[fix] entrust-ca-handler - handling of serials with leading zero

grindsa · Nov 3, 2024 · cc7a20e · cc7a20e
1 parent ab070ef
commit cc7a20e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/examples/ca_handler/entrust_ca_handler.py b/examples/ca_handler/entrust_ca_handler.py
@@ -8,7 +8,7 @@
 import requests
 from requests_pkcs12 import Pkcs12Adapter
 # pylint: disable=e0401
-from acme_srv.helper import load_config, csr_cn_get, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, csr_san_get, header_info_get
+from acme_srv.helper import load_config, csr_cn_get, cert_pem2der, b64_encode, allowed_domainlist_check, eab_profile_header_info_check, uts_now, uts_to_date_utc, cert_serial_get, config_eab_profile_load, config_headerinfo_load, csr_san_get, header_info_get, b64_url_recode
 
 
 CONTENT_TYPE = 'application/json'
@@ -166,6 +166,11 @@ def _certificates_get_from_serial(self, cert_serial: str) -> List[str]:
         """ get certificates """
         self.logger.debug('CAhandler._certificates_get_from_serial()')
 
+        # for some reason entrust custs leading zeros from serial number
+        if cert_serial.startswith('0'):
+            self.logger.info('CAhandler._certificates_get_from_serial() remove leading zeros from serial number')
+            cert_serial = cert_serial.lstrip('0')
+
         code, content = self._api_get(self.api_url + f'/certificates?serialNumber={cert_serial}')
 
         if code == 200 and 'certificates' in content:
@@ -399,7 +404,9 @@ def _trackingid_get(self, cert_raw: str) -> int:
 
         tracking_id = None
         # we misuse header_info_get() to get the tracking id from database
-        pid_list = header_info_get(self.logger, csr=cert_raw, vlist=['poll_identifier'], field_name='cert_raw')
+        cert_recode = b64_url_recode(self.logger, cert_raw)
+        pid_list = header_info_get(self.logger, csr=cert_recode, vlist=['poll_identifier'], field_name='cert_raw')
+
         for ele in pid_list:
             if 'poll_identifier' in ele:
                 tracking_id = ele['poll_identifier']

diff --git a/test/test_entrust.py b/test/test_entrust.py
@@ -229,6 +229,14 @@ def test_022_certificates_get_from_serial(self, mock_api):
             self.assertFalse(self.cahandler._certificates_get_from_serial('serial'))
         self.assertIn('ERROR:test_a2c:CAhandler._certificates_get_from_serial() for serial failed with code: 200', lcm.output)
 
+    @patch('examples.ca_handler.entrust_ca_handler.CAhandler._api_get')
+    def test_023_certificates_get_from_serial(self, mock_api):
+        """ test certificates_get_from_serial """
+        mock_api.return_value = (200, {'certificates': ['foo', 'bar']})
+        with self.assertLogs('test_a2c', level='INFO') as lcm:
+            self.assertEqual(['foo', 'bar'], self.cahandler._certificates_get_from_serial('0serial'))
+        self.assertIn('INFO:test_a2c:CAhandler._certificates_get_from_serial() remove leading zeros from serial number', lcm.output)
+
     @patch('examples.ca_handler.entrust_ca_handler.config_headerinfo_load')
     @patch('examples.ca_handler.entrust_ca_handler.config_eab_profile_load')
     @patch('examples.ca_handler.entrust_ca_handler.CAhandler._config_root_load')