Merge pull request #3248 from sirferl/master

Entrust: Improve organization handling
2020-11-16 18:41:59 -08:00 · 2020-11-16 18:41:59 -08:00 · cbdaa4e3e4
parent 33e34d76b2 15b97dc2ef
commit cbdaa4e3e4
2 changed files with 51 additions and 6 deletions
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -45,7 +45,7 @@ def determine_end_date(end_date):
    return end_date.format('YYYY-MM-DD')


-def process_options(options):
+def process_options(options, client_id):
    """
    Processes and maps the incoming issuer options to fields/options that
    Entrust understands
@ -78,11 +78,37 @@ def process_options(options):
        "eku": "SERVER_AND_CLIENT_AUTH",
        "certType": product_type,
        "certExpiryDate": validity_end,
-        "tracking": tracking_data
+        # "keyType": "RSA", Entrust complaining about this parameter
+        "tracking": tracking_data,
+        "org": options.get("organization"),
+        "clientId": client_id
    }
    return data


+def get_client_id(my_response, organization):
+    """
+    Helper function for parsing responses from the Entrust API.
+    :param content:
+    :return: :raise Exception:
+    """
+    try:
+        d = json.loads(my_response.content)
+    except ValueError:
+        # catch an empty json object here
+        d = {'response': 'No detailed message'}
+
+    found = False
+    for y in d["organizations"]:
+        if y["name"] == organization:
+            found = True
+            client_id = y["clientId"]
+    if found:
+        return client_id
+    else:
+        raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}")
+
+
 def handle_response(my_response):
    """
    Helper function for parsing responses from the Entrust API.
@ -192,9 +218,25 @@ class EntrustIssuerPlugin(IssuerPlugin):
        }
        current_app.logger.info(log_data)

+        # firstly we need the organization ID
+        url = current_app.config.get("ENTRUST_URL") + "/organizations"
+        try:
+            response = self.session.get(url, timeout=(15, 40))
+        except requests.exceptions.Timeout:
+            raise Exception("Timeout for Getting Organizations")
+        except requests.exceptions.RequestException as e:
+            raise Exception(f"Error for Getting Organization {e}")
+
+        client_id = get_client_id(response, issuer_options.get("organization"))
+        log_data = {
+            "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+            "message": f"Organization id: {client_id}"
+        }
+        current_app.logger.info(log_data)
+
        url = current_app.config.get("ENTRUST_URL") + "/certificates"

-        data = process_options(issuer_options)
+        data = process_options(issuer_options, client_id)
        data["csr"] = csr

        response_dict = order_and_download_certificate(self.session, url, data)
@ -202,7 +244,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
        external_id = response_dict['trackingId']
        cert = response_dict['endEntityCert']
        if len(response_dict['chainCerts']) < 2:
-            # certificate signed by CA directly, no ICA included ini the chain
+            # certificate signed by CA directly, no ICA included in the chain
            chain = None
        else:
            chain = response_dict['chainCerts'][1]
--- a/lemur/plugins/lemur_entrust/tests/test_entrust.py
+++ b/lemur/plugins/lemur_entrust/tests/test_entrust.py
@ -56,7 +56,10 @@ def test_process_options(mock_current_app, authority):
            "requesterName": mock_current_app.config.get("ENTRUST_NAME"),
            "requesterEmail": mock_current_app.config.get("ENTRUST_EMAIL"),
            "requesterPhone": mock_current_app.config.get("ENTRUST_PHONE")
-        }
+        },
+        "org": "Example, Inc.",
+        "clientId": 1
    }

-    assert expected == plugin.process_options(options)
+    client_id = 1
+    assert expected == plugin.process_options(options, client_id)