Merge branch 'master' into log_update

This commit is contained in:
charhate 2020-10-28 16:52:19 -07:00 committed by GitHub
commit 6adf94d28f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 23 deletions

View File

@ -234,7 +234,7 @@ def handle_cis_response(response):
return response.json() return response.json()
@retry(stop_max_attempt_number=10, wait_fixed=10000) @retry(stop_max_attempt_number=10, wait_fixed=1000)
def get_certificate_id(session, base_url, order_id): def get_certificate_id(session, base_url, order_id):
"""Retrieve certificate order id from Digicert API.""" """Retrieve certificate order id from Digicert API."""
order_url = "{0}/services/v2/order/certificate/{1}".format(base_url, order_id) order_url = "{0}/services/v2/order/certificate/{1}".format(base_url, order_id)
@ -245,7 +245,7 @@ def get_certificate_id(session, base_url, order_id):
return response_data["certificate"]["id"] return response_data["certificate"]["id"]
@retry(stop_max_attempt_number=10, wait_fixed=10000) @retry(stop_max_attempt_number=10, wait_fixed=1000)
def get_cis_certificate(session, base_url, order_id): def get_cis_certificate(session, base_url, order_id):
"""Retrieve certificate order id from Digicert API, including the chain""" """Retrieve certificate order id from Digicert API, including the chain"""
certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id) certificate_url = "{0}/platform/cis/certificate/{1}/download".format(base_url, order_id)

View File

@ -1,9 +1,9 @@
import arrow import arrow
import requests import requests
import json import json
import sys import sys
from flask import current_app from flask import current_app
from retrying import retry
from lemur.plugins import lemur_entrust as entrust from lemur.plugins import lemur_entrust as entrust
from lemur.plugins.bases import IssuerPlugin, SourcePlugin from lemur.plugins.bases import IssuerPlugin, SourcePlugin
@ -78,7 +78,6 @@ def process_options(options):
"eku": "SERVER_AND_CLIENT_AUTH", "eku": "SERVER_AND_CLIENT_AUTH",
"certType": product_type, "certType": product_type,
"certExpiryDate": validity_end, "certExpiryDate": validity_end,
# "keyType": "RSA", Entrust complaining about this parameter
"tracking": tracking_data "tracking": tracking_data
} }
return data return data
@ -87,7 +86,7 @@ def process_options(options):
def handle_response(my_response): def handle_response(my_response):
""" """
Helper function for parsing responses from the Entrust API. Helper function for parsing responses from the Entrust API.
:param content: :param my_response:
:return: :raise Exception: :return: :raise Exception:
""" """
msg = { msg = {
@ -100,27 +99,47 @@ def handle_response(my_response):
} }
try: try:
d = json.loads(my_response.content) data = json.loads(my_response.content)
except ValueError: except ValueError:
# catch an empty jason object here # catch an empty jason object here
d = {'response': 'No detailed message'} data = {'response': 'No detailed message'}
s = my_response.status_code status_code = my_response.status_code
if s > 399: if status_code > 399:
raise Exception(f"ENTRUST error: {msg.get(s, s)}\n{d['errors']}") raise Exception(f"ENTRUST error: {msg.get(status_code, status_code)}\n{data['errors']}")
log_data = { log_data = {
"function": f"{__name__}.{sys._getframe().f_code.co_name}", "function": f"{__name__}.{sys._getframe().f_code.co_name}",
"message": "Response", "message": "Response",
"status": s, "status": status_code,
"response": d "response": data
} }
current_app.logger.info(log_data) current_app.logger.info(log_data)
if d == {'response': 'No detailed message'}: if data == {'response': 'No detailed message'}:
# status if no data # status if no data
return s return status_code
else: else:
# return data from the response # return data from the response
return d return data
@retry(stop_max_attempt_number=3, wait_fixed=5000)
def order_and_download_certificate(session, url, data):
"""
Helper function to place a certificacte order and download it
:param session:
:param url: Entrust endpoint url
:param data: CSR, and the required order details, such as validity length
:return: the cert chain
:raise Exception:
"""
try:
response = session.post(url, json=data, timeout=(15, 40))
except requests.exceptions.Timeout:
raise Exception("Timeout for POST")
except requests.exceptions.RequestException as e:
raise Exception(f"Error for POST {e}")
return handle_response(response)
class EntrustIssuerPlugin(IssuerPlugin): class EntrustIssuerPlugin(IssuerPlugin):
@ -178,14 +197,8 @@ class EntrustIssuerPlugin(IssuerPlugin):
data = process_options(issuer_options) data = process_options(issuer_options)
data["csr"] = csr data["csr"] = csr
try: response_dict = order_and_download_certificate(self.session, url, data)
response = self.session.post(url, json=data, timeout=(15, 40))
except requests.exceptions.Timeout:
raise Exception("Timeout for POST")
except requests.exceptions.RequestException as e:
raise Exception(f"Error for POST {e}")
response_dict = handle_response(response)
external_id = response_dict['trackingId'] external_id = response_dict['trackingId']
cert = response_dict['endEntityCert'] cert = response_dict['endEntityCert']
if len(response_dict['chainCerts']) < 2: if len(response_dict['chainCerts']) < 2:
@ -200,6 +213,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
return cert, chain, external_id return cert, chain, external_id
@retry(stop_max_attempt_number=3, wait_fixed=1000)
def revoke_certificate(self, certificate, comments): def revoke_certificate(self, certificate, comments):
"""Revoke an Entrust certificate.""" """Revoke an Entrust certificate."""
base_url = current_app.config.get("ENTRUST_URL") base_url = current_app.config.get("ENTRUST_URL")
@ -216,6 +230,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
metrics.send("entrust_revoke_certificate", "counter", 1) metrics.send("entrust_revoke_certificate", "counter", 1)
return handle_response(response) return handle_response(response)
@retry(stop_max_attempt_number=3, wait_fixed=1000)
def deactivate_certificate(self, certificate): def deactivate_certificate(self, certificate):
"""Deactivates an Entrust certificate.""" """Deactivates an Entrust certificate."""
base_url = current_app.config.get("ENTRUST_URL") base_url = current_app.config.get("ENTRUST_URL")
@ -244,7 +259,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
def get_ordered_certificate(self, order_id): def get_ordered_certificate(self, order_id):
raise NotImplementedError("Not implemented\n", self, order_id) raise NotImplementedError("Not implemented\n", self, order_id)
def canceled_ordered_certificate(self, pending_cert, **kwargs): def cancel_ordered_certificate(self, pending_cert, **kwargs):
raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs) raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs)