From d4d51c702a8f835ef7963681d73dee3af6666b41 Mon Sep 17 00:00:00 2001 From: sirferl Date: Thu, 12 Nov 2020 13:51:08 +0100 Subject: [PATCH] Entrust: add organization handling --- lemur/plugins/lemur_entrust/plugin.py | 48 +++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 3 deletions(-) diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py index 9b7848ed..5a6daf05 100644 --- a/lemur/plugins/lemur_entrust/plugin.py +++ b/lemur/plugins/lemur_entrust/plugin.py @@ -40,7 +40,7 @@ def determine_end_date(end_date): return end_date.format('YYYY-MM-DD') -def process_options(options): +def process_options(options, client_id): """ Processes and maps the incoming issuer options to fields/options that Entrust understands @@ -74,10 +74,36 @@ def process_options(options): "certType": product_type, "certExpiryDate": validity_end, # "keyType": "RSA", Entrust complaining about this parameter - "tracking": tracking_data + "tracking": tracking_data, + "org": options.get("organization"), + "clientId": client_id } return data +def get_client_id(my_response, organization): + """ + Helper function for parsing responses from the Entrust API. + :param content: + :return: :raise Exception: + """ + try: + d = json.loads(my_response.content) + except ValueError: + # catch an empty json object here + d = {'response': 'No detailed message'} + s = my_response.status_code + if s > 399: + raise Exception(f"ENTRUST error: {msg.get(s, s)}\n{d['errors']}") + + found = False + for y in d["organizations"]: + if y["name"] == organization: + found = True + client_id = y["clientId"] + if found: + return client_id + else: + raise Exception(f"Error on Organization - Use on of the List: {d['organizations']}") def handle_response(my_response): """ @@ -163,9 +189,25 @@ class EntrustIssuerPlugin(IssuerPlugin): } current_app.logger.info(log_data) + #firstly we need the organization ID + url = current_app.config.get("ENTRUST_URL") + "/organizations" + try: + response = self.session.get(url, timeout=(15, 40)) + except requests.exceptions.Timeout: + raise Exception("Timeout for Getting Organizations") + except requests.exceptions.RequestException as e: + raise Exception(f"Error for Getting Organization {e}") + + client_id = get_client_id(response, issuer_options.get("organization")) + log_data = { + "function": f"{__name__}.{sys._getframe().f_code.co_name}", + "message": f"Organization id: {client_id}" + } + current_app.logger.info(log_data) + url = current_app.config.get("ENTRUST_URL") + "/certificates" - data = process_options(issuer_options) + data = process_options(issuer_options, client_id) data["csr"] = csr try: