class Licensing(object): def __init__(self, base_url, username, password): super(Licensing, self).__init__() self.client = RESTClient(base_url, username, password) def activate_module(self, code): data = DataObject() data.add_value_string("code", code) endpoint = CAPABILITIES + "/v1" response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def get_activated_module(self, id): endpoint = "%s/%s/v1" % (CAPABILITIES, id) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def get_activated_modules(self): endpoint = CAPABILITIES + "/v1" response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def import_activation_code(self, file_path): response = Response() try: with open(file_path, 'rb') as code: data = DataObject() data.add_value_string("name", "activation") files = {"filename": code} endpoint = CAPABILITIES + "/v1" response = self.client.post_file(endpoint, data=data.data, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response
class Fixpacks(object): def __init__(self, base_url, username, password): super(Fixpacks, self).__init__() self.client = RESTClient(base_url, username, password) def install_fixpack(self, file_path): response = Response() try: with open(file_path, 'rb') as fixpack: data = DataObject() data.add_value_string("type", "application/octect-stream") files = {"file": fixpack} endpoint = FIXPACKS response = self.client.post_file(endpoint, data=data.data, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def list_fixpacks(self): endpoint = FIXPACKS response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def get_fips_mode(self): endpoint = FIXPACKS + "/fipsmode" response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def rollback_fixpack(self): endpoint = FIXPACKS response = self.client.delete_json(endpoint) response.success = response.status_code == 204 return response
class RSA(object): def __init__(self, base_url, username, password): super(RSA, self).__init__() self.client = RESTClient(base_url, username, password) def create(self, server_config_file=None): response = Response() endpoint = RSA_CONFIG + "/server_config" try: with open(server_config_file, "r") as server_config: files = {"server_config": server_config} response = self.client.post_file(endpoint, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def get(self): response = self.client.get_json(RSA_CONFIG) response.success = response.status_code == 200 return response def test(self, username=None, password=None): endpoint = RSA_CONFIG + "/test" data = DataObject() data.add_value_string("username", username) data.add_value_string("password", password) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 204 return response def delete(self): endpoint = RSA_CONFIG + "/server_config" response = self.client.delete_json(endpoint) response.success = response.status_code == 204 return response def delete_node_secret(self): endpoint = RSA_CONFIG + "/nose_secret" response = self.client.delete_json(endpoint) response.success = response.status_code == 204 return response
class ReverseProxy(object): def __init__(self, base_url, username, password): super(ReverseProxy, self).__init__() self.client = RESTClient(base_url, username, password) def create_instance(self, inst_name=None, host=None, admin_id=None, admin_pwd=None, ssl_yn=None, key_file=None, cert_label=None, ssl_port=None, http_yn=None, http_port=None, https_yn=None, https_port=None, nw_interface_yn=None, ip_address=None, listening_port=None, domain=None): data = DataObject() data.add_value_string("inst_name", inst_name) data.add_value_string("host", host) data.add_value_string("listening_port", listening_port) data.add_value_string("domain", domain) data.add_value_string("admin_id", admin_id) data.add_value_string("admin_pwd", admin_pwd) data.add_value_string("ssl_yn", ssl_yn) if key_file != None and not key_file.endswith(".kdb"): key_file = key_file + ".kdb" data.add_value_string("key_file", key_file) data.add_value_string("cert_label", cert_label) data.add_value_string("ssl_port", ssl_port) data.add_value_string("http_yn", http_yn) data.add_value_string("http_port", http_port) data.add_value_string("https_yn", https_yn) data.add_value_string("https_port", https_port) data.add_value_string("nw_interface_yn", nw_interface_yn) data.add_value_string("ip_address", ip_address) response = self.client.post_json(REVERSEPROXY, data.data) response.success = response.status_code == 200 return response def delete_instance(self, id, admin_id, admin_pwd): data = DataObject() data.add_value_string("admin_id", admin_id) data.add_value_string("admin_pwd", admin_pwd) data.add_value_string("operation", "unconfigure") endpoint = "%s/%s" % (REVERSEPROXY, id) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response def list_instances(self): response = self.client.get_json(REVERSEPROXY) response.success = response.status_code == 200 return response def get_wga_defaults(self): response = self.client.get_json(WGA_DEFAULTS) response.success = response.status_code == 200 return response def restart_instance(self, id): data = DataObject() data.add_value_string("operation", "restart") endpoint = "%s/%s" % (REVERSEPROXY, id) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response def configure_mmfa(self, webseal_id, lmi_hostname=None, lmi_port=None, lmi_username=None, lmi_password=None, runtime_hostname=None, runtime_port=None, runtime_username=None, runtime_password=None, reuse_certs=None, reuse_acls=None, reuse_pops=None): lmi_data = DataObject() lmi_data.add_value_string("hostname", lmi_hostname) lmi_data.add_value_string("username", lmi_username) lmi_data.add_value_string("password", lmi_password) lmi_data.add_value("port", lmi_port) runtime_data = DataObject() runtime_data.add_value_string("hostname", runtime_hostname) runtime_data.add_value_string("username", runtime_username) runtime_data.add_value_string("password", runtime_password) runtime_data.add_value("port", runtime_port) data = DataObject() data.add_value("reuse_certs", reuse_certs) data.add_value("reuse_acls", reuse_acls) data.add_value("reuse_pops", reuse_pops) data.add_value_not_empty("lmi", lmi_data.data) data.add_value_not_empty("runtime", runtime_data.data) endpoint = "%s/%s/mmfa_config" % (REVERSEPROXY, webseal_id) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 204 return response def configure_fed(self, webseal_id, federation_id=None, reuse_certs=False, reuse_acls=False, runtime_hostname=None, runtime_port=None, runtime_username=None, runtime_password=None): data = DataObject() data.add_value_string("federation_id", federation_id) data.add_value("reuse_certs", reuse_certs) data.add_value("reuse_acls", reuse_acls) runtime_data = DataObject() runtime_data.add_value_string("hostname", runtime_hostname) runtime_data.add_value_string("port", runtime_port) runtime_data.add_value_string("username", runtime_username) runtime_data.add_value_string("password", runtime_password) data.add_value_not_empty("runtime", runtime_data.data) endpoint = "%s/%s/fed_config" % (REVERSEPROXY, webseal_id) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 204 return response def configure_aac(self, webseal_id, junction=None, reuse_certs=False, reuse_acls=False, runtime_hostname=None, runtime_port=None, runtime_username=None, runtime_password=None): data = DataObject() data.add_value("reuse_certs", reuse_certs) data.add_value("reuse_acls", reuse_acls) data.add_value("junction", junction) data.add_value_string("hostname", runtime_hostname) data.add_value_string("port", runtime_port) data.add_value_string("username", runtime_username) data.add_value_string("password", runtime_password) endpoint = "%s/%s/authsvc_config" % (REVERSEPROXY, webseal_id) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 204 return response def add_configuration_stanza(self, webseal_id, stanza_id): endpoint = ("%s/%s/configuration/stanza/%s" % (REVERSEPROXY, webseal_id, stanza_id)) response = self.client.post_json(endpoint, data=data) response.success = response.status_code == 200 def delete_configuration_stanza(self, webseal_id, stanza_id): endpoint = ("%s/%s/configuration/stanza/%s" % (REVERSEPROXY, webseal_id, stanza_id)) response = self.client.delete_json(endpoint, data=data) response.success = response.status_code == 200 def add_configuration_stanza_entry(self, webseal_id, stanza_id, entry_name, value): data = {"entries": [[str(entry_name), str(value)]]} endpoint = ("%s/%s/configuration/stanza/%s/entry_name" % (REVERSEPROXY, webseal_id, stanza_id)) response = self.client.post_json(endpoint, data=data) response.success = response.status_code == 200 return response def delete_configuration_stanza_entry(self, webseal_id, stanza_id, entry_name, value=None): endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" % (REVERSEPROXY, webseal_id, stanza_id, entry_name)) if value: endpoint = "%s/value/%s" % (endpoint, value) response = self.client.delete_json(endpoint) response.success = response.status_code == 200 return response def get_configuration_stanza_entry(self, webseal_id, stanza_id, entry_name): endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" % (REVERSEPROXY, webseal_id, stanza_id, entry_name)) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def update_configuration_stanza_entry(self, webseal_id, stanza_id, entry_name, value): data = DataObject() data.add_value_string("value", value) endpoint = ("%s/%s/configuration/stanza/%s/entry_name/%s" % (REVERSEPROXY, webseal_id, stanza_id, entry_name)) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response def create_junction(self, webseal_id, server_hostname=None, junction_point=None, junction_type=None, description=None, basic_auth_mode=None, tfim_sso=None, stateful_junction=None, preserve_cookie=None, cookie_include_path=None, transparent_path_junction=None, mutual_auth=None, insert_ltpa_cookies=None, insert_session_cookies=None, request_encoding=None, enable_basic_auth=None, key_label=None, gso_resource_group=None, junction_cookie_javascript_block=None, client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None, authz_rules=None, fsso_config_file=None, username=None, password=None, server_uuid=None, virtual_hostname=None, server_dn=None, local_ip=None, query_contents=None, case_sensitive_url=None, windows_style_url=None, ltpa_keyfile_password=None, proxy_hostname=None, sms_environment=None, vhost_label=None, force=None, delegation_support=None, scripting_support=None, junction_hard_limit=None, junction_soft_limit=None, server_port=None, https_port=None, http_port=None, proxy_port=None, remote_http_header=None): data = DataObject() data.add_value_string("server_hostname", server_hostname) data.add_value_string("junction_point", junction_point) data.add_value_string("junction_type", junction_type) data.add_value_string("description", description) data.add_value_string("basic_auth_mode", basic_auth_mode) data.add_value_string("tfim_sso", tfim_sso) data.add_value_string("stateful_junction", stateful_junction) data.add_value_string("preserve_cookie", preserve_cookie) data.add_value_string("cookie_include_path", cookie_include_path) data.add_value_string("transparent_path_junction", transparent_path_junction) data.add_value_string("mutual_auth", mutual_auth) data.add_value_string("insert_ltpa_cookies", insert_ltpa_cookies) data.add_value_string("insert_session_cookies", insert_session_cookies) data.add_value_string("request_encoding", request_encoding) data.add_value_string("enable_basic_auth", enable_basic_auth) data.add_value_string("key_label", key_label) data.add_value_string("gso_resource_group", gso_resource_group) data.add_value_string("junction_cookie_javascript_block", junction_cookie_javascript_block) data.add_value_string("client_ip_http", client_ip_http) data.add_value_string("version_two_cookies", version_two_cookies) data.add_value_string("ltpa_keyfile", ltpa_keyfile) data.add_value_string("authz_rules", authz_rules) data.add_value_string("fsso_config_file", fsso_config_file) data.add_value_string("username", username) data.add_value_string("password", password) data.add_value_string("server_uuid", server_uuid) data.add_value_string("virtual_hostname", virtual_hostname) data.add_value_string("server_dn", server_dn) data.add_value_string("local_ip", local_ip) data.add_value_string("query_contents", query_contents) data.add_value_string("case_sensitive_url", case_sensitive_url) data.add_value_string("windows_style_url", windows_style_url) data.add_value_string("ltpa_keyfile_password", ltpa_keyfile_password) data.add_value_string("proxy_hostname", proxy_hostname) data.add_value_string("sms_environment", sms_environment) data.add_value_string("vhost_label", vhost_label) data.add_value_string("force", force) data.add_value_string("delegation_support", delegation_support) data.add_value_string("scripting_support", scripting_support) data.add_value("junction_hard_limit", junction_hard_limit) data.add_value("junction_soft_limit", junction_soft_limit) data.add_value("server_port", server_port) data.add_value("https_port", https_port) data.add_value("http_port", http_port) data.add_value("proxy_port", proxy_port) data.add_value("remote_http_header", remote_http_header) endpoint = "%s/%s/junctions" % (REVERSEPROXY, str(webseal_id)) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def delete_junction(self, webseal_id, junction_point): query = urllib.parse.urlencode({JUNCTIONS_QUERY: junction_point}) endpoint = "%s/%s/junctions?%s" % (REVERSEPROXY, webseal_id, query) response = self.client.delete_json(endpoint) response.success = response.status_code == 200 return response def list_junctions(self, webseal_id): endpoint = "%s/%s/junctions" % (REVERSEPROXY, webseal_id) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def import_management_root_files(self, webseal_id, file_path): response = Response() endpoint = ("%s/%s/management_root" % (REVERSEPROXY, webseal_id)) try: with open(file_path, 'rb') as pages: files = {"file": pages} response = self.client.post_file(endpoint, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def update_management_root_file(self, webseal_id, page_id, contents): data = DataObject() data.add_value_string("type", "file") data.add_value_string("contents", contents) endpoint = ("%s/%s/management_root/%s" % (REVERSEPROXY, webseal_id, page_id)) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response # Upload a single file (eg HTML or ico), rather than a zip. def import_management_root_file(self, webseal_id, page_id, file_path): response = Response() endpoint = ("%s/%s/management_root/%s" % (REVERSEPROXY, webseal_id, page_id)) try: with open(file_path, 'rb') as contents: files = {"file": contents} response = self.client.post_file(endpoint, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def import_junction_mapping_file(self, file_path): response = Response() try: with open(file_path, 'rb') as contents: jmt_config_file = {"jmt_config_file": contents} response = self.client.post_file(JMT_CONFIG, files=jmt_config_file) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def update_junction_mapping_file(self, file_id, jmt_config_data): data = DataObject() data.add_value_string("id", file_id) data.add_value_string("jmt_config_data", jmt_config_data) endpoint = ("%s/%s" % (JMT_CONFIG, file_id)) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response
class Kerberos(object): def __init__(self, base_url, username, password): super(Kerberos, self).__init__() self.client = RESTClient(base_url, username, password) def create(self, _id=None, subsection=None, name=None, value=None): data = DataObject() data.add_value_not_empty("name", name) data.add_value_not_empty("subsection", subsection) data.add_value_string("value", value) endpoint = KERBEROS_CONFIG + "/{}".format(_id) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def update(self, _id=None, value=None): data = DataObject() data.add_value_string("value", value) endpoint = KERBEROS_CONFIG + "/{}".format(_id) response = self.client.put_json(endpoint, data.data) response.success = response.stauts_code == 200 return response def get(self, _id=None): endpoint = KERBEROS_CONFIG + "/{}".format(_id) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def delete(self, _id=None): endpoint = KERBEROS_CONFIG = "/{}".format(_id) response = self.client.delete_json(endpoint) response.success = response.status_code == 200 return response def test(self, username=None, password=None): data = DataObject() data.add_value_string("username", username) data.add_value_string("password", password) endpoint = "/wga/kerberos/test" response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def import_keytab(self, keytab_file=None): response = Response() try: with open(file_path, 'rb') as contents: files = {"keytab_file": contents} response = self.client.post_file(KERBEROS_KEYTAB, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def delete_keytab(self, _id=None): endpoint = KERBEROS_KEYTAB + "/{}".format(_id) response = self.client.delete_json(endpoint) response.success = response.status_code == 200 return response def combine_keytab(self, new_name=None, keytab_files=[]): data = DataObject() data.add_value_string("new_name", new_name) data.add_value_not_empty("keytab_files", keytab_files) response = self.client.put_json(KERBEROS_KEYTAB, data.data) response.success = response.status_code == 200 return response def list_keytab(self): response = self.client.get_json(KERBEROS_KEYTAB) response.success = response.status_code == 200 return response def verify_keytab(self, _id=None, name=None): data = DataObject() data.add_value_string("name", name) endpoint = KERBEROS_KEYTAB + "/{}".format(_id) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response
class SSLCertificates(object): def __init__(self, base_url, username, password): super(SSLCertificates, self).__init__() self.client = RESTClient(base_url, username, password) def import_personal(self, kdb_id, file_path, password=None): response = Response() try: with open(file_path, 'rb') as certificate: data = DataObject() data.add_value_string("operation", "import") data.add_value_string("password", password) files = {"cert": certificate} endpoint = ("%s/%s/personal_cert" % (SSL_CERTIFICATES, kdb_id)) response = self.client.post_file( endpoint, data=data.data, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def import_signer(self, kdb_id, file_path, label=None): response = Response() try: with open(file_path, 'rb') as certificate: data = DataObject() data.add_value_string("label", label) files = {"cert": certificate} endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id)) response = self.client.post_file( endpoint, data=data.data, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def load_signer(self, kdb_id, server=None, port=None, label=None): data = DataObject() data.add_value_string("operation", "load") data.add_value_string("label", label) data.add_value_string("server", server) data.add_value("port", port) endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id)) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def get_database(self, kdb_id): endpoint = ("%s/%s/details" % (SSL_CERTIFICATES, kdb_id)) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def list_databases(self): endpoint = SSL_CERTIFICATES response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def get_personal(self, kdb_id, label=None): endpoint = ("%s/%s/personal_cert" % (SSL_CERTIFICATES, kdb_id)) if label is not None: endpoint += "/%s" %(label) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def get_signer(self, kdb_id, label=None): endpoint = ("%s/%s/signer_cert" % (SSL_CERTIFICATES, kdb_id)) if label is not None: endpoint += "/%s" %(label) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def create_database(self, kdb_name, type=None, token_label=None, passcode=None, hsm_type=None, ip=None, port=None, kneti_hash=None, esn=None, secondary_ip=None, secondary_port=None, secondary_kneti_hash=None, secondary_esn=None, use_rfs=None, rfs=None, rfs_port=None, rfs_auth=None, update_zip=None, safenet_pw=None): endpoint = SSL_CERTIFICATES data = DataObject() data.add_value_string("kdb_name", kdb_name) data.add_value_string("token_label", token_label) data.add_value_string("passcode", passcode) data.add_value_string("type", type) data.add_value_string("token_label", token_label) data.add_value_string("passcode", passcode) data.add_value_string("hsm_type", hsm_type) data.add_value_string("ip", ip) data.add_value("port", port) data.add_value_string("kneti_hash", kneti_hash) data.add_value_string("esn", esn) data.add_value_string("secondary_ip", secondary_ip) data.add_value("secondary_port", secondary_port) data.add_value_string("secondary_kneti_hash", secondary_kneti_hash) data.add_value_string("secondary_esn", secondary_esn) data.add_value_string("use_rfs", use_rfs) data.add_value("rfs", rfs) data.add_value("rfs_port", rfs_port) data.add_value("rfs_auth", rfs_auth) data.add_value_string("safenet_pw", safenet_pw) if update_zip: raise NotImplementedError response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response
class TemplateFiles(object): def __init__(self, base_url, username, password): super(TemplateFiles, self).__init__() self.client = RESTClient(base_url, username, password) def create_directory(self, path, dir_name=None): data = DataObject() data.add_value_string("dir_name", dir_name) data.add_value_string("type", "dir") endpoint = "%s/%s" % (TEMPLATE_FILES, path) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def get_directory(self, path, recursive=None): parameters = DataObject() parameters.add_value("recursive", recursive) endpoint = "%s/%s" % (TEMPLATE_FILES, path) response = self.client.get_json(endpoint, parameters.data) response.success == response.status_code == 200 if response.success and isinstance(response.json, dict): response.json = response.json.get("contents", []) return response def create_file(self, path, file_name=None, contents=None): data = DataObject() data.add_value_string("file_name", file_name) data.add_value_string("contents", contents) data.add_value_string("type", "file") endpoint = "%s/%s" % (TEMPLATE_FILES, path) response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 200 return response def delete_file(self, path, file_name): endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name)) response = self.client.delete_json(endpoint) response.success = response.status_code == 200 return response def get_file(self, path, file_name): endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name)) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def import_file(self, path, file_name, file_path): response = Response() try: with open(file_path, 'rb') as template: files = {"file": template} endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name)) response = self.client.post_file(endpoint, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def import_files(self, file_path, force=True): response = Response() try: with open(file_path, 'rb') as templates: files = {"file": templates} data = DataObject() data.add_value("force", force) response = self.client.post_file(TEMPLATE_FILES, data=data.data, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def update_file(self, path, file_name, contents=None, force=False): data = DataObject() data.add_value_string("contents", contents) data.add_value_string("force", force) data.add_value_string("type", "file") endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name)) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 200 return response
class FIDO2Config(object): def __init__(self, base_url, username, password): super(FIDO2Config, self).__init__() self.client = RESTClient(base_url, username, password) def list_relying_parties(self): response = self.client.get_json(FIDO2_RELYING_PARTIES) response.success = response.status_code == 200 return response def get_relying_parties(self, _id): endpoint = "{}/{}".format(FIDO2_RELYING_PARTIES, _id) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def create_relying_party( self, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True, mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None, attestation_public_key_algorithms=None, attestation_android_safetynet_max_age=None, attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"): data = DataObject() data.add_value("name", name) data.add_value("rpId", rp_id) fidoServerOptions = DataObject() fidoServerOptions.add_value_not_empty("origins", origins) fidoServerOptions.add_value("metadataSet", metadata_set) fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail) fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id) attestation = DataObject() attestation.add_value("statementTypes", attestation_statement_types) attestation.add_value("statementFormats", attestation_statement_formats) attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms) fidoServerOptions.add_value("attestation", attestation.data) attestationAndroidSafetyNetOptions = DataObject() attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age) attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew) fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data) data.add_value("fidoServerOptions", fidoServerOptions.data) relyingPartyOptions = DataObject() relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group) data.add_value("relyingPartyOptions", relyingPartyOptions.data) response = self.client.post_json(FIDO2_RELYING_PARTIES, data.data) response.success = response.status_code == 201 return response def update_relying_party( self, id, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True, mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None, attestation_public_key_algorithms=None, attestation_android_safety_net_max_age=None, attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"): data = DataObject() data.add_value("id", id) data.add_value("name", name) data.add_value("rpId", rp_id) fidoServerOptions = DataObject() fidoServerOptions.add_value_not_empty("origins", origins) fidoServerOptions.add_value("metadataSet", metadata_set) fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail) fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id) attestation = DataObject() attestation.add_value("statementTypes", attestation_statement_types) attestation.add_value("statementFormats", attestation_statement_formats) attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms) attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms) fidoServerOptions.add_value("attestation", attestation.data) attestationAndroidSafetyNetOptions = DataObject() attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age) attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew) fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data) data.add_value("fidoServerOptions", fidoServerOptions.data) relyingPartyOptions = DataObject() relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group) data.add_value("relyingPartyOptions", relyingPartyOptions.data) endpoint = "%s/%s" % (FIDO2_RELYING_PARTIES, id) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 204 return response def list_metadata(self): endpoint = FIDO2_METADATA response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def get_metadata(self, _id): endpoint = "{}/{}".format(FIDO2_METADATA, _id) response = self.client.get_json(endpoint) response.success = response.status_code == 200 return response def create_metadata(self, filename=None): response = Response() try: with open(filename, 'rb') as content: data = DataObject() data.add_value_string("filename", ntpath.basename(filename)) data.add_value_string("contents", content.read().decode('utf-8')) endpoint = FIDO2_METADATA response = self.client.post_json(endpoint, data.data) response.success = response.status_code == 201 except IOError as e: logger.error(e) response.success = False return response def update_metadata(self, id, filename=None): response = Response() try: with open(filename, 'rb') as content: files = {"file": content} endpoint = ("%s/%s/file" % (FIDO2_METADATA, id)) response = self.client.post_file(endpoint, accept_type="application/json,text/html,application/*", files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def delete_metadata(self, id): endpoint = ("%s/%s/file" % (FIDO2_METADATA, id)) response = self.client.delete_json(endpoint) response.success = response.status_code == 204 def create_mediator(self, name=None, filename=None): response = Response() try: with open(filename, 'rb') as content: data = DataObject() data.add_value_string("filename", ntpath.basename(filename)) data.add_value_string("content", content.read().decode('utf-8')) data.add_value_string("type", "FIDO2") data.add_value_string("name", name) response = self.client.post_json(FIDO2_MEDIATOR, data.data) response.success = response.status_code == 201 except IOError as e: logger.error(e) response.success = False return response def _update_mediator(self, id, filename=None): response = Response() try: with open(filename, 'rb') as content: data = DataObject() data.add_value_string("content", content.read().decode('utf-8')) endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id)) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 204 except IOError as e: logger.error(e) response.success = False return response def get_mediator(self, id): endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id)) response = self.get_json(endpoint) response.success = response.status_code == 200 return response def list_mediator(self): response = self.client.get_json(FIDO2_MEDIATOR) rsponse.success = response.status_code == 200 return response def delete_mediator(self, id): endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id)) response = self.delete_json(endpoint) response.success = response.status_code == 204 return response
class APIProtection(object): def __init__(self, base_url, username, password): super(APIProtection, self).__init__() self.client = RESTClient(base_url, username, password) def create_client( self, name=None, redirect_uri=None, company_name=None, company_url=None, contact_person=None, contact_type=None, email=None, phone=None, other_info=None, definition=None, client_id=None, client_secret=None): data = DataObject() data.add_value_string("name", name) data.add_value_string("redirectUri", redirect_uri) data.add_value_string("companyName", company_name) data.add_value_string("companyUrl", company_url) data.add_value_string("contactPerson", contact_person) data.add_value_string("contactType", contact_type) data.add_value_string("email", email) data.add_value_string("phone", phone) data.add_value_string("otherInfo", other_info) data.add_value_string("definition", definition) data.add_value_string("clientId", client_id) data.add_value_string("clientSecret", client_secret) response = self.client.post_json(CLIENTS, data.data) response.success = response.status_code == 201 return response def update_client( self, id=None, name=None, redirect_uri=None, company_name=None, company_url=None, contact_person=None, contact_type=None, email=None, phone=None, other_info=None, definition=None, client_id=None, client_secret=None): data = DataObject() data.add_value_string("name", name) data.add_value_string("redirectUri", redirect_uri) data.add_value("companyName", company_name) data.add_value_string("companyUrl", company_url) data.add_value_string("contactPerson", contact_person) data.add_value_string("contactType", contact_type) data.add_value_string("email", email) data.add_value_string("phone", phone) data.add_value_string("otherInfo", other_info) data.add_value_string("definition", definition) data.add_value_string("clientId", client_id) data.add_value_string("clientSecret", client_secret) response = self.client.put_json(CLIENTS+"/"+str(id), data.data) response.success = response.status_code == 204 return response def delete_client(self, id): endpoint = "%s/%s" % (CLIENTS, id) response = self.client.delete_json(endpoint) response.success = response.status_code == 204 return response def list_clients(self, sort_by=None, count=None, start=None, filter=None): parameters = DataObject() parameters.add_value_string("sortBy", sort_by) parameters.add_value_string("count", count) parameters.add_value_string("start", start) parameters.add_value_string("filter", filter) response = self.client.get_json(CLIENTS, parameters.data) response.success = response.status_code == 200 return response def create_definition( self, name=None, description=None, tcm_behavior=None, token_char_set=None, access_token_lifetime=None, access_token_length=None, authorization_code_lifetime=None, authorization_code_length=None, refresh_token_length=None, max_authorization_grant_lifetime=None, pin_length=None, enforce_single_use_authorization_grant=None, issue_refresh_token=None, enforce_single_access_token_per_grant=None, enable_multiple_refresh_tokens_for_fault_tolerance=None, pin_policy_enabled=None, grant_types=None): data = DataObject() data.add_value_string("name", name) data.add_value_string("description", description) data.add_value_string("tcmBehavior", tcm_behavior) data.add_value_string("tokenCharSet", token_char_set) data.add_value("accessTokenLifetime", access_token_lifetime) data.add_value("accessTokenLength", access_token_length) data.add_value("authorizationCodeLifetime", authorization_code_lifetime) data.add_value("authorizationCodeLength", authorization_code_length) data.add_value("refreshTokenLength", refresh_token_length) data.add_value( "maxAuthorizationGrantLifetime", max_authorization_grant_lifetime) data.add_value("pinLength", pin_length) data.add_value( "enforceSingleUseAuthorizationGrant", enforce_single_use_authorization_grant) data.add_value("issueRefreshToken", issue_refresh_token) data.add_value( "enforceSingleAccessTokenPerGrant", enforce_single_access_token_per_grant) data.add_value( "enableMultipleRefreshTokensForFaultTolerance", enable_multiple_refresh_tokens_for_fault_tolerance) data.add_value("pinPolicyEnabled", pin_policy_enabled) data.add_value("grantTypes", grant_types) response = self.client.post_json(DEFINITIONS, data.data) response.success = response.status_code == 201 return response def update_definition( self, definition_id=None, name=None, description=None, tcm_behavior=None, token_char_set=None, access_token_lifetime=None, access_token_length=None, authorization_code_lifetime=None, authorization_code_length=None, refresh_token_length=None, max_authorization_grant_lifetime=None, pin_length=None, enforce_single_use_authorization_grant=None, issue_refresh_token=None, enforce_single_access_token_per_grant=None, enable_multiple_refresh_tokens_for_fault_tolerance=None, pin_policy_enabled=None, grant_types=None, oidc_enabled=False, iss=None, poc=None, lifetime=None, alg=None, db=None, cert=None, enc_enabled=False, enc_alg=None, enc_enc=None, access_policy_id=None): data = DataObject() data.add_value_string("name", name) data.add_value_string("description", description) data.add_value_string("tcmBehavior", tcm_behavior) data.add_value_string("tokenCharSet", token_char_set) data.add_value("accessTokenLifetime", access_token_lifetime) data.add_value("accessTokenLength", access_token_length) data.add_value("authorizationCodeLifetime", authorization_code_lifetime) data.add_value("authorizationCodeLength", authorization_code_length) data.add_value("refreshTokenLength", refresh_token_length) data.add_value( "maxAuthorizationGrantLifetime", max_authorization_grant_lifetime) data.add_value("pinLength", pin_length) data.add_value( "enforceSingleUseAuthorizationGrant", enforce_single_use_authorization_grant) data.add_value("issueRefreshToken", issue_refresh_token) data.add_value( "enforceSingleAccessTokenPerGrant", enforce_single_access_token_per_grant) data.add_value( "enableMultipleRefreshTokensForFaultTolerance", enable_multiple_refresh_tokens_for_fault_tolerance) data.add_value("pinPolicyEnabled", pin_policy_enabled) data.add_value("grantTypes", grant_types) data.add_value("accessPolicyId", access_policy_id) if oidc_enabled: oidc = DataObject() oidc.add_value("enabled",True) oidc.add_value("iss",iss) oidc.add_value("poc",poc) oidc.add_value("lifetime",lifetime) oidc.add_value("alg",alg) oidc.add_value("db",db) oidc.add_value("cert",cert) if enc_enabled: enc_data = DataObject() enc_data.add_value("db",enc_db) enc_data.add_value("cert",enc_cert) oidc.add_value("enc",enc_data.data) data.add_value("oidc",oidc.data) response = self.client.put_json(DEFINITIONS+"/"+str(definition_id), data.data) response.success = response.status_code == 204 return response def delete_definition(self, id): endpoint = "%s/%s" % (DEFINITIONS, id) response = self.client.delete_json(endpoint) response.success = response.status_code == 204 return response def list_definitions( self, sort_by=None, count=None, start=None, filter=None): parameters = DataObject() parameters.add_value_string("sortBy", sort_by) parameters.add_value_string("count", count) parameters.add_value_string("start", start) parameters.add_value_string("filter", filter) response = self.client.get_json(DEFINITIONS, parameters.data) response.success = response.status_code == 200 return response def create_mapping_rule( self, name=None, category=None, file_name=None, content=None): data = DataObject() data.add_value_string("name", name) data.add_value_string("category", category) data.add_value_string("fileName", file_name) data.add_value_string("content", content) response = self.client.post_json(MAPPING_RULES, data.data) response.success = response.status_code == 201 return response def list_mapping_rules( self, sort_by=None, count=None, start=None, filter=None): parameters = DataObject() parameters.add_value_string("sortBy", sort_by) parameters.add_value_string("count", count) parameters.add_value_string("start", start) parameters.add_value_string("filter", filter) response = self.client.get_json(MAPPING_RULES, parameters.data) response.success = response.status_code == 200 return response def import_mapping_rule(self, id, file_path): response = Response() try: with open(file_path, 'rb') as mapping_rule: files = {"file": mapping_rule} endpoint = "%s/%s/file" % (MAPPING_RULES, id) accept_type = "%s,%s" % ("application/json", "text/html") response = self.client.post_file( endpoint, accept_type=accept_type, files=files) response.success = response.status_code == 200 except IOError as e: logger.error(e) response.success = False return response def update_mapping_rule(self, id, content=None): data = DataObject() data.add_value_string("content", content) endpoint = "%s/%s" % (MAPPING_RULES, id) response = self.client.put_json(endpoint, data.data) response.success = response.status_code == 204 return response