Merge pull request #37 from Keyfactor/dev-2.1

Dev 2.1

Author: spbsoluble

CHANGELOG.md

@@ -15,4 +15,9 @@
 * Add configuration flag to support adding client auth EKU to ssl cert requests  
 	* NOTE: This is a temporary feature which is planned for loss of support by Digicert in May 2026   
 * For smime certs, use profile type defined on the product as the default if not supplied, rather than just defaulting to 'strict'  
-* Hotfix for data type conversion  
+* Hotfix for data type conversion  
+
+### 2.1.2  
+* Hotfix for incremental sync to default to a 6 day window if no previous incremental sync has run  
+* Workaround for DigiCert API issue where retrieving the PEM data of multiple certificates in the same order can occasionally return duplicate data rather than the correct cert  
+* Remove caching of product ID lookups from DigiCert account  

digicert-certcentral-caplugin/CertCentralCAPlugin.cs

@@ -615,7 +615,7 @@ public Dictionary<string, PropertyConfigInfo> GetTemplateParameterAnnotations()
 				{
 					Comments = "Optional for secure_email_* types, ignored otherwise. Valid values are: strict, multipurpose. Use 'multipurpose' if your cert includes any additional EKUs such as client auth. Default if not provided is dependent on product configuration within Digicert portal.",
 					Hidden = false,
-					DefaultValue = "strict",
+					DefaultValue = "",
 					Type = "String"
 				},
 				[CertCentralConstants.Config.FIRST_NAME] = new PropertyConfigInfo()
@@ -760,8 +760,14 @@ public async Task Synchronize(BlockingCollection<AnyCAPluginCertificate> blockin
 		{
 			_logger.MethodEntry(LogLevel.Trace);
 
-			lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.MinValue; // DigiCert issue with treating the timezone as mountain time. -7 to accomodate DST
+			// DigiCert issue with treating the timezone as mountain time. -7 hours to accomodate DST
+			// If no last sync, use a 6 day window for the sync range (only relevant for incremental syncs)
+			lastSync = lastSync.HasValue ? lastSync.Value.AddHours(-7) : DateTime.UtcNow.AddDays(-5); 
 			DateTime? utcDate = DateTime.UtcNow.AddDays(1);
+			if ((utcDate.Value - lastSync.Value).Days > 6)
+			{
+				lastSync = DateTime.UtcNow.AddDays(-5);
+			}
 			string lastSyncFormat = FormatSyncDate(lastSync);
 			string todaySyncFormat = FormatSyncDate(utcDate);
 
@@ -1557,6 +1563,7 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque
 			var orderCerts = GetAllCertsForOrder(orderId);
 
 			List<AnyCAPluginCertificate> certList = new List<AnyCAPluginCertificate>();
+			List<string> pemList = new List<string>();
 
 			foreach (var cert in orderCerts)
 			{
@@ -1578,6 +1585,13 @@ private List<AnyCAPluginCertificate> GetAllConnectorCertsForOrder(string caReque
 							throw new Exception($"Unexpected error downloading certificate {certId} for order {orderId}: {certificateChainResponse.Errors.FirstOrDefault()?.message}");
 						}
 					}
+					//Another check for duplicate PEMs to get arround issue with DigiCert API returning incorrect data sometimes on reissued/duplicate certs
+					if (pemList.Contains(certificate))
+					{
+						_logger.LogWarning($"Found duplicate PEM for ID {caReqId}. Skipping...");
+						continue;
+					}
+					pemList.Add(certificate);
 					var connCert = new AnyCAPluginCertificate
 					{
 						CARequestID = caReqId,

digicert-certcentral-caplugin/Models/CertCentralCertType.cs

@@ -16,7 +16,6 @@ public class CertCentralCertType
         #region Private Fields
 
         private static readonly ILogger Logger = LogHandler.GetClassLogger<CertCentralCertType>();
-        private static List<CertCentralCertType> _allTypes;
 
         #endregion Private Fields
 
@@ -62,12 +61,7 @@ public class CertCentralCertType
 		/// <returns></returns>
 		public static List<CertCentralCertType> GetAllTypes(CertCentralConfig config)
         {
-            if (_allTypes == null || !_allTypes.Any())
-            {
-                _allTypes = RetrieveCertCentralCertTypes(config);
-            }
-
-            return _allTypes;
+			return RetrieveCertCentralCertTypes(config);
         }
 
         /// <summary>

digicert-certcentral-caplugin/digicert-certcentral-caplugin.csproj

@@ -6,8 +6,8 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>disable</Nullable>
     <AssemblyName>DigicertCAPlugin</AssemblyName>
-    <AssemblyVersion>2.1.1</AssemblyVersion>
-    <FileVersion>2.1.1</FileVersion>
+    <AssemblyVersion>2.1.2</AssemblyVersion>
+    <FileVersion>2.1.2</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>