Merge 1.1.0 to main

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -11,19 +11,10 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v4
-    permissions:
-      contents: write  # Explicitly grant write permission
-    with:
-      command_token_url: ${{ vars.COMMAND_TOKEN_URL }}
-      command_hostname: ${{ vars.COMMAND_HOSTNAME }}
-      command_base_api_path: ${{ vars.COMMAND_API_PATH }}
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
       scan_token: ${{ secrets.SAST_TOKEN }}
-      entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }}
-      entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }}
-      command_client_id: ${{ secrets.COMMAND_CLIENT_ID }}
-      command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }}

CHANGELOG.md

@@ -1,2 +1,5 @@
 v1.0
--Initial Release.
+-Initial Release.  
+
+1.1  
+Remove retry logic around reissue pickups

globalsign-mssl-caplugin/Client/GlobalSignApiClient.cs

@@ -21,7 +21,7 @@
     public ManagedSSLV2 OrderService;
     public GASV1 QueryService;
 
     public GlobalSignApiClient(GlobalSignCAConfig config, ILogger logger)
     {
         Logger = logger;
         Config = config;
@@ -157,64 +157,63 @@
             }
         };
 
-        var retryCounter = 0;
-        while (retryCounter <= Config.PickupRetries)
+        var wrapper = new GetOrderByOrderID(request);
+        var responseWrapper = await QueryService.GetOrderByOrderIDAsync(wrapper);
+        var response = responseWrapper.Response;
+
+        if (response.OrderResponseHeader.SuccessCode == 0)
         {
-            var wrapper = new GetOrderByOrderID(request);
-            var responseWrapper = await QueryService.GetOrderByOrderIDAsync(wrapper);
-            var response = responseWrapper.Response;
+            Logger.LogDebug($"Order with order ID {caRequestId} successfully picked up");
+            var orderStatus = (GlobalSignOrderStatus)Enum.Parse(
+                typeof(GlobalSignOrderStatus),
+                response.OrderDetail.CertificateInfo.CertificateStatus);
 
-            if (response.OrderResponseHeader.SuccessCode == 0)
+            if (orderStatus == GlobalSignOrderStatus.Issued)
             {
-                Logger.LogDebug($"Order with order ID {caRequestId} successfully picked up");
-                var orderStatus = (GlobalSignOrderStatus)Enum.Parse(
-                    typeof(GlobalSignOrderStatus),
-                    response.OrderDetail.CertificateInfo.CertificateStatus);
-
-                if (orderStatus == GlobalSignOrderStatus.Issued)
+                var orderDate = DateTime.TryParse(
+                    response.OrderDetail.OrderInfo.OrderDate,
+                    out var od)
+                    ? od
+                    : (DateTime?)null;
+                var completeDate = DateTime.TryParse(
+                    response.OrderDetail.OrderInfo.OrderCompleteDate,
+                    out var cd)
+                    ? cd
+                    : (DateTime?)null;
+                var deactivateDate = DateTime.TryParse(
+                    response.OrderDetail.OrderInfo.OrderDeactivatedDate,
+                    out var de)
+                    ? de
+                    : (DateTime?)null;
+
+                Logger.MethodExit();
+                return new AnyCAPluginCertificate
                 {
-                    var orderDate = DateTime.TryParse(
-                        response.OrderDetail.OrderInfo.OrderDate,
-                        out var od)
-                        ? od
-                        : (DateTime?)null;
-                    var completeDate = DateTime.TryParse(
-                        response.OrderDetail.OrderInfo.OrderCompleteDate,
-                        out var cd)
-                        ? cd
-                        : (DateTime?)null;
-                    var deactivateDate = DateTime.TryParse(
-                        response.OrderDetail.OrderInfo.OrderDeactivatedDate,
-                        out var de)
-                        ? de
-                        : (DateTime?)null;
-
-                    Logger.MethodExit();
-                    return new AnyCAPluginCertificate
-                    {
-                        CARequestID = caRequestId,
-                        ProductID = response.OrderDetail.OrderInfo.ProductCode,
-                        Status = OrderStatus.ConvertToKeyfactorStatus(orderStatus),
-                        CSR = response.OrderDetail.Fulfillment.OriginalCSR,
-                        Certificate = response.OrderDetail.Fulfillment.ServerCertificate.X509Cert,
-                        RevocationReason = 0,
-                        RevocationDate = orderStatus == GlobalSignOrderStatus.Revoked ? deactivateDate : null
-                    };
-                }
+                    CARequestID = caRequestId,
+                    ProductID = response.OrderDetail.OrderInfo.ProductCode,
+                    Status = OrderStatus.ConvertToKeyfactorStatus(orderStatus),
+                    CSR = response.OrderDetail.Fulfillment.OriginalCSR,
+                    Certificate = response.OrderDetail.Fulfillment.ServerCertificate.X509Cert,
+                    RevocationReason = 0,
+                    RevocationDate = orderStatus == GlobalSignOrderStatus.Revoked ? deactivateDate : null
+                };
             }
-
-            retryCounter++;
-            Logger.LogDebug(
-                $"Pickup certificate failed for order ID {caRequestId}. Attempt {retryCounter} of {Config.PickupRetries}.{(retryCounter < Config.PickupRetries ? " Retrying..." : string.Empty)}");
-            await Task.Delay(TimeSpan.FromSeconds(Config.PickupDelay));
         }
 
+        Logger.LogInformation(
+            $"Certificate for order ID {caRequestId} was not immediately available. Once issued, it should be picked up by the next gateway sync.");
+
+
         var gsError = GlobalSignErrorIndex.GetGlobalSignError(-9916);
         var errorMsg =
             "Unable to pickup certificate during configured pickup window. Check for required approvals in GlobalSign portal. This can also be caused by a delay with GlobalSign, in which case the certificate will get picked up by a future sync";
         Logger.LogError(errorMsg);
         Logger.LogError(gsError.DetailedMessage);
-        throw new Exception(errorMsg);
+		return new AnyCAPluginCertificate()
+		{
+			CARequestID = caRequestId,
+			Status = (int)EndEntityStatus.INPROCESS                 
+		};
     }
 
     public async Task<List<GetDomainsDomainDetail>> GetDomains()
@@ -418,6 +417,15 @@
 
             // Pick up the certificate after reissue
             var pickupResponse = await PickupCertificateById(response.OrderID);
+
+			if (pickupResponse.Status == (int)EndEntityStatus.INPROCESS)
+			{
+				return new EnrollmentResult
+				{
+					CARequestID = response.OrderID,
+					Status = (int)EndEntityStatus.INPROCESS
+				};
+			}
             var cert = CertificateConverterFactory.FromPEM(pickupResponse.Certificate).ToX509Certificate2();
 
             // If newly generated or serial differs, return success