Keyfactor
diff --git a/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 23 additions & 7 deletions b/‎README.md‎
Lines changed: 23 additions & 7 deletions
diff --git a/‎cscglobal-caplugin.sln‎
Lines changed: 3 additions & 2 deletions b/‎cscglobal-caplugin.sln‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎cscglobal-caplugin/CSCGlobalCAPlugin.cs‎
Lines changed: 132 additions & 33 deletions b/‎cscglobal-caplugin/CSCGlobalCAPlugin.cs‎
Lines changed: 132 additions & 33 deletions
@@ -1,3 +1,9 @@
+v.1.0.2
+- Warning: enrollment field/template parameter with the name "CN DCV Email ([email protected])" has been renamed to "CN DCV Email" to make it compatible with the REST gateway. "Aplicant Pgone (+nn.nnnnnnnn)" has also been renamed to "Applicant Phone".
+- Updated dependencies.
+- Added support for default values via enrollment parameters configured in the AnyGateway REST certificate template.
+- Fixed issue with non-ASCII characters breaking the gateway.
+
 v1.0.1 
 - Fixed issue with SANs not being read correctly.
 
 
@@ -5,9 +5,9 @@
 <p align="center">
   <!-- Badges -->
 <img src="https://img.shields.io/badge/integration_status-pilot-3D1973?style=flat-square" alt="Integration Status: pilot" />
-<a href="https://github.com/Keyfactor/cscglobal-caplugin/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/cscglobal-caplugin?style=flat-square" alt="Release" /></a>
-<img src="https://img.shields.io/github/issues/Keyfactor/cscglobal-caplugin?style=flat-square" alt="Issues" />
-<img src="https://img.shields.io/github/downloads/Keyfactor/cscglobal-caplugin/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
+<a href="https://github.com/Keyfactor/cscglobal-caplugin-dev/releases"><img src="https://img.shields.io/github/v/release/Keyfactor/cscglobal-caplugin-dev?style=flat-square" alt="Release" /></a>
+<img src="https://img.shields.io/github/issues/Keyfactor/cscglobal-caplugin-dev?style=flat-square" alt="Issues" />
+<img src="https://img.shields.io/github/downloads/Keyfactor/cscglobal-caplugin-dev/total?style=flat-square&label=downloads&color=28B905" alt="GitHub Downloads (all assets, all releases)" />
 </p>
 
 <p align="center">
@@ -53,7 +53,7 @@ This integration is tested and confirmed as working for Anygateway REST 24.2 and
 
 1. Install the AnyCA Gateway REST per the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/InstallIntroduction.htm).
 
-2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [CSCGlobal CA  Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/cscglobal-caplugin/releases/latest) from GitHub.
+2. On the server hosting the AnyCA Gateway REST, download and unzip the latest [CSCGlobal CA  Gateway AnyCA Gateway REST plugin](https://github.com/Keyfactor/cscglobal-caplugin-dev/releases/latest) from GitHub.
 
 3. Copy the unzipped directory (usually called `net6.0` or `net8.0`) to the Extensions directory:
 
@@ -91,7 +91,8 @@ This integration is tested and confirmed as working for Anygateway REST 24.2 and
 2. PLEASE NOTE, AT THIS TIME THE RAPID_SSL TEMPLATE IS NOT SUPPORTED BY THE CSC API AND WILL NOT WORK WITH THIS INTEGRATION
 
     The following certificate templates are supported. Please set up the key sizes accordingly in the Certificate Profile menu of Anygateway REST, then enter the remaining details
-    and the Enrollment Fields for each Template accordingly using the Certificate Templates section in Command:
+    and the Enrollment Fields for each Template accordingly using the Certificate Templates section in Command. If you would like to set up default values for enrollment parameters, you can do so the in the Certificate Template Menu of Anygateway REST.
+    If a field value is specified as both an Enrollment Field in Command and in the Certificate Template Menu in the REST Gateway, the value in the Enrollment Field will take precedence.
 
     CONFIG ELEMENT				| DESCRIPTION
     ----------------------------|------------------
@@ -175,7 +176,7 @@ This integration is tested and confirmed as working for Anygateway REST 24.2 and
     Business Unit | Multiple Choice | Get From CSC Differs For Clients
     Notification Email(s) Comma Separated | String | N/A
     CN DCV Email ([email protected]) | String | N/A
-    Addtl Sans Comma Separated DVC Emails | String | N/A
+    Addtl Sans Comma Separated DCV Emails | String | N/A
 
 
     **CSC TrustedSecure Premium Wildcard Certificate - Details Tab**
@@ -289,10 +290,25 @@ This integration is tested and confirmed as working for Anygateway REST 24.2 and
     Business Unit | Multiple Choice | Get From CSC Differs For Clients
     Notification Email(s) Comma Separated | String | N/A
     CN DCV Email ([email protected]) | String | N/A
-    Addtl Sans Comma Separated DVC Emails | String | N/A
+    Addtl Sans Comma Separated DCV Emails | String | N/A
 
 3. Follow the [official Keyfactor documentation](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Keyfactor.htm) to add each defined Certificate Authority to Keyfactor Command and import the newly defined Certificate Templates.
 
+4. In Keyfactor Command (v12.3+), for each imported Certificate Template, follow the [official documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Configuring%20Template%20Options.htm) to define enrollment fields for each of the following parameters:
+
+    * **Term** - OPTIONAL: Certificate term (e.g. 12 or 24 months) 
+    * **Applicant First Name** - OPTIONAL: Applicant First Name 
+    * **Applicant Last Name** - OPTIONAL: Applicant Last Name 
+    * **Applicant Email Address** - OPTIONAL: Applicant Email Address 
+    * **Applicant Phone** - OPTIONAL: Applicant Phone (+nn.nnnnnnnn) 
+    * **Domain Control Validation Method** - OPTIONAL: Domain Control Validation Method (e.g. EMAIL) 
+    * **Organization Contact** - OPTIONAL: Organization Contact (selected from CSC configuration) 
+    * **Business Unit** - OPTIONAL: Business Unit (selected from CSC configuration) 
+    * **Notification Email(s) Comma Separated** - OPTIONAL: Notification Email(s), comma separated 
+    * **CN DCV Email** - OPTIONAL: CN DCV Email (e.g. [email protected]) 
+    * **Organization Country** - OPTIONAL: Organization Country 
+    * **Addtl Sans Comma Separated DCV Emails** - OPTIONAL: Additional SANs DCV Emails, comma separated 
+
 
 
 ## License
 
@@ -1,13 +1,14 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.11.35327.3
+# Visual Studio Version 18
+VisualStudioVersion = 18.0.11217.181 d18.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CSCGlobalCAPlugin", "cscglobal-caplugin\CSCGlobalCAPlugin.csproj", "{01DDFD6F-275D-46E7-B522-E0C965D1BF9C}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8EC462FD-D22E-90A8-E5CE-7E832BA40C5D}"
 	ProjectSection(SolutionItems) = preProject
 		CHANGELOG.md = CHANGELOG.md
+		docsource\configuration.md = docsource\configuration.md
 		integration-manifest.json = integration-manifest.json
 	EndProjectSection
 EndProject
 
@@ -5,20 +5,19 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 // and limitations under the License.
 
+using System.Collections.Concurrent;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Text.RegularExpressions;
 using Keyfactor.AnyGateway.Extensions;
 using Keyfactor.Extensions.CAPlugin.CSCGlobal.Client;
 using Keyfactor.Extensions.CAPlugin.CSCGlobal.Client.Models;
 using Keyfactor.Extensions.CAPlugin.CSCGlobal.Interfaces;
 using Keyfactor.Logging;
 using Keyfactor.PKI.Enums.EJBCA;
-using Keyfactor.PKI.X509;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
-using System.Collections.Concurrent;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
-using System.Text.RegularExpressions;
 
 namespace Keyfactor.Extensions.CAPlugin.CSCGlobal;
 
@@ -324,6 +323,13 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
     public async Task ValidateProductInfo(EnrollmentProductInfo productInfo,
         Dictionary<string, object> connectionInfo)
     {
+        var certType = ProductIDs.productIds.Find(x =>
+            x.Equals(productInfo.ProductID, StringComparison.InvariantCultureIgnoreCase));
+
+        if (certType == null) throw new ArgumentException($"Cannot find {productInfo.ProductID}", "ProductId");
+
+        Logger.LogInformation($"Validated {certType} ({certType})configured for AnyGateway");
+
     }
 
     //done
@@ -372,23 +378,111 @@ public Dictionary<string, PropertyConfigInfo> GetCAConnectorAnnotations()
     //done
     public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()
     {
-        return new Dictionary<string, PropertyConfigInfo>();
+        return new Dictionary<string, PropertyConfigInfo>
+        {
+            [EnrollmentConfigConstants.Term] = new()
+            {
+                Comments = "OPTIONAL: Certificate term (e.g. 12 or 24 months)",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "Number"
+            },
+
+            [EnrollmentConfigConstants.ApplicantFirstName] = new()
+            {
+                Comments = "OPTIONAL: Applicant First Name",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.ApplicantLastName] = new()
+            {
+                Comments = "OPTIONAL: Applicant Last Name",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.ApplicantEmailAddress] = new()
+            {
+                Comments = "OPTIONAL: Applicant Email Address",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.ApplicantPhone] = new()
+            {
+                Comments = "OPTIONAL: Applicant Phone (+nn.nnnnnnnn)",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.DomainControlValidationMethod] = new()
+            {
+                Comments = "OPTIONAL: Domain Control Validation Method (e.g. EMAIL)",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.OrganizationContact] = new()
+            {
+                Comments = "OPTIONAL: Organization Contact (selected from CSC configuration)",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.BusinessUnit] = new()
+            {
+                Comments = "OPTIONAL: Business Unit (selected from CSC configuration)",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.NotificationEmailsCommaSeparated] = new()
+            {
+                Comments = "OPTIONAL: Notification Email(s), comma separated",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.CnDcvEmail] = new()
+            {
+                Comments = "OPTIONAL: CN DCV Email (e.g. [email protected])",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.OrganizationCountry] = new()
+            {
+                Comments = "OPTIONAL: Organization Country",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            },
+
+            [EnrollmentConfigConstants.AdditionalSansCommaSeparatedDcvEmails] = new()
+            {
+                Comments = "OPTIONAL: Additional SANs DCV Emails, comma separated",
+                Hidden = false,
+                DefaultValue = string.Empty,
+                Type = "String"
+            }
+        };
     }
 
     //done
     public List<string> GetProductIds()
     {
-        var ProductIDs = new List<string>
-        {
-            "CSC TrustedSecure Premium Certificate",
-            "CSC TrustedSecure EV Certificate",
-            "CSC TrustedSecure UC Certificate",
-            "CSC TrustedSecure Premium Wildcard Certificate",
-            "CSC TrustedSecure Domain Validated SSL",
-            "CSC TrustedSecure Domain Validated Wildcard SSL",
-            "CSC TrustedSecure Domain Validated UC Certificate"
-        };
-        return ProductIDs;
+
+        return ProductIDs.productIds;
     }
 
     #region PRIVATE
@@ -401,7 +495,7 @@ public List<string> GetProductIds()
     private static readonly Regex Ws = new("\\s+", RegexOptions.Compiled);
 
     /// <summary>
-    /// Returns the end-entity certificate as Base64 DER (no PEM headers), or "" if none could be found.
+    ///     Returns the end-entity certificate as Base64 DER (no PEM headers), or "" if none could be found.
     /// </summary>
     public string GetEndEntityCertificate(string pemChain)
     {
@@ -430,8 +524,8 @@ public string GetEndEntityCertificate(string pemChain)
         try
         {
             // 3) Export to DER and Base64 (no headers).
-            byte[] der = leaf.Export(X509ContentType.Cert);
-            string b64 = Convert.ToBase64String(der);
+            var der = leaf.Export(X509ContentType.Cert);
+            var b64 = Convert.ToBase64String(der);
             Logger.LogTrace("End-entity certificate exported successfully.");
             return b64;
         }
@@ -453,7 +547,7 @@ private List<X509Certificate2> ExtractCertificates(string pem)
 
         foreach (Match m in PemBlock.Matches(pem))
         {
-            string b64 = m.Groups["b64"].Value;
+            var b64 = m.Groups["b64"].Value;
             if (string.IsNullOrWhiteSpace(b64))
             {
                 Logger.LogTrace("Skipping empty PEM block.");
@@ -467,14 +561,15 @@ private List<X509Certificate2> ExtractCertificates(string pem)
             try
             {
                 // Convert.TryFromBase64String is fast and avoids temporary arrays when possible
-                if (!Convert.TryFromBase64String(b64, new Span<byte>(new byte[GetDecodedLength(b64)]), out int bytesWritten))
+                if (!Convert.TryFromBase64String(b64, new Span<byte>(new byte[GetDecodedLength(b64)]),
+                        out var bytesWritten))
                 {
                     // Fallback to FromBase64String to trigger a clear exception path
                     var discard = Convert.FromBase64String(b64);
                     bytesWritten = discard.Length; // unreachable if invalid
                 }
 
-                byte[] der = Convert.FromBase64String(b64);
+                var der = Convert.FromBase64String(b64);
                 var cert = new X509Certificate2(der);
                 results.Add(cert);
                 Logger.LogTrace($"Imported certificate: Subject='{cert.Subject}', Issuer='{cert.Issuer}'");
@@ -514,23 +609,26 @@ bool IsCa(X509Certificate2 c)
                 if (bc is X509BasicConstraintsExtension bce)
                     return bce.CertificateAuthority;
             }
-            catch { /* ignore and treat as unknown */ }
+            catch
+            {
+                /* ignore and treat as unknown */
+            }
+
             return false; // if unknown, bias towards non-CA for end-entity picking
         }
 
         // Candidates that do not issue others (their Subject is not an Issuer of any other).
         var nonIssuers = certs.Where(c =>
-            !certs.Any(o => !ReferenceEquals(o, c) && string.Equals(o.Issuer, c.Subject, StringComparison.OrdinalIgnoreCase))
+            !certs.Any(o =>
+                !ReferenceEquals(o, c) && string.Equals(o.Issuer, c.Subject, StringComparison.OrdinalIgnoreCase))
         ).ToList();
 
         // Prefer non-CA among non-issuers
         var nonIssuerNonCa = nonIssuers.Where(c => !IsCa(c)).ToList();
         if (nonIssuerNonCa.Count == 1) return nonIssuerNonCa[0];
         if (nonIssuerNonCa.Count > 1)
-        {
             // If multiple, pick the one whose subject appears least as an issuer (tie-breaker unnecessary here since nonIssuers already exclude issuers).
             return nonIssuerNonCa[0];
-        }
 
         // If that failed, pick any non-CA that is not an issuer in the set of all issuers
         var anyNonCa = certs.Where(c => !IsCa(c)).ToList();
@@ -554,14 +652,15 @@ bool IsCa(X509Certificate2 c)
     private static int GetDecodedLength(string b64)
     {
         // Approximate decoded length: 3/4 of input, minus padding effect
-        int len = b64.Length;
-        int padding = 0;
+        var len = b64.Length;
+        var padding = 0;
         if (len >= 2)
         {
             if (b64[^1] == '=') padding++;
             if (b64[^2] == '=') padding++;
         }
-        return Math.Max(0, (len / 4) * 3 - padding);
+
+        return Math.Max(0, len / 4 * 3 - padding);
     }
 
     private string ExportCollectionToPem(X509Certificate2Collection collection)
@@ -577,7 +676,8 @@ private string ExportCollectionToPem(X509Certificate2Collection collection)
 
         return pemBuilder.ToString();
     }
-    private static readonly Encoding Utf8Strict = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true);
+
+    private static readonly Encoding Utf8Strict = new UTF8Encoding(false, true);
     private static readonly Encoding Latin1 = Encoding.GetEncoding("ISO-8859-1");
 
     private string PreparePemTextFromApi(string? base64)
@@ -621,6 +721,5 @@ private string PreparePemTextFromApi(string? base64)
         return text;
     }
 
-
     #endregion
 }