Changed cert usage entry parameter value 'None' to 'Other'

Elena Fiocca · Elena Fiocca · commit 8e1a206a2746 · 2025-08-19T11:54:32.000-06:00
diff --git a/AxisIPCamera/Client/AxisHttpClient.cs b/AxisIPCamera/Client/AxisHttpClient.cs
@@ -62,14 +62,12 @@ public AxisHttpClient(JobConfiguration config, CertificateStore store, IPAMSecre
                 
                 Logger = LogHandler.GetClassLogger<AxisHttpClient>();
                 Logger.LogTrace("Entered AxisHttpClient constructor.");
-                Logger.LogTrace("Initializing Axis IP Camera HTTP Client");
-
-                //TODO; REMOVE var baseRestClientUrl =
-                    //(config.UseSSL) ? $"https://{store.ClientMachine}" : $"http://{store.ClientMachine}";
+                Logger.LogTrace("Initializing Axis IP Camera HTTP client");
+                
                 // ** NOTE: Ignoring the default config.UseSSL custom field --- we will always connect to the device via HTTPS
                 var baseRestClientUrl = $"https://{store.ClientMachine}";
                 
-                Logger.LogDebug($"Base HTTP Client URL: {baseRestClientUrl}");
+                Logger.LogDebug($"Base HTTP client URL: {baseRestClientUrl}");
 
                 // Initialize custom HTTP handler to validate device identity
                 RestClientOptions options = null;
@@ -88,7 +86,6 @@ public AxisHttpClient(JobConfiguration config, CertificateStore store, IPAMSecre
 
                 // Add Basic Auth username and password credentials
                 Logger.LogTrace("Adding Basic Auth Credentials to the HTTP client options...");
-
                 string username = PAMUtilities.ResolvePAMField(resolver, Logger, "API Username", config.ServerUsername);
                 string password = PAMUtilities.ResolvePAMField(resolver, Logger, "API Password", config.ServerPassword);
                 
@@ -115,9 +112,7 @@ public AxisHttpClient(JobConfiguration config, CertificateStore store, IPAMSecre
                 }
                 
                 Logger.LogTrace($"Connection to the device response status code: {response.StatusCode}");
-
                 Logger.LogTrace("Completed Initialization of Axis IP Camera HTTP Client");
-
                 Logger.LogTrace("Leaving AxisHttpClient constructor.");
             }
             catch (Exception e)
diff --git a/AxisIPCamera/Helpers/DeviceCertValidator.cs b/AxisIPCamera/Helpers/DeviceCertValidator.cs
@@ -48,7 +48,7 @@ public static class DeviceCertValidator
                 }
                 
                 // VALIDATION 1: Verify the TLS cert chain against the AXIS PKI --- Did this cert come off an AXIS PKI?
-                // This check will be done with SKI/AKI matching against the chain
+                // This check will be done with SKI/AKI matching against the custom chain
                 logger.LogTrace($"Performing Cert Validator Check #1: Verify the TLS cert chain against custom chain of AXIS PKI certs...");
                 
                 // Load custom trusted certs
diff --git a/AxisIPCamera/Inventory.cs b/AxisIPCamera/Inventory.cs
@@ -99,8 +99,8 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                     else
                     {
                         // If no match, reset the cert usage
-                        _logger.LogDebug($"Client cert with alias '{c.Alias}' has no associated certificate usage");
-                        c.Binding = Constants.CertificateUsage.None;
+                        _logger.LogDebug($"Client cert with alias '{c.Alias}' has no known certificate usage");
+                        c.Binding = Constants.CertificateUsage.Other;
                     }
                 }
 
@@ -209,18 +209,11 @@ private CurrentInventoryItem BuildInventoryItem(CACertificate caCert)
             }
         }
         
-        //TODO: Add parameters for other binding aliases
         private CurrentInventoryItem BuildInventoryItem(Certificate cert)
         {
             try
             {
                 _logger.MethodEntry();
-                
-                // Get the cert usage as a string
-                //string certUsageString = GetCertUsageAsString(cert.Binding);
-
-                //Dictionary<string, object> parameters = new Dictionary<string, object>();
-                //parameters.Add("CertUsage",certUsageString);
 
                 var certList = new List<string>();
                 certList.Add(cert.CertAsPem);
diff --git a/AxisIPCamera/Model/Certificate.cs b/AxisIPCamera/Model/Certificate.cs
@@ -22,7 +22,7 @@ public class Certificate
         [JsonProperty("alias")] public string Alias { get; set; }
         [JsonProperty("certificate")] public string CertAsPem { get; set; }
         [JsonProperty("keystore")] public Constants.Keystore Keystore { get; set; }
-        public Constants.CertificateUsage Binding { get; set; } = Constants.CertificateUsage.None;
+        public Constants.CertificateUsage Binding { get; set; } = Constants.CertificateUsage.Other;
     }
 
     public class CertificateData
diff --git a/AxisIPCamera/Model/Constants.cs b/AxisIPCamera/Model/Constants.cs
@@ -47,7 +47,7 @@ public enum CertificateUsage
             IEEE,
             MQTT,
             Trust,
-            None,
+            Other,
             Undefined
         }
 
@@ -124,9 +124,9 @@ public static string GetCertUsageAsString(Constants.CertificateUsage certUsageEn
                     certUsageString = "Trust";
                     break;
                 }
-                case Constants.CertificateUsage.None:
+                case Constants.CertificateUsage.Other:
                 {
-                    certUsageString = "None";
+                    certUsageString = "Other";
                     break;
                 }
                 default:
@@ -150,17 +150,17 @@ public static string GetCertUsageAsString(Constants.CertificateUsage certUsageEn
         /// <returns>Enum representation of certificate usage that is declared in Constants.cs</returns>
         public static CertificateUsage GetCertUsageAsEnum(string certUsageString)
         {
-            var certUsageEnum = CertificateUsage.None;
+            var certUsageEnum = CertificateUsage.Other;
             switch (certUsageString)
             {
                 case "HTTPS":
                 {
-                    certUsageEnum = Constants.CertificateUsage.Https;
+                    certUsageEnum = CertificateUsage.Https;
                     break;
                 }
                 case "MQTT":
                 {
-                    certUsageEnum = Constants.CertificateUsage.MQTT;
+                    certUsageEnum = CertificateUsage.MQTT;
                     break;
                 }
                 case "IEEE802.X":
@@ -170,12 +170,12 @@ public static CertificateUsage GetCertUsageAsEnum(string certUsageString)
                 }
                 case "Trust":
                 {
-                    certUsageEnum = CertificateUsage.IEEE;
+                    certUsageEnum = CertificateUsage.Trust;
                     break;
                 }
-                case "None":
+                case "Other":
                 {
-                    certUsageEnum = CertificateUsage.None;
+                    certUsageEnum = CertificateUsage.Other;
                     break;
                 }
                 default:
@@ -190,7 +190,7 @@ public static CertificateUsage GetCertUsageAsEnum(string certUsageString)
             
             return certUsageEnum;
         }
-
+        
         public static void ValidateCsr(string csrPem)
         {
             try
diff --git a/AxisIPCamera/Reenrollment.cs b/AxisIPCamera/Reenrollment.cs
@@ -1,30 +1,31 @@
 ﻿using System;
 using System.Collections.Generic;
+using System.Reflection.Metadata;
 using System.Text;
 using System.Text.RegularExpressions;
 
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 
 using Keyfactor.Logging;
-using Keyfactor.Orchestrators.Extensions;
-using Keyfactor.Orchestrators.Extensions.Interfaces;
 using Keyfactor.Extensions.Orchestrator.AxisIPCamera.Client;
 using Keyfactor.Extensions.Orchestrator.AxisIPCamera.Model;
+using Keyfactor.Orchestrators.Extensions;
+using Keyfactor.Orchestrators.Extensions.Interfaces;
 
 namespace Keyfactor.Extensions.Orchestrator.AxisIPCamera
 {
     public class Reenrollment : IReenrollmentJobExtension
     {
         private readonly ILogger _logger;
-        public string ExtensionName => "";
         
-        public IPAMSecretResolver Resolver;
+        private readonly IPAMSecretResolver _resolver;
+        public string ExtensionName => "";
         
         public Reenrollment(IPAMSecretResolver resolver)
         {
             _logger = LogHandler.GetClassLogger<Reenrollment>();
-            Resolver = resolver;
+            _resolver = resolver;
         }
 
         // Job Entry Point
@@ -43,28 +44,26 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
                 {
                     _logger.LogDebug($"{itm.Key}:{itm.Value}");
                 }
-                _logger.LogDebug("End Job Properties");
+                _logger.LogDebug("--- End Job Properties");
                 
                 // Get required reenrollment fields
                 string certUsage = config.JobProperties[Constants.CertUsageParamName].ToString() ?? throw new Exception($"{Constants.CertUsageParamDisplay} returned null");
                 var certUsageEnum = Constants.GetCertUsageAsEnum(certUsage);
                 string keyAlgorithm = config.JobProperties["keyType"].ToString() ?? throw new Exception("Key Algorithm returned null");
                 string keySize = config.JobProperties["keySize"].ToString() ?? throw new Exception("Key Size returned null");
                 string subject = config.JobProperties["subjectText"].ToString() ?? throw new Exception("Subject returned null");
-                // IGNORING --- bool overwrite = Convert.ToBoolean(config.JobProperties["Overwrite"]);
-                
                 string reenrollAlias = config.Alias ?? throw new Exception("Alias returned null");
                 _logger.LogDebug($"Alias: {reenrollAlias}");
                 
-                // Prevent reenrollment on Trust certificates or those without a certificate usage
-                if (certUsageEnum is Constants.CertificateUsage.Trust or Constants.CertificateUsage.None)
+                // Prevent reenrollment on Trust certificates
+                if (certUsageEnum is Constants.CertificateUsage.Trust)
                 {
                     throw new Exception(
                         "Reenrollment cannot be performed on a store when the certificate usage is marked as 'Trust' or 'None'");
                 }
                 
                 _logger.LogTrace("Create HTTPS client to connect to device");
-                var client = new AxisHttpClient(config, config.CertificateStoreDetails, Resolver);
+                var client = new AxisHttpClient(config, config.CertificateStoreDetails, _resolver);
 
                 // Get current binding for reenrollment certificate usage provided
                 _logger.LogTrace($"Check '{certUsage}' binding for same alias");

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ public static class DeviceCertValidator`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`// VALIDATION 1: Verify the TLS cert chain against the AXIS PKI --- Did this cert come off an AXIS PKI?`
`51`		`- // This check will be done with SKI/AKI matching against the chain`
	`51`	`+ // This check will be done with SKI/AKI matching against the custom chain`
`52`	`52`	`logger.LogTrace($"Performing Cert Validator Check #1: Verify the TLS cert chain against custom chain of AXIS PKI certs...");`
`53`	`53`
`54`	`54`	`// Load custom trusted certs`
Original file line number	Diff line number	Diff line change
`@@ -99,8 +99,8 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd`
`99`	`99`	`else`
`100`	`100`	`{`
`101`	`101`	`// If no match, reset the cert usage`
`102`		`- _logger.LogDebug($"Client cert with alias '{c.Alias}' has no associated certificate usage");`
`103`		`- c.Binding = Constants.CertificateUsage.None;`
	`102`	`+ _logger.LogDebug($"Client cert with alias '{c.Alias}' has no known certificate usage");`
	`103`	`+ c.Binding = Constants.CertificateUsage.Other;`
`104`	`104`	`}`
`105`	`105`	`}`
`106`	`106`
`@@ -209,18 +209,11 @@ private CurrentInventoryItem BuildInventoryItem(CACertificate caCert)`
`209`	`209`	`}`
`210`	`210`	`}`
`211`	`211`
`212`		`- //TODO: Add parameters for other binding aliases`
`213`	`212`	`private CurrentInventoryItem BuildInventoryItem(Certificate cert)`
`214`	`213`	`{`
`215`	`214`	`try`
`216`	`215`	`{`
`217`	`216`	`_logger.MethodEntry();`
`218`		`-`
`219`		`- // Get the cert usage as a string`
`220`		`- //string certUsageString = GetCertUsageAsString(cert.Binding);`
`221`		`-`
`222`		`- //Dictionary<string, object> parameters = new Dictionary<string, object>();`
`223`		`- //parameters.Add("CertUsage",certUsageString);`
`224`	`217`
`225`	`218`	`var certList = new List<string>();`
`226`	`219`	`certList.Add(cert.CertAsPem);`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ public class Certificate`
`22`	`22`	`[JsonProperty("alias")] public string Alias { get; set; }`
`23`	`23`	`[JsonProperty("certificate")] public string CertAsPem { get; set; }`
`24`	`24`	`[JsonProperty("keystore")] public Constants.Keystore Keystore { get; set; }`
`25`		`- public Constants.CertificateUsage Binding { get; set; } = Constants.CertificateUsage.None;`
	`25`	`+ public Constants.CertificateUsage Binding { get; set; } = Constants.CertificateUsage.Other;`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`public class CertificateData`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ public enum CertificateUsage`
`47`	`47`	`IEEE,`
`48`	`48`	`MQTT,`
`49`	`49`	`Trust,`
`50`		`- None,`
	`50`	`+ Other,`
`51`	`51`	`Undefined`
`52`	`52`	`}`
`53`	`53`
`@@ -124,9 +124,9 @@ public static string GetCertUsageAsString(Constants.CertificateUsage certUsageEn`
`124`	`124`	`certUsageString = "Trust";`
`125`	`125`	`break;`
`126`	`126`	`}`
`127`		`- case Constants.CertificateUsage.None:`
	`127`	`+ case Constants.CertificateUsage.Other:`
`128`	`128`	`{`
`129`		`- certUsageString = "None";`
	`129`	`+ certUsageString = "Other";`
`130`	`130`	`break;`
`131`	`131`	`}`
`132`	`132`	`default:`
`@@ -150,17 +150,17 @@ public static string GetCertUsageAsString(Constants.CertificateUsage certUsageEn`
`150`	`150`	`/// <returns>Enum representation of certificate usage that is declared in Constants.cs</returns>`
`151`	`151`	`public static CertificateUsage GetCertUsageAsEnum(string certUsageString)`
`152`	`152`	`{`
`153`		`- var certUsageEnum = CertificateUsage.None;`
	`153`	`+ var certUsageEnum = CertificateUsage.Other;`
`154`	`154`	`switch (certUsageString)`
`155`	`155`	`{`
`156`	`156`	`case "HTTPS":`
`157`	`157`	`{`
`158`		`- certUsageEnum = Constants.CertificateUsage.Https;`
	`158`	`+ certUsageEnum = CertificateUsage.Https;`
`159`	`159`	`break;`
`160`	`160`	`}`
`161`	`161`	`case "MQTT":`
`162`	`162`	`{`
`163`		`- certUsageEnum = Constants.CertificateUsage.MQTT;`
	`163`	`+ certUsageEnum = CertificateUsage.MQTT;`
`164`	`164`	`break;`
`165`	`165`	`}`
`166`	`166`	`case "IEEE802.X":`
`@@ -170,12 +170,12 @@ public static CertificateUsage GetCertUsageAsEnum(string certUsageString)`
`170`	`170`	`}`
`171`	`171`	`case "Trust":`
`172`	`172`	`{`
`173`		`- certUsageEnum = CertificateUsage.IEEE;`
	`173`	`+ certUsageEnum = CertificateUsage.Trust;`
`174`	`174`	`break;`
`175`	`175`	`}`
`176`		`- case "None":`
	`176`	`+ case "Other":`
`177`	`177`	`{`
`178`		`- certUsageEnum = CertificateUsage.None;`
	`178`	`+ certUsageEnum = CertificateUsage.Other;`
`179`	`179`	`break;`
`180`	`180`	`}`
`181`	`181`	`default:`
`@@ -190,7 +190,7 @@ public static CertificateUsage GetCertUsageAsEnum(string certUsageString)`
`190`	`190`
`191`	`191`	`return certUsageEnum;`
`192`	`192`	`}`
`193`		`-`
	`193`	`+`
`194`	`194`	`public static void ValidateCsr(string csrPem)`
`195`	`195`	`{`
`196`	`196`	`try`