authorities Package

models Module

class lemur.authorities.models.Authority(name, owner, plugin_name, body, roles=None, chain=None, description=None)

Bases: flask_sqlalchemy.Model

active

as_dict()

bits

body

certificates

chain

cn

date_created

description

id

name

not_after

not_before

options

owner

plugin_name

roles

serialize()

user_id

service Module

lemur.authorities.service.create(kwargs)

Create a new authority.

Returns:

lemur.authorities.service.get(authority_id)

Retrieves an authority given it’s ID

Parameters:authority_id – Returns:

lemur.authorities.service.get_all()

Get all authorities that are currently in Lemur.

:rtype : List :return:

lemur.authorities.service.get_authority_role(ca_name)

Attempts to get the authority role for a given ca uses current_user as a basis for accomplishing that.

Parameters:ca_name –

lemur.authorities.service.get_by_name(authority_name)

Retrieves an authority given it’s name.

Parameters:authority_name – Returns:

lemur.authorities.service.render(args)

Helper that helps us render the REST Api responses. :param args: :return:

lemur.authorities.service.update(authority_id, description=None, owner=None, active=None, roles=None)

Update a an authority with new values.

Parameters:

• authority_id –
• roles – roles that are allowed to use this authority

Returns:

views Module

class lemur.authorities.views.Authorities

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'authority'

get(*args, **kwargs)

GET /authorities/1

One authority

Example request:

GET /authorities/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "name": "authority1",
  "description": "this is authority1",
  "pluginName": null,
  "chain": "-----Begin ...",
  "body": "-----Begin ...",
  "active": true,
  "notBefore": "2015-06-05T17:09:39",
  "notAfter": "2015-06-10T17:09:39"
  "options": null
}

Request Headers:  

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error
• 403 Forbidden – unauthenticated

mediatypes(resource_cls)

methods = ['GET', 'PUT']

put(*args, **kwargs)

PUT /authorities/1

Update a authority

Example request:

PUT /authorities/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

{
   "roles": [],
   "active": false,
   "owner": "bob@example.com",
   "description": "this is authority1"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "name": "authority1",
  "description": "this is authority1",
  "pluginName": null,
  "chain": "-----begin ...",
  "body": "-----begin ...",
  "active": false,
  "notBefore": "2015-06-05t17:09:39",
  "notAfter": "2015-06-10t17:09:39"
  "options": null
}

Request Headers:  

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error
• 403 Forbidden – unauthenticated

class lemur.authorities.views.AuthoritiesList

Bases: lemur.auth.service.AuthenticatedResource

Defines the ‘authorities’ endpoint

endpoint = 'authorities'

get(*args, **kwargs)

GET /authorities

The current list of authorities

Example request:

GET /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "authority1",
        "description": "this is authority1",
        "pluginName": null,
        "chain": "-----Begin ...",
        "body": "-----Begin ...",
        "active": true,
        "notBefore": "2015-06-05T17:09:39",
        "notAfter": "2015-06-10T17:09:39"
        "options": null
      }
    ]
  "total": 1
}

Query Parameters:  

• sortBy – field to sort on
• sortDir – acs or desc
• page – int default is 1
• filter – key value pair. format is k;v
• limit – limit number default is 10

Request Headers:  

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error
• 403 Forbidden – unauthenticated

Note:

this will only show certificates that the current user is authorized to use

mediatypes(resource_cls)

methods = ['GET', 'POST']

post(*args, **kwargs)

POST /authorities

Create an authority

Example request:

POST /authorities HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

{
  "caDN": {
    "country": "US",
    "state": "CA",
    "location": "A Location",
    "organization": "ExampleInc",
    "organizationalUnit": "Operations",
    "commonName": "a common name"
  },
  "caType": "root",
  "caSigningAlgo": "sha256WithRSA",
  "caSensitivity": "medium",
  "keyType": "RSA2048",
  "pluginName": "cloudca",
  "validityStart": "2015-06-11T07:00:00.000Z",
  "validityEnd": "2015-06-13T07:00:00.000Z",
  "caName": "DoctestCA",
  "ownerEmail": "jimbob@example.com",
  "caDescription": "Example CA",
  "extensions": {
    "subAltNames": {
      "names": []
    }
  },
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "name": "authority1",
  "description": "this is authority1",
  "pluginName": null,
  "chain": "-----Begin ...",
  "body": "-----Begin ...",
  "active": true,
  "notBefore": "2015-06-05T17:09:39",
  "notAfter": "2015-06-10T17:09:39"
  "options": null
}

Parameters:

• caName – authority’s name
• caDescription – a sensible description about what the CA with be used for
• ownerEmail – the team or person who ‘owns’ this authority
• validityStart – when this authority should start issuing certificates
• validityEnd – when this authority should stop issuing certificates
• extensions – certificate extensions
• pluginName – name of the plugin to create the authority
• caType – the type of authority (root/subca)
• caParent – the parent authority if this is to be a subca
• caSigningAlgo – algorithm used to sign the authority
• keyType – key type
• caSensitivity – the sensitivity of the root key, for CloudCA this determines if the root keys are stored

in an HSM :arg caKeyName: name of the key to store in the HSM (CloudCA) :arg caSerialNumber: serial number of the authority :arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error

class lemur.authorities.views.CertificateAuthority

Bases: lemur.auth.service.AuthenticatedResource

endpoint = 'certificateAuthority'

get(*args, **kwargs)

GET /certificates/1/authority

One authority for given certificate

Example request:

GET /certificates/1/authority HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "id": 1,
  "name": "authority1",
  "description": "this is authority1",
  "pluginName": null,
  "chain": "-----Begin ...",
  "body": "-----Begin ...",
  "active": true,
  "notBefore": "2015-06-05T17:09:39",
  "notAfter": "2015-06-10T17:09:39"
  "options": null
}

Request Headers:  

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error
• 403 Forbidden – unauthenticated

mediatypes(resource_cls)

methods = ['GET']