common Package

health Module

lemur.common.health.health()
lemur.common.health.healthcheck(db)

managers Module

class lemur.common.managers.InstanceManager(class_list=None, instances=True)

Bases: object

add(class_path)
all()

Returns a list of cached instances.

get_class_list()
remove(class_path)
update(class_list)

Updates the class list and wipes the cache.

utils Module

lemur.common.utils.base64decode(base64_input)
lemur.common.utils.base64encode(string)
lemur.common.utils.check_cert_signature(cert, issuer_public_key)

Check a certificate’s signature against an issuer public key. Before EC validation, make sure we support the algorithm, otherwise raise UnsupportedAlgorithm On success, returns None; on failure, raises UnsupportedAlgorithm or InvalidSignature.

lemur.common.utils.check_validation(validation)

Checks that the given validation string compiles successfully.

Parameters

validation

Return str

The validation pattern, if compilation succeeds

lemur.common.utils.column_windows(session, column, windowsize)

Return a series of WHERE clauses against a given column that break it into windows.

Result is an iterable of tuples, consisting of ((start, end), whereclause), where (start, end) are the ids.

Requires a database that supports window functions, i.e. Postgresql, SQL Server, Oracle.

Enhance this yourself ! Add a “where” argument so that windows of just a subset of rows can be computed.

lemur.common.utils.convert_pkcs7_bytes_to_pem(certs_pkcs7)

Given a list of certificates in pkcs7 encoding (bytes), covert them into a list of PEM encoded files :raises ValueError or ValidationError :param certs_pkcs7: :return: list of certs in PEM format

lemur.common.utils.data_decrypt(ciphertext)

takes a ciphertext and returns the respective string reusing the Vault DB encryption module :param ciphertext: base64 ciphertext :return: plaintext string

lemur.common.utils.data_encrypt(data)

takes an input and returns a base64 encoded encryption reusing the Vault DB encryption module :param data: string :return: base64 ciphertext

lemur.common.utils.find_matching_certificates_by_hash(cert, matching_certs)

Given a Cryptography-formatted certificate cert, and Lemur-formatted certificates (matching_certs), determine if any of the certificate hashes match and return the matches.

lemur.common.utils.generate_private_key(key_type)

Generates a new private key based on key_type.

Valid key types: RSA2048, RSA4096’, ‘ECCPRIME192V1’, ‘ECCPRIME256V1’, ‘ECCSECP192R1’,

‘ECCSECP224R1’, ‘ECCSECP256R1’, ‘ECCSECP384R1’, ‘ECCSECP521R1’, ‘ECCSECP256K1’, ‘ECCSECT163K1’, ‘ECCSECT233K1’, ‘ECCSECT283K1’, ‘ECCSECT409K1’, ‘ECCSECT571K1’, ‘ECCSECT163R2’, ‘ECCSECT233R1’, ‘ECCSECT283R1’, ‘ECCSECT409R1’, ‘ECCSECT571R2’

Parameters

key_type

Returns

lemur.common.utils.get_authority_key(body)

Returns the authority key for a given certificate in hex format

lemur.common.utils.get_certificate_via_tls(host, port, timeout=10)

Makes a TLS network connection to retrieve the current certificate for the specified host and port.

Note that if the host is valid but the port is not, we’ll wait for the timeout for the connection to fail, so this should remain low when doing bulk operations.

Parameters
  • host – Host to get certificate for

  • port – Port to get certificate for

  • timeout – Timeout in seconds

lemur.common.utils.get_key_type_from_certificate(body)

Helper function to determine key type by pasrding given PEM certificate

Parameters

body – PEM string

Returns

Key type string

lemur.common.utils.get_key_type_from_ec_curve(curve_name)

Give an EC curve name, return the matching key_type.

Param

curve_name

Returns

key_type

lemur.common.utils.get_psuedo_random_string()

Create a random and strongish challenge.

lemur.common.utils.get_random_secret(length)

Similar to get_pseudo_random_string, but accepts a length parameter.

lemur.common.utils.get_state_token_secret()
lemur.common.utils.is_json(json_input)

Test if input is json :param json_input: :return: True or False

lemur.common.utils.is_selfsigned(cert)

Returns True if the certificate is self-signed. Returns False for failed verification or unsupported signing algorithm.

lemur.common.utils.is_weekend(date)

Determines if a given date is on a weekend.

Parameters

date

Returns

lemur.common.utils.parse_cert_chain(pem_chain)

Helper function to split and parse a series of PEM certificates.

Parameters

pem_chain – string

Returns

List of parsed certificates

lemur.common.utils.parse_certificate(body)

Helper function that parses a PEM certificate.

Parameters

body

Returns

lemur.common.utils.parse_csr(csr)

Helper function that parses a CSR.

Parameters

csr

Returns

lemur.common.utils.parse_private_key(private_key)

Parses a PEM-format private key (RSA, DSA, ECDSA or any other supported algorithm).

Raises ValueError for an invalid string. Raises AssertionError when passed value is not str-type.

Parameters

private_key – String containing PEM private key

lemur.common.utils.parse_serial(pem_certificate)

Parses a serial number from a PEM-encoded certificate.

lemur.common.utils.split_pem(data)

Split a string of several PEM payloads to a list of strings.

Parameters

data – String

Returns

List of strings

lemur.common.utils.truthiness(s)

If input string resembles something truthy then return True, else False.

lemur.common.utils.validate_conf(app, required_vars)

Ensures that the given fields are set in the applications conf.

Parameters
  • app

  • required_vars – list

lemur.common.utils.windowed_query(q, column, windowsize)

“Break a Query into windows on a given column.