class Licensing(object):
def __init__(self, base_url, username, password):
super(Licensing, self).__init__()
self.client = RESTClient(base_url, username, password)
def activate_module(self, code):
data = DataObject()
data.add_value_string("code", code)
endpoint = CAPABILITIES + "/v1"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def get_activated_module(self, id):
endpoint = "%s/%s/v1" % (CAPABILITIES, id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_activated_modules(self):
endpoint = CAPABILITIES + "/v1"
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def import_activation_code(self, file_path):
response = Response()
try:
with open(file_path, 'rb') as code:
data = DataObject()
data.add_value_string("name", "activation")
files = {"filename": code}
endpoint = CAPABILITIES + "/v1"
response = self.client.post_file(endpoint,
data=data.data,
files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
class Fixpacks(object):
def __init__(self, base_url, username, password):
super(Fixpacks, self).__init__()
self.client = RESTClient(base_url, username, password)
def install_fixpack(self, file_path):
response = Response()
try:
with open(file_path, 'rb') as fixpack:
data = DataObject()
data.add_value_string("type", "application/octect-stream")
files = {"file": fixpack}
endpoint = FIXPACKS
response = self.client.post_file(endpoint,
data=data.data,
files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def list_fixpacks(self):
endpoint = FIXPACKS
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_fips_mode(self):
endpoint = FIXPACKS + "/fipsmode"
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def rollback_fixpack(self):
endpoint = FIXPACKS
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
class RSA(object):
def __init__(self, base_url, username, password):
super(RSA, self).__init__()
self.client = RESTClient(base_url, username, password)
def create(self, server_config_file=None):
response = Response()
endpoint = RSA_CONFIG + "/server_config"
try:
with open(server_config_file, "r") as server_config:
files = {"server_config": server_config}
response = self.client.post_file(endpoint, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def get(self):
response = self.client.get_json(RSA_CONFIG)
response.success = response.status_code == 200
return response
def test(self, username=None, password=None):
endpoint = RSA_CONFIG + "/test"
data = DataObject()
data.add_value_string("username", username)
data.add_value_string("password", password)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def delete(self):
endpoint = RSA_CONFIG + "/server_config"
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def delete_node_secret(self):
endpoint = RSA_CONFIG + "/nose_secret"
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
class ReverseProxy(object):
def __init__(self, base_url, username, password):
super(ReverseProxy, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_instance(self,
inst_name=None,
host=None,
admin_id=None,
admin_pwd=None,
ssl_yn=None,
key_file=None,
cert_label=None,
ssl_port=None,
http_yn=None,
http_port=None,
https_yn=None,
https_port=None,
nw_interface_yn=None,
ip_address=None,
listening_port=None,
domain=None):
data = DataObject()
data.add_value_string("inst_name", inst_name)
data.add_value_string("host", host)
data.add_value_string("listening_port", listening_port)
data.add_value_string("domain", domain)
data.add_value_string("admin_id", admin_id)
data.add_value_string("admin_pwd", admin_pwd)
data.add_value_string("ssl_yn", ssl_yn)
if key_file != None and not key_file.endswith(".kdb"):
key_file = key_file + ".kdb"
data.add_value_string("key_file", key_file)
data.add_value_string("cert_label", cert_label)
data.add_value_string("ssl_port", ssl_port)
data.add_value_string("http_yn", http_yn)
data.add_value_string("http_port", http_port)
data.add_value_string("https_yn", https_yn)
data.add_value_string("https_port", https_port)
data.add_value_string("nw_interface_yn", nw_interface_yn)
data.add_value_string("ip_address", ip_address)
response = self.client.post_json(REVERSEPROXY, data.data)
response.success = response.status_code == 200
return response
def delete_instance(self, id, admin_id, admin_pwd):
data = DataObject()
data.add_value_string("admin_id", admin_id)
data.add_value_string("admin_pwd", admin_pwd)
data.add_value_string("operation", "unconfigure")
endpoint = "%s/%s" % (REVERSEPROXY, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def list_instances(self):
response = self.client.get_json(REVERSEPROXY)
response.success = response.status_code == 200
return response
def get_wga_defaults(self):
response = self.client.get_json(WGA_DEFAULTS)
response.success = response.status_code == 200
return response
def restart_instance(self, id):
data = DataObject()
data.add_value_string("operation", "restart")
endpoint = "%s/%s" % (REVERSEPROXY, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def configure_mmfa(self,
webseal_id,
lmi_hostname=None,
lmi_port=None,
lmi_username=None,
lmi_password=None,
runtime_hostname=None,
runtime_port=None,
runtime_username=None,
runtime_password=None,
reuse_certs=None,
reuse_acls=None,
reuse_pops=None):
lmi_data = DataObject()
lmi_data.add_value_string("hostname", lmi_hostname)
lmi_data.add_value_string("username", lmi_username)
lmi_data.add_value_string("password", lmi_password)
lmi_data.add_value("port", lmi_port)
runtime_data = DataObject()
runtime_data.add_value_string("hostname", runtime_hostname)
runtime_data.add_value_string("username", runtime_username)
runtime_data.add_value_string("password", runtime_password)
runtime_data.add_value("port", runtime_port)
data = DataObject()
data.add_value("reuse_certs", reuse_certs)
data.add_value("reuse_acls", reuse_acls)
data.add_value("reuse_pops", reuse_pops)
data.add_value_not_empty("lmi", lmi_data.data)
data.add_value_not_empty("runtime", runtime_data.data)
endpoint = "%s/%s/mmfa_config" % (REVERSEPROXY, webseal_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def configure_fed(self,
webseal_id,
federation_id=None,
reuse_certs=False,
reuse_acls=False,
runtime_hostname=None,
runtime_port=None,
runtime_username=None,
runtime_password=None):
data = DataObject()
data.add_value_string("federation_id", federation_id)
data.add_value("reuse_certs", reuse_certs)
data.add_value("reuse_acls", reuse_acls)
runtime_data = DataObject()
runtime_data.add_value_string("hostname", runtime_hostname)
runtime_data.add_value_string("port", runtime_port)
runtime_data.add_value_string("username", runtime_username)
runtime_data.add_value_string("password", runtime_password)
data.add_value_not_empty("runtime", runtime_data.data)
endpoint = "%s/%s/fed_config" % (REVERSEPROXY, webseal_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def configure_aac(self,
webseal_id,
junction=None,
reuse_certs=False,
reuse_acls=False,
runtime_hostname=None,
runtime_port=None,
runtime_username=None,
runtime_password=None):
data = DataObject()
data.add_value("reuse_certs", reuse_certs)
data.add_value("reuse_acls", reuse_acls)
data.add_value("junction", junction)
data.add_value_string("hostname", runtime_hostname)
data.add_value_string("port", runtime_port)
data.add_value_string("username", runtime_username)
data.add_value_string("password", runtime_password)
endpoint = "%s/%s/authsvc_config" % (REVERSEPROXY, webseal_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def add_configuration_stanza(self, webseal_id, stanza_id):
endpoint = ("%s/%s/configuration/stanza/%s" %
(REVERSEPROXY, webseal_id, stanza_id))
response = self.client.post_json(endpoint, data=data)
response.success = response.status_code == 200
def delete_configuration_stanza(self, webseal_id, stanza_id):
endpoint = ("%s/%s/configuration/stanza/%s" %
(REVERSEPROXY, webseal_id, stanza_id))
response = self.client.delete_json(endpoint, data=data)
response.success = response.status_code == 200
def add_configuration_stanza_entry(self, webseal_id, stanza_id, entry_name,
value):
data = {"entries": [[str(entry_name), str(value)]]}
endpoint = ("%s/%s/configuration/stanza/%s/entry_name" %
(REVERSEPROXY, webseal_id, stanza_id))
response = self.client.post_json(endpoint, data=data)
response.success = response.status_code == 200
return response
def delete_configuration_stanza_entry(self,
webseal_id,
stanza_id,
entry_name,
value=None):
endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" %
(REVERSEPROXY, webseal_id, stanza_id, entry_name))
if value:
endpoint = "%s/value/%s" % (endpoint, value)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def get_configuration_stanza_entry(self, webseal_id, stanza_id,
entry_name):
endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" %
(REVERSEPROXY, webseal_id, stanza_id, entry_name))
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def update_configuration_stanza_entry(self, webseal_id, stanza_id,
entry_name, value):
data = DataObject()
data.add_value_string("value", value)
endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" %
(REVERSEPROXY, webseal_id, stanza_id, entry_name))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def create_junction(self,
webseal_id,
server_hostname=None,
junction_point=None,
junction_type=None,
description=None,
basic_auth_mode=None,
tfim_sso=None,
stateful_junction=None,
preserve_cookie=None,
cookie_include_path=None,
transparent_path_junction=None,
mutual_auth=None,
insert_ltpa_cookies=None,
insert_session_cookies=None,
request_encoding=None,
enable_basic_auth=None,
key_label=None,
gso_resource_group=None,
junction_cookie_javascript_block=None,
client_ip_http=None,
version_two_cookies=None,
ltpa_keyfile=None,
authz_rules=None,
fsso_config_file=None,
username=None,
password=None,
server_uuid=None,
virtual_hostname=None,
server_dn=None,
local_ip=None,
query_contents=None,
case_sensitive_url=None,
windows_style_url=None,
ltpa_keyfile_password=None,
proxy_hostname=None,
sms_environment=None,
vhost_label=None,
force=None,
delegation_support=None,
scripting_support=None,
junction_hard_limit=None,
junction_soft_limit=None,
server_port=None,
https_port=None,
http_port=None,
proxy_port=None,
remote_http_header=None):
data = DataObject()
data.add_value_string("server_hostname", server_hostname)
data.add_value_string("junction_point", junction_point)
data.add_value_string("junction_type", junction_type)
data.add_value_string("description", description)
data.add_value_string("basic_auth_mode", basic_auth_mode)
data.add_value_string("tfim_sso", tfim_sso)
data.add_value_string("stateful_junction", stateful_junction)
data.add_value_string("preserve_cookie", preserve_cookie)
data.add_value_string("cookie_include_path", cookie_include_path)
data.add_value_string("transparent_path_junction",
transparent_path_junction)
data.add_value_string("mutual_auth", mutual_auth)
data.add_value_string("insert_ltpa_cookies", insert_ltpa_cookies)
data.add_value_string("insert_session_cookies", insert_session_cookies)
data.add_value_string("request_encoding", request_encoding)
data.add_value_string("enable_basic_auth", enable_basic_auth)
data.add_value_string("key_label", key_label)
data.add_value_string("gso_resource_group", gso_resource_group)
data.add_value_string("junction_cookie_javascript_block",
junction_cookie_javascript_block)
data.add_value_string("client_ip_http", client_ip_http)
data.add_value_string("version_two_cookies", version_two_cookies)
data.add_value_string("ltpa_keyfile", ltpa_keyfile)
data.add_value_string("authz_rules", authz_rules)
data.add_value_string("fsso_config_file", fsso_config_file)
data.add_value_string("username", username)
data.add_value_string("password", password)
data.add_value_string("server_uuid", server_uuid)
data.add_value_string("virtual_hostname", virtual_hostname)
data.add_value_string("server_dn", server_dn)
data.add_value_string("local_ip", local_ip)
data.add_value_string("query_contents", query_contents)
data.add_value_string("case_sensitive_url", case_sensitive_url)
data.add_value_string("windows_style_url", windows_style_url)
data.add_value_string("ltpa_keyfile_password", ltpa_keyfile_password)
data.add_value_string("proxy_hostname", proxy_hostname)
data.add_value_string("sms_environment", sms_environment)
data.add_value_string("vhost_label", vhost_label)
data.add_value_string("force", force)
data.add_value_string("delegation_support", delegation_support)
data.add_value_string("scripting_support", scripting_support)
data.add_value("junction_hard_limit", junction_hard_limit)
data.add_value("junction_soft_limit", junction_soft_limit)
data.add_value("server_port", server_port)
data.add_value("https_port", https_port)
data.add_value("http_port", http_port)
data.add_value("proxy_port", proxy_port)
data.add_value("remote_http_header", remote_http_header)
endpoint = "%s/%s/junctions" % (REVERSEPROXY, str(webseal_id))
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_junction(self, webseal_id, junction_point):
query = urllib.parse.urlencode({JUNCTIONS_QUERY: junction_point})
endpoint = "%s/%s/junctions?%s" % (REVERSEPROXY, webseal_id, query)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def list_junctions(self, webseal_id):
endpoint = "%s/%s/junctions" % (REVERSEPROXY, webseal_id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def import_management_root_files(self, webseal_id, file_path):
response = Response()
endpoint = ("%s/%s/management_root" % (REVERSEPROXY, webseal_id))
try:
with open(file_path, 'rb') as pages:
files = {"file": pages}
response = self.client.post_file(endpoint, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_management_root_file(self, webseal_id, page_id, contents):
data = DataObject()
data.add_value_string("type", "file")
data.add_value_string("contents", contents)
endpoint = ("%s/%s/management_root/%s" %
(REVERSEPROXY, webseal_id, page_id))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
# Upload a single file (eg HTML or ico), rather than a zip.
def import_management_root_file(self, webseal_id, page_id, file_path):
response = Response()
endpoint = ("%s/%s/management_root/%s" %
(REVERSEPROXY, webseal_id, page_id))
try:
with open(file_path, 'rb') as contents:
files = {"file": contents}
response = self.client.post_file(endpoint, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def import_junction_mapping_file(self, file_path):
response = Response()
try:
with open(file_path, 'rb') as contents:
jmt_config_file = {"jmt_config_file": contents}
response = self.client.post_file(JMT_CONFIG,
files=jmt_config_file)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_junction_mapping_file(self, file_id, jmt_config_data):
data = DataObject()
data.add_value_string("id", file_id)
data.add_value_string("jmt_config_data", jmt_config_data)
endpoint = ("%s/%s" % (JMT_CONFIG, file_id))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class Kerberos(object):
def __init__(self, base_url, username, password):
super(Kerberos, self).__init__()
self.client = RESTClient(base_url, username, password)
def create(self, _id=None, subsection=None, name=None, value=None):
data = DataObject()
data.add_value_not_empty("name", name)
data.add_value_not_empty("subsection", subsection)
data.add_value_string("value", value)
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update(self, _id=None, value=None):
data = DataObject()
data.add_value_string("value", value)
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.put_json(endpoint, data.data)
response.success = response.stauts_code == 200
return response
def get(self, _id=None):
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def delete(self, _id=None):
endpoint = KERBEROS_CONFIG = "/{}".format(_id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def test(self, username=None, password=None):
data = DataObject()
data.add_value_string("username", username)
data.add_value_string("password", password)
endpoint = "/wga/kerberos/test"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def import_keytab(self, keytab_file=None):
response = Response()
try:
with open(file_path, 'rb') as contents:
files = {"keytab_file": contents}
response = self.client.post_file(KERBEROS_KEYTAB, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def delete_keytab(self, _id=None):
endpoint = KERBEROS_KEYTAB + "/{}".format(_id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def combine_keytab(self, new_name=None, keytab_files=[]):
data = DataObject()
data.add_value_string("new_name", new_name)
data.add_value_not_empty("keytab_files", keytab_files)
response = self.client.put_json(KERBEROS_KEYTAB, data.data)
response.success = response.status_code == 200
return response
def list_keytab(self):
response = self.client.get_json(KERBEROS_KEYTAB)
response.success = response.status_code == 200
return response
def verify_keytab(self, _id=None, name=None):
data = DataObject()
data.add_value_string("name", name)
endpoint = KERBEROS_KEYTAB + "/{}".format(_id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class SSLCertificates(object):
def __init__(self, base_url, username, password):
super(SSLCertificates, self).__init__()
self.client = RESTClient(base_url, username, password)
def import_personal(self, kdb_id, file_path, password=None):
response = Response()
try:
with open(file_path, 'rb') as certificate:
data = DataObject()
data.add_value_string("operation", "import")
data.add_value_string("password", password)
files = {"cert": certificate}
endpoint = ("%s/%s/personal_cert" % (SSL_CERTIFICATES, kdb_id))
response = self.client.post_file(
endpoint, data=data.data, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def import_signer(self, kdb_id, file_path, label=None):
response = Response()
try:
with open(file_path, 'rb') as certificate:
data = DataObject()
data.add_value_string("label", label)
files = {"cert": certificate}
endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id))
response = self.client.post_file(
endpoint, data=data.data, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def load_signer(self, kdb_id, server=None, port=None, label=None):
data = DataObject()
data.add_value_string("operation", "load")
data.add_value_string("label", label)
data.add_value_string("server", server)
data.add_value("port", port)
endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id))
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def get_database(self, kdb_id):
endpoint = ("%s/%s/details" % (SSL_CERTIFICATES, kdb_id))
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def list_databases(self):
endpoint = SSL_CERTIFICATES
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_personal(self, kdb_id, label=None):
endpoint = ("%s/%s/personal_cert" % (SSL_CERTIFICATES, kdb_id))
if label is not None:
endpoint += "/%s" %(label)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_signer(self, kdb_id, label=None):
endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id))
if label is not None:
endpoint += "/%s" %(label)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_database(self, kdb_name,
type=None, token_label=None, passcode=None, hsm_type=None,
ip=None, port=None, kneti_hash=None, esn=None,
secondary_ip=None, secondary_port=None,
secondary_kneti_hash=None, secondary_esn=None,
use_rfs=None, rfs=None, rfs_port=None,
rfs_auth=None, update_zip=None, safenet_pw=None):
endpoint = SSL_CERTIFICATES
data = DataObject()
data.add_value_string("kdb_name", kdb_name)
data.add_value_string("token_label", token_label)
data.add_value_string("passcode", passcode)
data.add_value_string("type", type)
data.add_value_string("token_label", token_label)
data.add_value_string("passcode", passcode)
data.add_value_string("hsm_type", hsm_type)
data.add_value_string("ip", ip)
data.add_value("port", port)
data.add_value_string("kneti_hash", kneti_hash)
data.add_value_string("esn", esn)
data.add_value_string("secondary_ip", secondary_ip)
data.add_value("secondary_port", secondary_port)
data.add_value_string("secondary_kneti_hash", secondary_kneti_hash)
data.add_value_string("secondary_esn", secondary_esn)
data.add_value_string("use_rfs", use_rfs)
data.add_value("rfs", rfs)
data.add_value("rfs_port", rfs_port)
data.add_value("rfs_auth", rfs_auth)
data.add_value_string("safenet_pw", safenet_pw)
if update_zip:
raise NotImplementedError
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class TemplateFiles(object):
def __init__(self, base_url, username, password):
super(TemplateFiles, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_directory(self, path, dir_name=None):
data = DataObject()
data.add_value_string("dir_name", dir_name)
data.add_value_string("type", "dir")
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def get_directory(self, path, recursive=None):
parameters = DataObject()
parameters.add_value("recursive", recursive)
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.get_json(endpoint, parameters.data)
response.success == response.status_code == 200
if response.success and isinstance(response.json, dict):
response.json = response.json.get("contents", [])
return response
def create_file(self, path, file_name=None, contents=None):
data = DataObject()
data.add_value_string("file_name", file_name)
data.add_value_string("contents", contents)
data.add_value_string("type", "file")
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_file(self, path, file_name):
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def get_file(self, path, file_name):
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def import_file(self, path, file_name, file_path):
response = Response()
try:
with open(file_path, 'rb') as template:
files = {"file": template}
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.post_file(endpoint, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def import_files(self, file_path, force=True):
response = Response()
try:
with open(file_path, 'rb') as templates:
files = {"file": templates}
data = DataObject()
data.add_value("force", force)
response = self.client.post_file(TEMPLATE_FILES,
data=data.data,
files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_file(self, path, file_name, contents=None, force=False):
data = DataObject()
data.add_value_string("contents", contents)
data.add_value_string("force", force)
data.add_value_string("type", "file")
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class FIDO2Config(object):
def __init__(self, base_url, username, password):
super(FIDO2Config, self).__init__()
self.client = RESTClient(base_url, username, password)
def list_relying_parties(self):
response = self.client.get_json(FIDO2_RELYING_PARTIES)
response.success = response.status_code == 200
return response
def get_relying_parties(self, _id):
endpoint = "{}/{}".format(FIDO2_RELYING_PARTIES, _id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_relying_party(
self, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True,
mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None,
attestation_public_key_algorithms=None, attestation_android_safetynet_max_age=None,
attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"):
data = DataObject()
data.add_value("name", name)
data.add_value("rpId", rp_id)
fidoServerOptions = DataObject()
fidoServerOptions.add_value_not_empty("origins", origins)
fidoServerOptions.add_value("metadataSet", metadata_set)
fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail)
fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id)
attestation = DataObject()
attestation.add_value("statementTypes", attestation_statement_types)
attestation.add_value("statementFormats", attestation_statement_formats)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
fidoServerOptions.add_value("attestation", attestation.data)
attestationAndroidSafetyNetOptions = DataObject()
attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age)
attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew)
fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data)
data.add_value("fidoServerOptions", fidoServerOptions.data)
relyingPartyOptions = DataObject()
relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group)
data.add_value("relyingPartyOptions", relyingPartyOptions.data)
response = self.client.post_json(FIDO2_RELYING_PARTIES, data.data)
response.success = response.status_code == 201
return response
def update_relying_party(
self, id, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True,
mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None,
attestation_public_key_algorithms=None, attestation_android_safety_net_max_age=None,
attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"):
data = DataObject()
data.add_value("id", id)
data.add_value("name", name)
data.add_value("rpId", rp_id)
fidoServerOptions = DataObject()
fidoServerOptions.add_value_not_empty("origins", origins)
fidoServerOptions.add_value("metadataSet", metadata_set)
fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail)
fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id)
attestation = DataObject()
attestation.add_value("statementTypes", attestation_statement_types)
attestation.add_value("statementFormats", attestation_statement_formats)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
fidoServerOptions.add_value("attestation", attestation.data)
attestationAndroidSafetyNetOptions = DataObject()
attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age)
attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew)
fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data)
data.add_value("fidoServerOptions", fidoServerOptions.data)
relyingPartyOptions = DataObject()
relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group)
data.add_value("relyingPartyOptions", relyingPartyOptions.data)
endpoint = "%s/%s" % (FIDO2_RELYING_PARTIES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def list_metadata(self):
endpoint = FIDO2_METADATA
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_metadata(self, _id):
endpoint = "{}/{}".format(FIDO2_METADATA, _id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_metadata(self, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("filename", ntpath.basename(filename))
data.add_value_string("contents", content.read().decode('utf-8'))
endpoint = FIDO2_METADATA
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
except IOError as e:
logger.error(e)
response.success = False
return response
def update_metadata(self, id, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
files = {"file": content}
endpoint = ("%s/%s/file" % (FIDO2_METADATA, id))
response = self.client.post_file(endpoint, accept_type="application/json,text/html,application/*", files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def delete_metadata(self, id):
endpoint = ("%s/%s/file" % (FIDO2_METADATA, id))
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
def create_mediator(self, name=None, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("filename", ntpath.basename(filename))
data.add_value_string("content", content.read().decode('utf-8'))
data.add_value_string("type", "FIDO2")
data.add_value_string("name", name)
response = self.client.post_json(FIDO2_MEDIATOR, data.data)
response.success = response.status_code == 201
except IOError as e:
logger.error(e)
response.success = False
return response
def _update_mediator(self, id, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("content", content.read().decode('utf-8'))
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
except IOError as e:
logger.error(e)
response.success = False
return response
def get_mediator(self, id):
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.get_json(endpoint)
response.success = response.status_code == 200
return response
def list_mediator(self):
response = self.client.get_json(FIDO2_MEDIATOR)
rsponse.success = response.status_code == 200
return response
def delete_mediator(self, id):
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.delete_json(endpoint)
response.success = response.status_code == 204
return response
class APIProtection(object):
def __init__(self, base_url, username, password):
super(APIProtection, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_client(
self, name=None, redirect_uri=None, company_name=None,
company_url=None, contact_person=None, contact_type=None,
email=None, phone=None, other_info=None, definition=None,
client_id=None, client_secret=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("redirectUri", redirect_uri)
data.add_value_string("companyName", company_name)
data.add_value_string("companyUrl", company_url)
data.add_value_string("contactPerson", contact_person)
data.add_value_string("contactType", contact_type)
data.add_value_string("email", email)
data.add_value_string("phone", phone)
data.add_value_string("otherInfo", other_info)
data.add_value_string("definition", definition)
data.add_value_string("clientId", client_id)
data.add_value_string("clientSecret", client_secret)
response = self.client.post_json(CLIENTS, data.data)
response.success = response.status_code == 201
return response
def update_client(
self, id=None, name=None, redirect_uri=None, company_name=None,
company_url=None, contact_person=None, contact_type=None,
email=None, phone=None, other_info=None, definition=None,
client_id=None, client_secret=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("redirectUri", redirect_uri)
data.add_value("companyName", company_name)
data.add_value_string("companyUrl", company_url)
data.add_value_string("contactPerson", contact_person)
data.add_value_string("contactType", contact_type)
data.add_value_string("email", email)
data.add_value_string("phone", phone)
data.add_value_string("otherInfo", other_info)
data.add_value_string("definition", definition)
data.add_value_string("clientId", client_id)
data.add_value_string("clientSecret", client_secret)
response = self.client.put_json(CLIENTS+"/"+str(id), data.data)
response.success = response.status_code == 204
return response
def delete_client(self, id):
endpoint = "%s/%s" % (CLIENTS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_clients(self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(CLIENTS, parameters.data)
response.success = response.status_code == 200
return response
def create_definition(
self, name=None, description=None, tcm_behavior=None,
token_char_set=None, access_token_lifetime=None,
access_token_length=None, authorization_code_lifetime=None,
authorization_code_length=None, refresh_token_length=None,
max_authorization_grant_lifetime=None, pin_length=None,
enforce_single_use_authorization_grant=None,
issue_refresh_token=None,
enforce_single_access_token_per_grant=None,
enable_multiple_refresh_tokens_for_fault_tolerance=None,
pin_policy_enabled=None, grant_types=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("tcmBehavior", tcm_behavior)
data.add_value_string("tokenCharSet", token_char_set)
data.add_value("accessTokenLifetime", access_token_lifetime)
data.add_value("accessTokenLength", access_token_length)
data.add_value("authorizationCodeLifetime", authorization_code_lifetime)
data.add_value("authorizationCodeLength", authorization_code_length)
data.add_value("refreshTokenLength", refresh_token_length)
data.add_value(
"maxAuthorizationGrantLifetime", max_authorization_grant_lifetime)
data.add_value("pinLength", pin_length)
data.add_value(
"enforceSingleUseAuthorizationGrant",
enforce_single_use_authorization_grant)
data.add_value("issueRefreshToken", issue_refresh_token)
data.add_value(
"enforceSingleAccessTokenPerGrant",
enforce_single_access_token_per_grant)
data.add_value(
"enableMultipleRefreshTokensForFaultTolerance",
enable_multiple_refresh_tokens_for_fault_tolerance)
data.add_value("pinPolicyEnabled", pin_policy_enabled)
data.add_value("grantTypes", grant_types)
response = self.client.post_json(DEFINITIONS, data.data)
response.success = response.status_code == 201
return response
def update_definition(
self, definition_id=None, name=None, description=None, tcm_behavior=None,
token_char_set=None, access_token_lifetime=None,
access_token_length=None, authorization_code_lifetime=None,
authorization_code_length=None, refresh_token_length=None,
max_authorization_grant_lifetime=None, pin_length=None,
enforce_single_use_authorization_grant=None,
issue_refresh_token=None,
enforce_single_access_token_per_grant=None,
enable_multiple_refresh_tokens_for_fault_tolerance=None,
pin_policy_enabled=None, grant_types=None, oidc_enabled=False,
iss=None, poc=None, lifetime=None, alg=None, db=None, cert=None,
enc_enabled=False, enc_alg=None, enc_enc=None, access_policy_id=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("tcmBehavior", tcm_behavior)
data.add_value_string("tokenCharSet", token_char_set)
data.add_value("accessTokenLifetime", access_token_lifetime)
data.add_value("accessTokenLength", access_token_length)
data.add_value("authorizationCodeLifetime", authorization_code_lifetime)
data.add_value("authorizationCodeLength", authorization_code_length)
data.add_value("refreshTokenLength", refresh_token_length)
data.add_value(
"maxAuthorizationGrantLifetime", max_authorization_grant_lifetime)
data.add_value("pinLength", pin_length)
data.add_value(
"enforceSingleUseAuthorizationGrant",
enforce_single_use_authorization_grant)
data.add_value("issueRefreshToken", issue_refresh_token)
data.add_value(
"enforceSingleAccessTokenPerGrant",
enforce_single_access_token_per_grant)
data.add_value(
"enableMultipleRefreshTokensForFaultTolerance",
enable_multiple_refresh_tokens_for_fault_tolerance)
data.add_value("pinPolicyEnabled", pin_policy_enabled)
data.add_value("grantTypes", grant_types)
data.add_value("accessPolicyId", access_policy_id)
if oidc_enabled:
oidc = DataObject()
oidc.add_value("enabled",True)
oidc.add_value("iss",iss)
oidc.add_value("poc",poc)
oidc.add_value("lifetime",lifetime)
oidc.add_value("alg",alg)
oidc.add_value("db",db)
oidc.add_value("cert",cert)
if enc_enabled:
enc_data = DataObject()
enc_data.add_value("db",enc_db)
enc_data.add_value("cert",enc_cert)
oidc.add_value("enc",enc_data.data)
data.add_value("oidc",oidc.data)
response = self.client.put_json(DEFINITIONS+"/"+str(definition_id), data.data)
response.success = response.status_code == 204
return response
def delete_definition(self, id):
endpoint = "%s/%s" % (DEFINITIONS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_definitions(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(DEFINITIONS, parameters.data)
response.success = response.status_code == 200
return response
def create_mapping_rule(
self, name=None, category=None, file_name=None, content=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("category", category)
data.add_value_string("fileName", file_name)
data.add_value_string("content", content)
response = self.client.post_json(MAPPING_RULES, data.data)
response.success = response.status_code == 201
return response
def list_mapping_rules(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(MAPPING_RULES, parameters.data)
response.success = response.status_code == 200
return response
def import_mapping_rule(self, id, file_path):
response = Response()
try:
with open(file_path, 'rb') as mapping_rule:
files = {"file": mapping_rule}
endpoint = "%s/%s/file" % (MAPPING_RULES, id)
accept_type = "%s,%s" % ("application/json", "text/html")
response = self.client.post_file(
endpoint, accept_type=accept_type, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_mapping_rule(self, id, content=None):
data = DataObject()
data.add_value_string("content", content)
endpoint = "%s/%s" % (MAPPING_RULES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
