updated fields. the full chain is now stored in certificate if selected.

CHANGELOG.md

@@ -6,12 +6,10 @@
 * **Breaking Change**: the properties have been renamed from:
     * `PUBLIC_KEY` to `certificate`
     * `PRIVATE_KEY` to `private_key`
-    * `PUBLIC_KEY_<n>` for each CA chain certificate to `ca_chain`
+    * `PUBLIC_KEY_<n>` has been removed.  Now the chain is stored in `certificate` if the option is selected.
 
 * **Breaking Change**: Added a flag on the Keyfactor Certificate store definition to indicate whether to store the full CA chain along with the certificate
 
-* `ca_chain` contains all certificates in the CA chain, including the leaf.
-
 2.0
 
 * Added inventory job support for the Hashicorp PKI secrets engine

hashicorp-vault-orchestrator/HcvKeyValueClient.cs

@@ -35,9 +35,7 @@ public class HcvKeyValueClient : IHashiClient
 
         private string _storePath { get; set; }
         private string _mountPoint { get; set; }
-        private bool _subfolderInventory { get; set; }
-
-        //private VaultClientSettings clientSettings { get; set; }
+        private bool _subfolderInventory { get; set; }        
 
         public HcvKeyValueClient(string vaultToken, string serverUrl, string mountPoint, string storePath, bool SubfolderInventory = false)
         {
@@ -86,7 +84,7 @@ public async Task<CurrentInventoryItem> GetCertificate(string key)
             Dictionary<string, object> certData;
             Secret<SecretData> res;
             var fullPath = _storePath + key;
-            //var relativePath = fullPath.Substring(_storePath.Length);
+
             try
             {
                 try
@@ -116,8 +114,7 @@ public async Task<CurrentInventoryItem> GetCertificate(string key)
 
             try
             {
-                string certificate = null;
-                string caChain = "";
+                string certificate = null;                
 
                 //Validates if the "certificate" and "private_key" keys exist in certData
                 if (certData.TryGetValue("certificate", out object publicKeyObj))
@@ -127,27 +124,28 @@ public async Task<CurrentInventoryItem> GetCertificate(string key)
 
                 var certs = new List<string>() { certificate };
 
-                certData.TryGetValue("private_key", out object privateKeyObj);            
+                certData.TryGetValue("private_key", out object privateKeyObj);
+
+                //split the chain entries (if chain is included)
+
+                var certFooter = "\n-----END CERTIFICATE-----";
 
-                if (certData.TryGetValue("ca_chain", out object caChainObj))
-                {
-                    caChain = caChainObj?.ToString();
+                certs = certificate.Split(new string[] { certFooter }, StringSplitOptions.RemoveEmptyEntries).ToList();
+
+                for (int i = 0; i<certs.Count(); i++) {
+                    certs[i] = certs[i] + certFooter;
                 }
 
-                certData.TryGetValue("revocation_time", out object revocationTime);
-
-                certs = !string.IsNullOrEmpty(caChain) ? caChain.Split(new string[] { "\n\n" }, StringSplitOptions.RemoveEmptyEntries).ToList() : certs;
-
                 // if the certs have not been revoked, include them
 
-                if (!string.IsNullOrEmpty(certificate) && (revocationTime == null || Equals(revocationTime.ToString(), "0")))
+                if (certs.Count() > 0)
                 {
                     return new CurrentInventoryItem()
                     {
                         Alias = key,
                         PrivateKeyEntry = privateKeyObj != null,
                         ItemStatus = OrchestratorInventoryItemStatus.Unknown,
-                        UseChainLevel = true,
+                        UseChainLevel = certs.Count() > 1,
                         Certificates = certs
                     };
                 }
@@ -228,7 +226,6 @@ public async Task PutCertificate(string certName, string contents, string pfxPas
                     streamWriter.Flush();
                     privateKeyString = Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim()
                         .Replace("\r", "").Replace("\0", "");
-                    // logger.LogTrace($"Got Private Key String {privateKeyString}");
                     logger.LogTrace($"Got Private Key String");
                     memoryStream.Close();
                     streamWriter.Close();
@@ -254,12 +251,16 @@ public async Task PutCertificate(string certName, string contents, string pfxPas
             try
             {
                 certDict.Add("private_key", privateKeyString);
-                certDict.Add("certificate", pubCertPem);
-                certDict.Add("revocation_time", 0);
+
+                // certDict.Add("revocation_time", 0);
 
                 if (includeChain)
                 {
-                    certDict.Add("ca_chain", String.Join("\n\n", pemChain));
+
+                    certDict.Add("certificate", String.Join("\n", pemChain));
+                }
+                else {
+                    certDict.Add("certificate", pubCertPem);
                 }
             }
             catch (Exception ex)

readme_source.md

@@ -38,10 +38,8 @@ This integration was built on the .NET Core 3.1 target framework and are compati
 
 1. For the Key-Value secrets engine, the certificates are stored as an entry with these fields.  
 
-- `certificate` - The PEM formatted certificate
-- `ca_chain` - The full certificate authority chain, including the certificate
+- `certificate` - The PEM formatted certificate and intermediate CA chain (if selected)
 - `private_key` - The certificate private key
-- `revocation_time` - a value other than "0" indicates the time that a certificate was revoked.
 
 **Note**: Key/Value secrets that do not include the keys `certificate` and `private_key` will be ignored during inventory scans.