Add new parameters according to updated Sectigo API specification

Author: Russell-Benjamin

include/certifier/property.h

@@ -215,6 +215,9 @@ typedef enum CERTIFIER_OPT
     CERTIFIER_OPT_SECTIGO_SUBJECT_ALT_NAMES,
     CERTIFIER_OPT_SECTIGO_OWNER_EMAIL,
     CERTIFIER_OPT_SECTIGO_URL,
+    CERTIFIER_OPT_SECTIGO_DEVHUB_ID,
+    CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS,
+    CERTIFIER_OPT_SECTIGO_KEY_TYPE,
 
 } CERTIFIER_OPT;
 

internal_headers/certifier/property_internal.h

@@ -94,6 +94,13 @@ const char * get_default_ca_path();
 
 const char * get_default_ca_info();
 
+/**
+ * Validate if a key type string is a supported Sectigo key type.
+ * @param key_type The key type string to validate
+ * @return 1 if valid, 0 otherwise
+ */
+int is_valid_sectigo_key_type(const char * key_type);
+
 #ifdef __cplusplus
 }
 #endif

internal_headers/certifier/sectigo_client.h

@@ -38,20 +38,21 @@ extern "C" {
 
 #define IMPULSE_URL "https://certs-dev.xpki.io/"
 typedef struct{
-const char * auth_token;
-const char * common_name;
-const char * group_name;
-const char * group_email;
-const char * id;
-const char * owner_first_name;
-const char * owner_last_name;
-const char * project_name;
-const char * business_justification;
-const char * subject_alt_names;
-const char * owner_email;
-const char * sectigo_url;
-
-
+    const char * auth_token;
+    const char * common_name;
+    const char * group_name;
+    const char * group_email;
+    const char * id;
+    const char * owner_first_name;
+    const char * owner_last_name;
+    const char * project_name;
+    const char * business_justification;
+    const char * subject_alt_names;
+    const char * owner_email;
+    const char * sectigo_url;
+    const char * devhub_id;
+    size_t validity_days;
+    const char * key_type;
 } sectigo_get_cert_param_t;
 
 

libcertifier.cfg.sample

@@ -33,8 +33,11 @@
   "libcertifier.sectigo.id": "",
   "libcertifier.sectigo.owner.first.name": "",
   "libcertifier.sectigo.owner.last.name": "",
+  "libcertifier.sectigo.owner.email": "",
   "libcertifier.sectigo.project.name": "",
   "libcertifier.sectigo.business.justification": "",
   "libcertifier.sectigo.subject.alt.names": [],
-  "libcertifier.sectigo.owner.email": ""
+  "libcertifier.sectigo.devhub.id": "",
+  "libcertifier.sectigo.validity.days": 365,
+  "libcertifier.sectigo.key.type": ""
 }

src/certifier_api_easy.c

@@ -27,6 +27,7 @@
 #include "certifier/types.h"
 #include "certifier/util.h"
 #include "certifier/sectigo_client.h"
+#include "certifier/property_internal.h"
 
 #include <fcntl.h>
 #include <sys/stat.h>
@@ -1203,6 +1204,31 @@ static int process_command_line(CERTIFIER * easy)
                 return_code = certifier_set_property(easy->certifier, CERTIFIER_OPT_SECTIGO_OWNER_EMAIL, optarg);
             }
             break;
+        case 'D': // DevHub ID
+            if (optarg) {
+                return_code = certifier_set_property(easy->certifier, CERTIFIER_OPT_SECTIGO_DEVHUB_ID, optarg);
+            }
+            break;
+        case 'V': // Validity Days for Sectigo cert
+            if (optarg) {
+                if (atoi(optarg) > 0)
+                {
+                    return_code =
+                        certifier_set_property(easy->certifier, CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS, (const void *) (size_t) atoi(optarg));
+                }
+                else
+                {
+                    log_error("Expected input to be of positive integer type");
+                    return_code = 1;
+                }
+            }
+            break;
+        case 'W': // Key Type
+            if (!is_valid_sectigo_key_type(optarg)) {
+                log_error("Invalid key type. Supported key types: [RSA-2048, RSA-3072, RSA-4096, RSA-8192, ECC-PRIME256V1, ECC-SECP384R1]");
+                exit(0);
+            }
+            return_code = certifier_set_property(easy->certifier, CERTIFIER_OPT_SECTIGO_KEY_TYPE, optarg);
         case '?':
             /* Case when user enters the command as
              * $ ./libCertifier -p

src/main.c

@@ -573,7 +573,7 @@ XPKI_CLIENT_ERROR_CODE process(XPKI_MODE mode, xc_parameter_t * xc_parameter, in
 }
 
 // --- Sectigo Option Table ---
-static const char * const sectigo_get_cert_short_options = "C:I:e:s:N:r:b:A:x:K:u:G:E:O:J:Z:U:T:l:W:Y:h";
+static const char * const sectigo_get_cert_short_options = "C:I:e:s:N:r:b:A:x:K:u:G:E:O:J:Z:U:T:l:W:V:D:h";
 static const struct option sectigo_get_cert_long_opts[] = {
     { "common-name", required_argument, NULL, 'C' },
     { "id", required_argument, NULL, 'I' },
@@ -587,6 +587,9 @@ static const struct option sectigo_get_cert_long_opts[] = {
     { "owner-first-name", required_argument, NULL, 'O' },
     { "owner-last-name", required_argument, NULL, 'J' },
     { "owner-email", required_argument, NULL, 'Z' },
+    { "devhub-id", required_argument, NULL, 'D' },
+    { "validity-days", required_argument, NULL, 'V' },
+    { "key-type", required_argument, NULL, 'W' },
     { "config", required_argument, NULL, 'l' },
     { "help", no_argument, NULL, 'h' },
     { NULL, 0, NULL, 0 }
@@ -673,6 +676,18 @@ SECTIGO_CLIENT_ERROR_CODE sectigo_process(SECTIGO_MODE mode, sectigo_parameter_t
             sectigo_parameter->get_cert_param.sectigo_url = optarg;
             certifier_set_property(get_sectigo_certifier_instance(), CERTIFIER_OPT_SECTIGO_URL, optarg);
             break;
+        case 'D':
+            sectigo_parameter->get_cert_param.devhub_id = optarg;
+            certifier_set_property(get_sectigo_certifier_instance(), CERTIFIER_OPT_SECTIGO_DEVHUB_ID, optarg);
+            break;
+        case 'V':
+            sectigo_parameter->get_cert_param.validity_days = atol(optarg);
+            certifier_set_property(get_sectigo_certifier_instance(), CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS, optarg);
+            break;
+        case 'W':
+            sectigo_parameter->get_cert_param.key_type = optarg;
+            certifier_set_property(get_sectigo_certifier_instance(), CERTIFIER_OPT_SECTIGO_KEY_TYPE, optarg);
+            break;
         case '?':
                 log_info("Invalid or missing Sectigo option");
                 error_code = SECTIGO_CLIENT_INVALID_ARGUMENT;

src/property.c

@@ -36,6 +36,27 @@
 #define DEFAULT_OUTPUT_P12_PATH "output.p12"
 #define DEFAULT_CFG_FILENAME "libcertifier.cfg"
 #define DEFAULT_USER_CFG_FILENAME "/usr/local/etc/certifier/libcertifier.cfg"
+
+// Helper function to validate Sectigo key type
+int is_valid_sectigo_key_type(const char *key_type)
+{
+    if (!key_type) {
+        return 0;
+    }
+    
+    const char *valid_key_types[] = {
+        "RSA-2048", "RSA-3072", "RSA-4096", "RSA-8192",
+        "ECC-PRIME256V1", "ECC-SECP384R1"
+    };
+    
+    for (int i = 0; i < sizeof(valid_key_types) / sizeof(valid_key_types[0]); i++) {
+        if (strcmp(key_type, valid_key_types[i]) == 0) {
+            return 1;
+        }
+    }
+    
+    return 0;
+}
 #define DEFAULT_GLOBAL_CFG_FILENAME "/etc/certifier/libcertifier.cfg"
 #define DEFAULT_AUTH_TYPE "X509"
 #define DEFAULT_CA_INFO "libcertifier-cert.crt"
@@ -202,7 +223,7 @@ struct _PropMap
     char * mtls_filename;
     char * mtls_p12_filename;
 
-    //Sectigo properties (common properties like auth_token, source, etc. are above)
+    //Sectigo properties (common properties like auth_token, validity days, source, etc. are above)
     char * common_name;
     char * group_name;
     char * group_email;
@@ -214,6 +235,8 @@ struct _PropMap
     char * subject_alt_names;
     char * owner_email;
     char * sectigo_url;
+    char * devhub_id;
+    char * key_type;
 };
 
 static void free_prop_map_values(CertifierPropMap * prop_map);
@@ -398,6 +421,15 @@ int sectigo_property_set(CertifierPropMap * prop_map, int name, const void * val
         case CERTIFIER_OPT_SECTIGO_URL:
             prop_map->sectigo_url = XSTRDUP((const char *)value);
             break;
+        case CERTIFIER_OPT_SECTIGO_DEVHUB_ID:
+            prop_map->devhub_id = XSTRDUP((const char *)value);
+            break;
+        case CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS:
+            prop_map->validity_days = (int)(size_t)value;
+            break;
+        case CERTIFIER_OPT_SECTIGO_KEY_TYPE:
+            prop_map->key_type = XSTRDUP((const char *)value);
+            break;
         default:
             log_warn("sectigo_property_set: unrecognized property [%d]", name);
             retval = CERTIFIER_ERR_PROPERTY_SET_10;
@@ -901,7 +933,15 @@ void * property_get(CertifierPropMap * prop_map, CERTIFIER_OPT name)
     case CERTIFIER_OPT_SECTIGO_URL:
         retval = (void *) prop_map->sectigo_url;
         break;
-
+    case CERTIFIER_OPT_SECTIGO_DEVHUB_ID:
+        retval = (void *) prop_map->devhub_id;
+        break;
+    case CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS:
+        retval = (void *) (size_t) prop_map->validity_days;
+        break;
+    case CERTIFIER_OPT_SECTIGO_KEY_TYPE:
+        retval = (void *) prop_map->key_type;
+        break;
     default:
         log_warn("property_get: unrecognized property [%d]", name);
         retval = NULL;
@@ -1370,6 +1410,12 @@ static int load_sectigo_fields_from_json(CertifierPropMap *propMap, JSON_Object
             continue;
         }
 
+        if (strcmp(key, "libcertifier.sectigo.validity.days") == 0) {
+            int validity_days = json_object_get_number(root, key);
+            log_info("Loaded sectigo validity days: %d from config file.", validity_days);
+            sectigo_property_set(propMap, CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS, (void *) (size_t) validity_days);
+        }
+
         const char *value_str = json_object_get_string(root, key);
         if (value_str && strlen(value_str) > 0) {  // Only process non-empty values
             // Map config key to property enum
@@ -1417,6 +1463,18 @@ static int load_sectigo_fields_from_json(CertifierPropMap *propMap, JSON_Object
                 log_info("Loaded sectigo URL: %s from config file.", value_str);
                 sectigo_property_set(propMap, CERTIFIER_OPT_SECTIGO_URL, value_str);
             }
+            else if (strcmp(key, "libcertifier.sectigo.devhub.id") == 0) {
+                log_info("Loaded sectigo devhub id: %s from config file.", value_str);
+                sectigo_property_set(propMap, CERTIFIER_OPT_SECTIGO_DEVHUB_ID, value_str);
+            }
+            else if (strcmp(key, "libcertifier.sectigo.key.type") == 0) {
+                if (!is_valid_sectigo_key_type(value_str)) {
+                    log_error("Invalid key type '%s' in config file. Supported: [RSA-2048, RSA-3072, RSA-4096, RSA-8192, ECC-PRIME256V1, ECC-SECP384R1]", value_str);
+                    exit(0);
+                }
+                log_info("Loaded sectigo key type: %s from config file.", value_str);
+                sectigo_property_set(propMap, CERTIFIER_OPT_SECTIGO_KEY_TYPE, value_str);
+            }
             // Add more mappings as needed
         }
     }
@@ -1598,6 +1656,8 @@ static void free_prop_map_values(CertifierPropMap * prop_map)
     FV(prop_map->subject_alt_names);
     FV(prop_map->owner_email);
     FV(prop_map->sectigo_url);
+    FV(prop_map->devhub_id);
+    FV(prop_map->key_type);
 }
 
 CertifierPropMap * property_new_sectigo(void)

src/sectigo_client.c

@@ -97,6 +97,15 @@ SECTIGO_CLIENT_ERROR_CODE xc_sectigo_get_default_cert_param(sectigo_get_cert_par
     param = certifier_get_property(certifier, CERTIFIER_OPT_SECTIGO_URL);
     params->sectigo_url = param ? XSTRDUP((const char *)param) : NULL;
 
+    param = certifier_get_property(certifier, CERTIFIER_OPT_SECTIGO_DEVHUB_ID);
+    params->devhub_id = param ? XSTRDUP((const char *)param) : NULL;
+
+    param = certifier_get_property(certifier, CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS);
+    params->validity_days = param ? (size_t) param : 365;
+
+    param = certifier_get_property(certifier, CERTIFIER_OPT_SECTIGO_KEY_TYPE);
+    params->key_type = param ? XSTRDUP((const char *)param) : NULL;
+
     return SECTIGO_CLIENT_SUCCESS;
 }
 
@@ -211,7 +220,16 @@ const char * node_address, const char * certifier_id, char ** out_cert)
     json_object_set_string(root_obj, "businessJustification", params.business_justification ? params.business_justification : "");
     json_object_set_string(root_obj, "certificateType", "comodo");  // Always "comodo"
     json_object_set_string(root_obj, "ownerEmailAddress", params.owner_email ? params.owner_email : "");
-    // Always set subjectAltNames and ipAddresses, even if empty
+    json_object_set_string(root_obj, "devhubId", params.devhub_id ? params.devhub_id : "");
+    
+    // Convert validity_days to string
+    if (params.validity_days > 0) {
+        char validity_days_str[16];
+        snprintf(validity_days_str, sizeof(validity_days_str), "%zu", params.validity_days);
+        json_object_set_string(root_obj, "validityDays", validity_days_str);
+    }
+    
+    json_object_set_string(root_obj, "keyType", params.key_type ? params.key_type : "");
 
     // subjectAltNames as array
     JSON_Value *san_array = json_value_init_array();

tests/xc_apis/xc_api_tests.c

@@ -255,6 +255,9 @@ static void test_get_sectigo_cert()
     params.subject_alt_names    = "*";
     params.owner_email          = "first_last@comcast.com";
     params.sectigo_url          = "https://certs-dev.xpki.io/api/createCertificate";
+    params.devhub_id            = "12345";
+    params.validity_days        = 90;
+    params.key_type             = "RSA-8192";
 
     // Call the API
     error = xc_sectigo_get_cert(&params);