Merge pull request #28 from Keyfactor/smime

fix workflow

Author: dgaley

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -13,4 +13,7 @@ jobs:
   call-starter-workflow:
     uses: keyfactor/actions/.github/workflows/starter.yml@v4
     secrets:
-      token: ${{ secrets.SAST_TOKEN}}
+      token: ${{ secrets.V2BUILDTOKEN}}
+      scan_token: ${{ secrets.SAST_TOKEN }}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

README.md

@@ -1,88 +1,109 @@
+<h1 align="center" style="border-bottom: none">
+    DigiCert CertCentral   Gateway AnyCA Gateway REST Plugin
+</h1>
+
+<p align="center">
+  <!-- Badges -->
+<img src="https://img.shields.io/badge/integration_status-production-3D1973?style=flat-square" alt="Integration Status: production" />
+<a href="https://github.com/Keyfactor/digicert-certcentral-caplugin/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/digicert-certcentral-caplugin?style=flat-square" alt="Release" /></a>
+<img src="https://img.shields.io/github/issues/Keyfactor/digicert-certcentral-caplugin?style=flat-square" alt="Issues" />
+<img src="https://img.shields.io/github/downloads/Keyfactor/digicert-certcentral-caplugin/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
+</p>
+
+<p align="center">
+  <!-- TOC -->
+  <a href="#support">
+    <b>Support</b>
+  </a> 
+  ·
+  <a href="#requirements">
+    <b>Requirements</b>
+  </a>
+  ·
+  <a href="#installation">
+    <b>Installation</b>
+  </a>
+  ·
+  <a href="#license">
+    <b>License</b>
+  </a>
+  ·
+  <a href="https://github.com/orgs/Keyfactor/repositories?q=anycagateway">
+    <b>Related Integrations</b>
+  </a>
+</p>
+
+
+TODO Overview is a required section
+
+## Compatibility
+
+The DigiCert CertCentral   Gateway AnyCA Gateway REST plugin is compatible with the Keyfactor AnyCA Gateway REST 24.2.0 and later.
+
+## Support
+The DigiCert CertCentral   Gateway AnyCA Gateway REST plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com. 
+
+> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
+
+## Requirements
+
+TODO Requirements is a required section
 
-# DigiCert CertCentral AnyCA REST Gateway Plugin
-
-DigiCert CertCentral plugin for the AnyCA REST Gateway framework
-
-#### Integration status: Production - Ready for use in production environments.
-
-## About the Keyfactor 
-
-
-
-## Support for DigiCert CertCentral AnyCA REST Gateway Plugin
-
-DigiCert CertCentral AnyCA REST Gateway Plugin is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com
-
-###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
+## Installation
 
----
+1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm).
 
+2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [DigiCert CertCentral   Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/digicert-certcentral-caplugin/releases/latest) from GitHub.
 
----
+3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory:
 
 
+    ```shell
+    Depending on your AnyCA Gateway REST version, copy the unzipped directory to one of the following locations:
+    Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions
+    Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net8.0\Extensions
+    ```
 
-
-# Introduction
+    > The directory containing the DigiCert CertCentral   Gateway AnyCA Gateway REST plugin DLLs (`net6.0` or `net8.0`) can be named anything, as long as it is unique within the `Extensions` directory.
 
-This AnyCA REST Gateway plug-in enables issuance, revocation, and synchronization of certificates from DigiCert's CertCentral offering.  
-# Prerequisites
+4. Restart the AnyCA Gateway REST service.
 
-## Prerequisite: Certificate Chain
+5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert CertCentral   Gateway plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal.
 
-In order to request certificates from the Keyfactor AnyGateway, the Keyfactor Command server must trust the certificate chain of trust. To ensure trust is established, download your Root and/or Subordinate CA certificates from DigiCert and import them into the appropriate local certificate stores on the Keyfactor AnyGateway and Command servers. More information can be found in the [AnyCA Gateway REST Install Guide](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/Preparing.htm)
+## Configuration
 
-## Installation
-1. Download latest successful build from [GitHub Releases](../../releases/latest)
+1. Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) to define a new Certificate Authority, and use the notes below to configure the **Gateway Registration** and **CA Connection** tabs:
 
-2. Extract the .zip file, and from it, copy DigicertCAPlugin.dll and DigicertCAPlugin.deps.json to the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions' directory
+    * **Gateway Registration**
 
-3. Within the 'C:\Program Files\Keyfactor\AnyCA Gateway\AnyGatewayREST\net6.0\Extensions\Connectors' folder, update the manifest.json file to contain the following:
+        TODO Gateway Registration is a required section
 
-```json
-{  
-    "extensions": {  
-        "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": {  
-            "CertCentralCAPlugin": {  
-                "assemblypath": "../DigicertCAPlugin.dll",  
-                "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin"  
-            }  
-        }  
-    }  
-}
-```
+    * **CA Connection**
 
-NOTE: If the Connectors folder and/or the manifest.json file do not exist, they must be manually created
+        Populate using the configuration fields collected in the [requirements](#requirements) section.
 
-4. Restart the AnyCA Gateway service
+        * **APIKey** - API Key for connecting to DigiCert 
+        * **DivisionId** - Division ID to use for retrieving product details (only if account is configured with per-divison product settings) 
+        * **Region** - The geographic region that your DigiCert CertCentral account is in. Valid options are US and EU. 
+        * **RevokeCertificateOnly** - Default DigiCert behavior on revocation requests is to revoke the entire order. If this value is changed to 'true', revocation requests will instead just revoke the individual certificate. 
+        * **SyncCAFilter** - If you list one or more CA IDs here (comma-separated), the sync process will only sync records from those CAs. If you want to sync all CA IDs, leave this field empty. 
+        * **SyncDivisionFilter** - If you list one or more Divison IDs (also known as Container IDs) here (comma-separated), the sync process will filter records to only return orders from those divisions. If you want to sync all divisions, leave this field empty. Note that this has no relationship to the value of the DivisionId config field. 
+        * **FilterExpiredOrders** - If set to 'true', syncing will apply a filter to not return orders that are expired for longer than specified in SyncExpirationDays. 
+        * **SyncExpirationDays** - If FilterExpiredOrders is set to true, this setting determines how many days in the past to still return expired orders. For example, a value of 30 means the sync will return any certs that expired within the past 30 days. A value of 0 means the sync will not return any certs that expired before the current day. This value is ignored if FilterExpiredOrders is false. 
+        * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. 
 
-5. Navigate to the AnyCA Gateway REST portal and verify that the Gateway recognizes the DigiCert plugin by hovering over the ⓘ symbol to the right of the Gateway on the top left of the portal. CAPlugin Type should now be listed as CertCentralCA.
+2. TODO Certificate Template Creation Step is a required section
 
+3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
 
-## Configuration
+4. TODO Custom Enrollment Parameter Creation Step is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
 
-1. Follow the [official Keyfactor AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm#Add_or_Edit_a_Certificate_Authority) to define a new Certificate Authority, using the following information to configure the CA Connection section:
 
-SETTING | REQUIRED? | DESCRIPTION
---|--|--
-Enabled | Yes | Enables the DigiCert gateway functionality. Should almost always be set to 'true'
-APIKey | Yes | The API key the Gateway should use to communicate with the DigiCert API. Can be generated from the DigiCert portal.
-Region | No | The geographic region associated with your DigiCert account. Valid values are US and EU. Default if not provided is US.
-DivisionId | No | If your CertCentral account has multiple divisions AND uses any custom per-division product settings, provide a division ID for the gateway to use for product type lookups.
-RevokeCertificateOnly | No | If set to 'true', revoke operations will only revoke the individual certificate in question rather than the entire DigiCert order. Default if not provided is 'false'.
-SyncCAFilter | No | If you list one or more DigiCert issuing CA IDs here (comma-separated if more than one), the sync process will only return certs issued by one of those CAs. Leave this option empty to sync all certs from all CAs.
-FilterExpiredOrders | No | If set to 'true', syncing will not return certs that are expired more than a specified number of days. The number of days is specified by the SyncExpirationDays config option. Default value is 'false'.
-SyncExpirationDays | No | Only used if FilterExpiredOrders is 'true', otherwise ignored. Sets the number of days a cert has to be expired for the sync process to no longer sync it. For example, a value of 30 means sync will continue to return certs that have expired within the past 30 days, but not ones older than that. Default value is 0, meaning sync would not return any certs expired before the current day.
 
-2. After saving the CA configuration, Follow the [official AnyCA Gateway REST documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm#Certificate_Profile) to define one or more Certificate Profiles.
-3. Edit your newly configured CA, and you should now be able to modify the Templates tab. You need at least one template for each product type you wish to be able to enroll for. It is recommended to include the product type in the template name to make them easier to identify. Use the following information to configure the parameters for each template:
+## License
 
-SETTING | REQUIRED? | DESCRIPTION
---|--|--
-LifetimeDays | No | The number of days of validity to use when requesting certs. Default if not provided is 365. NOTE FOR RENEWALS: If the value of LifetimeDays is evenly divisible by 365, the expiration day and month of the new cert will be set to the same values as the old cert if possible, to avoid renewal date drift.
-CACertId | No | The ID of the issuing CA to be used by DigiCert. If not specified, the default for your account will be used.
-Organization-Name | No | If specified, this value will override any organization name provided in the subject of the cert request on enrollment. Useful for requests (such as ACME) that contain no subject.
-RenewalWindowDays | No | The number of days from expiration that the gateway should do a reissue rather than a renewal. Default if not provided is 90, meaning any renewal request for certs that expire in more than 90 days will be treated as a reissue request.
-CertType | No | Allows you to specify whether the certs of this template are ssl or client certs. Valid values: ssl, client. If not provided, defaults to ssl.
+Apache License 2.0, see [LICENSE](LICENSE).
 
+## Related Integrations
 
+See all [Keyfactor Any CA Gateways (REST)](https://github.com/orgs/Keyfactor/repositories?q=anycagateway).

digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj

@@ -16,4 +16,10 @@
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 
+  <ItemGroup>
+    <None Update="manifest.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
 </Project>

digicert-certcentral-caplugin/manifest.json

@@ -0,0 +1,10 @@
+{
+  "extensions": {
+    "Keyfactor.AnyGateway.Extensions.IAnyCAPlugin": {
+      "DigicertCAPlugin": {
+        "assemblypath": "DigicertCAPlugin.dll",
+        "TypeFullName": "Keyfactor.Extensions.CAPlugin.DigiCert.CertCentralCAPlugin"
+      }
+    }
+  }
+}

docsource/configuration.md

@@ -0,0 +1,24 @@
+## Overview
+
+TODO Overview is a required section
+
+## Requirements
+
+TODO Requirements is a required section
+
+## Gateway Registration
+
+TODO Gateway Registration is a required section
+
+## Certificate Template Creation Step
+
+TODO Certificate Template Creation Step is a required section
+
+## Custom Enrollment Parameter Creation Step
+
+TODO Custom Enrollment Parameter Creation Step is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+
+## Mechanics
+
+TODO Mechanics is an optional section. If this section doesn't seem necessary on initial glance, please delete it. Refer to the docs on [Confluence](https://keyfactor.atlassian.net/wiki/x/SAAyHg) for more info
+