Entrust: add organization handling

2020-11-12 13:51:08 +01:00 · 2020-11-12 13:51:08 +01:00 · d4d51c702a
parent 723bf67957
commit d4d51c702a
1 changed files with 45 additions and 3 deletions
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -40,7 +40,7 @@ def determine_end_date(end_date):
    return end_date.format('YYYY-MM-DD')


-def process_options(options):
+def process_options(options, client_id):
    """
    Processes and maps the incoming issuer options to fields/options that
    Entrust understands
@ -74,10 +74,36 @@ def process_options(options):
        "certType": product_type,
        "certExpiryDate": validity_end,
        # "keyType": "RSA", Entrust complaining about this parameter
-        "tracking": tracking_data
+        "tracking": tracking_data,
+        "org": options.get("organization"),
+        "clientId": client_id
    }
    return data

+def get_client_id(my_response, organization):
+    """
+    Helper function for parsing responses from the Entrust API.
+    :param content:
+    :return: :raise Exception:
+    """
+    try:
+        d = json.loads(my_response.content)
+    except ValueError:
+        # catch an empty json object here
+        d = {'response': 'No detailed message'}
+    s = my_response.status_code
+    if s > 399:
+        raise Exception(f"ENTRUST error: {msg.get(s, s)}\n{d['errors']}")
+
+    found = False
+    for y in d["organizations"]:
+              if y["name"] == organization:
+                  found = True
+                  client_id = y["clientId"]
+    if found:
+       return client_id
+    else:
+       raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}")

 def handle_response(my_response):
    """
@ -163,9 +189,25 @@ class EntrustIssuerPlugin(IssuerPlugin):
        }
        current_app.logger.info(log_data)

+        #firstly we need the organization ID
+        url = current_app.config.get("ENTRUST_URL") + "/organizations"
+        try:
+            response = self.session.get(url, timeout=(15, 40))
+        except requests.exceptions.Timeout:
+            raise Exception("Timeout for Getting Organizations")
+        except requests.exceptions.RequestException as e:
+            raise Exception(f"Error for Getting Organization {e}")
+
+        client_id = get_client_id(response, issuer_options.get("organization"))
+        log_data = {
+            "function": f"{__name__}.{sys._getframe().f_code.co_name}",
+            "message": f"Organization id: {client_id}"
+        }
+        current_app.logger.info(log_data)
+
        url = current_app.config.get("ENTRUST_URL") + "/certificates"

-        data = process_options(issuer_options)
+        data = process_options(issuer_options, client_id)
        data["csr"] = csr

        try: