Merge pull request #3361 from hosseinsh/entrust-cross-signed-subCA

Entrust cross signed sub ca
This commit is contained in:
Hossein Shafagh 2021-01-20 10:13:13 -08:00 committed by GitHub
commit f5899ea71b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 1 deletions

View File

@ -941,12 +941,20 @@ The following parameters have to be set in the configuration files.
If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names.
.. data:: ENTRUST_CROSS_SIGNED_RSA
:noindex:
This is optional. Entrust provides support for cross-signed subCAS. One can set ENTRUST_CROSS_SIGNED_RSA to the respective cross-signed subCA PEM, such as L1K, Lemur will replace the retrieved subCA with ENTRUST_CROSS_SIGNED_RSA.
.. data:: ENTRUST_USE_DEFAULT_CLIENT_ID
:noindex:
If set to True, Entrust will use the primary client ID of 1, which applies to most use-case.
Otherwise, Entrust will first lookup the clientId before ordering the certificate.
Verisign Issuer Plugin
~~~~~~~~~~~~~~~~~~~~~~

View File

@ -9,7 +9,7 @@ from lemur.constants import CRLReason
from lemur.plugins import lemur_entrust as entrust
from lemur.plugins.bases import IssuerPlugin, SourcePlugin
from lemur.extensions import metrics
from lemur.common.utils import validate_conf
from lemur.common.utils import validate_conf, get_key_type_from_certificate
def log_status_code(r, *args, **kwargs):
@ -259,6 +259,9 @@ class EntrustIssuerPlugin(IssuerPlugin):
else:
chain = response_dict['chainCerts'][1]
if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA") and get_key_type_from_certificate(cert) == "RSA2048":
chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA")
log_data["message"] = "Received Chain"
log_data["options"] = f"chain: {chain}"
current_app.logger.info(log_data)