def test_upload(user): from lemur.certificates.service import upload cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', creator=user['user']) assert str(cert.not_after) == '2040-01-01T20:30:52+00:00' assert str(cert.not_before) == '2015-06-26T20:30:52+00:00' assert cert.issuer == 'Example' assert cert.name == 'long.lived.com-Example-20150626-20400101-3' cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName', creator=user['user']) assert 'ACustomName' in cert.name
def test_upload(user): from lemur.certificates.service import upload cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', creator=user['user']) assert str(cert.not_after) == '2040-01-01T20:30:52+00:00' assert str(cert.not_before) == '2015-06-26T20:30:52+00:00' assert cert.issuer == 'Example' assert cert.name == 'long.lived.com-Example-20150626-20400101-3' cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', name='ACustomName', creator=user['user']) assert 'ACustomName' in cert.name
def test_upload(logged_in_user): from lemur.certificates.service import upload cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**') assert str(cert.not_after) == '2040-01-01 20:30:52' assert str(cert.not_before) == '2015-06-26 20:30:52' assert cert.issuer == 'Example' assert cert.name == 'long.lived.com-Example-20150626-20400101-2' cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName') assert 'ACustomName' in cert.name
def create(**kwargs): """ Creates a new authority. """ body, private_key, chain, roles = mint(**kwargs) kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles)) kwargs["body"] = body kwargs["private_key"] = private_key kwargs["chain"] = chain if kwargs.get("roles"): kwargs["roles"] += roles else: kwargs["roles"] = roles cert = upload(**kwargs) kwargs["authority_certificate"] = cert if kwargs.get("plugin", {}).get("plugin_options", []): kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"]) authority = Authority(**kwargs) authority = database.create(authority) kwargs["creator"].authorities.append(authority) metrics.send("authority_created", "counter", 1, metric_tags=dict(owner=authority.owner)) return authority
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, chain, roles = mint(**kwargs) kwargs['body'] = body kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs['type'] == 'subca': description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format(kwargs.get('name'), kwargs.get('parent')) else: description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('name') ) kwargs['description'] = description cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, private_key, chain, roles = mint(**kwargs) g.user.roles = list(set(list(g.user.roles) + roles)) kwargs['body'] = body kwargs['private_key'] = private_key kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def create(**kwargs): """ Creates a new authority. """ body, private_key, chain, roles = mint(**kwargs) kwargs['creator'].roles = list(set(list(kwargs['creator'].roles) + roles)) kwargs['body'] = body kwargs['private_key'] = private_key kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles cert = upload(**kwargs) kwargs['authority_certificate'] = cert if kwargs.get('plugin', {}).get('plugin_options', []): kwargs['options'] = json.dumps(kwargs['plugin']['plugin_options']) authority = Authority(**kwargs) authority = database.create(authority) kwargs['creator'].authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def test_upload(logged_in_user): from lemur.certificates.service import upload cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**') assert str(cert.not_after) == '2040-01-01 20:30:52' assert str(cert.not_before) == '2015-06-26 20:30:52' assert cert.issuer == 'Example' assert cert.name == 'long.lived.com-Example-20150626-20400101-2' cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName') assert cert.name == 'ACustomName'
def test_upload_private_key_str(logged_in_user): from lemur.certificates.service import upload cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR.decode('utf-8'), owner='*****@*****.**', name='ACustomName') assert cert
def test_upload_private_key_str(user): from lemur.certificates.service import upload cert = upload(body=INTERNAL_VALID_LONG_STR, chain=INTERNAL_VALID_SAN_STR, private_key=PRIVATE_KEY_STR, owner='*****@*****.**', name='ACustomName', creator=user['user']) assert cert
def test_upload_private_key_str(user): from lemur.certificates.service import upload cert = upload(body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner='*****@*****.**', name='ACustomName', creator=user['user']) assert cert
def create(**kwargs): """ Creates a new authority. """ ca_name = kwargs.get("name") if get_by_name(ca_name): raise Exception(f"Authority with name {ca_name} already exists") if role_service.get_by_name( f"{ca_name}_admin") or role_service.get_by_name( f"{ca_name}_operator"): raise Exception( f"Admin and/or operator roles for authority {ca_name} already exist" ) body, private_key, chain, roles = mint(**kwargs) kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles)) kwargs["body"] = body kwargs["private_key"] = private_key kwargs["chain"] = chain if kwargs.get("roles"): kwargs["roles"] += roles else: kwargs["roles"] = roles cert = upload(**kwargs) kwargs["authority_certificate"] = cert if kwargs.get("plugin", {}).get("plugin_options", []): # encrypt the private key before persisting in DB for option in kwargs.get("plugin").get("plugin_options"): if option["name"] == "acme_private_key" and option["value"]: option["value"] = data_encrypt(option["value"]) kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"]) authority = Authority(**kwargs) authority = database.create(authority) kwargs["creator"].authorities.append(authority) log_service.audit_log("create_authority", ca_name, "Created new authority") issuer = kwargs["plugin"]["plugin_object"] current_app.logger.warning( f"Created new authority {ca_name} with issuer {issuer.title}") metrics.send("authority_created", "counter", 1, metric_tags=dict(owner=authority.owner)) return authority
def test_upload(user): from lemur.certificates.service import upload cert = upload( body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner="*****@*****.**", creator=user["user"], ) assert str(cert.not_after) == "2040-01-01T20:30:52+00:00" assert str(cert.not_before) == "2015-06-26T20:30:52+00:00" assert cert.issuer == "Example" assert cert.name == "long.lived.com-Example-20150626-20400101-3" cert = upload( body=SAN_CERT_STR, chain=INTERMEDIATE_CERT_STR, private_key=SAN_CERT_KEY, owner="*****@*****.**", name="ACustomName", creator=user["user"], ) assert "ACustomName" in cert.name
def create(**kwargs): """ Creates a new authority. """ ca_name = kwargs.get("name") if get_by_name(ca_name): raise Exception(f"Authority with name {ca_name} already exists") if role_service.get_by_name( f"{ca_name}_admin") or role_service.get_by_name( f"{ca_name}_operator"): raise Exception( f"Admin and/or operator roles for authority {ca_name} already exist" ) body, private_key, chain, roles = mint(**kwargs) kwargs["creator"].roles = list(set(list(kwargs["creator"].roles) + roles)) kwargs["body"] = body kwargs["private_key"] = private_key kwargs["chain"] = chain if kwargs.get("roles"): kwargs["roles"] += roles else: kwargs["roles"] = roles cert = upload(**kwargs) kwargs["authority_certificate"] = cert if kwargs.get("plugin", {}).get("plugin_options", []): kwargs["options"] = json.dumps(kwargs["plugin"]["plugin_options"]) authority = Authority(**kwargs) authority = database.create(authority) kwargs["creator"].authorities.append(authority) log_service.audit_log("create_authority", ca_name, "Created new authority") metrics.send("authority_created", "counter", 1, metric_tags=dict(owner=authority.owner)) return authority
def create(**kwargs): """ Creates a new authority. """ kwargs['creator'] = g.user.email body, chain, roles = mint(**kwargs) kwargs['body'] = body kwargs['chain'] = chain if kwargs.get('roles'): kwargs['roles'] += roles else: kwargs['roles'] = roles if kwargs['type'] == 'subca': description = "This is the ROOT certificate for the {0} sub certificate authority the parent \ authority is {1}.".format( kwargs.get('name'), kwargs.get('parent')) else: description = "This is the ROOT certificate for the {0} certificate authority.".format( kwargs.get('name')) kwargs['description'] = description cert = upload(**kwargs) kwargs['authority_certificate'] = cert authority = Authority(**kwargs) authority = database.create(authority) g.user.authorities.append(authority) metrics.send('authority_created', 'counter', 1, metric_tags=dict(owner=authority.owner)) return authority
def post(self, data=None): """ .. http:post:: /certificates/upload Upload a certificate **Example request**: .. sourcecode:: http POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "*****@*****.**", "publicCert": "-----BEGIN CERTIFICATE-----...", "intermediateCert": "-----BEGIN CERTIFICATE-----...", "privateKey": "-----BEGIN RSA PRIVATE KEY-----..." "destinations": [], "notifications": [], "replacements": [], "name": "cert1" } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "*****@*****.**", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "*****@*****.**", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "******", "active": true, "email": "*****@*****.**", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "rotation": True, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "*****@*****.**" }], "san": null } :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ data['creator'] = g.user if data.get('destinations'): if data.get('private_key'): return service.upload(**data) else: raise Exception( "Private key must be provided in order to upload certificate to AWS" ) return service.upload(**data)
def post(self): """ .. http:post:: /certificates/upload Upload a certificate **Example request**: .. sourcecode:: http POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "*****@*****.**", "publicCert": "---Begin Public...", "intermediateCert": "---Begin Public...", "privateKey": "---Begin Private..." "destinations": [], "notifications": [], "replacements": [], "name": "cert1" } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "cert1", "description": "this is cert1", "bits": 2048, "deleted": false, "issuer": "ExampeInc.", "serial": "123450", "chain": "-----Begin ...", "body": "-----Begin ...", "san": true, "owner": "*****@*****.**", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39", "signingAlgorithm": "sha2" "cn": "example.com", "status": "unknown" } :arg owner: owner email for certificate :arg publicCert: valid PEM public key for certificate :arg intermediateCert valid PEM intermediate key for certificate :arg privateKey: valid PEM private key for certificate :arg destinations: list of aws destinations to upload the certificate to :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ self.reqparse.add_argument('description', type=str, location='json') self.reqparse.add_argument('owner', type=str, required=True, location='json') self.reqparse.add_argument('name', type=str, location='json') self.reqparse.add_argument('publicCert', type=pem_str, required=True, dest='public_cert', location='json') self.reqparse.add_argument('destinations', type=list, default=[], location='json') self.reqparse.add_argument('notifications', type=list, default=[], location='json') self.reqparse.add_argument('replacements', type=list, default=[], location='json') self.reqparse.add_argument('intermediateCert', type=pem_str, dest='intermediate_cert', location='json') self.reqparse.add_argument('privateKey', type=private_key_str, dest='private_key', location='json') args = self.reqparse.parse_args() if args.get('destinations'): if args.get('private_key'): return service.upload(**args) else: raise Exception("Private key must be provided in order to upload certificate to AWS") return service.upload(**args)
def post(self, data=None): """ .. http:post:: /certificates/upload Upload a certificate **Example request**: .. sourcecode:: http POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "*****@*****.**", "body": "-----BEGIN CERTIFICATE-----...", "chain": "-----BEGIN CERTIFICATE-----...", "privateKey": "-----BEGIN RSA PRIVATE KEY-----..." "csr": "-----BEGIN CERTIFICATE REQUEST-----..." "destinations": [], "notifications": [], "replacements": [], "roles": [], "notify": true, "name": "cert1" } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "*****@*****.**", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "*****@*****.**", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "******", "active": true, "email": "*****@*****.**", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "*****@*****.**" }], "san": null } :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ data['creator'] = g.user if data.get('destinations'): if data.get('private_key'): return service.upload(**data) else: raise Exception("Private key must be provided in order to upload certificate to AWS") return service.upload(**data)
def post(self): """ .. http:post:: /certificates/upload Upload a certificate **Example request**: .. sourcecode:: http POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "*****@*****.**", "publicCert": "---Begin Public...", "intermediateCert": "---Begin Public...", "privateKey": "---Begin Private..." "destinations": [], "notifications": [], "replacements": [], "name": "cert1" } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "cert1", "description": "this is cert1", "bits": 2048, "deleted": false, "issuer": "ExampeInc.", "serial": "123450", "chain": "-----Begin ...", "body": "-----Begin ...", "san": true, "owner": "*****@*****.**", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39", "signingAlgorithm": "sha2" "cn": "example.com", "status": "unknown" } :arg owner: owner email for certificate :arg publicCert: valid PEM public key for certificate :arg intermediateCert valid PEM intermediate key for certificate :arg privateKey: valid PEM private key for certificate :arg destinations: list of aws destinations to upload the certificate to :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ self.reqparse.add_argument('description', type=str, location='json') self.reqparse.add_argument('owner', type=str, required=True, location='json') self.reqparse.add_argument('name', type=str, location='json') self.reqparse.add_argument('publicCert', type=pem_str, required=True, dest='public_cert', location='json') self.reqparse.add_argument('destinations', type=list, default=[], location='json') self.reqparse.add_argument('notifications', type=list, default=[], location='json') self.reqparse.add_argument('replacements', type=list, default=[], location='json') self.reqparse.add_argument('intermediateCert', type=pem_str, dest='intermediate_cert', location='json') self.reqparse.add_argument('privateKey', type=private_key_str, dest='private_key', location='json') args = self.reqparse.parse_args() if args.get('destinations'): if args.get('private_key'): return service.upload(**args) else: raise Exception( "Private key must be provided in order to upload certificate to AWS" ) return service.upload(**args)