Merge branch 'master' into entrust-cross-signed-subCA
This commit is contained in:
commit
3403ba89f1
@ -941,12 +941,20 @@ The following parameters have to be set in the configuration files.
|
||||
|
||||
If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names.
|
||||
|
||||
|
||||
.. data:: ENTRUST_CROSS_SIGNED_RSA
|
||||
:noindex:
|
||||
|
||||
This is optional. Entrust provides support for cross-signed subCAS. One can set ENTRUST_CROSS_SIGNED_RSA to the respective cross-signed subCA PEM, such as L1K, Lemur will replace the retrieved subCA with ENTRUST_CROSS_SIGNED_RSA.
|
||||
|
||||
|
||||
.. data:: ENTRUST_USE_DEFAULT_CLIENT_ID
|
||||
:noindex:
|
||||
|
||||
If set to True, Entrust will use the primary client ID of 1, which applies to most use-case.
|
||||
Otherwise, Entrust will first lookup the clientId before ordering the certificate.
|
||||
|
||||
|
||||
Verisign Issuer Plugin
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
@ -80,7 +80,6 @@ def process_options(options, client_id):
|
||||
"eku": "SERVER_AND_CLIENT_AUTH",
|
||||
"certType": product_type,
|
||||
"certExpiryDate": validity_end,
|
||||
# "keyType": "RSA", Entrust complaining about this parameter
|
||||
"tracking": tracking_data,
|
||||
"org": options.get("organization"),
|
||||
"clientId": client_id
|
||||
@ -88,14 +87,28 @@ def process_options(options, client_id):
|
||||
return data
|
||||
|
||||
|
||||
def get_client_id(my_response, organization):
|
||||
@retry(stop_max_attempt_number=5, wait_fixed=1000)
|
||||
def get_client_id(session, organization):
|
||||
"""
|
||||
Helper function for parsing responses from the Entrust API.
|
||||
:param content:
|
||||
:return: :raise Exception:
|
||||
Helper function for looking up clientID pased on Organization and parsing the response.
|
||||
:param session:
|
||||
:param organization: the validated org with Entrust, for instance "Company, Inc."
|
||||
:return: ClientID
|
||||
:raise Exception:
|
||||
"""
|
||||
|
||||
# get the organization ID
|
||||
url = current_app.config.get("ENTRUST_URL") + "/organizations"
|
||||
try:
|
||||
d = json.loads(my_response.content)
|
||||
response = session.get(url, timeout=(15, 40))
|
||||
except requests.exceptions.Timeout:
|
||||
raise Exception("Timeout for Getting Organizations")
|
||||
except requests.exceptions.RequestException as e:
|
||||
raise Exception(f"Error for Getting Organization {e}")
|
||||
|
||||
# parse the response
|
||||
try:
|
||||
d = json.loads(response.content)
|
||||
except ValueError:
|
||||
# catch an empty json object here
|
||||
d = {'response': 'No detailed message'}
|
||||
@ -220,16 +233,11 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||
}
|
||||
current_app.logger.info(log_data)
|
||||
|
||||
# firstly we need the organization ID
|
||||
url = current_app.config.get("ENTRUST_URL") + "/organizations"
|
||||
try:
|
||||
response = self.session.get(url, timeout=(15, 40))
|
||||
except requests.exceptions.Timeout:
|
||||
raise Exception("Timeout for Getting Organizations")
|
||||
except requests.exceptions.RequestException as e:
|
||||
raise Exception(f"Error for Getting Organization {e}")
|
||||
|
||||
client_id = get_client_id(response, issuer_options.get("organization"))
|
||||
if current_app.config.get("ENTRUST_USE_DEFAULT_CLIENT_ID"):
|
||||
# The ID of the primary client is 1.
|
||||
client_id = 1
|
||||
else:
|
||||
client_id = get_client_id(self.session, issuer_options.get("organization"))
|
||||
log_data = {
|
||||
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
|
||||
"message": f"Organization id: {client_id}"
|
||||
|
Loading…
Reference in New Issue
Block a user