Merge pull request #3248 from sirferl/master

Entrust: Improve organization handling
This commit is contained in:
Hossein Shafagh 2020-11-16 18:41:59 -08:00 committed by GitHub
commit cbdaa4e3e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 6 deletions

View File

@ -45,7 +45,7 @@ def determine_end_date(end_date):
return end_date.format('YYYY-MM-DD')
def process_options(options):
def process_options(options, client_id):
"""
Processes and maps the incoming issuer options to fields/options that
Entrust understands
@ -78,11 +78,37 @@ def process_options(options):
"eku": "SERVER_AND_CLIENT_AUTH",
"certType": product_type,
"certExpiryDate": validity_end,
"tracking": tracking_data
# "keyType": "RSA", Entrust complaining about this parameter
"tracking": tracking_data,
"org": options.get("organization"),
"clientId": client_id
}
return data
def get_client_id(my_response, organization):
"""
Helper function for parsing responses from the Entrust API.
:param content:
:return: :raise Exception:
"""
try:
d = json.loads(my_response.content)
except ValueError:
# catch an empty json object here
d = {'response': 'No detailed message'}
found = False
for y in d["organizations"]:
if y["name"] == organization:
found = True
client_id = y["clientId"]
if found:
return client_id
else:
raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}")
def handle_response(my_response):
"""
Helper function for parsing responses from the Entrust API.
@ -192,9 +218,25 @@ class EntrustIssuerPlugin(IssuerPlugin):
}
current_app.logger.info(log_data)
# firstly we need the organization ID
url = current_app.config.get("ENTRUST_URL") + "/organizations"
try:
response = self.session.get(url, timeout=(15, 40))
except requests.exceptions.Timeout:
raise Exception("Timeout for Getting Organizations")
except requests.exceptions.RequestException as e:
raise Exception(f"Error for Getting Organization {e}")
client_id = get_client_id(response, issuer_options.get("organization"))
log_data = {
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
"message": f"Organization id: {client_id}"
}
current_app.logger.info(log_data)
url = current_app.config.get("ENTRUST_URL") + "/certificates"
data = process_options(issuer_options)
data = process_options(issuer_options, client_id)
data["csr"] = csr
response_dict = order_and_download_certificate(self.session, url, data)
@ -202,7 +244,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
external_id = response_dict['trackingId']
cert = response_dict['endEntityCert']
if len(response_dict['chainCerts']) < 2:
# certificate signed by CA directly, no ICA included ini the chain
# certificate signed by CA directly, no ICA included in the chain
chain = None
else:
chain = response_dict['chainCerts'][1]

View File

@ -56,7 +56,10 @@ def test_process_options(mock_current_app, authority):
"requesterName": mock_current_app.config.get("ENTRUST_NAME"),
"requesterEmail": mock_current_app.config.get("ENTRUST_EMAIL"),
"requesterPhone": mock_current_app.config.get("ENTRUST_PHONE")
}
},
"org": "Example, Inc.",
"clientId": 1
}
assert expected == plugin.process_options(options)
client_id = 1
assert expected == plugin.process_options(options, client_id)