Add ability to create Sectigo certificates

docs/cli_usage.adoc

@@ -108,6 +108,15 @@ Same command with SAT authentication:
 ./certifierUtil print-cert -k <pkcs12-file-path> -p <password>
 ----
 
+*Fetch Sectigo Certificate*
+
+The certificate can be downloaded through the certificate ID returned as a result of running the command.
+
+----
+./certifierUtil sectigo-get-cert -C <common-name> -I <ID> -r <project-name> -b <business-justification> -A <subject-alt-names> -G <group-name> -E <group-email> -O <owner-first-name> -J <owner-last-name> 
+-Z <owner-email> -K <auth-token> -u <url> -l <config>
+----
+
 == *certifierUtil commands*
 
 |===
@@ -136,6 +145,12 @@ Same command with SAT authentication:
 
 | revoke
 | Revoke Certificate
+
+|sectigo-get-cert
+|Requests Certificate from Sectigo
+
+|sectigo-help
+|Provides information on implemented Sectigo commands
 |===
 
 == *certifierUtil get-cert options*
@@ -497,6 +512,103 @@ Disabled by default - Only error messages are shown.
 
 |===
 
+== *certifierUtil sectigo-get-cert options*
+
+|===
+| *Long Option* | *Short Option* | *Examples* | *Description*
+
+| help
+| h
+| --help +
+-h
+| Display this summary
+
+| common-name
+| C
+| --common-name <value> +
+-C <value>
+| Certificate common name
+
+| id
+| I
+| --id <value> +
+-I <value>
+| User or device ID
+
+| project-name
+| r
+| --project-name <value> +
+-r <value>
+| Project name
+
+| business-justification
+| b
+| --business-justification <value> +
+-b <value>
+| Business justification
+
+| subject-alt-names
+| A
+| --subject-alt-names <value> +
+-A <value>
+| Subject alternative names (CSV)
+
+| group-name
+| G
+| --group-name <value> +
+-G <value>
+| Group name
+
+| group-email
+| E
+| --group-email <value> +
+-E <value>
+| Group email
+
+| owner-first-name
+| O
+| --owner-first-name <value> +
+-O <value>
+| Owner first name
+
+| owner-last-name
+| J
+| --owner-lname <value> +
+-J <value>
+| Owner last name
+
+| owner-email
+| Z
+| --owner-email <value> +
+-Z <value>
+| Owner email
+
+| cert-type
+| T
+| --cert-type <value> +
+-T <value>
+| Certificate type
+
+| auth-token
+| K
+| --auth-token <value> +
+-K <value>
+| Sectigo API auth token
+
+| url
+| u
+| --url <value> +
+-u <value>
+| Sectigo API URL
+
+| config
+| l
+| --config <file> +
+-l <file>
+| Path to config file
+
+|===
+
 *Configuration File*
 
 Configuration File is a file used to specify internal certifier util parameters such as timeouts, ecc curve types and other miscellaneous items. This file follows the JSON Format and can be manually editted from the `libcertifier.cfg.sample` template file present in the root directory.
@@ -611,4 +723,53 @@ Note: 64-bit hex integer expected as input.
 | Mark request for a lite certificate. +
 Note: value type = `bool`
 
+| libcertifier.sectigo.url
+| "https://certs.xpki.io/api/createCertificate"
+| Sectigo URL
+
+| libcertifier.sectigo.auth.token
+| ""
+| Sectigo API authentication token
+
+| libcertifier.sectigo.common.name
+| "example.com"
+| Certificate common name (CN)
+
+| libcertifier.sectigo.group.name
+| "Example Group"
+| Group name for the certificate request
+
+| libcertifier.sectigo.group.email
+| "group@example.com"
+| Group email for notifications
+
+| libcertifier.sectigo.id
+| "user123"
+| User or device ID
+
+| libcertifier.sectigo.owner.first.name
+| "First"
+| Owner's first name
+
+| libcertifier.sectigo.owner.last.name
+| "Last"
+| Owner's last name
+
+| libcertifier.sectigo.business.justification
+| "Testing"
+| Business justification for the request
+
+| libcertifier.sectigo.subject.alt.names
+| []
+| Subject alternative names. +
+Note: value type = `array of strings`  Pass empty array if you don't have.
+
+| libcertifier.sectigo.owner.email
+| "owner@example.com"
+| Owner's email address
+
+| libcertifier.sectigo.tracking.id
+| "1234"
+| Tracking ID for the request
+
 |===

docs/configuration.adoc

@@ -2,6 +2,7 @@ xref:libcertifier.adoc[*Back to Manual*]
 
 == Configuration
 
+== xPKI Certificates
 |=======
 | *Property Name* | *Default Value* | *Description* 
 | libcertifier.certifier.url   | https://certifier.xpki.io/v1/certifier/certificate |  
@@ -27,6 +28,23 @@ xref:libcertifier.adoc[*Back to Manual*]
 | libcertifier.ext.key.usage   | clientAuth,serverAuth | (See notes below) 
 |=======
 
+== Sectigo Certificates
+|=======
+| *Property Name* | *Default Value* | *Description* 
+| libcertifier.sectigo.url   | https://certs.xpki.io/api/createCertificate |
+| libcertifier.sectigo.auth.token   | |
+| libcertifier.sectigo.common.name   | example.com |
+| libcertifier.sectigo.group.name   | ExampleGroup |
+| libcertifier.sectigo.group.email   | group@example.com |
+| libcertifier.sectigo.id   | user123 |
+| libcertifier.sectigo.owner.first.name   | First |
+| libcertifier.sectigo.owner.last.name   | Last |
+| libcertifier.sectigo.project.name   | ExampleProject |
+| libcertifier.sectigo.business.justification   | Testing |
+| libcertifier.sectigo.subject.alt.names   | [] |
+| libcertifier.sectigo.owner.email   | owner@example.com |
+|=======
+
 == Extended Key Usage values:
 This field can be populated with a list of values, indicating purposes for which the certificate public key can be used for. 
 

include/certifier/certifier_api_easy.h

@@ -101,6 +101,9 @@ typedef enum
 
     CERTIFIER_MODE_PRINT_HELP = 65536,
 
+    CERTIFIER_MODE_SECTIGO_GET_CERT,
+
+    CERTIFIER_MODE_SECTIGO_PRINT_HELP
     // 131072 is unused
 } CERTIFIER_MODE;
 

include/certifier/property.h

@@ -202,6 +202,22 @@ typedef enum CERTIFIER_OPT
      */
     CERTIFIER_OPT_MTLS_P12_PATH,
     CERTIFIER_OPT_MTLS_P12_PASSWORD,
+
+    CERTIFIER_OPT_SECTIGO_AUTH_TOKEN,
+    CERTIFIER_OPT_SECTIGO_COMMON_NAME,
+    CERTIFIER_OPT_SECTIGO_GROUP_NAME,
+    CERTIFIER_OPT_SECTIGO_GROUP_EMAIL,
+    CERTIFIER_OPT_SECTIGO_ID,
+    CERTIFIER_OPT_SECTIGO_OWNER_FIRST_NAME,
+    CERTIFIER_OPT_SECTIGO_OWNER_LAST_NAME,
+    CERTIFIER_OPT_SECTIGO_PROJECT_NAME,
+    CERTIFIER_OPT_SECTIGO_BUSINESS_JUSTIFICATION,
+    CERTIFIER_OPT_SECTIGO_SUBJECT_ALT_NAMES,
+    CERTIFIER_OPT_SECTIGO_OWNER_EMAIL,
+    CERTIFIER_OPT_SECTIGO_URL,
+    CERTIFIER_OPT_SECTIGO_DEVHUB_ID,
+    CERTIFIER_OPT_SECTIGO_VALIDITY_DAYS,
+    CERTIFIER_OPT_SECTIGO_KEY_TYPE,
 
 } CERTIFIER_OPT;
 

internal_headers/certifier/certifier.h

@@ -21,14 +21,17 @@
 
 #include "certifier/property.h"
 #include "certifier/types.h"
+#include "certifier/error.h"
+#include "certifier/property_internal.h"
+
+#define SMALL_STRING_SIZE 64
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 /* CHUNK is the size of the memory chunk used by the zlib routines. */
 #define CHUNK 10000
-
 #define ALLOWABLE_CHARACTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnpqrstuvwxyz0123456879"
 
 #define CERTIFIER_ERR_INIT_CERTIFIER 1000
@@ -138,7 +141,23 @@ typedef enum
     CERTIFIER_LOG_FATAL
 } CertifierLogPriority;
 
-typedef struct Certifier Certifier;
+typedef struct Map
+{
+    char node_address[SMALL_STRING_SIZE];
+    char * base64_public_key;
+    unsigned char * der_public_key;
+    int der_public_key_len;
+    ECC_KEY * private_ec_key;
+    X509_CERT * x509_cert;
+} Map;
+
+typedef struct Certifier
+{
+    CertifierPropMap * prop_map;
+    Map tmp_map;
+    CertifierError last_error;
+    bool sectigo_mode;
+} Certifier;
 
 Certifier * certifier_new(void);
 
@@ -165,6 +184,8 @@ bool certifier_is_option_set(Certifier * certifier, int name);
  */
 int certifier_load_cfg_file(Certifier * certifier);
 
+int sectigo_load_cfg_file(Certifier * certifier);
+
 char * certifier_get_version(Certifier * certifier);
 
 /**
@@ -250,6 +271,10 @@ void certifier_print_certificate(Certifier * certifier, const char * pem, int pe
 
 void certifier_print_certificate_validity(Certifier * certifier);
 
+CertifierError sectigo_generate_certificate_signing_request(Certifier *certifier, char **out_csr_pem);
+
+CertifierPropMap * certifier_get_prop_map(Certifier * certifier);
+
 #ifdef __cplusplus
 }
 #endif

internal_headers/certifier/property_internal.h

@@ -49,6 +49,8 @@ typedef struct _PropMap CertifierPropMap;
  */
 CertifierPropMap * property_new(void);
 
+CertifierPropMap * property_new_sectigo(void);
+
 CertifierPropMap * property_ext(void);
 
 int property_destroy(CertifierPropMap * prop_map);
@@ -76,18 +78,29 @@ int property_set_ext(CertifierPropMap * prop_map);
 
 int property_set(CertifierPropMap * prop_map, CERTIFIER_OPT name, const void * value);
 
+int sectigo_property_set(CertifierPropMap * prop_map, int name, const void * value);
+
 int property_set_int(CertifierPropMap * prop_map, CERTIFIER_OPT name, int value);
 
 void * property_get(CertifierPropMap * prop_map, CERTIFIER_OPT name);
 
 int property_set_defaults_from_cfg_file(CertifierPropMap * propMap);
 
+int property_set_sectigo_defaults_from_cfg_file(CertifierPropMap * propMap);
+
 const char * get_default_cfg_filename();
 
 const char * get_default_ca_path();
 
 const char * get_default_ca_info();
 
+/**
+ * Validate if a key type string is a supported Sectigo key type.
+ * @param key_type The key type string to validate
+ * @return 1 if valid, 0 otherwise
+ */
+int is_valid_sectigo_key_type(const char * key_type);
+
 #ifdef __cplusplus
 }
 #endif