def get_all_valid_certs(authority_plugin_name, paginate=False, page=1, count=1000, created_on_or_before=None): """ Retrieves all valid (not expired & not revoked) certificates within Lemur, for the given authority plugin names ignored if no authority_plugin_name provided. Note that depending on the DB size retrieving all certificates might an expensive operation :param paginate: option to use pagination, for large number of certificates. default to false :param page: the page to turn. default to 1 :param count: number of return certificates per page. default 1000 :param created_on_or_before: optional Arrow date to select only certificates issued on or before the date :return: list of certificates to check for revocation """ assert (page > 0) query = database.session_query(Certificate) if paginate else Certificate.query if authority_plugin_name: query = query.outerjoin(Authority, Authority.id == Certificate.authority_id)\ .filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD"))\ .filter(Authority.plugin_name.in_(authority_plugin_name))\ .filter(Certificate.revoked.is_(False)) else: query = query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD"))\ .filter(Certificate.revoked.is_(False)) if created_on_or_before: query = query.filter(Certificate.date_created <= created_on_or_before.format("YYYY-MM-DD")) if paginate: items = database.paginate(query, page, count) return items['items'] return query.all()
def query_common_name(common_name, args): """ Helper function that queries for not expired certificates by common name (and owner) :param common_name: :param args: :return: """ owner = args.pop("owner") page = args.pop("page") count = args.pop("count") paginate = page and count query = database.session_query(Certificate) if paginate else Certificate.query # only not expired certificates current_time = arrow.utcnow() query = query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))\ .filter(not_(Certificate.revoked))\ .filter(not_(Certificate.replaced.any())) # ignore rotated certificates to avoid duplicates if owner: query = query.filter(Certificate.owner.ilike(owner)) if common_name != "%": # if common_name is a wildcard ('%'), no need to include it in the query query = query.filter(Certificate.cn.ilike(common_name)) if paginate: return database.paginate(query, page, count) return query.all()
def render(args): """ Helper that helps us render the REST Api responses. :param args: :return: """ query = database.session_query(Authority) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') if filt: terms = filt.split(';') if 'active' in filt: # this is really weird but strcmp seems to not work here?? query = query.filter(Authority.active == terms[1]) else: query = database.filter(query, Authority, terms) # we make sure that a user can only use an authority they either own are are a member of - admins can see all if not g.current_user.is_admin: authority_ids = [] for role in g.current_user.roles: if role.authority: authority_ids.append(role.authority.id) query = query.filter(Authority.id.in_(authority_ids)) query = database.find_all(query, Authority, args) if sort_by and sort_dir: query = database.sort(query, Authority, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): """ Helper that paginates and filters data when requested through the REST Api :param args: :return: """ query = database.session_query(User) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') if filt: terms = filt.split(';') query = database.filter(query, User, terms) query = database.find_all(query, User, args) if sort_by and sort_dir: query = database.sort(query, User, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if certificate_id: query = database.session_query(Source).join(Certificate, Source.certificate) query = query.filter(Certificate.id == certificate_id) else: query = database.session_query(Source) if filt: terms = filt.split(';') query = database.filter(query, Source, terms) query = database.find_all(query, Source, args) if sort_by and sort_dir: query = database.sort(query, Source, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if certificate_id: query = database.session_query(Notification).join( Certificate, Notification.certificate) query = query.filter(Certificate.id == certificate_id) else: query = database.session_query(Notification) if filt: terms = filt.split(';') if terms[0] == 'active' and terms[1] == 'false': query = query.filter(Notification.active == False) # noqa elif terms[0] == 'active' and terms[1] == 'true': query = query.filter(Notification.active == True) # noqa else: query = database.filter(query, Notification, terms) query = database.find_all(query, Notification, args) if sort_by and sort_dir: query = database.sort(query, Notification, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): """ Helper to parse REST Api requests :param args: :return: """ query = database.session_query(Domain).join(Certificate, Domain.certificate) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if filt: terms = filt.split(';') query = database.filter(query, Domain, terms) if certificate_id: query = query.filter(Certificate.id == certificate_id) query = database.find_all(query, Domain, args) if sort_by and sort_dir: query = database.sort(query, Domain, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): """ Helper to parse REST Api requests :param args: :return: """ query = database.session_query(Domain).join(Certificate, Domain.certificate) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if filt: terms = filt.split(';') query = database.filter(query, Domain, terms) if certificate_id: query = query.filter(Certificate.id == certificate_id) query = database.find_all(query, Domain, args) if sort_by and sort_dir: query = database.sort(query, Domain, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): sort_by = args.pop("sort_by") sort_dir = args.pop("sort_dir") page = args.pop("page") count = args.pop("count") filt = args.pop("filter") certificate_id = args.pop("certificate_id", None) if certificate_id: query = database.session_query(Notification).join(Certificate, Notification.certificate) query = query.filter(Certificate.id == certificate_id) else: query = database.session_query(Notification) if filt: terms = filt.split(";") if terms[0] == "active" and terms[1] == "false": query = query.filter(Notification.active == False) # noqa elif terms[0] == "active" and terms[1] == "true": query = query.filter(Notification.active == True) # noqa else: query = database.filter(query, Notification, terms) query = database.find_all(query, Notification, args) if sort_by and sort_dir: query = database.sort(query, Notification, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if certificate_id: query = database.session_query(Notification).join(Certificate, Notification.certificate) query = query.filter(Certificate.id == certificate_id) else: query = database.session_query(Notification) if filt: terms = filt.split(';') if terms[0] == 'active' and terms[1] == 'false': query = query.filter(Notification.active == False) # noqa elif terms[0] == 'active' and terms[1] == 'true': query = query.filter(Notification.active == True) # noqa else: query = database.filter(query, Notification, terms) query = database.find_all(query, Notification, args) if sort_by and sort_dir: query = database.sort(query, Notification, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): """ Helper that paginates and filters data when requested through the REST Api :param args: :return: """ query = database.session_query(User) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') if filt: terms = filt.split(';') query = database.filter(query, User, terms) query = database.find_all(query, User, args) if sort_by and sort_dir: query = database.sort(query, User, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): """ Helper that filters subsets of roles depending on the parameters passed to the REST Api :param args: :return: """ query = database.session_query(Role) sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') user_id = args.pop('user_id', None) authority_id = args.pop('authority_id', None) if user_id: query = query.filter(Role.users.any(User.id == user_id)) if authority_id: query = query.filter(Role.authority_id == authority_id) # we make sure that user can see the role - admins can see all if not g.current_user.is_admin: ids = [] for role in g.current_user.roles: ids.append(role.id) query = query.filter(Role.id.in_(ids)) if filt: terms = filt.split(';') query = database.filter(query, Role, terms) query = database.find_all(query, Role, args) if sort_by and sort_dir: query = database.sort(query, Role, sort_by, sort_dir) return database.paginate(query, page, count)
def render(args): sort_by = args.pop('sort_by') sort_dir = args.pop('sort_dir') page = args.pop('page') count = args.pop('count') filt = args.pop('filter') certificate_id = args.pop('certificate_id', None) if certificate_id: query = database.session_query(Source).join(Certificate, Source.certificate) query = query.filter(Certificate.id == certificate_id) else: query = database.session_query(Source) if filt: terms = filt.split(';') query = database.filter(query, Source, terms) query = database.find_all(query, Source, args) if sort_by and sort_dir: query = database.sort(query, Source, sort_by, sort_dir) return database.paginate(query, page, count)