200dayfixes#25
Open
bhillkeyfactor wants to merge 10 commits into
Open
Conversation
Release 1.2.0
* Update integration-manifest.json * Update generated docs --------- Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> --------- Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
* chore: Update integration-manifest.json (#16) * Update integration-manifest.json * Update generated docs --------- Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> * release: 1.3.0 --------- Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io> * fixed sans issue passed to extension data (#23) * fixed sans issue passed to extension data * fixed change log --------- Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com> --------- Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
…hooting Port the FlowLogger workflow-tracing utility from the cscglobal-caplugin 200dayfixes branch and wire it into the plugin's Synchronize, Enroll, and GetSingleRecord operations to render step-by-step, timed flow diagrams to Trace logs. Add [SYNC-DIAG] instrumentation in GCPCASClient that, for every certificate handed to the AnyCA Gateway during sync, parses the PEM content and logs the fingerprint (thumbprint), NotBefore (as epoch ms), NotAfter, serial number, and subject - i.e. the exact metadata the Gateway must surface to Command on /v2/certificate/search and that the incremental sync gates on. Records whose content is null/empty or unparseable are flagged, pinpointing whether empty fingerprint / notBefore=0 values originate in the plugin.
During Synchronize, mirror the subject parsing the AnyCA Gateway performs when building its /v2/certificate/search response (new X509Name(true, netCert.Subject)). That call throws on subjects BouncyCastle cannot re-parse from .NET's string representation, which returns a 500 for the entire search page and aborts Command's CA sync. GatewayCanParseSubject runs the same parse on each certificate before it is added to the sync buffer. Certificates that would throw are skipped with a [SYNC-SKIP] warning and counted, so a single unparseable subject never lands in the gateway database and can never break the downstream Command sync. The gateway-side fix (try/catch or reading the subject from DER) will be handled separately.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.