diff --git a/README.md b/README.md
index ff91ab1..d15656d 100644
--- a/README.md
+++ b/README.md
@@ -406,9 +406,9 @@ sequenceDiagram
participant API as CERTInext API
GW->>Plugin: Load CA connector configuration
- Plugin->>Plugin: Validate required fields\n(API URL, account number, credentials)
- Plugin->>Plugin: Initialize API client\nwith configured auth mode
- Plugin->>Plugin: Record which credential fields are populated\n(values are never logged)
+ Plugin->>Plugin: Validate required fields
(API URL, account number, credentials)
+ Plugin->>Plugin: Initialize API client
with configured auth mode
+ Plugin->>Plugin: Record which credential fields are populated
(values are never logged)
GW->>Plugin: Test connection
Plugin->>API: Verify credentials
API-->>Plugin: Credentials accepted
@@ -427,11 +427,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Start synchronization\n(full refresh or incremental since last sync)
- Plugin->>Plugin: Determine date filter\n(none for full sync, last sync date for incremental)
+ CMD->>Plugin: Start synchronization
(full refresh or incremental since last sync)
+ Plugin->>Plugin: Determine date filter
(none for full sync, last sync date for incremental)
loop Retrieve one page at a time
- Plugin->>API: Request next page of orders\n(filtered by date if incremental)
+ Plugin->>API: Request next page of orders
(filtered by date if incremental)
API-->>Plugin: Page of order records
loop For each order on the page
@@ -467,11 +467,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Request new certificate\n(CSR, subject, SANs, product code, requester details)
+ CMD->>Plugin: Request new certificate
(CSR, subject, SANs, product code, requester details)
Plugin->>Plugin: Validate product code is present
- Plugin->>Plugin: Record enrollment intent in audit log\n(subject, SANs, product, requester — before any API call)
+ Plugin->>Plugin: Record enrollment intent in audit log
(subject, SANs, product, requester — before any API call)
- Plugin->>API: Place certificate order\n(CSR, domain, organization details,\nsubscriber agreement, requestor info)
+ Plugin->>API: Place certificate order
(CSR, domain, organization details,
subscriber agreement, requestor info)
API-->>Plugin: Order accepted — order number assigned
Plugin->>API: Check order status
@@ -480,12 +480,12 @@ sequenceDiagram
alt Certificate issued immediately
Plugin-->>CMD: Certificate ready — PEM returned
else Certificate pending approval
- Plugin-->>CMD: Pending — Command will pick it up\nduring the next synchronization
+ Plugin-->>CMD: Pending — Command will pick it up
during the next synchronization
else Order rejected by CERTInext
Plugin-->>CMD: Enrollment failed — see gateway logs
end
- Plugin->>Plugin: Record enrollment outcome in audit log\n(order number, serial number, status)
+ Plugin->>Plugin: Record enrollment outcome in audit log
(order number, serial number, status)
```
### Renewal
@@ -496,15 +496,15 @@ When Command initiates a renewal, the plugin checks whether the existing certifi
```mermaid
flowchart TD
- A([Renewal requested]) --> B{Prior certificate\nserial number\nprovided?}
+ A([Renewal requested]) --> B{"Prior certificate
serial number
provided?"}
B -- No --> C[Issue new certificate]
- B -- Yes --> D[Look up prior order\nin Command database]
- D --> E{Prior order\nfound?}
+ B -- Yes --> D["Look up prior order
in Command database"]
+ D --> E{"Prior order
found?"}
E -- No --> C
- E -- Yes --> F[Check certificate\nexpiry date]
- F --> G{Within renewal\nwindow?}
- G -- Yes\nwithin window --> H[Submit new order\nlinked to prior record]
- G -- No\noutside window --> C
+ E -- Yes --> F["Check certificate
expiry date"]
+ F --> G{"Within renewal
window?"}
+ G -- Yes, within window --> H["Submit new order
linked to prior record"]
+ G -- No, outside window --> C
H --> I([Certificate issued or pending])
C --> I
```
@@ -521,8 +521,8 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Revoke certificate\n(order number, serial number, reason code)
- Plugin->>Plugin: Record revocation intent in audit log\n(order number, serial, reason — before any API call)
+ CMD->>Plugin: Revoke certificate
(order number, serial number, reason code)
+ Plugin->>Plugin: Record revocation intent in audit log
(order number, serial, reason — before any API call)
Plugin->>API: Retrieve current certificate status
API-->>Plugin: Current status and details
@@ -534,17 +534,17 @@ sequenceDiagram
Plugin->>Plugin: Log error — cannot revoke
Plugin-->>CMD: Error — certificate is not revocable
else Certificate is issued and active
- Plugin->>API: Submit revocation request\n(order number, reason, remarks)
+ Plugin->>API: Submit revocation request
(order number, reason, remarks)
API-->>Plugin: Revocation confirmed
- Plugin->>Plugin: Record revocation outcome in audit log\n(order number, serial, subject, reason)
+ Plugin->>Plugin: Record revocation outcome in audit log
(order number, serial, subject, reason)
Plugin-->>CMD: Certificate revoked
end
```
**Idempotency:** If Command retries a revocation request (for example, after a timeout), the plugin detects that the certificate is already revoked and returns success without submitting a duplicate request to CERTInext.
-**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails, satisfying SOX audit requirements.
+**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails.
---
@@ -554,14 +554,14 @@ When an administrator saves or edits a CERTInext CA connector in the Keyfactor C
```mermaid
flowchart TD
- A([Save connector configuration]) --> B{Connector\nmarked as disabled?}
- B -- Yes --> C([Saved without validation\nConnector will not process requests])
- B -- No --> D{Required fields\npresent and valid?\nAPI URL · Account Number · Credentials}
+ A([Save connector configuration]) --> B{"Connector
marked as disabled?"}
+ B -- Yes --> C(["Saved without validation
Connector will not process requests"])
+ B -- No --> D{"Required fields
present and valid?
API URL · Account Number · Credentials"}
D -- Missing or invalid --> E([Validation error shown to administrator])
- D -- Valid --> F[Build temporary API client\nfrom supplied settings]
- F --> G[Send test request\nto CERTInext]
- G --> H{API accepted\nthe credentials?}
- H -- No --> I([Connection test failed\nCheck credentials and API URL])
+ D -- Valid --> F["Build temporary API client
from supplied settings"]
+ F --> G[Send test request to CERTInext]
+ G --> H{"API accepted
the credentials?"}
+ H -- No --> I(["Connection test failed
Check credentials and API URL"])
H -- Yes --> J([Connector saved and active])
```
diff --git a/docsource/architecture.md b/docsource/architecture.md
index 93ac459..f051475 100644
--- a/docsource/architecture.md
+++ b/docsource/architecture.md
@@ -66,9 +66,9 @@ sequenceDiagram
participant API as CERTInext API
GW->>Plugin: Load CA connector configuration
- Plugin->>Plugin: Validate required fields\n(API URL, account number, credentials)
- Plugin->>Plugin: Initialize API client\nwith configured auth mode
- Plugin->>Plugin: Record which credential fields are populated\n(values are never logged)
+ Plugin->>Plugin: Validate required fields
(API URL, account number, credentials)
+ Plugin->>Plugin: Initialize API client
with configured auth mode
+ Plugin->>Plugin: Record which credential fields are populated
(values are never logged)
GW->>Plugin: Test connection
Plugin->>API: Verify credentials
API-->>Plugin: Credentials accepted
@@ -87,11 +87,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Start synchronization\n(full refresh or incremental since last sync)
- Plugin->>Plugin: Determine date filter\n(none for full sync, last sync date for incremental)
+ CMD->>Plugin: Start synchronization
(full refresh or incremental since last sync)
+ Plugin->>Plugin: Determine date filter
(none for full sync, last sync date for incremental)
loop Retrieve one page at a time
- Plugin->>API: Request next page of orders\n(filtered by date if incremental)
+ Plugin->>API: Request next page of orders
(filtered by date if incremental)
API-->>Plugin: Page of order records
loop For each order on the page
@@ -127,11 +127,11 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Request new certificate\n(CSR, subject, SANs, product code, requester details)
+ CMD->>Plugin: Request new certificate
(CSR, subject, SANs, product code, requester details)
Plugin->>Plugin: Validate product code is present
- Plugin->>Plugin: Record enrollment intent in audit log\n(subject, SANs, product, requester — before any API call)
+ Plugin->>Plugin: Record enrollment intent in audit log
(subject, SANs, product, requester — before any API call)
- Plugin->>API: Place certificate order\n(CSR, domain, organization details,\nsubscriber agreement, requestor info)
+ Plugin->>API: Place certificate order
(CSR, domain, organization details,
subscriber agreement, requestor info)
API-->>Plugin: Order accepted — order number assigned
Plugin->>API: Check order status
@@ -140,12 +140,12 @@ sequenceDiagram
alt Certificate issued immediately
Plugin-->>CMD: Certificate ready — PEM returned
else Certificate pending approval
- Plugin-->>CMD: Pending — Command will pick it up\nduring the next synchronization
+ Plugin-->>CMD: Pending — Command will pick it up
during the next synchronization
else Order rejected by CERTInext
Plugin-->>CMD: Enrollment failed — see gateway logs
end
- Plugin->>Plugin: Record enrollment outcome in audit log\n(order number, serial number, status)
+ Plugin->>Plugin: Record enrollment outcome in audit log
(order number, serial number, status)
```
### Renewal
@@ -156,15 +156,15 @@ When Command initiates a renewal, the plugin checks whether the existing certifi
```mermaid
flowchart TD
- A([Renewal requested]) --> B{Prior certificate\nserial number\nprovided?}
+ A([Renewal requested]) --> B{"Prior certificate
serial number
provided?"}
B -- No --> C[Issue new certificate]
- B -- Yes --> D[Look up prior order\nin Command database]
- D --> E{Prior order\nfound?}
+ B -- Yes --> D["Look up prior order
in Command database"]
+ D --> E{"Prior order
found?"}
E -- No --> C
- E -- Yes --> F[Check certificate\nexpiry date]
- F --> G{Within renewal\nwindow?}
- G -- Yes\nwithin window --> H[Submit new order\nlinked to prior record]
- G -- No\noutside window --> C
+ E -- Yes --> F["Check certificate
expiry date"]
+ F --> G{"Within renewal
window?"}
+ G -- Yes, within window --> H["Submit new order
linked to prior record"]
+ G -- No, outside window --> C
H --> I([Certificate issued or pending])
C --> I
```
@@ -181,8 +181,8 @@ sequenceDiagram
participant Plugin as CERTInext Plugin
participant API as CERTInext API
- CMD->>Plugin: Revoke certificate\n(order number, serial number, reason code)
- Plugin->>Plugin: Record revocation intent in audit log\n(order number, serial, reason — before any API call)
+ CMD->>Plugin: Revoke certificate
(order number, serial number, reason code)
+ Plugin->>Plugin: Record revocation intent in audit log
(order number, serial, reason — before any API call)
Plugin->>API: Retrieve current certificate status
API-->>Plugin: Current status and details
@@ -194,17 +194,17 @@ sequenceDiagram
Plugin->>Plugin: Log error — cannot revoke
Plugin-->>CMD: Error — certificate is not revocable
else Certificate is issued and active
- Plugin->>API: Submit revocation request\n(order number, reason, remarks)
+ Plugin->>API: Submit revocation request
(order number, reason, remarks)
API-->>Plugin: Revocation confirmed
- Plugin->>Plugin: Record revocation outcome in audit log\n(order number, serial, subject, reason)
+ Plugin->>Plugin: Record revocation outcome in audit log
(order number, serial, subject, reason)
Plugin-->>CMD: Certificate revoked
end
```
**Idempotency:** If Command retries a revocation request (for example, after a timeout), the plugin detects that the certificate is already revoked and returns success without submitting a duplicate request to CERTInext.
-**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails, satisfying SOX audit requirements.
+**Audit trail:** The revocation intent is written to the gateway log *before* the API call is made. This ensures that the intent is captured even if the API call subsequently fails.
---
@@ -214,14 +214,14 @@ When an administrator saves or edits a CERTInext CA connector in the Keyfactor C
```mermaid
flowchart TD
- A([Save connector configuration]) --> B{Connector\nmarked as disabled?}
- B -- Yes --> C([Saved without validation\nConnector will not process requests])
- B -- No --> D{Required fields\npresent and valid?\nAPI URL · Account Number · Credentials}
+ A([Save connector configuration]) --> B{"Connector
marked as disabled?"}
+ B -- Yes --> C(["Saved without validation
Connector will not process requests"])
+ B -- No --> D{"Required fields
present and valid?
API URL · Account Number · Credentials"}
D -- Missing or invalid --> E([Validation error shown to administrator])
- D -- Valid --> F[Build temporary API client\nfrom supplied settings]
- F --> G[Send test request\nto CERTInext]
- G --> H{API accepted\nthe credentials?}
- H -- No --> I([Connection test failed\nCheck credentials and API URL])
+ D -- Valid --> F["Build temporary API client
from supplied settings"]
+ F --> G[Send test request to CERTInext]
+ G --> H{"API accepted
the credentials?"}
+ H -- No --> I(["Connection test failed
Check credentials and API URL"])
H -- Yes --> J([Connector saved and active])
```