Skip to content

fixed sans issue passed to extension data#23

Merged
indrora merged 3 commits into
release-1.3from
100sansfix2
Apr 1, 2026
Merged

fixed sans issue passed to extension data#23
indrora merged 3 commits into
release-1.3from
100sansfix2

Conversation

@bhillkeyfactor

Copy link
Copy Markdown
Contributor

No description provided.

@bhillkeyfactor bhillkeyfactor requested a review from indrora March 4, 2026 17:56
@indrora indrora merged commit c27dce9 into release-1.3 Apr 1, 2026
19 checks passed
indrora added a commit that referenced this pull request Apr 2, 2026
* chore: Update integration-manifest.json (#16)

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.3.0

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* fixed sans issue passed to extension data (#23)

* fixed sans issue passed to extension data

* fixed change log

---------

Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
indrora added a commit that referenced this pull request Jun 29, 2026
* chore: Update integration-manifest.json

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.3.1 to main


Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.3.2 to main (#24)

* chore: Update integration-manifest.json (#16)

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.3.0

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* fixed sans issue passed to extension data (#23)

* fixed sans issue passed to extension data

* fixed change log

---------

Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Add FlowLogger and sync diagnostics for certificate metadata troubleshooting

Port the FlowLogger workflow-tracing utility from the cscglobal-caplugin
200dayfixes branch and wire it into the plugin's Synchronize, Enroll, and
GetSingleRecord operations to render step-by-step, timed flow diagrams to
Trace logs.

Add [SYNC-DIAG] instrumentation in GCPCASClient that, for every certificate
handed to the AnyCA Gateway during sync, parses the PEM content and logs the
fingerprint (thumbprint), NotBefore (as epoch ms), NotAfter, serial number,
and subject - i.e. the exact metadata the Gateway must surface to Command on
/v2/certificate/search and that the incremental sync gates on. Records whose
content is null/empty or unparseable are flagged, pinpointing whether empty
fingerprint / notBefore=0 values originate in the plugin.

* Add net10.0 to target frameworks

* Skip certs with gateway-unparseable subjects during sync

During Synchronize, mirror the subject parsing the AnyCA Gateway performs
when building its /v2/certificate/search response
(new X509Name(true, netCert.Subject)). That call throws on subjects
BouncyCastle cannot re-parse from .NET's string representation, which returns
a 500 for the entire search page and aborts Command's CA sync.

GatewayCanParseSubject runs the same parse on each certificate before it is
added to the sync buffer. Certificates that would throw are skipped with a
[SYNC-SKIP] warning and counted, so a single unparseable subject never lands
in the gateway database and can never break the downstream Command sync. The
gateway-side fix (try/catch or reading the subject from DER) will be handled
separately.

* update changelog

---------

Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>
Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
indrora added a commit that referenced this pull request Jun 29, 2026
* chore: Update integration-manifest.json (#16)

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.3.0

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* fixed sans issue passed to extension data (#23)

* fixed sans issue passed to extension data

* fixed change log

---------

Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>

* 200dayfixes (#25)

* chore: Update integration-manifest.json

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.3.1 to main


Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.3.2 to main (#24)

* chore: Update integration-manifest.json (#16)

* Update integration-manifest.json

* Update generated docs

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.3.0

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* fixed sans issue passed to extension data (#23)

* fixed sans issue passed to extension data

* fixed change log

---------

Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Add FlowLogger and sync diagnostics for certificate metadata troubleshooting

Port the FlowLogger workflow-tracing utility from the cscglobal-caplugin
200dayfixes branch and wire it into the plugin's Synchronize, Enroll, and
GetSingleRecord operations to render step-by-step, timed flow diagrams to
Trace logs.

Add [SYNC-DIAG] instrumentation in GCPCASClient that, for every certificate
handed to the AnyCA Gateway during sync, parses the PEM content and logs the
fingerprint (thumbprint), NotBefore (as epoch ms), NotAfter, serial number,
and subject - i.e. the exact metadata the Gateway must surface to Command on
/v2/certificate/search and that the incremental sync gates on. Records whose
content is null/empty or unparseable are flagged, pinpointing whether empty
fingerprint / notBefore=0 values originate in the plugin.

* Add net10.0 to target frameworks

* Skip certs with gateway-unparseable subjects during sync

During Synchronize, mirror the subject parsing the AnyCA Gateway performs
when building its /v2/certificate/search response
(new X509Name(true, netCert.Subject)). That call throws on subjects
BouncyCastle cannot re-parse from .NET's string representation, which returns
a 500 for the entire search page and aborts Command's CA sync.

GatewayCanParseSubject runs the same parse on each certificate before it is
added to the sync buffer. Certificates that would throw are skipped with a
[SYNC-SKIP] warning and counted, so a single unparseable subject never lands
in the gateway database and can never break the downstream Command sync. The
gateway-side fix (try/catch or reading the subject from DER) will be handled
separately.

* update changelog

---------

Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>
Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Sean <1661003+spbsoluble@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants