From 10324e44326ed4b276e1cb808a76e9ff4bafcadc Mon Sep 17 00:00:00 2001 From: Dave Galey <89407235+dgaley@users.noreply.github.com> Date: Tue, 11 Jul 2023 14:27:13 -0400 Subject: [PATCH] Revokereasons (#42) * Allow use of basic auth only * Trim all leading 0s when searching by serial number * change revoke reason to unspecified for everything other than keyCompromise --- CHANGELOG.md | 5 ++++- src/EntrustRestCAProxy/EntrustCAConnector.cs | 9 ++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d6ddde..25210bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,4 +16,7 @@ 1.1.0 -Added support for basic auth (no client certificate) --Fixed an issue with cert lookups when the serial number has leading 0s \ No newline at end of file +-Fixed an issue with cert lookups when the serial number has leading 0s + +1.2.0 +-Change revoke to always pass 'unspecified' as the reason code for any reason other than Key Compromised, and to include the reason in the comment instead. \ No newline at end of file diff --git a/src/EntrustRestCAProxy/EntrustCAConnector.cs b/src/EntrustRestCAProxy/EntrustCAConnector.cs index b21de94..34336f6 100644 --- a/src/EntrustRestCAProxy/EntrustCAConnector.cs +++ b/src/EntrustRestCAProxy/EntrustCAConnector.cs @@ -534,8 +534,15 @@ public override int Revoke(string caRequestID, string hexSerialNumber, uint revo Dictionary connectionInfo = ConfigProvider.CAConnectionData; EntrustClient client = CreateEntrustClient(connectionInfo); string reason = Conversions.RevokeReasonToString(revocationReason); - string comment = "Revoked by Entrust Gateway"; + string comment = $"Revoked by Entrust Gateway for the following reason: {reason}"; CAConnectorCertificate cert = GetSingleRecord(caRequestID); + + if (!string.Equals(reason, "keyCompromise")) + { + // Entrust no longer accepts any reason codes other than keyCompromise and unspecified. + reason = "unspecified"; + } + if (!(cert.Status == (int)RequestDisposition.ISSUED)) { string errorMessage = String.Format("Request {0} was not found in Entrust database or is not in a valid state to perform a revocation", caRequestID);