From 3b19863a96b7476440fadca48f5f91ce74f9d519 Mon Sep 17 00:00:00 2001 From: sirferl Date: Wed, 2 Dec 2020 13:24:01 +0100 Subject: [PATCH 1/7] adding source plugin code" --- lemur/plugins/lemur_entrust/plugin.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 924345eb..7aa915c5 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -314,6 +314,31 @@ class EntrustSourcePlugin(SourcePlugin): author = "sirferl" author_url = "https://github.com/sirferl/lemur" + def __init__(self, *args, **kwargs): + """Initialize the issuer with the appropriate details.""" + required_vars = [ + "ENTRUST_API_CERT", + "ENTRUST_API_KEY", + "ENTRUST_API_USER", + "ENTRUST_API_PASS", + "ENTRUST_URL", + "ENTRUST_ROOT", + "ENTRUST_NAME", + "ENTRUST_EMAIL", + "ENTRUST_PHONE", + ] + validate_conf(current_app, required_vars) + + self.session = requests.Session() + cert_file = current_app.config.get("ENTRUST_API_CERT") + key_file = current_app.config.get("ENTRUST_API_KEY") + user = current_app.config.get("ENTRUST_API_USER") + password = current_app.config.get("ENTRUST_API_PASS") + self.session.cert = (cert_file, key_file) + self.session.auth = (user, password) + self.session.hooks = dict(response=log_status_code) + super(EntrustSourcePlugin, self).__init__(*args, **kwargs) + def get_certificates(self, options, **kwargs): # Not needed for ENTRUST raise NotImplementedError("Not implemented\n", self, options, **kwargs) From 9b2ac32d701183ecaaca3438396d38312c046c51 Mon Sep 17 00:00:00 2001 From: sirferl Date: Wed, 2 Dec 2020 15:50:51 +0100 Subject: [PATCH 2/7] added source functionality --- lemur/plugins/lemur_entrust/plugin.py | 58 ++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 7aa915c5..34669eef 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -313,6 +313,15 @@ class EntrustSourcePlugin(SourcePlugin): author = "sirferl" author_url = "https://github.com/sirferl/lemur" + options = [ + { + "name": "dummy", + "type": "str", + "required": False, + "validation": "/^[0-9]{12,12}$/", + "helpMessage": "Just to prevent error", + } + ] def __init__(self, *args, **kwargs): """Initialize the issuer with the appropriate details.""" @@ -340,8 +349,53 @@ class EntrustSourcePlugin(SourcePlugin): super(EntrustSourcePlugin, self).__init__(*args, **kwargs) def get_certificates(self, options, **kwargs): - # Not needed for ENTRUST - raise NotImplementedError("Not implemented\n", self, options, **kwargs) + """ Fetch all Entrust certificates """ + base_url = current_app.config.get("ENTRUST_URL") + host = base_url.replace('/enterprise/v2','') + + get_url = f"{base_url}/certificates" + certs =[] + offset = 0 + while True: + response = self.session.get(get_url, + params={ + "status": "ACTIVE", + "isThirdParty": "false", + "fields": "uri,dn", + "offset": offset + } + ) + try: + data = json.loads(response.content) + except ValueError: + # catch an empty jason object here + data = {'response': 'No detailed message'} + status_code = response.status_code + if status_code > 399: + raise Exception(f"ENTRUST error: {msg.get(status_code, status_code)}\n{data['errors']}") + # current_app.logger.info(f"recevied: {data['summary']}") + for c in data["certificates"]: + download_url = "{0}{1}".format( + host, c["uri"] + ) + cert_response = self.session.get(download_url) + certificate = json.loads(cert_response.content) + # current_app.logger.info(f"Result: {certificate}") + # normalize serial + serial = str(int(certificate["serialNumber"], 16)) + cert = { + "body": certificate["endEntityCert"], + "serial": serial, + "external_id": str(certificate["trackingId"]), + } + certs.append(cert) + if data["summary"]["limit"] * offset >= data["summary"]["total"]: + break + else: + offset += 1 + current_app.logger.info(f"Result: {certs}") + return certs + def get_endpoints(self, options, **kwargs): # There are no endpoints in ENTRUST From a0517d26fa75646caedf44758cce971d11041642 Mon Sep 17 00:00:00 2001 From: sirferl Date: Wed, 2 Dec 2020 16:05:34 +0100 Subject: [PATCH 3/7] lint errors fixed --- lemur/plugins/lemur_entrust/plugin.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 34669eef..c2d9caef 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -351,17 +351,17 @@ class EntrustSourcePlugin(SourcePlugin): def get_certificates(self, options, **kwargs): """ Fetch all Entrust certificates """ base_url = current_app.config.get("ENTRUST_URL") - host = base_url.replace('/enterprise/v2','') + host = base_url.replace('/enterprise/v2', '') get_url = f"{base_url}/certificates" - certs =[] + certs = [] offset = 0 - while True: - response = self.session.get(get_url, + while True: + response = self.session.get(get_url, params={ - "status": "ACTIVE", + "status": "ACTIVE", "isThirdParty": "false", - "fields": "uri,dn", + "fields": "uri,dn", "offset": offset } ) @@ -372,7 +372,7 @@ class EntrustSourcePlugin(SourcePlugin): data = {'response': 'No detailed message'} status_code = response.status_code if status_code > 399: - raise Exception(f"ENTRUST error: {msg.get(status_code, status_code)}\n{data['errors']}") + raise Exception(f"ENTRUST error: {status_code}\n{data['errors']}") # current_app.logger.info(f"recevied: {data['summary']}") for c in data["certificates"]: download_url = "{0}{1}".format( @@ -391,11 +391,10 @@ class EntrustSourcePlugin(SourcePlugin): certs.append(cert) if data["summary"]["limit"] * offset >= data["summary"]["total"]: break - else: + else: offset += 1 current_app.logger.info(f"Result: {certs}") return certs - def get_endpoints(self, options, **kwargs): # There are no endpoints in ENTRUST From f0f13ce97b2ee9536ca20e3c08bb923276003c6e Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 3 Dec 2020 08:30:54 +0100 Subject: [PATCH 4/7] Removed commented log lines Added logging of number of downloaded certificates --- lemur/plugins/lemur_entrust/plugin.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index c2d9caef..8c50fd6e 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -355,6 +355,7 @@ class EntrustSourcePlugin(SourcePlugin): get_url = f"{base_url}/certificates" certs = [] + processed_certs = 0 offset = 0 while True: response = self.session.get(get_url, @@ -373,14 +374,12 @@ class EntrustSourcePlugin(SourcePlugin): status_code = response.status_code if status_code > 399: raise Exception(f"ENTRUST error: {status_code}\n{data['errors']}") - # current_app.logger.info(f"recevied: {data['summary']}") for c in data["certificates"]: download_url = "{0}{1}".format( host, c["uri"] ) cert_response = self.session.get(download_url) certificate = json.loads(cert_response.content) - # current_app.logger.info(f"Result: {certificate}") # normalize serial serial = str(int(certificate["serialNumber"], 16)) cert = { @@ -389,11 +388,12 @@ class EntrustSourcePlugin(SourcePlugin): "external_id": str(certificate["trackingId"]), } certs.append(cert) + processed_certs += 1 if data["summary"]["limit"] * offset >= data["summary"]["total"]: break else: offset += 1 - current_app.logger.info(f"Result: {certs}") + current_app.logger.info(f"Retrieved {processed_certs} ertificates") return certs def get_endpoints(self, options, **kwargs): From c635e0f76e7774cfd1ed6a80a67587c10a2defea Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 3 Dec 2020 09:24:49 +0100 Subject: [PATCH 5/7] added CSR, Owner, Cert type and extended key usage from Entrust --- lemur/plugins/lemur_entrust/plugin.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 8c50fd6e..5f758fed 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -20,13 +20,14 @@ def log_status_code(r, *args, **kwargs): :param kwargs: :return: """ - log_data = { - "reason": (r.reason if r.reason else ""), - "status_code": r.status_code, - "url": (r.url if r.url else ""), - } - metrics.send(f"entrust_status_code_{r.status_code}", "counter", 1) - current_app.logger.info(log_data) + if r.status_code != 200: + log_data = { + "reason": (r.reason if r.reason else ""), + "status_code": r.status_code, + "url": (r.url if r.url else ""), + } + metrics.send(f"entrust_status_code_{r.status_code}", "counter", 1) + current_app.logger.info(log_data) def determine_end_date(end_date): @@ -386,6 +387,9 @@ class EntrustSourcePlugin(SourcePlugin): "body": certificate["endEntityCert"], "serial": serial, "external_id": str(certificate["trackingId"]), + "csr": certificate["csr"], + "owner": certificate["tracking"]["requesterEmail"], + "description": f"Type: Entrust {certificate['certType']}\nExtended Key Usage: {certificate['eku']}" } certs.append(cert) processed_certs += 1 From 2813186b139bc0db04d0efefae38850bb633fdf1 Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 3 Dec 2020 10:17:47 +0100 Subject: [PATCH 6/7] lint errors --- lemur/plugins/lemur_entrust/plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 5f758fed..a89de587 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -388,7 +388,7 @@ class EntrustSourcePlugin(SourcePlugin): "serial": serial, "external_id": str(certificate["trackingId"]), "csr": certificate["csr"], - "owner": certificate["tracking"]["requesterEmail"], + "owner": certificate["tracking"]["requesterEmail"], "description": f"Type: Entrust {certificate['certType']}\nExtended Key Usage: {certificate['eku']}" } certs.append(cert) From 4afd425d9f6081b7d8e68260a34bab32ad4e24e8 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Thu, 3 Dec 2020 12:07:59 -0800 Subject: [PATCH 7/7] improved text --- lemur/plugins/lemur_entrust/plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 83547a20..e8410603 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -394,7 +394,7 @@ class EntrustSourcePlugin(SourcePlugin): "external_id": str(certificate["trackingId"]), "csr": certificate["csr"], "owner": certificate["tracking"]["requesterEmail"], - "description": f"Type: Entrust {certificate['certType']}\nExtended Key Usage: {certificate['eku']}" + "description": f"Imported by Lemur; Type: Entrust {certificate['certType']}\nExtended Key Usage: {certificate['eku']}" } certs.append(cert) processed_certs += 1