support for cross-signed subCA

2021-01-15 16:49:14 -08:00 · 2021-01-15 16:49:14 -08:00 · fef7c7a907
parent 88e587af11
commit fef7c7a907
1 changed files with 4 additions and 1 deletions
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -9,7 +9,7 @@ from lemur.constants import CRLReason
 from lemur.plugins import lemur_entrust as entrust
 from lemur.plugins.bases import IssuerPlugin, SourcePlugin
 from lemur.extensions import metrics
-from lemur.common.utils import validate_conf
+from lemur.common.utils import validate_conf, get_key_type_from_certificate


 def log_status_code(r, *args, **kwargs):
@ -251,6 +251,9 @@ class EntrustIssuerPlugin(IssuerPlugin):
        else:
            chain = response_dict['chainCerts'][1]

+        if current_app.config.get("ENTRUST_CROSS_SIGNED_RSA") and get_key_type_from_certificate(cert) == "RSA2048":
+            chain = current_app.config.get("ENTRUST_CROSS_SIGNED_RSA")
+
        log_data["message"] = "Received Chain"
        log_data["options"] = f"chain: {chain}"
        current_app.logger.info(log_data)