gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:51:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M43): Sectigo SCM issuer connector

Browse Source 
Implement Sectigo Certificate Manager REST API connector with async
order model (enroll → poll → collect PEM), 3-header auth, DV/OV/EV
support, collect-not-ready (400/-183) graceful handling, and RFC 5280
revocation reason mapping. 20 tests with httptest mock API.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-03 21:01:14 -04:00
parent bad02e6f23
commit 3a11e447cf
12 changed files with 1647 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/server/main.go
+20
View File
@@ -22,6 +22,7 @@ import (
digicertissuer "github.com/shankar0123/certctl/internal/connector/issuer/digicert"
opensslissuer "github.com/shankar0123/certctl/internal/connector/issuer/openssl"
stepcaissuer "github.com/shankar0123/certctl/internal/connector/issuer/stepca"
sectigoissuer "github.com/shankar0123/certctl/internal/connector/issuer/sectigo"
vaultissuer "github.com/shankar0123/certctl/internal/connector/issuer/vault"
notifyemail "github.com/shankar0123/certctl/internal/connector/notifier/email"
notifyopsgenie "github.com/shankar0123/certctl/internal/connector/notifier/opsgenie"
@@ -158,6 +159,19 @@ func main() {
}, logger)
logger.Info("initialized DigiCert CertCentral issuer connector")
// Initialize Sectigo SCM issuer connector (for enterprise public CA).
// Uses the Sectigo SCM REST API with async order model.
sectigoConnector := sectigoissuer.New(&sectigoissuer.Config{
CustomerURI: cfg.Sectigo.CustomerURI,
Login: cfg.Sectigo.Login,
Password: cfg.Sectigo.Password,
OrgID: cfg.Sectigo.OrgID,
CertType: cfg.Sectigo.CertType,
Term: cfg.Sectigo.Term,
BaseURL: cfg.Sectigo.BaseURL,
}, logger)
logger.Info("initialized Sectigo SCM issuer connector")
// Build issuer registry: maps issuer IDs (from database) to connector implementations.
// "iss-local" matches the seed data issuer ID for the Local CA.
// "iss-acme-staging" and "iss-acme-prod" are conventional IDs for ACME issuers.
@@ -183,6 +197,12 @@ func main() {
logger.Info("DigiCert CertCentral issuer registered", "id", "iss-digicert")
}
// Conditionally register Sectigo SCM (only if all 3 auth credentials are set)
if cfg.Sectigo.CustomerURI != "" && cfg.Sectigo.Login != "" && cfg.Sectigo.Password != "" {
issuerRegistry["iss-sectigo"] = service.NewIssuerConnectorAdapter(sectigoConnector)
logger.Info("Sectigo SCM issuer registered", "id", "iss-sectigo")
}
logger.Info("issuer registry configured", "issuers", len(issuerRegistry))
// Initialize revocation repository