2026-06-05 01:24:51 +00:00
10 changed files with 456 additions and 1 deletions
@@ -8,6 +8,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos
 - Infisical API error responses are now parsed to surface the server-side `message`, `error`, and `reqId` fields. The 4xx/5xx exception message includes the human-readable explanation (e.g. "The project is of type secret-manager") instead of an opaque `Infisical API returned 400 (Bad Request)`. The `InfisicalApiException` gains `ApiErrorMessage` and `ApiRequestId` properties; `InfisicalErrorDetails` carries the same fields so PowerShell error records and logger output expose them.
 - `Get-InfisicalCertificateProfile` added with `List` (default) and `ById` parameter sets. List binds to `GET /api/v1/cert-manager/certificate-profiles` (optional `-Limit`, `-Offset`, `-IncludeConfigs`); ById binds to `GET /api/v1/cert-manager/certificate-profiles/{certificateProfileId}`. New `InfisicalCertificateProfile` model surfaces ca/policy ids, slug, enrollment type, per-profile defaults (ttl, key/extended key usages), and the embedded CA/policy/apiConfig summaries.
 - `Get-InfisicalCertificatePolicy` added with `List` (default) and `ById` parameter sets. List binds to `GET /api/v1/cert-manager/certificate-policies` (optional `-Limit`, `-Offset`); ById binds to `GET /api/v1/cert-manager/certificate-policies/{certificatePolicyId}`. New `InfisicalCertificatePolicy` model surfaces subject, SANs, key usages, extended key usages, algorithms, and validity. Polymorphic string-or-array fields (`allowed`, `required`, `keyAlgorithm`) are normalized to arrays; `sans` is normalized whether the API returns an object or an array.
 ## 2026.06.04.1920
@@ -1170,6 +1170,48 @@ $GetInfisicalCertificateProfileResult = Get-InfisicalCertificateProfile @GetInfi
    </command:examples>
  </command:command>
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
    <command:details>
      <command:name>Get-InfisicalCertificatePolicy</command:name>
      <maml:description><maml:para>Lists or retrieves Infisical certificate policies in a project.</maml:para></maml:description>
      <command:verb>Get</command:verb>
      <command:noun>InfisicalCertificatePolicy</command:noun>
    </command:details>
    <maml:description>
      <maml:para>Default (List parameter set) returns every certificate policy configured on the project via /api/v1/cert-manager/certificate-policies, with optional -Limit and -Offset. When -PolicyId is supplied (ById parameter set) the cmdlet returns one policy by its id. -ProjectId defaults to the session-pinned project in both modes.</maml:para>
    </maml:description>
    <maml:alertSet>
      <maml:title>Notes</maml:title>
      <maml:alert>
        <maml:para>Policies define the allowed/required subject, SANs, key usages, extended key usages, key algorithms, signature algorithm, and validity windows that certificate profiles enforce. Each profile binds exactly one policy via its CertificatePolicyId.</maml:para>
      </maml:alert>
    </maml:alertSet>
    <command:examples>
      <command:example>
        <maml:title>EXAMPLE 1</maml:title>
        <dev:code>Get-InfisicalCertificatePolicy</dev:code>
        <dev:remarks><maml:para>Lists every certificate policy defined on the session-pinned project.</maml:para></dev:remarks>
      </command:example>
      <command:example>
        <maml:title>EXAMPLE 2</maml:title>
        <dev:code>Get-InfisicalCertificatePolicy -PolicyId '3e69306a-e7c1-4fd2-a140-7fb300e53c43'</dev:code>
        <dev:remarks><maml:para>Retrieves a single certificate policy by id from the session-pinned project.</maml:para></dev:remarks>
      </command:example>
      <command:example>
        <maml:title>EXAMPLE 3</maml:title>
        <dev:code>$GetInfisicalCertificatePolicyListResult = Get-InfisicalCertificatePolicy | Where-Object { $_.Name -ieq 'codesigning' }
 $GetInfisicalCertificatePolicyParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
 $GetInfisicalCertificatePolicyParameters.PolicyId  = $GetInfisicalCertificatePolicyListResult[0].Id
 $GetInfisicalCertificatePolicyParameters.ProjectId = $ConnectInfisicalParameters.ProjectId
 $GetInfisicalCertificatePolicyParameters.Verbose   = $True
 $GetInfisicalCertificatePolicyResult = Get-InfisicalCertificatePolicy @GetInfisicalCertificatePolicyParameters</dev:code>
        <dev:remarks><maml:para>Filters policies whose name equals 'codesigning' and refetches the canonical record for the first match using a splatted parameter set.</maml:para></dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
    <command:details>
      <command:name>Search-InfisicalCertificate</command:name>
@@ -132,6 +132,7 @@ function Write-Manifest {
        'Get-InfisicalCertificateAuthority',
        'Get-InfisicalPkiSubscriber',
        'Get-InfisicalCertificateProfile',
        'Get-InfisicalCertificatePolicy',
        'Get-InfisicalCertificate',
        'Search-InfisicalCertificate',
        'Request-InfisicalCertificate',
@@ -203,7 +204,7 @@ if (`$cmds.Count -eq 0) {
    throw "No cmdlets were exported by the PSInfisicalAPI module."
 }
-`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificate','Search-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate')
+`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificatePolicy','Get-InfisicalCertificate','Search-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate')
 foreach (`$expected in `$expectedCmds) {
    if (-not (Get-Command -Name `$expected -Module PSInfisicalAPI -ErrorAction SilentlyContinue)) {
        throw "Cmdlet not found: `$expected"
@@ -0,0 +1,54 @@
 using System;
 using System.Management.Automation;
 using PSInfisicalAPI.Connections;
 using PSInfisicalAPI.Models;
 using PSInfisicalAPI.Pki;
 namespace PSInfisicalAPI.Cmdlets
 {
    [Cmdlet(VerbsCommon.Get, "InfisicalCertificatePolicy", DefaultParameterSetName = "List")]
    [OutputType(typeof(InfisicalCertificatePolicy))]
    public sealed class GetInfisicalCertificatePolicyCmdlet : InfisicalCmdletBase
    {
        [Parameter(ParameterSetName = "ById", Mandatory = true, Position = 0, ValueFromPipelineByPropertyName = true)]
        [Alias("Id", "CertificatePolicyId")]
        public string PolicyId { get; set; }
        [Parameter] public string ProjectId { get; set; }
        [Parameter(ParameterSetName = "List")] public int? Limit { get; set; }
        [Parameter(ParameterSetName = "List")] public int? Offset { get; set; }
        protected override void ProcessRecord()
        {
            try
            {
                InfisicalConnection connection = InfisicalSessionManager.RequireCurrent();
                InfisicalPkiClient client = new InfisicalPkiClient(HttpClient, Logger);
                string resolvedProjectId = ResolveProjectId(connection, ProjectId);
                if (string.Equals(ParameterSetName, "ById", StringComparison.Ordinal))
                {
                    InfisicalCertificatePolicy policy = client.GetCertificatePolicy(connection, PolicyId, resolvedProjectId);
                    if (policy != null)
                    {
                        WriteObject(policy);
                    }
                    return;
                }
                InfisicalCertificatePolicy[] all = client.ListCertificatePolicies(connection, resolvedProjectId, Limit, Offset);
                foreach (InfisicalCertificatePolicy policy in all)
                {
                    WriteObject(policy);
                }
            }
            catch (Exception exception)
            {
                ThrowTerminatingForException("GetInfisicalCertificatePolicyCmdlet", "GetCertificatePolicy", exception);
            }
        }
    }
 }
@@ -57,5 +57,8 @@ namespace PSInfisicalAPI.Endpoints
        public const string ListCertificateProfiles = "ListCertificateProfiles";
        public const string GetCertificateProfile = "GetCertificateProfile";
        public const string ListCertificatePolicies = "ListCertificatePolicies";
        public const string GetCertificatePolicy = "GetCertificatePolicy";
    }
 }
@@ -662,6 +662,26 @@ namespace PSInfisicalAPI.Endpoints
                Template = "/api/v1/cert-manager/certificate-profiles/{certificateProfileId}",
                RequiresAuthorization = true
            });
            Add(map, new InfisicalEndpointDefinition
            {
                Name = InfisicalEndpointNames.ListCertificatePolicies,
                Resource = "Pki",
                Version = "v1",
                Method = "GET",
                Template = "/api/v1/cert-manager/certificate-policies",
                RequiresAuthorization = true
            });
            Add(map, new InfisicalEndpointDefinition
            {
                Name = InfisicalEndpointNames.GetCertificatePolicy,
                Resource = "Pki",
                Version = "v1",
                Method = "GET",
                Template = "/api/v1/cert-manager/certificate-policies/{certificatePolicyId}",
                RequiresAuthorization = true
            });
        }
        public static InfisicalEndpointDefinition Get(string name)
@@ -0,0 +1,50 @@
 using System;
 namespace PSInfisicalAPI.Models
 {
    public sealed class InfisicalCertificatePolicy
    {
        public string Id { get; set; }
        public string ProjectId { get; set; }
        public string Name { get; set; }
        public string Description { get; set; }
        public InfisicalCertificatePolicySubject Subject { get; set; }
        public InfisicalCertificatePolicySan[] Sans { get; set; }
        public InfisicalCertificatePolicyUsages KeyUsages { get; set; }
        public InfisicalCertificatePolicyUsages ExtendedKeyUsages { get; set; }
        public InfisicalCertificatePolicyAlgorithms Algorithms { get; set; }
        public InfisicalCertificatePolicyValidity Validity { get; set; }
        public DateTimeOffset? CreatedAtUtc { get; set; }
        public DateTimeOffset? UpdatedAtUtc { get; set; }
    }
    public sealed class InfisicalCertificatePolicySubject
    {
        public string Type { get; set; }
        public string[] Allowed { get; set; }
    }
    public sealed class InfisicalCertificatePolicySan
    {
        public string Type { get; set; }
        public string[] Allowed { get; set; }
        public string[] Required { get; set; }
    }
    public sealed class InfisicalCertificatePolicyUsages
    {
        public string[] Allowed { get; set; }
        public string[] Required { get; set; }
    }
    public sealed class InfisicalCertificatePolicyAlgorithms
    {
        public string Signature { get; set; }
        public string[] KeyAlgorithms { get; set; }
    }
    public sealed class InfisicalCertificatePolicyValidity
    {
        public string Max { get; set; }
    }
 }
@@ -0,0 +1,58 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 namespace PSInfisicalAPI.Pki
 {
    internal sealed class InfisicalCertificatePolicyResponseDto
    {
        [JsonProperty("id")] public string Id { get; set; }
        [JsonProperty("projectId")] public string ProjectId { get; set; }
        [JsonProperty("name")] public string Name { get; set; }
        [JsonProperty("description")] public string Description { get; set; }
        [JsonProperty("subject")] public InfisicalCertificatePolicySubjectDto Subject { get; set; }
        [JsonProperty("sans")] public JToken SansRaw { get; set; }
        [JsonProperty("keyUsages")] public InfisicalCertificatePolicyUsagesDto KeyUsages { get; set; }
        [JsonProperty("extendedKeyUsages")] public InfisicalCertificatePolicyUsagesDto ExtendedKeyUsages { get; set; }
        [JsonProperty("algorithms")] public InfisicalCertificatePolicyAlgorithmsDto Algorithms { get; set; }
        [JsonProperty("validity")] public InfisicalCertificatePolicyValidityDto Validity { get; set; }
        [JsonProperty("createdAt")] public string CreatedAt { get; set; }
        [JsonProperty("updatedAt")] public string UpdatedAt { get; set; }
    }
    internal sealed class InfisicalCertificatePolicySubjectDto
    {
        [JsonProperty("type")] public string Type { get; set; }
        [JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
    }
    internal sealed class InfisicalCertificatePolicySanDto
    {
        [JsonProperty("type")] public string Type { get; set; }
        [JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
        [JsonProperty("required")] public JToken RequiredRaw { get; set; }
    }
    internal sealed class InfisicalCertificatePolicyUsagesDto
    {
        [JsonProperty("allowed")] public JToken AllowedRaw { get; set; }
        [JsonProperty("required")] public JToken RequiredRaw { get; set; }
    }
    internal sealed class InfisicalCertificatePolicyAlgorithmsDto
    {
        [JsonProperty("signature")] public string Signature { get; set; }
        [JsonProperty("keyAlgorithm")] public JToken KeyAlgorithmRaw { get; set; }
    }
    internal sealed class InfisicalCertificatePolicyValidityDto
    {
        [JsonProperty("max")] public string Max { get; set; }
    }
    internal sealed class InfisicalCertificatePolicyListResponseDto
    {
        [JsonProperty("certificatePolicies")] public List<InfisicalCertificatePolicyResponseDto> CertificatePolicies { get; set; }
        [JsonProperty("totalCount")] public int? TotalCount { get; set; }
    }
 }
@@ -0,0 +1,138 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
 using Newtonsoft.Json.Linq;
 using PSInfisicalAPI.Models;
 namespace PSInfisicalAPI.Pki
 {
    internal static class InfisicalCertificatePolicyMapper
    {
        public static InfisicalCertificatePolicy Map(InfisicalCertificatePolicyResponseDto dto, string fallbackProjectId)
        {
            if (dto == null)
            {
                return null;
            }
            return new InfisicalCertificatePolicy
            {
                Id = dto.Id,
                ProjectId = !string.IsNullOrEmpty(dto.ProjectId) ? dto.ProjectId : fallbackProjectId,
                Name = dto.Name,
                Description = dto.Description,
                Subject = MapSubject(dto.Subject),
                Sans = MapSans(dto.SansRaw),
                KeyUsages = MapUsages(dto.KeyUsages),
                ExtendedKeyUsages = MapUsages(dto.ExtendedKeyUsages),
                Algorithms = MapAlgorithms(dto.Algorithms),
                Validity = MapValidity(dto.Validity),
                CreatedAtUtc = ParseTimestamp(dto.CreatedAt),
                UpdatedAtUtc = ParseTimestamp(dto.UpdatedAt)
            };
        }
        public static InfisicalCertificatePolicy[] MapMany(IEnumerable<InfisicalCertificatePolicyResponseDto> items, string fallbackProjectId)
        {
            if (items == null)
            {
                return Array.Empty<InfisicalCertificatePolicy>();
            }
            List<InfisicalCertificatePolicy> results = new List<InfisicalCertificatePolicy>();
            foreach (InfisicalCertificatePolicyResponseDto dto in items)
            {
                InfisicalCertificatePolicy mapped = Map(dto, fallbackProjectId);
                if (mapped != null)
                {
                    results.Add(mapped);
                }
            }
            return results.ToArray();
        }
        private static InfisicalCertificatePolicySubject MapSubject(InfisicalCertificatePolicySubjectDto dto)
        {
            if (dto == null) { return null; }
            return new InfisicalCertificatePolicySubject
            {
                Type = dto.Type,
                Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw)
            };
        }
        private static InfisicalCertificatePolicySan[] MapSans(JToken token)
        {
            if (token == null || token.Type == JTokenType.Null) { return null; }
            List<InfisicalCertificatePolicySan> results = new List<InfisicalCertificatePolicySan>();
            if (token.Type == JTokenType.Array)
            {
                foreach (JToken child in (JArray)token)
                {
                    InfisicalCertificatePolicySan mapped = MapSanObject(child);
                    if (mapped != null) { results.Add(mapped); }
                }
            }
            else if (token.Type == JTokenType.Object)
            {
                InfisicalCertificatePolicySan mapped = MapSanObject(token);
                if (mapped != null) { results.Add(mapped); }
            }
            return results.Count > 0 ? results.ToArray() : null;
        }
        private static InfisicalCertificatePolicySan MapSanObject(JToken token)
        {
            if (token == null || token.Type != JTokenType.Object) { return null; }
            InfisicalCertificatePolicySanDto dto = token.ToObject<InfisicalCertificatePolicySanDto>();
            if (dto == null) { return null; }
            return new InfisicalCertificatePolicySan
            {
                Type = dto.Type,
                Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw),
                Required = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.RequiredRaw)
            };
        }
        private static InfisicalCertificatePolicyUsages MapUsages(InfisicalCertificatePolicyUsagesDto dto)
        {
            if (dto == null) { return null; }
            return new InfisicalCertificatePolicyUsages
            {
                Allowed = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.AllowedRaw),
                Required = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.RequiredRaw)
            };
        }
        private static InfisicalCertificatePolicyAlgorithms MapAlgorithms(InfisicalCertificatePolicyAlgorithmsDto dto)
        {
            if (dto == null) { return null; }
            return new InfisicalCertificatePolicyAlgorithms
            {
                Signature = dto.Signature,
                KeyAlgorithms = InfisicalCertificateProfileMapper.FlattenStringOrStringArray(dto.KeyAlgorithmRaw)
            };
        }
        private static InfisicalCertificatePolicyValidity MapValidity(InfisicalCertificatePolicyValidityDto dto)
        {
            if (dto == null) { return null; }
            return new InfisicalCertificatePolicyValidity { Max = dto.Max };
        }
        private static DateTimeOffset? ParseTimestamp(string value)
        {
            if (string.IsNullOrEmpty(value)) { return null; }
            DateTimeOffset parsed;
            if (DateTimeOffset.TryParse(value, CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal, out parsed))
            {
                return parsed;
            }
            return null;
        }
    }
 }
@@ -427,6 +427,94 @@ namespace PSInfisicalAPI.Pki
            return obj.ToObject<InfisicalCertificateProfileResponseDto>();
        }
        public InfisicalCertificatePolicy[] ListCertificatePolicies(InfisicalConnection connection, string projectId, int? limit, int? offset)
        {
            if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
            string resolvedProjectId = FirstNonEmpty(projectId, connection.ProjectId);
            if (string.IsNullOrEmpty(resolvedProjectId)) { throw new InfisicalConfigurationException("ProjectId is required."); }
            List<KeyValuePair<string, string>> query = new List<KeyValuePair<string, string>>
            {
                new KeyValuePair<string, string>("projectId", resolvedProjectId)
            };
            if (limit.HasValue) { query.Add(new KeyValuePair<string, string>("limit", limit.Value.ToString(CultureInfo.InvariantCulture))); }
            if (offset.HasValue) { query.Add(new KeyValuePair<string, string>("offset", offset.Value.ToString(CultureInfo.InvariantCulture))); }
            try
            {
                _logger.Information(Component, "Attempting to list Infisical certificate policies. Please Wait...");
                InfisicalHttpResponse response = _invoker.InvokeWithCandidateFallback(connection, InfisicalEndpointNames.ListCertificatePolicies, "ListCertificatePolicies", null, query, null);
                string body = response.Body;
                response.Clear();
                List<InfisicalCertificatePolicyResponseDto> source = ParseCertificatePolicyListBody(body);
                InfisicalCertificatePolicy[] mapped = InfisicalCertificatePolicyMapper.MapMany(source, resolvedProjectId);
                _logger.Information(Component, "Infisical certificate policy list retrieval was successful.");
                return mapped;
            }
            catch (Exception)
            {
                _logger.Error(Component, "Infisical certificate policy list retrieval failed.");
                throw;
            }
        }
        public InfisicalCertificatePolicy GetCertificatePolicy(InfisicalConnection connection, string certificatePolicyId, string projectId)
        {
            if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
            if (string.IsNullOrEmpty(certificatePolicyId)) { throw new InfisicalConfigurationException("CertificatePolicyId is required."); }
            Dictionary<string, string> pathParameters = new Dictionary<string, string> { { "certificatePolicyId", certificatePolicyId } };
            List<KeyValuePair<string, string>> query = null;
            if (!string.IsNullOrEmpty(projectId))
            {
                query = new List<KeyValuePair<string, string>> { new KeyValuePair<string, string>("projectId", projectId) };
            }
            try
            {
                _logger.Information(Component, string.Concat("Attempting to retrieve Infisical certificate policy '", certificatePolicyId, "'. Please Wait..."));
                InfisicalHttpResponse response = _invoker.InvokeWithCandidateFallback(connection, InfisicalEndpointNames.GetCertificatePolicy, "GetCertificatePolicy", pathParameters, query, null);
                string body = response.Body;
                response.Clear();
                InfisicalCertificatePolicyResponseDto inner = ParseCertificatePolicySingleBody(body);
                string fallbackProjectId = !string.IsNullOrEmpty(projectId) ? projectId : connection.ProjectId;
                InfisicalCertificatePolicy mapped = InfisicalCertificatePolicyMapper.Map(inner, fallbackProjectId);
                _logger.Information(Component, "Infisical certificate policy retrieval was successful.");
                return mapped;
            }
            catch (Exception)
            {
                _logger.Error(Component, "Infisical certificate policy retrieval failed.");
                throw;
            }
        }
        private List<InfisicalCertificatePolicyResponseDto> ParseCertificatePolicyListBody(string body)
        {
            if (string.IsNullOrEmpty(body)) { return null; }
            JToken token = JToken.Parse(body);
            if (token.Type == JTokenType.Array)
            {
                return token.ToObject<List<InfisicalCertificatePolicyResponseDto>>();
            }
            InfisicalCertificatePolicyListResponseDto wrapper = token.ToObject<InfisicalCertificatePolicyListResponseDto>();
            return wrapper != null ? wrapper.CertificatePolicies : null;
        }
        private InfisicalCertificatePolicyResponseDto ParseCertificatePolicySingleBody(string body)
        {
            if (string.IsNullOrEmpty(body)) { return null; }
            JToken token = JToken.Parse(body);
            if (token.Type != JTokenType.Object) { return null; }
            JObject obj = (JObject)token;
            if (obj["certificatePolicy"] is JObject inner) { return inner.ToObject<InfisicalCertificatePolicyResponseDto>(); }
            return obj.ToObject<InfisicalCertificatePolicyResponseDto>();
        }
        public InfisicalCertificateBundle GetCertificateBundle(InfisicalConnection connection, string serialNumber)
        {
            if (connection == null) { throw new ArgumentNullException(nameof(connection)); }