From 32fdb13e3090c5b715efc30b2fa30a878d0e22e9 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Fri, 27 May 2022 10:13:22 -0700 Subject: [PATCH 01/10] Newrel (#5) * Update SampleConfig.json * Update CreateTemplate.ps1 --- CreateTemplate.ps1 | 3 ++- SampleConfig.json | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CreateTemplate.ps1 b/CreateTemplate.ps1 index 9f119fb..fd5eda3 100644 --- a/CreateTemplate.ps1 +++ b/CreateTemplate.ps1 @@ -1,4 +1,5 @@ -Function ImportWindowsCATemplates($CSVFile,$SecurityCSV) +#Install Templates PS +Function ImportWindowsCATemplates($CSVFile,$SecurityCSV) { Import-Csv $CSVFile | ForEach-Object { diff --git a/SampleConfig.json b/SampleConfig.json index 11ca375..fa644b0 100644 --- a/SampleConfig.json +++ b/SampleConfig.json @@ -21,8 +21,8 @@ }, "CAConnection": { "CscGlobalURL": "https://apis-ote.cscglobal.com/dbs/api/v2", - "ApiKey": "SALDJDSFKLDFS", - "BearerToken": "ASDLKFSALDKSDALK", + "ApiKey": "SomeApiKeyFromCsc", + "BearerToken": "SomePasswordFromCsc", "TemplateSync": "On" }, "Templates": { @@ -57,4 +57,4 @@ "FullScanPeriodHours": 1, "PartialScanPeriodMinutes": 1 } -} \ No newline at end of file +} From fa6c98f90b40f8c40c2c9659775d677aa8837287 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Thu, 23 Feb 2023 21:54:00 +0000 Subject: [PATCH 02/10] Cname (#7) * Fix Meta Data Sync Issue --- .../workflows/keyfactor-starter-workflow.yml | 20 ++- CHANGELOG.md | 5 + CscGlobalCaProxy/CscGlobalCaProxy.cs | 2 +- README.md | 156 ++++++++++++++++-- integration-manifest.json | 5 +- readme_source.md | 150 +++++++++++++++-- 6 files changed, 299 insertions(+), 39 deletions(-) create mode 100644 CHANGELOG.md diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml index 9fe0405..0aad6f0 100644 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -5,22 +5,38 @@ jobs: call-create-github-release-workflow: uses: Keyfactor/actions/.github/workflows/github-release.yml@main + get-manifest-properties: + runs-on: windows-latest + outputs: + update_catalog: ${{ steps.read-json.outputs.prop }} + steps: + - uses: actions/checkout@v3 + - name: Read json + id: read-json + shell: pwsh + run: | + $json = Get-Content integration-manifest.json | ConvertFrom-Json + echo "::set-output name=prop::$(echo $json.update_catalog)" + call-dotnet-build-and-release-workflow: needs: [call-create-github-release-workflow] uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: CscGlobalCaProxy/bin/Release # TODO: set build output directory to upload as a release, relative to checkout workspace + release_dir: CscGlobalCaProxy/bin/Release secrets: token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} call-generate-readme-workflow: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + secrets: + token: ${{ secrets.APPROVE_README_PUSH }} call-update-catalog-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + needs: get-manifest-properties + if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main secrets: token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..08e00ee --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +v1.0.9 +- Updated Readme to go from Powershell based install to Manual Install With More Detailed Instructions +- Removed unneeded config items +- Fixed Meta Data Sync Issue +- For Patch Installation for V1.0.9, see bottom of Readme File diff --git a/CscGlobalCaProxy/CscGlobalCaProxy.cs b/CscGlobalCaProxy/CscGlobalCaProxy.cs index fa48836..1e16ee2 100644 --- a/CscGlobalCaProxy/CscGlobalCaProxy.cs +++ b/CscGlobalCaProxy/CscGlobalCaProxy.cs @@ -120,7 +120,7 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, !currentCert.Subject.Contains("Trusted Secure Certificate Authority DV")) blockingBuffer.Add(new CAConnectorCertificate { - CARequestID =$"{currentResponseItem?.Uuid}-{currentCert.SerialNumber}", + CARequestID =$"{currentResponseItem?.Uuid}", Certificate = cert, SubmissionDate = currentResponseItem?.OrderDate == null ? Convert.ToDateTime(currentCert.NotBefore) diff --git a/README.md b/README.md index 8f710b0..d591de8 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,15 @@ Csc Global operates a PKI as a service platform for customers around the globe. The AnyGateway solution for CscGlobal is designed to allow Keyfactor Command the ability to: - Sync certificates issued from the CA - Request new certificates from the CA - Revoke certificates directly from Keyfactor Command -#### Integration status: +#### Integration status: Production - Ready for use in production environments. ## About the Keyfactor AnyGateway CA Connector This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. ---- + + + *** # Getting Started @@ -132,15 +134,6 @@ the CA. Without the imported configuration, the service will fail to start. "CscGlobalURL": "https://apis-ote.cscglobal.com/dbs/api/v2", "ApiKey": "SALDJDSFKLDFS", "BearerToken": "ASDLKFSALDKSDALK", - "FromEmailAddress":"noReply@keyfactor.com", - "CscGlobalEmail":"ServiceNowEmail@ServiceNow.com", - "KeyfactorApiUserId":"SomeUserForKFAPI", - "KeyfactorApiPassword":"SomePasswordForKFApi", - "KeyfactorApiUrl":"https://kftrain.keyfactor.lab/KeyfactorAPI", - "SmtpEmailHost":"smtp.mailgun.org", - "EmailUserId":"SomeSTMPServiceUserId", - "EmailPassword":"SomeSMTPServicePassword", - "EmailPort":"587", "TemplateSync": "On" } ``` @@ -193,13 +186,132 @@ the CA. Without the imported configuration, the service will fail to start. ### Template Installation -1) Command Server - Copy and Unzip the Template Setup Files located [Here](https://github.com/Keyfactor/cscglobal-cagateway/raw/main/TemplateSetup.zip) -2) Command Server - Change the Security Settings in the CaTemplateUserSecurity.csv file to the appropriate settings for Test or Production -3) Command Server - Run the CreateTemplate.ps1 file and choose option 1 to create the templates in active directory. - *Note if you get errors the security is likely wrong and you will have to add the security manually according to Keyfactor standards* -4) Command Server - Use the Keyfactor Portal to Import the Templates created in Active Directory in step #3 above -5) Command Server - Run the CreateTemplate.ps1 file and choose option 3 to create all the enrollment fields. - *Note You will have to override the default API Questions to the appropriate information.* +**PLEASE NOTE, AT THIS TIME THE RAPID_SSL TEMPLATE IS NOT SUPPORTED BY THE CSC API AND WILL NOT WORK WITH THIS INTEGRATION** + +1) **Create ADFS Certificate Templates for the Following Products** +- CSC TrustedSecure Premium Certificate +- CSC TrustedSecure EV Certificate +- CSC TrustedSecure UC Certificate +- CSC TrustedSecure Premium Wildcard Certificate + +2) **Import Into Keyfactor using the template import functionality** + +3) **Edit each template and modify the Details and Enrollment Fields as Follows** + +*CSC TrustedSecure UC Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Certificate +Template Display Name | CSC TrustedSecure Premium Certificate +Friendly Name | CSC TrustedSecure Premium Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure UC Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A + +*CSC TrustedSecure EV Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure EV Certificate +Template Display Name | CSC TrustedSecure EV Certificate +Friendly Name | CSC TrustedSecure EV Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure EV Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Organization Country | String | N/A + +*CSC TrustedSecure Premium Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Certificate +Template Display Name | CSC TrustedSecure Premium Certificate +Friendly Name | CSC TrustedSecure Premium Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure Premium Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +*CSC TrustedSecure Premium Wildcard Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Wildcard Certificate +Template Display Name | CSC TrustedSecure Premium Wildcard Certificate +Friendly Name | CSC TrustedSecure Premium Wildcard Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + ### Certificate Authority Installation 1) Gateway Server - Start the Keyfactor Gateway Service @@ -210,6 +322,14 @@ Set-KeyfactorGatewayConfig -LogicalName "CSCGlobal" -FilePath [path to json file 3) Command Server - Import the certificate authority in Keyfactor Portal *** +### Meta Data Fix Patch for Version 1.0.9 Steps +1) Stop the CSC Global Gateway Service +2) Run the following SQL In your CSC Global Gateway Database
+ +```Delete Certificates WHERE LEN("CARequestId") <> 36``` + +3) Copy the New CSCGlobal v1.0.9 or later Binaries to the Gateway Directory Typically “c:\Progam Files\Keyfactor\Keyfactor AnyGateway” on the Gateway Server +4) Start the Gateway service and wait for the next sync between the GW Database and Keyfactor ### License [Apache](https://apache.org/licenses/LICENSE-2.0) diff --git a/integration-manifest.json b/integration-manifest.json index 4268618..2fd6fdb 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -2,7 +2,8 @@ "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "ca-gateway", "name": "CSC Global", - "status": "Production", + "status": "production", "description": "Csc Global operates a PKI as a service platform for customers around the globe. The AnyGateway solution for CscGlobal is designed to allow Keyfactor Command the ability to: - Sync certificates issued from the CA - Request new certificates from the CA - Revoke certificates directly from Keyfactor Command", - "link_github": true + "link_github": true, + "update_catalog": true } diff --git a/readme_source.md b/readme_source.md index 613efbc..5c7bd5c 100644 --- a/readme_source.md +++ b/readme_source.md @@ -120,15 +120,6 @@ the CA. Without the imported configuration, the service will fail to start. "CscGlobalURL": "https://apis-ote.cscglobal.com/dbs/api/v2", "ApiKey": "SALDJDSFKLDFS", "BearerToken": "ASDLKFSALDKSDALK", - "FromEmailAddress":"noReply@keyfactor.com", - "CscGlobalEmail":"ServiceNowEmail@ServiceNow.com", - "KeyfactorApiUserId":"SomeUserForKFAPI", - "KeyfactorApiPassword":"SomePasswordForKFApi", - "KeyfactorApiUrl":"https://kftrain.keyfactor.lab/KeyfactorAPI", - "SmtpEmailHost":"smtp.mailgun.org", - "EmailUserId":"SomeSTMPServiceUserId", - "EmailPassword":"SomeSMTPServicePassword", - "EmailPort":"587", "TemplateSync": "On" } ``` @@ -181,13 +172,132 @@ the CA. Without the imported configuration, the service will fail to start. ### Template Installation -1) Command Server - Copy and Unzip the Template Setup Files located [Here](https://github.com/Keyfactor/cscglobal-cagateway/raw/main/TemplateSetup.zip) -2) Command Server - Change the Security Settings in the CaTemplateUserSecurity.csv file to the appropriate settings for Test or Production -3) Command Server - Run the CreateTemplate.ps1 file and choose option 1 to create the templates in active directory. - *Note if you get errors the security is likely wrong and you will have to add the security manually according to Keyfactor standards* -4) Command Server - Use the Keyfactor Portal to Import the Templates created in Active Directory in step #3 above -5) Command Server - Run the CreateTemplate.ps1 file and choose option 3 to create all the enrollment fields. - *Note You will have to override the default API Questions to the appropriate information.* +**PLEASE NOTE, AT THIS TIME THE RAPID_SSL TEMPLATE IS NOT SUPPORTED BY THE CSC API AND WILL NOT WORK WITH THIS INTEGRATION** + +1) **Create ADFS Certificate Templates for the Following Products** +- CSC TrustedSecure Premium Certificate +- CSC TrustedSecure EV Certificate +- CSC TrustedSecure UC Certificate +- CSC TrustedSecure Premium Wildcard Certificate + +2) **Import Into Keyfactor using the template import functionality** + +3) **Edit each template and modify the Details and Enrollment Fields as Follows** + +*CSC TrustedSecure UC Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Certificate +Template Display Name | CSC TrustedSecure Premium Certificate +Friendly Name | CSC TrustedSecure Premium Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure UC Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A + +*CSC TrustedSecure EV Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure EV Certificate +Template Display Name | CSC TrustedSecure EV Certificate +Friendly Name | CSC TrustedSecure EV Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure EV Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Organization Country | String | N/A + +*CSC TrustedSecure Premium Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Certificate +Template Display Name | CSC TrustedSecure Premium Certificate +Friendly Name | CSC TrustedSecure Premium Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure Premium Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +*CSC TrustedSecure Premium Wildcard Certificate - Details Tab* + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Premium Wildcard Certificate +Template Display Name | CSC TrustedSecure Premium Wildcard Certificate +Friendly Name | CSC TrustedSecure Premium Wildcard Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +*CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields* + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + ### Certificate Authority Installation 1) Gateway Server - Start the Keyfactor Gateway Service @@ -198,6 +308,14 @@ Set-KeyfactorGatewayConfig -LogicalName "CSCGlobal" -FilePath [path to json file 3) Command Server - Import the certificate authority in Keyfactor Portal *** +### Meta Data Fix Patch for Version 1.0.9 Steps +1) Stop the CSC Global Gateway Service +2) Run the following SQL In your CSC Global Gateway Database
+ +```Delete Certificates WHERE LEN("CARequestId") <> 36``` + +3) Copy the New CSCGlobal v1.0.9 or later Binaries to the Gateway Directory Typically “c:\Progam Files\Keyfactor\Keyfactor AnyGateway” on the Gateway Server +4) Start the Gateway service and wait for the next sync between the GW Database and Keyfactor ### License [Apache](https://apache.org/licenses/LICENSE-2.0) From 490feafff18cca6620e0a1b0faedcdda9e6e7d83 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Thu, 13 Apr 2023 17:24:42 -0400 Subject: [PATCH 03/10] Syncfixes (#10) * Fixed Sync Issue that Impacts all clients * Update CHANGELOG.md * Sync Troubleshooting * Simplified Syncing process * New Templates Added * Update SampleConfig.json * Update readme_source.md * Update generated README * Update readme_source.md * Update generated README * Update readme_source.md * Update generated README * Sample Workflow * Update README.md * Update generated README * Update CHANGELOG.md * Update CHANGELOG.md * Update CHANGELOG.md --------- Co-authored-by: Keyfactor --- CHANGELOG.md | 6 + CscGlobalCaProxy/Client/CscGlobalClient.cs | 99 ++---------- CscGlobalCaProxy/CscGlobalCaProxy.cs | 92 +++++------ CscGlobalCaProxy/CscGlobalCaProxy.csproj | 2 +- .../Interfaces/ICscGlobalClient.cs | 2 +- CscGlobalCaProxy/RequestManager.cs | 24 +-- README.md | 143 ++++++++++++++++-- SampleConfig.json | 12 ++ Workflow 1 - Modify Enrollment Params.json | 68 +++++++++ readme_source.md | 143 ++++++++++++++++-- 10 files changed, 412 insertions(+), 179 deletions(-) create mode 100644 Workflow 1 - Modify Enrollment Params.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 08e00ee..76e19ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,3 +3,9 @@ v1.0.9 - Removed unneeded config items - Fixed Meta Data Sync Issue - For Patch Installation for V1.0.9, see bottom of Readme File +v1.0.10 +- Sync Issue where Sync only works after service restart fixed +- Sync Fix when errors occur in the CSC Api so next sync works +- Support for CSC TrustedSecure Domain Validated SSL (new CSC Template) +- Support for CSC TrustedSecure Domain Validated Wildcard SSL (new CSC Template) +- Support for CSC TrustedSecure Domain Validated UC Certificate (new CSC Template) diff --git a/CscGlobalCaProxy/Client/CscGlobalClient.cs b/CscGlobalCaProxy/Client/CscGlobalClient.cs index 04ebf37..962460f 100644 --- a/CscGlobalCaProxy/Client/CscGlobalClient.cs +++ b/CscGlobalCaProxy/Client/CscGlobalClient.cs @@ -1,15 +1,12 @@ using System; -using System.Collections.Concurrent; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using System.Text; -using System.Threading; using System.Threading.Tasks; using CAProxy.AnyGateway.Interfaces; using CSS.Common.Logging; using Keyfactor.AnyGateway.CscGlobal.Client.Models; -using Keyfactor.AnyGateway.CscGlobal.Exceptions; using Keyfactor.AnyGateway.CscGlobal.Interfaces; using Newtonsoft.Json; @@ -30,7 +27,6 @@ public CscGlobalClient(ICAConnectorConfigProvider config) private Uri BaseUrl { get; } private HttpClient RestClient { get; } - private int PageSize { get; } = 100; private string ApiKey { get; } private string Authorization { get; } @@ -41,7 +37,7 @@ public async Task SubmitRegistrationAsync( JsonConvert.SerializeObject(registerRequest), Encoding.ASCII, "application/json"))) { Logger.Trace(JsonConvert.SerializeObject(registerRequest)); - var settings = new JsonSerializerSettings {NullValueHandling = NullValueHandling.Ignore}; + var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }; if (resp.StatusCode == HttpStatusCode.BadRequest) //Csc Sends Errors back in 400 Json Response { var errorResponse = @@ -68,7 +64,7 @@ public async Task SubmitRenewalAsync( { Logger.Trace(JsonConvert.SerializeObject(renewalRequest)); - var settings = new JsonSerializerSettings {NullValueHandling = NullValueHandling.Ignore}; + var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }; if (resp.StatusCode == HttpStatusCode.BadRequest) //Csc Sends Errors back in 400 Json Response { var errorResponse = @@ -94,7 +90,7 @@ public async Task SubmitReissueAsync( { Logger.Trace(JsonConvert.SerializeObject(reissueRequest)); - var settings = new JsonSerializerSettings {NullValueHandling = NullValueHandling.Ignore}; + var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }; if (resp.StatusCode == HttpStatusCode.BadRequest) //Csc Sends Errors back in 400 Json Response { var errorResponse = @@ -127,7 +123,7 @@ public async Task SubmitRevokeCertificateAsync(string uuId) { using (var resp = await RestClient.PutAsync($"/dbs/api/v2/tls/revoke/{uuId}", new StringContent(""))) { - var settings = new JsonSerializerSettings {NullValueHandling = NullValueHandling.Ignore}; + var settings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }; if (resp.StatusCode == HttpStatusCode.BadRequest) //Csc Sends Errors back in 400 Json Response { var errorResponse = @@ -145,92 +141,27 @@ public async Task SubmitRevokeCertificateAsync(string uuId) } } - public async Task SubmitCertificateListRequestAsync(BlockingCollection bc, - CancellationToken ct) + public async Task SubmitCertificateListRequestAsync() { Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug); - try - { - var itemsProcessed = 0; - var isComplete = false; - var retryCount = 0; - do - { - var batchItemsProcessed = 0; - using (var resp = await RestClient.GetAsync("/dbs/api/v2/tls/certificate?filter=status=in=(ACTIVE,REVOKED)", ct)) - { - if (!resp.IsSuccessStatusCode) - { - var responseMessage = resp.Content.ReadAsStringAsync().Result; - Logger.Error( - $"Failed Request to Keyfactor. Retrying request. Status Code {resp.StatusCode} | Message: {responseMessage}"); - retryCount++; - if (retryCount > 5) - throw new RetryCountExceededException( - $"5 consecutive failures to {resp.RequestMessage.RequestUri}"); - - continue; - } - - var stringResponse = await resp.Content.ReadAsStringAsync(); - - var batchResponse = - JsonConvert.DeserializeObject(stringResponse); - - var batchCount = batchResponse.Results.Count; - - Logger.Trace($"Processing {batchCount} items in batch"); - do - { - var r = batchResponse.Results[batchItemsProcessed]; - if (bc.TryAdd(r, 10, ct)) - { - Logger.Trace($"Added Template ID {r.Uuid} to Queue for processing"); - batchItemsProcessed++; - itemsProcessed++; - Logger.Trace($"Processed {batchItemsProcessed} of {batchCount}"); - Logger.Trace($"Total Items Processed: {itemsProcessed}"); - } - else - { - Logger.Trace($"Adding {r} blocked. Retry"); - } - } while (batchItemsProcessed < batchCount); //batch loop - } - - //assume that if we process less records than requested that we have reached the end of the certificate list - if (batchItemsProcessed < PageSize) - isComplete = true; - } while (!isComplete); //page loop - - bc.CompleteAdding(); - } - catch (OperationCanceledException cancelEx) - { - Logger.Warn($"Synchronize method was cancelled. Message: {cancelEx.Message}"); - bc.CompleteAdding(); - Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); - // ReSharper disable once PossibleIntendedRethrow - throw cancelEx; - } - catch (RetryCountExceededException retryEx) - { - Logger.Error($"Retries Failed: {retryEx.Message}"); - Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); - } - catch (HttpRequestException ex) + var resp = RestClient.GetAsync("/dbs/api/v2/tls/certificate?filter=status=in=(ACTIVE,REVOKED)").Result; + + if (!resp.IsSuccessStatusCode) { - Logger.Error($"HttpRequest Failed: {ex.Message}"); - Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); + var responseMessage = resp.Content.ReadAsStringAsync().Result; + Logger.Error( + $"Failed Request to Keyfactor. Retrying request. Status Code {resp.StatusCode} | Message: {responseMessage}"); } - Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); + var certificateListResponse = + JsonConvert.DeserializeObject(await resp.Content.ReadAsStringAsync()); + return certificateListResponse; } private HttpClient ConfigureRestClient() { var clientHandler = new WebRequestHandler(); - var returnClient = new HttpClient(clientHandler, true) {BaseAddress = BaseUrl}; + var returnClient = new HttpClient(clientHandler, true) { BaseAddress = BaseUrl }; returnClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); returnClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + Authorization); returnClient.DefaultRequestHeaders.Add("apikey", ApiKey); diff --git a/CscGlobalCaProxy/CscGlobalCaProxy.cs b/CscGlobalCaProxy/CscGlobalCaProxy.cs index 1e16ee2..96a8535 100644 --- a/CscGlobalCaProxy/CscGlobalCaProxy.cs +++ b/CscGlobalCaProxy/CscGlobalCaProxy.cs @@ -34,25 +34,23 @@ public CscGlobalCaProxy() public override int Revoke(string caRequestId, string hexSerialNumber, uint revocationReason) { - Logger.Trace($"Staring Revoke Method"); - var revokeResponse = - Task.Run(async () => - await CscGlobalClient.SubmitRevokeCertificateAsync(caRequestId.Substring(0,36))) - .Result; //todo fix to use pipe delimiter + Logger.Trace($"Staring Revoke Method"); + var revokeResponse = + Task.Run(async () => + await CscGlobalClient.SubmitRevokeCertificateAsync(caRequestId.Substring(0, 36))) + .Result; //todo fix to use pipe delimiter - Logger.Trace($"Revoke Response JSON: {JsonConvert.SerializeObject(revokeResponse)}"); - Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); - - var revokeResult=_requestManager.GetRevokeResult(revokeResponse); + Logger.Trace($"Revoke Response JSON: {JsonConvert.SerializeObject(revokeResponse)}"); + Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); - if(revokeResult== Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED)) - { - return -1; - } - else - { - return revokeResult; - } + var revokeResult = _requestManager.GetRevokeResult(revokeResponse); + + if (revokeResult == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.FAILED)) + { + return -1; + } + + return revokeResult; } @@ -73,19 +71,14 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug); try { - var certs = new BlockingCollection(100); - CscGlobalClient.SubmitCertificateListRequestAsync(certs, cancelToken); - - foreach (var currentResponseItem in certs.GetConsumingEnumerable(cancelToken)) + if (certificateAuthoritySyncInfo.DoFullSync) { - if (cancelToken.IsCancellationRequested) - { - Logger.Error("Synchronize was canceled."); - break; - } + var certs = Task.Run(async () => await CscGlobalClient.SubmitCertificateListRequestAsync()).Result; - try + foreach (var currentResponseItem in certs.Results) { + + cancelToken.ThrowIfCancellationRequested(); Logger.Trace($"Took Certificate ID {currentResponseItem?.Uuid} from Queue"); var certStatus = _requestManager.MapReturnStatus(currentResponseItem?.Status); @@ -105,7 +98,7 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, { var certData = fileContent.Replace("\r\n", string.Empty); var splitCerts = - certData.Split(new[] {"-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----"}, + certData.Split(new[] { "-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----" }, StringSplitOptions.RemoveEmptyEntries); foreach (var cert in splitCerts) if (!cert.Contains(".crt")) @@ -113,38 +106,29 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, Logger.Trace($"Split Cert Value: {cert}"); var currentCert = new X509Certificate2(Encoding.ASCII.GetBytes(cert)); - if (!currentCert.Subject.Contains("AAA Certificate Services") && - !currentCert.Subject.Contains("USERTrust RSA Certification Authority") && - !currentCert.Subject.Contains("Trusted Secure Certificate Authority 5") && - !currentCert.Subject.Contains("AddTrust External CA Root") && - !currentCert.Subject.Contains("Trusted Secure Certificate Authority DV")) - blockingBuffer.Add(new CAConnectorCertificate - { - CARequestID =$"{currentResponseItem?.Uuid}", - Certificate = cert, - SubmissionDate = currentResponseItem?.OrderDate == null - ? Convert.ToDateTime(currentCert.NotBefore) - : Convert.ToDateTime(currentResponseItem.OrderDate), - Status = certStatus, - ProductID = productId - }, cancelToken); + blockingBuffer.Add(new CAConnectorCertificate + { + CARequestID = $"{currentResponseItem?.Uuid}", + Certificate = cert, + SubmissionDate = currentResponseItem?.OrderDate == null + ? Convert.ToDateTime(currentCert.NotBefore) + : Convert.ToDateTime(currentResponseItem.OrderDate), + Status = certStatus, + ProductID = productId + }, cancelToken); } } } } - catch (OperationCanceledException) - { - Logger.Error("Synchronize was canceled."); - break; - } + blockingBuffer.CompleteAdding(); } } - catch (AggregateException aggEx) + catch (Exception e) { - Logger.Error("Csc Global Synchronize Task failed!"); + Logger.Error($"Csc Global Synchronize Task failed! {LogHandler.FlattenException(e)}"); Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); - // ReSharper disable once PossibleIntendedRethrow - throw aggEx; + blockingBuffer.CompleteAdding(); + throw; } Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); @@ -198,7 +182,7 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe case RequestUtilities.EnrollmentType.Renew: Logger.Trace($"Entering Renew Enrollment"); //One click won't work for this implementation b/c we are missing enrollment params - if (productInfo.ProductParameters.ContainsKey("Applicant Last Name")) + if (productInfo.ProductParameters.ContainsKey("Applicant Last Name")) { priorCert = certificateDataReader.GetCertificateRecord( DataConversion.HexToBytes(productInfo.ProductParameters["PriorCertSN"])); @@ -251,7 +235,7 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug); return null; } - + public override CAConnectorCertificate GetSingleRecord(string caRequestId) { diff --git a/CscGlobalCaProxy/CscGlobalCaProxy.csproj b/CscGlobalCaProxy/CscGlobalCaProxy.csproj index a36aa27..5e025f3 100644 --- a/CscGlobalCaProxy/CscGlobalCaProxy.csproj +++ b/CscGlobalCaProxy/CscGlobalCaProxy.csproj @@ -83,9 +83,9 @@ + - diff --git a/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs b/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs index fbc1eb7..d2596af 100644 --- a/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs +++ b/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs @@ -18,7 +18,7 @@ Task SubmitReissueAsync( Task SubmitGetCertificateAsync(string certificateId); - Task SubmitCertificateListRequestAsync(BlockingCollection bc, CancellationToken ct); + Task SubmitCertificateListRequestAsync(); Task SubmitRevokeCertificateAsync(string uuId); } diff --git a/CscGlobalCaProxy/RequestManager.cs b/CscGlobalCaProxy/RequestManager.cs index 597c333..b223cdd 100644 --- a/CscGlobalCaProxy/RequestManager.cs +++ b/CscGlobalCaProxy/RequestManager.cs @@ -150,6 +150,12 @@ private string GetCertificateType(string productId) return "2"; case "CSC TrustedSecure Premium Wildcard Certificate": return "1"; + case "CSC TrustedSecure Domain Validated SSL": + return "4"; + case "CSC TrustedSecure Domain Validated Wildcard SSL": + return "5"; + case "CSC TrustedSecure Domain Validated UC Certificate": + return "6"; } return "-1"; @@ -204,16 +210,16 @@ private List GetSubjectAlternativeNames(EnrollmentProduc foreach (var v in sans["dns"]) { - var domainName = v; - var san = new SubjectAlternativeName(); - san.DomainName = domainName; - var emailAddresses = productInfo.ProductParameters["Addtl Sans Comma Separated DVC Emails"].Split(','); - if (methodType.ToUpper() == "EMAIL") - san.DomainControlValidation = GetDomainControlValidation(methodType, emailAddresses, domainName); - else //it is a CNAME validation so no email is needed - san.DomainControlValidation = GetDomainControlValidation(methodType, ""); + var domainName = v; + var san = new SubjectAlternativeName(); + san.DomainName = domainName; + var emailAddresses = productInfo.ProductParameters["Addtl Sans Comma Separated DVC Emails"].Split(','); + if (methodType.ToUpper() == "EMAIL") + san.DomainControlValidation = GetDomainControlValidation(methodType, emailAddresses, domainName); + else //it is a CNAME validation so no email is needed + san.DomainControlValidation = GetDomainControlValidation(methodType, ""); - subjectNameList.Add(san); + subjectNameList.Add(san); } return subjectNameList; diff --git a/README.md b/README.md index d591de8..e8de2a1 100644 --- a/README.md +++ b/README.md @@ -138,7 +138,8 @@ the CA. Without the imported configuration, the service will fail to start. } ``` -- *Template Settings* +**Template Settings** +- For template settings you can either hard code them in the template parameters as shown on the last template or make them show up as enrollment parameters. You can also have a combination of both enrollment parameters and hard coded parameters in the template parameters. You can also build a workflow in Keyfactor to change them during enrollment based on some parameters as shown in the attached workflow 1. ``` "Templates": { "CSC TrustedSecure Premium Certificate": { @@ -156,6 +157,30 @@ the CA. Without the imported configuration, the service will fail to start. "CSC TrustedSecure Premium Wildcard Certificate": { "ProductID": "CSC TrustedSecure Premium Wildcard Certificate", "Parameters": {} + }, + "CSC TrustedSecure Domain Validated SSL": { + "ProductID": "CSC TrustedSecure Domain Validated SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated Wildcard SSL": { + "ProductID": "CSC TrustedSecure Domain Validated Wildcard SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated UC Certificate": { + "ProductID": "CSC TrustedSecure Domain Validated UC Certificate", + "Parameters": { + "Term": "12", + "Applicant First Name": "Joe", + "Applicant Last Name": "Smiht", + "Applicant Email Address": "admin@jsmith.com", + "Applicant Phone (+nn.nnnnnnnn)": "+12.34567890", + "Domain Control Validation Method": "EMAIL", + "Organization Contact": "Some Contact", + "Business Unit": "Some Business Unit", + "Notification Email(s) Comma Separated": "admin@jsmith.com", + "CN DCV Email (admin@yourdomain.com)": "admin@jsmith.com", + "Addtl Sans Comma Separated DVC Emails": "admin@jsmith.com" + } } } ``` @@ -193,12 +218,15 @@ the CA. Without the imported configuration, the service will fail to start. - CSC TrustedSecure EV Certificate - CSC TrustedSecure UC Certificate - CSC TrustedSecure Premium Wildcard Certificate +- CSC TrustedSecure Domain Validated SSL +- CSC TrustedSecure Domain Validated Wildcard SSL +- CSC TrustedSecure Domain Validated UC Certificate 2) **Import Into Keyfactor using the template import functionality** 3) **Edit each template and modify the Details and Enrollment Fields as Follows** - -*CSC TrustedSecure UC Certificate - Details Tab* + +**CSC TrustedSecure Premium Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -211,7 +239,7 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure UC Certificate - Enrollment Fields* +**CSC TrustedSecure Premium Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -225,9 +253,8 @@ Organization Contact | Multiple Choice | Get From CSC Differs For Clients Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A -Addtl Sans Comma Separated DVC Emails | String | N/A - -*CSC TrustedSecure EV Certificate - Details Tab* + +**CSC TrustedSecure EV Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -240,7 +267,7 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure EV Certificate - Enrollment Fields* +**CSC TrustedSecure EV Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -256,20 +283,20 @@ Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A Organization Country | String | N/A -*CSC TrustedSecure Premium Certificate - Details Tab* +**CSC TrustedSecure UC Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ -Template Short Name | CSC TrustedSecure Premium Certificate -Template Display Name | CSC TrustedSecure Premium Certificate -Friendly Name | CSC TrustedSecure Premium Certificate +Template Short Name | CSC TrustedSecure UC Certificate +Template Display Name | CSC TrustedSecure UC Certificate +Friendly Name | CSC TrustedSecure UC Certificate Keys Size | 2048 Enforce RFC 2818 Compliance | True CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure Premium Certificate - Enrollment Fields* +**CSC TrustedSecure UC Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -283,8 +310,10 @@ Organization Contact | Multiple Choice | Get From CSC Differs For Clients Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A + -*CSC TrustedSecure Premium Wildcard Certificate - Details Tab* +**CSC TrustedSecure Premium Wildcard Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -297,7 +326,63 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields* +**CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +**CSC TrustedSecure Domain Validated SSL - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated SSL +Template Display Name | CSC TrustedSecure Domain Validated SSL +Friendly Name | CSC TrustedSecure Domain Validated SSL +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated SSL - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +**CSC TrustedSecure Domain Validated Wildcard SSL - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated Wildcard SSL +Template Display Name | CSC TrustedSecure Domain Validated Wildcard SSL +Friendly Name | CSC TrustedSecure Domain Validated Wildcard SSL +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated Wildcard SSL - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -312,6 +397,34 @@ Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A +**CSC TrustedSecure Domain Validated UC Certificate - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated UC Certificate +Template Display Name | CSC TrustedSecure Domain Validated UC Certificate +Friendly Name | CSC TrustedSecure Domain Validated UC Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated UC Certificate - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A ### Certificate Authority Installation 1) Gateway Server - Start the Keyfactor Gateway Service diff --git a/SampleConfig.json b/SampleConfig.json index fa644b0..42133b9 100644 --- a/SampleConfig.json +++ b/SampleConfig.json @@ -41,6 +41,18 @@ "CSC TrustedSecure Premium Wildcard Certificate": { "ProductID": "CSC TrustedSecure Premium Wildcard Certificate", "Parameters": {} + }, + "CSC TrustedSecure Domain Validated SSL": { + "ProductID": "CSC TrustedSecure Domain Validated SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated Wildcard SSL": { + "ProductID": "CSC TrustedSecure Domain Validated Wildcard SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated UC Certificate": { + "ProductID": "CSC TrustedSecure Domain Validated UC Certificate", + "Parameters": {} } }, "CertificateManagers": null, diff --git a/Workflow 1 - Modify Enrollment Params.json b/Workflow 1 - Modify Enrollment Params.json new file mode 100644 index 0000000..11dd849 --- /dev/null +++ b/Workflow 1 - Modify Enrollment Params.json @@ -0,0 +1,68 @@ +{ + "Id": "4a1c47cb-ac6e-4f86-a2be-335c51f7a943", + "DisplayName": "Enroll Params Based on Domain", + "Description": "Takes enrollment params from the user interface and dynamically changes the values based on a given domain.", + "Key": "40", + "KeyDisplayName": "CSC TrustedSecure Premium Certificate", + "IsPublished": true, + "WorkflowType": "Enrollment", + "Steps": [ + { + "Id": "86e6b9ac-3d6c-4e4c-9fbe-2fb466702be2", + "DisplayName": "End-NOOP", + "UniqueName": "EndNOOP", + "ExtensionName": "NOOPStep", + "Enabled": true, + "ConfigurationParameters": {}, + "Signals": [], + "Conditions": [], + "Outputs": { + "continue": "KeyfactorEnroll" + } + }, + { + "Id": "bbf2c70b-5a77-499b-a537-3aba1cc06db3", + "DisplayName": "Keyfactor-Enroll", + "UniqueName": "KeyfactorEnroll", + "ExtensionName": "EnrollStep", + "Enabled": true, + "ConfigurationParameters": {}, + "Signals": [], + "Conditions": [], + "Outputs": {} + }, + { + "Id": "62e94406-4f6d-45b5-aef8-40b47b2e8e17", + "DisplayName": "Modify Params", + "UniqueName": "PowerShell1", + "ExtensionName": "PowerShell", + "Enabled": true, + "ConfigurationParameters": { + "ScriptParameters": { + "SubjectCN": "$(request:cn)" + }, + "ScriptContent": "# Declare your parameters at the beginning\nparam(\n[string]$AdditionalAttributes,\n[string]$SubjectCN\n)\n\n\n# Initialize a hashtable\n$UpdatedAttributes = @{}\n\n# Load original attributes in UpdatedAttributes for the else case\n$UpdatedAttributes['Term'] = '12'\n$UpdatedAttributes['Applicant First Name'] = $SubjectCN\n$UpdatedAttributes['Applicant Last Name'] = 'Smith'\n$UpdatedAttributes['Applicant Email Address'] = 'admin@boingy.com'\n$UpdatedAttributes['Applicant Phone (+nn.nnnnnnnn)'] = '+12.12345678'\n$UpdatedAttributes['Domain Control Validation Method'] = 'EMAIL'\n$UpdatedAttributes['Organization Contact'] = 'Keyfactor Primary'\n$UpdatedAttributes['Business Unit'] = 'Keyfactor API'\n$UpdatedAttributes['Notification Email(s) Comma Separated'] = 'admin@boingy.com'\n$UpdatedAttributes['CN DCV Email (admin@yourdomain.com)'] = 'admin@boingy.com'\n\n# If the value of Department is \"Accounting\", then the value of Code must be \"G5N145\"; override submitted value--if any--and use fixed value\nif($SubjectCN.Contains(\"boingy.com\")) {\n $UpdatedAttributes['Applicant Last Name'] = \"Watson\"\n}\n\n# Return the updated attributes to the workflow in the original parameter as a hashtable\n$result = @{ \"AdditionalAttributes\" = $UpdatedAttributes }\nreturn $result" + }, + "Signals": [], + "Conditions": [], + "Outputs": { + "continue": "EndNOOP" + } + }, + { + "Id": "2c04139b-8996-462e-b9c5-410721c950bb", + "DisplayName": "Start-NOOP", + "UniqueName": "StartNOOP", + "ExtensionName": "NOOPStep", + "Enabled": true, + "ConfigurationParameters": {}, + "Signals": [], + "Conditions": [], + "Outputs": { + "continue": "PowerShell1" + } + } + ], + "DraftVersion": 11, + "PublishedVersion": 11 +} \ No newline at end of file diff --git a/readme_source.md b/readme_source.md index 5c7bd5c..aa957cb 100644 --- a/readme_source.md +++ b/readme_source.md @@ -124,7 +124,8 @@ the CA. Without the imported configuration, the service will fail to start. } ``` -- *Template Settings* +**Template Settings** +- For template settings you can either hard code them in the template parameters as shown on the last template or make them show up as enrollment parameters. You can also have a combination of both enrollment parameters and hard coded parameters in the template parameters. You can also build a workflow in Keyfactor to change them during enrollment based on some parameters as shown in the attached workflow 1. ``` "Templates": { "CSC TrustedSecure Premium Certificate": { @@ -142,6 +143,30 @@ the CA. Without the imported configuration, the service will fail to start. "CSC TrustedSecure Premium Wildcard Certificate": { "ProductID": "CSC TrustedSecure Premium Wildcard Certificate", "Parameters": {} + }, + "CSC TrustedSecure Domain Validated SSL": { + "ProductID": "CSC TrustedSecure Domain Validated SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated Wildcard SSL": { + "ProductID": "CSC TrustedSecure Domain Validated Wildcard SSL", + "Parameters": {} + }, + "CSC TrustedSecure Domain Validated UC Certificate": { + "ProductID": "CSC TrustedSecure Domain Validated UC Certificate", + "Parameters": { + "Term": "12", + "Applicant First Name": "Joe", + "Applicant Last Name": "Smiht", + "Applicant Email Address": "admin@jsmith.com", + "Applicant Phone (+nn.nnnnnnnn)": "+12.34567890", + "Domain Control Validation Method": "EMAIL", + "Organization Contact": "Some Contact", + "Business Unit": "Some Business Unit", + "Notification Email(s) Comma Separated": "admin@jsmith.com", + "CN DCV Email (admin@yourdomain.com)": "admin@jsmith.com", + "Addtl Sans Comma Separated DVC Emails": "admin@jsmith.com" + } } } ``` @@ -179,12 +204,15 @@ the CA. Without the imported configuration, the service will fail to start. - CSC TrustedSecure EV Certificate - CSC TrustedSecure UC Certificate - CSC TrustedSecure Premium Wildcard Certificate +- CSC TrustedSecure Domain Validated SSL +- CSC TrustedSecure Domain Validated Wildcard SSL +- CSC TrustedSecure Domain Validated UC Certificate 2) **Import Into Keyfactor using the template import functionality** 3) **Edit each template and modify the Details and Enrollment Fields as Follows** - -*CSC TrustedSecure UC Certificate - Details Tab* + +**CSC TrustedSecure Premium Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -197,7 +225,7 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure UC Certificate - Enrollment Fields* +**CSC TrustedSecure Premium Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -211,9 +239,8 @@ Organization Contact | Multiple Choice | Get From CSC Differs For Clients Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A -Addtl Sans Comma Separated DVC Emails | String | N/A - -*CSC TrustedSecure EV Certificate - Details Tab* + +**CSC TrustedSecure EV Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -226,7 +253,7 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure EV Certificate - Enrollment Fields* +**CSC TrustedSecure EV Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -242,20 +269,20 @@ Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A Organization Country | String | N/A -*CSC TrustedSecure Premium Certificate - Details Tab* +**CSC TrustedSecure UC Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ -Template Short Name | CSC TrustedSecure Premium Certificate -Template Display Name | CSC TrustedSecure Premium Certificate -Friendly Name | CSC TrustedSecure Premium Certificate +Template Short Name | CSC TrustedSecure UC Certificate +Template Display Name | CSC TrustedSecure UC Certificate +Friendly Name | CSC TrustedSecure UC Certificate Keys Size | 2048 Enforce RFC 2818 Compliance | True CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure Premium Certificate - Enrollment Fields* +**CSC TrustedSecure UC Certificate - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -269,8 +296,10 @@ Organization Contact | Multiple Choice | Get From CSC Differs For Clients Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A + -*CSC TrustedSecure Premium Wildcard Certificate - Details Tab* +**CSC TrustedSecure Premium Wildcard Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -283,7 +312,63 @@ CSR Enrollment | True Pfx Enrollment | True -*CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields* +**CSC TrustedSecure Premium Wildcard Certificate - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +**CSC TrustedSecure Domain Validated SSL - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated SSL +Template Display Name | CSC TrustedSecure Domain Validated SSL +Friendly Name | CSC TrustedSecure Domain Validated SSL +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated SSL - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A + +**CSC TrustedSecure Domain Validated Wildcard SSL - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated Wildcard SSL +Template Display Name | CSC TrustedSecure Domain Validated Wildcard SSL +Friendly Name | CSC TrustedSecure Domain Validated Wildcard SSL +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated Wildcard SSL - Enrollment Fields** NAME | DATA TYPE | VALUES -----|--------------|----------------- @@ -298,6 +383,34 @@ Business Unit | Multiple Choice | Get From CSC Differs For Clients Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A +**CSC TrustedSecure Domain Validated UC Certificate - Details Tab** + +CONFIG ELEMENT | DESCRIPTION +----------------------------|------------------ +Template Short Name | CSC TrustedSecure Domain Validated UC Certificate +Template Display Name | CSC TrustedSecure Domain Validated UC Certificate +Friendly Name | CSC TrustedSecure Domain Validated UC Certificate +Keys Size | 2048 +Enforce RFC 2818 Compliance | True +CSR Enrollment | True +Pfx Enrollment | True + + +**CSC TrustedSecure Domain Validated UC Certificate - Enrollment Fields** + +NAME | DATA TYPE | VALUES +-----|--------------|----------------- +Term | Multiple Choice | 12,24 +Applicant First Name | String | N/A +Applicant Last Name | String | N/A +Applicant Email Address | String | N/A +Applicant Phone (+nn.nnnnnnnn) | String | N/A +Domain Control Validation Method | Multiple Choice | EMAIL +Organization Contact | Multiple Choice | Get From CSC Differs For Clients +Business Unit | Multiple Choice | Get From CSC Differs For Clients +Notification Email(s) Comma Separated | String | N/A +CN DCV Email (admin@yourdomain.com) | String | N/A +Addtl Sans Comma Separated DVC Emails | String | N/A ### Certificate Authority Installation 1) Gateway Server - Start the Keyfactor Gateway Service From 0e6e25a0bd0ff245fec900152350966b95eb2898 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Wed, 26 Jul 2023 13:10:10 -0400 Subject: [PATCH 04/10] Jsonupdates (#11) * Template Install Updates for New Templates --- CHANGELOG.md | 13 +- CscGlobalProducts.csv | 3 + README.md | 13 ++ ...SC TrustedSecure Domain Validated SSL.json | 106 ++++++++++++++++ ...ecure Domain Validated UC Certificate.json | 114 ++++++++++++++++++ ...dSecure Domain Validated Wildcard SSL.json | 106 ++++++++++++++++ 6 files changed, 350 insertions(+), 5 deletions(-) create mode 100644 Templates/CSC TrustedSecure Domain Validated SSL.json create mode 100644 Templates/CSC TrustedSecure Domain Validated UC Certificate.json create mode 100644 Templates/CSC TrustedSecure Domain Validated Wildcard SSL.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 76e19ff..17f9cf3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,14 @@ -v1.0.9 -- Updated Readme to go from Powershell based install to Manual Install With More Detailed Instructions -- Removed unneeded config items -- Fixed Meta Data Sync Issue -- For Patch Installation for V1.0.9, see bottom of Readme File v1.0.10 - Sync Issue where Sync only works after service restart fixed - Sync Fix when errors occur in the CSC Api so next sync works - Support for CSC TrustedSecure Domain Validated SSL (new CSC Template) - Support for CSC TrustedSecure Domain Validated Wildcard SSL (new CSC Template) - Support for CSC TrustedSecure Domain Validated UC Certificate (new CSC Template) +- Install support for new templates. Setup only no code changed in Gateway. + +v1.0.9 +- Updated Readme to go from Powershell based install to Manual Install With More Detailed Instructions +- Removed unneeded config items +- Fixed Meta Data Sync Issue +- For Patch Installation for V1.0.9, see bottom of Readme File + diff --git a/CscGlobalProducts.csv b/CscGlobalProducts.csv index f89da82..3cf9b9b 100644 --- a/CscGlobalProducts.csv +++ b/CscGlobalProducts.csv @@ -3,3 +3,6 @@ CSC TrustedSecure Premium Certificate,CSC TrustedSecure Premium Certificate,CSCG CSC TrustedSecure EV Certificate,CSC TrustedSecure EV Certificate,CSCGlobal,DV,No CSC TrustedSecure UC Certificate,CSC TrustedSecure UC Certificate,CSCGlobal,DV,Yes CSC TrustedSecure Premium Wildcard Certificate,CSC TrustedSecure Premium Wildcard Certificate,CSCGlobal,DV,No +CSC TrustedSecure Domain Validated UC Certificate,CSC TrustedSecure Domain Validated UC Certificate,CSCGlobal,DV,Yes +CSC TrustedSecure Domain Validated Wildcard SSL,CSC TrustedSecure Domain Validated Wildcard SSL,CSCGlobal,DV,No +CSC TrustedSecure Domain Validated SSL,CSC TrustedSecure Domain Validated SSL,CSCGlobal,DV,No diff --git a/README.md b/README.md index e8de2a1..50dd6c5 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ Csc Global operates a PKI as a service platform for customers around the globe. #### Integration status: Production - Ready for use in production environments. + ## About the Keyfactor AnyGateway CA Connector This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. @@ -12,6 +13,18 @@ This repository contains an AnyGateway CA Connector, which is a plugin to the Ke +--- + + + + + + + + +--- + + *** # Getting Started ## Standard Gateway Installation diff --git a/Templates/CSC TrustedSecure Domain Validated SSL.json b/Templates/CSC TrustedSecure Domain Validated SSL.json new file mode 100644 index 0000000..ef89edf --- /dev/null +++ b/Templates/CSC TrustedSecure Domain Validated SSL.json @@ -0,0 +1,106 @@ +{ + "Id": 999999, + "CommonName": "CscGlobalDV-SSL", + "TemplateName": "CscGlobalDV-SSL", + "Oid": "Replace OID", + "KeySize": "2048", + "KeyType": "RSA", + "ForestRoot": "keyfactor.lab", + "FriendlyName": "Replace Friendly Name", + "KeyRetention": "AfterExpiration", + "KeyRetentionDays": 55, + "KeyArchival": false, + "EnrollmentFields": [ + { + "Id": 6760440, + "Name": "Term", + "Options": [ + "12", + "24", + "36", + "48", + "60", + "72" + ], + "DataType": 2 + }, + { + "Id": 6760441, + "Name": "Applicant First Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 6760442, + "Name": "Applicant Last Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 6760443, + "Name": "Applicant Email Address", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 6760444, + "Name": "Applicant Phone (+nn.nnnnnnnn)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 6760450, + "Name": "Domain Control Validation Method", + "Options": [ + "EMAIL", + "CNAME" + ], + "DataType": 2 + }, + { + "Id": 6760460, + "Name": "CN DCV Email (admin@yourdomain.com)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 6760470, + "Name": "Organization Contact", + "Options": [ + "Some Organization" + ], + "DataType": 2 + }, + { + "Id": 6760471, + "Name": "Business Unit", + "Options": [ + "Cert API Testing" + ], + "DataType": 2 + }, + { + "Id": 6760480, + "Name": "Notification Email(s) Comma Separated", + "Options": [ + "" + ], + "DataType": 1 + } + ], + "AllowedEnrollmentTypes": 7, + "TemplateRegexes": [], + "UseAllowedRequesters": false, + "AllowedRequesters": [], + "DisplayName": "Replace Display Name" +} diff --git a/Templates/CSC TrustedSecure Domain Validated UC Certificate.json b/Templates/CSC TrustedSecure Domain Validated UC Certificate.json new file mode 100644 index 0000000..25f1b30 --- /dev/null +++ b/Templates/CSC TrustedSecure Domain Validated UC Certificate.json @@ -0,0 +1,114 @@ +{ + "Id": 999999, + "CommonName": "CscGlobalDV-UCC", + "TemplateName": "CscGlobalDV-UCC", + "Oid": "Replace OID", + "KeySize": "2048", + "KeyType": "RSA", + "ForestRoot": "keyfactor.lab", + "FriendlyName": "Replace Friendly Name", + "KeyRetention": "AfterExpiration", + "KeyRetentionDays": 55, + "KeyArchival": false, + "EnrollmentFields": [ + { + "Id": 5555640, + "Name": "Term", + "Options": [ + "12", + "24", + "36", + "48", + "60", + "72" + ], + "DataType": 2 + }, + { + "Id": 5555641, + "Name": "Applicant First Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555642, + "Name": "Applicant Last Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555643, + "Name": "Applicant Email Address", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555644, + "Name": "Applicant Phone (+nn.nnnnnnnn)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555650, + "Name": "Domain Control Validation Method", + "Options": [ + "EMAIL", + "CNAME" + ], + "DataType": 2 + }, + { + "Id": 5555655, + "Name": "CN DCV Email (admin@yourdomain.com)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555660, + "Name": "Addtl Sans Comma Separated DVC Emails", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5555670, + "Name": "Organization Contact", + "Options": [ + "Some Organization" + ], + "DataType": 2 + }, + { + "Id": 5555671, + "Name": "Business Unit", + "Options": [ + "Cert API Testing" + ], + "DataType": 2 + }, + { + "Id": 5555680, + "Name": "Notification Email(s) Comma Separated", + "Options": [ + "" + ], + "DataType": 1 + } + ], + "AllowedEnrollmentTypes": 7, + "TemplateRegexes": [], + "UseAllowedRequesters": false, + "AllowedRequesters": [], + "DisplayName": "Replace Display Name" +} diff --git a/Templates/CSC TrustedSecure Domain Validated Wildcard SSL.json b/Templates/CSC TrustedSecure Domain Validated Wildcard SSL.json new file mode 100644 index 0000000..70f2cec --- /dev/null +++ b/Templates/CSC TrustedSecure Domain Validated Wildcard SSL.json @@ -0,0 +1,106 @@ +{ + "Id": 999999, + "CommonName": "CscGlobalDV-Wildcard", + "TemplateName": "CscGlobalDV-Wildcard", + "Oid": "Replace OID", + "KeySize": "2048", + "KeyType": "RSA", + "ForestRoot": "keyfactor.lab", + "FriendlyName": "Replace Friendly Name", + "KeyRetention": "AfterExpiration", + "KeyRetentionDays": 55, + "KeyArchival": false, + "EnrollmentFields": [ + { + "Id": 5852240, + "Name": "Term", + "Options": [ + "12", + "24", + "36", + "48", + "60", + "72" + ], + "DataType": 2 + }, + { + "Id": 5852241, + "Name": "Applicant First Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5852242, + "Name": "Applicant Last Name", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5852243, + "Name": "Applicant Email Address", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5852244, + "Name": "Applicant Phone (+nn.nnnnnnnn)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5852250, + "Name": "Domain Control Validation Method", + "Options": [ + "EMAIL", + "CNAME" + ], + "DataType": 2 + }, + { + "Id": 5852260, + "Name": "CN DCV Email (admin@yourdomain.com)", + "Options": [ + "" + ], + "DataType": 1 + }, + { + "Id": 5852270, + "Name": "Organization Contact", + "Options": [ + "Some Organization" + ], + "DataType": 2 + }, + { + "Id": 5852271, + "Name": "Business Unit", + "Options": [ + "Cert API Testing" + ], + "DataType": 2 + }, + { + "Id": 5852280, + "Name": "Notification Email(s) Comma Separated", + "Options": [ + "" + ], + "DataType": 1 + } + ], + "AllowedEnrollmentTypes": 7, + "TemplateRegexes": [], + "UseAllowedRequesters": false, + "AllowedRequesters": [], + "DisplayName": "Replace Display Name" +} From cd27c4e18e8528d84dfc6eba2bbe38c535215a93 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 26 Jul 2023 17:23:40 +0000 Subject: [PATCH 05/10] Update generated README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 50dd6c5..070bddb 100644 --- a/README.md +++ b/README.md @@ -238,8 +238,7 @@ the CA. Without the imported configuration, the service will fail to start. 2) **Import Into Keyfactor using the template import functionality** 3) **Edit each template and modify the Details and Enrollment Fields as Follows** - -**CSC TrustedSecure Premium Certificate - Details Tab** +*CSC TrustedSecure Premium Certificate - Details Tab** CONFIG ELEMENT | DESCRIPTION ----------------------------|------------------ @@ -439,6 +438,7 @@ Notification Email(s) Comma Separated | String | N/A CN DCV Email (admin@yourdomain.com) | String | N/A Addtl Sans Comma Separated DVC Emails | String | N/A + ### Certificate Authority Installation 1) Gateway Server - Start the Keyfactor Gateway Service 2) Run the set Gateway command similar to below From 76d727740200515ad79370c132d4d1e8ad33f18b Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 10 Jan 2024 15:55:37 +0000 Subject: [PATCH 06/10] Update generated README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 070bddb..f992025 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,11 @@ Csc Global operates a PKI as a service platform for customers around the globe. This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. +## Support for CSC Global +CSC Global + +###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. --- From f66d1ba83acb3ee68e55e492d143d2ed2bcf2ce5 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Wed, 10 Jan 2024 12:15:22 -0500 Subject: [PATCH 07/10] Fix issue with CSC CNAME auto validation, have to add headers to CSR. (#13) * Fix issue with CSC CNAME auto validation, have to add headers to CSR. * Update Change Log --- CHANGELOG.md | 3 +++ CscGlobalCaProxy/RequestManager.cs | 24 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17f9cf3..b0fe6d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +v1.0.11 +- Added CSR Headers to Fix Issue with CSC Pre-Validation + v1.0.10 - Sync Issue where Sync only works after service restart fixed - Sync Fix when errors occur in the CSC Api so next sync works diff --git a/CscGlobalCaProxy/RequestManager.cs b/CscGlobalCaProxy/RequestManager.cs index b223cdd..a86161e 100644 --- a/CscGlobalCaProxy/RequestManager.cs +++ b/CscGlobalCaProxy/RequestManager.cs @@ -108,10 +108,20 @@ public DomainControlValidation GetDomainControlValidation(string methodType, str }; } + + public static Func Pemify = ss => + ss.Length <= 64 ? ss : ss.Substring(0, 64) + "\n" + Pemify(ss.Substring(64)); + public RegistrationRequest GetRegistrationRequest(EnrollmentProductInfo productInfo, string csr, Dictionary sans) { - var bytes = Encoding.UTF8.GetBytes(csr); + + var cert = "-----BEGIN CERTIFICATE REQUEST-----\r\n"; + cert = cert + Pemify(csr); + cert = cert + "\r\n-----END CERTIFICATE REQUEST-----"; + + + var bytes = Encoding.UTF8.GetBytes(cert); var encodedString = Convert.ToBase64String(bytes); var commonNameValidationEmail = productInfo.ProductParameters["CN DCV Email (admin@yourdomain.com)"]; var methodType = productInfo.ProductParameters["Domain Control Validation Method"]; @@ -174,7 +184,11 @@ public Notifications GetNotifications(EnrollmentProductInfo productInfo) public RenewalRequest GetRenewalRequest(EnrollmentProductInfo productInfo, string uUId, string csr, Dictionary sans) { - var bytes = Encoding.UTF8.GetBytes(csr); + var cert = "-----BEGIN CERTIFICATE REQUEST-----\r\n"; + cert = cert + Pemify(csr); + cert = cert + "\r\n-----END CERTIFICATE REQUEST-----"; + + var bytes = Encoding.UTF8.GetBytes(cert); var encodedString = Convert.ToBase64String(bytes); var commonNameValidationEmail = productInfo.ProductParameters["CN DCV Email (admin@yourdomain.com)"]; var methodType = productInfo.ProductParameters["Domain Control Validation Method"]; @@ -228,7 +242,11 @@ private List GetSubjectAlternativeNames(EnrollmentProduc public ReissueRequest GetReissueRequest(EnrollmentProductInfo productInfo, string uUId, string csr, Dictionary sans) { - var bytes = Encoding.UTF8.GetBytes(csr); + var cert = "-----BEGIN CERTIFICATE REQUEST-----\r\n"; + cert = cert + Pemify(csr); + cert = cert + "\r\n-----END CERTIFICATE REQUEST-----"; + + var bytes = Encoding.UTF8.GetBytes(cert); var encodedString = Convert.ToBase64String(bytes); var commonNameValidationEmail = productInfo.ProductParameters["CN DCV Email (admin@yourdomain.com)"]; var methodType = productInfo.ProductParameters["Domain Control Validation Method"]; From 5b8c54bd9acbe64a2e59bb7ed596089ce9fb5e1e Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Wed, 10 Jan 2024 15:33:25 -0800 Subject: [PATCH 08/10] update to bootstrap workflow --- .../keyfactor-bootstrap-workflow.yml | 19 +++++++++ .../workflows/keyfactor-starter-workflow.yml | 42 ------------------- integration-manifest.json | 16 +++---- 3 files changed, 28 insertions(+), 49 deletions(-) create mode 100644 .github/workflows/keyfactor-bootstrap-workflow.yml delete mode 100644 .github/workflows/keyfactor-starter-workflow.yml diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml new file mode 100644 index 0000000..6d8de53 --- /dev/null +++ b/.github/workflows/keyfactor-bootstrap-workflow.yml @@ -0,0 +1,19 @@ +name: Keyfactor Bootstrap Workflow + +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' + +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v2 + secrets: + token: ${{ secrets.V2BUILDTOKEN}} + APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml deleted file mode 100644 index 0aad6f0..0000000 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Starter Workflow -on: [workflow_dispatch, push, pull_request] - -jobs: - call-create-github-release-workflow: - uses: Keyfactor/actions/.github/workflows/github-release.yml@main - - get-manifest-properties: - runs-on: windows-latest - outputs: - update_catalog: ${{ steps.read-json.outputs.prop }} - steps: - - uses: actions/checkout@v3 - - name: Read json - id: read-json - shell: pwsh - run: | - $json = Get-Content integration-manifest.json | ConvertFrom-Json - echo "::set-output name=prop::$(echo $json.update_catalog)" - - call-dotnet-build-and-release-workflow: - needs: [call-create-github-release-workflow] - uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main - with: - release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} - release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: CscGlobalCaProxy/bin/Release - secrets: - token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} - - call-generate-readme-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main - secrets: - token: ${{ secrets.APPROVE_README_PUSH }} - - call-update-catalog-workflow: - needs: get-manifest-properties - if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') - uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main - secrets: - token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/integration-manifest.json b/integration-manifest.json index 2fd6fdb..f56d39a 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -1,9 +1,11 @@ { - "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", - "integration_type": "ca-gateway", - "name": "CSC Global", - "status": "production", - "description": "Csc Global operates a PKI as a service platform for customers around the globe. The AnyGateway solution for CscGlobal is designed to allow Keyfactor Command the ability to: - Sync certificates issued from the CA - Request new certificates from the CA - Revoke certificates directly from Keyfactor Command", - "link_github": true, - "update_catalog": true + "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", + "integration_type": "ca-gateway", + "name": "CSC Global", + "status": "production", + "description": "Csc Global operates a PKI as a service platform for customers around the globe. The AnyGateway solution for CscGlobal is designed to allow Keyfactor Command the ability to: - Sync certificates issued from the CA - Request new certificates from the CA - Revoke certificates directly from Keyfactor Command", + "link_github": true, + "update_catalog": true, + "support_level": "kf-supported", + "release_dir": "CscGlobalCaProxy/bin/Release" } From b5b22290a77952fb33396a863d6e4f1e72222901 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 10 Jan 2024 23:33:52 +0000 Subject: [PATCH 09/10] Update generated README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f992025..6fa11a1 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This repository contains an AnyGateway CA Connector, which is a plugin to the Ke ## Support for CSC Global -CSC Global +CSC Global is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. From 3af57a7b953bae5c03bcfc28340221f0863585c4 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Wed, 10 Jan 2024 16:36:09 -0800 Subject: [PATCH 10/10] Update changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17f9cf3..7753ddf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ + +v1.1.0 +- Add Support for CNAME Domain Validation + v1.0.10 - Sync Issue where Sync only works after service restart fixed - Sync Fix when errors occur in the CSC Api so next sync works