Version 2.0 - added sync from KF to DC.

CHANGELOG.md

@@ -1,3 +1,9 @@
+Version 2.0
+
+- Added ability to sync custom fields from Keyfactor to DigiCert.
+- Tool now requires command line argument to specify sync direction: "dctokf" for DigiCert to Keyfactor and "kftodc" for Keyfactor to DigiCert.
+- New DigiCert API Key with restrictions set to "None" in DigiCert config required to perform sync from Keyfactor to Digicert.
+
 Version 1.0
 
-Initial Release
+- Initial Release

README.md

@@ -20,19 +20,30 @@ ___
 
 
 
+
+
 ## Overview
-This tool primarily sets up metadata fields in Keyfactor for the custom metadata fields in DigiCert, which are named as such, but can also setup metadata fields in Keyfactor for non-custom fields available in DigiCert and unavailable in Keyfactor by default,   such as the Digicert Cert ID and the Organization contact.  These fields are referred to as manual fields in the context of this tool. After setting up these fields, the tool proceeds to update the contents of these fields. This tool only adds metadata to certificates that have already been imported into Keyfactor. Additionally, this tool requires a properly installed and functioning AnyGateway configured to work with Keyfactor and Digicert.
+This tool primarily sets up metadata fields in Keyfactor for the custom metadata fields in DigiCert, which are named as such, but can also setup metadata fields in Keyfactor for non-custom fields available in DigiCert and unavailable in Keyfactor by default,   such as the Digicert Cert ID and the Organization contact.  These fields are referred to as manual fields in the context of this tool. After setting up these fields, the tool proceeds to update the contents of these fields. This tool only adds metadata to certificates that have already been imported into Keyfactor. Additionally, this tool requires a properly installed and functioning AnyGateway configured to work with Keyfactor and Digicert. The latest update allows for syncronization of custom field contents from Keyfactor to DigiCert. New fields are created in Keyfactor and DigiCert to accomodate for this.
 
 ## Installation and Usage
 The tool comes as a Windows executable. The tool performs synchronization each time its run. For the tool to run automatically, it needs to be added as a scheduled process using Windows. The advised interval for running it is once per week. The files App.config and manualfields.json need to be present in the same directory as the tool for it to run correctly. The specific location from which the tool is ran does not matter, but it needs to have access to both the Keyfactor API endpoint as well as  Digicert, and appropriate permissions for access to the configuration files. 
 An explanation for the settings found in these files is given below. 
 
+## Command Line Arguments
+One of these two arguments needs to be used for the tool to run.
+- <b>"kftodc"</b>  
+Syncronizes the contents of custom fields listed in manualfields.json from Keyfactor to DigiCert. If the fields in manualfields.json do not exist in Keyfactor or DigiCert, they are created first. Example: ```.\DigicertMetadataSync.exe kftodc```
+- <b>"dctokf"</b>  
+Syncronizes the contents of both custom and non-custom fields from DigiCert to Keyfactor. The fields are listed in manualfields.json, and are created if necessary.
+Example: ```.\DigicertMetadataSync.exe dctokf```
 
 ## Settings
 The settings currently present in these files are shown as an example and need to be configured for your specific situation.
 ### app.config settings
 - <b>DigicertAPIKey</b>  
-Standard DigiCert API access key 
+Standard DigiCert API access key.
+- <b>DigicertAPIKeyTopPerm</b>  
+DigiCert API access key with restrictions set to "None" - <b>required for sync from Keyfactor to DigiCert</b>. 
 - <b>KeyfactorDomainAndUser</b>  
 Same credential as used when logging into Keyfactor Command. A different set of credentials can be used provided they have adequate access permissions.
 - <b>KeyfactorPassword</b>  
@@ -76,3 +87,4 @@ String to be input into Keyfactor as the metadata field hint.
 - <b>KeyfactorAllowAPI</b>  
 Allows API management of this metadata field in Keyfactor. Should be set to true for continuous synchronization with this tool.
 
+

digicert-metadata-sync/AddFieldsToKeyfactor.cs

@@ -22,21 +22,23 @@ namespace DigicertMetadataSync;
 // It will only add new fields.
 partial class DigicertSync
 {
-    public static int AddFieldsToKeyfactor(List<KeyfactorMetadataInstanceSendoff> inputlist,
+    public static Tuple<int,List<string>> AddFieldsToKeyfactor(List<KeyfactorMetadataInstanceSendoff> inputlist,
         List<KeyfactorMetadataInstance> existingmetadatalist, bool noexistingfields, string keyfactorusername,
         string keyfactorpassword, string keyfactorapilocation)
     {
         var addfieldstokeyfactorurl = keyfactorapilocation + "MetadataFields";
         var addfieldsclient = new RestClient();
         addfieldsclient.Authenticator = new HttpBasicAuthenticator(keyfactorusername, keyfactorpassword);
         int totalnumberadded = 0;
+        List<string> newfields = new List<string>();
         foreach (var metadatainstance in inputlist)
         {
             if (noexistingfields == false)
             {
                 var fieldquery = from existingmetadatainstance in existingmetadatalist
                     where existingmetadatainstance.Name == metadatainstance.Name
                     select existingmetadatainstance;
+                // If field does not exist in Keyfactor, add it.
                 if (!fieldquery.Any())
                 {
                     var addfieldrequest = new RestRequest(addfieldstokeyfactorurl);
@@ -50,6 +52,7 @@ public static int AddFieldsToKeyfactor(List<KeyfactorMetadataInstanceSendoff> in
                     try
                     {
                         metadataresponse = addfieldsclient.Post(addfieldrequest);
+                        newfields.Add(metadatainstance.Name);
                         ++totalnumberadded;
                     }
                     catch (HttpRequestException e)
@@ -90,7 +93,8 @@ public static int AddFieldsToKeyfactor(List<KeyfactorMetadataInstanceSendoff> in
                 }
             }
         }
+        Tuple<int, List<string>> returnvals = new Tuple<int, List<string>>(totalnumberadded, newfields);
 
-        return totalnumberadded;
+        return returnvals;
     }
 }

digicert-metadata-sync/App.config

@@ -2,10 +2,11 @@
 <configuration>
 	<appSettings>
 		<add key="DigicertAPIKey" value="" />
+		<add key="DigicertAPIKeyTopPerm" value="" />
 		<add key="KeyfactorDomainAndUser" value="" />
 		<add key="KeyfactorPassword" value="" />
-		<add key="KeyfactorCertSearchReturnLimit" value="5000" /> 
-		<add key="KeyfactorAPIEndpoint" value="https://***.com/keyfactorapi/" />
+		<add key="KeyfactorCertSearchReturnLimit" value="500" /> 
+		<add key="KeyfactorAPIEndpoint" value="" />
 		<add key="KeyfactorDigicertIssuedCertQueryTerm" value="DigiCert" />
 		<add key="ImportAllCustomDigicertFields" value="False" />
 		<add key="ReplaceDigicertWhiteSpaceCharacterInName" value="_-_" />

digicert-metadata-sync/GrabCustomFieldsFromDigiCert.cs

@@ -0,0 +1,44 @@
+// Copyright 2021 Keyfactor
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using Keyfactor.Logging;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using RestSharp;
+using RestSharp.Authenticators;
+
+namespace DigicertMetadataSync;
+
+// This fuction adds the fields to keyfactor.
+// It will only add new fields.
+partial class DigicertSync
+{
+    public static List<CustomDigicertMetadataInstance> GrabCustomFieldsFromDigiCert(string apikey)
+    {
+        ILogger logger = LogHandler.GetClassLogger<DigicertSync>();
+        var digicertclient = new RestClient();
+        var customfieldsretrieval = "https://www.digicert.com/services/v2/account/metadata";
+        var digicertrequest = new RestRequest(customfieldsretrieval);
+        digicertrequest.AddHeader("Accept", "application/json");
+        digicertrequest.AddHeader("X-DC-DEVKEY", apikey);
+        var digicertresponse = digicertclient.Execute(digicertrequest);
+        var trimmeddigicertresponse = digicertresponse.Content.Remove(0, 12);
+        int lengthofresponse = trimmeddigicertresponse.Length;
+        trimmeddigicertresponse = trimmeddigicertresponse.Remove(lengthofresponse - 1, 1);
+        var fieldlist = JsonConvert.DeserializeObject<List<CustomDigicertMetadataInstance>>(trimmeddigicertresponse);
+        Console.WriteLine("Obtained custom fields from DigiCert.");
+        logger.LogDebug("Obtained custom fields from DigiCert.");
+        return fieldlist;
+    }
+}

digicert-metadata-sync/Helpers.cs

@@ -70,6 +70,14 @@ public static string ReplaceAllWhiteSpaces(string str, string replacement)
         return Regex.Replace(str, @"\s+", "_-_");
     }
 
+    public static bool CheckMode(string mode)
+    {
+        if ((mode == "kftodc") || (mode == "dctokf")){
+            return true;
+        }
+        return false;
+    }
+
     private static List<KeyfactorMetadataInstanceSendoff> convertlisttokf(List<ReadInMetadataField> inputlist,
         string replacementcharacter)
     {