Enabled Flag For Gateway Functionality

bhillkeyfactor · bhillkeyfactor · commit 9f2fea8a5bc8 · 2026-02-20T09:28:26.000-05:00
diff --git a/AcmeCaPlugin/AcmeCaPlugin.cs b/AcmeCaPlugin/AcmeCaPlugin.cs
@@ -63,6 +63,7 @@ public class AcmeCaPlugin : IAnyCAPlugin
     {
         private static readonly ILogger _logger = LogHandler.GetClassLogger<AcmeCaPlugin>();
         private IAnyCAPluginConfigProvider Config { get; set; }
+        private AcmeClientConfig _config;
 
         // Constants for better maintainability
         private const string DEFAULT_PRODUCT_ID = "default";
@@ -77,6 +78,16 @@ public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDa
         {
             _logger.MethodEntry();
             Config = configProvider ?? throw new ArgumentNullException(nameof(configProvider));
+            _config = GetConfig();
+            _logger.LogTrace("Enabled: {Enabled}", _config.Enabled);
+
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning("The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation...");
+                _logger.MethodExit();
+                return;
+            }
+
             _logger.MethodExit();
         }
 
@@ -89,6 +100,12 @@ public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDa
         public async Task Ping()
         {
             _logger.MethodEntry();
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning("The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping connectivity test...");
+                _logger.MethodExit();
+                return;
+            }
 
             HttpClient httpClient = null;
             try
@@ -166,6 +183,13 @@ public Task ValidateCAConnectionInfo(Dictionary<string, object> connectionInfo)
             var rawData = JsonConvert.SerializeObject(connectionInfo);
             var config = JsonConvert.DeserializeObject<AcmeClientConfig>(rawData);
 
+            if (config != null && !config.Enabled)
+            {
+                _logger.LogWarning("The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation...");
+                _logger.MethodExit();
+                return Task.CompletedTask;
+            }
+
             // Validate required configuration fields
             var missingFields = new List<string>();
             if (string.IsNullOrWhiteSpace(config?.DirectoryUrl))
@@ -231,6 +255,17 @@ public async Task<EnrollmentResult> Enroll(
         {
             _logger.MethodEntry();
 
+            if (!_config.Enabled)
+            {
+                _logger.LogWarning("The CA is currently in the Disabled state. It must be Enabled to perform operations. Enrollment rejected.");
+                _logger.MethodExit();
+                return new EnrollmentResult
+                {
+                    Status = (int)EndEntityStatus.FAILED,
+                    StatusMessage = "CA connector is disabled. Enable it in the CA configuration to perform enrollments."
+                };
+            }
+
             if (string.IsNullOrWhiteSpace(csr))
                 throw new ArgumentException("CSR cannot be null or empty", nameof(csr));
             if (string.IsNullOrWhiteSpace(subject))
diff --git a/AcmeCaPlugin/AcmeCaPluginConfig.cs b/AcmeCaPlugin/AcmeCaPluginConfig.cs
@@ -9,6 +9,13 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
         {
             return new Dictionary<string, PropertyConfigInfo>()
             {
+                ["Enabled"] = new PropertyConfigInfo()
+                {
+                    Comments = "Enable or disable this CA connector. When disabled, all operations (ping, enroll, sync) are skipped.",
+                    Hidden = false,
+                    DefaultValue = "true",
+                    Type = "Bool"
+                },
                 ["DirectoryUrl"] = new PropertyConfigInfo()
                 {
                     Comments = "ACME directory URL (e.g. Let's Encrypt, ZeroSSL, etc.)",
diff --git a/AcmeCaPlugin/AcmeClientConfig.cs b/AcmeCaPlugin/AcmeClientConfig.cs
@@ -4,6 +4,7 @@ namespace Keyfactor.Extensions.CAPlugin.Acme
 {
     public class AcmeClientConfig
     {
+        public bool Enabled { get; set; } = true;
         public string DirectoryUrl { get; set; } = "https://acme-v02.api.letsencrypt.org/directory";
         public string Email { get; set; } = string.Empty;
         public string EabKid { get; set; } = null;

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,13 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()`
`9`	`9`	`{`
`10`	`10`	`return new Dictionary<string, PropertyConfigInfo>()`
`11`	`11`	`{`
	`12`	`+ ["Enabled"] = new PropertyConfigInfo()`
	`13`	`+ {`
	`14`	`+ Comments = "Enable or disable this CA connector. When disabled, all operations (ping, enroll, sync) are skipped.",`
	`15`	`+ Hidden = false,`
	`16`	`+ DefaultValue = "true",`
	`17`	`+ Type = "Bool"`
	`18`	`+ },`
`12`	`19`	`["DirectoryUrl"] = new PropertyConfigInfo()`
`13`	`20`	`{`
`14`	`21`	`Comments = "ACME directory URL (e.g. Let's Encrypt, ZeroSSL, etc.)",`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ namespace Keyfactor.Extensions.CAPlugin.Acme`
`4`	`4`	`{`
`5`	`5`	`public class AcmeClientConfig`
`6`	`6`	`{`
	`7`	`+ public bool Enabled { get; set; } = true;`
`7`	`8`	`public string DirectoryUrl { get; set; } = "https://acme-v02.api.letsencrypt.org/directory";`
`8`	`9`	`public string Email { get; set; } = string.Empty;`
`9`	`10`	`public string EabKid { get; set; } = null;`