Merge pull request #19 from Keyfactor/orgdetails

fix for org detail lookup to verify cert configurations
Keyfactor · Jul 12, 2022 · 0c058e1 · 0c058e1
2 parents 6d5a88b + a5581aa
commit 0c058e1
Show file tree

Hide file tree

Showing 6 changed files with 521 additions and 438 deletions.
diff --git a/README.md.tpl b/README.md.tpl
@@ -10,7 +10,7 @@
     * Certificates will only syncronize once.  If a certificate is found based on Serial Number for the managed CA it will be skipped for subsequent syncs to minimize impact on Cert Manager API load
 
 * SSL Certificate Enrollment
-   * Note about organizations.  The organization for enrollment is currently selected dynamically based on Organization and/or Org Unit of the CSR.  If a top level Organization is found and is able to issue certs, that organization ID is passed with the enrollment request.  If the Organization does not have any certificate types assigned, it will look for a department based on the OU name. If no matches are found the enrollment will fail as this is a required field for Sectigo. 
+   * Note about organizations.  The organization for enrollment is selected based on the Organization subject field, as well as any Department specified in the template configuration. If a department is specified, and that department exists within the organization and is valid for issuing certs, the department ID will be used. If no department is specified, the organization ID will be used if the organization is valid for issuing certs. If the organization/department are not valid for issuing certs, the enrollment will fail, as that is a required field for Sectigo.
 * SSL Certificate Revocation
 
 ### Not Implemented/Supported

diff --git a/src/SectigoCAProxy/API/ListOrganizationsResponse.cs b/src/SectigoCAProxy/API/ListOrganizationsResponse.cs
@@ -1,37 +1,35 @@
-// Copyright 2021 Keyfactor
-// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
-// and limitations under the License.
+// Copyright 2021 Keyfactor
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+// and limitations under the License.
 using Newtonsoft.Json;
-using Newtonsoft.Json.Converters;
+using Newtonsoft.Json.Converters;
+
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 
 namespace Keyfactor.AnyGateway.Sectigo.API
-{
-    public class ListOrganizationsResponse
-    {
-        public List<Organization> Organizations { get; set; }
-    }
-
-    public class Organization
-    {
-        public int id { get; set; }
-        public string name { get; set; }
-        public List<CertificateType> certTypes { get; set; }
-        public List<Department> departments { get; set; }
-    }
-
-    public class Department
-    {
-        public int id { get; set; }
-        public string name { get; set; }
-        public List<CertificateType> certTypes { get; set; }
-    }
-
-}
+{
+	public class ListOrganizationsResponse
+	{
+		public List<Organization> Organizations { get; set; }
+	}
+
+	public class Organization
+	{
+		public int id { get; set; }
+		public string name { get; set; }
+		public List<Department> departments { get; set; }
+	}
+
+	public class Department
+	{
+		public int id { get; set; }
+		public string name { get; set; }
+	}
+}
diff --git a/src/SectigoCAProxy/API/OrganizationDetailsResponse.cs b/src/SectigoCAProxy/API/OrganizationDetailsResponse.cs
@@ -0,0 +1,29 @@
+// Copyright 2021 Keyfactor
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+// and limitations under the License.
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Keyfactor.AnyGateway.Sectigo.API
+{
+	public class OrganizationDetailsResponse
+	{
+		[JsonProperty("id")]
+		public int Id { get; set; }
+
+		[JsonProperty("name")]
+		public string Name { get; set; }
+
+		[JsonProperty("certTypes")]
+		public List<string> CertTypes { get; set; }
+	}
+}