Merge pull request #3248 from sirferl/master

Entrust: Improve organization handling

lemur/plugins/lemur_entrust/plugin.py

@@ -45,7 +45,7 @@ def determine_end_date(end_date):
     return end_date.format('YYYY-MM-DD')
 
 
-def process_options(options):
+def process_options(options, client_id):
     """
     Processes and maps the incoming issuer options to fields/options that
     Entrust understands
@@ -78,11 +78,37 @@ def process_options(options):
         "eku": "SERVER_AND_CLIENT_AUTH",
         "certType": product_type,
         "certExpiryDate": validity_end,
-        "tracking": tracking_data
+        # "keyType": "RSA", Entrust complaining about this parameter
+        "tracking": tracking_data,
+        "org": options.get("organization"),
+        "clientId": client_id
     }
     return data
 
 
+def get_client_id(my_response, organization):
+    """
+    Helper function for parsing responses from the Entrust API.
+    :param content:
+    :return: :raise Exception:
+    """
+    try:
+        d = json.loads(my_response.content)
+    except ValueError:
+        # catch an empty json object here
+        d = {'response': 'No detailed message'}
+
+    found = False
+    for y in d["organizations"]:
+        if y["name"] == organization:
+            found = True
+            client_id = y["clientId"]
+    if found:
+        return client_id
+    else:
+        raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}")
+
+
 def handle_response(my_response):
     """
     Helper function for parsing responses from the Entrust API.
@@ -192,9 +218,25 @@ class EntrustIssuerPlugin(IssuerPlugin):
         }
         current_app.logger.info(log_data)
 
+        # firstly we need the organization ID
+        url = current_app.config.get("ENTRUST_URL") + "/organizations"
+        try:
+            response = self.session.get(url, timeout=(15, 40))
+        except requests.exceptions.Timeout:
+            raise Exception("Timeout for Getting Organizations")
+        except requests.exceptions.RequestException as e:
+            raise Exception(f"Error for Getting Organization {e}")
+
+        client_id = get_client_id(response, issuer_options.get("organization"))
+        log_data = {
+            "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+            "message": f"Organization id: {client_id}"
+        }
+        current_app.logger.info(log_data)
+
         url = current_app.config.get("ENTRUST_URL") + "/certificates"
 
-        data = process_options(issuer_options)
+        data = process_options(issuer_options, client_id)
         data["csr"] = csr
 
         response_dict = order_and_download_certificate(self.session, url, data)
@@ -202,7 +244,7 @@ class EntrustIssuerPlugin(IssuerPlugin):
         external_id = response_dict['trackingId']
         cert = response_dict['endEntityCert']
         if len(response_dict['chainCerts']) < 2:
-            # certificate signed by CA directly, no ICA included ini the chain
+            # certificate signed by CA directly, no ICA included in the chain
             chain = None
         else:
             chain = response_dict['chainCerts'][1]

lemur/plugins/lemur_entrust/tests/test_entrust.py

@@ -56,7 +56,10 @@ def test_process_options(mock_current_app, authority):
             "requesterName": mock_current_app.config.get("ENTRUST_NAME"),
             "requesterEmail": mock_current_app.config.get("ENTRUST_EMAIL"),
             "requesterPhone": mock_current_app.config.get("ENTRUST_PHONE")
-        }
+        },
+        "org": "Example, Inc.",
+        "clientId": 1
     }
 
-    assert expected == plugin.process_options(options)
+    client_id = 1
+    assert expected == plugin.process_options(options, client_id)