Initial Sectigo implementation containing sectigo-get-cert and sectigo-help commands

docs/cli_usage.adoc

@@ -108,6 +108,15 @@ Same command with SAT authentication:
 ./certifierUtil print-cert -k <pkcs12-file-path> -p <password>
 ----
 
+*Fetch Sectigo Certificate*
+
+The certificate can be downloaded through the certificate ID returned as a result of running the command.
+
+----
+./certifierUtil sectigo-get-cert -C <common-name> -I <ID> -e [fte/associate/contractor] -s <server-platform> -N <sensitive> -r <project-name> -b <business-justification> -A <subject-alt-names> -x <ip-addresses> -G <group-name> -E <group-email> -O <owner-fname> -J <owner-lname> 
+-Z <owner-email> -U <owner-phonenum> -T <cert-type> -K <auth-token> -u <url> -l <config> -W <tracking-id> -Y <source>
+----
+
 == *certifierUtil commands*
 
 |===
@@ -136,6 +145,12 @@ Same command with SAT authentication:
 
 | revoke
 | Revoke Certificate
+
+|sectigo-get-cert
+|Requests Certificate from Sectigo
+
+|sectigo-help
+|Provides information on implemented Sectigo commands
 |===
 
 == *certifierUtil get-cert options*
@@ -497,6 +512,139 @@ Disabled by default - Only error messages are shown.
 
 |===
 
+== *certifierUtil sectigo-get-cert options*
+
+|===
+| *Long Option* | *Short Option* | *Examples* | *Description*
+
+| help
+| h
+| --help +
+-h
+| Display this summary
+
+| common-name
+| C
+| --common-name <value> +
+-C <value>
+| Certificate common name
+
+| id
+| I
+| --id <value> +
+-I <value>
+| User or device ID
+
+| employee-type
+| e
+| --employee-type <value> +
+-e <value>
+| Employee type
+
+| server-platform
+| s
+| --server-platform <value> +
+-s <value>
+| Server platform
+
+| sensitive
+| N
+| --sensitive +
+-N
+| Mark as sensitive
+
+| project-name
+| r
+| --project-name <value> +
+-r <value>
+| Project name
+
+| business-justification
+| b
+| --business-justification <value> +
+-b <value>
+| Business justification
+
+| subject-alt-names
+| A
+| --subject-alt-names <value> +
+-A <value>
+| Subject alternative names (CSV)
+
+| ip-addresses
+| x
+| --ip-addresses <value> +
+-x <value>
+| IP addresses (CSV)
+
+| group-name
+| G
+| --group-name <value> +
+-G <value>
+| Group name
+
+| group-email
+| E
+| --group-email <value> +
+-E <value>
+| Group email
+
+| owner-fname
+| O
+| --owner-fname <value> +
+-O <value>
+| Owner first name
+
+| owner-lname
+| J
+| --owner-lname <value> +
+-J <value>
+| Owner last name
+
+| owner-email
+| Z
+| --owner-email <value> +
+-Z <value>
+| Owner email
+
+| owner-phonenum
+| U
+| --owner-phonenum <value> +
+-U <value>
+| Owner phone number
+
+| cert-type
+| T
+| --cert-type <value> +
+-T <value>
+| Certificate type
+
+| auth-token
+| K
+| --auth-token <value> +
+-K <value>
+| Sectigo API auth token
+
+| url
+| u
+| --url <value> +
+-u <value>
+| Sectigo API URL
+
+| config
+| l
+| --config <file> +
+-l <file>
+| Path to config file
+
+| tracking-id
+| W
+| --tracking-id <value> +
+-W <value>
+| Tracking ID
+
+|===
+
 *Configuration File*
 
 Configuration File is a file used to specify internal certifier util parameters such as timeouts, ecc curve types and other miscellaneous items. This file follows the JSON Format and can be manually editted from the `libcertifier.cfg.sample` template file present in the root directory.
@@ -611,4 +759,89 @@ Note: 64-bit hex integer expected as input.
 | Mark request for a lite certificate. +
 Note: value type = `bool`
 
+| libcertifier.sectigo.certifier.url
+| "https://certs.xpki.io/api/createCertificate"
+| Sectigo API endpoint URL
+
+| libcertifier.sectigo.auth.token
+| ""
+| Sectigo API authentication token
+
+| libcertifier.sectigo.common.name
+| "example.com"
+| Certificate common name (CN)
+
+| libcertifier.sectigo.group.name
+| "Example Group"
+| Group name for the certificate request
+
+| libcertifier.sectigo.group.email
+| "group@example.com"
+| Group email for notifications
+
+| libcertifier.sectigo.id
+| "user123"
+| User or device ID
+
+| libcertifier.sectigo.owner.fname
+| "First"
+| Owner's first name
+
+| libcertifier.sectigo.owner.lname
+| "Last"
+| Owner's last name
+
+| libcertifier.sectigo.employee.type
+| "associate"
+| Employee type (e.g., associate, employee, contractor)
+
+| libcertifier.sectigo.server.platform
+| "Other"
+| Server platform name. +
+Note: Use any of the following options: Tomcat, Redhat Linux, Microsoft IIS 5.x and later, Apache/MODSSL, IBM HTTP server, Java Web Server (Javasoft/SUN), Oracle, SAP Web Application Server, Citrix, Other
+
+| libcertifier.sectigo.sensitive
+| false
+| Mark certificate as sensitive. +
+Note: value type = `bool`
+
+| libcertifier.sectigo.project.name
+| "ExampleProject"
+| Project name
+
+| libcertifier.sectigo.business.justification
+| "Testing"
+| Business justification for the request
+
+| libcertifier.sectigo.subject.alt.names
+| []
+| Subject alternative names. +
+Note: value type = `array of strings`  Pass empty array if you don't have.
+
+| libcertifier.sectigo.ip.addresses
+| []
+| IP addresses. +
+Note: value type = `array of strings`  Pass empty array if you don't have.
+
+| libcertifier.sectigo.cert.type
+| "comodo"
+| Certificate type. +
+Note: Always pass comodo for internet-facing apps
+
+| libcertifier.sectigo.owner.phonenum
+| "1234567890"
+| Owner's phone number
+
+| libcertifier.sectigo.owner.email
+| "owner@example.com"
+| Owner's email address
+
+| libcertifier.sectigo.tracking.id
+| "1234"
+| Tracking ID for the request
+
+| libcertifier.sectigo.source
+| "libcertifier"
+| Source identifier for the request
+
 |===

docs/configuration.adoc

@@ -25,6 +25,26 @@ xref:libcertifier.adoc[*Back to Manual*]
 | libcertifier.tls.insecure.host   | 0 |  
 | libcertifier.tls.insecure.peer   | 0 |  
 | libcertifier.ext.key.usage   | clientAuth,serverAuth | (See notes below) 
+| libcertifier.sectigo.certifier.url   | https://certs.xpki.io/api/createCertificate |
+| libcertifier.sectigo.auth.token   | |
+| libcertifier.sectigo.common.name   | example.com |
+| libcertifier.sectigo.group.name   | ExampleGroup |
+| libcertifier.sectigo.group.email   | group@example.com |
+| libcertifier.sectigo.id   | user123 |
+| libcertifier.sectigo.owner.fname   | First |
+| libcertifier.sectigo.owner.lname   | Last |
+| libcertifier.sectigo.employee.type | associate |
+| libcertifier.sectigo.server.platform   | Other |
+| libcertifier.sectigo.sensitive   | false |
+| libcertifier.sectigo.project.name   | ExampleProject |
+| libcertifier.sectigo.business.justification   | Testing |
+| libcertifier.sectigo.subject.alt.names   | [] |
+| libcertifier.sectigo.ip.addresses   | [] |
+| libcertifier.sectigo.cert.type   | comodo |
+| libcertifier.sectigo.owner.phonenum   | 1234567890 |
+| libcertifier.sectigo.owner.email   | owner@example.com |
+| libcertifier.sectigo.tracking.id   | 1234 |
+| libcertifier.sectigo.source   | libcertifier |
 |=======
 
 == Extended Key Usage values:

include/certifier/certifier_api_easy.h

@@ -101,6 +101,9 @@ typedef enum
 
     CERTIFIER_MODE_PRINT_HELP = 65536,
 
+    CERTIFIER_MODE_SECTIGO_GET_CERT,
+
+    CERTIFIER_MODE_SECTIGO_PRINT_HELP
     // 131072 is unused
 } CERTIFIER_MODE;
 

include/certifier/property.h

@@ -202,6 +202,27 @@ typedef enum CERTIFIER_OPT
      */
     CERTIFIER_OPT_MTLS_P12_PATH,
     CERTIFIER_OPT_MTLS_P12_PASSWORD,
+
+    CERTIFIER_OPT_SECTIGO_AUTH_TOKEN,
+    CERTIFIER_OPT_SECTIGO_COMMON_NAME,
+    CERTIFIER_OPT_SECTIGO_GROUP_NAME,
+    CERTIFIER_OPT_SECTIGO_GROUP_EMAIL,
+    CERTIFIER_OPT_SECTIGO_ID,
+    CERTIFIER_OPT_SECTIGO_OWNER_FNAME,
+    CERTIFIER_OPT_SECTIGO_OWNER_LNAME,
+    CERTIFIER_OPT_SECTIGO_EMPLOYEE_TYPE,
+    CERTIFIER_OPT_SECTIGO_SERVER_PLATFORM,
+    CERTIFIER_OPT_SECTIGO_SENSITIVE,
+    CERTIFIER_OPT_SECTIGO_PROJECT_NAME,
+    CERTIFIER_OPT_SECTIGO_BUSINESS_JUSTIFICATION,
+    CERTIFIER_OPT_SECTIGO_SUBJECT_ALT_NAMES,
+    CERTIFIER_OPT_SECTIGO_IP_ADDRESSES,
+    CERTIFIER_OPT_SECTIGO_CERT_TYPE,
+    CERTIFIER_OPT_SECTIGO_OWNER_PHONENUM,
+    CERTIFIER_OPT_SECTIGO_OWNER_EMAIL,
+    CERTIFIER_OPT_SECTIGO_TRACKING_ID,
+    CERTIFIER_OPT_SECTIGO_SOURCE,
+    CERTIFIER_OPT_SECTIGO_CERTIFIER_URL,
 
 } CERTIFIER_OPT;
 

internal_headers/certifier/certifier.h

@@ -21,14 +21,17 @@
 
 #include "certifier/property.h"
 #include "certifier/types.h"
+#include "certifier/error.h"
+#include "certifier/property_internal.h"
+
+#define SMALL_STRING_SIZE 64
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 /* CHUNK is the size of the memory chunk used by the zlib routines. */
 #define CHUNK 10000
-
 #define ALLOWABLE_CHARACTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnpqrstuvwxyz0123456879"
 
 #define CERTIFIER_ERR_INIT_CERTIFIER 1000
@@ -138,7 +141,23 @@ typedef enum
     CERTIFIER_LOG_FATAL
 } CertifierLogPriority;
 
-typedef struct Certifier Certifier;
+typedef struct Map
+{
+    char node_address[SMALL_STRING_SIZE];
+    char * base64_public_key;
+    unsigned char * der_public_key;
+    int der_public_key_len;
+    ECC_KEY * private_ec_key;
+    X509_CERT * x509_cert;
+} Map;
+
+typedef struct Certifier
+{
+    CertifierPropMap * prop_map;
+    Map tmp_map;
+    CertifierError last_error;
+    bool sectigo_mode;
+} Certifier;
 
 Certifier * certifier_new(void);
 
@@ -165,6 +184,8 @@ bool certifier_is_option_set(Certifier * certifier, int name);
  */
 int certifier_load_cfg_file(Certifier * certifier);
 
+int sectigo_load_cfg_file(Certifier * certifier);
+
 char * certifier_get_version(Certifier * certifier);
 
 /**
@@ -250,6 +271,10 @@ void certifier_print_certificate(Certifier * certifier, const char * pem, int pe
 
 void certifier_print_certificate_validity(Certifier * certifier);
 
+CertifierError sectigo_generate_certificate_signing_request(Certifier *certifier, char **out_csr_pem);
+
+CertifierPropMap * certifier_get_prop_map(Certifier * certifier);
+
 #ifdef __cplusplus
 }
 #endif