Merge bb67d56 into 331bbe6

dgaley · web-flow · commit 38fe3eccea70 · 2026-04-27T14:12:18.000Z
diff --git a/src/GlobalSignCAProxy/Client/GlobalSignApiClient.cs b/src/GlobalSignCAProxy/Client/GlobalSignApiClient.cs
@@ -195,53 +195,50 @@ public CAConnectorCertificate PickupCertificateById(string caRequestId)
 				}
 			};
 
-			int retryCounter = 0;
-			while (retryCounter <= Config.PickupRetries)
+			using (var service = this.QueryService)
 			{
-				using (var service = this.QueryService)
-				{
-					var response = service.GetOrderByOrderID(request);
+				var response = service.GetOrderByOrderID(request);
 
-					if (response.OrderResponseHeader.SuccessCode == 0)
+				if (response.OrderResponseHeader.SuccessCode == 0)
+				{
+					Logger.Debug($"Order with order ID {caRequestId} successfully picked up");
+					GlobalSignOrderStatus orderStatus = (GlobalSignOrderStatus)Enum.Parse(typeof(GlobalSignOrderStatus), response.OrderDetail.CertificateInfo.CertificateStatus);
+					if (orderStatus == GlobalSignOrderStatus.Issued)
 					{
-						Logger.Debug($"Order with order ID {caRequestId} successfully picked up");
-						GlobalSignOrderStatus orderStatus = (GlobalSignOrderStatus)Enum.Parse(typeof(GlobalSignOrderStatus), response.OrderDetail.CertificateInfo.CertificateStatus);
-						if (orderStatus == GlobalSignOrderStatus.Issued)
+						DateTime? orderDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderDate, out DateTime orderDateTime) ? orderDateTime : (DateTime?)null;
+						DateTime? completeDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderCompleteDate, out DateTime orderCompleteDate) ? orderCompleteDate : (DateTime?)null;
+						DateTime? deactivateDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderDeactivatedDate, out DateTime orderDeactivateDate) ? orderDeactivateDate : (DateTime?)null;
+						Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
+						return new CAConnectorCertificate()
 						{
-							DateTime? orderDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderDate, out DateTime orderDateTime) ? orderDateTime : (DateTime?)null;
-							DateTime? completeDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderCompleteDate, out DateTime orderCompleteDate) ? orderCompleteDate : (DateTime?)null;
-							DateTime? deactivateDate = DateTime.TryParse(response?.OrderDetail?.OrderInfo?.OrderDeactivatedDate, out DateTime orderDeactivateDate) ? orderDeactivateDate : (DateTime?)null;
-							Logger.MethodExit(ILogExtensions.MethodLogLevel.Debug);
-							return new CAConnectorCertificate()
-							{
-								CARequestID = caRequestId,
-								ProductID = response.OrderDetail.OrderInfo.ProductCode,
-								SubmissionDate = orderDate,
-								ResolutionDate = completeDate,
-								Status = OrderStatus.ConvertToKeyfactorStatus(orderStatus),
-								CSR = response.OrderDetail.Fulfillment.OriginalCSR,
-								Certificate = response.OrderDetail.Fulfillment.ServerCertificate.X509Cert,
-								RevocationReason = 0,
-								RevocationDate = orderStatus == GlobalSignOrderStatus.Revoked ? deactivateDate : new DateTime?()
-							};
-						}
-					}
-					retryCounter++;
-					string logMsg = $"Pickup certificate failed for order ID {caRequestId}. Attempt {retryCounter} of {Config.PickupRetries}.";
-					if (retryCounter < Config.PickupRetries)
-					{
-						logMsg = logMsg + " Retrying...";
+							CARequestID = caRequestId,
+							ProductID = response.OrderDetail.OrderInfo.ProductCode,
+							SubmissionDate = orderDate,
+							ResolutionDate = completeDate,
+							Status = OrderStatus.ConvertToKeyfactorStatus(orderStatus),
+							CSR = response.OrderDetail.Fulfillment.OriginalCSR,
+							Certificate = response.OrderDetail.Fulfillment.ServerCertificate.X509Cert,
+							RevocationReason = 0,
+							RevocationDate = orderStatus == GlobalSignOrderStatus.Revoked ? deactivateDate : new DateTime?()
+						};
 					}
-					Logger.Debug(logMsg);
-					Thread.Sleep(Config.PickupDelay * 1000);//convert seconds to ms for delay.
 				}
+
+				string logMsg = $"Certificate for order {caRequestId} was not immediately available. Once issued, it should be picked up by the next gateway sync.";
+
+				Logger.Info(logMsg);
 			}
 
+
 			var gsError = GlobalSignErrorIndex.GetGlobalSignError(-9916);
 			string errorMsg = "Unable to pickup certificate during configured pickup window. Check for required approvals in GlobalSign portal. This can also be caused by a delay with GlobalSign, in which case the certificate will get picked up by a future sync";
 			Logger.Error(errorMsg);
 			Logger.Error(gsError.DetailedMessage);
-			throw new UnsuccessfulRequestException(errorMsg, gsError.HResult);
+			return new CAConnectorCertificate()
+			{
+				CARequestID = caRequestId,
+				Status = 13          //ExternalValidation
+			};
 		}
 
 		public List<DomainDetail> GetDomains()
@@ -419,6 +416,16 @@ public EnrollmentResult Reissue(GlobalSignReissueRequest reissueRequest, string
 				{
 					Logger.Debug($"Reissue request successfully submitted");
 					var pickupResponse = PickupCertificateById(response.OrderID);
+
+					if (pickupResponse.Status == 13)
+					{
+						return new EnrollmentResult
+						{
+							CARequestID = response.OrderID,
+							Status = (int)CSS.PKI.PKIConstants.Microsoft.RequestDisposition.EXTERNAL_VALIDATION
+						};
+					}
+
 					var cert = CertificateConverterFactory.FromPEM(pickupResponse.Certificate).ToX509Certificate2();
 
 					if (pickupResponse.Status == 20 || (cert.SerialNumber != priorSn))
diff --git a/src/GlobalSignCAProxy/GlobalSignCAProxy.cs b/src/GlobalSignCAProxy/GlobalSignCAProxy.cs
@@ -151,11 +151,6 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
 							|| commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();
 				}
 
-				if (matchedDomains == null || matchedDomains.Count == 0)
-				{
-					throw new Exception("Unable to determine GlobalSign domain");
-				}
-
 				if (matchedDomains.Count == 1)
 				{
 					domain = matchedDomains[0];
@@ -175,6 +170,10 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe
 							throw new Exception($"No domain matching common name {commonName} has provided MSSLProfileID of {profID}. Check configuration.");
 						}
 					}
+					else
+					{
+						throw new Exception("Unable to determine GlobalSign domain, and no MSSLProfileID provided.");
+					}
 				}
 
 				Logger.Debug($"Domain info:\nDomain Name: {domain?.DomainName}\nMsslDomainId: {domain?.DomainID}\nMsslProfileId: {domain?.MSSLProfileID}");
@@ -478,4 +477,5 @@ private static string ParseSubject(string subject, string rdn)
 
 		#endregion Private Methods
 	}
-}
+
+}

Original file line number	Diff line number	Diff line change
`@@ -151,11 +151,6 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe`
`151`	`151`	`\|\| commonName.EndsWith($".{d.DomainName}", StringComparison.OrdinalIgnoreCase)).ToList();`
`152`	`152`	`}`
`153`	`153`
`154`		`- if (matchedDomains == null \|\| matchedDomains.Count == 0)`
`155`		`- {`
`156`		`- throw new Exception("Unable to determine GlobalSign domain");`
`157`		`- }`
`158`		`-`
`159`	`154`	`if (matchedDomains.Count == 1)`
`160`	`155`	`{`
`161`	`156`	`domain = matchedDomains[0];`
`@@ -175,6 +170,10 @@ public override EnrollmentResult Enroll(ICertificateDataReader certificateDataRe`
`175`	`170`	`throw new Exception($"No domain matching common name {commonName} has provided MSSLProfileID of {profID}. Check configuration.");`
`176`	`171`	`}`
`177`	`172`	`}`
	`173`	`+ else`
	`174`	`+ {`
	`175`	`+ throw new Exception("Unable to determine GlobalSign domain, and no MSSLProfileID provided.");`
	`176`	`+ }`
`178`	`177`	`}`
`179`	`178`
`180`	`179`	`Logger.Debug($"Domain info:\nDomain Name: {domain?.DomainName}\nMsslDomainId: {domain?.DomainID}\nMsslProfileId: {domain?.MSSLProfileID}");`
`@@ -478,4 +477,5 @@ private static string ParseSubject(string subject, string rdn)`
`478`	`477`
`479`	`478`	`#endregion Private Methods`
`480`	`479`	`}`
`481`		`-}`
	`480`	`+`
	`481`	`+}`