Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adding multi profile name support with DigiCert plug. 

This requires that the configs are a dict, with multiple entries, where the key is the name of the Authority used to issue certs with.

DIGICERT_CIS_PROFILE_NAMES = {"sha2-rsa-ecc-root": "ssl_plus"}
DIGICERT_CIS_ROOTS = {"root": "ROOT"}
DIGICERT_CIS_INTERMEDIATES = {"inter": "INTERMEDIATE_CA_CERT"}

Hence, in DB one need to add
1) the corresponding authority table, with digicert-cis-issuer. Note the names here are used to mapping in the above config
2) the corresponding intermediary in the certificate table , with root_aurhority_id set to the id of the new authority_id
This commit is contained in:
Hossein Shafagh 2019-08-07 10:24:38 -07:00
parent bbc3bf513d
commit b885cdf9d0
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lemur/plugins/lemur_digicert/plugin.py
View File

@ -158,7 +158,7 @@ def map_cis_fields(options, csr):
) )
data = { data = {
"profile_name": current_app.config.get("DIGICERT_CIS_PROFILE_NAME"), "profile_name": current_app.config.get("DIGICERT_CIS_PROFILE_NAMES")[options['authority'].name],
"common_name": options["common_name"], "common_name": options["common_name"],
"additional_dns_names": get_additional_names(options), "additional_dns_names": get_additional_names(options),
"csr": csr, "csr": csr,
@ -423,9 +423,9 @@ class DigiCertCISSourcePlugin(SourcePlugin):
required_vars = [ required_vars = [
"DIGICERT_CIS_API_KEY", "DIGICERT_CIS_API_KEY",
"DIGICERT_CIS_URL", "DIGICERT_CIS_URL",
"DIGICERT_CIS_ROOT", "DIGICERT_CIS_ROOTS",
"DIGICERT_CIS_INTERMEDIATE", "DIGICERT_CIS_INTERMEDIATES",
"DIGICERT_CIS_PROFILE_NAME", "DIGICERT_CIS_PROFILE_NAMES",
] ]
validate_conf(current_app, required_vars) validate_conf(current_app, required_vars)
@ -498,9 +498,9 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
required_vars = [ required_vars = [
"DIGICERT_CIS_API_KEY", "DIGICERT_CIS_API_KEY",
"DIGICERT_CIS_URL", "DIGICERT_CIS_URL",
"DIGICERT_CIS_ROOT", "DIGICERT_CIS_ROOTS",
"DIGICERT_CIS_INTERMEDIATE", "DIGICERT_CIS_INTERMEDIATES",
"DIGICERT_CIS_PROFILE_NAME", "DIGICERT_CIS_PROFILE_NAMES",
] ]
validate_conf(current_app, required_vars) validate_conf(current_app, required_vars)
@ -537,14 +537,14 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
if "ECC" in issuer_options["key_type"]: if "ECC" in issuer_options["key_type"]:
return ( return (
"\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines()),
current_app.config.get("DIGICERT_ECC_CIS_INTERMEDIATE"), current_app.config.get("DIGICERT_ECC_CIS_INTERMEDIATES")[issuer_options['authority'].name],
data["id"], data["id"],
) )
# By default return RSA # By default return RSA
return ( return (
"\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines()),
current_app.config.get("DIGICERT_CIS_INTERMEDIATE"), current_app.config.get("DIGICERT_CIS_INTERMEDIATES")[issuer_options['authority'].name],
data["id"], data["id"],
) )
@ -577,4 +577,4 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
:return: :return:
""" """
role = {"username": "", "password": "", "name": "digicert"} role = {"username": "", "password": "", "name": "digicert"}
return current_app.config.get("DIGICERT_CIS_ROOT"), "", [role] return current_app.config.get("DIGICERT_CIS_ROOTS")[options['authority'].name], "", [role]