Merge pull request #3208 from hosseinsh/improved-logging

Improved issuer logging
2020-10-23 08:43:11 -07:00 · 2020-10-23 08:43:11 -07:00 · 2ea39a51e3
parent e87cf040f3 2b274f723a
commit 2ea39a51e3
4 changed files with 34 additions and 12 deletions
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -360,7 +360,12 @@ def create(**kwargs):
    try:
        cert_body, private_key, cert_chain, external_id, csr = mint(**kwargs)
    except Exception:
-        current_app.logger.error("Exception minting certificate", exc_info=True)
+        log_data = {
+            "message": "Exception minting certificate",
+            "issuer": kwargs["authority"].name,
+            "cn": kwargs["common_name"],
+        }
+        current_app.logger.error(log_data, exc_info=True)
        sentry.captureException()
        raise
    kwargs["body"] = cert_body
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@ -37,7 +37,13 @@ def log_status_code(r, *args, **kwargs):
    :param kwargs:
    :return:
    """
+    log_data = {
+        "reason": (r.reason if r.reason else ""),
+        "status_code": r.status_code,
+        "url": (r.url if r.url else ""),
+    }
    metrics.send("digicert_status_code_{}".format(r.status_code), "counter", 1)
+    current_app.logger.info(log_data)


 def signature_hash(signing_algorithm):
@ -171,7 +177,7 @@ def map_cis_fields(options, csr):
        "csr": csr,
        "signature_hash": signature_hash(options.get("signing_algorithm")),
        "validity": {
-            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM") + "Z"
+            "valid_to": validity_end.format("YYYY-MM-DDTHH:MM:SS") + "Z"
        },
        "organization": {
            "name": options["organization"],
@ -204,7 +210,7 @@ def handle_response(response):
    :return:
    """
    if response.status_code > 399:
-        raise Exception(response.json()["errors"][0]["message"])
+        raise Exception("DigiCert rejected request with the error:" + response.json()["errors"][0]["message"])

    return response.json()

@ -215,10 +221,17 @@ def handle_cis_response(response):
    :param response:
    :return:
    """
-    if response.status_code > 399:
-        raise Exception(response.text)
+    if response.status_code == 404:
+        raise Exception("DigiCert: order not in issued state")
+    elif response.status_code == 406:
+        raise Exception("DigiCert: wrong header request format")
+    elif response.status_code > 399:
+        raise Exception("DigiCert rejected request with the error:" + response.text)

-    return response.json()
+    if response.url.endswith("download"):
+        return response.content
+    else:
+        return response.json()


@retry(stop_max_attempt_number=10, wait_fixed=10000)
@ -238,11 +251,9 @@ def get_cis_certificate(session, base_url, order_id):
    certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id)
    session.headers.update({"Accept": "application/x-pkcs7-certificates"})
    response = session.get(certificate_url)
+    response_content = handle_cis_response(response)

-    if response.status_code == 404:
-        raise Exception("Order not in issued state.")
-
-    cert_chain_pem = convert_pkcs7_bytes_to_pem(response.content)
+    cert_chain_pem = convert_pkcs7_bytes_to_pem(response_content)
    if len(cert_chain_pem) < 3:
        raise Exception("Missing the certificate chain")
    return cert_chain_pem
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@ -123,7 +123,7 @@ def test_map_cis_fields_with_validity_years(mock_current_app, authority):
            "signature_hash": "sha256",
            "organization": {"name": "Example, Inc."},
            "validity": {
-                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:MM") + "Z"
+                "valid_to": arrow.get(2018, 11, 3).format("YYYY-MM-DDTHH:MM:SS") + "Z"
            },
            "profile_name": None,
        }
@ -159,7 +159,7 @@ def test_map_cis_fields_with_validity_end_and_start(mock_current_app, app, autho
            "signature_hash": "sha256",
            "organization": {"name": "Example, Inc."},
            "validity": {
-                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:MM") + "Z"
+                "valid_to": arrow.get(2017, 5, 7).format("YYYY-MM-DDTHH:MM:SS") + "Z"
            },
            "profile_name": None,
        }
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -20,7 +20,13 @@ def log_status_code(r, *args, **kwargs):
    :param kwargs:
    :return:
    """
+    log_data = {
+        "reason": (r.reason if r.reason else ""),
+        "status_code": r.status_code,
+        "url": (r.url if r.url else ""),
+    }
    metrics.send(f"entrust_status_code_{r.status_code}", "counter", 1)
+    current_app.logger.info(log_data)


 def determine_end_date(end_date):