public const string ENABLED = "Enabled";
+			public const string SYNC_CA_FILTER = "SyncCAFilter";
+			public const string FILTER_EXPIRED = "FilterExpiredOrders";
+			public const string SYNC_EXPIRATION_DAYS = "SyncExpirationDays";
 		}
 
 		public class RequestAttributes