def test_create_authority(issuer_plugin, logged_in_admin):
from lemur.authorities.service import create
authority = create(plugin={
'plugin_object': issuer_plugin,
'slug': issuer_plugin.slug
},
owner='*****@*****.**',
type='root')
assert authority.authority_certificate
def test_create_authority(issuer_plugin, user):
from lemur.authorities.service import create
authority = create(
plugin={"plugin_object": issuer_plugin, "slug": issuer_plugin.slug},
owner="*****@*****.**",
type="root",
creator=user["user"],
)
assert authority.authority_certificate
def test_create_authority(issuer_plugin, user):
from lemur.authorities.service import create
from lemur.tests.factories import RoleFactory
authority = create(
plugin={
"plugin_object": issuer_plugin,
"slug": issuer_plugin.slug
},
owner=user["user"].email,
type="root",
name="example authority",
creator=user["user"],
roles=[RoleFactory(name="new-role-test_create_authority")])
assert authority.authority_certificate
assert authority.owner == user["user"].email
assert len(authority.roles) == 3
for role in authority.roles:
assert role.name in [
user["user"].email, "test_example_authority_admin",
"new-role-test_create_authority"
]
assert "test_example_authority_admin" not in user["user"].roles
assert "new-role-test_create_authority" not in user["user"].roles
def post(self, data=None):
"""
.. http:post:: /authorities
Create an authority
**Example request**:
.. sourcecode:: http
POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"country": "US",
"state": "California",
"location": "Los Gatos",
"organization": "Netflix",
"organizationalUnit": "Operations",
"type": "root",
"signingAlgorithm": "sha256WithRSA",
"sensitivity": "medium",
"keyType": "RSA2048",
"plugin": {
"slug": "cloudca-issuer"
},
"name": "TimeTestAuthority5",
"owner": "*****@*****.**",
"description": "test",
"commonName": "AcommonName",
"validityYears": "20",
"extensions": {
"subAltNames": {
"names": []
},
"custom": []
}
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"name": "TestAuthority",
"roles": [{
"id": 123,
"name": "*****@*****.**"
}, {
"id": 564,
"name": "TestAuthority_admin"
}, {
"id": 565,
"name": "TestAuthority_operator"
}],
"options": null,
"active": true,
"authorityCertificate": {
"body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
"status": true,
"cn": "AcommonName",
"description": "This is the ROOT certificate for the TestAuthority certificate authority.",
"chain": "",
"notBefore": "2016-06-02T00:00:15+00:00",
"notAfter": "2023-06-02T23:59:15+00:00",
"owner": "*****@*****.**",
"user": {
"username": "******",
"active": true,
"email": "*****@*****.**",
"id": 3
},
"active": true,
"bits": 2048,
"id": 2235,
"name": "TestAuthority"
},
"owner": "*****@*****.**",
"id": 43,
"description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
:arg name: authority's name
:arg description: a sensible description about what the CA with be used for
:arg owner: the team or person who 'owns' this authority
:arg validityStart: when this authority should start issuing certificates
:arg validityEnd: when this authority should stop issuing certificates
:arg validityYears: starting from `now` how many years into the future the authority should be valid
:arg extensions: certificate extensions
:arg plugin: name of the plugin to create the authority
:arg type: the type of authority (root/subca)
:arg parent: the parent authority if this is to be a subca
:arg signingAlgorithm: algorithm used to sign the authority
:arg keyType: key type
:arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM
:arg keyName: name of the key to store in the HSM (CloudCA)
:arg serialNumber: serial number of the authority
:arg firstSerial: specifies the starting serial number for certificates issued off of this authority
:reqheader Authorization: OAuth token to authenticate
:statuscode 403: unauthenticated
:statuscode 200: no error
"""
data['creator'] = g.current_user
return service.create(**data)
def test_create_authority(issuer_plugin, logged_in_admin):
from lemur.authorities.service import create
authority = create(plugin={'plugin_object': issuer_plugin, 'slug': issuer_plugin.slug}, owner='*****@*****.**', type='root')
assert authority.authority_certificate
def post(self, data=None):
"""
.. http:post:: /authorities
Create an authority
**Example request**:
.. sourcecode:: http
POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"country": "US",
"state": "California",
"location": "Los Gatos",
"organization": "Netflix",
"organizationalUnit": "Operations",
"type": "root",
"signingAlgorithm": "sha256WithRSA",
"sensitivity": "medium",
"keyType": "RSA2048",
"plugin": {
"slug": "cloudca-issuer",
},
"name": "TimeTestAuthority5",
"owner": "*****@*****.**",
"description": "test",
"commonName": "AcommonName",
"validityYears": "20",
"extensions": {
"subAltNames": {
"names": []
},
"custom": []
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"name": "TestAuthority",
"roles": [{
"id": 123,
"name": "*****@*****.**"
}, {
"id": 564,
"name": "TestAuthority_admin"
}, {
"id": 565,
"name": "TestAuthority_operator"
}],
"options": null,
"active": true,
"authorityCertificate": {
"body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
"status": true,
"cn": "AcommonName",
"description": "This is the ROOT certificate for the TestAuthority certificate authority.",
"chain": "",
"notBefore": "2016-06-02T00:00:15+00:00",
"notAfter": "2023-06-02T23:59:15+00:00",
"owner": "*****@*****.**",
"user": {
"username": "******",
"active": true,
"email": "*****@*****.**",
"id": 3
},
"active": true,
"bits": 2048,
"id": 2235,
"name": "TestAuthority"
},
"owner": "*****@*****.**",
"id": 43,
"description": "This is the ROOT certificate for the TestAuthority certificate authority."
}
:arg name: authority's name
:arg description: a sensible description about what the CA with be used for
:arg owner: the team or person who 'owns' this authority
:arg validityStart: when this authority should start issuing certificates
:arg validityEnd: when this authority should stop issuing certificates
:arg validityYears: starting from `now` how many years into the future the authority should be valid
:arg extensions: certificate extensions
:arg plugin: name of the plugin to create the authority
:arg type: the type of authority (root/subca)
:arg parent: the parent authority if this is to be a subca
:arg signingAlgorithm: algorithm used to sign the authority
:arg keyType: key type
:arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM
:arg keyName: name of the key to store in the HSM (CloudCA)
:arg serialNumber: serial number of the authority
:arg firstSerial: specifies the starting serial number for certificates issued off of this authority
:reqheader Authorization: OAuth token to authenticate
:statuscode 403: unauthenticated
:statuscode 200: no error
"""
data['creator'] = g.current_user
return service.create(**data)
def post(self, data=None):
"""
.. http:post:: /authorities
Create an authority
**Example request**:
.. sourcecode:: http
POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"caDN": {
"country": "US",
"state": "CA",
"location": "A Location",
"organization": "ExampleInc",
"organizationalUnit": "Operations",
"commonName": "a common name"
},
"caType": "root",
"caSigningAlgo": "sha256WithRSA",
"caSensitivity": "medium",
"keyType": "RSA2048",
"pluginName": "cloudca",
"validityStart": "2015-06-11T07:00:00.000Z",
"validityEnd": "2015-06-13T07:00:00.000Z",
"caName": "DoctestCA",
"ownerEmail": "*****@*****.**",
"caDescription": "Example CA",
"extensions": {
"subAltNames": {
"names": []
}
},
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "authority1",
"description": "this is authority1",
"pluginName": null,
"chain": "-----Begin ...",
"body": "-----Begin ...",
"active": true,
"notBefore": "2015-06-05T17:09:39",
"notAfter": "2015-06-10T17:09:39"
"options": null
}
:arg caName: authority's name
:arg caDescription: a sensible description about what the CA with be used for
:arg ownerEmail: the team or person who 'owns' this authority
:arg validityStart: when this authority should start issuing certificates
:arg validityEnd: when this authority should stop issuing certificates
:arg extensions: certificate extensions
:arg pluginName: name of the plugin to create the authority
:arg caType: the type of authority (root/subca)
:arg caParent: the parent authority if this is to be a subca
:arg caSigningAlgo: algorithm used to sign the authority
:arg keyType: key type
:arg caSensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM
:arg caKeyName: name of the key to store in the HSM (CloudCA)
:arg caSerialNumber: serial number of the authority
:arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority
:reqheader Authorization: OAuth token to authenticate
:statuscode 403: unauthenticated
:statuscode 200: no error
"""
return service.create(data)
def post(self):
"""
.. http:post:: /authorities
Create an authority
**Example request**:
.. sourcecode:: http
POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"caDN": {
"country": "US",
"state": "CA",
"location": "A Location",
"organization": "ExampleInc",
"organizationalUnit": "Operations",
"commonName": "a common name"
},
"caType": "root",
"caSigningAlgo": "sha256WithRSA",
"caSensitivity": "medium",
"keyType": "RSA2048",
"pluginName": "cloudca",
"validityStart": "2015-06-11T07:00:00.000Z",
"validityEnd": "2015-06-13T07:00:00.000Z",
"caName": "DoctestCA",
"ownerEmail": "*****@*****.**",
"caDescription": "Example CA",
"extensions": {
"subAltNames": {
"names": []
}
},
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "authority1",
"description": "this is authority1",
"pluginName": null,
"chain": "-----Begin ...",
"body": "-----Begin ...",
"active": true,
"notBefore": "2015-06-05T17:09:39",
"notAfter": "2015-06-10T17:09:39"
"options": null
}
:arg caName: authority's name
:arg caDescription: a sensible description about what the CA with be used for
:arg ownerEmail: the team or person who 'owns' this authority
:arg validityStart: when this authority should start issuing certificates
:arg validityEnd: when this authority should stop issuing certificates
:arg extensions: certificate extensions
:arg pluginName: name of the plugin to create the authority
:arg caType: the type of authority (root/subca)
:arg caParent: the parent authority if this is to be a subca
:arg caSigningAlgo: algorithm used to sign the authority
:arg keyType: key type
:arg caSensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored
in an HSM
:arg caKeyName: name of the key to store in the HSM (CloudCA)
:arg caSerialNumber: serial number of the authority
:arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority
:reqheader Authorization: OAuth token to authenticate
:statuscode 403: unauthenticated
:statuscode 200: no error
"""
self.reqparse.add_argument('caName',
type=str,
location='json',
required=True)
self.reqparse.add_argument('caDescription',
type=str,
location='json',
required=False)
self.reqparse.add_argument('ownerEmail',
type=str,
location='json',
required=True)
self.reqparse.add_argument('caDN',
type=dict,
location='json',
required=False)
self.reqparse.add_argument('validityStart',
type=str,
location='json',
required=False) # TODO validate
self.reqparse.add_argument('validityEnd',
type=str,
location='json',
required=False) # TODO validate
self.reqparse.add_argument('extensions',
type=dict,
location='json',
required=False)
self.reqparse.add_argument('pluginName',
type=str,
location='json',
required=True)
self.reqparse.add_argument('caType',
type=str,
location='json',
required=False)
self.reqparse.add_argument('caParent',
type=str,
location='json',
required=False)
self.reqparse.add_argument('caSigningAlgo',
type=str,
location='json',
required=False)
self.reqparse.add_argument('keyType',
type=str,
location='json',
required=False)
self.reqparse.add_argument('caSensitivity',
type=str,
location='json',
required=False)
self.reqparse.add_argument('caKeyName',
type=str,
location='json',
required=False)
self.reqparse.add_argument('caSerialNumber',
type=int,
location='json',
required=False)
self.reqparse.add_argument('caFirstSerial',
type=int,
location='json',
required=False)
args = self.reqparse.parse_args()
return service.create(args)
