Dev 2.1 #32
Merged
Dev 2.1 #32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
Introduce v2.1.1 changes to the DigiCert CertCentral CA plugin, adding an option to include the Client Auth EKU for SSL requests and refining S/MIME profile handling.
- Add IncludeClientAuthEKU template parameter and map it to DigiCert profile_option for SSL orders
- For S/MIME, only set ProfileType when provided; otherwise rely on product default
- Version bump to 2.1.1, minor data type conversion fix, and documentation updates
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| integration-manifest.json | Adds IncludeClientAuthEKU parameter and updates ProfileType description to clarify defaults and multipurpose use. |
| digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj | Bumps AssemblyVersion/FileVersion to 2.1.1. |
| digicert-certcentral-caplugin/Constants.cs | Adds constant for IncludeClientAuthEKU. |
| digicert-certcentral-caplugin/CertCentralCAPlugin.cs | Implements IncludeClientAuthEKU behavior, refines S/MIME profile handling, and improves division ID parsing. |
| digicert-certcentral-caplugin/API/OrderCertificate.cs | Adds ProfileOption field serialized as profile_option. |
| README.md | Documents IncludeClientAuthEKU and updates ProfileType guidance. |
| CHANGELOG.md | Adds 2.1.1 entry describing new flag, S/MIME default behavior, and hotfix. |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Comment on lines
+297
to
+298
| if (typeOfCert.Equals("ssl") && Convert.ToBoolean(productInfo.ProductParameters[CertCentralConstants.Config.INCLUDE_CLIENT_AUTH])) | ||
| { |
There was a problem hiding this comment.
This indexer will throw if the INCLUDE_CLIENT_AUTH key is not present in ProductParameters, and the comparison to 'ssl' is case-sensitive. Guard the lookup and use a case-insensitive comparison, e.g., string.Equals(typeOfCert, "ssl", StringComparison.OrdinalIgnoreCase) and compute includeClientAuth via TryGetValue/Convert.ToBoolean with a false default.
Suggested change
| if (typeOfCert.Equals("ssl") && Convert.ToBoolean(productInfo.ProductParameters[CertCentralConstants.Config.INCLUDE_CLIENT_AUTH])) | |
| { | |
| bool includeClientAuth = false; | |
| if (productInfo.ProductParameters.TryGetValue(CertCentralConstants.Config.INCLUDE_CLIENT_AUTH, out var includeClientAuthValue) && !string.IsNullOrEmpty(includeClientAuthValue)) | |
| { | |
| includeClientAuth = Convert.ToBoolean(includeClientAuthValue); | |
| } | |
| if (string.Equals(typeOfCert, "ssl", StringComparison.OrdinalIgnoreCase) && includeClientAuth) | |
| { |
|
|
||
| if (typeOfCert.Equals("ssl") && Convert.ToBoolean(productInfo.ProductParameters[CertCentralConstants.Config.INCLUDE_CLIENT_AUTH])) | ||
| { | ||
| orderRequest.Certificate.ProfileOption = "server_client_auth_eku"; |
There was a problem hiding this comment.
Avoid the magic string for the profile option; define a named constant (e.g., CertCentralConstants.ProfileOptions.ServerClientAuthEku) to prevent typos and ease reuse.
Suggested change
| orderRequest.Certificate.ProfileOption = "server_client_auth_eku"; | |
| orderRequest.Certificate.ProfileOption = CertCentralConstants.ProfileOptions.ServerClientAuthEku; |
| [CertCentralConstants.Config.PROFILE_TYPE] = new PropertyConfigInfo() | ||
| { | ||
| Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict.", | ||
| Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.", |
There was a problem hiding this comment.
Standardize vendor capitalization to 'DigiCert'.
Suggested change
| Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.", | |
| Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within DigiCert portal.", |
| * **EnrollDivisionId** - OPTIONAL: The division (container) ID to use for enrollments against this template. | ||
| * **CommonNameIndicator** - Required for secure_email_sponsor and secure_email_organization products, ignored otherwise. Defines the source of the common name. Valid values are: email_address, given_name_surname, pseudonym, organization_name | ||
| * **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Default value is strict. | ||
| * **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal. |
There was a problem hiding this comment.
Standardize vendor capitalization to 'DigiCert'.
Suggested change
| * **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal. | |
| * **ProfileType** - Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within DigiCert portal. |
|
|
||
| ### 2.1.1 | ||
| * Add configuration flag to support adding client auth EKU to ssl cert requests | ||
| * NOTE: This is a temporary feature which is planned for loss of support by Digicert in May 2026 |
There was a problem hiding this comment.
Standardize vendor capitalization to 'DigiCert'.
Suggested change
| * NOTE: This is a temporary feature which is planned for loss of support by Digicert in May 2026 | |
| * NOTE: This is a temporary feature which is planned for loss of support by DigiCert in May 2026 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.