fixed field issues

bhillkeyfactor · bhillkeyfactor · commit f55be6f3ecf6 · 2026-03-17T14:10:53.000-04:00
diff --git a/SslStoreCaProxy/Interfaces/IRequestManager.cs b/SslStoreCaProxy/Interfaces/IRequestManager.cs
@@ -1,12 +1,13 @@
+using System.Collections.Generic;
 using Keyfactor.AnyGateway.Extensions;
 using Keyfactor.AnyGateway.SslStore.Client.Models;
 
 namespace Keyfactor.AnyGateway.SslStore.Interfaces
 {
     public interface IRequestManager
     {
-        NewOrderRequest GetEnrollmentRequest(string csr, EnrollmentProductInfo productInfo,
-            IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder);
+        NewOrderRequest GetEnrollmentRequest(string csr, string subject, Dictionary<string, string[]> san,
+            EnrollmentProductInfo productInfo, IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder);
 
         AuthRequest GetAuthRequest();
         ReIssueRequest GetReIssueRequest(INewOrderResponse orderData, string csr, bool isRenewal);
diff --git a/SslStoreCaProxy/ProductDefinitions.cs b/SslStoreCaProxy/ProductDefinitions.cs
@@ -102,7 +102,7 @@ private static List<EnrollmentField> LegacyFullFields(List<string> validity)
                 DropdownField("Signature Hash Algorithm", SignatureHashAlgorithms),
                 DropdownField("Web Server Type", WebServerTypes),
                 TextField("Server Count"),
-                DropdownField("Validity Period (In Months)", validity),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization Region"),
@@ -115,7 +115,7 @@ private static List<EnrollmentField> LegacyFullFields(List<string> validity)
         // Group 1b: Legacy Full + DNS Names + Jurisdiction (38 fields) - digi_quickssl_md
         private static List<EnrollmentField> LegacyFullDnsJurisdictionFields(List<string> validity)
         {
-            var fields = new List<EnrollmentField> { TextField("DNS Names Comma Separated") };
+            var fields = new List<EnrollmentField>();
             fields.AddRange(LegacyFullFields(validity));
             // Insert Jurisdiction Country before Organization Phone (at the end)
             fields.Insert(fields.Count - 1, DropdownField("Organization Jurisdiction Country", CountryCodes));
@@ -127,8 +127,8 @@ private static List<EnrollmentField> EoMinimalFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
-                DropdownField("Validity Period (In Months)", ValidityDigicert),
+
+                TextField("Validity Period (In Days)"),
                 DropdownField("Organization ID", new List<string>())
             };
         }
@@ -140,7 +140,7 @@ private static List<EnrollmentField> SectigoOvFields()
             {
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
@@ -155,13 +155,13 @@ private static List<EnrollmentField> DigiCertOvFlexFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - First Name"),
                 TextField("Admin Contact - Last Name"),
                 TextField("Admin Contact - Phone"),
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityDigicert),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization City"),
@@ -179,7 +179,7 @@ private static List<EnrollmentField> DvMinimalFields()
             {
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard)
+                TextField("Validity Period (In Days)")
             };
         }
 
@@ -188,14 +188,14 @@ private static List<EnrollmentField> DigiCertEvFlexFields(string regionFieldName
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - First Name"),
                 TextField("Admin Contact - Last Name"),
                 TextField("Admin Contact - Phone"),
                 TextField("Admin Contact - Email"),
                 TextField("Admin Contact - Title"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityDigicert),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization City"),
@@ -211,10 +211,10 @@ private static List<EnrollmentField> DvMdcFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard)
+                TextField("Validity Period (In Days)")
             };
         }
 
@@ -225,7 +225,7 @@ private static List<EnrollmentField> DigiCertDvRapidSslFields()
             {
                 TextField("Technical Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityDigicert)
+                TextField("Validity Period (In Days)")
             };
         }
 
@@ -234,10 +234,10 @@ private static List<EnrollmentField> DigiCertDvGeoTrustFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Technical Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityDigicert)
+                TextField("Validity Period (In Days)")
             };
         }
 
@@ -248,7 +248,7 @@ private static List<EnrollmentField> EvJurisdictionFields()
             {
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
@@ -264,10 +264,10 @@ private static List<EnrollmentField> EvMdcJurisdictionFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
@@ -283,10 +283,10 @@ private static List<EnrollmentField> EvMdcJurisdictionAltFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
@@ -302,10 +302,10 @@ private static List<EnrollmentField> OvMdcFields()
         {
             return new List<EnrollmentField>
             {
-                TextField("DNS Names Comma Separated"),
+
                 TextField("Admin Contact - Email"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
@@ -322,7 +322,7 @@ private static List<EnrollmentField> EnterpriseProOvFields()
             {
                 TextField("Admin Contact - First Name"),
                 TextField("Approver Email"),
-                DropdownField("Validity Period (In Months)", ValidityStandard),
+                TextField("Validity Period (In Days)"),
                 TextField("Organization Name"),
                 TextField("Organization Address"),
                 TextField("Organization State/Province"),
diff --git a/SslStoreCaProxy/RequestManager.cs b/SslStoreCaProxy/RequestManager.cs
@@ -28,8 +28,8 @@ public RequestManager(SslStoreCaProxy sslStoreCaProxy)
             _sslStoreCaProxy = sslStoreCaProxy;
         }
 
-        public NewOrderRequest GetEnrollmentRequest(string csr, EnrollmentProductInfo productInfo,
-            IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder)
+        public NewOrderRequest GetEnrollmentRequest(string csr, string subject, Dictionary<string, string[]> san,
+            EnrollmentProductInfo productInfo, IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder)
         {
             var pemCsr = ConvertCsrToPem(csr);
 
@@ -41,7 +41,7 @@ public NewOrderRequest GetEnrollmentRequest(string csr, EnrollmentProductInfo pr
                 MissingMemberHandling = MissingMemberHandling.Ignore
             };
             var request = BuildNewOrderRequest(productInfo,
-                JsonConvert.DeserializeObject<TemplateNewOrderRequest>(sampleRequest, settings), pemCsr, isRenewalOrder);
+                JsonConvert.DeserializeObject<TemplateNewOrderRequest>(sampleRequest, settings), pemCsr, subject, san, isRenewalOrder);
 
             return request;
         }
@@ -251,11 +251,21 @@ public TechnicalContact GetTechnicalContact(INewOrderResponse productInfo)
         }
 
         private NewOrderRequest BuildNewOrderRequest(EnrollmentProductInfo productInfo,
-            TemplateNewOrderRequest newOrderRequest, string csr, bool isRenewal)
+            TemplateNewOrderRequest newOrderRequest, string csr, string subject, Dictionary<string, string[]> san, bool isRenewal)
         {
             var customOrderId = Guid.NewGuid().ToString();
             productInfo.ProductParameters.Add("CustomOrderId", customOrderId);
 
+            // Extract domain name from CSR subject CN
+            var domainName = subject?.Split(',')
+                .Select(p => p.Trim())
+                .Where(p => p.StartsWith("CN=", StringComparison.OrdinalIgnoreCase))
+                .Select(p => p.Substring(3))
+                .FirstOrDefault() ?? "";
+
+            // Extract DNS SANs from Keyfactor san parameter
+            var dnsNames = san != null && san.ContainsKey("dns") ? san["dns"] : Array.Empty<string>();
+
             var request =
                 new JObject(
                     new JObject(
@@ -289,12 +299,12 @@ private NewOrderRequest BuildNewOrderRequest(EnrollmentProductInfo productInfo,
                                         CreatePropertyFromTemplate(
                                             "$.OrganizationInfo.OrganizationAddress.LocalityName", productInfo,
                                             newOrderRequest))))),
-                        CreatePropertyFromTemplate("$.ValidityPeriod", productInfo, newOrderRequest),
+                        new JProperty("ValidityPeriod", ConvertDaysToMonths(productInfo)),
                         new JProperty("ServerCount", 1),
                         new JProperty("CSR", csr),
-                        CreatePropertyFromTemplate("$.DomainName", productInfo, newOrderRequest),
+                        new JProperty("DomainName", domainName),
                         new JProperty("WebServerType", "Other"),
-                        CreatePropertyFromTemplate("$.DNSNames", productInfo, newOrderRequest, true),
+                        new JProperty("DNSNames", new JArray(dnsNames)),
                         new JProperty("isCUOrder", false),
                         CreatePropertyFromTemplate("$.AutoWWW", productInfo, newOrderRequest),
                         new JProperty("IsRenewalOrder", isRenewal),
@@ -395,6 +405,21 @@ private JProperty CreatePropertyFromTemplate(string propertyPath, EnrollmentProd
             return new JProperty(propertyPath.Substring(propertyPath.LastIndexOf('.') + 1), null);
         }
 
+        private long ConvertDaysToMonths(EnrollmentProductInfo productInfo)
+        {
+            if (productInfo.ProductParameters.ContainsKey("Validity Period (In Days)") &&
+                long.TryParse(productInfo.ProductParameters["Validity Period (In Days)"], out var days))
+            {
+                // Convert days to months, rounding up so short-lived certs (e.g. 90 days) get at least 1 month
+                var months = (long)Math.Ceiling(days / 30.0);
+                _logger.LogTrace($"Validity conversion: {days} days -> {months} months");
+                return months;
+            }
+
+            _logger.LogWarning("Validity Period (In Days) not found or invalid, defaulting to 12 months");
+            return 12;
+        }
+
         private string ExtractOrgId(string organization)
         {
             if (organization != null)
diff --git a/SslStoreCaProxy/SslStoreCAPluginConfig.cs b/SslStoreCaProxy/SslStoreCAPluginConfig.cs
@@ -71,25 +71,18 @@ public static Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotat
         {
             return new Dictionary<string, PropertyConfigInfo>()
             {
-                ["DNS Names Comma Separated"] = new PropertyConfigInfo()
-                {
-                    Comments = "Comma-separated list of DNS names (SANs) for the certificate.",
-                    Hidden = false,
-                    DefaultValue = "",
-                    Type = "String"
-                },
                 ["Approver Email"] = new PropertyConfigInfo()
                 {
                     Comments = "Comma-separated approver email address(es) for domain validation.",
                     Hidden = false,
                     DefaultValue = "",
                     Type = "String"
                 },
-                ["Validity Period (In Months)"] = new PropertyConfigInfo()
+                ["Validity Period (In Days)"] = new PropertyConfigInfo()
                 {
-                    Comments = "Certificate validity period in months (e.g. 12, 24, 36, 48, 60, 72).",
+                    Comments = "Certificate validity period in days (e.g. 90, 365, 730).",
                     Hidden = false,
-                    DefaultValue = "12",
+                    DefaultValue = "365",
                     Type = "String"
                 },
                 ["Admin Contact - First Name"] = new PropertyConfigInfo()
diff --git a/SslStoreCaProxy/SslStoreCaProxy.cs b/SslStoreCaProxy/SslStoreCaProxy.cs
@@ -167,24 +167,33 @@ public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionar
 
                     if (!productInfo.ProductParameters.ContainsKey("PriorCertSN"))
                     {
-                        string[] arrayProducts = Array.Empty<string>();
-                        string[] arrayApproverEmails = Array.Empty<string>();
+                        // Extract domain name from CSR subject and SANs from the Keyfactor san parameter
+                        var domainName = subject?.Split(',')
+                            .Select(p => p.Trim())
+                            .Where(p => p.StartsWith("CN=", StringComparison.OrdinalIgnoreCase))
+                            .Select(p => p.Substring(3))
+                            .FirstOrDefault() ?? "";
+                        _logger.LogTrace($"Domain Name from subject: {domainName}");
 
-                        if (productInfo.ProductParameters.ContainsKey("DNS Names Comma Separated"))
-                        {
-                            _logger.LogTrace($"DNS Comma Separated {productInfo.ProductParameters["DNS Names Comma Separated"]}");
-                            arrayProducts = productInfo.ProductParameters["DNS Names Comma Separated"].Split(new char[] { ',' });
-                        }
+                        var dnsNames = san != null && san.ContainsKey("dns") ? san["dns"] : Array.Empty<string>();
+                        _logger.LogTrace($"DNS Names from SAN: {string.Join(",", dnsNames)}");
+
+                        string[] arrayApproverEmails = Array.Empty<string>();
                         if (productInfo.ProductParameters.ContainsKey("Approver Email"))
                         {
                             _logger.LogTrace($"Approver Email {productInfo.ProductParameters["Approver Email"]}");
                             arrayApproverEmails = productInfo.ProductParameters["Approver Email"].Split(new char[] { ',' });
                         }
 
+                        // Validate approver emails against all domains (CN + SANs)
+                        var allDomains = new List<string>();
+                        if (!string.IsNullOrEmpty(domainName)) allDomains.Add(domainName);
+                        allDomains.AddRange(dnsNames.Where(d => !string.Equals(d, domainName, StringComparison.OrdinalIgnoreCase)));
+
                         var count = 1;
-                        foreach (var product in arrayProducts)
+                        foreach (var domain in allDomains)
                         {
-                            var emailApproverRequest = _requestManager.GetEmailApproverListRequest(productInfo.ProductID, product);
+                            var emailApproverRequest = _requestManager.GetEmailApproverListRequest(productInfo.ProductID, domain);
                             _logger.LogTrace($"Email Approver Request JSON {JsonConvert.SerializeObject(emailApproverRequest)}");
 
                             var emailApproverResponse = await client.SubmitEmailApproverRequestAsync(emailApproverRequest);
@@ -204,7 +213,7 @@ public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionar
                             count++;
                         }
 
-                        var enrollmentRequest = _requestManager.GetEnrollmentRequest(csr, productInfo, Config, false);
+                        var enrollmentRequest = _requestManager.GetEnrollmentRequest(csr, subject, san, productInfo, Config, false);
                         _logger.LogTrace($"enrollmentRequest JSON {JsonConvert.SerializeObject(enrollmentRequest)}");
 
                         enrollmentResponse = await client.SubmitNewOrderRequestAsync(enrollmentRequest);

Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,13 @@`
	`1`	`+using System.Collections.Generic;`
`1`	`2`	`using Keyfactor.AnyGateway.Extensions;`
`2`	`3`	`using Keyfactor.AnyGateway.SslStore.Client.Models;`
`3`	`4`
`4`	`5`	`namespace Keyfactor.AnyGateway.SslStore.Interfaces`
`5`	`6`	`{`
`6`	`7`	`public interface IRequestManager`
`7`	`8`	`{`
`8`		`- NewOrderRequest GetEnrollmentRequest(string csr, EnrollmentProductInfo productInfo,`
`9`		`- IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder);`
	`9`	`+ NewOrderRequest GetEnrollmentRequest(string csr, string subject, Dictionary<string, string[]> san,`
	`10`	`+ EnrollmentProductInfo productInfo, IAnyCAPluginConfigProvider configProvider, bool isRenewalOrder);`
`10`	`11`
`11`	`12`	`AuthRequest GetAuthRequest();`
`12`	`13`	`ReIssueRequest GetReIssueRequest(INewOrderResponse orderData, string csr, bool isRenewal);`