Merge to main#6
Closed
indrora wants to merge 26 commits into
Closed
Conversation
…heading - release_dir: remove net8.0 framework moniker — fixes Archive Files step in CI - product_ids: populate with supported SSL/TLS product codes (838-846) - docsource/configuration.md: rename to "Certificate Template Creation Step"; remove doc-tool TODO stub
GetProductIds now returns ProductName (e.g. "DV SSL") instead of the numeric ProductCode so the Command UI dropdown shows meaningful labels. EnrollmentParams.ProductCode no longer falls back to the gateway ProductID since names cannot be passed to the CERTInext API — operators must set ProductCode explicitly on every template. Manifest product_ids updated to match the descriptive naming convention.
GetProductIds now returns a static list so the CI doc tool (which uses
reflection, not a live API call) can populate integration-manifest.json
correctly without resetting product_ids to [].
A DefaultProductCodes map in Constants.Products resolves the selected
product name (e.g. "DV SSL") to its production numeric code ("838")
automatically, so operators no longer need to look up and enter codes
manually. ProductCode template param remains available as an explicit
override for sandbox environments or non-standard codes.
… 1-month products - Add DV Wildcard UCC (841), OV Wildcard UCC (845), EV UCC (847) to product table, Constants.Products, DefaultProductCodes map, GetProductIds, manifest - Note DV SSL 1 Month and DV SSL Wildcard 1 Month as portal-visible but not returned by GetProductDetails API and unsupported by this plugin - Update integration test table: 841/845/847 blocked on EMS-918; 843/844 not yet tested; 1-month products marked not supported
…Format param - Remove redundant '## Architecture' heading from configuration.md before the architecture.md include (pre-rendered file already starts with that heading) - Remove SANFormat from the enrollment parameters table (not implemented)
…ANFormat constant - architecture.md used 'signature' but the CERTInext API field is 'authKey' and the parameter names are requestTs/requestTxnId — now consistent with API docs and configuration.md - SANFormat constant in Constants.EnrollmentParam was never used in any code path and was already removed from documentation; no other CA plugin has this param
) * fix: P1-P3 improvements — OAuth auth, sync CompleteAdding, Ping enabled check, renewal window, retry logic, IDisposable, GroupNumber config, nested product response model * test: add unit tests for P1-P3 fixes; update MockCertificateData to nested product response format * test: rewrite integration tests — remove stale hardcoded-order tests, add lifecycle test, make empty-account resilient * docs: add GroupNumber field, per-account product code note, AgreementAcceptance and DCV findings * chore: refactor Makefile — extract all API targets into scripts/; add generate-order-149-fresh, probe-endpoints, get-field-details targets * docs: add cross-plugin analysis, certinext improvement plan, and API findings from sandbox exploration * chore: add V2 API Makefile targets and scripts; ignore analysis/ directory Adds 21 make targets covering every CERTInext V2 operation (ssl-certificates, private-pki-certificates, catalog, groups, orgs, domains, reports). Each target delegates to a corresponding script under scripts/v2/ which sources the new scripts/lib/certinext-v2-auth.sh for CERTInext-native SHA256 token exchange. Adds analysis/ to .gitignore so scratch docs and support emails are never committed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(constants): add Dcv constants and Config DCV key names Add Constants.Dcv subclass with dcvMethod codes (1=DNS TXT, 2=HTTP, 3=Email), dcvStatus values (0=Pending, 1=Validated, 2=Rejected), and the default TXT record hostname template. Add DcvEnabled, DcvTxtRecordTemplate, and DcvPropagationDelaySeconds to Constants.Config. * feat(api): add GetDcv and VerifyDcv request/response DTOs Add GetDcvRequest, DcvRequestDetails, and VerifyDcvRequest for the GetDcv/VerifyDcv endpoints. Add GetDcvResponse, DcvResponseDetails, VerifyDcvResponse, TrackOrderDomainVerification (with JsonExtensionData for heterogeneous per-domain entries), and DomainVerificationDetail. Wire DomainVerification onto TrackOrderResponseDetails. * feat(client): add GetDcvAsync and VerifyDcvAsync GetDcvAsync posts to GetDcv and returns the token (and file/email fields) for a domain on an existing order. VerifyDcvAsync posts to VerifyDcv to ask CERTInext to check the published DNS TXT record. Both methods follow the existing pattern: BuildMetaAsync, retry, auth-failure detection, DeserializeOrThrow, meta.status check, structured logging with OrderNumber and Domain context. * feat(config): add DcvEnabled, DcvTxtRecordTemplate, DcvPropagationDelaySeconds Add three DCV-related fields to CERTInextConfig with documented defaults (false, _emsign-validation.{0}, 30 s) and corresponding UI annotations in GetCAConnectorAnnotations. Guards the DNS DCV path so operators must explicitly opt in before any DNS plugin interaction occurs. * feat(enroll): inject IDomainValidatorFactory; add DNS DCV orchestration Bump IAnyCAPlugin to 3.3.0-PRERELEASE-78770-979f582005 to gain access to IDomainValidatorFactory, IDomainValidator, and IDomainValidatorConfigProvider. Add a primary constructor accepting IDomainValidatorFactory (gateway injects this at startup) alongside the existing parameterless fallback. Add DomainValidatorConfigProvider inner class. Add PerformDcvIfNeededAsync: reads pending-DCV domains from TrackOrder, skips if the order is already issued, validates domain FQDNs, calls GetDcvAsync per domain, resolves the DNS plugin via ResolveDomainValidator(domain, 'dns-01'), stages the TXT record, waits for propagation, triggers VerifyDcv, then cleans up in a finally block. EnrollNewAsync calls this when DcvEnabled=true and the factory is present, then re-fetches the post-DCV certificate status before returning. * test(client): add WireMock unit tests for GetDcvAsync and VerifyDcvAsync Add GetDcvSuccessJson, GetDcvFailureJson, VerifyDcvSuccessJson, and VerifyDcvFailureJson helpers to MockCertificateData. Add seven tests covering: successful token retrieval, meta-failure response, 401 authentication failure, successful verification, meta-failure on verify, 401 on verify, and 500 on verify. * chore(scripts): add get-dcv/verify-dcv probe scripts and Makefile targets Add scripts/get-dcv.sh and scripts/verify-dcv.sh mirroring the track-order.sh pattern. Both scripts source ~/.env_certinext and certinext-auth.sh, accept ORDER_NUMBER, DOMAIN_NAME, and optional DCV_METHOD (default 1=DNS TXT), and use jq --arg for safe JSON construction to prevent injection via user-supplied values. Add get-dcv and verify-dcv Makefile targets with DCV_METHOD variable and register both in .PHONY.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge feat/v1.0-release-notes to main - Automated PR