in case no cert match via name-search, search via the cert itself (serial number, hash comparison)

This commit is contained in:
Hossein Shafagh 2019-10-18 08:48:11 -07:00
parent d43e859c34
commit f075c5af3d
1 changed files with 32 additions and 7 deletions

View File

@ -66,7 +66,7 @@ def sync_update_destination(certificate, source):
def sync_endpoints(source): def sync_endpoints(source):
new, updated = 0, 0 new, updated, updated_by_hash = 0, 0, 0
current_app.logger.debug("Retrieving endpoints from {0}".format(source.label)) current_app.logger.debug("Retrieving endpoints from {0}".format(source.label))
s = plugins.get(source.plugin_name) s = plugins.get(source.plugin_name)
@ -89,6 +89,29 @@ def sync_endpoints(source):
endpoint["certificate"] = certificate_service.get_by_name(certificate_name) endpoint["certificate"] = certificate_service.get_by_name(certificate_name)
# if get cert by name failed, we attempt a search via serial number and hash comparison
# and link the endpoint certificate to Lemur certificate
if not endpoint["certificate"]:
certificate_attached_to_endpoint = endpoint.pop("certificate")
if certificate_attached_to_endpoint:
lemur_matching_cert, updated_by_hash_tmp = find_cert(certificate_attached_to_endpoint)
updated_by_hash += updated_by_hash_tmp
if lemur_matching_cert:
endpoint["certificate"] = lemur_matching_cert[0]
if len(lemur_matching_cert) > 1:
current_app.logger.error(
"Too Many Certificates Found. Name: {0} Endpoint: {1}".format(
certificate_name, endpoint["name"]
)
)
metrics.send("endpoint.certificate.conflict",
"counter", 1,
metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
"acct": s.get_option("accountNumber", source.options)})
# this indicates the we were not able to describe the endpoint cert
if not endpoint["certificate"]: if not endpoint["certificate"]:
current_app.logger.error( current_app.logger.error(
"Certificate Not Found. Name: {0} Endpoint: {1}".format( "Certificate Not Found. Name: {0} Endpoint: {1}".format(
@ -97,7 +120,8 @@ def sync_endpoints(source):
) )
metrics.send("endpoint.certificate.not.found", metrics.send("endpoint.certificate.not.found",
"counter", 1, "counter", 1,
metric_tags={"cert": certificate_name, "endpoint": endpoint["name"], "acct": s.get_option("accountNumber", source.options)}) metric_tags={"cert": certificate_name, "endpoint": endpoint["name"],
"acct": s.get_option("accountNumber", source.options)})
continue continue
policy = endpoint.pop("policy") policy = endpoint.pop("policy")
@ -122,7 +146,8 @@ def sync_endpoints(source):
endpoint_service.update(exists.id, **endpoint) endpoint_service.update(exists.id, **endpoint)
updated += 1 updated += 1
return new, updated return new, updated, updated_by_hash
def find_cert(certificate): def find_cert(certificate):
updated_by_hash = 0 updated_by_hash = 0
@ -159,7 +184,7 @@ def sync_certificates(source, user):
certificates = s.get_certificates(source.options) certificates = s.get_certificates(source.options)
for certificate in certificates: for certificate in certificates:
exists, updated_by_hash = find_cert(certificate) exists, updated_by_hash = find_cert(certificate)
if not certificate.get("owner"): if not certificate.get("owner"):
certificate["owner"] = user.email certificate["owner"] = user.email
@ -179,12 +204,12 @@ def sync_certificates(source, user):
certificate_update(e, source) certificate_update(e, source)
updated += 1 updated += 1
return new, updated return new, updated, updated_by_hash
def sync(source, user): def sync(source, user):
new_certs, updated_certs = sync_certificates(source, user) new_certs, updated_certs, updated_certs_by_hash = sync_certificates(source, user)
new_endpoints, updated_endpoints = sync_endpoints(source) new_endpoints, updated_endpoints, updated_endpoints_by_hash = sync_endpoints(source)
source.last_run = arrow.utcnow() source.last_run = arrow.utcnow()
database.update(source) database.update(source)