feat: add Infoblox support to ACME

This change adds support for the Infoblox ACME DNS provider. 

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
signed-off-by: Morgan Gangwere <Morgan.gangwere@keyfactor.com>

Author: bhillkeyfactor

AcmeCaPlugin/AcmeCaPlugin.cs

@@ -370,7 +370,7 @@ private async Task ProcessAuthorizations(AcmeClient acmeClient, OrderDetails ord
                 if (validation == null)
                     throw new InvalidOperationException($"Failed to decode {DNS_CHALLENGE_TYPE} challenge validation details");
 
-                // Create DNS record
+                // Create DNS record (will throw exception with details if it fails)
                 var dnsProvider = DnsProviderFactory.Create(config, _logger);
                 await dnsProvider.CreateRecordAsync(validation.DnsRecordName, validation.DnsRecordValue);
 
@@ -383,22 +383,34 @@ private async Task ProcessAuthorizations(AcmeClient acmeClient, OrderDetails ord
             // Second pass: Wait for DNS propagation and submit challenges
             foreach (var (authz, challenge, validation) in pendingChallenges)
             {
-                _logger.LogInformation("Waiting for DNS propagation for {Domain}...", authz.Identifier.Value);
+                // Skip external DNS verification for Infoblox since it cannot ping external DNS providers
+                bool isInfoblox = config.DnsProvider?.Trim().Equals("infoblox", StringComparison.OrdinalIgnoreCase) ?? false;
 
-                // Wait for DNS propagation with verification
-                var propagated = await dnsVerifier.WaitForDnsPropagationAsync(
-                    validation.DnsRecordName,
-                    validation.DnsRecordValue,
-                    minimumServers: 3 // Require at least 3 DNS servers to confirm
-                );
-
-                if (!propagated)
+                if (isInfoblox)
+                {
+                    _logger.LogInformation("Skipping external DNS propagation check for Infoblox provider for {Domain}. Adding short delay...", authz.Identifier.Value);
+                    // Add a short delay to allow Infoblox to process the record internally
+                    await Task.Delay(TimeSpan.FromSeconds(5));
+                }
+                else
                 {
-                    _logger.LogWarning("DNS record may not have fully propagated for {Domain}. Proceeding anyway...",
-                        authz.Identifier.Value);
+                    _logger.LogInformation("Waiting for DNS propagation for {Domain}...", authz.Identifier.Value);
 
-                    // Optional: Add a final delay as fallback
-                    await Task.Delay(TimeSpan.FromSeconds(30));
+                    // Wait for DNS propagation with verification
+                    var propagated = await dnsVerifier.WaitForDnsPropagationAsync(
+                        validation.DnsRecordName,
+                        validation.DnsRecordValue,
+                        minimumServers: 3 // Require at least 3 DNS servers to confirm
+                    );
+
+                    if (!propagated)
+                    {
+                        _logger.LogWarning("DNS record may not have fully propagated for {Domain}. Proceeding anyway...",
+                            authz.Identifier.Value);
+
+                        // Optional: Add a final delay as fallback
+                        await Task.Delay(TimeSpan.FromSeconds(30));
+                    }
                 }
 
                 // Submit challenge response

AcmeCaPlugin/AcmeCaPluginConfig.cs

@@ -46,7 +46,7 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
                 },
                 ["DnsProvider"] = new PropertyConfigInfo()
                 {
-                    Comments = "DNS Provider to use for ACME DNS-01 challenges (options Google, Cloudflare, AwsRoute53, Azure, Ns1)",
+                    Comments = "DNS Provider to use for ACME DNS-01 challenges (options Google, Cloudflare, AwsRoute53, Azure, Ns1, Infoblox)",
                     Hidden = false,
                     DefaultValue = "Google",
                     Type = "String"
@@ -130,6 +130,30 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
                     Type = "String"
                 }
 
+                //Infoblox DNS
+                ,
+                ["Infoblox_Host"] = new PropertyConfigInfo()
+                {
+                    Comments = "Infoblox DNS: API URL (e.g., https://infoblox.example.com/wapi/v2.12) only if using Infoblox DNS (Optional)",
+                    Hidden = false,
+                    DefaultValue = "",
+                    Type = "String"
+                },
+                ["Infoblox_Username"] = new PropertyConfigInfo()
+                {
+                    Comments = "Infoblox DNS: Username for authentication only if using Infoblox DNS (Optional)",
+                    Hidden = false,
+                    DefaultValue = "",
+                    Type = "String"
+                },
+                ["Infoblox_Password"] = new PropertyConfigInfo()
+                {
+                    Comments = "Infoblox DNS: Password for authentication only if using Infoblox DNS (Optional)",
+                    Hidden = true,
+                    DefaultValue = "",
+                    Type = "Secret"
+                }
+
             };
         }
 

AcmeCaPlugin/AcmeClientConfig.cs

@@ -34,5 +34,12 @@ public class AcmeClientConfig
         //IBM NS1 DNS Ns1_ApiKey
         public string Ns1_ApiKey { get; set; } = null;
 
+        // Infoblox DNS
+        public string Infoblox_Host { get; set; } = null;
+        public string Infoblox_Username { get; set; } = null;
+        public string Infoblox_Password { get; set; } = null;
+        public string Infoblox_WapiVersion { get; set; } = "2.12";
+        public bool Infoblox_IgnoreSslErrors { get; set; } = false;
+
     }
 }

AcmeCaPlugin/Clients/DNS/DnsProviderFactory.cs

@@ -39,6 +39,15 @@ public static IDnsProvider Create(AcmeClientConfig config, ILogger logger)
                     return new Ns1DnsProvider(
                         config.Ns1_ApiKey
                     );
+                case "infoblox":
+                    return new InfobloxDnsProvider(
+                        config.Infoblox_Host,
+                        config.Infoblox_Username,
+                        config.Infoblox_Password,
+                        config.Infoblox_WapiVersion,
+                        config.Infoblox_IgnoreSslErrors,
+                        logger
+                    );
                 default:
                     throw new NotSupportedException($"DNS provider '{config.DnsProvider}' is not supported.");
             }