def import_certificate(**kwargs): """ Uploads already minted certificates and pulls the required information into Lemur. This is to be used for certificates that are created outside of Lemur but should still be tracked. Internally this is used to bootstrap Lemur with external certificates, and used when certificates are 'discovered' through various discovery techniques. was still in aws. :param kwargs: """ from lemur.users import service as user_service from lemur.notifications import service as notification_service cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate']) # TODO future source plugins might have a better understanding of who the 'owner' is we should support this cert.owner = kwargs.get('owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0]) cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody')) # NOTE existing certs may not follow our naming standard we will # overwrite the generated name with the actual cert name if kwargs.get('name'): cert.name = kwargs.get('name') if kwargs.get('user'): cert.user = kwargs.get('user') notification_name = 'DEFAULT_SECURITY' notifications = notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications cert = database.create(cert) return cert
def create(kwargs): """ Create a new authority. :return: """ issuer = plugins.get(kwargs.get('pluginName')) kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert = Certificate(cert_body, chain=intermediate) cert.owner = kwargs['ownerEmail'] if kwargs['caType'] == 'subca': cert.description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format( kwargs.get('caName'), kwargs.get('caParent')) else: cert.description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('caName')) cert.user = g.current_user cert.notifications = notification_service.create_default_expiration_notifications( 'DEFAULT_SECURITY', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) # we create and attach any roles that the issuer gives us role_objs = [] for r in issuer_roles: role = role_service.create( r['name'], password=r['password'], description="{0} auto generated role".format( kwargs.get('pluginName')), username=r['username']) # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) role_objs.append(role) authority = Authority(kwargs.get('caName'), kwargs['ownerEmail'], kwargs['pluginName'], cert_body, description=kwargs['caDescription'], chain=intermediate, roles=role_objs) database.update(cert) authority = database.create(authority) g.current_user.authorities.append(authority) return authority
def create(kwargs): """ Create a new authority. :rtype : Authority :return: """ issuer = plugins.get(kwargs.get('pluginName')) kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert = Certificate(cert_body, chain=intermediate) cert.owner = kwargs['ownerEmail'] cert.description = "This is the ROOT certificate for the {0} certificate authority".format(kwargs.get('caName')) cert.user = g.current_user cert.notifications = notification_service.create_default_expiration_notifications( 'DEFAULT_SECURITY', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') ) # we create and attach any roles that the issuer gives us role_objs = [] for r in issuer_roles: role = role_service.create( r['name'], password=r['password'], description="{0} auto generated role".format(kwargs.get('pluginName')), username=r['username']) # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) role_objs.append(role) authority = Authority( kwargs.get('caName'), kwargs['ownerEmail'], kwargs['pluginName'], cert_body, description=kwargs['caDescription'], chain=intermediate, roles=role_objs ) database.update(cert) authority = database.create(authority) g.current_user.authorities.append(authority) return authority
def import_certificate(**kwargs): """ Uploads already minted certificates and pulls the required information into Lemur. This is to be used for certificates that are created outside of Lemur but should still be tracked. Internally this is used to bootstrap Lemur with external certificates, and used when certificates are 'discovered' through various discovery techniques. was still in aws. :param kwargs: """ from lemur.users import service as user_service from lemur.notifications import service as notification_service cert = Certificate(kwargs['public_certificate'], chain=kwargs['intermediate_certificate']) # TODO future source plugins might have a better understanding of who the 'owner' is we should support this cert.owner = kwargs.get( 'owner', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')[0]) cert.creator = kwargs.get('creator', user_service.get_by_email('lemur@nobody')) # NOTE existing certs may not follow our naming standard we will # overwrite the generated name with the actual cert name if kwargs.get('name'): cert.name = kwargs.get('name') if kwargs.get('user'): cert.user = kwargs.get('user') notification_name = 'DEFAULT_SECURITY' notifications = notification_service.create_default_expiration_notifications( notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) if kwargs.get('replacements'): database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) cert.notifications = notifications cert = database.create(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate( kwargs.get('public_cert'), kwargs.get('private_key'), kwargs.get('intermediate_cert'), ) # we override the generated name if one is provided if kwargs.get('name'): cert.name = kwargs['name'] cert.description = kwargs.get('description') cert.owner = kwargs['owner'] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, 'destinations', Destination, kwargs.get('destinations')) database.update_list(cert, 'notifications', Notification, kwargs.get('notifications')) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get('notifications'): notification_name = "DEFAULT_{0}".format( cert.owner.split('@')[0].upper()) notifications += notification_service.create_default_expiration_notifications( notification_name, [cert.owner]) notification_name = 'DEFAULT_SECURITY' notifications += notification_service.create_default_expiration_notifications( notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications database.update(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate( kwargs.get('public_cert'), kwargs.get('private_key'), kwargs.get('intermediate_cert'), ) # we override the generated name if one is provided if kwargs.get('name'): cert.name = kwargs['name'] cert.description = kwargs.get('description') cert.owner = kwargs['owner'] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, 'destinations', Destination, kwargs['destinations']) database.update_list(cert, 'notifications', Notification, kwargs['notifications']) database.update_list(cert, 'replaces', Certificate, kwargs['replacements']) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get('notifications'): notification_name = "DEFAULT_{0}".format(cert.owner.split('@')[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = 'DEFAULT_SECURITY' notifications += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL')) cert.notifications = notifications database.update(cert) return cert
def upload(**kwargs): """ Allows for pre-made certificates to be imported into Lemur. """ from lemur.notifications import service as notification_service cert = Certificate(kwargs.get("public_cert"), kwargs.get("private_key"), kwargs.get("intermediate_cert")) # we override the generated name if one is provided if kwargs.get("name"): cert.name = kwargs["name"] cert.description = kwargs.get("description") cert.owner = kwargs["owner"] cert = database.create(cert) g.user.certificates.append(cert) database.update_list(cert, "destinations", Destination, kwargs.get("destinations")) database.update_list(cert, "notifications", Notification, kwargs.get("notifications")) # create default notifications for this certificate if none are provided notifications = [] if not kwargs.get("notifications"): notification_name = "DEFAULT_{0}".format(cert.owner.split("@")[0].upper()) notifications += notification_service.create_default_expiration_notifications(notification_name, [cert.owner]) notification_name = "DEFAULT_SECURITY" notifications += notification_service.create_default_expiration_notifications( notification_name, current_app.config.get("LEMUR_SECURITY_TEAM_EMAIL") ) cert.notifications = notifications database.update(cert) return cert
def create(kwargs): """ Create a new authority. :return: """ issuer = kwargs['plugin']['plugin_object'] kwargs['creator'] = g.current_user.email cert_body, intermediate, issuer_roles = issuer.create_authority(kwargs) cert = Certificate(cert_body, chain=intermediate) cert.owner = kwargs['owner'] if kwargs['type'] == 'subca': cert.description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format(kwargs.get('name'), kwargs.get('parent')) else: cert.description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('name') ) cert.user = g.current_user cert.notifications = notification_service.create_default_expiration_notifications( 'DEFAULT_SECURITY', current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL') ) # we create and attach any roles that the issuer gives us role_objs = [] for r in issuer_roles: role = role_service.create( r['name'], password=r['password'], description="{0} auto generated role".format(issuer.title), username=r['username']) # the user creating the authority should be able to administer it if role.username == 'admin': g.current_user.roles.append(role) role_objs.append(role) authority = Authority( kwargs.get('name'), kwargs['owner'], issuer.slug, cert_body, description=kwargs['description'], chain=intermediate, roles=role_objs ) database.update(cert) authority = database.create(authority) # the owning dl or role should have this authority associated with it owner_role = role_service.get_by_name(kwargs['owner']) if not owner_role: owner_role = role_service.create(kwargs['owner']) owner_role.authority = authority g.current_user.authorities.append(authority) return authority