certificates Package¶
models
Module¶
-
class
lemur.certificates.models.
Certificate
(**kwargs) Bases:
sqlalchemy.ext.declarative.api.Model
-
property
active
-
authority
-
authority_id
-
bits
-
body
-
chain
-
check_integrity
() Integrity checks: Does the cert have a valid chain and matching private key?
-
cn
-
property
country
-
csr
-
date_created
-
deleted
-
description
-
destinations
-
property
distinguished_name
-
dns_provider
-
dns_provider_id
-
domains
-
endpoints
-
expired
-
property
extensions
-
external_id
-
has_private_key
-
id
-
in_rotation_window
Determines if a certificate is available for rotation based on the rotation policy associated. :return:
-
issuer
-
ix
= Index('ix_certificates_id_desc', <sqlalchemy.sql.elements.UnaryExpression object>, unique=True)
-
key_type
-
property
location
-
logs
-
name
-
not_after
-
not_after_ix
= Index('ix_certificates_not_after', <sqlalchemy.sql.elements.UnaryExpression object>)
-
not_before
-
notification
-
notifications
-
notify
-
property
organization
-
property
organizational_unit
-
owner
-
property
parsed_cert
-
pending_cert
-
private_key
-
property
public_key
-
replaced
-
replaced_by_pending
-
replaces
-
revoked
-
role
-
roles
-
root_authority
-
root_authority_id
-
rotation
-
rotation_policy
-
rotation_policy_id
-
san
-
sensitive_fields
= ('private_key',)
-
serial
-
signing_algorithm
-
sources
-
property
state
-
status
-
property
subject
-
user
-
user_id
-
property
validity_range
-
property
validity_remaining
-
property
-
lemur.certificates.models.
get_or_increase_name
(name, serial)
-
lemur.certificates.models.
get_sequence
(name)
-
lemur.certificates.models.
update_destinations
(target, value, initiator) Attempt to upload certificate to the new destination
- Parameters
target –
value –
initiator –
- Returns
-
lemur.certificates.models.
update_replacement
(target, value, initiator) When a certificate is marked as ‘replaced’ we should not notify.
- Parameters
target –
value –
initiator –
- Returns
service
Module¶
-
lemur.certificates.service.
calculate_reissue_range
(start, end) Determine what the new validity_start and validity_end dates should be. :param start: :param end: :return:
-
lemur.certificates.service.
cleanup_owner_roles_notification
(owner_name, kwargs)
-
lemur.certificates.service.
create
(**kwargs) Creates a new certificate.
-
lemur.certificates.service.
create_certificate_roles
(**kwargs)
-
lemur.certificates.service.
create_csr
(**csr_config) Given a list of domains create the appropriate csr for those domains
- Parameters
csr_config –
-
lemur.certificates.service.
delete
(cert_id) Delete’s a certificate.
- Parameters
cert_id –
-
lemur.certificates.service.
export
(cert, export_plugin) Exports a certificate to the requested format. This format may be a binary format.
- Parameters
export_plugin –
cert –
- Returns
-
lemur.certificates.service.
find_duplicates
(cert) Finds certificates that already exist within Lemur. We do this by looking for certificate bodies that are the same. This is the most reliable way to determine if a certificate is already being tracked by Lemur.
- Parameters
cert –
- Returns
-
lemur.certificates.service.
get
(cert_id) Retrieves certificate by its ID.
- Parameters
cert_id –
- Returns
-
lemur.certificates.service.
get_account_number
(arn) Extract the account number from an arn.
- Parameters
arn – IAM SSL arn
- Returns
account number associated with ARN
-
lemur.certificates.service.
get_all_certs
() Retrieves all certificates within Lemur.
- Returns
-
lemur.certificates.service.
get_all_certs_attached_to_endpoint_without_autorotate
() Retrieves all certificates that are attached to an endpoint, but that do not have autorotate enabled.
- Returns
list of certificates attached to an endpoint without autorotate
-
lemur.certificates.service.
get_all_pending_cleaning_expired
(source) Retrieves all certificates that are available for cleaning. These are certificates which are expired and are not attached to any endpoints.
- Parameters
source – the source to search for certificates
- Returns
list of pending certificates
-
lemur.certificates.service.
get_all_pending_cleaning_expiring_in_days
(source, days_to_expire) Retrieves all certificates that are available for cleaning, not attached to endpoint, and within X days from expiration.
- Parameters
days_to_expire – defines how many days till the certificate is expired
source – the source to search for certificates
- Returns
list of pending certificates
-
lemur.certificates.service.
get_all_pending_cleaning_issued_since_days
(source, days_since_issuance) Retrieves all certificates that are available for cleaning: not attached to endpoint, and X days since issuance.
- Parameters
days_since_issuance – defines how many days since the certificate is issued
source – the source to search for certificates
- Returns
list of pending certificates
-
lemur.certificates.service.
get_all_pending_reissue
() Retrieves all certificates that need to be rotated.
Must be X days from expiration, uses the certificates rotation policy to determine how many days from expiration the certificate must be for rotation to be pending.
- Returns
-
lemur.certificates.service.
get_all_valid_certs
(authority_plugin_name) Retrieves all valid (not expired & not revoked) certificates within Lemur, for the given authority plugin names ignored if no authority_plugin_name provided.
Note that depending on the DB size retrieving all certificates might an expensive operation
- Returns
-
lemur.certificates.service.
get_by_attributes
(conditions) Retrieves certificate(s) by conditions given in a hash of given key=>value pairs. :param serial: :return:
-
lemur.certificates.service.
get_by_name
(name) Retrieves certificate by its Name.
- Parameters
name –
- Returns
-
lemur.certificates.service.
get_by_serial
(serial) Retrieves certificate(s) by serial number. :param serial: :return:
-
lemur.certificates.service.
get_certificate_primitives
(certificate) Retrieve key primitive from a certificate such that the certificate could be recreated with new expiration or be used to build upon. :param certificate: :return: dict of certificate primitives, should be enough to effectively re-issue certificate via create.
-
lemur.certificates.service.
get_name_from_arn
(arn) Extract the certificate name from an arn.
- Parameters
arn – IAM SSL arn
- Returns
name of the certificate as uploaded to AWS
-
lemur.certificates.service.
import_certificate
(**kwargs) Uploads already minted certificates and pulls the required information into Lemur.
This is to be used for certificates that are created outside of Lemur but should still be tracked.
Internally this is used to bootstrap Lemur with external certificates, and used when certificates are ‘discovered’ through various discovery techniques. was still in aws.
- Parameters
kwargs –
-
lemur.certificates.service.
like_domain_query
(term)
-
lemur.certificates.service.
mint
(**kwargs) Minting is slightly different for each authority. Support for multiple authorities is handled by individual plugins.
-
lemur.certificates.service.
query_common_name
(common_name, args) Helper function that queries for not expired certificates by common name (and owner)
- Parameters
common_name –
args –
- Returns
-
lemur.certificates.service.
query_name
(certificate_name, args) Helper function that queries for a certificate by name
- Parameters
args –
- Returns
-
lemur.certificates.service.
reissue_certificate
(certificate, replace=None, user=None) Reissue certificate with the same properties of the given certificate. :param certificate: :param replace: :param user: :return:
-
lemur.certificates.service.
render
(args) Helper function that allows use to render our REST Api.
- Parameters
args –
- Returns
-
lemur.certificates.service.
stats
(**kwargs) Helper that defines some useful statistics about certifications.
- Parameters
kwargs –
- Returns
-
lemur.certificates.service.
update
(cert_id, **kwargs) Updates a certificate :param cert_id: :return:
-
lemur.certificates.service.
update_notify
(cert, notify_flag) Toggle notification value which is a boolean :param notify_flag: new notify value :param cert: Certificate object to be updated :return:
-
lemur.certificates.service.
upload
(**kwargs) Allows for pre-made certificates to be imported into Lemur.
verify
Module¶
-
lemur.certificates.verify.
crl_verify
(cert, cert_path) Attempts to verify a certificate using CRL.
- Parameters
cert –
cert_path –
- Returns
True if certificate is valid, False otherwise
- Raises
Exception – If certificate does not have CRL
-
lemur.certificates.verify.
ocsp_verify
(cert, cert_path, issuer_chain_path) Attempts to verify a certificate via OCSP. OCSP is a more modern version of CRL in that it will query the OCSP URI in order to determine if the certificate has been revoked
- Parameters
cert –
cert_path –
issuer_chain_path –
- Return bool
True if certificate is valid, False otherwise
-
lemur.certificates.verify.
verify
(cert_path, issuer_chain_path) Verify a certificate using OCSP and CRL
- Parameters
cert_path –
issuer_chain_path –
- Returns
True if valid, False otherwise
-
lemur.certificates.verify.
verify_string
(cert_string, issuer_string) Verify a certificate given only it’s string value
- Parameters
cert_string –
issuer_string –
- Returns
True if valid, False otherwise
views
Module¶
-
class
lemur.certificates.views.
CertificateExport
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'exportCertificate'
-
mediatypes
()
-
methods
= {'POST'}
-
post
(certificate_id, data=None) -
POST
/certificates/1/export
¶ Export a certificate
Example request:
PUT /certificates/1/export HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "export": { "plugin": { "pluginOptions": [{ "available": ["Java Key Store (JKS)"], "required": true, "type": "select", "name": "type", "helpMessage": "Choose the format you wish to export", "value": "Java Key Store (JKS)" }, { "required": false, "type": "str", "name": "passphrase", "validation": "^(?=.*[A-Za-z])(?=.*\d)(?=.*[$@$!%*#?&])[A-Za-z\d$@$!%*#?&]{8,}$", "helpMessage": "If no passphrase is given one will be generated for you, we highly recommend this. Minimum length is 8." }, { "required": false, "type": "str", "name": "alias", "helpMessage": "Enter the alias you wish to use for the keystore." }], "version": "unknown", "description": "Attempts to generate a JKS keystore or truststore", "title": "Java", "author": "Kevin Glisson", "type": "export", "slug": "java-export" } } }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "data": "base64encodedstring", "passphrase": "UAWOHW#&@_%!tnwmxh832025", "extension": "jks" }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
-
class
lemur.certificates.views.
CertificatePrivateKey
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'privateKeyCertificates'
-
get
(certificate_id) -
GET
/certificates/1/key
¶ Retrieves the private key for a given certificate
Example request:
GET /certificates/1/key HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "key": "-----BEGIN ..." }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.certificates.views.
CertificateRevoke
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'revokeCertificate'
-
mediatypes
()
-
methods
= {'PUT'}
-
put
(certificate_id, data=None) -
PUT
/certificates/1/revoke
¶ Revoke a certificate
Example request:
POST /certificates/1/revoke HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { 'id': 1 }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
-
class
lemur.certificates.views.
Certificates
Bases:
lemur.auth.service.AuthenticatedResource
-
delete
(certificate_id, data=None) -
DELETE
/certificates/1
¶ Delete a certificate
Example request:
DELETE /certificates/1 HTTP/1.1 Host: example.com
Example response:
HTTP/1.1 204 OK
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
204 No Content – no error
403 Forbidden – unauthenticated
404 Not Found – certificate not found
405 Method Not Allowed – certificate deletion is disabled
-
-
endpoint
= 'certificateUpdateNotify'
-
get
(certificate_id) -
GET
/certificates/1
¶ One certificate
Example request:
GET /certificates/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "rotation": true, "rotationPolicy": {"name": "default"}, "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'DELETE', 'GET', 'POST', 'PUT'}
-
post
(certificate_id, data=None) -
POST
/certificates/1/update/notify
¶ Update certificate notification
Example request:
POST /certificates/1/update/notify HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "notify": false }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notify": false, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "rotation": true, "rotationPolicy": {"name": "default"}, "san": null }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
put
(certificate_id, data=None) -
PUT
/certificates/1
¶ Update a certificate
Example request:
PUT /certificates/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "jimbob@example.com", "active": false "notifications": [], "destinations": [], "replacements": [] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "rotation": true, "rotationPolicy": {"name": "default"}, "san": null }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
-
class
lemur.certificates.views.
CertificatesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates’ endpoint
-
endpoint
= 'certificates'
-
get
() -
GET
/certificates
¶ The current list of certificates
Example request:
GET /certificates HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int. default is 1
filter – key value pair format is k;v
count – count number. default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET', 'POST'}
-
post
(data=None) -
POST
/certificates
¶ Creates a new certificate
Example request:
POST /certificates HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "secure@example.net", "commonName": "test.example.net", "country": "US", "extensions": { "subAltNames": { "names": [ { "nameType": "DNSName", "value": "*.test.example.net" }, { "nameType": "DNSName", "value": "www.test.example.net" } ] } }, "replacements": [{ "id": 1 }], "notify": true, "validityEnd": "2026-01-01T08:00:00.000Z", "authority": { "name": "verisign" }, "organization": "Netflix, Inc.", "location": "Los Gatos", "state": "California", "validityStart": "2016-11-11T04:19:48.000Z", "organizationalUnit": "Operations" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [{ "id": 1 }], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
-
class
lemur.certificates.views.
CertificatesListValid
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates/valid’ endpoint
-
endpoint
= 'certificatesListValid'
-
get
() -
GET
/certificates/valid/<query>
¶ The current list of not-expired certificates for a given common name, and owner
Example request:
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.certificates.views.
CertificatesNameQuery
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates/name’ endpoint
-
endpoint
= 'certificatesNameQuery'
-
get
(certificate_name) -
GET
/certificates/name/<query>
¶ The current list of certificates
Example request:
GET /certificates/name/WILDCARD.test.example.net-SymantecCorporation-20160603-20180112 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int. default is 1
filter – key value pair format is k;v
count – count number. default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.certificates.views.
CertificatesReplacementsList
Bases:
lemur.auth.service.AuthenticatedResource
-
endpoint
= 'replacements'
-
get
(certificate_id) -
GET
/certificates/1/replacements
¶ One certificate
Example request:
GET /certificates/1/replacements HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }] "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.certificates.views.
CertificatesStats
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates’ stats endpoint
-
endpoint
= 'certificateStats'
-
get
()
-
mediatypes
()
-
methods
= {'GET'}
-
-
class
lemur.certificates.views.
CertificatesUpload
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates’ upload endpoint
-
endpoint
= 'certificateUpload'
-
mediatypes
()
-
methods
= {'POST'}
-
post
(data=None) -
POST
/certificates/upload
¶ Upload a certificate
Example request:
POST /certificates/upload HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "owner": "joe@example.com", "body": "-----BEGIN CERTIFICATE-----...", "chain": "-----BEGIN CERTIFICATE-----...", "privateKey": "-----BEGIN RSA PRIVATE KEY-----..." "csr": "-----BEGIN CERTIFICATE REQUEST-----..." "destinations": [], "notifications": [], "replacements": [], "roles": [], "notify": true, "name": "cert1" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "status": null, "cn": "*.test.example.net", "chain": "", "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
403 Forbidden – unauthenticated
200 OK – no error
-
-
-
class
lemur.certificates.views.
NotificationCertificatesList
Bases:
lemur.auth.service.AuthenticatedResource
Defines the ‘certificates’ endpoint
-
endpoint
= 'notificationCertificates'
-
get
(notification_id) -
GET
/notifications/1/certificates
¶ The current list of certificates for a given notification
Example request:
GET /notifications/1/certificates HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [{ "status": null, "cn": "*.test.example.net", "chain": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----" "authority": { "active": true, "owner": "secure@example.com", "id": 1, "description": "verisign test authority", "name": "verisign" }, "owner": "joe@example.com", "serial": "82311058732025924142789179368889309156", "id": 2288, "issuer": "SymantecCorporation", "dateCreated": "2016-06-03T06:09:42.133769+00:00", "notBefore": "2016-06-03T00:00:00+00:00", "notAfter": "2018-01-12T23:59:59+00:00", "destinations": [], "bits": 2048, "body": "-----BEGIN CERTIFICATE-----...", "description": null, "deleted": null, "notifications": [{ "id": 1 }], "signingAlgorithm": "sha256", "user": { "username": "jane", "active": true, "email": "jane@example.com", "id": 2 }, "active": true, "domains": [{ "sensitive": false, "id": 1090, "name": "*.test.example.net" }], "replaces": [], "replaced": [], "rotation": true, "rotationPolicy": {"name": "default"}, "name": "WILDCARD.test.example.net-SymantecCorporation-20160603-20180112", "roles": [{ "id": 464, "description": "This is a google group based role created by Lemur", "name": "joe@example.com" }], "san": null }], "total": 1 }
- Query Parameters
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers
Authorization – OAuth token to authenticate
- Status Codes
200 OK – no error
403 Forbidden – unauthenticated
-
-
mediatypes
()
-
methods
= {'GET'}
-