From 2e3a975f90190e112db960d0a3f5f463d7f6a07b Mon Sep 17 00:00:00 2001
From: David Galey <dgaley@keyfactor.com>
Date: Wed, 4 Jun 2025 15:21:45 -0400
Subject: [PATCH 1/3] use custom OID lookup list from Keyfactor.PKI for
 bouncycastle parsing

---
 .../DigiCertCAConnector.cs                    | 12 ++--
 digicert-certcentral-cagateway/app.config     |  8 +++
 .../digicert-certcentral-cagateway.csproj     | 62 +++++++++++++++++++
 .../packages.config                           | 14 +++++
 4 files changed, 91 insertions(+), 5 deletions(-)

diff --git a/digicert-certcentral-cagateway/DigiCertCAConnector.cs b/digicert-certcentral-cagateway/DigiCertCAConnector.cs
index 5337e8d..1ec81f3 100644
--- a/digicert-certcentral-cagateway/DigiCertCAConnector.cs
+++ b/digicert-certcentral-cagateway/DigiCertCAConnector.cs
@@ -5,6 +5,8 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 // and limitations under the License.
 
+extern alias BC;
+
 using CAProxy.AnyGateway;
 using CAProxy.AnyGateway.Interfaces;
 using CAProxy.AnyGateway.Models;
@@ -121,14 +123,14 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
 			}
 
 			// Parse subject
-			X509Name subjectParsed = null;
+			BC.Org.BouncyCastle.Asn1.X509.X509Name subjectParsed = null;
 			string commonName = null, organization = null, orgUnit = null;
 			try
 			{
-				subjectParsed = new X509Name(subject);
-				commonName = subjectParsed.GetValueList(X509Name.CN).Cast<string>().LastOrDefault();
-				organization = subjectParsed.GetValueList(X509Name.O).Cast<string>().LastOrDefault();
-				orgUnit = subjectParsed.GetValueList(X509Name.OU).Cast<string>().LastOrDefault();
+				subjectParsed = new BC.Org.BouncyCastle.Asn1.X509.X509Name(true, Keyfactor.PKI.PKIConstants.X509.OIDLookup, subject);
+				commonName = subjectParsed.GetValueList(BC.Org.BouncyCastle.Asn1.X509.X509Name.CN).Cast<string>().LastOrDefault();
+				organization = subjectParsed.GetValueList(BC.Org.BouncyCastle.Asn1.X509.X509Name.O).Cast<string>().LastOrDefault();
+				orgUnit = subjectParsed.GetValueList(BC.Org.BouncyCastle.Asn1.X509.X509Name.OU).Cast<string>().LastOrDefault();
 			}
 			catch (Exception) { }
 
diff --git a/digicert-certcentral-cagateway/app.config b/digicert-certcentral-cagateway/app.config
index 0b764ae..f981116 100644
--- a/digicert-certcentral-cagateway/app.config
+++ b/digicert-certcentral-cagateway/app.config
@@ -10,6 +10,14 @@
         <assemblyIdentity name="CSS.Common" publicKeyToken="0ed89d330114ab09" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-1.6.0.0" newVersion="1.6.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Keyfactor.Logging" publicKeyToken="0ed89d330114ab09" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>
\ No newline at end of file
diff --git a/digicert-certcentral-cagateway/digicert-certcentral-cagateway.csproj b/digicert-certcentral-cagateway/digicert-certcentral-cagateway.csproj
index 5a27c3a..5621e0e 100644
--- a/digicert-certcentral-cagateway/digicert-certcentral-cagateway.csproj
+++ b/digicert-certcentral-cagateway/digicert-certcentral-cagateway.csproj
@@ -34,6 +34,10 @@
     <Reference Include="BouncyCastle.Crypto, Version=1.8.9.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
       <HintPath>..\packages\Portable.BouncyCastle.1.8.9\lib\net40\BouncyCastle.Crypto.dll</HintPath>
     </Reference>
+    <Reference Include="BouncyCastle.Cryptography, Version=2.0.0.0, Culture=neutral, PublicKeyToken=072edcf4a5328938, processorArchitecture=MSIL">
+      <HintPath>..\packages\BouncyCastle.Cryptography.2.0.0\lib\net461\BouncyCastle.Cryptography.dll</HintPath>
+	  <Aliases>BC</Aliases>
+    </Reference>
     <Reference Include="CAProxy.AnyGateway.Core, Version=21.3.2.0, Culture=neutral, PublicKeyToken=0ed89d330114ab09, processorArchitecture=MSIL">
       <HintPath>..\packages\Keyfactor.AnyGateway.SDK.21.3.2\lib\net462\CAProxy.AnyGateway.Core.dll</HintPath>
     </Reference>
@@ -65,15 +69,72 @@
     <Reference Include="Keyfactor.Logging, Version=1.1.0.0, Culture=neutral, PublicKeyToken=0ed89d330114ab09, processorArchitecture=MSIL">
       <HintPath>..\packages\Keyfactor.Logging.1.1.0\lib\netstandard2.0\Keyfactor.Logging.dll</HintPath>
     </Reference>
+    <Reference Include="Keyfactor.PKI, Version=5.7.0.0, Culture=neutral, PublicKeyToken=0ed89d330114ab09, processorArchitecture=MSIL">
+      <HintPath>..\packages\Keyfactor.PKI.5.7.0\lib\net472\Keyfactor.PKI.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Extensions.Logging.Abstractions, Version=5.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Extensions.Logging.Abstractions.5.0.0\lib\net461\Microsoft.Extensions.Logging.Abstractions.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Win32.Registry, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Win32.Registry.5.0.0\lib\net461\Microsoft.Win32.Registry.dll</HintPath>
+    </Reference>
     <Reference Include="Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
       <HintPath>..\packages\Newtonsoft.Json.12.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="System" />
+    <Reference Include="System.ComponentModel.Composition" />
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Configuration.ConfigurationManager, Version=5.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Configuration.ConfigurationManager.5.0.0\lib\net461\System.Configuration.ConfigurationManager.dll</HintPath>
+    </Reference>
     <Reference Include="System.Core" />
+    <Reference Include="System.Data.OracleClient" />
     <Reference Include="System.DirectoryServices" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.IO, Version=4.1.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IO.4.3.0\lib\net462\System.IO.dll</HintPath>
+      <Private>True</Private>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Net" />
+    <Reference Include="System.Runtime, Version=4.1.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Runtime.4.3.0\lib\net462\System.Runtime.dll</HintPath>
+      <Private>True</Private>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Security" />
+    <Reference Include="System.Security.AccessControl, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.AccessControl.5.0.0\lib\net461\System.Security.AccessControl.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Algorithms, Version=4.2.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Cryptography.Algorithms.4.3.1\lib\net463\System.Security.Cryptography.Algorithms.dll</HintPath>
+      <Private>True</Private>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Cng, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Cryptography.Cng.5.0.0\lib\net47\System.Security.Cryptography.Cng.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Encoding, Version=4.0.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Cryptography.Encoding.4.3.0\lib\net46\System.Security.Cryptography.Encoding.dll</HintPath>
+      <Private>True</Private>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Pkcs, Version=5.0.0.1, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Cryptography.Pkcs.5.0.1\lib\net461\System.Security.Cryptography.Pkcs.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security.Cryptography.Primitives, Version=4.0.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Cryptography.Primitives.4.3.0\lib\net46\System.Security.Cryptography.Primitives.dll</HintPath>
+      <Private>True</Private>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Security.Permissions, Version=5.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Permissions.5.0.0\lib\net461\System.Security.Permissions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Security.Principal.Windows, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Security.Principal.Windows.5.0.0\lib\net461\System.Security.Principal.Windows.dll</HintPath>
+    </Reference>
+    <Reference Include="System.ServiceProcess" />
+    <Reference Include="System.Transactions" />
     <Reference Include="System.Web" />
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Data.DataSetExtensions" />
@@ -81,6 +142,7 @@
     <Reference Include="System.Data" />
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Xml" />
+    <Reference Include="WindowsBase" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="API\CertCentralBaseCall.cs" />
diff --git a/digicert-certcentral-cagateway/packages.config b/digicert-certcentral-cagateway/packages.config
index 6abdcf5..9f7b9b6 100644
--- a/digicert-certcentral-cagateway/packages.config
+++ b/digicert-certcentral-cagateway/packages.config
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="BouncyCastle" version="1.8.9" targetFramework="net472" />
+  <package id="BouncyCastle.Cryptography" version="2.0.0" targetFramework="net472" />
   <package id="CERTENROLLLibx64" version="1.0.0.2" targetFramework="net472" developmentDependency="true" />
   <package id="Common.Logging" version="3.4.1" targetFramework="net472" />
   <package id="Common.Logging.Core" version="3.4.1" targetFramework="net472" />
@@ -8,9 +9,22 @@
   <package id="CSS.PKI" version="2.13.0" targetFramework="net472" />
   <package id="Keyfactor.AnyGateway.SDK" version="21.3.2" targetFramework="net472" developmentDependency="true" />
   <package id="Keyfactor.Logging" version="1.1.0" targetFramework="net472" />
+  <package id="Keyfactor.PKI" version="5.7.0" targetFramework="net472" />
   <package id="Microsoft.CSharp" version="4.7.0" targetFramework="net472" />
   <package id="Microsoft.Extensions.Logging.Abstractions" version="5.0.0" targetFramework="net472" />
+  <package id="Microsoft.Win32.Registry" version="5.0.0" targetFramework="net472" />
   <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net472" />
   <package id="Portable.BouncyCastle" version="1.8.9" targetFramework="net472" />
+  <package id="System.Configuration.ConfigurationManager" version="5.0.0" targetFramework="net472" />
   <package id="System.DirectoryServices" version="5.0.0" targetFramework="net472" />
+  <package id="System.IO" version="4.3.0" targetFramework="net472" />
+  <package id="System.Runtime" version="4.3.0" targetFramework="net472" />
+  <package id="System.Security.AccessControl" version="5.0.0" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Algorithms" version="4.3.1" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Cng" version="5.0.0" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Encoding" version="4.3.0" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Pkcs" version="5.0.1" targetFramework="net472" />
+  <package id="System.Security.Cryptography.Primitives" version="4.3.0" targetFramework="net472" />
+  <package id="System.Security.Permissions" version="5.0.0" targetFramework="net472" />
+  <package id="System.Security.Principal.Windows" version="5.0.0" targetFramework="net472" />
 </packages>
\ No newline at end of file

From 61e83dae546a39cd28399c9b718254827e33f272 Mon Sep 17 00:00:00 2001
From: Keyfactor <keyfactor@keyfactor.github.io>
Date: Wed, 4 Jun 2025 19:22:14 +0000
Subject: [PATCH 2/3] Update generated README

---
 README.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index a1d51d9..7e52269 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,13 @@
+
 # DigiCert CertCentral CA AnyGateway
 
 This integration allows for the Synchronization, Enrollment, and Revocation of certificates from DigiCert CertCentral.
 
 #### Integration status: Production - Ready for use in production environments.
 
+## About the Keyfactor AnyCA Gateway DCOM Connector
 
-## About the Keyfactor AnyGateway CA Connector
-
-This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.
-
+This repository contains an AnyCA Gateway Connector, which is a plugin to the Keyfactor AnyGateway. AnyCA Gateway Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority.
 
 ## Support for DigiCert CertCentral CA AnyGateway
 
@@ -16,6 +15,8 @@ DigiCert CertCentral CA AnyGateway is supported by Keyfactor for Keyfactor custo
 
 ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
 
+---
+
 
 ---
 
@@ -23,6 +24,16 @@ DigiCert CertCentral CA AnyGateway is supported by Keyfactor for Keyfactor custo
 
 
 
+## Keyfactor AnyCA Gateway Framework Supported
+The Keyfactor gateway framework implements common logic shared across various gateway implementations and handles communication with Keyfactor Command. The gateway framework hosts gateway implementations or plugins that understand how to communicate with specific CAs. This allows you to integrate your third-party CAs with Keyfactor Command such that they behave in a manner similar to the CAs natively supported by Keyfactor Command.
+
+
+
+
+This gateway extension was compiled against version  of the AnyCA Gateway DCOM Framework.  You will need at least this version of the framework Installed. If you have a later AnyGateway Framework Installed you will probably need to add binding redirects in the CAProxyServer.exe.config file to make things work properly.
+
+
+[Keyfactor CAGateway Install Guide](https://software.keyfactor.com/Guides/AnyGateway_Generic/Content/AnyGateway/Introduction.htm)
 
 
 
@@ -235,3 +246,4 @@ There are no specific Changes for the ServiceSettings section. Refer to the AnyG
 	}
 ```
 
+

From a05f2eb48d0481bef977480bbc7ba11c19dd7d57 Mon Sep 17 00:00:00 2001
From: David Galey <dgaley@keyfactor.com>
Date: Thu, 5 Jun 2025 09:36:52 -0400
Subject: [PATCH 3/3] logs

---
 CHANGELOG.md                                          | 5 ++++-
 digicert-certcentral-cagateway/DigiCertCAConnector.cs | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96eae60..132842f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,4 +30,7 @@ Sync now skips orders that fail retrieving details, rather than failing the enti
 Add configuration to support either US or EU regional account API endpoints  
 
 1.5.0  
-Add ability to filter sync by CA ID
\ No newline at end of file
+Add ability to filter sync by CA ID  
+
+1.5.1
+Hotfix for BouncyCastle parsing
\ No newline at end of file
diff --git a/digicert-certcentral-cagateway/DigiCertCAConnector.cs b/digicert-certcentral-cagateway/DigiCertCAConnector.cs
index 1ec81f3..a938abe 100644
--- a/digicert-certcentral-cagateway/DigiCertCAConnector.cs
+++ b/digicert-certcentral-cagateway/DigiCertCAConnector.cs
@@ -132,7 +132,10 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
 				organization = subjectParsed.GetValueList(BC.Org.BouncyCastle.Asn1.X509.X509Name.O).Cast<string>().LastOrDefault();
 				orgUnit = subjectParsed.GetValueList(BC.Org.BouncyCastle.Asn1.X509.X509Name.OU).Cast<string>().LastOrDefault();
 			}
-			catch (Exception) { }
+			catch (Exception exc)
+			{
+				Log.LogInformation($"Error while parsing subject. This might be expected. Error message: {exc.Message}");
+			}
 
 			if (commonName == null)
 			{