in lemur/plugins/lemur_entrust/plugin.py [0:0]
def process_options(options, client_id, csr=None):
"""
Processes and maps the incoming issuer options to fields/options that
Entrust understands
:param options:
:param csr:
:return: dict of valid entrust options
"""
# if there is a config variable ENTRUST_PRODUCT_<upper(authority.name)>
# take the value as Cert product-type
# else default to "STANDARD_SSL"
authority = options.get("authority").name.upper()
# STANDARD_SSL (cn=domain, san=www.domain),
# ADVANTAGE_SSL (cn=domain, san=[www.domain, one_more_option]),
# WILDCARD_SSL (unlimited sans, and wildcard)
product_type = current_app.config.get(f"ENTRUST_PRODUCT_{authority}", "STANDARD_SSL")
if options.get("validity_end"):
validity_end = determine_end_date(options.get("validity_end"))
else:
validity_end = determine_end_date(False)
tracking_data = {
"requesterName": current_app.config.get("ENTRUST_NAME"),
"requesterEmail": current_app.config.get("ENTRUST_EMAIL"),
"requesterPhone": current_app.config.get("ENTRUST_PHONE")
}
eku = "SERVER_AND_CLIENT_AUTH"
if current_app.config.get("ENTRUST_INFER_EKU", False) and csr:
ekus = get_ekus(csr)
client_auth = any(usage._name == 'clientAuth' for usage in ekus.value)
server_auth = any(usage._name == 'serverAuth' for usage in ekus.value)
if client_auth and not server_auth:
eku = "CLIENT_AUTH"
elif server_auth and not client_auth:
eku = "SERVER_AUTH"
data = {
"signingAlg": "SHA-2",
"certType": product_type,
"certExpiryDate": validity_end,
"tracking": tracking_data,
"org": options.get("organization"),
"clientId": client_id,
"eku": eku,
}
return data