Merge pull request #3404 from hosseinsh/entrust-crosssigned-ecc

support for Entrust cross-signed EC
This commit is contained in:
Hossein Shafagh 2021-02-09 10:37:16 -08:00 committed by GitHub
commit 47d617f066
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 4 deletions

View File

@ -959,10 +959,16 @@ The following parameters have to be set in the configuration files.
If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names. If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names.
.. data:: ENTRUST_CROSS_SIGNED_RSA .. data:: ENTRUST_CROSS_SIGNED_RSA_L1K
:noindex: :noindex:
This is optional. Entrust provides support for cross-signed subCAS. One can set ENTRUST_CROSS_SIGNED_RSA to the respective cross-signed subCA PEM, such as L1K, Lemur will replace the retrieved subCA with ENTRUST_CROSS_SIGNED_RSA. This is optional. Entrust provides support for cross-signed subCAS. One can set ENTRUST_CROSS_SIGNED_RSA_L1K to the respective cross-signed RSA-based subCA PEM and Lemur will replace the retrieved subCA with ENTRUST_CROSS_SIGNED_RSA_L1K.
.. data:: ENTRUST_CROSS_SIGNED_ECC_L1F
:noindex:
This is optional. Entrust provides support for cross-signed subCAS. One can set ENTRUST_CROSS_SIGNED_ECC_L1F to the respective cross-signed EC-based subCA PEM and Lemur will replace the retrieved subCA with ENTRUST_CROSS_SIGNED_ECC_L1F.
.. data:: ENTRUST_USE_DEFAULT_CLIENT_ID .. data:: ENTRUST_USE_DEFAULT_CLIENT_ID

View File

@ -259,8 +259,10 @@ class EntrustIssuerPlugin(IssuerPlugin):
else: else:
chain = response_dict['chainCerts'][1] chain = response_dict['chainCerts'][1]
if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA") and get_key_type_from_certificate(cert) == "RSA2048": if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA_L1K") and get_key_type_from_certificate(cert) == "RSA2048":
chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA") chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA_L1K")
if current_app.config.get("ENTRUST_CROSS_SIGNED_ECC_L1F") and get_key_type_from_certificate(cert) == "ECCPRIME256V1":
chain = current_app.config.get("ENTRUST_CROSS_SIGNED_ECC_L1F")
log_data["message"] = "Received Chain" log_data["message"] = "Received Chain"
log_data["options"] = f"chain: {chain}" log_data["options"] = f"chain: {chain}"