示例#1
0
def test_find_duplicates(session):
    from lemur.certificates.service import find_duplicates

    cert = {"body": SAN_CERT_STR, "chain": INTERMEDIATE_CERT_STR}

    dups1 = find_duplicates(cert)

    cert["chain"] = ""

    dups2 = find_duplicates(cert)

    assert len(dups1) > 0
    assert len(dups2) > 0
示例#2
0
def test_find_duplicates(session):
    from lemur.certificates.service import find_duplicates

    cert = {'body': SAN_CERT_STR, 'chain': INTERMEDIATE_CERT_STR}

    dups1 = find_duplicates(cert)

    cert['chain'] = ''

    dups2 = find_duplicates(cert)

    assert len(dups1) > 0
    assert len(dups2) > 0
示例#3
0
def sync_certificates(source):
    new, updated = 0, 0

    current_app.logger.debug("Retrieving certificates from {0}".format(source.label))
    s = plugins.get(source.plugin_name)
    certificates = s.get_certificates(source.options)

    for certificate in certificates:
        exists = cert_service.find_duplicates(certificate['body'])

        if not exists:
            certificate_create(certificate, source)
            new += 1

        # check to make sure that existing certificates have the current source associated with it
        elif len(exists) == 1:
            certificate_update(exists[0], source)
            updated += 1
        else:
            current_app.logger.warning(
                "Multiple certificates found, attempt to deduplicate the following certificates: {0}".format(
                    ",".join([x.name for x in exists])
                )
            )

    # we need to try and find the absent of certificates so we can properly disassociate them when they are deleted
    _disassociate_certs_from_source(certificates, source)
示例#4
0
def sync(labels=None):
    new, updated = 0, 0
    c_certificates = cert_service.get_all_certs()

    for source in database.get_all(Source, True, field='active'):
        # we should be able to specify, individual sources to sync
        if labels:
            if source.label not in labels:
                continue

        current_app.logger.debug("Retrieving certificates from {0}".format(source.label))
        s = plugins.get(source.plugin_name)
        certificates = s.get_certificates(source.options)

        for certificate in certificates:
            exists = cert_service.find_duplicates(certificate['body'])

            if not exists:
                sync_create(certificate, source)
                new += 1

            # check to make sure that existing certificates have the current source associated with it
            elif len(exists) == 1:
                sync_update(exists[0], source)
                updated += 1
            else:
                current_app.logger.warning(
                    "Multiple certificates found, attempt to deduplicate the following certificates: {0}".format(
                        ",".join([x.name for x in exists])
                    )
                )

        # we need to try and find the absent of certificates so we can properly disassociate them when they are deleted
        _disassociate_certs_from_source(c_certificates, certificates, source)
示例#5
0
def sync_certificates(source):
    new, updated = 0, 0

    current_app.logger.debug("Retrieving certificates from {0}".format(
        source.label))
    s = plugins.get(source.plugin_name)
    certificates = s.get_certificates(source.options)

    for certificate in certificates:
        exists = cert_service.find_duplicates(certificate)

        if not exists:
            certificate_create(certificate, source)
            new += 1

        # check to make sure that existing certificates have the current source associated with it
        elif len(exists) == 1:
            certificate_update(exists[0], source)
            updated += 1
        else:
            current_app.logger.warning(
                "Multiple certificates found, attempt to deduplicate the following certificates: {0}"
                .format(",".join([x.name for x in exists])))

    # we need to try and find the absent of certificates so we can properly disassociate them when they are deleted
    _disassociate_certs_from_source(certificates, source)
示例#6
0
def sync(labels=None):
    new, updated = 0, 0
    c_certificates = cert_service.get_all_certs()

    for source in database.get_all(Source, True, field='active'):
        # we should be able to specify, individual sources to sync
        if labels:
            if source.label not in labels:
                continue

        current_app.logger.debug("Retrieving certificates from {0}".format(
            source.label))
        s = plugins.get(source.plugin_name)
        certificates = s.get_certificates(source.options)

        for certificate in certificates:
            exists = cert_service.find_duplicates(
                certificate['public_certificate'])

            if not exists:
                sync_create(certificate, source)
                new += 1

            # check to make sure that existing certificates have the current source associated with it
            elif len(exists) == 1:
                sync_update(exists[0], source)
                updated += 1
            else:
                current_app.logger.warning(
                    "Multiple certificates found, attempt to deduplicate the following certificates: {0}"
                    .format(",".join([x.name for x in exists])))

        # we need to try and find the absent of certificates so we can properly disassociate them when they are deleted
        _disassociate_certs_from_source(c_certificates, certificates, source)
示例#7
0
def test_find_duplicates(session):
    from lemur.certificates.service import find_duplicates

    cert = {
        'body': SAN_CERT_STR,
        'chain': INTERMEDIATE_CERT_STR
    }

    dups1 = find_duplicates(cert)

    cert['chain'] = ''

    dups2 = find_duplicates(cert)

    assert len(dups1) > 0
    assert len(dups2) > 0
示例#8
0
def sync_endpoints(source):
    new, updated = 0, 0
    current_app.logger.debug("Retrieving endpoints from {0}".format(
        source.label))
    s = plugins.get(source.plugin_name)

    try:
        endpoints = s.get_endpoints(source.options)
    except NotImplementedError:
        current_app.logger.warning(
            "Unable to sync endpoints for source {0} plugin has not implemented 'get_endpoints'"
            .format(source.label))
        return

    for endpoint in endpoints:
        exists = endpoint_service.get_by_dnsname(endpoint['dnsname'])

        certificate_name = endpoint.pop('certificate_name', None)
        certificate = endpoint.pop('certificate', None)

        if certificate_name:
            cert = cert_service.get_by_name(certificate_name)

        elif certificate:
            cert = cert_service.find_duplicates(certificate)
            if not cert:
                cert = cert_service.import_certificate(**certificate)

        if not cert:
            current_app.logger.error(
                "Unable to find associated certificate, be sure that certificates are sync'ed before endpoints"
            )
            continue

        endpoint['certificate'] = cert

        policy = endpoint.pop('policy')

        policy_ciphers = []
        for nc in policy['ciphers']:
            policy_ciphers.append(
                endpoint_service.get_or_create_cipher(name=nc))

        policy['ciphers'] = policy_ciphers
        endpoint['policy'] = endpoint_service.get_or_create_policy(**policy)
        endpoint['source'] = source

        if not exists:
            endpoint_service.create(**endpoint)
            new += 1

        else:
            endpoint_service.update(exists.id, **endpoint)
            updated += 1

    return new, updated
示例#9
0
def _get_domain_certificate(name):
    """
    Fetch the SSL certificate currently hosted at a given domain (if any) and
    compare it against our all of our know certificates to determine if a new
    SSL certificate has already been deployed

    :param name:
    :return:
    """
    try:
        pub_key = ssl.get_server_certificate((name, 443))
        return cert_service.find_duplicates(pub_key.strip())
    except Exception as e:
        current_app.logger.info(str(e))
        return []
示例#10
0
def _get_domain_certificate(name):
    """
    Fetch the SSL certificate currently hosted at a given domain (if any) and
    compare it against our all of our know certificates to determine if a new
    SSL certificate has already been deployed

    :param name:
    :return:
    """
    try:
        pub_key = ssl.get_server_certificate((name, 443))
        return cert_service.find_duplicates(pub_key.strip())
    except Exception as e:
        current_app.logger.info(str(e))
        return []