Merge 1bc7e47 into 0fd1a96

Author: spbsoluble

v3/api/certificate.go

@@ -196,6 +196,7 @@ func (c *Client) DownloadCertificate(
 	thumbprint string,
 	serialNumber string,
 	issuerDn string,
+	collectionId int,
 ) (*x509.Certificate, []*x509.Certificate, error) {
 	log.Println("[INFO] Downloading certificate")
 
@@ -228,6 +229,19 @@ func (c *Client) DownloadCertificate(
 		ChainOrder:   "EndEntityFirst",
 	}
 
+	query := apiQuery{
+		Query: []StringTuple{},
+	}
+	if collectionId > 0 {
+		log.Println("[DEBUG] RecoverCertificate: Collection ID:", collectionId)
+		query.Query = append(
+			query.Query, StringTuple{
+				"collectionId", fmt.Sprintf("%d", collectionId),
+			},
+		)
+		log.Println("[DEBUG] RecoverCertificate: Query:", query)
+	}
+
 	// Set Keyfactor-specific headers
 	headers := &apiHeaders{
 		Headers: []StringTuple{
@@ -242,6 +256,7 @@ func (c *Client) DownloadCertificate(
 		Endpoint: "Certificates/Download",
 		Headers:  headers,
 		Payload:  payload,
+		Query:    &query,
 	}
 
 	resp, err := c.sendRequest(keyfactorAPIStruct)
@@ -754,30 +769,39 @@ func createSubject(cs CertificateSubject) (string, error) {
 	var subject string
 
 	if cs.SubjectCommonName != "" && cs.SubjectCommonName != "<null>" {
-		subject = "CN=" + cs.SubjectCommonName + ","
+		subject = "CN=" + escapeDNValue(cs.SubjectCommonName) + ","
 	} else {
 		return "", errors.New("build subject: common name required") // Common name is required!
 	}
 	if cs.SubjectOrganizationalUnit != "" && cs.SubjectOrganizationalUnit != "<null>" {
-		subject += "OU=" + cs.SubjectOrganizationalUnit + ","
+		subject += "OU=" + escapeDNValue(cs.SubjectOrganizationalUnit) + ","
 	}
 	if cs.SubjectOrganization != "" && cs.SubjectOrganization != "<null>" {
-		subject += "O=" + cs.SubjectOrganization + ","
+		subject += "O=" + escapeDNValue(cs.SubjectOrganization) + ","
 	}
 	if cs.SubjectLocality != "" && cs.SubjectLocality != "<null>" {
-		subject += "L=" + cs.SubjectLocality + ","
+		subject += "L=" + escapeDNValue(cs.SubjectLocality) + ","
 	}
 	if cs.SubjectState != "" && cs.SubjectState != "<null>" {
-		subject += "ST=" + cs.SubjectState + ","
+		subject += "ST=" + escapeDNValue(cs.SubjectState) + ","
 	}
 	if cs.SubjectCountry != "" && cs.SubjectCountry != "<null>" {
-		subject += "C=" + cs.SubjectCountry + ","
+		subject += "C=" + escapeDNValue(cs.SubjectCountry) + ","
 	}
 	subject = strings.TrimRight(subject, ",") // remove trailing comma
 	log.Printf("[DEBUG] createSubject(): Certificate subject created: %s\n", subject)
 	return subject, nil
 }
 
+// escapeDNValue ensures that a value in a DN is properly escaped if it contains special characters.
+func escapeDNValue(value string) string {
+	// If the value contains a comma, quote it
+	if strings.Contains(value, ",") {
+		return `"` + value + `"`
+	}
+	return value
+}
+
 // validateDeployPFXArgs validates the arguments required to deploy a PFX certificate.
 func validateDeployPFXArgs(dpfxa *DeployPFXArgs) error {
 	if dpfxa.StoreIds == nil {

v3/api/store_models.go

@@ -51,14 +51,20 @@ type UpdateStoreFctArgs struct {
 	// automatically populated by the CreateStore method. However, if configured, this field will be used.
 	PropertiesString string `json:"Properties,omitempty"`
 	// Mapped name-value pair field used to configure properties.
-	Properties            map[string]interface{} `json:"-"`
-	AgentId               string                 `json:"AgentId"`
-	AgentAssigned         *bool                  `json:"AgentAssigned,omitempty"`
-	ContainerName         *string                `json:"ContainerName,omitempty"`
-	InventorySchedule     *InventorySchedule     `json:"InventorySchedule,omitempty"`
-	ReEnrollmentStatus    *ReEnrollmnentConfig   `json:"ReEnrollmentStatus,omitempty"`
-	SetNewPasswordAllowed *bool                  `json:"SetNewPasswordAllowed,omitempty"`
-	Password              *StorePasswordConfig   `json:"Password"`
+	Properties            map[string]interface{}     `json:"-"`
+	AgentId               string                     `json:"AgentId"`
+	AgentAssigned         *bool                      `json:"AgentAssigned,omitempty"`
+	ContainerName         *string                    `json:"ContainerName,omitempty"`
+	InventorySchedule     *InventorySchedule         `json:"InventorySchedule,omitempty"`
+	ReEnrollmentStatus    *ReEnrollmnentConfig       `json:"ReEnrollmentStatus,omitempty"`
+	SetNewPasswordAllowed *bool                      `json:"SetNewPasswordAllowed,omitempty"`
+	Password              *UpdateStorePasswordConfig `json:"Password"`
+}
+
+type UpdateStorePasswordConfig struct {
+	SecretValue *string           `json:"SecretValue"` // used for setting kf-secret value or No Value (null)
+	Parameters  map[string]string `json:"Parameters"`
+	Provider    int               `json:"Provider"`
 }
 
 // InventorySchedule holds configuration data for creating an inventory schedule for a certificate store in Keyfactor
@@ -94,34 +100,59 @@ type ReEnrollmnentConfig struct {
 }
 
 // StorePasswordConfig configures the password field for a new certificate store.
+// TODO: make re-usable struct for Secret type fields
 type StorePasswordConfig struct {
-	Value          *string `json:"SecretValue"`
-	SecretTypeGuid *string `json:"SecretTypeGuid,omitempty"`
-	InstanceId     *string `json:"InstanceId,omitempty"`
+	Value                         *string                       `json:"SecretValue"`
+	SecretTypeGuid                *string                       `json:"SecretTypeGuid,omitempty"`
+	InstanceId                    *string                       `json:"InstanceId,omitempty"`
+	InstanceGuid                  *string                       `json:"InstanceGuid,omitempty"`
+	ProvidererTypeParameterValues *[]ProviderTypeParameterValue `json:"ProviderTypeParameterValues"`
+	ProviderId                    int                           `json:"ProviderId"`
+	IsManaged                     bool                          `json:"IsManaged"`
+	HasValue                      bool                          `json:"HasValue"`
 } // ProviderTypeParameterValues - Not yet implemented
 // ProviderTypeParameterValues ProviderTypeParams - Not implemented
 
 /* Future non-critical functionality */
 
-type ProviderTypeParams struct {
-	Id           string
-	Value        string
-	InstanceId   string
-	InstanceGuid string
-	Provider     ProviderParams
+type ProviderTypeParameterValue struct {
+	Id                int               `json:"Id"`
+	Value             *string           `json:"Value"`
+	ParameterId       int               `json:"ParameterId"` // defaults always to 0, likely deprecated
+	InstanceId        *string           `json:"InstanceId"`  // defaults null, likely deprecated
+	InstanceGuid      *string           `json:"InstanceGuid"`
+	Provider          *string           `json:"Provider"` // defaults null, likely deprecated
+	ProviderTypeParam ProviderTypeParam `json:"ProviderTypeParam"`
 }
 
-type ProviderParams struct {
-	Id           int
-	Name         string
-	Area         int
-	ProviderType ProviderType
+type ProviderTypeParam struct {
+	Id            int     `json:"Id"`
+	Name          *string `json:"Name"`
+	DisplayName   *string `json:"DisplayName"`
+	DataType      int     `json:"DataType"`
+	InstanceLevel bool    `json:"InstanceLevel"`
+	ProviderType  *string `json:"ProviderType"` //defaults null, likely deprecated
 }
 
-type ProviderType struct {
-	Id   string
-	Name string
-}
+// type ProviderTypeParams struct {
+// 	Id           string
+// 	Value        string
+// 	InstanceId   string
+// 	InstanceGuid string
+// 	Provider     ProviderParams
+// }
+
+// type ProviderParams struct {
+// 	Id           int
+// 	Name         string
+// 	Area         int
+// 	ProviderType ProviderType
+// }
+
+// type ProviderType struct {
+// 	Id   string
+// 	Name string
+// }
 
 // CertStoreTypeResponse contains the response elements returned from the GetCertificateStoreType method.
 type CertStoreTypeResponse struct {

v3/go.mod

@@ -14,36 +14,36 @@
 
 module github.com/Keyfactor/keyfactor-go-client/v3
 
-go 1.23
+go 1.24
 
-toolchain go1.23.2
+toolchain go1.24.5
 
 require (
-	github.com/Keyfactor/keyfactor-auth-client-go v1.1.1-rc.0
+	github.com/Keyfactor/keyfactor-auth-client-go v1.3.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/spbsoluble/go-pkcs12 v0.3.3
 	go.mozilla.org/pkcs7 v0.9.0
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
+	github.com/fatih/color v1.18.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
-	golang.org/x/crypto v0.30.0 // indirect
-	golang.org/x/net v0.32.0 // indirect
-	golang.org/x/oauth2 v0.24.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )