Skip to content

ADO 86120: Add support for revocation reason 0 (Unspecified)#8

Closed
bhillkeyfactor wants to merge 7 commits into
release-1.0from
feature/86120-revocation-reason-0
Closed

ADO 86120: Add support for revocation reason 0 (Unspecified)#8
bhillkeyfactor wants to merge 7 commits into
release-1.0from
feature/86120-revocation-reason-0

Conversation

@bhillkeyfactor
Copy link
Copy Markdown
Collaborator

@bhillkeyfactor bhillkeyfactor commented May 19, 2026
edited
Loading

Summary

  • Adds support for CRL revocation reason 0 (Unspecified). HydrantID now supports this reason following the CAB change; the plugin previously rejected it with RevokeReasonNotSupportedException.
  • Adds Unspecified = 0 to the RevocationReasons enum and a corresponding case 0 in RequestManager.GetMapRevokeReasons.
  • Updates the unsupported-reason error message to list reason 0.

Test plan

  • Build succeeds across net6.0 / net8.0 / net10.0 (verified locally)
  • Revoke a HydrantID-issued cert with reason 0 end-to-end against a live HydrantID environment
  • Revoke with each other supported reason (1, 3, 4, 5) still works
  • Revoke with an unsupported reason (e.g., 2) still throws RevokeReasonNotSupportedException and the message now lists reason 0 among supported values

bhillkeyfactor and others added 6 commits December 2, 2025 10:30
@bhillkeyfactor @indrora
feat: release 1.0 (#1)
c038522 
The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
@indrora @bhillkeyfactor
Merge 1.0.1 to main (#4)
01a9f2c 
* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.0.1

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
@indrora @bhillkeyfactor @claude
Merge 1.0.2 to main (#7)
6ecc5ab 
* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.0.1

* release 1.0.2

* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Merge 1.0.1 to main (#4)

* feat: release 1.0 (#1)

The HID Global HydrantId AnyCA Gateway REST plugin extends the capabilities of HydrantId Certificate Authority Service to Keyfactor Command via the Keyfactor AnyCA Gateway. This plugin leverages the HydrantId REST API with Hawk authentication to provide comprehensive certificate lifecycle management. The plugin represents a fully featured AnyCA Plugin with the following capabilities:

*   **CA Sync**:
    *   Download all certificates issued by the HydrantId CA
    *   Support for incremental and full synchronization
    *   Automatic extraction of end-entity certificates from PEM chains
*   **Certificate Enrollment**:
    *   Support certificate enrollment with new key pairs
    *   Dynamic policy (profile) discovery from the CA
    *   Intelligent renewal vs. re-issue logic based on certificate expiration
    *   Support for PKCS#10 CSR format
    *   Configurable certificate validity periods
*   **Certificate Revocation**:
    *   Request revocation of previously issued certificates
    *   Support for standard CRL revocation reasons

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* release: 1.0.1

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>

* Hydrant Failed Status Issues and Logging

* fixed changelog

* Add .NET 10 target framework support

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Change FlowLogger from LogTrace to LogDebug/LogWarning

The Keyfactor gateway framework sets the Microsoft.Extensions.Logging
minimum level above Trace, causing all LogTrace calls to be silently
dropped before reaching NLog. Flow diagram and step logging now uses
LogDebug (visible), and failure steps use LogWarning for visibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Revert FlowLogger back to LogTrace

LogTrace works in the CSC Global plugin with the same gateway framework,
so the MEL minimum level is not the issue. Reverting to match the
established pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fixed package vulns

---------

Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Morgan Gangwere <470584+indrora@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Brian Hill <76450501+bhillkeyfactor@users.noreply.github.com>
Co-authored-by: Keyfactor <keyfactor@keyfactor.github.io>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bhillkeyfactor
Fixed revoke reason
2569ae1
@bhillkeyfactor
Revert "Fixed revoke reason"
68c144d 
This reverts commit 2569ae1.
@bhillkeyfactor @claude
ADO 86120: Add support for revocation reason 0 (Unspecified)
1660ed7 
HydrantID now supports CRL revocation reason 0 (Unspecified) following
the CAB change. The plugin previously rejected this reason in
RequestManager.GetMapRevokeReasons with RevokeReasonNotSupportedException.

- Add Unspecified = 0 to the RevocationReasons enum
- Map keyfactorRevokeReason == 0 to RevocationReasons.Unspecified
- Update the unsupported-reason error message to list reason 0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@bhillkeyfactor bhillkeyfactor changed the base branch from main to release-1.0 May 19, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bhillkeyfactor @indrora