Merge da3557d into f9a79a9

Author: joevanwanzeeleKF

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -0,0 +1,19 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

CHANGELOG.md

@@ -0,0 +1,2 @@
+### 1.0.0
+* initial release

NexusCertManagerCAPlugin.sln

@@ -5,10 +5,11 @@ VisualStudioVersion = 17.11.35327.3
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NexusCertManagerCAPlugin", "nexus-certificate-manager-caplugin\NexusCertManagerCAPlugin.csproj", "{5107B3B8-4F3A-4A1B-BE0E-AF6A1A0B2995}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docsource", "docsource", "{40A1F9A6-A56D-4A38-8CAE-2E23676AE243}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{4FA0BDF6-B41E-4E00-805F-AE79B894784A}"
 	ProjectSection(SolutionItems) = preProject
+		CHANGELOG.md = CHANGELOG.md
+		docsource\configuration.md = docsource\configuration.md
+		integration-manifest.json = integration-manifest.json
 		manifest.json = manifest.json
 	EndProjectSection
 EndProject

docsource/configuration.md

@@ -0,0 +1,24 @@
+## Overview
+
+The Nexus Certificate Manager AnyCA REST plugin extends the capabilities of the Nexus Certificate Manager product to Keyfactor Command via the Keyfactor AnyCA Gateway REST. The plugin represents a fully featured AnyCA REST Plugin with the following capabilies:
+* Certificate Synchronization
+* Certificate Enrollment
+* Certificate Revocation
+
+## Requirements
+
+- The host URL for the instance of Nexus Certificate Manager
+- A certificate in the pfx format to use for authentication into Nexus Certificate Manager, located on the Gateway Host
+- The passphrase for the pfx certificate
+
+## Gateway Registration
+
+In order to enroll certificates the Keyfactor Command server must trust the CA chain. Once you identify your Root and/or Subordinate CA used by the Nexus Certificate Manager platform, make sure to download and import the certificate chain into the Command Server certificate store
+
+## CA Connection
+
+The certificate used by the gateway for authenticating into the Nexus Certificate Manager will need to be copied to a location on the Gateway Host that is accessble by the gateway service.  The Certificate Path 
+
+## Certificate Template Creation Step
+
+For this AnyCA Gateway, there is a single product type named "NexusCM".

integration-manifest.json

@@ -0,0 +1,37 @@
+{
+  "$schema": "https://keyfactor.github.io/v2/integration-manifest-schema.json",
+  "integration_type": "anyca-plugin",
+  "name": "Nexus Certificate Maanager AnyCA REST Gateway Plugin",
+  "status": "prototype",
+  "support_level": "kf-community",
+  "link_github": false,
+  "update_catalog": false,
+  "description": "Nexus Certificate Manager plugin for the AnyCA REST Gateway framework",
+  "gateway_framework": "25.2.0",
+  "release_dir": "nexus-certificate-manager-caplugin/bin/Release",
+  "release_project": "nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj",
+  "about": {
+    "carest": {
+      "product_ids": [ "NexusCM" ],
+      "ca_plugin_config": [
+        {
+          "name": "Host",
+          "description": "The URI of the instance of the Nexus Certificate Manager API, including port.  example: https://127.0.0.1:8444"
+        },
+        {
+          "name": "AuthCertificatePath",
+          "description": "The path on the AnyCA Gateway host where the PFX certificate that will be used for authentication can be found. example: 'C:\\Program Files\\Keyfactor\\Keyfactor AnyCA Gateway\\AnyGatewayREST\\net8.0\\my_auth_cert.pfx'"
+        },
+        {
+          "name": "AuthCertPassword",
+          "description": "The password for the PFX certificate located on the AnyCA Gateway Host that will be used for authentication into Nexus Certificate Manager"
+        },
+        {
+          "name": "Enabled",
+          "description": "Flag to enable or disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
+        }
+      ],
+      "enrollment_config": []
+    }
+  }
+}

nexus-certificate-manager-caplugin/Constants.cs

@@ -0,0 +1,45 @@
+
+//  Copyright 2025 Keyfactor
+//  Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+//  Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+//  and limitations under the License.
+
+namespace Keyfactor.Extensions.CAPlugin.NexusCertManager
+{
+    public static class Constants
+    {
+        //names
+        public const string HOST = "Host";
+        public const string AUTHCERTPATH = "AuthCertificatePath";
+        public const string ENABLED = "Enabled";        
+        public const string AUTHCERTPASSWORD = "AuthCertPassword";
+
+
+        //values
+        public const string APIPATH = "pgwy/api";
+        public const string PRODUCTID = "NexusCM";
+        public const string PKCS7MIMETYPE = "application/pkcs7-mime";
+        public const string PEMCHAIN = "application/pem-certificate-chain";
+
+        public const string MEDIATYPE_PKCS10 = "pkcs10";
+        public const string MEDIATYPE_PKCS12 = "pkcs12";
+        public const string MEDIATYPE_SMARTCARD = "smartcard";
+        public const string MEDIATYPE_ATTRIBUTECERT = "attributecertificate";
+        public const string MEDIATYPE_DATA = "data";
+    }
+
+    public static class ApiEndpoints 
+    {
+        public const string LISTCERTS = "/certificates"; //get
+        public static string DOWNLOADCERT(string certId) => $"/certificates/{certId}/download"; //get 
+        public static string CERTDETAILS(string certId) => $"/certificates/{certId}/details"; //get
+
+        public const string REVOKE = "/certificates/revoke"; //post
+
+        public const string ENROLL = "/certificates/pkcs10"; //post
+
+        public const string LISTPROCEDURES = "/procedures";
+    }
+}