added additional logging for troubleshooting.

Author: joevanwanzeeleKF

hashicorp-vault-cagateway/Client/HashicorpVaultClient.cs

@@ -132,10 +132,12 @@ public async Task<CertResponse> GetCertificate(string certSerial)
             try
             {
                 var response = await _vaultHttp.GetAsync<CertResponse>($"cert/{certSerial}");
+                
                 logger.LogTrace($"successfully received a response for certificate with serial number: {certSerial}");
                 logger.LogTrace($"--response data--");
                 logger.LogTrace($"cert string: {response.Certificate}");
                 logger.LogTrace($"revocation time: {response.RevocationTime}");
+                
 
                 return response;
             }
@@ -193,7 +195,7 @@ public async Task<bool> PingServer()
         }
 
         /// <summary>
-        /// Retreives all serial numbers for issued certificates 
+        /// Retrieves all serial numbers for issued certificates 
         /// </summary>
         /// <returns>a list of the certificate serial number strings</returns>
         public async Task<List<string>> GetAllCertSerialNumbers()
@@ -251,7 +253,7 @@ public async Task<List<string>> GetRoleNamesAsync()
         }
 
         /// <summary>
-        /// Retreives the metadata for the certificate
+        /// Retrieves the metadata for the certificate
         /// </summary>
         /// <param name="certSerial"></param>
         /// <returns></returns>
@@ -279,7 +281,7 @@ public async Task<MetadataResponse> GetCertMetadata(string certSerial)
             }
             catch (Exception ex)
             { 
-                logger.LogError($"an error occurred when attempting to retreive the certificate metadata: {ex.Message}");
+                logger.LogError($"an error occurred when attempting to retrieve the certificate metadata: {ex.Message}");
                 throw;
             }            
             finally { logger.MethodExit(); }

hashicorp-vault-cagateway/Client/VaultHttp.cs

@@ -8,13 +8,15 @@
 using Keyfactor.Extensions.CAPlugin.HashicorpVault.APIProxy;
 using Keyfactor.Logging;
 using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
 using RestSharp;
 using RestSharp.Serializers.Json;
 using System;
 using System.Collections.Generic;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Threading.Tasks;
+using JsonSerializer = Newtonsoft.Json.JsonSerializer;
 
 namespace Keyfactor.Extensions.CAPlugin.HashicorpVault.Client
 {
@@ -35,13 +37,13 @@ public VaultHttp(string host, string mountPoint, string authToken, string nameSp
 
             _serializerOptions = new()
             {
-                DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingDefault,
+                DefaultIgnoreCondition = JsonIgnoreCondition.Never,
                 RespectNullableAnnotations = true,
                 PropertyNameCaseInsensitive = true,
-                PreferredObjectCreationHandling = JsonObjectCreationHandling.Replace,
+                PreferredObjectCreationHandling = JsonObjectCreationHandling.Replace                
             };
 
-            var restClientOptions = new RestClientOptions($"{host.TrimEnd('/')}/v1") { ThrowOnAnyError = true };
+            var restClientOptions = new RestClientOptions($"{host.TrimEnd('/')}/v1") { ThrowOnAnyError = true  };
             _restClient = new RestClient(restClientOptions, configureSerialization: s => s.UseSystemTextJson(_serializerOptions));
 
             _mountPoint = mountPoint.TrimStart('/').TrimEnd('/'); // remove leading and trailing slashes
@@ -69,19 +71,28 @@ public VaultHttp(string host, string mountPoint, string authToken, string nameSp
         public async Task<T> GetAsync<T>(string path, Dictionary<string, string> parameters = null)
         {
             logger.MethodEntry();
-            logger.LogTrace($"preparing to send GET request to {path} with parameters {JsonSerializer.Serialize(parameters)}");
-            logger.LogTrace($"will attempt to deserialize the response into a {typeof(T)}");
+            logger.LogTrace($"preparing to send GET request to {path} with parameters {JsonConvert.SerializeObject(parameters)}");
+            
             try
             {
                 var request = new RestRequest($"{_mountPoint}/{path}", Method.Get);
-                if (parameters != null) { request.AddJsonBody(parameters); }
-
-                var response = await _restClient.ExecuteGetAsync<T>(request);
+                if (parameters != null && parameters.Keys.Count > 0) { request.AddJsonBody(parameters); }
+                var response = await _restClient.ExecuteGetAsync(request);
+                
                 logger.LogTrace($"raw response: {response.Content}");
 
+                logger.LogTrace($"response status: {response.StatusCode}");
+
+                logger.LogTrace($"response error msg: {response.ErrorMessage}");
+
                 response.ThrowIfError();
+                if (string.IsNullOrEmpty(response.Content)) throw new Exception(response.ErrorMessage ?? "no content returned from Vault");
 
-                return response.Data;
+                logger.LogTrace($"deserializing the response into a {typeof(T)}");
+                var serialized = JsonConvert.DeserializeObject<T>(response.Content);
+
+                logger.LogTrace($"successfully deserialized the reponse");
+                return serialized;
             }
             catch (Exception ex)
             {
@@ -108,7 +119,7 @@ public async Task<T> PostAsync<T>(string path, dynamic parameters = default)
                 var request = new RestRequest(resourcePath, Method.Post);
                 if (parameters != null)
                 {
-                    string serializedParams = JsonSerializer.Serialize(parameters, _serializerOptions);
+                    string serializedParams = JsonConvert.SerializeObject(parameters);
                     logger.LogTrace($"serialized parameters (from {parameters.GetType()?.Name}): {serializedParams}");
                     request.AddJsonBody(serializedParams);
                 }
@@ -127,7 +138,7 @@ public async Task<T> PostAsync<T>(string path, dynamic parameters = default)
 
                 if (response.StatusCode == System.Net.HttpStatusCode.BadRequest)
                 {
-                    errorResponse = JsonSerializer.Deserialize<ErrorResponse>(response.Content!);
+                    errorResponse = JsonConvert.DeserializeObject<ErrorResponse>(response.Content ?? "no content");
                     string allErrors = "(Bad Request)";
                     if (errorResponse?.Errors.Count > 0)
                     {

hashicorp-vault-cagateway/HashicorpVaultCAConnector.cs

@@ -240,7 +240,7 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
             }
             catch (Exception ex)
             {
-                logger.LogError($"failed to retreive serial numbers: {LogHandler.FlattenException(ex)}");
+                logger.LogError($"failed to retrieve serial numbers: {LogHandler.FlattenException(ex)}");
                 throw;
             }
 
@@ -251,15 +251,15 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
                 CertResponse certFromVault = null;
                 var dbStatus = -1;
 
-                // first, retreive the details from Vault
+                // first, retrieve the details from Vault
                 try
                 {
                     logger.LogTrace($"Calling GetCertificate on our client, passing serial number: {certSerial}");
                     certFromVault = await _client.GetCertificate(certSerial);
                 }
                 catch (Exception ex)
                 {
-                    logger.LogError($"Failed to retreive details for certificate with serial number {certSerial} from Vault.  Errors: {LogHandler.FlattenException(ex)}");
+                    logger.LogError($"Failed to retrieve details for certificate with serial number {certSerial} from Vault.  Errors: {LogHandler.FlattenException(ex)}");
                     throw;
                 }
                 logger.LogTrace($"converting {certSerial} to database trackingId");
@@ -269,7 +269,7 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
                 // then, check for an existing local entry
                 try
                 {
-                    logger.LogTrace($"attempting to retreive status of cert with tracking id {trackingId} from the database");
+                    logger.LogTrace($"attempting to retrieve status of cert with tracking id {trackingId} from the database");
                     dbStatus = await _certificateDataReader.GetStatusByRequestID(trackingId);
                 }
                 catch
@@ -281,7 +281,7 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
                 {
                     logger.LogTrace($"adding cert with serial {trackingId} to the database.  fullsync is {fullSync}, and the certificate {(dbStatus == -1 ? "does not yet exist" : "already exists")} in the database.");
 
-                    logger.LogTrace("attempting to retreive the role name (productId) from the certificate metadata, if available");
+                    logger.LogTrace("attempting to retrieve the role name (productId) from the certificate metadata, if available");
 
                     var metaData = new MetadataResponse();
 
@@ -291,7 +291,7 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
                     }
                     catch (Exception) 
                     {
-                        logger.LogTrace("an error occurred when attempting to retreive the metadata, continuing..");
+                        logger.LogTrace("an error occurred when attempting to retrieve the metadata, continuing..");
                     }
 
                     var newCert = new AnyCAPluginCertificate
@@ -423,7 +423,7 @@ public async Task ValidateCAConnectionInfo(Dictionary<string, object> connection
 
             _client = new HashicorpVaultClient(config);
 
-            // attempt an authenticated request to retreive role names
+            // attempt an authenticated request to retrieve role names
             try
             {
                 logger.LogTrace("making an authenticated request to the Vault server to verify credentials (listing role names)..");

hashicorp-vault-cagateway/hashicorp-vault-caplugin.csproj

@@ -37,6 +37,7 @@
 		<PackageReference Include="Keyfactor.AnyGateway.IAnyCAPlugin" Version="3.0.0" />
 		<PackageReference Include="Keyfactor.Logging" Version="1.1.2" />
 		<PackageReference Include="Keyfactor.PKI" Version="5.5.0" />
+		<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
 		<PackageReference Include="RestSharp" Version="112.1.0" />
 		<PackageReference Include="System.Formats.Asn1" Version="9.0.0" />
 		<PackageReference Include="System.Net.Http.WinHttpHandler" Version="9.0.0" />

readme_source.md

@@ -95,7 +95,7 @@ Certificates issued for the Hashicorp Vault CA from within the Keyfactor Command
     1. Create an entry for each of the PKI secrets engine roles you would like to use for issuing certificates from the Hashicorp Vault CA.          
     1. Navigate to the "Certificate Authorities" tab and click "Edit"
     1. In the "Edit CA" window, navigate to the "Templates" tab.
-    1. Create an association between each of the certificate profiles we just created with the PKI secrets engine roles retreived from Vault.
+    1. Create an association between each of the certificate profiles we just created with the PKI secrets engine roles retrieved from Vault.
 
 ### Configure the CA in Keyfactor Command