Merge branch 'master' into log_update
This commit is contained in:
commit
6adf94d28f
|
@ -234,7 +234,7 @@ def handle_cis_response(response):
|
||||||
return response.json()
|
return response.json()
|
||||||
|
|
||||||
|
|
||||||
@retry(stop_max_attempt_number=10, wait_fixed=10000)
|
@retry(stop_max_attempt_number=10, wait_fixed=1000)
|
||||||
def get_certificate_id(session, base_url, order_id):
|
def get_certificate_id(session, base_url, order_id):
|
||||||
"""Retrieve certificate order id from Digicert API."""
|
"""Retrieve certificate order id from Digicert API."""
|
||||||
order_url = "{0}/services/v2/order/certificate/{1}".format(base_url, order_id)
|
order_url = "{0}/services/v2/order/certificate/{1}".format(base_url, order_id)
|
||||||
|
@ -245,7 +245,7 @@ def get_certificate_id(session, base_url, order_id):
|
||||||
return response_data["certificate"]["id"]
|
return response_data["certificate"]["id"]
|
||||||
|
|
||||||
|
|
||||||
@retry(stop_max_attempt_number=10, wait_fixed=10000)
|
@retry(stop_max_attempt_number=10, wait_fixed=1000)
|
||||||
def get_cis_certificate(session, base_url, order_id):
|
def get_cis_certificate(session, base_url, order_id):
|
||||||
"""Retrieve certificate order id from Digicert API, including the chain"""
|
"""Retrieve certificate order id from Digicert API, including the chain"""
|
||||||
certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id)
|
certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id)
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
|
|
||||||
import arrow
|
import arrow
|
||||||
import requests
|
import requests
|
||||||
import json
|
import json
|
||||||
import sys
|
import sys
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
from retrying import retry
|
||||||
|
|
||||||
from lemur.plugins import lemur_entrust as entrust
|
from lemur.plugins import lemur_entrust as entrust
|
||||||
from lemur.plugins.bases import IssuerPlugin, SourcePlugin
|
from lemur.plugins.bases import IssuerPlugin, SourcePlugin
|
||||||
|
@ -78,7 +78,6 @@ def process_options(options):
|
||||||
"eku": "SERVER_AND_CLIENT_AUTH",
|
"eku": "SERVER_AND_CLIENT_AUTH",
|
||||||
"certType": product_type,
|
"certType": product_type,
|
||||||
"certExpiryDate": validity_end,
|
"certExpiryDate": validity_end,
|
||||||
# "keyType": "RSA", Entrust complaining about this parameter
|
|
||||||
"tracking": tracking_data
|
"tracking": tracking_data
|
||||||
}
|
}
|
||||||
return data
|
return data
|
||||||
|
@ -87,7 +86,7 @@ def process_options(options):
|
||||||
def handle_response(my_response):
|
def handle_response(my_response):
|
||||||
"""
|
"""
|
||||||
Helper function for parsing responses from the Entrust API.
|
Helper function for parsing responses from the Entrust API.
|
||||||
:param content:
|
:param my_response:
|
||||||
:return: :raise Exception:
|
:return: :raise Exception:
|
||||||
"""
|
"""
|
||||||
msg = {
|
msg = {
|
||||||
|
@ -100,27 +99,47 @@ def handle_response(my_response):
|
||||||
}
|
}
|
||||||
|
|
||||||
try:
|
try:
|
||||||
d = json.loads(my_response.content)
|
data = json.loads(my_response.content)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
# catch an empty jason object here
|
# catch an empty jason object here
|
||||||
d = {'response': 'No detailed message'}
|
data = {'response': 'No detailed message'}
|
||||||
s = my_response.status_code
|
status_code = my_response.status_code
|
||||||
if s > 399:
|
if status_code > 399:
|
||||||
raise Exception(f"ENTRUST error: {msg.get(s, s)}\n{d['errors']}")
|
raise Exception(f"ENTRUST error: {msg.get(status_code, status_code)}\n{data['errors']}")
|
||||||
|
|
||||||
log_data = {
|
log_data = {
|
||||||
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
|
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
|
||||||
"message": "Response",
|
"message": "Response",
|
||||||
"status": s,
|
"status": status_code,
|
||||||
"response": d
|
"response": data
|
||||||
}
|
}
|
||||||
current_app.logger.info(log_data)
|
current_app.logger.info(log_data)
|
||||||
if d == {'response': 'No detailed message'}:
|
if data == {'response': 'No detailed message'}:
|
||||||
# status if no data
|
# status if no data
|
||||||
return s
|
return status_code
|
||||||
else:
|
else:
|
||||||
# return data from the response
|
# return data from the response
|
||||||
return d
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
@retry(stop_max_attempt_number=3, wait_fixed=5000)
|
||||||
|
def order_and_download_certificate(session, url, data):
|
||||||
|
"""
|
||||||
|
Helper function to place a certificacte order and download it
|
||||||
|
:param session:
|
||||||
|
:param url: Entrust endpoint url
|
||||||
|
:param data: CSR, and the required order details, such as validity length
|
||||||
|
:return: the cert chain
|
||||||
|
:raise Exception:
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
response = session.post(url, json=data, timeout=(15, 40))
|
||||||
|
except requests.exceptions.Timeout:
|
||||||
|
raise Exception("Timeout for POST")
|
||||||
|
except requests.exceptions.RequestException as e:
|
||||||
|
raise Exception(f"Error for POST {e}")
|
||||||
|
|
||||||
|
return handle_response(response)
|
||||||
|
|
||||||
|
|
||||||
class EntrustIssuerPlugin(IssuerPlugin):
|
class EntrustIssuerPlugin(IssuerPlugin):
|
||||||
|
@ -178,14 +197,8 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||||
data = process_options(issuer_options)
|
data = process_options(issuer_options)
|
||||||
data["csr"] = csr
|
data["csr"] = csr
|
||||||
|
|
||||||
try:
|
response_dict = order_and_download_certificate(self.session, url, data)
|
||||||
response = self.session.post(url, json=data, timeout=(15, 40))
|
|
||||||
except requests.exceptions.Timeout:
|
|
||||||
raise Exception("Timeout for POST")
|
|
||||||
except requests.exceptions.RequestException as e:
|
|
||||||
raise Exception(f"Error for POST {e}")
|
|
||||||
|
|
||||||
response_dict = handle_response(response)
|
|
||||||
external_id = response_dict['trackingId']
|
external_id = response_dict['trackingId']
|
||||||
cert = response_dict['endEntityCert']
|
cert = response_dict['endEntityCert']
|
||||||
if len(response_dict['chainCerts']) < 2:
|
if len(response_dict['chainCerts']) < 2:
|
||||||
|
@ -200,6 +213,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||||
|
|
||||||
return cert, chain, external_id
|
return cert, chain, external_id
|
||||||
|
|
||||||
|
@retry(stop_max_attempt_number=3, wait_fixed=1000)
|
||||||
def revoke_certificate(self, certificate, comments):
|
def revoke_certificate(self, certificate, comments):
|
||||||
"""Revoke an Entrust certificate."""
|
"""Revoke an Entrust certificate."""
|
||||||
base_url = current_app.config.get("ENTRUST_URL")
|
base_url = current_app.config.get("ENTRUST_URL")
|
||||||
|
@ -216,6 +230,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||||
metrics.send("entrust_revoke_certificate", "counter", 1)
|
metrics.send("entrust_revoke_certificate", "counter", 1)
|
||||||
return handle_response(response)
|
return handle_response(response)
|
||||||
|
|
||||||
|
@retry(stop_max_attempt_number=3, wait_fixed=1000)
|
||||||
def deactivate_certificate(self, certificate):
|
def deactivate_certificate(self, certificate):
|
||||||
"""Deactivates an Entrust certificate."""
|
"""Deactivates an Entrust certificate."""
|
||||||
base_url = current_app.config.get("ENTRUST_URL")
|
base_url = current_app.config.get("ENTRUST_URL")
|
||||||
|
@ -244,7 +259,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||||
def get_ordered_certificate(self, order_id):
|
def get_ordered_certificate(self, order_id):
|
||||||
raise NotImplementedError("Not implemented\n", self, order_id)
|
raise NotImplementedError("Not implemented\n", self, order_id)
|
||||||
|
|
||||||
def canceled_ordered_certificate(self, pending_cert, **kwargs):
|
def cancel_ordered_certificate(self, pending_cert, **kwargs):
|
||||||
raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs)
|
raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue