Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #3362 from hosseinsh/entrust-default-clientId 

Entrust default client
This commit is contained in:
Hossein Shafagh 2021-01-19 16:27:04 -08:00 committed by GitHub
parent 0f6af9f679 74bb4f58a0
commit 2240ace825
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/administration.rst
View File

@ -941,6 +941,12 @@ The following parameters have to be set in the configuration files.
If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names. If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names.
.. data:: ENTRUST_USE_DEFAULT_CLIENT_ID
:noindex:
If set to True, Entrust will use the primary client ID of 1, which applies to most use-case.
Otherwise, Entrust will first lookup the clientId before ordering the certificate.
Verisign Issuer Plugin Verisign Issuer Plugin
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~

40
lemur/plugins/lemur_entrust/plugin.py
View File

@ -80,7 +80,6 @@ def process_options(options, client_id):
"eku": "SERVER_AND_CLIENT_AUTH", "eku": "SERVER_AND_CLIENT_AUTH",
"certType": product_type, "certType": product_type,
"certExpiryDate": validity_end, "certExpiryDate": validity_end,
# "keyType": "RSA", Entrust complaining about this parameter
"tracking": tracking_data, "tracking": tracking_data,
"org": options.get("organization"), "org": options.get("organization"),
"clientId": client_id "clientId": client_id
@ -88,14 +87,28 @@ def process_options(options, client_id):
return data return data
def get_client_id(my_response, organization): @retry(stop_max_attempt_number=5, wait_fixed=1000)
def get_client_id(session, organization):
""" """
Helper function for parsing responses from the Entrust API. Helper function for looking up clientID pased on Organization and parsing the response.
:param content: :param session:
:return: :raise Exception: :param organization: the validated org with Entrust, for instance "Company, Inc."
:return: ClientID
:raise Exception:
""" """
# get the organization ID
url = current_app.config.get("ENTRUST_URL") + "/organizations"
try: try:
d = json.loads(my_response.content) response = session.get(url, timeout=(15, 40))
except requests.exceptions.Timeout:
raise Exception("Timeout for Getting Organizations")
except requests.exceptions.RequestException as e:
raise Exception(f"Error for Getting Organization {e}")
# parse the response
try:
d = json.loads(response.content)
except ValueError: except ValueError:
# catch an empty json object here # catch an empty json object here
d = {'response': 'No detailed message'} d = {'response': 'No detailed message'}
@ -220,16 +233,11 @@ class EntrustIssuerPlugin(IssuerPlugin):
} }
current_app.logger.info(log_data) current_app.logger.info(log_data)
# firstly we need the organization ID if current_app.config.get("ENTRUST_USE_DEFAULT_CLIENT_ID"):
url = current_app.config.get("ENTRUST_URL") + "/organizations" # The ID of the primary client is 1.
try: client_id = 1
response = self.session.get(url, timeout=(15, 40)) else:
except requests.exceptions.Timeout: client_id = get_client_id(self.session, issuer_options.get("organization"))
raise Exception("Timeout for Getting Organizations")
except requests.exceptions.RequestException as e:
raise Exception(f"Error for Getting Organization {e}")
client_id = get_client_id(response, issuer_options.get("organization"))
log_data = { log_data = {
"function": f"{__name__}.{sys._getframe().f_code.co_name}", "function": f"{__name__}.{sys._getframe().f_code.co_name}",
"message": f"Organization id: {client_id}" "message": f"Organization id: {client_id}"