Dev 2.1

CHANGELOG.md

@@ -15,4 +15,9 @@
 * Add configuration flag to support adding client auth EKU to ssl cert requests  
 	* NOTE: This is a temporary feature which is planned for loss of support by Digicert in May 2026   
 * For smime certs, use profile type defined on the product as the default if not supplied, rather than just defaulting to 'strict'  
-* Hotfix for data type conversion  
+* Hotfix for data type conversion  
+
+### 2.1.2  
+* Hotfix for incremental sync to default to a 6 day window if no previous incremental sync has run  
+* Workaround for DigiCert API issue where retrieving the PEM data of multiple certificates in the same order can occasionally return duplicate data rather than the correct cert  
+* Remove caching of product ID lookups from DigiCert account  

digicert-certcentral-caplugin/CertCentralCAPlugin.cs

@@ -497,11 +497,11 @@
 		/// </summary>
 		/// <param name="caRequestID">The gateway request ID of the record to retrieve, in the format 'orderID-certID'</param>
 		/// <returns></returns>
 		public async Task<AnyCAPluginCertificate> GetSingleRecord(string caRequestID)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			// Split ca request id into order and cert id
 			string[] idParts = caRequestID.Split('-');
 			int orderId = Int32.Parse(idParts.First());
 			string certId = idParts.Last();
 			int certIdInt = Int32.Parse(certId);
@@ -615,7 +615,7 @@
 				{
 					Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",
 					Hidden = false,
-					DefaultValue = "strict",
+					DefaultValue = "",
 					Type = "String"
 				},
 				[CertCentralConstants.Config.FIRST_NAME] = new PropertyConfigInfo()
@@ -654,11 +654,11 @@
 		/// </summary>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task Ping()
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			if (!_config.Enabled)
 			{
 				_logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping connectivity test...");
 				_logger.MethodExit(LogLevel.Trace);
 				return;
@@ -696,11 +696,11 @@
 		/// <returns></returns>
 		/// <exception cref="COMException"></exception>
 		/// <exception cref="Exception"></exception>
 		public async Task<int> Revoke(string caRequestID, string hexSerialNumber, uint revocationReason)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			int orderId = Int32.Parse(caRequestID.Substring(0, caRequestID.IndexOf('-')));
 			int certId = Int32.Parse(caRequestID.Substring(caRequestID.IndexOf('-') + 1));
 			CertCentralClient client = CertCentralClientUtilities.BuildCertCentralClient(_config);
 			ViewCertificateOrderResponse orderResponse = client.ViewCertificateOrder(new ViewCertificateOrderRequest((uint)orderId));
 			if (orderResponse.Status == CertCentralBaseResponse.StatusType.ERROR || orderResponse.status.ToLower() != "issued")
@@ -756,12 +756,18 @@
 		/// <param name="cancelToken"></param>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockingBuffer, DateTime? lastSync, bool fullSync, CancellationToken cancelToken)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 
-			lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.MinValue; // DigiCert issue with treating the timezone as mountain time. -7 to accomodate DST
+			// DigiCert issue with treating the timezone as mountain time. -7 hours to accomodate DST
+			// If no last sync, use a 6 day window for the sync range (only relevant for incremental syncs)
+			lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-5); 
 			DateTime? utcDate = DateTime.UtcNow.AddDays(1);
+			if ((utcDate.Value - lastSync.Value).Days > 6)
+			{
+				lastSync = DateTime.UtcNow.AddDays(-5);
+			}
 			string lastSyncFormat = FormatSyncDate(lastSync);
 			string todaySyncFormat = FormatSyncDate(utcDate);
 
@@ -926,11 +932,11 @@
 		/// </summary>
 		/// <param name="connectionInfo"></param>
 		/// <returns></returns>
 		public async Task ValidateCAConnectionInfo(Dictionary<string, object> connectionInfo)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			try
 			{
 				if (!(bool)connectionInfo[CertCentralConstants.Config.ENABLED])
 				{
 					_logger.LogWarning($"The CA is currently in the Disabled state. It must be Enabled to perform operations. Skipping validation...");
@@ -997,11 +1003,11 @@
 		/// <param name="connectionInfo"></param>
 		/// <returns></returns>
 		/// <exception cref="Exception"></exception>
 		public async Task ValidateProductInfo(EnrollmentProductInfo productInfo, Dictionary<string, object> connectionInfo)
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 			// Set up.
 			string productId = productInfo.ProductID;
 			string apiKey = (string)connectionInfo[CertCentralConstants.Config.APIKEY];
 			string region = "US";
 			if (connectionInfo.ContainsKey(CertCentralConstants.Config.REGION))
@@ -1557,6 +1563,7 @@
 			var orderCerts = GetAllCertsForOrder(orderId);
 
 			List<AnyCAPluginCertificate> certList = new List<AnyCAPluginCertificate>();
+			List<string> pemList = new List<string>();
 
 			foreach (var cert in orderCerts)
 			{
@@ -1578,6 +1585,13 @@
 							throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}");
 						}
 					}
+					//Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs
+					if (pemList.Contains(certificate))
+					{
+						_logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping...");
+						continue;
+					}
+					pemList.Add(certificate);
 					var connCert = new AnyCAPluginCertificate
 					{
 						CARequestID = caReqId,

digicert-certcentral-caplugin/Models/CertCentralCertType.cs

@@ -16,7 +16,6 @@ public class CertCentralCertType
         #region Private Fields
 
         private static readonly ILogger Logger = LogHandler.GetClassLogger<CertCentralCertType>();
-        private static List<CertCentralCertType> _allTypes;
 
         #endregion Private Fields
 
@@ -62,12 +61,7 @@ public class CertCentralCertType
 		/// <returns></returns>
 		public static List<CertCentralCertType> GetAllTypes(CertCentralConfig config)
         {
-            if (_allTypes == null || !_allTypes.Any())
-            {
-                _allTypes = RetrieveCertCentralCertTypes(config);
-            }
-
-            return _allTypes;
+			return RetrieveCertCentralCertTypes(config);
         }
 
         /// <summary>

digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj

@@ -6,8 +6,8 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>disable</Nullable>
     <AssemblyName>DigicertCAPlugin</AssemblyName>
-    <AssemblyVersion>2.1.1</AssemblyVersion>
-    <FileVersion>2.1.1</FileVersion>
+    <AssemblyVersion>2.1.2</AssemblyVersion>
+    <FileVersion>2.1.2</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>