Skip to content

Merge to main#58

Open
indrora wants to merge 34 commits into
mainfrom
dev-2.4
Open

Merge to main#58
indrora wants to merge 34 commits into
mainfrom
dev-2.4

Conversation

@indrora

@indrora indrora commented Jul 1, 2026

Copy link
Copy Markdown
Member

Merge dev-2.4 to main - Automated PR

dgaley and others added 27 commits October 8, 2025 11:29
change default start sync date for first incremental sync
removing caching of product type list
change default incremental sync range
shorten incremental sync if it is too long
* add duplicate support

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
* add duplicate support

* Update generated docs

* treat needs_approval the same as pending on enrollments and don't return failure code

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
* improve BouncyCastle parsing

* add duplicate support

* Update generated docs

* Merge 2.2.0 to main

* fix for smime profile type

* template parameter to include client auth eku

* Update generated docs

* changelog and logging

* check for duplicate PEMs

* change default start sync date for first incremental sync

* removing caching of product type list

* change default incremental sync range

* version

* changelog

* shorten incremental sync if it is too long

* feat: release v2.2.0

* add duplicate support

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

---------

Co-authored-by: David Galey <dgaley@keyfactor.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Dave Galey <89407235+dgaley@users.noreply.github.com>
Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>

* treat needs_approval the same as pending on enrollments and don't return failure code

* Update generated docs

* Merge 2.2.1 to main (#49)

* fix for smime profile type

* template parameter to include client auth eku

* Update generated docs

* changelog and logging

* check for duplicate PEMs

* change default start sync date for first incremental sync

* removing caching of product type list

* change default incremental sync range

* version

* changelog

* shorten incremental sync if it is too long

* feat: release v2.2.0

* add duplicate support

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Dev 2.2 (#47)

* add duplicate support

* Update generated docs

* treat needs_approval the same as pending on enrollments and don't return failure code

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

---------

Co-authored-by: David Galey <dgaley@keyfactor.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Dave Galey <89407235+dgaley@users.noreply.github.com>
Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>

* Merge  to main (#48)

* fix for smime profile type

* template parameter to include client auth eku

* Update generated docs

* changelog and logging

* check for duplicate PEMs

* change default start sync date for first incremental sync

* removing caching of product type list

* change default incremental sync range

* version

* changelog

* shorten incremental sync if it is too long

* add duplicate support

* Update generated docs

* treat needs_approval the same as pending on enrollments and don't return failure code

* Update generated docs

---------

Co-authored-by: David Galey <dgaley@keyfactor.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Dave Galey <89407235+dgaley@users.noreply.github.com>
Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>

* Update CHANGELOG.md (#50)

* add option for kdc/smartcardlogon eku, fix template validation

* Update generated docs

* changelog

---------

Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 1, 2026 17:04

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Automated merge of dev-2.4 into main for the DigiCert CertCentral AnyCA Gateway REST plugin, bringing in new enrollment/sync capabilities and aligning public docs/manifests with those capabilities.

Changes:

  • Adds certificate duplication support and related documentation.
  • Extends synchronization filtering (Division + new Product filter) and adjusts incremental sync window behavior.
  • Adds SSL enrollment options for additional EKUs (Client Auth / KDC-SmartCardLogon) and updates approval-status handling.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 18 comments.

Show a summary per file
File Description
README.md Updates plugin naming and documents new config/template fields and duplication workflow.
integration-manifest.json Adds new config/template parameters so the gateway can surface them in UI/metadata.
docsource/configuration.md Documents certificate duplication workflow.
CHANGELOG.md Adds version entries describing new features/fixes.
digicert-certcentral-caplugin/Constants.cs Adds constants for new config/template field names.
digicert-certcentral-caplugin/CertCentralConfig.cs Adds parsing for SyncProductFilter.
digicert-certcentral-caplugin/CertCentralCAPlugin.cs Core logic changes: duplication path, new EKU profile option behavior, sync filtering/window changes, approval-status handling.
digicert-certcentral-caplugin/Client/CertCentralClient.cs Adds duplicate endpoint call and updates list-orders call signature for new filters.
digicert-certcentral-caplugin/API/Duplicate.cs Introduces request/response models for the duplicate endpoint.
digicert-certcentral-caplugin/API/OrderCertificate.cs Adds profile_option field to certificate request model.
digicert-certcentral-caplugin/API/ListCertificateOrders.cs Adds multi-filter support (division IDs + product IDs) to list-orders request.
digicert-certcentral-caplugin/Models/CertCentralCertType.cs Removes product-type caching (behavior/perf impact).
digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj Adds explicit assembly/file version metadata.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +302 to +319
if (typeOfCert.Equals("ssl"))
{
bool clientAuth = Convert.ToBoolean(productInfo.ProductParameters[CertCentralConstants.Config.INCLUDE_CLIENT_AUTH]);
bool kdc = Convert.ToBoolean(productInfo.ProductParameters[CertCentralConstants.Config.INCLUDE_KDC]);
if (clientAuth && kdc)
{
throw new Exception($"Cannot enroll for cert with both Client Auth and KDC/SmartCardLogon EKU set to 'true'");
}
if (clientAuth)
{
orderRequest.Certificate.ProfileOption = "server_client_auth_eku";
_logger.LogWarning($"{CertCentralConstants.Config.INCLUDE_CLIENT_AUTH}: Ability to include client auth EKU in SSL certs is currently planned to cease in March 2027. Make sure any workflows that depend on this feature are updated before then to avoid interruptions.");
}
else if (kdc)
{
orderRequest.Certificate.ProfileOption = "kdc_smart_card";
}
}
Comment on lines +1660 to +1663
if (productIds != null && productIds.Count > 0 && !productIds.Contains(orderResponse.product.name_id.ToString()))
{
_logger.LogTrace($"Found order ID {orderId} that does not match Product filter. Product ID: {orderResponse.product.name_id.ToString()} Skipping...");
}
Comment on lines +1690 to +1696
//Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs
if (pemList.Contains(certificate))
{
_logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping...");
continue;
}
pemList.Add(certificate);
@@ -767,12 +841,17 @@

caList.ForEach(c => c.ToUpper());
_logger.MethodEntry(LogLevel.Trace);

lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.MinValue; // DigiCert issue with treating the timezone as mountain time. -7 to accomodate DST
// DigiCert issue with treating the timezone as mountain time. -7 hours to accomodate DST
Comment thread README.md
* **EnrollDivisionId** - OPTIONAL: The division (container) ID to use for enrollments against this template.
* **CommonNameIndicator** - Required for secure_email_sponsor and secure_email_organization products, ignored otherwise. Defines the source of the common name. Valid values are: email_address, given_name_surname, pseudonym, organization_name
* **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict.
* **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.
Comment thread integration-manifest.json
@@ -38,6 +38,10 @@
"name": "SyncDivisionFilter",
"description": "If you list one or more Divison IDs (also known as Container IDs) here (comma-separated), the sync process will filter records to only return orders from those divisions. If you want to sync all divisions, leave this field empty. Note that this has no relationship to the value of the DivisionId config field."
Comment thread integration-manifest.json
},
{
"name": "CertType",
"description": "OPTIONAL: The type of cert to enroll for. Valid values are 'ssl' and 'client'. The value provided here must be consistant with the ProductID. If not provided, default is 'ssl'. Ignored for secure_email_* product types."
Comment thread integration-manifest.json
{
"name": "ProfileType",
"description": "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict."
"description": "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal."
Comment on lines +9 to +10
<AssemblyVersion>2.1.2</AssemblyVersion>
<FileVersion>2.1.2</FileVersion>
Copilot AI review requested due to automatic review settings July 1, 2026 17:38
@indrora indrora removed the request for review from Copilot July 1, 2026 17:38
Copilot AI review requested due to automatic review settings July 1, 2026 17:53

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

Copilot AI review requested due to automatic review settings July 1, 2026 18:36

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants