From eea5a9b0959d295b0099b055557dc921d3608464 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Wed, 10 Nov 2021 16:10:31 +0000 Subject: [PATCH 01/20] Update generated README --- README.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 754ce6c..70b4237 100644 --- a/README.md +++ b/README.md @@ -4,49 +4,49 @@ This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center. *** -## Introduction -This AnyGateway plug enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. -## Prerequisites +# Introduction +This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. +# Prerequisites -### Certificate Chain +## Certificate Chain In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store -### API Allow List +## API Allow List The GlobalSign API can filter requested based on IP address. Ensure that appropiate IP address is allowed to make requests to the GlobalSign API. -### Domain Point of Contact +## Domain Point of Contact This AnyGateway plugin uses the contact information of the GCC Domain point of contact when enrolling for certificates. These fields are required to submit and enrollment and must be populated on the Domain's point of contact. This can be found in the GlobalSign Portal in the Manage Domains page. ### Migration In the event that a system is being upgraded from the Legacy GlobalSign CA Gateway (19.4 or older), a migration from the legacy database format to the AnyGateway format will be required. -To begin the migration process, copy the GlobalSignEsentMigrator.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory. Afterwardsm, the DatabaseManagementConsole.exe.config will need to be updated to reference the GlobalSignEsentMigrator. This is one by modifying the mapping for the IDatabaseMigrator inteface in the config file. +To begin the migration process, copy the GlobalSignEsentMigrator.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory. Afterwards, the DatabaseManagementConsole.exe.config will need to be updated to reference the GlobalSignEsentMigrator. This is done by modifying the mapping for the IDatabaseMigrator inteface in the config file. ```xml ``` -## Install +# Install * Download latest successful build from [GitHub Releases](/releases/latest) -* Copy GloabalSignCAProxy.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory +* Copy GlobalSignCAProxy.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory * Update the CAProxyServer.config file - * Update the CAConnection section to point at the GloabalSignCAProxy class + * Update the CAConnection section to point at the GlobalSignCAProxy class ```xml - + ``` -## Configuration +# Configuration The following sections will breakdown the required configurations for the AnyGatewayConfig.json file that will be imported to configure the AnyGateway. -### Templates +## Templates The Template section will map the CA's SSL profile to an AD template. The Lifetime parameter is required and represents the certificate duration in months. ```json "Templates": { "WebServer": { - "ProductID": "PEV", + "ProductID": "PV_SHA2", "Parameters": { "Lifetime":"12" } @@ -63,8 +63,8 @@ The Template section will map the CA's SSL profile to an AD template. The Lifeti * Cloud SSL SHA 256 ECDSA (PV_CLOUD_ECC2) -### Security -The security section does not change specifically for the Entrust CA Gateway. Refer to the AnyGateway Documentation for more detail. +## Security +The security section does not change specifically for the GlobalSign CA Gateway. Refer to the AnyGateway Documentation for more detail. ```json /*Grant permissions on the CA to users or groups in the local domain. READ: Enumerate and read contents of certificates. @@ -99,7 +99,7 @@ The security section does not change specifically for the Entrust CA Gateway. R } } ``` -### CerificateManagers +## CerificateManagers The Certificate Managers section is optional. If configured, all users or groups granted OFFICER permissions under the Security section must be configured for at least one Template and one Requester. @@ -124,7 +124,7 @@ The Certificate Managers section is optional. } } ``` -### CAConnection +## CAConnection The CA Connection section will determine the API endpoint and configuration data used to connect to Entrust CA Gateway. * ```IsTest``` This determines if the test API endpoints are used with the Gateway. @@ -146,11 +146,11 @@ This is the password that will be used to connect to the GloabalSign API "Password":"password" }, ``` -### GatewayRegistration -There are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail. +## GatewayRegistration +There are no specific Changes for the GatewayRegistration section. Refer to the AnyGateway Documentation for more detail. ```json "GatewayRegistration": { - "LogicalName": "GlobalsSignCASandbox", + "LogicalName": "GlobalSignCASandbox", "GatewayCertificate": { "StoreName": "CA", "StoreLocation": "LocalMachine", @@ -159,8 +159,8 @@ There are no specific Changes for the GatewayRegistration section. Refer to the } ``` -### ServiceSettings -There are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail. +## ServiceSettings +There are no specific Changes for the ServiceSettings section. Refer to the AnyGateway Documentation for more detail. ```json "ServiceSettings": { "ViewIdleMinutes": 8, From f8c7e3a34611e0b9301c759a35dd7e5f8035c599 Mon Sep 17 00:00:00 2001 From: Rex Wheeler Date: Wed, 1 Dec 2021 17:01:41 -0800 Subject: [PATCH 02/20] Add compatibility note --- README.md.tpl | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md.tpl b/README.md.tpl index 2c59d96..96fa229 100644 --- a/README.md.tpl +++ b/README.md.tpl @@ -5,7 +5,11 @@ *** # Introduction -This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. +This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. + +# Compatibility +This AnyGateway is designed to be used with version 21.3.2 of the Keyfactor AnyGateway Framework + # Prerequisites ## Certificate Chain @@ -167,4 +171,4 @@ There are no specific Changes for the ServiceSettings section. Refer to the AnyG "FullScanPeriodHours": 24, "PartialScanPeriodMinutes": 240 } -``` \ No newline at end of file +``` From f8cbe256485a238e8783acdc222d9168838c688d Mon Sep 17 00:00:00 2001 From: Rex Wheeler Date: Wed, 1 Dec 2021 17:03:30 -0800 Subject: [PATCH 03/20] Delete keyfactor-extension-generate-readme.yml --- .../keyfactor-extension-generate-readme.yml | 28 ------------------- 1 file changed, 28 deletions(-) delete mode 100644 .github/workflows/keyfactor-extension-generate-readme.yml diff --git a/.github/workflows/keyfactor-extension-generate-readme.yml b/.github/workflows/keyfactor-extension-generate-readme.yml deleted file mode 100644 index 4aeada6..0000000 --- a/.github/workflows/keyfactor-extension-generate-readme.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Update README -on: [workflow_dispatch] - -jobs: - update_readme: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@master - - - uses: cuchi/jinja2-action@v1.2.0 - with: - template: README.md.tpl - output_file: README.md - data_file: integration-manifest.json - env: - GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} - - - uses: stefanzweifel/git-auto-commit-action@v4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - push_options: '--force' - commit_message: Update generated README - commit_user_name: Keyfactor - commit_user_email: keyfactor@keyfactor.github.io - commit_author: Keyfactor - From 16602430f73660efaba82a94206871c37ffd3750 Mon Sep 17 00:00:00 2001 From: Rex Wheeler Date: Wed, 1 Dec 2021 17:03:47 -0800 Subject: [PATCH 04/20] Create keyfactor-extension-generate-readme.yml --- .../keyfactor-extension-generate-readme.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/keyfactor-extension-generate-readme.yml diff --git a/.github/workflows/keyfactor-extension-generate-readme.yml b/.github/workflows/keyfactor-extension-generate-readme.yml new file mode 100644 index 0000000..8b82c7e --- /dev/null +++ b/.github/workflows/keyfactor-extension-generate-readme.yml @@ -0,0 +1,27 @@ +name: Update README +on: [push, workflow_dispatch] + +jobs: + update_readme: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@master + + - uses: cuchi/jinja2-action@v1.2.0 + with: + template: README.md.tpl + output_file: README.md + data_file: integration-manifest.json + env: + GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} + + - uses: stefanzweifel/git-auto-commit-action@v4 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + push_options: '--force' + commit_message: Update generated README + commit_user_name: Keyfactor + commit_user_email: keyfactor@keyfactor.github.io + commit_author: Keyfactor From 3fda4336754fa7bd593e23369bf137aca7da5ca5 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 2 Dec 2021 01:04:58 +0000 Subject: [PATCH 05/20] Update generated README --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 70b4237..5d96557 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,11 @@ This integration allows for the Synchronization, Enrollment, and Revocation of T *** # Introduction -This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. +This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. + +# Compatibility +This AnyGateway is designed to be used with version 21.3.2 of the Keyfactor AnyGateway Framework + # Prerequisites ## Certificate Chain From 3f03db882ccb571f328639bf5eb36532cc2ce117 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Mon, 19 Sep 2022 15:38:14 -0700 Subject: [PATCH 06/20] update workflow/readme --- .../keyfactor-extension-generate-readme.yml | 27 ---- .../workflows/keyfactor-extension-release.yml | 120 ------------------ .../workflows/keyfactor-starter-workflow.yml | 26 ++++ integration-manifest.json | 3 +- README.md.tpl => readme_source.md | 6 - 5 files changed, 28 insertions(+), 154 deletions(-) delete mode 100644 .github/workflows/keyfactor-extension-generate-readme.yml delete mode 100644 .github/workflows/keyfactor-extension-release.yml create mode 100644 .github/workflows/keyfactor-starter-workflow.yml rename README.md.tpl => readme_source.md (98%) diff --git a/.github/workflows/keyfactor-extension-generate-readme.yml b/.github/workflows/keyfactor-extension-generate-readme.yml deleted file mode 100644 index 8b82c7e..0000000 --- a/.github/workflows/keyfactor-extension-generate-readme.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Update README -on: [push, workflow_dispatch] - -jobs: - update_readme: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@master - - - uses: cuchi/jinja2-action@v1.2.0 - with: - template: README.md.tpl - output_file: README.md - data_file: integration-manifest.json - env: - GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} - - - uses: stefanzweifel/git-auto-commit-action@v4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - push_options: '--force' - commit_message: Update generated README - commit_user_name: Keyfactor - commit_user_email: keyfactor@keyfactor.github.io - commit_author: Keyfactor diff --git a/.github/workflows/keyfactor-extension-release.yml b/.github/workflows/keyfactor-extension-release.yml deleted file mode 100644 index 84430ff..0000000 --- a/.github/workflows/keyfactor-extension-release.yml +++ /dev/null @@ -1,120 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Keyfactor Extension - Release - -# Controls when the action will run. -on: - # Triggers the workflow on push - push: - #only run this workflow when pushing to a branch that contains a release number. ignore -pre - branches: - - 'release-[1-9].[0-9]+' - - '!release-[1-9].[0-9]+-pre*' - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: windows-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Setup Envrionment - id: setup_env - run: | - echo "Setup Envrionment Variables for Workflow" - echo "Working Path: ${Env:GITHUB_WORKSPACE}" - $slnPath = (Get-ChildItem -Include *.sln -File -Recurse).fullname - $relName = "${{ github.ref }}".Split("/") - $repoName = "${{ github.repository }}".Split("/") - echo "Solution File Path: ${slnPath}" - echo "SOLUTION_PATH=${slnPath}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Release Name: $($relName[-1])" - echo "RELEASE_NAME=$($relName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Repo Name: $($repoName[-1])" - echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '3.1.x' # SDK Version to use; x will use the latest version of the 3.1 channel - #dotnet-version: - - - name: Add Package Source - run: | - dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.BUILD_PACKAGE_ACCESS }} --store-password-in-clear-text - - # Configures msbuild path envrionment - - name: setup-msbuild - uses: microsoft/setup-msbuild@v1 - - # Restores Packages to Local Machine - - name: restore nuget packages - run: | - nuget restore ${{ env.SOLUTION_PATH }} - - - name: Create Release - id: create_release - #uses: zendesk/action-create-release@v1 - uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - release_name: ${{ env.RELEASE_NAME }} - body: | - [Changelog](/CHANGELOG.md) - draft: false - prerelease: false - auto_increment_type: patch - tag_schema: semantic - commitish: ${{ github.sha }} - - #update version number of AssemblyInfo.cs file - - name: Increment Assembly Version - run: | - $VersionRegex = "\d+\.\d+\.\d+" - $assemblyFilePath = (Get-ChildItem -Include AssemblyInfo.cs -File -Recurse).fullname - $newVer = "${{ steps.create_release.outputs.current_tag }}".TrimStart('v') - foreach($currentFile in $assemblyFilePath) - { - $filecontent = Get-Content($currentFile) - attrib $currentFile -r - $filecontent -replace $VersionRegex, $newVer | Out-File $currentFile - } - - - name: Execute MSBuild Commands - run: | - MSBuild.exe $Env:SOLUTION_PATH -p:RestorePackagesConfig=false -p:Configuration=Release - - - name: Archive Files - if: ${{ success() }} - run: | - md ${{ github.workspace }}\zip\Keyfactor - Compress-Archive -Path ${{ github.workspace }}\src\GlobalSignCAProxy\bin\Release\GlobalSignCAProxy.dll,${{ github.workspace }}\src\GlobalSignEsentMigrator\bin\Release\GlobalSignEsentMigrator.dll,${{ github.workspace }}\src\GlobalSignCAProxy\app.config -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force - - - name: Upload Release Asset (x64) - if: ${{ success() }} - id: upload-release-asset-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip - asset_name: ${{ env.REPO_NAME}}_${{ steps.create_release.outputs.current_tag }}.zip - asset_content_type: application/zip - - - name: On Failure Remove Tags and Release - if: ${{ failure() }} - uses: dev-drprasad/delete-tag-and-release@v0.2.0 - with: - delete_release: true # default: false - tag_name: ${{ steps.create_release.outputs.current_tag }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml new file mode 100644 index 0000000..456da13 --- /dev/null +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -0,0 +1,26 @@ +name: Starter Workflow +on: [workflow_dispatch, push, pull_request] + +jobs: + call-create-github-release-workflow: + uses: Keyfactor/actions/.github/workflows/github-release.yml@main + + call-dotnet-build-and-release-workflow: + needs: [call-create-github-release-workflow] + uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main + with: + release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} + release_dir: globalsign-mssl-cagateway\src\GlobalSignCAProxy\bin\Release + secrets: + token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} + + call-generate-readme-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + + call-update-catalog-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main + secrets: + token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/integration-manifest.json b/integration-manifest.json index 2a752f0..1a0b680 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -2,6 +2,7 @@ "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "ca-gateway", "name": "GlobalSign Managed SSL AnyGateway", - "status": "prototype", + "status": "production", + "link_github": false, "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." } \ No newline at end of file diff --git a/README.md.tpl b/readme_source.md similarity index 98% rename from README.md.tpl rename to readme_source.md index 96fa229..163578d 100644 --- a/README.md.tpl +++ b/readme_source.md @@ -1,9 +1,3 @@ -# {{ name }} -## {{ integration_type | capitalize }} - -{{ description }} - -*** # Introduction This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. From a597a4058d63afb4dacd965141c8bfacacd36f79 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Mon, 19 Sep 2022 22:38:59 +0000 Subject: [PATCH 07/20] Update generated README --- README.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5d96557..e76c96d 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,20 @@ # GlobalSign Managed SSL AnyGateway -## Ca-gateway This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center. -*** +#### Integration status: Production - Ready for use in production environments. + +## About the Keyfactor AnyGateway CA Connector + +This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. + +--- + + + + +--- + # Introduction This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. @@ -172,3 +183,4 @@ There are no specific Changes for the ServiceSettings section. Refer to the AnyG "PartialScanPeriodMinutes": 240 } ``` + From 36f4e56cbf6a4d1218e36f7de83fa42b257116d3 Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Mon, 19 Sep 2022 15:38:14 -0700 Subject: [PATCH 08/20] update workflow/readme --- .../keyfactor-extension-generate-readme.yml | 27 ---- .../workflows/keyfactor-extension-release.yml | 120 ------------------ .../workflows/keyfactor-starter-workflow.yml | 39 ++++++ integration-manifest.json | 3 +- README.md.tpl => readme_source.md | 6 - 5 files changed, 41 insertions(+), 154 deletions(-) delete mode 100644 .github/workflows/keyfactor-extension-generate-readme.yml delete mode 100644 .github/workflows/keyfactor-extension-release.yml create mode 100644 .github/workflows/keyfactor-starter-workflow.yml rename README.md.tpl => readme_source.md (98%) diff --git a/.github/workflows/keyfactor-extension-generate-readme.yml b/.github/workflows/keyfactor-extension-generate-readme.yml deleted file mode 100644 index 8b82c7e..0000000 --- a/.github/workflows/keyfactor-extension-generate-readme.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Update README -on: [push, workflow_dispatch] - -jobs: - update_readme: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@master - - - uses: cuchi/jinja2-action@v1.2.0 - with: - template: README.md.tpl - output_file: README.md - data_file: integration-manifest.json - env: - GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }} - - - uses: stefanzweifel/git-auto-commit-action@v4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - push_options: '--force' - commit_message: Update generated README - commit_user_name: Keyfactor - commit_user_email: keyfactor@keyfactor.github.io - commit_author: Keyfactor diff --git a/.github/workflows/keyfactor-extension-release.yml b/.github/workflows/keyfactor-extension-release.yml deleted file mode 100644 index 84430ff..0000000 --- a/.github/workflows/keyfactor-extension-release.yml +++ /dev/null @@ -1,120 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Keyfactor Extension - Release - -# Controls when the action will run. -on: - # Triggers the workflow on push - push: - #only run this workflow when pushing to a branch that contains a release number. ignore -pre - branches: - - 'release-[1-9].[0-9]+' - - '!release-[1-9].[0-9]+-pre*' - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: windows-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Setup Envrionment - id: setup_env - run: | - echo "Setup Envrionment Variables for Workflow" - echo "Working Path: ${Env:GITHUB_WORKSPACE}" - $slnPath = (Get-ChildItem -Include *.sln -File -Recurse).fullname - $relName = "${{ github.ref }}".Split("/") - $repoName = "${{ github.repository }}".Split("/") - echo "Solution File Path: ${slnPath}" - echo "SOLUTION_PATH=${slnPath}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Release Name: $($relName[-1])" - echo "RELEASE_NAME=$($relName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - echo "Repo Name: $($repoName[-1])" - echo "REPO_NAME=$($repoName[-1])" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append - - - uses: actions/setup-dotnet@v1 - with: - dotnet-version: '3.1.x' # SDK Version to use; x will use the latest version of the 3.1 channel - #dotnet-version: - - - name: Add Package Source - run: | - dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.BUILD_PACKAGE_ACCESS }} --store-password-in-clear-text - - # Configures msbuild path envrionment - - name: setup-msbuild - uses: microsoft/setup-msbuild@v1 - - # Restores Packages to Local Machine - - name: restore nuget packages - run: | - nuget restore ${{ env.SOLUTION_PATH }} - - - name: Create Release - id: create_release - #uses: zendesk/action-create-release@v1 - uses: keyfactor/action-create-release@786b73035fa09790f9eb11bb86834a6d7af1c256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - release_name: ${{ env.RELEASE_NAME }} - body: | - [Changelog](/CHANGELOG.md) - draft: false - prerelease: false - auto_increment_type: patch - tag_schema: semantic - commitish: ${{ github.sha }} - - #update version number of AssemblyInfo.cs file - - name: Increment Assembly Version - run: | - $VersionRegex = "\d+\.\d+\.\d+" - $assemblyFilePath = (Get-ChildItem -Include AssemblyInfo.cs -File -Recurse).fullname - $newVer = "${{ steps.create_release.outputs.current_tag }}".TrimStart('v') - foreach($currentFile in $assemblyFilePath) - { - $filecontent = Get-Content($currentFile) - attrib $currentFile -r - $filecontent -replace $VersionRegex, $newVer | Out-File $currentFile - } - - - name: Execute MSBuild Commands - run: | - MSBuild.exe $Env:SOLUTION_PATH -p:RestorePackagesConfig=false -p:Configuration=Release - - - name: Archive Files - if: ${{ success() }} - run: | - md ${{ github.workspace }}\zip\Keyfactor - Compress-Archive -Path ${{ github.workspace }}\src\GlobalSignCAProxy\bin\Release\GlobalSignCAProxy.dll,${{ github.workspace }}\src\GlobalSignEsentMigrator\bin\Release\GlobalSignEsentMigrator.dll,${{ github.workspace }}\src\GlobalSignCAProxy\app.config -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force - - - name: Upload Release Asset (x64) - if: ${{ success() }} - id: upload-release-asset-x64 - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip - asset_name: ${{ env.REPO_NAME}}_${{ steps.create_release.outputs.current_tag }}.zip - asset_content_type: application/zip - - - name: On Failure Remove Tags and Release - if: ${{ failure() }} - uses: dev-drprasad/delete-tag-and-release@v0.2.0 - with: - delete_release: true # default: false - tag_name: ${{ steps.create_release.outputs.current_tag }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml new file mode 100644 index 0000000..7835254 --- /dev/null +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -0,0 +1,39 @@ +name: Starter Workflow +on: [workflow_dispatch, push, pull_request] + +jobs: + call-create-github-release-workflow: + uses: Keyfactor/actions/.github/workflows/github-release.yml@main + get-manifest-properties: + runs-on: windows-latest + outputs: + update_catalog: ${{ steps.read-json.outputs.prop }} + steps: + - uses: actions/checkout@v3 + - name: Read json + id: read-json + shell: pwsh + run: | + $json = Get-Content integration-manifest.json | ConvertFrom-Json + echo "::set-output name=prop::$(echo $json.update_catalog)" + + call-dotnet-build-and-release-workflow: + needs: [call-create-github-release-workflow] + uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main + with: + release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} + release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} + release_dir: globalsign-mssl-cagateway\src\GlobalSignCAProxy\bin\Release + secrets: + token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} + + call-generate-readme-workflow: + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + + call-update-catalog-workflow: + needs: get-manifest-properties + if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') + uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main + secrets: + token: ${{ secrets.SDK_SYNC_PAT }} diff --git a/integration-manifest.json b/integration-manifest.json index 2a752f0..1a0b680 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -2,6 +2,7 @@ "$schema": "https://keyfactor.github.io/integration-manifest-schema.json", "integration_type": "ca-gateway", "name": "GlobalSign Managed SSL AnyGateway", - "status": "prototype", + "status": "production", + "link_github": false, "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." } \ No newline at end of file diff --git a/README.md.tpl b/readme_source.md similarity index 98% rename from README.md.tpl rename to readme_source.md index 96fa229..163578d 100644 --- a/README.md.tpl +++ b/readme_source.md @@ -1,9 +1,3 @@ -# {{ name }} -## {{ integration_type | capitalize }} - -{{ description }} - -*** # Introduction This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. From f3688fbc1522f498ae0a5fc7889df95373d48bca Mon Sep 17 00:00:00 2001 From: Michael Henderson Date: Mon, 19 Sep 2022 16:22:51 -0700 Subject: [PATCH 09/20] add catalog build to manifest --- integration-manifest.json | 1 + 1 file changed, 1 insertion(+) diff --git a/integration-manifest.json b/integration-manifest.json index 1a0b680..80517a2 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -3,6 +3,7 @@ "integration_type": "ca-gateway", "name": "GlobalSign Managed SSL AnyGateway", "status": "production", + "update_catalog": true, "link_github": false, "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." } \ No newline at end of file From b9e73cdd1dcd189f618237825984baccbb808e07 Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 20 Sep 2022 14:33:28 -0400 Subject: [PATCH 10/20] Readme fix --- README.md.tpl | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 README.md.tpl diff --git a/README.md.tpl b/README.md.tpl new file mode 100644 index 0000000..37e6cc4 --- /dev/null +++ b/README.md.tpl @@ -0,0 +1,170 @@ +# {{ name }} +## {{ integration_type | capitalize }} + +{{ description }} + +*** +## Introduction +This AnyGateway plug enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. +## Prerequisites + +### Certificate Chain + +In order to enroll for certificates the Keyfactor Command server must trust the trust chain. Once you create your Root and/or Subordinate CA, make sure to import the certificate chain into the AnyGateway and Command Server certificate store + +### API Allow List +The GlobalSign API can filter requested based on IP address. Ensure that appropiate IP address is allowed to make requests to the GlobalSign API. + +### Domain Point of Contact +This AnyGateway plugin uses the contact information of the GCC Domain point of contact when enrolling for certificates. These fields are required to submit and enrollment and must be populated on the Domain's point of contact. This can be found in the GlobalSign Portal in the Manage Domains page. + +### Migration +In the event that a system is being upgraded from the Legacy GlobalSign CA Gateway (19.4 or older), a migration from the legacy database format to the AnyGateway format will be required. + +To begin the migration process, copy the GlobalSignEsentMigrator.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory. Afterwardsm, the DatabaseManagementConsole.exe.config will need to be updated to reference the GlobalSignEsentMigrator. This is one by modifying the mapping for the IDatabaseMigrator inteface in the config file. +```xml + +``` + + +## Install +* Download latest successful build from [GitHub Releases](/releases/latest) + +* Copy GloabalSignCAProxy.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory + +* Update the CAProxyServer.config file + * Update the CAConnection section to point at the GloabalSignCAProxy class + ```xml + + ``` + +## Configuration +The following sections will breakdown the required configurations for the AnyGatewayConfig.json file that will be imported to configure the AnyGateway. + +### Templates +The Template section will map the CA's SSL profile to an AD template. The Lifetime parameter is required and represents the certificate duration in months. + ```json + "Templates": { + "WebServer": { + "ProductID": "PEV", + "Parameters": { + "Lifetime":"12" + } + } +} + ``` + The following product codes are supported: + * Extended SSL SHA 256 (PEV_SHA2) + * Organizational SSL SHA 256 (PV_SHA2) + * Intranet SSL SHA 1 (PV_INTRA) + * Intranet SSL SHA 2 (PV_INTRA_SHA2) + * Intranet SSL SHA 256 ECDSA (PV_INTRA_ECCP256) + * Cloud SSL SHA 256 (PV_CLOUD) + * Cloud SSL SHA 256 ECDSA (PV_CLOUD_ECC2) + + +### Security +The security section does not change specifically for the Entrust CA Gateway. Refer to the AnyGateway Documentation for more detail. +```json + /*Grant permissions on the CA to users or groups in the local domain. + READ: Enumerate and read contents of certificates. + ENROLL: Request certificates from the CA. + OFFICER: Perform certificate functions such as issuance and revocation. This is equivalent to "Issue and Manage" permission on the Microsoft CA. + ADMINISTRATOR: Configure/reconfigure the gateway. + Valid permission settings are "Allow", "None", and "Deny".*/ + "Security": { + "Keyfactor\\Administrator": { + "READ": "Allow", + "ENROLL": "Allow", + "OFFICER": "Allow", + "ADMINISTRATOR": "Allow" + }, + "Keyfactor\\gateway_test": { + "READ": "Allow", + "ENROLL": "Allow", + "OFFICER": "Allow", + "ADMINISTRATOR": "Allow" + }, + "Keyfactor\\SVC_TimerService": { + "READ": "Allow", + "ENROLL": "Allow", + "OFFICER": "Allow", + "ADMINISTRATOR": "None" + }, + "Keyfactor\\SVC_AppPool": { + "READ": "Allow", + "ENROLL": "Allow", + "OFFICER": "Allow", + "ADMINISTRATOR": "Allow" + } + } +``` +### CerificateManagers +The Certificate Managers section is optional. + If configured, all users or groups granted OFFICER permissions under the Security section + must be configured for at least one Template and one Requester. + Uses "" to specify all templates. Uses "Everyone" to specify all requesters. + Valid permission values are "Allow" and "Deny". +```json + "CertificateManagers":{ + "DOMAIN\\Username":{ + "Templates":{ + "MyTemplateShortName":{ + "Requesters":{ + "Everyone":"Allow", + "DOMAIN\\Groupname":"Deny" + } + }, + "":{ + "Requesters":{ + "Everyone":"Allow" + } + } + } + } + } +``` +### CAConnection +The CA Connection section will determine the API endpoint and configuration data used to connect to GlobalSign MSSL API. +* ```IsTest``` +This determines if the test API endpoints are used with the Gateway. +* ```PickupRetries``` +This is the number of times the AnyGateway will attempt to pickup an new certificate before reporting an error. This setting applies to new, renewed, or reissued certificates. +* ```PickupDelay``` +This is the number of seconds between retries when attempting to download a certificate. +* ```Username``` +This is the username that will be used to connect to the GloabalSign API +* ```Password``` +This is the password that will be used to connect to the GloabalSign API + +```json + "CAConnection": { + "IsTest":"false", + "PickupRetries":5, + "PickupDelay":150, + "Username":"PAR12344_apiuser", + "Password":"password" + }, +``` +### GatewayRegistration +There are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail. +```json + "GatewayRegistration": { + "LogicalName": "GlobalsSignCASandbox", + "GatewayCertificate": { + "StoreName": "CA", + "StoreLocation": "LocalMachine", + "Thumbprint": "bc6d6b168ce5c08a690c15e03be596bbaa095ebf" + } + } +``` + +### ServiceSettings +There are no specific Changes for the GatewayRegistration section. Refer to the Refer to the AnyGateway Documentation for more detail. +```json + "ServiceSettings": { + "ViewIdleMinutes": 8, + "FullScanPeriodHours": 24, + "PartialScanPeriodMinutes": 240 + } +``` \ No newline at end of file From 321ee872732f5f14b34e1055873ea229a06c0e5f Mon Sep 17 00:00:00 2001 From: David Galey Date: Tue, 20 Sep 2022 14:36:46 -0400 Subject: [PATCH 11/20] readme fix --- globalsign-mssl-cagateway.sln | 91 ++++++++++++++++++----------------- readme_source.md | 6 +-- 2 files changed, 49 insertions(+), 48 deletions(-) diff --git a/globalsign-mssl-cagateway.sln b/globalsign-mssl-cagateway.sln index 1ee891c..2340dd0 100644 --- a/globalsign-mssl-cagateway.sln +++ b/globalsign-mssl-cagateway.sln @@ -1,45 +1,46 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.31129.286 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignCAProxy", "src\GlobalSignCAProxy\GlobalSignCAProxy.csproj", "{8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}" -EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignCAProxyTests", "tests\GlobalSignCAProxyTests\GlobalSignCAProxyTests.csproj", "{4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}" -EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignEsentMigrator", "src\GlobalSignEsentMigrator\GlobalSignEsentMigrator.csproj", "{1614CAC6-6CB6-4BCF-A758-186FD53ACF42}" -EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{D6E8054B-47A1-46F9-AC37-1650406414D5}" - ProjectSection(SolutionItems) = preProject - CHANGELOG.md = CHANGELOG.md - integration-manifest.json = integration-manifest.json - .github\workflows\keyfactor-extension-generate-readme.yml = .github\workflows\keyfactor-extension-generate-readme.yml - .github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml - README.md.tpl = README.md.tpl - EndProjectSection -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Any CPU = Debug|Any CPU - Release|Any CPU = Release|Any CPU - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Debug|Any CPU.Build.0 = Debug|Any CPU - {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Release|Any CPU.ActiveCfg = Release|Any CPU - {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Release|Any CPU.Build.0 = Release|Any CPU - {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Debug|Any CPU.Build.0 = Debug|Any CPU - {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Release|Any CPU.ActiveCfg = Release|Any CPU - {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Debug|Any CPU.Build.0 = Debug|Any CPU - {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Release|Any CPU.ActiveCfg = Release|Any CPU - {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Release|Any CPU.Build.0 = Release|Any CPU - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {BFD6977D-A793-4130-A8E1-EEFCA6AA88AC} - EndGlobalSection -EndGlobal + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.31129.286 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignCAProxy", "src\GlobalSignCAProxy\GlobalSignCAProxy.csproj", "{8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignCAProxyTests", "tests\GlobalSignCAProxyTests\GlobalSignCAProxyTests.csproj", "{4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GlobalSignEsentMigrator", "src\GlobalSignEsentMigrator\GlobalSignEsentMigrator.csproj", "{1614CAC6-6CB6-4BCF-A758-186FD53ACF42}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{D6E8054B-47A1-46F9-AC37-1650406414D5}" + ProjectSection(SolutionItems) = preProject + CHANGELOG.md = CHANGELOG.md + integration-manifest.json = integration-manifest.json + .github\workflows\keyfactor-extension-generate-readme.yml = .github\workflows\keyfactor-extension-generate-readme.yml + .github\workflows\keyfactor-extension-release.yml = .github\workflows\keyfactor-extension-release.yml + README.md.tpl = README.md.tpl + readme_source.md = readme_source.md + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Debug|Any CPU.Build.0 = Debug|Any CPU + {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Release|Any CPU.ActiveCfg = Release|Any CPU + {8A26FA6A-22CC-4BD0-9AAC-CDF95A85011D}.Release|Any CPU.Build.0 = Release|Any CPU + {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Debug|Any CPU.Build.0 = Debug|Any CPU + {4AFA9664-CBC2-4116-A7F9-13667CAA0D5A}.Release|Any CPU.ActiveCfg = Release|Any CPU + {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Debug|Any CPU.Build.0 = Debug|Any CPU + {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Release|Any CPU.ActiveCfg = Release|Any CPU + {1614CAC6-6CB6-4BCF-A758-186FD53ACF42}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {BFD6977D-A793-4130-A8E1-EEFCA6AA88AC} + EndGlobalSection +EndGlobal diff --git a/readme_source.md b/readme_source.md index 163578d..97d25ce 100644 --- a/readme_source.md +++ b/readme_source.md @@ -123,7 +123,7 @@ The Certificate Managers section is optional. } ``` ## CAConnection -The CA Connection section will determine the API endpoint and configuration data used to connect to Entrust CA Gateway. +The CA Connection section will determine the API endpoint and configuration data used to connect to GlobalSign MSSL API. * ```IsTest``` This determines if the test API endpoints are used with the Gateway. * ```PickupRetries``` @@ -131,9 +131,9 @@ This is the number of times the AnyGateway will attempt to pickup an new certifi * ```PickupDelay``` This is the number of seconds between retries when attempting to download a certificate. * ```Username``` -This is the username that will be used to connect to the GloabalSign API +This is the username that will be used to connect to the GlobalSign API * ```Password``` -This is the password that will be used to connect to the GloabalSign API +This is the password that will be used to connect to the GlobalSign API ```json "CAConnection": { From 2c7b6645ad37e72fe0e47ac4875d055266b704c7 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Tue, 20 Sep 2022 18:37:28 +0000 Subject: [PATCH 12/20] Update generated README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e76c96d..43f2092 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ The Certificate Managers section is optional. } ``` ## CAConnection -The CA Connection section will determine the API endpoint and configuration data used to connect to Entrust CA Gateway. +The CA Connection section will determine the API endpoint and configuration data used to connect to GlobalSign MSSL API. * ```IsTest``` This determines if the test API endpoints are used with the Gateway. * ```PickupRetries``` @@ -148,9 +148,9 @@ This is the number of times the AnyGateway will attempt to pickup an new certifi * ```PickupDelay``` This is the number of seconds between retries when attempting to download a certificate. * ```Username``` -This is the username that will be used to connect to the GloabalSign API +This is the username that will be used to connect to the GlobalSign API * ```Password``` -This is the password that will be used to connect to the GloabalSign API +This is the password that will be used to connect to the GlobalSign API ```json "CAConnection": { From ae40a3133b1d3f3fb53da4ad11a203793b5aae20 Mon Sep 17 00:00:00 2001 From: Mikey Henderson Date: Fri, 30 Sep 2022 16:57:50 -0700 Subject: [PATCH 13/20] add support statement (#19) * add support statement * Update generated README --- README.md | 9 +++++++++ integration-manifest.json | 1 + 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 43f2092..58b84a1 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,15 @@ This repository contains an AnyGateway CA Connector, which is a plugin to the Ke --- +## Support for GlobalSign Managed SSL AnyGateway + +GlobalSign Managed SSL AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. + +###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. +___ + + + --- diff --git a/integration-manifest.json b/integration-manifest.json index 80517a2..6effc41 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -5,5 +5,6 @@ "status": "production", "update_catalog": true, "link_github": false, + "support_level": "kf-supported", "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." } \ No newline at end of file From 2796a41f8aff9ea53fe3d8bfc5028a0b3bf5bcff Mon Sep 17 00:00:00 2001 From: David Galey Date: Thu, 3 Nov 2022 14:14:54 -0400 Subject: [PATCH 14/20] update readme with better migration instructions --- readme_source.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/readme_source.md b/readme_source.md index 97d25ce..8a77d78 100644 --- a/readme_source.md +++ b/readme_source.md @@ -16,13 +16,23 @@ The GlobalSign API can filter requested based on IP address. Ensure that approp ## Domain Point of Contact This AnyGateway plugin uses the contact information of the GCC Domain point of contact when enrolling for certificates. These fields are required to submit and enrollment and must be populated on the Domain's point of contact. This can be found in the GlobalSign Portal in the Manage Domains page. -### Migration +## Migration In the event that a system is being upgraded from the Legacy GlobalSign CA Gateway (19.4 or older), a migration from the legacy database format to the AnyGateway format will be required. -To begin the migration process, copy the GlobalSignEsentMigrator.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory. Afterwards, the DatabaseManagementConsole.exe.config will need to be updated to reference the GlobalSignEsentMigrator. This is done by modifying the mapping for the IDatabaseMigrator inteface in the config file. +Database migration requires version 21.10 of the Keyfactor AnyGateway Framework (newer versions remove the migration capability). + +To succesfully migrate and upgrade your GlobalSign CA Gateway, follow these steps: +1. Install Keyfactor AnyGateway Framework 21.10 +2. Follow the steps below in the Install section to copy over the GlobalSignCAProxy.dll, but do NOT configure the gateway yet. +3. Additionally, copy over the GlobalSignEsentMigrator.dll file to the Program Files\Keyfactor\Keyfactor AnyGateway directory +4. Modify the DatabaseManagementConsole.exe.config file to update the IDatabaseMigrator definition: ```xml - -``` + +``` +5. Create your new database and use the appropriate cmdlets you configure the gateway's database connection (see AnyGateway documentation for details) +6. Use the DatabaseManagementConsole.exe migrate verb to migrate your ESENT database into the new SQL database (see AnyGateway documentation, or run 'DatabaseManagementConsole.exe help migrate' for details) +7. Once the database has been migrated, you can run the actual gateway configuration cmdlet to configure your gateway. +8. Optional: You can now upgrade to the latest version of the AnyGateway Framework if you wish (if you do so, after upgrading, make sure to run the DatabaseManagementConsole.exe with the upgrade verb to upgrade your database to the latest) # Install From 22cce50c47533af225069594e6a3ea1c325d3677 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 3 Nov 2022 18:15:30 +0000 Subject: [PATCH 15/20] Update generated README --- README.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 58b84a1..89cf383 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ This integration allows for the Synchronization, Enrollment, and Revocation of T This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. ---- ## Support for GlobalSign Managed SSL AnyGateway @@ -21,9 +20,6 @@ ___ - ---- - # Introduction This AnyGateway plug-in enables issuance, revocation, and synchronization of certificates from GlobalSign's Managed SSL/TLS offering. @@ -42,13 +38,23 @@ The GlobalSign API can filter requested based on IP address. Ensure that approp ## Domain Point of Contact This AnyGateway plugin uses the contact information of the GCC Domain point of contact when enrolling for certificates. These fields are required to submit and enrollment and must be populated on the Domain's point of contact. This can be found in the GlobalSign Portal in the Manage Domains page. -### Migration +## Migration In the event that a system is being upgraded from the Legacy GlobalSign CA Gateway (19.4 or older), a migration from the legacy database format to the AnyGateway format will be required. -To begin the migration process, copy the GlobalSignEsentMigrator.dll to the Program Files\Keyfactor\Keyfactor AnyGateway directory. Afterwards, the DatabaseManagementConsole.exe.config will need to be updated to reference the GlobalSignEsentMigrator. This is done by modifying the mapping for the IDatabaseMigrator inteface in the config file. +Database migration requires version 21.10 of the Keyfactor AnyGateway Framework (newer versions remove the migration capability). + +To succesfully migrate and upgrade your GlobalSign CA Gateway, follow these steps: +1. Install Keyfactor AnyGateway Framework 21.10 +2. Follow the steps below in the Install section to copy over the GlobalSignCAProxy.dll, but do NOT configure the gateway yet. +3. Additionally, copy over the GlobalSignEsentMigrator.dll file to the Program Files\Keyfactor\Keyfactor AnyGateway directory +4. Modify the DatabaseManagementConsole.exe.config file to update the IDatabaseMigrator definition: ```xml - -``` + +``` +5. Create your new database and use the appropriate cmdlets you configure the gateway's database connection (see AnyGateway documentation for details) +6. Use the DatabaseManagementConsole.exe migrate verb to migrate your ESENT database into the new SQL database (see AnyGateway documentation, or run 'DatabaseManagementConsole.exe help migrate' for details) +7. Once the database has been migrated, you can run the actual gateway configuration cmdlet to configure your gateway. +8. Optional: You can now upgrade to the latest version of the AnyGateway Framework if you wish (if you do so, after upgrading, make sure to run the DatabaseManagementConsole.exe with the upgrade verb to upgrade your database to the latest) # Install From eef911a041752b1350ca75cdedeba636f5cbbe52 Mon Sep 17 00:00:00 2001 From: Mikey Henderson Date: Wed, 16 Nov 2022 11:50:42 -0800 Subject: [PATCH 16/20] add link to public integraions catalog (#20) * add link to public integrations catalog * add secret --- .github/workflows/keyfactor-starter-workflow.yml | 2 ++ integration-manifest.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml index 7835254..8e6cb0e 100644 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -30,6 +30,8 @@ jobs: call-generate-readme-workflow: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main + secrets: + token: ${{ secrets.APPROVE_README_PUSH }} call-update-catalog-workflow: needs: get-manifest-properties diff --git a/integration-manifest.json b/integration-manifest.json index 6effc41..b11362e 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -4,7 +4,7 @@ "name": "GlobalSign Managed SSL AnyGateway", "status": "production", "update_catalog": true, - "link_github": false, + "link_github": true, "support_level": "kf-supported", "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." } \ No newline at end of file From db8da04ea9b7656dbef17dd2cc34c8ab7becf1d2 Mon Sep 17 00:00:00 2001 From: David Galey Date: Wed, 16 Nov 2022 14:59:02 -0500 Subject: [PATCH 17/20] update changelog --- CHANGELOG.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6163096..b894178 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,2 +1,20 @@ 1.0.0 -Inital Release. Support for Enroll, Sync, and Revocation. \ No newline at end of file +Inital Release. Support for Enroll, Sync, and Revocation. + +1.0.5 +Fix bug where certain domains would not get parsed correctly. + +1.0.9 +Use DNS SAN in place of CN if present for domain lookup and enrollment + +1.0.10 +Add additional logging output + +1.0.11 +Convert GlobalSign status codes to Keyfactor status codes for syncing + +1.0.12 +Fix authentication bug when picking up certificates + +1.0.15 +Better datetime parsing of returned certificates \ No newline at end of file From f428e61455997d272e5155c18e8a93110316a6fb Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 11 Jan 2024 18:44:04 +0000 Subject: [PATCH 18/20] Update generated README --- README.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 89cf383..1f84bae 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,29 @@ This integration allows for the Synchronization, Enrollment, and Revocation of T #### Integration status: Production - Ready for use in production environments. + ## About the Keyfactor AnyGateway CA Connector This repository contains an AnyGateway CA Connector, which is a plugin to the Keyfactor AnyGateway. AnyGateway CA Connectors allow Keyfactor Command to be used for inventory, issuance, and revocation of certificates from a third-party certificate authority. - ## Support for GlobalSign Managed SSL AnyGateway -GlobalSign Managed SSL AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket with your Keyfactor representative. +GlobalSign Managed SSL AnyGateway is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com ###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. -___ +--- + + + + + + + + +--- # Introduction From cfa5c4ac31bf7e6eef550ee972ba22437392e483 Mon Sep 17 00:00:00 2001 From: Dave Galey <89407235+dgaley@users.noreply.github.com> Date: Thu, 18 Jan 2024 12:38:08 -0500 Subject: [PATCH 19/20] Update keyfactor-starter-workflow.yml --- .../workflows/keyfactor-starter-workflow.yml | 54 ++++++------------- 1 file changed, 16 insertions(+), 38 deletions(-) diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml index 8e6cb0e..6d8de53 100644 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -1,41 +1,19 @@ -name: Starter Workflow -on: [workflow_dispatch, push, pull_request] +name: Keyfactor Bootstrap Workflow -jobs: - call-create-github-release-workflow: - uses: Keyfactor/actions/.github/workflows/github-release.yml@main - get-manifest-properties: - runs-on: windows-latest - outputs: - update_catalog: ${{ steps.read-json.outputs.prop }} - steps: - - uses: actions/checkout@v3 - - name: Read json - id: read-json - shell: pwsh - run: | - $json = Get-Content integration-manifest.json | ConvertFrom-Json - echo "::set-output name=prop::$(echo $json.update_catalog)" - - call-dotnet-build-and-release-workflow: - needs: [call-create-github-release-workflow] - uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main - with: - release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} - release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: globalsign-mssl-cagateway\src\GlobalSignCAProxy\bin\Release - secrets: - token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} +on: + workflow_dispatch: + pull_request: + types: [opened, closed, synchronize, edited, reopened] + push: + create: + branches: + - 'release-*.*' - call-generate-readme-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: Keyfactor/actions/.github/workflows/generate-readme.yml@main +jobs: + call-starter-workflow: + uses: keyfactor/actions/.github/workflows/starter.yml@v2 secrets: - token: ${{ secrets.APPROVE_README_PUSH }} - - call-update-catalog-workflow: - needs: get-manifest-properties - if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') - uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main - secrets: - token: ${{ secrets.SDK_SYNC_PAT }} + token: ${{ secrets.V2BUILDTOKEN}} + APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} + gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} + gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} From 99e5bfd2fcb7cd6956cc1d1d80eb9197b076373f Mon Sep 17 00:00:00 2001 From: Dave Galey <89407235+dgaley@users.noreply.github.com> Date: Thu, 18 Jan 2024 12:41:34 -0500 Subject: [PATCH 20/20] Update integration-manifest.json --- integration-manifest.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/integration-manifest.json b/integration-manifest.json index b11362e..12f39e0 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -5,6 +5,7 @@ "status": "production", "update_catalog": true, "link_github": true, + "release_dir": "src\\GlobalSignCAProxy\\bin\\Release", "support_level": "kf-supported", "description": "This integration allows for the Synchronization, Enrollment, and Revocation of TLS Certificates from the GlobalSign Certificate Center." -} \ No newline at end of file +}