fixed renewal window issues

bhillkeyfactor · bhillkeyfactor · commit 61759509b7aa · 2026-03-18T15:57:58.000-04:00
diff --git a/SslStoreCaProxy/SslStoreCAPluginConfig.cs b/SslStoreCaProxy/SslStoreCAPluginConfig.cs
@@ -14,6 +14,7 @@ public class ConfigConstants
             public static string AuthToken = "AuthToken";
             public static string PageSize = "PageSize";
             public static string Enabled = "Enabled";
+            public static string RenewalWindow = "RenewalWindow";
         }
 
         public class Config
@@ -23,6 +24,7 @@ public class Config
             public string AuthToken { get; set; }
             public int PageSize { get; set; } = DefaultPageSize;
             public bool Enabled { get; set; }
+            public int RenewalWindow { get; set; } = 30;
         }
 
         public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
@@ -63,6 +65,13 @@ public static Dictionary<string, PropertyConfigInfo> GetPluginAnnotations()
                     Hidden = false,
                     DefaultValue = true,
                     Type = "Bool"
+                },
+                [ConfigConstants.RenewalWindow] = new PropertyConfigInfo()
+                {
+                    Comments = "Number of days before order expiry to trigger a renewal instead of a reissue.",
+                    Hidden = false,
+                    DefaultValue = 30,
+                    Type = "Number"
                 }
             };
         }
diff --git a/SslStoreCaProxy/SslStoreCaProxy.cs b/SslStoreCaProxy/SslStoreCaProxy.cs
@@ -28,6 +28,7 @@ public class SslStoreCaProxy : IAnyCAPlugin
         public string PartnerCode { get; set; }
         public string AuthenticationToken { get; set; }
         public int PageSize { get; set; }
+        public int RenewalWindow { get; set; }
 
         public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader)
         {
@@ -42,6 +43,7 @@ public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDa
                 PartnerCode = _config.PartnerCode;
                 AuthenticationToken = _config.AuthToken;
                 PageSize = _config.PageSize > 0 ? _config.PageSize : SslStoreCAPluginConfig.DefaultPageSize;
+                RenewalWindow = _config.RenewalWindow > 0 ? _config.RenewalWindow : 30;
 
                 _requestManager = new RequestManager(this);
 
@@ -245,16 +247,32 @@ public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionar
                     var orderStatusResponse = await client.SubmitOrderStatusRequestAsync(orderStatusRequest);
                     _logger.LogTrace($"orderStatusResponse JSON {JsonConvert.SerializeObject(orderStatusResponse)}");
 
-                    // Try renewal first, fall back to reissue
-                    var renewRequest = _requestManager.GetRenewalRequest(orderStatusResponse, csr);
-                    _logger.LogTrace($"renewRequest JSON {JsonConvert.SerializeObject(renewRequest)}");
+                    // Determine renewal vs reissue based on order expiry and RenewalWindow
+                    var shouldRenew = false;
+                    if (DateTime.TryParse(orderStatusResponse.OrderExpiryDateInUtc, out var orderExpiry))
+                    {
+                        var daysUntilOrderExpiry = (orderExpiry - DateTime.UtcNow).TotalDays;
+                        _logger.LogTrace($"Order expiry: {orderExpiry:u}, days remaining: {daysUntilOrderExpiry:F0}, renewal window: {RenewalWindow} days");
+                        shouldRenew = daysUntilOrderExpiry <= RenewalWindow;
+                    }
+                    else
+                    {
+                        _logger.LogWarning($"Could not parse OrderExpiryDateInUTC '{orderStatusResponse.OrderExpiryDateInUtc}', defaulting to renewal");
+                        shouldRenew = true;
+                    }
 
-                    enrollmentResponse = await client.SubmitRenewRequestAsync(renewRequest);
-                    _logger.LogTrace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
+                    if (shouldRenew)
+                    {
+                        _logger.LogTrace("Order is within renewal window, performing renewal (new order)...");
+                        var renewRequest = _requestManager.GetRenewalRequest(orderStatusResponse, csr);
+                        _logger.LogTrace($"renewRequest JSON {JsonConvert.SerializeObject(renewRequest)}");
 
-                    if (enrollmentResponse != null && enrollmentResponse.AuthResponse != null && enrollmentResponse.AuthResponse.IsError)
+                        enrollmentResponse = await client.SubmitRenewRequestAsync(renewRequest);
+                        _logger.LogTrace($"enrollmentResponse JSON {JsonConvert.SerializeObject(enrollmentResponse)}");
+                    }
+                    else
                     {
-                        _logger.LogTrace("Renewal failed, attempting reissue...");
+                        _logger.LogTrace("Order has life remaining, performing reissue (same order)...");
                         var reIssueRequest = _requestManager.GetReIssueRequest(orderStatusResponse, csr, false);
                         _logger.LogTrace($"reIssueRequest JSON {JsonConvert.SerializeObject(reIssueRequest)}");
 
