fix for smime profile type

dgaley · dgaley · commit 52eee75e7d5b · 2025-10-08T11:29:12.000-04:00
diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs
@@ -600,7 +600,7 @@ public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()
 				},
 				[CertCentralConstants.Config.PROFILE_TYPE] = new PropertyConfigInfo()
 				{
-					Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict.",
+					Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",
 					Hidden = false,
 					DefaultValue = "strict",
 					Type = "String"
@@ -1023,7 +1023,7 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction
 			detailsRequest.ContainerId = null;
 			if (connectionInfo.ContainsKey(CertCentralConstants.Config.DIVISION_ID))
 			{
-				string div = (string)connectionInfo[CertCentralConstants.Config.DIVISION_ID];
+				string div = connectionInfo[CertCentralConstants.Config.DIVISION_ID].ToString();
 				if (!string.IsNullOrWhiteSpace(div))
 				{
 					if (int.TryParse($"{div}", out int divId))
@@ -1680,9 +1680,10 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona
 				}
 			}
 
+			string profile = null;
 			if (productInfo.ProductParameters.ContainsKey(CertCentralConstants.Config.PROFILE_TYPE))
 			{
-				string profile = productInfo.ProductParameters[CertCentralConstants.Config.PROFILE_TYPE].ToString();
+				profile = productInfo.ProductParameters[CertCentralConstants.Config.PROFILE_TYPE].ToString();
 
 				// Only validate if value provided
 				if (!string.IsNullOrEmpty(profile))
@@ -1693,6 +1694,10 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona
 						throw new Exception($"Invalid profile type provided. Valid values are: strict, multipurpose");
 					}
 				}
+				else
+				{
+					profile = null;
+				}
 			}
 
 			if (cnIndic.Equals("given_name_surname", StringComparison.OrdinalIgnoreCase))
@@ -1884,12 +1889,11 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona
 			orderRequest.Certificate.SignatureHash = certType.signatureAlgorithm;
 			orderRequest.Certificate.CACertID = caCertId;
 			orderRequest.SetOrganization(organizationId);
-			string profileType = "strict";
-			if (productInfo.ProductParameters.ContainsKey(Constants.Config.PROFILE_TYPE))
+			//If profile type is not provided, use the default on the digicert product configuration
+			if (!string.IsNullOrEmpty(profile))
 			{
-				profileType = productInfo.ProductParameters[Constants.Config.PROFILE_TYPE];
-			}
-			orderRequest.Certificate.ProfileType = profileType;
+				orderRequest.Certificate.ProfileType = profile;
+			}		
 			orderRequest.Certificate.CommonNameIndicator = cnIndicator;
 			if (productInfo.ProductID.Equals("secure_email_sponsor", StringComparison.OrdinalIgnoreCase))
 			{
diff --git a/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj b/digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj
@@ -1,11 +1,13 @@
-<Project Sdk="Microsoft.NET.Sdk">
+﻿<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <RootNamespace>Keyfactor.Extensions.CAPlugin.DigiCert</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>disable</Nullable>
     <AssemblyName>DigicertCAPlugin</AssemblyName>
+    <AssemblyVersion>2.1.1</AssemblyVersion>
+    <FileVersion>2.1.1</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>

Original file line number	Diff line number	Diff line change
`@@ -600,7 +600,7 @@ public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()`
`600`	`600`	`},`
`601`	`601`	`[CertCentralConstants.Config.PROFILE_TYPE] = new PropertyConfigInfo()`
`602`	`602`	`{`
`603`		`- Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict.",`
	`603`	`+ Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",`
`604`	`604`	`Hidden = false,`
`605`	`605`	`DefaultValue = "strict",`
`606`	`606`	`Type = "String"`
`@@ -1023,7 +1023,7 @@ public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Diction`
`1023`	`1023`	`detailsRequest.ContainerId = null;`
`1024`	`1024`	`if (connectionInfo.ContainsKey(CertCentralConstants.Config.DIVISION_ID))`
`1025`	`1025`	`{`
`1026`		`- string div = (string)connectionInfo[CertCentralConstants.Config.DIVISION_ID];`
	`1026`	`+ string div = connectionInfo[CertCentralConstants.Config.DIVISION_ID].ToString();`
`1027`	`1027`	`if (!string.IsNullOrWhiteSpace(div))`
`1028`	`1028`	`{`
`1029`	`1029`	`if (int.TryParse($"{div}", out int divId))`
`@@ -1680,9 +1680,10 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona`
`1680`	`1680`	`}`
`1681`	`1681`	`}`
`1682`	`1682`
	`1683`	`+ string profile = null;`
`1683`	`1684`	`if (productInfo.ProductParameters.ContainsKey(CertCentralConstants.Config.PROFILE_TYPE))`
`1684`	`1685`	`{`
`1685`		`- string profile = productInfo.ProductParameters[CertCentralConstants.Config.PROFILE_TYPE].ToString();`
	`1686`	`+ profile = productInfo.ProductParameters[CertCentralConstants.Config.PROFILE_TYPE].ToString();`
`1686`	`1687`
`1687`	`1688`	`// Only validate if value provided`
`1688`	`1689`	`if (!string.IsNullOrEmpty(profile))`
`@@ -1693,6 +1694,10 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona`
`1693`	`1694`	`throw new Exception($"Invalid profile type provided. Valid values are: strict, multipurpose");`
`1694`	`1695`	`}`
`1695`	`1696`	`}`
	`1697`	`+ else`
	`1698`	`+ {`
	`1699`	`+ profile = null;`
	`1700`	`+ }`
`1696`	`1701`	`}`
`1697`	`1702`
`1698`	`1703`	`if (cnIndic.Equals("given_name_surname", StringComparison.OrdinalIgnoreCase))`
`@@ -1884,12 +1889,11 @@ private EnrollmentResult EnrollForSmimeCert(string csr, string subject, Dictiona`
`1884`	`1889`	`orderRequest.Certificate.SignatureHash = certType.signatureAlgorithm;`
`1885`	`1890`	`orderRequest.Certificate.CACertID = caCertId;`
`1886`	`1891`	`orderRequest.SetOrganization(organizationId);`
`1887`		`- string profileType = "strict";`
`1888`		`- if (productInfo.ProductParameters.ContainsKey(Constants.Config.PROFILE_TYPE))`
	`1892`	`+ //If profile type is not provided, use the default on the digicert product configuration`
	`1893`	`+ if (!string.IsNullOrEmpty(profile))`
`1889`	`1894`	`{`
`1890`		`- profileType = productInfo.ProductParameters[Constants.Config.PROFILE_TYPE];`
`1891`		`- }`
`1892`		`- orderRequest.Certificate.ProfileType = profileType;`
	`1895`	`+ orderRequest.Certificate.ProfileType = profile;`
	`1896`	`+ }`
`1893`	`1897`	`orderRequest.Certificate.CommonNameIndicator = cnIndicator;`
`1894`	`1898`	`if (productInfo.ProductID.Equals("secure_email_sponsor", StringComparison.OrdinalIgnoreCase))`
`1895`	`1899`	`{`