Example #1
0
def test_upload(user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', creator=user['user'])
    assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
    assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
    assert cert.issuer == 'Example'
    assert cert.name == 'long.lived.com-Example-20150626-20400101-3'

    cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName', creator=user['user'])
    assert 'ACustomName' in cert.name
Example #2
0
def test_upload(user):
    from lemur.certificates.service import upload
    cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', creator=user['user'])
    assert str(cert.not_after) == '2040-01-01T20:30:52+00:00'
    assert str(cert.not_before) == '2015-06-26T20:30:52+00:00'
    assert cert.issuer == 'Example'
    assert cert.name == 'long.lived.com-Example-20150626-20400101-3'

    cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', name='ACustomName', creator=user['user'])
    assert 'ACustomName' in cert.name
Example #3
0
def test_upload(logged_in_user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**')
    assert str(cert.not_after) == '2040-01-01 20:30:52'
    assert str(cert.not_before) == '2015-06-26 20:30:52'
    assert cert.issuer == 'Example'
    assert cert.name == 'long.lived.com-Example-20150626-20400101-2'

    cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName')
    assert 'ACustomName' in cert.name
Example #4
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    body, private_key, chain, roles = mint(**kwargs)

    kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles))

    kwargs["body"] = body
    kwargs["private_key"] = private_key
    kwargs["chain"] = chain

    if kwargs.get("roles"):
        kwargs["roles"] += roles
    else:
        kwargs["roles"] = roles

    cert = upload(**kwargs)
    kwargs["authority_certificate"] = cert
    if kwargs.get("plugin", {}).get("plugin_options", []):
        kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"])

    authority = Authority(**kwargs)
    authority = database.create(authority)
    kwargs["creator"].authorities.append(authority)

    metrics.send("authority_created",
                 "counter",
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #5
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    kwargs['creator'] = g.user.email
    body, chain, roles = mint(**kwargs)

    kwargs['body'] = body
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    if kwargs['type'] == 'subca':
        description = "This is the ROOT certificate for the {0} sub certificate authority the parent \
                                authority is {1}.".format(kwargs.get('name'), kwargs.get('parent'))
    else:
        description = "This is the ROOT certificate for the {0} certificate authority.".format(
            kwargs.get('name')
        )

    kwargs['description'] = description

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert

    authority = Authority(**kwargs)
    authority = database.create(authority)
    g.user.authorities.append(authority)

    metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner))
    return authority
Example #6
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    kwargs['creator'] = g.user.email
    body, private_key, chain, roles = mint(**kwargs)

    g.user.roles = list(set(list(g.user.roles) + roles))

    kwargs['body'] = body
    kwargs['private_key'] = private_key
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert

    authority = Authority(**kwargs)
    authority = database.create(authority)
    g.user.authorities.append(authority)

    metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner))
    return authority
Example #7
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    body, private_key, chain, roles = mint(**kwargs)

    kwargs['creator'].roles = list(set(list(kwargs['creator'].roles) + roles))

    kwargs['body'] = body
    kwargs['private_key'] = private_key
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert
    if kwargs.get('plugin', {}).get('plugin_options', []):
        kwargs['options'] = json.dumps(kwargs['plugin']['plugin_options'])

    authority = Authority(**kwargs)
    authority = database.create(authority)
    kwargs['creator'].authorities.append(authority)

    metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner))
    return authority
Example #8
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    kwargs['creator'] = g.user.email
    body, private_key, chain, roles = mint(**kwargs)

    g.user.roles = list(set(list(g.user.roles) + roles))

    kwargs['body'] = body
    kwargs['private_key'] = private_key
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert

    authority = Authority(**kwargs)
    authority = database.create(authority)
    g.user.authorities.append(authority)

    metrics.send('authority_created',
                 'counter',
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #9
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    body, private_key, chain, roles = mint(**kwargs)

    kwargs['creator'].roles = list(set(list(kwargs['creator'].roles) + roles))

    kwargs['body'] = body
    kwargs['private_key'] = private_key
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert
    if kwargs.get('plugin', {}).get('plugin_options', []):
        kwargs['options'] = json.dumps(kwargs['plugin']['plugin_options'])

    authority = Authority(**kwargs)
    authority = database.create(authority)
    kwargs['creator'].authorities.append(authority)

    metrics.send('authority_created',
                 'counter',
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #10
0
def test_upload(logged_in_user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR,
                  chain=INTERNAL_VALID_SAN_STR,
                  private_key=PRIVATE_KEY_STR,
                  owner='*****@*****.**')
    assert str(cert.not_after) == '2040-01-01 20:30:52'
    assert str(cert.not_before) == '2015-06-26 20:30:52'
    assert cert.issuer == 'Example'
    assert cert.name == 'long.lived.com-Example-20150626-20400101-2'

    cert = upload(body=INTERNAL_VALID_LONG_STR,
                  chain=INTERNAL_VALID_SAN_STR,
                  private_key=PRIVATE_KEY_STR,
                  owner='*****@*****.**',
                  name='ACustomName')
    assert cert.name == 'ACustomName'
Example #11
0
def test_upload_private_key_str(logged_in_user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR,
                  chain=INTERNAL_VALID_SAN_STR,
                  private_key=PRIVATE_KEY_STR.decode('utf-8'),
                  owner='*****@*****.**',
                  name='ACustomName')
    assert cert
Example #12
0
def test_upload_private_key_str(user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR,
                  chain=INTERNAL_VALID_SAN_STR,
                  private_key=PRIVATE_KEY_STR,
                  owner='*****@*****.**',
                  name='ACustomName',
                  creator=user['user'])
    assert cert
Example #13
0
def test_upload_private_key_str(user):
    from lemur.certificates.service import upload
    cert = upload(body=SAN_CERT_STR,
                  chain=INTERMEDIATE_CERT_STR,
                  private_key=SAN_CERT_KEY,
                  owner='*****@*****.**',
                  name='ACustomName',
                  creator=user['user'])
    assert cert
Example #14
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    ca_name = kwargs.get("name")
    if get_by_name(ca_name):
        raise Exception(f"Authority with name {ca_name} already exists")
    if role_service.get_by_name(
            f"{ca_name}_admin") or role_service.get_by_name(
                f"{ca_name}_operator"):
        raise Exception(
            f"Admin and/or operator roles for authority {ca_name} already exist"
        )

    body, private_key, chain, roles = mint(**kwargs)

    kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles))

    kwargs["body"] = body
    kwargs["private_key"] = private_key
    kwargs["chain"] = chain

    if kwargs.get("roles"):
        kwargs["roles"] += roles
    else:
        kwargs["roles"] = roles

    cert = upload(**kwargs)
    kwargs["authority_certificate"] = cert
    if kwargs.get("plugin", {}).get("plugin_options", []):
        # encrypt the private key before persisting in DB
        for option in kwargs.get("plugin").get("plugin_options"):
            if option["name"] == "acme_private_key" and option["value"]:
                option["value"] = data_encrypt(option["value"])
        kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"])

    authority = Authority(**kwargs)
    authority = database.create(authority)
    kwargs["creator"].authorities.append(authority)

    log_service.audit_log("create_authority", ca_name, "Created new authority")

    issuer = kwargs["plugin"]["plugin_object"]
    current_app.logger.warning(
        f"Created new authority {ca_name} with issuer {issuer.title}")

    metrics.send("authority_created",
                 "counter",
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #15
0
def test_upload(user):
    from lemur.certificates.service import upload

    cert = upload(
        body=SAN_CERT_STR,
        chain=INTERMEDIATE_CERT_STR,
        private_key=SAN_CERT_KEY,
        owner="*****@*****.**",
        creator=user["user"],
    )
    assert str(cert.not_after) == "2040-01-01T20:30:52+00:00"
    assert str(cert.not_before) == "2015-06-26T20:30:52+00:00"
    assert cert.issuer == "Example"
    assert cert.name == "long.lived.com-Example-20150626-20400101-3"

    cert = upload(
        body=SAN_CERT_STR,
        chain=INTERMEDIATE_CERT_STR,
        private_key=SAN_CERT_KEY,
        owner="*****@*****.**",
        name="ACustomName",
        creator=user["user"],
    )
    assert "ACustomName" in cert.name
Example #16
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    ca_name = kwargs.get("name")
    if get_by_name(ca_name):
        raise Exception(f"Authority with name {ca_name} already exists")
    if role_service.get_by_name(
            f"{ca_name}_admin") or role_service.get_by_name(
                f"{ca_name}_operator"):
        raise Exception(
            f"Admin and/or operator roles for authority {ca_name} already exist"
        )

    body, private_key, chain, roles = mint(**kwargs)

    kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles))

    kwargs["body"] = body
    kwargs["private_key"] = private_key
    kwargs["chain"] = chain

    if kwargs.get("roles"):
        kwargs["roles"] += roles
    else:
        kwargs["roles"] = roles

    cert = upload(**kwargs)
    kwargs["authority_certificate"] = cert
    if kwargs.get("plugin", {}).get("plugin_options", []):
        kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"])

    authority = Authority(**kwargs)
    authority = database.create(authority)
    kwargs["creator"].authorities.append(authority)

    log_service.audit_log("create_authority", ca_name, "Created new authority")
    metrics.send("authority_created",
                 "counter",
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #17
0
def create(**kwargs):
    """
    Creates a new authority.
    """
    kwargs['creator'] = g.user.email
    body, chain, roles = mint(**kwargs)

    kwargs['body'] = body
    kwargs['chain'] = chain

    if kwargs.get('roles'):
        kwargs['roles'] += roles
    else:
        kwargs['roles'] = roles

    if kwargs['type'] == 'subca':
        description = "This is the ROOT certificate for the {0} sub certificate authority the parent \
                                authority is {1}.".format(
            kwargs.get('name'), kwargs.get('parent'))
    else:
        description = "This is the ROOT certificate for the {0} certificate authority.".format(
            kwargs.get('name'))

    kwargs['description'] = description

    cert = upload(**kwargs)
    kwargs['authority_certificate'] = cert

    authority = Authority(**kwargs)
    authority = database.create(authority)
    g.user.authorities.append(authority)

    metrics.send('authority_created',
                 'counter',
                 1,
                 metric_tags=dict(owner=authority.owner))
    return authority
Example #18
0
def test_upload_private_key_str(user):
    from lemur.certificates.service import upload
    cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName', creator=user['user'])
    assert cert
Example #19
0
    def post(self, data=None):
        """
        .. http:post:: /certificates/upload

           Upload a certificate

           **Example request**:

           .. sourcecode:: http

              POST /certificates/upload HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "owner": "*****@*****.**",
                 "publicCert": "-----BEGIN CERTIFICATE-----...",
                 "intermediateCert": "-----BEGIN CERTIFICATE-----...",
                 "privateKey": "-----BEGIN RSA PRIVATE KEY-----..."
                 "destinations": [],
                 "notifications": [],
                 "replacements": [],
                 "name": "cert1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "status": null,
                "cn": "*.test.example.net",
                "chain": "",
                "authority": {
                    "active": true,
                    "owner": "*****@*****.**",
                    "id": 1,
                    "description": "verisign test authority",
                    "name": "verisign"
                },
                "owner": "*****@*****.**",
                "serial": "82311058732025924142789179368889309156",
                "id": 2288,
                "issuer": "SymantecCorporation",
                "notBefore": "2016-06-03T00:00:00+00:00",
                "notAfter": "2018-01-12T23:59:59+00:00",
                "destinations": [],
                "bits": 2048,
                "body": "-----BEGIN CERTIFICATE-----...",
                "description": null,
                "deleted": null,
                "notifications": [{
                    "id": 1
                }]
                "signingAlgorithm": "sha256",
                "user": {
                    "username": "******",
                    "active": true,
                    "email": "*****@*****.**",
                    "id": 2
                },
                "active": true,
                "domains": [{
                    "sensitive": false,
                    "id": 1090,
                    "name": "*.test.example.net"
                }],
                "replaces": [],
                "rotation": True,
                "rotationPolicy": {"name": "default"},
                "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
                "roles": [{
                    "id": 464,
                    "description": "This is a google group based role created by Lemur",
                    "name": "*****@*****.**"
                }],
                "san": null
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 403: unauthenticated
           :statuscode 200: no error

        """
        data['creator'] = g.user
        if data.get('destinations'):
            if data.get('private_key'):
                return service.upload(**data)
            else:
                raise Exception(
                    "Private key must be provided in order to upload certificate to AWS"
                )
        return service.upload(**data)
Example #20
0
File: views.py Project: m4c3/lemur
    def post(self):
        """
        .. http:post:: /certificates/upload

           Upload a certificate

           **Example request**:

           .. sourcecode:: http

              POST /certificates/upload HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "owner": "*****@*****.**",
                 "publicCert": "---Begin Public...",
                 "intermediateCert": "---Begin Public...",
                 "privateKey": "---Begin Private..."
                 "destinations": [],
                 "notifications": [],
                 "replacements": [],
                 "name": "cert1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                 "id": 1,
                 "name": "cert1",
                 "description": "this is cert1",
                 "bits": 2048,
                 "deleted": false,
                 "issuer": "ExampeInc.",
                 "serial": "123450",
                 "chain": "-----Begin ...",
                 "body": "-----Begin ...",
                 "san": true,
                 "owner": "*****@*****.**",
                 "active": true,
                 "notBefore": "2015-06-05T17:09:39",
                 "notAfter": "2015-06-10T17:09:39",
                 "signingAlgorithm": "sha2"
                 "cn": "example.com",
                 "status": "unknown"
              }

           :arg owner: owner email for certificate
           :arg publicCert: valid PEM public key for certificate
           :arg intermediateCert valid PEM intermediate key for certificate
           :arg privateKey: valid PEM private key for certificate
           :arg destinations: list of aws destinations to upload the certificate to
           :reqheader Authorization: OAuth token to authenticate
           :statuscode 403: unauthenticated
           :statuscode 200: no error
        """
        self.reqparse.add_argument('description', type=str, location='json')
        self.reqparse.add_argument('owner', type=str, required=True, location='json')
        self.reqparse.add_argument('name', type=str, location='json')
        self.reqparse.add_argument('publicCert', type=pem_str, required=True, dest='public_cert', location='json')
        self.reqparse.add_argument('destinations', type=list, default=[], location='json')
        self.reqparse.add_argument('notifications', type=list, default=[], location='json')
        self.reqparse.add_argument('replacements', type=list, default=[], location='json')
        self.reqparse.add_argument('intermediateCert', type=pem_str, dest='intermediate_cert', location='json')
        self.reqparse.add_argument('privateKey', type=private_key_str, dest='private_key', location='json')

        args = self.reqparse.parse_args()
        if args.get('destinations'):
            if args.get('private_key'):
                return service.upload(**args)
            else:
                raise Exception("Private key must be provided in order to upload certificate to AWS")
        return service.upload(**args)
Example #21
0
def test_upload_private_key_str(user):
    from lemur.certificates.service import upload
    cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', name='ACustomName', creator=user['user'])
    assert cert
Example #22
0
    def post(self, data=None):
        """
        .. http:post:: /certificates/upload

           Upload a certificate

           **Example request**:

           .. sourcecode:: http

              POST /certificates/upload HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "owner": "*****@*****.**",
                 "body": "-----BEGIN CERTIFICATE-----...",
                 "chain": "-----BEGIN CERTIFICATE-----...",
                 "privateKey": "-----BEGIN RSA PRIVATE KEY-----..."
                 "csr": "-----BEGIN CERTIFICATE REQUEST-----..."
                 "destinations": [],
                 "notifications": [],
                 "replacements": [],
                 "roles": [],
                 "notify": true,
                 "name": "cert1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "status": null,
                "cn": "*.test.example.net",
                "chain": "",
                "authority": {
                    "active": true,
                    "owner": "*****@*****.**",
                    "id": 1,
                    "description": "verisign test authority",
                    "name": "verisign"
                },
                "owner": "*****@*****.**",
                "serial": "82311058732025924142789179368889309156",
                "id": 2288,
                "issuer": "SymantecCorporation",
                "dateCreated": "2016-06-03T06:09:42.133769+00:00",
                "notBefore": "2016-06-03T00:00:00+00:00",
                "notAfter": "2018-01-12T23:59:59+00:00",
                "destinations": [],
                "bits": 2048,
                "body": "-----BEGIN CERTIFICATE-----...",
                "description": null,
                "deleted": null,
                "notifications": [{
                    "id": 1
                }],
                "signingAlgorithm": "sha256",
                "user": {
                    "username": "******",
                    "active": true,
                    "email": "*****@*****.**",
                    "id": 2
                },
                "active": true,
                "domains": [{
                    "sensitive": false,
                    "id": 1090,
                    "name": "*.test.example.net"
                }],
                "replaces": [],
                "rotation": true,
                "rotationPolicy": {"name": "default"},
                "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112",
                "roles": [{
                    "id": 464,
                    "description": "This is a google group based role created by Lemur",
                    "name": "*****@*****.**"
                }],
                "san": null
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 403: unauthenticated
           :statuscode 200: no error

        """
        data['creator'] = g.user
        if data.get('destinations'):
            if data.get('private_key'):
                return service.upload(**data)
            else:
                raise Exception("Private key must be provided in order to upload certificate to AWS")
        return service.upload(**data)
Example #23
0
    def post(self):
        """
        .. http:post:: /certificates/upload

           Upload a certificate

           **Example request**:

           .. sourcecode:: http

              POST /certificates/upload HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "owner": "*****@*****.**",
                 "publicCert": "---Begin Public...",
                 "intermediateCert": "---Begin Public...",
                 "privateKey": "---Begin Private..."
                 "destinations": [],
                 "notifications": [],
                 "replacements": [],
                 "name": "cert1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                 "id": 1,
                 "name": "cert1",
                 "description": "this is cert1",
                 "bits": 2048,
                 "deleted": false,
                 "issuer": "ExampeInc.",
                 "serial": "123450",
                 "chain": "-----Begin ...",
                 "body": "-----Begin ...",
                 "san": true,
                 "owner": "*****@*****.**",
                 "active": true,
                 "notBefore": "2015-06-05T17:09:39",
                 "notAfter": "2015-06-10T17:09:39",
                 "signingAlgorithm": "sha2"
                 "cn": "example.com",
                 "status": "unknown"
              }

           :arg owner: owner email for certificate
           :arg publicCert: valid PEM public key for certificate
           :arg intermediateCert valid PEM intermediate key for certificate
           :arg privateKey: valid PEM private key for certificate
           :arg destinations: list of aws destinations to upload the certificate to
           :reqheader Authorization: OAuth token to authenticate
           :statuscode 403: unauthenticated
           :statuscode 200: no error
        """
        self.reqparse.add_argument('description', type=str, location='json')
        self.reqparse.add_argument('owner',
                                   type=str,
                                   required=True,
                                   location='json')
        self.reqparse.add_argument('name', type=str, location='json')
        self.reqparse.add_argument('publicCert',
                                   type=pem_str,
                                   required=True,
                                   dest='public_cert',
                                   location='json')
        self.reqparse.add_argument('destinations',
                                   type=list,
                                   default=[],
                                   location='json')
        self.reqparse.add_argument('notifications',
                                   type=list,
                                   default=[],
                                   location='json')
        self.reqparse.add_argument('replacements',
                                   type=list,
                                   default=[],
                                   location='json')
        self.reqparse.add_argument('intermediateCert',
                                   type=pem_str,
                                   dest='intermediate_cert',
                                   location='json')
        self.reqparse.add_argument('privateKey',
                                   type=private_key_str,
                                   dest='private_key',
                                   location='json')

        args = self.reqparse.parse_args()
        if args.get('destinations'):
            if args.get('private_key'):
                return service.upload(**args)
            else:
                raise Exception(
                    "Private key must be provided in order to upload certificate to AWS"
                )
        return service.upload(**args)