common Package¶
managers
Module¶
-
class
lemur.common.managers.
InstanceManager
(class_list=None, instances=True) Bases:
object
-
add
(class_path)
-
all
() Returns a list of cached instances.
-
get_class_list
()
-
remove
(class_path)
-
update
(class_list) Updates the class list and wipes the cache.
-
utils
Module¶
-
lemur.common.utils.
base64decode
(base64_input)
-
lemur.common.utils.
base64encode
(string)
-
lemur.common.utils.
check_cert_signature
(cert, issuer_public_key) Check a certificate’s signature against an issuer public key. Before EC validation, make sure we support the algorithm, otherwise raise UnsupportedAlgorithm On success, returns None; on failure, raises UnsupportedAlgorithm or InvalidSignature.
-
lemur.common.utils.
check_validation
(validation) Checks that the given validation string compiles successfully.
- Parameters
validation –
- Return str
The validation pattern, if compilation succeeds
-
lemur.common.utils.
column_windows
(session, column, windowsize) Return a series of WHERE clauses against a given column that break it into windows.
Result is an iterable of tuples, consisting of ((start, end), whereclause), where (start, end) are the ids.
Requires a database that supports window functions, i.e. Postgresql, SQL Server, Oracle.
Enhance this yourself ! Add a “where” argument so that windows of just a subset of rows can be computed.
-
lemur.common.utils.
convert_pkcs7_bytes_to_pem
(certs_pkcs7) Given a list of certificates in pkcs7 encoding (bytes), covert them into a list of PEM encoded files :raises ValueError or ValidationError :param certs_pkcs7: :return: list of certs in PEM format
-
lemur.common.utils.
data_decrypt
(ciphertext) takes a ciphertext and returns the respective string reusing the Vault DB encryption module :param ciphertext: base64 ciphertext :return: plaintext string
-
lemur.common.utils.
data_encrypt
(data) takes an input and returns a base64 encoded encryption reusing the Vault DB encryption module :param data: string :return: base64 ciphertext
-
lemur.common.utils.
find_matching_certificates_by_hash
(cert, matching_certs) Given a Cryptography-formatted certificate cert, and Lemur-formatted certificates (matching_certs), determine if any of the certificate hashes match and return the matches.
-
lemur.common.utils.
generate_private_key
(key_type) Generates a new private key based on key_type.
- Valid key types: RSA2048, RSA4096’, ‘ECCPRIME192V1’, ‘ECCPRIME256V1’, ‘ECCSECP192R1’,
‘ECCSECP224R1’, ‘ECCSECP256R1’, ‘ECCSECP384R1’, ‘ECCSECP521R1’, ‘ECCSECP256K1’, ‘ECCSECT163K1’, ‘ECCSECT233K1’, ‘ECCSECT283K1’, ‘ECCSECT409K1’, ‘ECCSECT571K1’, ‘ECCSECT163R2’, ‘ECCSECT233R1’, ‘ECCSECT283R1’, ‘ECCSECT409R1’, ‘ECCSECT571R2’
- Parameters
key_type –
- Returns
-
lemur.common.utils.
get_authority_key
(body) Returns the authority key for a given certificate in hex format
-
lemur.common.utils.
get_certificate_via_tls
(host, port, timeout=10) Makes a TLS network connection to retrieve the current certificate for the specified host and port.
Note that if the host is valid but the port is not, we’ll wait for the timeout for the connection to fail, so this should remain low when doing bulk operations.
- Parameters
host – Host to get certificate for
port – Port to get certificate for
timeout – Timeout in seconds
-
lemur.common.utils.
get_key_type_from_certificate
(body) Helper function to determine key type by pasrding given PEM certificate
- Parameters
body – PEM string
- Returns
Key type string
-
lemur.common.utils.
get_key_type_from_ec_curve
(curve_name) Give an EC curve name, return the matching key_type.
- Param
curve_name
- Returns
key_type
-
lemur.common.utils.
get_psuedo_random_string
() Create a random and strongish challenge.
-
lemur.common.utils.
get_random_secret
(length) Similar to get_pseudo_random_string, but accepts a length parameter.
-
lemur.common.utils.
get_state_token_secret
()
-
lemur.common.utils.
is_json
(json_input) Test if input is json :param json_input: :return: True or False
-
lemur.common.utils.
is_selfsigned
(cert) Returns True if the certificate is self-signed. Returns False for failed verification or unsupported signing algorithm.
-
lemur.common.utils.
is_weekend
(date) Determines if a given date is on a weekend.
- Parameters
date –
- Returns
-
lemur.common.utils.
parse_cert_chain
(pem_chain) Helper function to split and parse a series of PEM certificates.
- Parameters
pem_chain – string
- Returns
List of parsed certificates
-
lemur.common.utils.
parse_certificate
(body) Helper function that parses a PEM certificate.
- Parameters
body –
- Returns
-
lemur.common.utils.
parse_csr
(csr) Helper function that parses a CSR.
- Parameters
csr –
- Returns
-
lemur.common.utils.
parse_private_key
(private_key) Parses a PEM-format private key (RSA, DSA, ECDSA or any other supported algorithm).
Raises ValueError for an invalid string. Raises AssertionError when passed value is not str-type.
- Parameters
private_key – String containing PEM private key
-
lemur.common.utils.
parse_serial
(pem_certificate) Parses a serial number from a PEM-encoded certificate.
-
lemur.common.utils.
split_pem
(data) Split a string of several PEM payloads to a list of strings.
- Parameters
data – String
- Returns
List of strings
-
lemur.common.utils.
truthiness
(s) If input string resembles something truthy then return True, else False.
-
lemur.common.utils.
validate_conf
(app, required_vars) Ensures that the given fields are set in the applications conf.
- Parameters
app –
required_vars – list
-
lemur.common.utils.
windowed_query
(q, column, windowsize) “Break a Query into windows on a given column.