Merge pull request #2 from Keyfactor/release-1.0

Merge 1.0.0 to main

Author: fiddlermikey

.github/workflows/keyfactor-bootstrap-workflow.yml

@@ -0,0 +1,20 @@
+name: Keyfactor Bootstrap Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}

CHANGELOG.md

@@ -0,0 +1,9 @@
+- 1.0.0
+    - First production release of the GCP CAS AnyCA Gateway REST plugin that implements:
+        * CA Sync:
+            * Download all certificates issued by connected Enterprise tier CAs in GCP CAS (full sync).
+            * Download all certificates issued by connected Enterprise tier CAs in GCP CAS issued after a specified time (incremental sync).
+        * Certificate enrollment for all published GoDaddy Certificate SKUs:
+            * Support certificate enrollment (new keys/certificate).
+        * Certificate revocation:
+            * Request revocation of a previously issued certificate.

GCPCAS.Tests/GCPCAS.Tests.csproj

@@ -0,0 +1,32 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+
+    <IsPackable>false</IsPackable>
+    <IsTestProject>true</IsTestProject>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="coverlet.collector" Version="6.0.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+    <PackageReference Include="NLog.Extensions.Logging" Version="5.3.8" />
+    <PackageReference Include="xunit" Version="2.5.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\GCPCAS\GCPCAS.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+
+</Project>

GCPCAS.Tests/GCPCASClient.cs

@@ -0,0 +1,179 @@
+// Copyright 2024 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Collections.Concurrent;
+using Keyfactor.Extensions.CAPlugin.GCPCAS.Client;
+using Keyfactor.AnyGateway.Extensions;
+using Keyfactor.Logging;
+using Microsoft.Extensions.Logging;
+using NLog.Extensions.Logging;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using Keyfactor.PKI.Enums.EJBCA;
+using Keyfactor.Extensions.CAPlugin.GCPCAS;
+using Google.Cloud.Security.PrivateCA.V1;
+
+namespace Keyfactor.Extensions.CAPlugin.GCPCASTests;
+
+public class ClientTests
+{
+    ILogger _logger { get; set; }
+
+    public ClientTests()
+    {
+        ConfigureLogging();
+
+        _logger = LogHandler.GetClassLogger<ClientTests>();
+    }
+
+    [IntegrationTestingFact]
+    public void GCPCASClient_Integration_GetTemplates_ReturnSuccess()
+    {
+        // Arrange
+        IntegrationTestingFact env = new();
+
+        IGCPCASClient client = new GCPCASClient(env.LocationId, env.ProjectId, env.CAPool, env.CAId);
+        client.Enable();
+
+        // Act
+        List<string> templates = client.GetTemplates();
+        // There is never a case where there are zero templates - there's always the default "no template"
+        Assert.NotEmpty(templates);
+        _logger.LogInformation($"Found {templates.Count} templates: {string.Join(", ", templates)}");
+    }
+
+    [IntegrationTestingFact]
+    public void GCPCASClient_Integration_DownloadAllCertificates_ReturnSuccess()
+    {
+        // Arrange
+        IntegrationTestingFact env = new();
+
+        IGCPCASClient client = new GCPCASClient(env.LocationId, env.ProjectId, env.CAPool, env.CAId);
+        client.Enable();
+
+        BlockingCollection<AnyCAPluginCertificate> certificates = new();
+
+        // Act
+        int numberOfDownloadedCerts = client.DownloadAllIssuedCertificates(certificates, CancellationToken.None).Result;
+        _logger.LogInformation($"Number of downloaded certificates: {numberOfDownloadedCerts}");
+    }
+
+    [IntegrationTestingFact]
+    public void GCPCASClient_Integration_DownloadAllCertificatesAfter_ReturnSuccess()
+    {
+        // Arrange
+        IntegrationTestingFact env = new();
+
+        IGCPCASClient client = new GCPCASClient(env.LocationId, env.ProjectId, env.CAPool, env.CAId);
+        client.Enable();
+
+        BlockingCollection<AnyCAPluginCertificate> certificates = new();
+
+        DateTime after = DateTime.UtcNow.AddDays(-100);
+
+        // Act
+        int numberOfDownloadedCerts = client.DownloadAllIssuedCertificates(certificates, CancellationToken.None, after).Result;
+        _logger.LogInformation($"Number of downloaded certificates: {numberOfDownloadedCerts}");
+    }
+
+    [IntegrationTestingFact]
+    public void GCPCASClient_Integration_EnrollGetRevoke_ReturnSuccess()
+    {
+        // Arrange
+        IntegrationTestingFact env = new();
+
+        GCPCASClient client = new GCPCASClient(env.LocationId, env.ProjectId, env.CAPool, env.CAId);
+        client.Enable();
+
+        // Create a CSR
+        string subject = "CN=Test Subject";
+        string csrString = GenerateCSR(subject);
+
+        EnrollmentProductInfo productInfo = new EnrollmentProductInfo
+        {
+            ProductID = GCPCASPluginConfig.NoTemplateName,
+            ProductParameters = new Dictionary<string, string>
+            {
+                { GCPCASPluginConfig.EnrollmentParametersConstants.CertificateLifetimeDays, "200" }
+            }
+        };
+        ICreateCertificateRequestBuilder builder = new CreateCertificateRequestBuilder()
+            .WithCsr(csrString)
+            .WithEnrollmentProductInfo(productInfo);
+
+        // Act
+        _logger.LogInformation($"Enrolling test certificate with DN {subject} using GCP CAS CA called {env.CAId}");
+        EnrollmentResult enrollResult = client.Enroll(builder, CancellationToken.None).Result;
+
+        // Assert
+        Assert.Equal(enrollResult.Status, (int)EndEntityStatus.GENERATED);
+        Assert.NotNull(enrollResult.CARequestID);
+        _logger.LogInformation($"Certificate enrollment validated successfully");
+
+        // Act
+        _logger.LogInformation($"Downloading test certificate identified as {enrollResult.CARequestID} from GCP CAS CA called {env.CAId}");
+        AnyCAPluginCertificate downloadResult = client.DownloadCertificate(enrollResult.CARequestID).Result;
+
+        // Assert
+        Assert.Equal(enrollResult.Status, downloadResult.Status);
+        Assert.Equal(enrollResult.CARequestID, downloadResult.CARequestID);
+        Assert.Equal(enrollResult.Certificate, downloadResult.Certificate);
+        _logger.LogInformation($"Verified that the downloaded certificate identified as {downloadResult.CARequestID} is the same as the initially enrolled certificate");
+
+        // Act
+        _logger.LogInformation($"Revoking test certificate identified as {enrollResult.CARequestID} issued by GCP CAS CA called {env.CAId}");
+        client.RevokeCertificate(enrollResult.CARequestID, RevocationReason.CessationOfOperation).Wait();
+
+        _logger.LogInformation($"Downloading test certificate identified as {enrollResult.CARequestID} from GCP CAS CA called {env.CAId}");
+        downloadResult = client.DownloadCertificate(enrollResult.CARequestID).Result;
+
+        // Assert
+        Assert.Equal(enrollResult.CARequestID, downloadResult.CARequestID);
+        Assert.Equal(enrollResult.Certificate, downloadResult.Certificate);
+        Assert.Equal(downloadResult.Status, (int)EndEntityStatus.REVOKED);
+        // Cecession of Operation should be reason 5
+        Assert.Equal(downloadResult.RevocationReason, 5);
+
+        _logger.LogInformation("GCPCASClient_Integration_EnrollGetRevoke_ReturnSuccess was successful");
+    }
+
+    static void ConfigureLogging()
+    {
+        var config = new NLog.Config.LoggingConfiguration();
+
+        // Targets where to log to: File and Console
+        var logconsole = new NLog.Targets.ConsoleTarget("logconsole");
+        logconsole.Layout = @"${date:format=HH\:mm\:ss} ${logger} [${level}] - ${message}";
+
+        // Rules for mapping loggers to targets            
+        config.AddRule(NLog.LogLevel.Trace, NLog.LogLevel.Fatal, logconsole);
+
+        // Apply config           
+        NLog.LogManager.Configuration = config;
+
+        LogHandler.Factory = LoggerFactory.Create(builder =>
+                {
+                    builder.AddNLog();
+                });
+    }
+
+    static string GenerateCSR(string subject)
+    {
+        using RSA rsa = RSA.Create(2048);
+        X500DistinguishedName subjectName = new X500DistinguishedName(subject);
+        CertificateRequest csr = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+        return csr.CreateSigningRequestPem();
+    }
+}
+

GCPCAS.Tests/IntegrationTestingFact.cs

@@ -0,0 +1,36 @@
+// Copyright 2024 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace Keyfactor.Extensions.CAPlugin.GCPCASTests;
+
+public sealed class IntegrationTestingFact : FactAttribute
+{
+    public string ProjectId { get; private set; }
+    public string LocationId { get; private set; }
+    public string CAPool { get; private set; }
+    public string CAId { get; private set; }
+
+    public IntegrationTestingFact()
+    {
+        ProjectId = Environment.GetEnvironmentVariable("GCP_PROJECT_ID") ?? string.Empty;
+        LocationId = Environment.GetEnvironmentVariable("GCP_LOCATION_ID") ?? string.Empty;
+        CAPool = Environment.GetEnvironmentVariable("GCP_CAS_CAPOOL") ?? string.Empty;
+        CAId = Environment.GetEnvironmentVariable("GCP_CAS_CAID") ?? string.Empty;
+
+        if (string.IsNullOrEmpty(ProjectId) || string.IsNullOrEmpty(LocationId) || string.IsNullOrEmpty(CAPool) || string.IsNullOrEmpty(CAId))
+        {
+            Skip = "Integration testing environment variables are not set - Skipping test";
+        }
+    }
+}

GCPCAS.Tests/xunit.runner.json

@@ -0,0 +1,5 @@
+{
+    "$schema": "https://xunit.net/schema/current/xunit.runner.schema.json",
+    "parallelizeAssembly": false,
+    "parallelizeTestCollections": false
+}

GCPCAS.sln

@@ -1,28 +1,27 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.0.31903.59
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GCPCAS", "GCPCAS\GCPCAS.csproj", "{CD27873D-BA79-4DCC-BBC7-011325493516}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GCPCAS.Tests", "GCPCAS.Tests\GCPCAS.Tests.csproj", "{8E00E94A-1A16-4D21-B015-53277D6F6016}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{CD27873D-BA79-4DCC-BBC7-011325493516}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CD27873D-BA79-4DCC-BBC7-011325493516}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CD27873D-BA79-4DCC-BBC7-011325493516}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{CD27873D-BA79-4DCC-BBC7-011325493516}.Release|Any CPU.Build.0 = Release|Any CPU
-		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-EndGlobal
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GCPCAS", "GCPCAS\GCPCAS.csproj", "{CD27873D-BA79-4DCC-BBC7-011325493516}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GCPCAS.Tests", "GCPCAS.Tests\GCPCAS.Tests.csproj", "{8E00E94A-1A16-4D21-B015-53277D6F6016}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{CD27873D-BA79-4DCC-BBC7-011325493516}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CD27873D-BA79-4DCC-BBC7-011325493516}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CD27873D-BA79-4DCC-BBC7-011325493516}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CD27873D-BA79-4DCC-BBC7-011325493516}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8E00E94A-1A16-4D21-B015-53277D6F6016}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal