check for duplicate PEMs

dgaley · dgaley · commit a4dfbe2b0821 · 2025-11-06T11:29:17.000-05:00
diff --git a/digicert-certcentral-caplugin/CertCentralCAPlugin.cs b/digicert-certcentral-caplugin/CertCentralCAPlugin.cs
@@ -615,7 +615,7 @@ public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()
 				{
 					Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",
 					Hidden = false,
-					DefaultValue = "strict",
+					DefaultValue = "",
 					Type = "String"
 				},
 				[CertCentralConstants.Config.FIRST_NAME] = new PropertyConfigInfo()
@@ -1557,6 +1557,7 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque
 			var orderCerts = GetAllCertsForOrder(orderId);
 
 			List<AnyCAPluginCertificate> certList = new List<AnyCAPluginCertificate>();
+			List<string> pemList = new List<string>();
 
 			foreach (var cert in orderCerts)
 			{
@@ -1578,6 +1579,13 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque
 							throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}");
 						}
 					}
+					//Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs
+					if (pemList.Contains(certificate))
+					{
+						_logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping...");
+						continue;
+					}
+					pemList.Add(certificate);
 					var connCert = new AnyCAPluginCertificate
 					{
 						CARequestID = caReqId,

Original file line number	Diff line number	Diff line change
`@@ -615,7 +615,7 @@ public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()`
`615`	`615`	`{`
`616`	`616`	`Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",`
`617`	`617`	`Hidden = false,`
`618`		`- DefaultValue = "strict",`
	`618`	`+ DefaultValue = "",`
`619`	`619`	`Type = "String"`
`620`	`620`	`},`
`621`	`621`	`[CertCentralConstants.Config.FIRST_NAME] = new PropertyConfigInfo()`
`@@ -1557,6 +1557,7 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque`
`1557`	`1557`	`var orderCerts = GetAllCertsForOrder(orderId);`
`1558`	`1558`
`1559`	`1559`	`List<AnyCAPluginCertificate> certList = new List<AnyCAPluginCertificate>();`
	`1560`	`+ List<string> pemList = new List<string>();`
`1560`	`1561`
`1561`	`1562`	`foreach (var cert in orderCerts)`
`1562`	`1563`	`{`
`@@ -1578,6 +1579,13 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque`
`1578`	`1579`	`throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}");`
`1579`	`1580`	`}`
`1580`	`1581`	`}`
	`1582`	`+ //Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs`
	`1583`	`+ if (pemList.Contains(certificate))`
	`1584`	`+ {`
	`1585`	`+ _logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping...");`
	`1586`	`+ continue;`
	`1587`	`+ }`
	`1588`	`+ pemList.Add(certificate);`
`1581`	`1589`	`var connCert = new AnyCAPluginCertificate`
`1582`	`1590`	`{`
`1583`	`1591`	`CARequestID = caReqId,`