Merge 1.1.0 to main#7
Merged
Merged
Conversation
…lity; cleanup; unit tests (#6) * Implemented enrollment, added helper methods and API response handlers * implemented cert retrieval methods on client. * added additional logging, implemented revoke on client * implemented sync and revoke; completed initial functionality * added changelog and license headers * added manifest, disabled auth cert domain check for nexus auth cert * Updated enrollment to include first available procname for enrollment (error when there is no default set). * updated request format for revocation * cleanup * documentation updates * updated project settings for github build * added keyfactor-bootstrap-workflow.yml * updated manifest * added docsource folder * corrected the returned value on a revoke request * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs flattening exception to retain potential useful info Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update docsource/configuration.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/models/Helpers.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerClient.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * added check for partial sync * Update nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * updating manifest for doctool build * added configuration.md to solution * updated gitignore * Now returning Nexus CM processes as product ID's; implemented conditional sync functionality; cleanup; unit tests * Update generated docs * Change starter workflow version and update secrets Updated workflow to use version 3 of the starter workflow and modified secrets. * added .net6.0 build * removed leftover comment from configuration.md * Update generated docs --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Contributor
There was a problem hiding this comment.
Pull request overview
This automated merge brings the 1.1.0 release work into main, updating the Nexus Certificate Manager AnyCA Gateway REST plugin to use Nexus “procedures” as dynamic ProductIDs and adding optional synchronization support driven by an ExtendedCertSearch field.
Changes:
- Switch enrollment/ProductID handling to use Nexus CA procedure names retrieved from
/procedures(and validate non-empty ProductID). - Rework synchronization to support paging (500/page) and optional ProductID resolution via
SyncProcedureField; add extensive unit tests. - Refresh docs/manifest content for the new ProductID + sync behavior.
Reviewed changes
Copilot reviewed 18 out of 19 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Updates plugin description/config docs; currently includes TODO + a broken CHANGELOG link. |
| CHANGELOG.md | Adds 1.1.0 release notes describing procedure ProductIDs, paging, sync gating, etc. |
| docsource/configuration.md | Expanded configuration + sync documentation; currently includes a TODO placeholder. |
| integration-manifest.json | Updates config descriptions and clears product_ids list to reflect dynamic ProductIDs. |
| .github/workflows/keyfactor-bootstrap-workflow.yml | Updates workflow to use keyfactor/actions starter workflow v3 and different secrets. |
| .gitignore | Ignores /.claude/agents. |
| NexusCertManagerCAPlugin.sln | Adds test project; solution items now reference manifest.json (file not present). |
| nexus-certificate-manager-caplugin/INexusCertManagerClient.cs | Introduces client interface for dependency injection and unit testing. |
| nexus-certificate-manager-caplugin/NexusCertManagerClient.cs | Implements interface; adds query-param support for certificate listing; changes revoke/enroll behavior (also introduces security concerns). |
| nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.cs | Adds DI-friendly constructor; switches to System.Text.Json; implements paged sync + ProductID resolution via SyncProcedureField (also logs secrets). |
| nexus-certificate-manager-caplugin/NexusCertManagerCAPluginConfig.cs | Adds SyncProcedureField configuration property. |
| nexus-certificate-manager-caplugin/NexusCertManagerCAPlugin.csproj | Adds InternalsVisibleTo for the new test assembly. |
| nexus-certificate-manager-caplugin/Constants.cs | Adds SyncProcedureField constant and sync page size constant. |
| nexus-certificate-manager-caplugin/models/Helpers.cs | Minor LINQ simplification in ParseSubject. |
| NexusCertManagerCAPlugin.Tests/NexusCertManagerCAPlugin.Tests.csproj | New net8 test project and dependencies (xUnit/Moq/FluentAssertions/etc.). |
| NexusCertManagerCAPlugin.Tests/TestFixtures.cs | Shared test factories and stub certificate payload. |
| NexusCertManagerCAPlugin.Tests/SynchronizeTests.cs | Unit tests covering sync gating, paging, skipping, cancellation, etc. |
| NexusCertManagerCAPlugin.Tests/PluginTests.cs | Unit tests for Enroll/Revoke/GetSingleRecord/GetProductIds/validation/annotations. |
| NexusCertManagerCAPlugin.Tests/HelpersAndModelsTests.cs | Tests for status/revocation mappings, subject parsing, exceptions, request models. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| * **SyncProcedureField** - Optional. Enables certificate synchronization. Set this to the name of the Nexus CA ExtendedCertSearch field (e.g. "field1") that your CA administrator has configured to store the issuing procedure name at enrollment time. When provided, Synchronize will read that field from each certificate to reconstruct its ProductID (procedure name). When omitted, Synchronize is disabled because the Nexus CA API does not natively return the issuing procedure with certificate records. NOTE: Configuring the Nexus CA to populate this field requires custom Java InputView development and AWB policy changes by a CA administrator. This configuration is outside the scope of Keyfactor support. | ||
|
|
||
| 2. For this AnyCA Gateway, there is a single product type named "NexusCM". | ||
| 2. TODO Certificate Template Creation Step is a required section |
| ## CHANGELOG | ||
|
|
||
| The certificate used by the gateway to authenticate into Nexus Certificate Manager must be copied to a location on the Gateway Host accessible by the gateway service. | ||
| See [CHANGELOG.md](../CHANGELOG.md). |
Comment on lines
75
to
+78
| ## Certificate Template Creation Step | ||
|
|
||
| For this AnyCA Gateway, there is a single product type named "NexusCM". No newline at end of file | ||
| TODO Certificate Template Creation Step is a required section | ||
|
|
| CHANGELOG.md = CHANGELOG.md | ||
| docsource\configuration.md = docsource\configuration.md | ||
| integration-manifest.json = integration-manifest.json | ||
| manifest.json = manifest.json |
Comment on lines
+57
to
+58
|
|
||
| var options = new RestClientOptions(url) { ClientCertificates = clientCerts, RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true }; |
| var req = new RestRequest(endpoint, Method.Post); | ||
| req.AddHeader("Content-Type", "application/x-www-form-urlencoded"); | ||
| req.AddParameter("certid", certId); | ||
| req.AddParameter("certId", certId); |
Comment on lines
+385
to
+388
| offset += certs.Count; | ||
| pageCount++; | ||
|
|
||
| } while (offset < totalHits); |
Comment on lines
+446
to
+451
| }; | ||
|
|
||
| if (value == null) | ||
| _logger.LogWarning($"SyncProcedureField '{_config.SyncProcedureField}' is not a recognised ExtendedCertSearch field name. Valid values are: field1, field2, field3, field4, field5, field6."); | ||
|
|
||
| return string.IsNullOrWhiteSpace(value) ? null : value; |
Comment on lines
+60
to
64
| string rawConfig = JsonSerializer.Serialize(configProvider.CAConnectionData); | ||
| _logger.LogTrace($"serialized configuration values: \n{rawConfig}\n"); | ||
| _config = JsonConvert.DeserializeObject<NexusCertManagerCAPluginConfig>(rawConfig); | ||
| _config = JsonSerializer.Deserialize<NexusCertManagerCAPluginConfig>(rawConfig, _jsonOptions); | ||
| _logger.LogTrace($"deserialized the configuration:\nAuthCertPath: {_config.AuthCertificatePath}\nHost: {_config.Host}\nAuthCertPassword: {_config.AuthCertPassword}"); | ||
| _client = new NexusCertManagerClient(_config.Host, _config.AuthCertificatePath, _config.AuthCertPassword); // need to set the values |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge release-1.1 to main - Automated PR