Keyfactor · irby · Sep 5, 2025 · Mar 23, 2026 · Mar 23, 2026 · Mar 23, 2026
diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-bootstrap-workflow.yml
@@ -11,10 +11,13 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@v3
+    uses: keyfactor/actions/.github/workflows/starter.yml@v4
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
-      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
       scan_token: ${{ secrets.SAST_TOKEN }}
+      entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }}
+      entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }}
+      command_client_id: ${{ secrets.DOCTOOL_COMMAND_CLIENT_ID }}
+      command_client_secret: ${{ secrets.DOCTOOL_COMMAND_CLIENT_SECRET }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -9,21 +9,25 @@ jobs:
       # Checkout code
       # https://github.com/actions/checkout
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # Setup dotnet 8.0
       # https://github.com/actions/setup-dotnet
-      - uses: actions/setup-dotnet@v3
+      - uses: actions/setup-dotnet@v5
         with:
           dotnet-version: '8.x'
 
       # Setup nuget
-      - name: Setup build environment
+      - name: Add Keyfactor NuGet Source
         run: |
           dotnet nuget add source https://nuget.pkg.github.com/Keyfactor/index.json -n github -u ${{ github.actor }} -p ${{ secrets.V2BUILDTOKEN }} --store-password-in-clear-text
-          dotnet restore
+
+      - name: Restore dependencies
+        run: dotnet restore
+
+      - name: Build solution
+        run: dotnet build --no-restore --configuration Release
 
       # Build and test dotnet project
       - name: Build and Test
-        run: dotnet test
-
+        run: dotnet test --no-build --configuration Release
diff --git a/.gitignore b/.gitignore
@@ -350,3 +350,5 @@ healthchecksdb
 */C:
 
 logs
+
+.env
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.2.1
+## Chores
+- Add note about OTE API keys not being supported with this integration due to shopper ID resolution requirements.
+
 # v1.2.0
   - Add special condition to handle status 409 when downloading certificates from GoDaddy. 409 indicates that the certificate state does not allow download.
 

diff --git a/GoDaddy.Tests/FakeCaConfigProvider.cs → GoDaddy.Tests/Fakes/FakeCaConfigProvider.cs b/GoDaddy.Tests/FakeCaConfigProvider.cs → GoDaddy.Tests/Fakes/FakeCaConfigProvider.cs
@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

diff --git a/GoDaddy.Tests/FakeCertificateDataReader.cs → ....Tests/Fakes/FakeCertificateDataReader.cs b/GoDaddy.Tests/FakeCertificateDataReader.cs → ....Tests/Fakes/FakeCertificateDataReader.cs
@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

diff --git a/GoDaddy.Tests/FakeGoDaddyClient.cs → GoDaddy.Tests/Fakes/FakeGoDaddyClient.cs b/GoDaddy.Tests/FakeGoDaddyClient.cs → GoDaddy.Tests/Fakes/FakeGoDaddyClient.cs
@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -179,7 +179,7 @@
                Assert.NotNull(request.Contact.Phone);

                Assert.NotNull(request.Csr);
                Assert.NotNull(request.Period);
                Assert.NotNull(request.SlotSize);
                break;

@@ -203,7 +203,7 @@
                Assert.NotNull(request.Organization.Phone);

                Assert.NotNull(request.Csr);
                Assert.NotNull(request.Period);
                Assert.NotNull(request.SlotSize);
                break;

@@ -228,7 +228,7 @@
                Assert.NotNull(request.Contact.JobTitle);

                Assert.NotNull(request.Csr);
                Assert.NotNull(request.Period);
                Assert.NotNull(request.SlotSize);
                break;


diff --git a/GoDaddy.Tests/GoDaddy.Tests.csproj b/GoDaddy.Tests/GoDaddy.Tests.csproj
@@ -21,12 +21,12 @@
     <Using Include="Xunit" />
   </ItemGroup>
 
-  <ItemGroup>
-    <ProjectReference Include="..\GoDaddy\GoDaddy.csproj" />
+  <ItemGroup>
+    <ProjectReference Include="..\GoDaddy\GoDaddy.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
-
-  <ItemGroup>
-    <Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
-  </ItemGroup>
 
 </Project>
diff --git a/GoDaddy.Tests/GoDaddyCAPlugin.cs → GoDaddy.Tests/GoDaddyCAPluginTests.cs b/GoDaddy.Tests/GoDaddyCAPlugin.cs → GoDaddy.Tests/GoDaddyCAPluginTests.cs
@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -28,6 +28,15 @@
 
 public class GoDaddyCAPluginTests
 {
+    private static readonly DateTimeOffset NotBefore = DateTimeOffset.Now.AddDays(-100);
+    private static readonly DateTimeOffset ReissueNotAfter = DateTimeOffset.Now.AddDays(365);
+    private static readonly DateTimeOffset RenewalNotAfter = DateTimeOffset.Now.AddDays(59);
+
+    private const string TestSubject = "CN=Test Subject";
+    private static readonly string TestCsr = GenerateCSR(TestSubject);
+    private static readonly X509Certificate2 FakeReissueCertificate = FakeGoDaddyClient.GenerateSelfSignedCertificate(RSA.Create(2048), "CN=Test Cert", NotBefore, ReissueNotAfter);
+    private static readonly X509Certificate2 FakeRenewalCertificate = FakeGoDaddyClient.GenerateSelfSignedCertificate(RSA.Create(2048), "CN=Test Cert", NotBefore, RenewalNotAfter);
+
     ILogger _logger { get; set;}
 
     public GoDaddyCAPluginTests()
@@ -94,7 +103,7 @@
        };

        // Act
        plugin.Synchronize(certificates, DateTime.Now, true, CancellationToken.None).Wait();

        // Assert
        Assert.Equal("fake-ca-request-id", certificates.First().CARequestID);
@@ -133,7 +142,7 @@
        // Act
        try
        {
            plugin.ValidateProductInfo(productInfo, new Dictionary<string, object>()).Wait();
        }
        catch
        {
@@ -180,7 +189,7 @@
        // Act
        try
        {
            plugin.ValidateProductInfo(productInfo, new Dictionary<string, object>()).Wait();
        }
        catch
        {
@@ -231,7 +240,7 @@
        // Act
        try
        {
            plugin.ValidateProductInfo(productInfo, new Dictionary<string, object>()).Wait();
        }
        catch
        {
@@ -253,7 +262,7 @@
     [InlineData("UCC_DV_SSL")]
     [InlineData("UCC_EV_SSL")]
     [InlineData("UCC_OV_SSL")]
-    public void GoDaddyCAPlugin_Enroll_ReturnSuccess(string productID)
+    public async Task GoDaddyCAPlugin_Enroll_ReturnSuccess(string productID)
     {
         // Arrange
         FakeGoDaddyClient fakeClient = new FakeGoDaddyClient();
@@ -267,10 +276,6 @@
             Client = fakeClient
         };
         plugin.Initialize(configProvider, certificateDataReader);
-
-        // CSR
-        string subject = "CN=Test Subject";
-        string csrString = GenerateCSR(subject);
 
         Dictionary<string, string[]> sans = new();
 
@@ -307,10 +312,10 @@
         EnrollmentType type = EnrollmentType.New;
 
         // Act
-        EnrollmentResult result = plugin.Enroll(csrString, subject, sans, productInfo, format, type).Result;
+        EnrollmentResult result = await plugin.Enroll(TestCsr, TestSubject, sans, productInfo, format, type);
 
         // Assert
-        Assert.Equal(result.Status, (int)EndEntityStatus.GENERATED);
+        Assert.Equal((int)EndEntityStatus.GENERATED, result.Status);
     }
 
     [Theory]
@@ -324,12 +329,13 @@
     [InlineData("UCC_DV_SSL")]
     [InlineData("UCC_EV_SSL")]
     [InlineData("UCC_OV_SSL")]
-    public void GoDaddyCAPlugin_Renew_ReturnSuccess(string productID)
+    public async Task GoDaddyCAPlugin_Renew_ReturnSuccess(string productID)
     {
         // Arrange
-        DateTime enrollmentNotBefore = DateTime.UtcNow.AddDays(-5);
-        DateTime enrollmentNotAfter = DateTime.UtcNow.AddDays(20);
-        X509Certificate2 fakeCertificate = FakeGoDaddyClient.GenerateSelfSignedCertificate(RSA.Create(2048), "CN=Test Cert", enrollmentNotBefore, enrollmentNotAfter);
+
+        // Renewal is only available 60 days prior to expiration of the previous certificate and 30 days after the 
+        // expiration of the previous certificate. 
+
         string fakeCaRequestId = Guid.NewGuid().ToString();
 
         FakeGoDaddyClient fakeClient = new FakeGoDaddyClient()
@@ -339,20 +345,14 @@
                 { fakeCaRequestId, new AnyCAPluginCertificate
                     {
                         CARequestID = fakeCaRequestId,
-                        Certificate = fakeCertificate.ExportCertificatePem(),
+                        Certificate = FakeRenewalCertificate.ExportCertificatePem(),
                         Status = 123,
                         ProductID = productID,
                     }
                 }
             }
         };
 
-        // Renewal is only available 60 days prior to expiration of the previous certificate and 30 days after the 
-        // expiration of the previous certificate. 
-
-        fakeClient.EnrollmentNotBefore = enrollmentNotBefore;
-        fakeClient.EnrollmentNotAfter = enrollmentNotAfter;
-
         BlockingCollection<AnyCAPluginCertificate> certificates = new BlockingCollection<AnyCAPluginCertificate>();
 
         IAnyCAPluginConfigProvider configProvider = new FakeCaConfigProvider(new Config());
@@ -364,10 +364,6 @@
         };
         plugin.Initialize(configProvider, certificateDataReader);
 
-        // CSR
-        string subject = "CN=Test Subject";
-        string csrString = GenerateCSR(subject);
-
         Dictionary<string, string[]> sans = new();
 
         EnrollmentProductInfo productInfo = new EnrollmentProductInfo
@@ -394,7 +390,7 @@
                 { EnrollmentConfigConstants.JobTitle, "Software Engineer" },
                 { EnrollmentConfigConstants.RegistrationAgent, "Agent" },
                 { EnrollmentConfigConstants.RegistrationNumber, "REG-12345" },
-                { "PriorCertSN", fakeCertificate.SerialNumber }
+                { "PriorCertSN", FakeRenewalCertificate.SerialNumber }
             }
         };
 
@@ -404,12 +400,12 @@
         EnrollmentType type = EnrollmentType.Renew;
 
         // Act
-        EnrollmentResult result = plugin.Enroll(csrString, subject, sans, productInfo, format, type).Result;
+        EnrollmentResult result = await plugin.Enroll(TestCsr, TestSubject, sans, productInfo, format, type);
 
         // Assert
-        Assert.Equal(result.Status, (int)EndEntityStatus.GENERATED);
-        Assert.Equal(result.StatusMessage, $"Certificate with ID {fakeCaRequestId} has been renewed");
-        Assert.Equal(result.CARequestID, fakeCaRequestId);
+        Assert.Equal((int)EndEntityStatus.GENERATED, result.Status);
+        Assert.Equal($"Certificate with ID {fakeCaRequestId} has been renewed", result.StatusMessage);
+        Assert.Equal(fakeCaRequestId, result.CARequestID);
     }
 
     [Theory]
@@ -423,12 +419,12 @@
     [InlineData("UCC_DV_SSL")]
     [InlineData("UCC_EV_SSL")]
     [InlineData("UCC_OV_SSL")]
-    public void GoDaddyCAPlugin_Reissue_ReturnSuccess(string productID)
+    public async Task GoDaddyCAPlugin_Reissue_ReturnSuccess(string productID)
     {
         // Arrange
-        DateTime enrollmentNotBefore = DateTime.UtcNow.AddDays(-100);
-        DateTime enrollmentNotAfter = DateTime.UtcNow.AddDays(365);
-        X509Certificate2 fakeCertificate = FakeGoDaddyClient.GenerateSelfSignedCertificate(RSA.Create(2048), "CN=Test Cert", enrollmentNotBefore, enrollmentNotAfter);
+        // DateTime enrollmentNotBefore = DateTime.UtcNow.AddDays(-100);
+        // DateTime enrollmentNotAfter = DateTime.UtcNow.AddDays(365);
+        // X509Certificate2 fakeCertificate = FakeGoDaddyClient.GenerateSelfSignedCertificate(RSA.Create(2048), "CN=Test Cert", enrollmentNotBefore, enrollmentNotAfter);
         string fakeCaRequestId = Guid.NewGuid().ToString();
 
         FakeGoDaddyClient fakeClient = new FakeGoDaddyClient()
@@ -438,20 +434,14 @@
                 { fakeCaRequestId, new AnyCAPluginCertificate
                     {
                         CARequestID = fakeCaRequestId,
-                        Certificate = fakeCertificate.ExportCertificatePem(),
+                        Certificate = FakeReissueCertificate.ExportCertificatePem(),
                         Status = 123,
                         ProductID = productID,
                     }
                 }
             }
         };
 
-        // Renewal is only available 60 days prior to expiration of the previous certificate and 30 days after the 
-        // expiration of the previous certificate. 
-
-        fakeClient.EnrollmentNotBefore = enrollmentNotBefore;
-        fakeClient.EnrollmentNotAfter = enrollmentNotAfter;
-
         BlockingCollection<AnyCAPluginCertificate> certificates = new BlockingCollection<AnyCAPluginCertificate>();
 
         IAnyCAPluginConfigProvider configProvider = new FakeCaConfigProvider(new Config());
@@ -463,10 +453,6 @@
         };
         plugin.Initialize(configProvider, certificateDataReader);
 
-        // CSR
-        string subject = "CN=Test Subject";
-        string csrString = GenerateCSR(subject);
-
         Dictionary<string, string[]> sans = new();
 
         EnrollmentProductInfo productInfo = new EnrollmentProductInfo
@@ -493,7 +479,7 @@
                 { EnrollmentConfigConstants.JobTitle, "Software Engineer" },
                 { EnrollmentConfigConstants.RegistrationAgent, "Agent" },
                 { EnrollmentConfigConstants.RegistrationNumber, "REG-12345" },
-                { "PriorCertSN", fakeCertificate.SerialNumber }
+                { "PriorCertSN", FakeReissueCertificate.SerialNumber }
             }
         };
 
@@ -503,12 +489,12 @@
         EnrollmentType type = EnrollmentType.Renew;
 
         // Act
-        EnrollmentResult result = plugin.Enroll(csrString, subject, sans, productInfo, format, type).Result;
+        EnrollmentResult result = await plugin.Enroll(TestCsr, TestSubject, sans, productInfo, format, type);
 
         // Assert
-        Assert.Equal(result.Status, (int)EndEntityStatus.GENERATED);
-        Assert.Equal(result.StatusMessage, $"Certificate with ID {fakeCaRequestId} has been reissued");
-        Assert.Equal(result.CARequestID, fakeCaRequestId);
+        Assert.Equal((int)EndEntityStatus.GENERATED, result.Status);
+        Assert.Equal($"Certificate with ID {fakeCaRequestId} has been reissued", result.StatusMessage);
+        Assert.Equal(fakeCaRequestId, result.CARequestID);
     }
 
     [IntegrationTestingFact]

diff --git a/GoDaddy.Tests/GoDaddyClient.cs → GoDaddy.Tests/GoDaddyClientTests.cs b/GoDaddy.Tests/GoDaddyClient.cs → GoDaddy.Tests/GoDaddyClientTests.cs
@@ -1,4 +1,4 @@
-// Copyright 2024 Keyfactor
+// Copyright 2026 Keyfactor
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -21,15 +21,15 @@
 
 namespace Keyfactor.Extensions.CAPlugin.GoDaddyTests;
 
-public class ClientTests
+public class GoDaddyClientTests
 {
     ILogger _logger { get; set;}
 
-    public ClientTests()
+    public GoDaddyClientTests()
     {
         ConfigureLogging();
 
-        _logger = LogHandler.GetClassLogger<ClientTests>();
+        _logger = LogHandler.GetClassLogger<GoDaddyClientTests>();
     }
 
     [IntegrationTestingFact]