diff --git a/CHANGELOG.md b/CHANGELOG.md index 46545d1..7c8b66f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,3 +21,7 @@ Better datetime parsing of returned certificates 1.0.16 Fix for adding additional SANs to certificate requests + +1.1.0 +Add ability to page inventory +Fix to remove AD-dependence \ No newline at end of file diff --git a/readme_source.md b/readme_source.md index 45fa403..1dca047 100644 --- a/readme_source.md +++ b/readme_source.md @@ -51,12 +51,16 @@ The following sections will breakdown the required configurations for the AnyGat ## Templates The Template section will map the CA's SSL profile to an AD template. The Lifetime parameter is required and represents the certificate duration in months. +* ```ContactName``` +The name to pass to GlobalSign as the contact name for enrollments. OPTIONAL if Active Directory authentication is used in Keyfactor Command, in that case it can look up the name of the requesting user. Value provided in this config field overrides AD lookups. + ```json "Templates": { "WebServer": { "ProductID": "PV_SHA2", "Parameters": { - "Lifetime":"12" + "Lifetime":"12", + "ContactName":"John Doe" } } } diff --git a/src/GlobalSignCAProxy/GlobalSignCAProxy.cs b/src/GlobalSignCAProxy/GlobalSignCAProxy.cs index ddaaac6..e08ae12 100644 --- a/src/GlobalSignCAProxy/GlobalSignCAProxy.cs +++ b/src/GlobalSignCAProxy/GlobalSignCAProxy.cs @@ -47,11 +47,34 @@ public override void Initialize(ICAConnectorConfigProvider configProvider) public override EnrollmentResult Enroll(ICertificateDataReader certificateDataReader, string csr, string subject, Dictionary san, EnrollmentProductInfo productInfo, PKIConstants.X509.RequestFormat requestFormat, RequestUtilities.EnrollmentType enrollmentType) { Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug); - CAProxy.Common.Config.ADUserInfoResolver userInfoResolver = new ADUserInfoResolver(); + string requesterName = ""; + if (productInfo.ProductParameters.ContainsKey("ContactName") && !string.IsNullOrEmpty(productInfo.ProductParameters["ContactName"])) + { + requesterName = productInfo.ProductParameters["ContactName"]; + } + + if (string.IsNullOrEmpty(requesterName)) + { + if (productInfo.ProductParameters.ContainsKey("Keyfactor-Requester")) + { + var requestor = productInfo.ProductParameters["Keyfactor-Requester"]; + if (!string.IsNullOrEmpty(requestor)) + { + try + { + ADUserInfoResolver userInfoResolver = new ADUserInfoResolver(); + Logger.Debug($"Resolving requesting user as '{requestor}'"); + var userInfo = userInfoResolver.Resolve(requestor); + requesterName = userInfo.Name; + } catch (Exception) { } + } + } + } - var requestor = productInfo.ProductParameters["Keyfactor-Requester"]; - Logger.Debug($"Resolving requesting user as '{requestor}'"); - var userInfo = userInfoResolver.Resolve(requestor); + if (string.IsNullOrEmpty(requesterName)) + { + throw new Exception("ContactName configuration field is required but not found, or could not be looked up"); + } try { @@ -153,8 +176,8 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe Licenses = "1", OrderKind = "new", Months = months, - FirstName = userInfo.Name, - LastName = userInfo.Name, + FirstName = requesterName, + LastName = requesterName, Email = domain?.ContactInfo?.Email, Phone = domain?.ContactInfo?.Phone, CommonName = commonName, @@ -176,8 +199,8 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe Licenses = "1", OrderKind = "renewal", Months = months, - FirstName = userInfo.Name, - LastName = userInfo.Name, + FirstName = requesterName, + LastName = requesterName, Email = domain?.ContactInfo?.Email, Phone = domain?.ContactInfo?.Phone, CommonName = commonName,