From 240c76b3cbcdbbd7fa69d9b9ba88ba8d47812b2d Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 5 Feb 2021 11:47:47 -0800
Subject: [PATCH] support for Entrust cross-signed EC

---
 lemur/plugins/lemur_entrust/plugin.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py
index 14bf9646..7187e5ee 100644
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@@ -259,8 +259,10 @@ class EntrustIssuerPlugin(IssuerPlugin):
         else:
             chain = response_dict['chainCerts'][1]
 
-        if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA") and get_key_type_from_certificate(cert) == "RSA2048":
-            chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA")
+        if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA_L1K") and get_key_type_from_certificate(cert) == "RSA2048":
+            chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA_L1K")
+        if current_app.config.get("ENTRUST_CROSS_SIGNED_ECC_L1F") and get_key_type_from_certificate(cert) == "ECCPRIME256V1":
+            chain = current_app.config.get("ENTRUST_CROSS_SIGNED_ECC_L1F")
 
         log_data["message"] = "Received Chain"
         log_data["options"] = f"chain: {chain}"