release 1.0.2

* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.0.1 to main (#4)

* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.0.1

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Hydrant Failed Status Issues and Logging

* fixed changelog

* Add .NET 10 target framework support

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Change FlowLogger from LogTrace to LogDebug/LogWarning

The Keyfactor gateway framework sets the Microsoft.Extensions.Logging
minimum level above Trace, causing all LogTrace calls to be silently
dropped before reaching NLog. Flow diagram and step logging now uses
LogDebug (visible), and failure steps use LogWarning for visibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Revert FlowLogger back to LogTrace

LogTrace works in the CSC Global plugin with the same gateway framework,
so the MEL minimum level is not the issue. Reverting to match the
established pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fixed package vulns

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 4 people

CHANGELOG.md

@@ -1,3 +1,15 @@
+# v1.0.2
+* Fixed revocation status handling - failed revocations no longer incorrectly set certificate status to FAILED; certificate retains its current active status
+* Added FlowLogger utility for structured flow diagrams across all public plugin methods
+* Added guard clauses and input validation (null checks, UUID length validation before Substring)
+* Added null response guards after all API calls
+* Added null-safe structured logging throughout plugin, RequestManager, and HydrantIdClient
+* Added AggregateException flattening in catch blocks for better error reporting
+* Added per-certificate error isolation in Synchronize to prevent one bad cert from aborting sync
+* Added BlockingCollection.IsAddingCompleted guard before CompleteAdding()
+* Improved error handling in HydrantIdClient - non-success HTTP responses now throw with status details
+* Added .NET 10 target framework support
+
 # v1.0.1
 * SaaS Containerization Fixes, added enabled flag cleaned up some log messages