Merge 0ca63d8 into e30f109

Author: mkachk

.github/workflows/keyfactor-bootstrap-workflow-v3.yml

@@ -0,0 +1,29 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v4
+    permissions:
+      contents: write  # Explicitly grant write permission
+    with:
+      command_token_url: ${{ vars.COMMAND_TOKEN_URL }}
+      command_hostname: ${{ vars.COMMAND_HOSTNAME }}
+      command_base_api_path: ${{ vars.COMMAND_API_PATH }}
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
+      entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }}
+      entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }}
+      command_client_id: ${{ secrets.COMMAND_CLIENT_ID }}
+      command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }}

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -103,6 +103,7 @@ This extension uses the contact information of the GCC Domain point of contact f
         * **RetryCount** - This is the number of times the AnyGateway will attempt to pickup an new certificate before reporting an error. Default is 5. 
         * **SyncIntervalDays** - OPTIONAL: Required if SyncStartDate is used. Specifies how to page the certificate sync. Should be a value such that no interval of that length contains > 500 certificate enrollments. 
         * **SyncStartDate** - If provided, full syncs will start at the specified date. 
+        * **Enabled** - Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available. 
 
 2. Define [Certificate Profiles](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm) and [Certificate Templates](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) for the Certificate Authority as required. One Certificate Profile must be defined per Certificate Template. It's recommended that each Certificate Profile be named after the Product ID. The GlobalSign MSSL   Gateway plugin supports the following product IDs:
 

README.md

@@ -26,6 +26,13 @@ public GlobalSignApiClient(GlobalSignCAConfig config, ILogger logger)
         Logger = logger;
         Config = config;
         // Logger = LogHandler.GetClassLogger(this.GetType());
+        var enabled =config.Enabled;
+        if (!enabled)
+        {
+            Logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation and MSSL Client creation...");
+            Logger.MethodExit();
+            return;
+        }
         QueryService = new GASV1Client
         {
             Endpoint = { Address = new EndpointAddress(config.GetUrl(GlobalSignServiceType.QUERY)), Name = "QUERY" }

globalsign-mssl-caplugin/Client/GlobalSignApiClient.cs

@@ -21,6 +21,7 @@ internal class Constants
     public static string PICKUPDELAY = "DelayTime";
     public static string SYNCSTARTDATE = "SyncStartDate";
     public static string SYNCINTERNVALDAYS = "SyncIntervalDays";
+    public static string Enabled = "Enabled";
 }
 
 public static class EnrollmentConfigConstants

globalsign-mssl-caplugin/Constants.cs

@@ -32,7 +32,7 @@ public class GlobalSignCAConfig
 
     public string SyncStartDate { get; set; } = "";
     public int SyncIntervalDays { get; set; } = 0;
-
+    public bool Enabled { get; set; } = true;
 
     public string GetUrl(GlobalSignServiceType queryType)
     {

globalsign-mssl-caplugin/GlobalSignCAConfig.cs

@@ -23,16 +23,24 @@ public class GlobalSignCAPlugin : IAnyCAPlugin
     private ICertificateDataReader? _certificateDataReader; 
     private ILogger Logger;
 
-    private GlobalSignCAConfig Config { get; set; } = new(); 
-
+    private GlobalSignCAConfig Config { get; set; } = new();
+    private bool _enabled = false;
 
     public void Initialize(IAnyCAPluginConfigProvider configProvider, ICertificateDataReader certificateDataReader)
     {
         Logger = LogHandler.GetClassLogger(GetType());
         Logger.MethodEntry();
+        _enabled = (bool)configProvider.CAConnectionData["Enabled"];
+        if (!_enabled)
+        {
+            Logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation and MSSL Client creation...");
+            Logger.MethodExit();
+            return;
+        }
         Config = new GlobalSignCAConfig
         {
             IsTest = bool.Parse((string)configProvider.CAConnectionData["TestAPI"]),
+            Enabled = bool.Parse((string)configProvider.CAConnectionData["Enabled"]),
             Password = (string)configProvider.CAConnectionData["GlobalSignPassword"],
             Username = (string)configProvider.CAConnectionData["GlobalSignUsername"],
             PickupDelay = int.Parse((string)configProvider.CAConnectionData["DelayTime"]),
@@ -426,6 +434,12 @@ public async Task<EnrollmentResult> Enroll(string csr, string subject, Dictionar
     public async Task Ping()
     {
         Logger.MethodEntry();
+        if (!_enabled)
+        {
+            Logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping config validation and MSSL Client creation...");
+            Logger.MethodExit();
+            return;
+        }
         try
         {
             Logger.LogInformation("Ping reqeuest recieved");
@@ -443,6 +457,18 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
     {
         Logger = LogHandler.GetClassLogger(GetType());
         Logger.MethodEntry();
+
+        // Handle Enabled flag - could be bool or string
+        var enabledValue = connectionInfo["Enabled"];
+        bool isEnabled = enabledValue is bool ? (bool)enabledValue : bool.Parse((string)enabledValue);
+
+        if (!isEnabled)
+        {
+            Logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...");
+            Logger.MethodExit(LogLevel.Trace);
+            return;
+        }
+
         Config = new GlobalSignCAConfig
         {
             IsTest = bool.Parse((string)connectionInfo["TestAPI"]),
@@ -455,6 +481,7 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
             ORDER_TEST_URL = (string)connectionInfo["OrderAPITestURL"],
             QUERY_TEST_URL = (string)connectionInfo["QueryAPITestURL"],
             QUERY_PROD_URL = (string)connectionInfo["QueryAPIProdURL"],
+            Enabled = isEnabled,
             SyncStartDate = connectionInfo.TryGetValue("SyncStartDate", out object? value)
                 ? (string)value : string.Empty,
             SyncIntervalDays = connectionInfo.TryGetValue("SyncIntervalDays", out var val)
@@ -470,6 +497,17 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
 
     public Task ValidateProductInfo(EnrollmentProductInfo productInfo, Dictionary<string, object> connectionInfo)
     {
+        // Handle Enabled flag - could be bool or string
+        var enabledValue = connectionInfo["Enabled"];
+        bool isEnabled = enabledValue is bool ? (bool)enabledValue : bool.Parse((string)enabledValue);
+
+        if (!isEnabled)
+        {
+            Logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...");
+            Logger.MethodExit(LogLevel.Trace);
+            return Task.CompletedTask;
+        }
+
         Config = new GlobalSignCAConfig
         {
             IsTest = bool.Parse((string)connectionInfo["TestAPI"]),
@@ -482,6 +520,7 @@ public Task ValidateProductInfo(EnrollmentProductInfo productInfo, Dictionary<st
             ORDER_TEST_URL = (string)connectionInfo["OrderAPITestURL"],
             QUERY_TEST_URL = (string)connectionInfo["QueryAPITestURL"],
             QUERY_PROD_URL = (string)connectionInfo["QueryAPIProdURL"],
+            Enabled = isEnabled,
             SyncStartDate = connectionInfo.TryGetValue("SyncStartDate", out object? value)
                 ? (string)value : string.Empty,
             SyncIntervalDays = connectionInfo.TryGetValue("SyncIntervalDays", out var val)
@@ -592,6 +631,13 @@ public Dictionary<string, PropertyConfigInfo> GetCAConnectorAnnotations()
                 Hidden = false,
                 DefaultValue = "2000-01-01",
                 Type = "Integer"
+            },
+            [Constants.Enabled] = new()
+            {
+                Comments = "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available.",
+                Hidden = false,
+                DefaultValue = true,
+                Type = "Boolean"
             }
         };
     }

globalsign-mssl-caplugin/GlobalSignCAPlugin.cs

@@ -60,6 +60,10 @@
                 {
                     "name": "SyncStartDate",
                     "description": "If provided, full syncs will start at the specified date."
+                },
+                {
+                    "name": "Enabled",
+                    "description": "Flag to Enable or Disable gateway functionality. Disabling is primarily used to allow creation of the CA prior to configuration information being available."
                 }
             ],
             "enrollment_config": [