Skip to content

Commit

Permalink
Merge pull request #31 from Keyfactor/adremoval
Browse files Browse the repository at this point in the history
remove dependence on ad lookup
  • Loading branch information
dgaley authored Nov 6, 2024
2 parents 88ccd43 + cc26e5c commit 0fcb293
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 10 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,7 @@ Better datetime parsing of returned certificates

1.0.16
Fix for adding additional SANs to certificate requests

1.1.0
Add ability to page inventory
Fix to remove AD-dependence
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,16 @@ The following sections will breakdown the required configurations for the AnyGat

## Templates
The Template section will map the CA's SSL profile to an AD template. The Lifetime parameter is required and represents the certificate duration in months.
* ```ContactName```
The name to pass to GlobalSign as the contact name for enrollments. OPTIONAL if Active Directory authentication is used in Keyfactor Command, in that case it can look up the name of the requesting user. Value provided in this config field overrides AD lookups.

```json
"Templates": {
"WebServer": {
"ProductID": "PV_SHA2",
"Parameters": {
"Lifetime":"12"
"Lifetime":"12",
"ContactName":"John Doe"
}
}
}
Expand Down
6 changes: 5 additions & 1 deletion readme_source.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,16 @@ The following sections will breakdown the required configurations for the AnyGat

## Templates
The Template section will map the CA's SSL profile to an AD template. The Lifetime parameter is required and represents the certificate duration in months.
* ```ContactName```
The name to pass to GlobalSign as the contact name for enrollments. OPTIONAL if Active Directory authentication is used in Keyfactor Command, in that case it can look up the name of the requesting user. Value provided in this config field overrides AD lookups.

```json
"Templates": {
"WebServer": {
"ProductID": "PV_SHA2",
"Parameters": {
"Lifetime":"12"
"Lifetime":"12",
"ContactName":"John Doe"
}
}
}
Expand Down
39 changes: 31 additions & 8 deletions src/GlobalSignCAProxy/GlobalSignCAProxy.cs
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,34 @@ public override void Initialize(ICAConnectorConfigProvider configProvider)
public override EnrollmentResult Enroll(ICertificateDataReader certificateDataReader, string csr, string subject, Dictionary<string, string[]> san, EnrollmentProductInfo productInfo, PKIConstants.X509.RequestFormat requestFormat, RequestUtilities.EnrollmentType enrollmentType)
{
Logger.MethodEntry(ILogExtensions.MethodLogLevel.Debug);
CAProxy.Common.Config.ADUserInfoResolver userInfoResolver = new ADUserInfoResolver();
string requesterName = "";
if (productInfo.ProductParameters.ContainsKey("ContactName") && !string.IsNullOrEmpty(productInfo.ProductParameters["ContactName"]))
{
requesterName = productInfo.ProductParameters["ContactName"];
}

if (string.IsNullOrEmpty(requesterName))
{
if (productInfo.ProductParameters.ContainsKey("Keyfactor-Requester"))
{
var requestor = productInfo.ProductParameters["Keyfactor-Requester"];
if (!string.IsNullOrEmpty(requestor))
{
try
{
ADUserInfoResolver userInfoResolver = new ADUserInfoResolver();
Logger.Debug($"Resolving requesting user as '{requestor}'");
var userInfo = userInfoResolver.Resolve(requestor);
requesterName = userInfo.Name;
} catch (Exception) { }
}
}
}

var requestor = productInfo.ProductParameters["Keyfactor-Requester"];
Logger.Debug($"Resolving requesting user as '{requestor}'");
var userInfo = userInfoResolver.Resolve(requestor);
if (string.IsNullOrEmpty(requesterName))
{
throw new Exception("ContactName configuration field is required but not found, or could not be looked up");
}

try
{
Expand Down Expand Up @@ -153,8 +176,8 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
Licenses = "1",
OrderKind = "new",
Months = months,
FirstName = userInfo.Name,
LastName = userInfo.Name,
FirstName = requesterName,
LastName = requesterName,
Email = domain?.ContactInfo?.Email,
Phone = domain?.ContactInfo?.Phone,
CommonName = commonName,
Expand All @@ -176,8 +199,8 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
Licenses = "1",
OrderKind = "renewal",
Months = months,
FirstName = userInfo.Name,
LastName = userInfo.Name,
FirstName = requesterName,
LastName = requesterName,
Email = domain?.ContactInfo?.Email,
Phone = domain?.ContactInfo?.Phone,
CommonName = commonName,
Expand Down

0 comments on commit 0fcb293

Please sign in to comment.