From 24c3eac45f628f2409a10b572aa1b98d6d9258e5 Mon Sep 17 00:00:00 2001 From: Brian Hill Date: Fri, 12 Dec 2025 09:49:14 -0500 Subject: [PATCH 1/3] Incremental Sync Support for DCOM Gateway --- .claude/settings.local.json | 7 ++ CscGlobalCaProxy/Client/CscGlobalClient.cs | 19 +++++ CscGlobalCaProxy/Constants.cs | 1 + CscGlobalCaProxy/CscGlobalCaProxy.cs | 78 +++++++++++-------- .../Interfaces/ICscGlobalClient.cs | 5 +- 5 files changed, 75 insertions(+), 35 deletions(-) create mode 100644 .claude/settings.local.json diff --git a/.claude/settings.local.json b/.claude/settings.local.json new file mode 100644 index 0000000..00fc07d --- /dev/null +++ b/.claude/settings.local.json @@ -0,0 +1,7 @@ +{ + "permissions": { + "allow": [ + "Bash(dotnet build:*)" + ] + } +} diff --git a/CscGlobalCaProxy/Client/CscGlobalClient.cs b/CscGlobalCaProxy/Client/CscGlobalClient.cs index 962460f..693c88a 100644 --- a/CscGlobalCaProxy/Client/CscGlobalClient.cs +++ b/CscGlobalCaProxy/Client/CscGlobalClient.cs @@ -158,6 +158,25 @@ public async Task SubmitCertificateListRequestAsync() return certificateListResponse; } + public async Task SubmitIncrementalCertificateListRequestAsync(DateTime effectiveDate) + { + Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug); + var dateFilter = effectiveDate.ToString("yyyy/MM/dd"); + Logger.Trace($"Incremental Sync with effectiveDate filter: {dateFilter}"); + var resp = RestClient.GetAsync($"/dbs/api/v2/tls/certificate?filter=effectiveDate=ge={dateFilter}").Result; + + if (!resp.IsSuccessStatusCode) + { + var responseMessage = resp.Content.ReadAsStringAsync().Result; + Logger.Error( + $"Failed Request to Keyfactor. Retrying request. Status Code {resp.StatusCode} | Message: {responseMessage}"); + } + + var certificateListResponse = + JsonConvert.DeserializeObject(await resp.Content.ReadAsStringAsync()); + return certificateListResponse; + } + private HttpClient ConfigureRestClient() { var clientHandler = new WebRequestHandler(); diff --git a/CscGlobalCaProxy/Constants.cs b/CscGlobalCaProxy/Constants.cs index eeb2253..dabc237 100644 --- a/CscGlobalCaProxy/Constants.cs +++ b/CscGlobalCaProxy/Constants.cs @@ -6,5 +6,6 @@ public class Constants public static string CscGlobalApiKey = "ApiKey"; public static string BearerToken = "BearerToken"; public static int DefaultPageSize = 100; + public static int IncrementalSyncDays = 5; } } diff --git a/CscGlobalCaProxy/CscGlobalCaProxy.cs b/CscGlobalCaProxy/CscGlobalCaProxy.cs index 3eadd4d..c97bcb0 100644 --- a/CscGlobalCaProxy/CscGlobalCaProxy.cs +++ b/CscGlobalCaProxy/CscGlobalCaProxy.cs @@ -81,54 +81,64 @@ public override void Synchronize(ICertificateDataReader certificateDataReader, Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug); try { + CertificateListResponse certs; + if (certificateAuthoritySyncInfo.DoFullSync) { - var certs = Task.Run(async () => await CscGlobalClient.SubmitCertificateListRequestAsync()).Result; + Logger.Trace("Performing Full Sync"); + certs = Task.Run(async () => await CscGlobalClient.SubmitCertificateListRequestAsync()).Result; + } + else + { + // Incremental sync - get certificates from the last X days (default 5) + var effectiveDate = DateTime.Now.AddDays(-Constants.IncrementalSyncDays); + Logger.Trace($"Performing Incremental Sync with effectiveDate: {effectiveDate:yyyy/MM/dd}"); + certs = Task.Run(async () => await CscGlobalClient.SubmitIncrementalCertificateListRequestAsync(effectiveDate)).Result; + } + + foreach (var currentResponseItem in certs.Results) + { + + cancelToken.ThrowIfCancellationRequested(); + Logger.Trace($"Took Certificate ID {currentResponseItem?.Uuid} from Queue"); + var certStatus = _requestManager.MapReturnStatus(currentResponseItem?.Status); - foreach (var currentResponseItem in certs.Results) + //Keyfactor sync only seems to work when there is a valid cert and I can only get Active valid certs from Csc Global + if (certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.ISSUED) || + certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.REVOKED)) { + //One click renewal/reissue won't work for this implementation so there is an option to disable it by not syncing back template + var productId = "CscGlobal"; + if (EnableTemplateSync) productId = currentResponseItem?.CertificateType; - cancelToken.ThrowIfCancellationRequested(); - Logger.Trace($"Took Certificate ID {currentResponseItem?.Uuid} from Queue"); - var certStatus = _requestManager.MapReturnStatus(currentResponseItem?.Status); + var fileContent = + Encoding.ASCII.GetString( + Convert.FromBase64String(currentResponseItem?.Certificate ?? string.Empty)); - //Keyfactor sync only seems to work when there is a valid cert and I can only get Active valid certs from Csc Global - if (certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.ISSUED) || - certStatus == Convert.ToInt32(PKIConstants.Microsoft.RequestDisposition.REVOKED)) + if (fileContent.Length > 0) { - //One click renewal/reissue won't work for this implementation so there is an option to disable it by not syncing back template - var productId = "CscGlobal"; - if (EnableTemplateSync) productId = currentResponseItem?.CertificateType; - - var fileContent = - Encoding.ASCII.GetString( - Convert.FromBase64String(currentResponseItem?.Certificate ?? string.Empty)); + Logger.Trace($"File Content {fileContent}"); + var certData = fileContent.Replace("\r\n", string.Empty); + var certString = GetEndEntityCertificate(certData); + var currentCert = new X509Certificate2(Encoding.ASCII.GetBytes(certString)); - if (fileContent.Length > 0) + if (certString.Length > 0) { - Logger.Trace($"File Content {fileContent}"); - var certData = fileContent.Replace("\r\n", string.Empty); - var certString = GetEndEntityCertificate(certData); - var currentCert = new X509Certificate2(Encoding.ASCII.GetBytes(certString)); - - if (certString.Length > 0) + blockingBuffer.Add(new CAConnectorCertificate { - blockingBuffer.Add(new CAConnectorCertificate - { - CARequestID = $"{currentResponseItem?.Uuid}", - Certificate = certString, - SubmissionDate = currentResponseItem?.OrderDate == null - ? Convert.ToDateTime(currentCert.NotBefore) - : Convert.ToDateTime(currentResponseItem.OrderDate), - Status = certStatus, - ProductID = productId - }, cancelToken); - } + CARequestID = $"{currentResponseItem?.Uuid}", + Certificate = certString, + SubmissionDate = currentResponseItem?.OrderDate == null + ? Convert.ToDateTime(currentCert.NotBefore) + : Convert.ToDateTime(currentResponseItem.OrderDate), + Status = certStatus, + ProductID = productId + }, cancelToken); } } } - blockingBuffer.CompleteAdding(); } + blockingBuffer.CompleteAdding(); } catch (Exception e) { diff --git a/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs b/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs index d2596af..82f477c 100644 --- a/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs +++ b/CscGlobalCaProxy/Interfaces/ICscGlobalClient.cs @@ -1,4 +1,5 @@ -using System.Collections.Concurrent; +using System; +using System.Collections.Concurrent; using System.Threading; using System.Threading.Tasks; using Keyfactor.AnyGateway.CscGlobal.Client.Models; @@ -20,6 +21,8 @@ Task SubmitReissueAsync( Task SubmitCertificateListRequestAsync(); + Task SubmitIncrementalCertificateListRequestAsync(DateTime effectiveDate); + Task SubmitRevokeCertificateAsync(string uuId); } } \ No newline at end of file From d5a82383f4f043ad751d9ea3cf97dda2bc78f203 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Fri, 12 Dec 2025 15:48:29 -0500 Subject: [PATCH 2/3] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1227ce2..beb6414 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +v1.2.0 +-Incremental Sync Support with effectiveDate within last 5 days + v1.1.1 - Fix Revoke Serial Number Mismatch KF 10.1 and 22.1.0 GW combination - Only Syncing and GetSingleRecord on End Entity Cert to prevent errors. From adbd907faa6c3e45603a698ab2c99fc9930f7c86 Mon Sep 17 00:00:00 2001 From: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com> Date: Fri, 12 Dec 2025 15:48:43 -0500 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index beb6414..c47f56f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ v1.2.0 --Incremental Sync Support with effectiveDate within last 5 days +- Incremental Sync Support with effectiveDate within last 5 days v1.1.1 - Fix Revoke Serial Number Mismatch KF 10.1 and 22.1.0 GW combination