add validity days property when requesting a certificate and changes …

…for using new vcert v4

go.mod

@@ -3,7 +3,8 @@ module github.com/Venafi/vault-pki-backend-venafi
 go 1.13
 
 require (
-	github.com/Venafi/vcert v0.0.0-20200807171114-64f717ca1aa4
+	github.com/Venafi/vcert v3.18.4+incompatible
+	github.com/Venafi/vcert/v4 v4.11.0
 	github.com/hashicorp/go-hclog v0.14.1
 	github.com/hashicorp/vault/api v1.0.4
 	github.com/hashicorp/vault/sdk v0.1.13

go.sum

@@ -16,6 +16,10 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/Venafi/vcert v0.0.0-20200807171114-64f717ca1aa4 h1:qC7To1qKZnRd7/2qPk+FLur4mrCMk4MV6fCfuJt2XYo=
 github.com/Venafi/vcert v0.0.0-20200807171114-64f717ca1aa4/go.mod h1:Pw/wEAuWnNll9G2Vio6rMYmgcKdZaI3SljAgJCuZ2lA=
+github.com/Venafi/vcert v3.18.4+incompatible h1:mDXSjd+EpXa8YEkEo9Oad19E270aiPJJMhjoKs63b+8=
+github.com/Venafi/vcert v3.18.4+incompatible/go.mod h1:3dpfrCI+31cDZosD+1UX8GFziVFORaegByXtzT1dwNo=
+github.com/Venafi/vcert/v4 v4.11.0 h1:37gfyjS9v5YvZcIABwNPo1fAC31lIZT7glVK1vfUxk4=
+github.com/Venafi/vcert/v4 v4.11.0/go.mod h1:OE+UZ0cj8qqVUuk0u7R4GIk4ZB6JMSf/WySqnBPNwws=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=

plugin/pki/path_roles.go

@@ -92,7 +92,10 @@ requested. The lease duration controls the expiration
 of certificates issued by this backend. Defaults to
 the value of max_ttl.`,
 			},
-
+			"issuer_hint": {
+				Type:        framework.TypeString,
+				Description: `Indicate the target issuer values could be DigiCert, Entrust, or Microsoft`,
+			},
 			"max_ttl": {
 				Type:        framework.TypeDurationSecond,
 				Description: "The maximum allowed lease duration",
@@ -344,6 +347,7 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data
 			KeyCurve:         data.Get("key_curve").(string),
 			MaxTTL:           time.Duration(data.Get("max_ttl").(int)) * time.Second,
 			TTL:              time.Duration(data.Get("ttl").(int)) * time.Second,
+			IssuerHint:       data.Get("issuer_hint").(string),
 			GenerateLease:    data.Get("generate_lease").(bool),
 			ServerTimeout:    time.Duration(data.Get("server_timeout").(int)) * time.Second,
 			VenafiSecret:     data.Get("venafi_secret").(string),
@@ -457,6 +461,7 @@ type roleEntry struct {
 	Lease            string        `json:"lease"`
 	TTL              time.Duration `json:"ttl_duration"`
 	MaxTTL           time.Duration `json:"max_ttl_duration"`
+	IssuerHint       string        `json:"issuer_hint"`
 	GenerateLease    bool          `json:"generate_lease,omitempty"`
 	DeprecatedMaxTTL string        `json:"max_ttl"`
 	DeprecatedTTL    string        `json:"ttl"`

plugin/pki/path_venafi_cert_enroll.go

@@ -6,15 +6,17 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"github.com/Venafi/vcert/pkg/endpoint"
+	"github.com/Venafi/vcert/v4/pkg/endpoint"
+	"github.com/Venafi/vcert/v4/pkg/util"
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/sdk/helper/consts"
+	"math"
 	"net"
 	"regexp"
 	"strings"
 	"time"
 
-	"github.com/Venafi/vcert/pkg/certificate"
+	"github.com/Venafi/vcert/v4/pkg/certificate"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )
@@ -438,6 +440,32 @@ func formRequest(reqData requestData, role *roleEntry, signCSR bool, logger hclo
 		return certReq, fmt.Errorf("Invalid chain option %s", role.ChainOption)
 	}
 
+	if role.TTL > 0 {
+		days := float64(role.TTL.Hours()) / 24
+		roundedDays := math.Round(float64(days)) //round days to convert them on the nearest days, based on the hours
+
+		issuerHint := ""
+
+		if role.IssuerHint != "" {
+			issrOpt := string(role.IssuerHint[0])
+			issrOpt = strings.ToLower(issrOpt)
+
+			switch issrOpt {
+			case "m":
+				issuerHint = util.IssuerHintMicrosoft
+			case "d":
+				issuerHint = util.IssuerHintDigicert
+			case "e":
+				issuerHint = util.IssuerHintEntrust
+
+			}
+
+		}
+
+		certReq.IssuerHint = issuerHint
+		certReq.ValidityHours = int(roundedDays) * 24
+	}
+
 	//Adding origin custom field with utility name to certificate metadata
 	certReq.CustomFields = []certificate.CustomField{{Type: certificate.CustomFieldOrigin, Value: utilityName}}
 

plugin/pki/util.go

@@ -6,9 +6,9 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"github.com/Venafi/vcert"
-	"github.com/Venafi/vcert/pkg/endpoint"
-	"github.com/Venafi/vcert/pkg/venafi/tpp"
+	"github.com/Venafi/vcert/v4"
+	"github.com/Venafi/vcert/v4/pkg/endpoint"
+	"github.com/Venafi/vcert/v4/pkg/venafi/tpp"
 	"github.com/hashicorp/vault/sdk/logical"
 	"net"
 	"net/http"

plugin/pki/vcert.go

@@ -3,8 +3,8 @@ package pki
 import (
 	"context"
 	"fmt"
-	"github.com/Venafi/vcert"
-	"github.com/Venafi/vcert/pkg/endpoint"
+	"github.com/Venafi/vcert/v4"
+	"github.com/Venafi/vcert/v4/pkg/endpoint"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 	"io/ioutil"

plugin/pki/vcert_test.go

@@ -7,9 +7,9 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"github.com/Venafi/vcert"
-	"github.com/Venafi/vcert/pkg/certificate"
-	"github.com/Venafi/vcert/pkg/endpoint"
+	"github.com/Venafi/vcert/v4"
+	"github.com/Venafi/vcert/v4/pkg/certificate"
+	"github.com/Venafi/vcert/v4/pkg/endpoint"
 	"github.com/hashicorp/vault/sdk/logical"
 	"log"
 	"strings"