Merge pull request #3248 from sirferl/master
Entrust: Improve organization handling
This commit is contained in:
commit
cbdaa4e3e4
@ -45,7 +45,7 @@ def determine_end_date(end_date):
|
||||
return end_date.format('YYYY-MM-DD')
|
||||
|
||||
|
||||
def process_options(options):
|
||||
def process_options(options, client_id):
|
||||
"""
|
||||
Processes and maps the incoming issuer options to fields/options that
|
||||
Entrust understands
|
||||
@ -78,11 +78,37 @@ def process_options(options):
|
||||
"eku": "SERVER_AND_CLIENT_AUTH",
|
||||
"certType": product_type,
|
||||
"certExpiryDate": validity_end,
|
||||
"tracking": tracking_data
|
||||
# "keyType": "RSA", Entrust complaining about this parameter
|
||||
"tracking": tracking_data,
|
||||
"org": options.get("organization"),
|
||||
"clientId": client_id
|
||||
}
|
||||
return data
|
||||
|
||||
|
||||
def get_client_id(my_response, organization):
|
||||
"""
|
||||
Helper function for parsing responses from the Entrust API.
|
||||
:param content:
|
||||
:return: :raise Exception:
|
||||
"""
|
||||
try:
|
||||
d = json.loads(my_response.content)
|
||||
except ValueError:
|
||||
# catch an empty json object here
|
||||
d = {'response': 'No detailed message'}
|
||||
|
||||
found = False
|
||||
for y in d["organizations"]:
|
||||
if y["name"] == organization:
|
||||
found = True
|
||||
client_id = y["clientId"]
|
||||
if found:
|
||||
return client_id
|
||||
else:
|
||||
raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}")
|
||||
|
||||
|
||||
def handle_response(my_response):
|
||||
"""
|
||||
Helper function for parsing responses from the Entrust API.
|
||||
@ -192,9 +218,25 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||
}
|
||||
current_app.logger.info(log_data)
|
||||
|
||||
# firstly we need the organization ID
|
||||
url = current_app.config.get("ENTRUST_URL") + "/organizations"
|
||||
try:
|
||||
response = self.session.get(url, timeout=(15, 40))
|
||||
except requests.exceptions.Timeout:
|
||||
raise Exception("Timeout for Getting Organizations")
|
||||
except requests.exceptions.RequestException as e:
|
||||
raise Exception(f"Error for Getting Organization {e}")
|
||||
|
||||
client_id = get_client_id(response, issuer_options.get("organization"))
|
||||
log_data = {
|
||||
"function": f"{__name__}.{sys._getframe().f_code.co_name}",
|
||||
"message": f"Organization id: {client_id}"
|
||||
}
|
||||
current_app.logger.info(log_data)
|
||||
|
||||
url = current_app.config.get("ENTRUST_URL") + "/certificates"
|
||||
|
||||
data = process_options(issuer_options)
|
||||
data = process_options(issuer_options, client_id)
|
||||
data["csr"] = csr
|
||||
|
||||
response_dict = order_and_download_certificate(self.session, url, data)
|
||||
@ -202,7 +244,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
|
||||
external_id = response_dict['trackingId']
|
||||
cert = response_dict['endEntityCert']
|
||||
if len(response_dict['chainCerts']) < 2:
|
||||
# certificate signed by CA directly, no ICA included ini the chain
|
||||
# certificate signed by CA directly, no ICA included in the chain
|
||||
chain = None
|
||||
else:
|
||||
chain = response_dict['chainCerts'][1]
|
||||
|
@ -56,7 +56,10 @@ def test_process_options(mock_current_app, authority):
|
||||
"requesterName": mock_current_app.config.get("ENTRUST_NAME"),
|
||||
"requesterEmail": mock_current_app.config.get("ENTRUST_EMAIL"),
|
||||
"requesterPhone": mock_current_app.config.get("ENTRUST_PHONE")
|
||||
}
|
||||
},
|
||||
"org": "Example, Inc.",
|
||||
"clientId": 1
|
||||
}
|
||||
|
||||
assert expected == plugin.process_options(options)
|
||||
client_id = 1
|
||||
assert expected == plugin.process_options(options, client_id)
|
||||
|
Loading…
Reference in New Issue
Block a user