common Package¶
health Module¶
- lemur.common.health.health()
- lemur.common.health.healthcheck(db)
managers Module¶
- class lemur.common.managers.InstanceManager(class_list=None, instances=True)
Bases:
object- add(class_path)
- all()
Returns a list of cached instances.
- get_class_list()
- remove(class_path)
- update(class_list)
Updates the class list and wipes the cache.
utils Module¶
- lemur.common.utils.base64decode(base64_input)
- lemur.common.utils.base64encode(string)
- lemur.common.utils.check_cert_signature(cert, issuer_public_key)
Check a certificate’s signature against an issuer public key. Before EC validation, make sure we support the algorithm, otherwise raise UnsupportedAlgorithm On success, returns None; on failure, raises UnsupportedAlgorithm or InvalidSignature.
- lemur.common.utils.check_validation(validation)
Checks that the given validation string compiles successfully.
- Parameters:
validation –
- Return str:
The validation pattern, if compilation succeeds
- lemur.common.utils.column_windows(session, column, windowsize)
Return a series of WHERE clauses against a given column that break it into windows.
Result is an iterable of tuples, consisting of ((start, end), whereclause), where (start, end) are the ids.
Requires a database that supports window functions, i.e. Postgresql, SQL Server, Oracle.
Enhance this yourself ! Add a “where” argument so that windows of just a subset of rows can be computed.
- lemur.common.utils.convert_pkcs7_bytes_to_pem(certs_pkcs7)
Given a list of certificates in pkcs7 encoding (bytes), covert them into a list of PEM encoded files :raises ValueError or ValidationError :param certs_pkcs7: :return: list of certs in PEM format
- lemur.common.utils.data_decrypt(ciphertext)
takes a ciphertext and returns the respective string reusing the Vault DB encryption module :param ciphertext: base64 ciphertext :return: plaintext string
- lemur.common.utils.data_encrypt(data)
takes an input and returns a base64 encoded encryption reusing the Vault DB encryption module :param data: string :return: base64 ciphertext
- lemur.common.utils.drop_last_cert_from_chain(full_chain: str) str
drops the last certificate from a certificate chai, if more than one CA/subCA in the chain :param full_chain: string of a certificate chain :return: string of a new certificate chain, omitting the last certificate
- lemur.common.utils.find_matching_certificates_by_hash(cert, matching_certs)
Given a Cryptography-formatted certificate cert, and Lemur-formatted certificates (matching_certs), determine if any of the certificate hashes match and return the matches.
- lemur.common.utils.generate_private_key(key_type)
Generates a new private key based on key_type.
- Valid key types: RSA2048, RSA4096’, ‘ECCPRIME192V1’, ‘ECCPRIME256V1’, ‘ECCSECP192R1’,
‘ECCSECP224R1’, ‘ECCSECP256R1’, ‘ECCSECP384R1’, ‘ECCSECP521R1’, ‘ECCSECP256K1’, ‘ECCSECT163K1’, ‘ECCSECT233K1’, ‘ECCSECT283K1’, ‘ECCSECT409K1’, ‘ECCSECT571K1’, ‘ECCSECT163R2’, ‘ECCSECT233R1’, ‘ECCSECT283R1’, ‘ECCSECT409R1’, ‘ECCSECT571R2’
- Parameters:
key_type –
- Returns:
- lemur.common.utils.get_authority_key(body)
Returns the authority key for a given certificate in hex format
- lemur.common.utils.get_certificate_via_tls(host, port, timeout=10)
Makes a TLS network connection to retrieve the current certificate for the specified host and port.
Note that if the host is valid but the port is not, we’ll wait for the timeout for the connection to fail, so this should remain low when doing bulk operations.
- Parameters:
host – Host to get certificate for
port – Port to get certificate for
timeout – Timeout in seconds
- lemur.common.utils.get_key_type_from_certificate(body)
Helper function to determine key type by pasrding given PEM certificate
- Parameters:
body – PEM string
- Returns:
Key type string
- lemur.common.utils.get_key_type_from_ec_curve(curve_name)
Give an EC curve name, return the matching key_type.
- Param:
curve_name
- Returns:
key_type
- lemur.common.utils.get_psuedo_random_string()
Create a random and strongish challenge.
- lemur.common.utils.get_random_secret(length)
Similar to get_pseudo_random_string, but accepts a length parameter.
- lemur.common.utils.get_state_token_secret()
- lemur.common.utils.is_json(json_input)
Test if input is json :param json_input: :return: True or False
- lemur.common.utils.is_selfsigned(cert)
Returns True if the certificate is self-signed. Returns False for failed verification or unsupported signing algorithm.
- lemur.common.utils.is_weekend(date)
Determines if a given date is on a weekend.
- Parameters:
date –
- Returns:
- lemur.common.utils.key_to_alg(key)
- lemur.common.utils.parse_cert_chain(pem_chain)
Helper function to split and parse a series of PEM certificates.
- Parameters:
pem_chain – string
- Returns:
List of parsed certificates
- lemur.common.utils.parse_certificate(body)
Helper function that parses a PEM certificate.
- Parameters:
body –
- Returns:
- lemur.common.utils.parse_csr(csr)
Helper function that parses a CSR.
- Parameters:
csr –
- Returns:
- lemur.common.utils.parse_private_key(private_key)
Parses a PEM-format private key (RSA, DSA, ECDSA or any other supported algorithm).
Raises ValueError for an invalid string. Raises AssertionError when passed value is not str-type.
- Parameters:
private_key – String containing PEM private key
- lemur.common.utils.parse_serial(pem_certificate)
Parses a serial number from a PEM-encoded certificate.
- lemur.common.utils.split_pem(data)
Split a string of several PEM payloads to a list of strings.
- Parameters:
data – String
- Returns:
List of strings
- lemur.common.utils.truthiness(s)
If input string resembles something truthy then return True, else False.
- lemur.common.utils.validate_conf(app, required_vars)
Ensures that the given fields are set in the applications conf.
- Parameters:
app –
required_vars – list
- lemur.common.utils.windowed_query(q, column, windowsize)
“Break a Query into windows on a given column.