From 180c8228e120d71948da7ecf0a71db98e5440049 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Wed, 2 Sep 2015 14:37:07 -0700 Subject: [PATCH 1/3] adding verisign source --- docs/administration/index.rst | 30 ++++++++++ lemur/plugins/lemur_verisign/constants.py | 57 ------------------- lemur/plugins/lemur_verisign/plugin.py | 42 +++++++++++--- .../plugins/lemur_verisign/tests/conftest.py | 1 + .../lemur_verisign/tests/test_verisign.py | 5 ++ lemur/tests/conftest.py | 8 ++- setup.py | 1 + 7 files changed, 78 insertions(+), 66 deletions(-) delete mode 100644 lemur/plugins/lemur_verisign/constants.py create mode 100644 lemur/plugins/lemur_verisign/tests/conftest.py create mode 100644 lemur/plugins/lemur_verisign/tests/test_verisign.py diff --git a/docs/administration/index.rst b/docs/administration/index.rst index ca9acfbd..fb527856 100644 --- a/docs/administration/index.rst +++ b/docs/administration/index.rst @@ -215,6 +215,35 @@ Verisign/Symantec and CloudCA This is the path to the mutual SSL certificate used for communicating with Verisign +.. data:: VERISIGN_FIRST_NAME + :noindex: + + This is the first name to be used when requesting the certificate + + +.. data:: VERISIGN_LAST_NAME + :noindex: + + This is the last name to be used when requesting the certificate + +.. data:: VERISIGN_EMAIL + :noindex: + + This is the email to be used when requesting the certificate + + +.. data:: VERISIGN_INTERMEDIATE + :noindex: + + This is the intermediate to be used for your CA chain + + +.. data:: VERISIGN_ROOT + :noindex: + + This is the root to be used for your CA chain + + .. data:: CLOUDCA_URL :noindex: @@ -231,6 +260,7 @@ Verisign/Symantec and CloudCA This is the path to the CLOUDCA certificate bundle + Authentication -------------- Lemur currently supports Basic Authentication and Ping OAuth2 out of the box, additional flows can be added relatively easily diff --git a/lemur/plugins/lemur_verisign/constants.py b/lemur/plugins/lemur_verisign/constants.py deleted file mode 100644 index b7ea6a53..00000000 --- a/lemur/plugins/lemur_verisign/constants.py +++ /dev/null @@ -1,57 +0,0 @@ -VERISIGN_INTERMEDIATE = """-----BEGIN CERTIFICATE----- -MIIFFTCCA/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0BAQsFADCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW -ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5IC0gRzMwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw -CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV -BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs -YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb -A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW -9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu -s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T -L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK -Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBQDCCATwwHQYDVR0O -BBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMBIGA1UdEwEB/wQIMAYBAf8CAQAwawYD -VR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu -c3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0 -aC5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNvbS9w -Y2EzLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNV -BAMTEVN5bWFudGVjUEtJLTEtNTM0MC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcw -AYYSaHR0cDovL3Muc3ltY2QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBbF1K+1lZ7 -9Pc0CUuWysf2IdBpgO/nmhnoJOJ/2S9h3RPrWmXk4WqQy04q6YoW51KN9kMbRwUN -gKOomv4p07wdKNWlStRxPA91xQtzPwBIZXkNq2oeJQzAAt5mrL1LBmuaV4oqgX5n -m7pSYHPEFfe7wVDJCKW6V0o6GxBzHOF7tpQDS65RsIJAOloknO4NWF2uuil6yjOe -soHCL47BJ89A8AShP/U3wsr8rFNtqVNpT+F2ZAwlgak3A/I5czTSwXx4GByoaxbn -5+CdKa/Y5Gk5eZVpuXtcXQGc1PfzSEUTZJXXCm5y2kMiJG8+WnDcwJLgLeVX+OQr -J+71/xuzAYN6 ------END CERTIFICATE----- -""" - -VERISIGN_ROOT = """-----BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b -N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t -KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu -kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm -CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ -Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu -imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te -2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe -DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p -F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt -TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- -""" diff --git a/lemur/plugins/lemur_verisign/plugin.py b/lemur/plugins/lemur_verisign/plugin.py index 930b2574..2eee6e3c 100644 --- a/lemur/plugins/lemur_verisign/plugin.py +++ b/lemur/plugins/lemur_verisign/plugin.py @@ -13,9 +13,8 @@ import xmltodict from flask import current_app -from lemur.plugins.bases import IssuerPlugin +from lemur.plugins.bases import IssuerPlugin, SourcePlugin from lemur.plugins import lemur_verisign as verisign -from lemur.plugins.lemur_verisign import constants from lemur.common.utils import get_psuedo_random_string @@ -132,7 +131,7 @@ class VerisignIssuerPlugin(IssuerPlugin): version = verisign.VERSION author = 'Kevin Glisson' - author_url = 'https://github.com/netflix/lemur' + author_url = 'https://github.com/netflix/lemur.git' def __init__(self, *args, **kwargs): self.session = requests.Session() @@ -147,7 +146,7 @@ class VerisignIssuerPlugin(IssuerPlugin): :param issuer_options: :return: :raise Exception: """ - url = current_app.config.get("VERISIGN_URL") + '/enroll' + url = current_app.config.get('VERISIGN_URL') + 'rest/services/enroll' data = process_options(issuer_options) data['csr'] = csr @@ -156,7 +155,7 @@ class VerisignIssuerPlugin(IssuerPlugin): response = self.session.post(url, data=data) cert = handle_response(response.content)['Response']['Certificate'] - return cert, constants.VERISIGN_INTERMEDIATE, + return cert, current_app.config.get('VERISIGN_INTERMEDIATE'), @staticmethod def create_authority(options): @@ -168,7 +167,7 @@ class VerisignIssuerPlugin(IssuerPlugin): :return: """ role = {'username': '', 'password': '', 'name': 'verisign'} - return constants.VERISIGN_ROOT, "", [role] + return current_app.config.get('VERISIGN_ROOT'), "", [role] def get_available_units(self): """ @@ -177,6 +176,35 @@ class VerisignIssuerPlugin(IssuerPlugin): :return: """ - url = current_app.config.get("VERISIGN_URL") + '/getTokens' + url = current_app.config.get("VERISIGN_URL") + 'rest/services/getTokens' response = self.session.post(url, headers={'content-type': 'application/x-www-form-urlencoded'}) return handle_response(response.content)['Response']['Order'] + + +class VerisignSourcePlugin(SourcePlugin): + title = 'Verisign' + slug = 'verisign-source' + description = 'Allows for the polling of issued certificates from the VICE2.0 verisign API.' + version = verisign.VERSION + + author = 'Kevin Glisson' + author_url = 'https://github.com/netflix/lemur.git' + + def __init__(self, *args, **kwargs): + self.session = requests.Session() + self.session.cert = current_app.config.get('VERISIGN_PEM_PATH') + super(VerisignSourcePlugin, self).__init__(*args, **kwargs) + + def get_certificates(self): + url = current_app.config.get('VERISIGN_URL') + '/reportingws' + end = arrow.now() + start = end.replace(years=-5) + data = { + 'reportType': 'detail', + 'startDate': start.format("MM/DD/YYYY"), + 'endDate': end.format("MM/DD/YYYY"), + 'structuredRecord': 'Y', + 'certStatus': 'Valid', + } + current_app.logger.debug(data) + response = self.session.post(url, data=data) diff --git a/lemur/plugins/lemur_verisign/tests/conftest.py b/lemur/plugins/lemur_verisign/tests/conftest.py new file mode 100644 index 00000000..0e1cd89f --- /dev/null +++ b/lemur/plugins/lemur_verisign/tests/conftest.py @@ -0,0 +1 @@ +from lemur.tests.conftest import * # noqa diff --git a/lemur/plugins/lemur_verisign/tests/test_verisign.py b/lemur/plugins/lemur_verisign/tests/test_verisign.py new file mode 100644 index 00000000..21c52b6b --- /dev/null +++ b/lemur/plugins/lemur_verisign/tests/test_verisign.py @@ -0,0 +1,5 @@ + +def test_get_certificates(app): + from lemur.plugins.base import plugins + p = plugins.get('verisign-source') + p.get_certificates() diff --git a/lemur/tests/conftest.py b/lemur/tests/conftest.py index e722e695..bc3479bb 100644 --- a/lemur/tests/conftest.py +++ b/lemur/tests/conftest.py @@ -8,6 +8,7 @@ from lemur.roles import service as role_service def pytest_addoption(parser): + parser.addoption("--lemurconfig", help="override the default test config") parser.addoption("--runslow", action="store_true", help="run slow tests") @@ -29,12 +30,15 @@ def pytest_runtest_makereport(item, call): @pytest.yield_fixture(scope="session") -def app(): +def app(request): """ Creates a new Flask application for a test duration. Uses application factory `create_app`. """ - _app = create_app(os.path.dirname(os.path.realpath(__file__)) + '/conf.py') + if request.config.getoption('--lemurconfig'): + _app = create_app(request.config.getoption('--lemurconfig')) + else: + _app = create_app(os.path.dirname(os.path.realpath(__file__)) + '/conf.py') ctx = _app.app_context() ctx.push() diff --git a/setup.py b/setup.py index ea7ef326..d41d1ffd 100644 --- a/setup.py +++ b/setup.py @@ -135,6 +135,7 @@ setup( ], 'lemur.plugins': [ 'verisign_issuer = lemur.plugins.lemur_verisign.plugin:VerisignIssuerPlugin', + 'verisign_source = lemur.plugins.lemur_verisign.plugin:VerisignSourcePlugin', 'cloudca_issuer = lemur.plugins.lemur_cloudca.plugin:CloudCAIssuerPlugin', 'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin', 'aws_destination = lemur.plugins.lemur_aws.plugin:AWSDestinationPlugin', From 0dde4c9f804c18373e210e2a21d1ce579e405e58 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Fri, 11 Sep 2015 08:36:55 -0700 Subject: [PATCH 2/3] removing source plugin form being installed atm --- setup.py | 1 - 1 file changed, 1 deletion(-) diff --git a/setup.py b/setup.py index d41d1ffd..ea7ef326 100644 --- a/setup.py +++ b/setup.py @@ -135,7 +135,6 @@ setup( ], 'lemur.plugins': [ 'verisign_issuer = lemur.plugins.lemur_verisign.plugin:VerisignIssuerPlugin', - 'verisign_source = lemur.plugins.lemur_verisign.plugin:VerisignSourcePlugin', 'cloudca_issuer = lemur.plugins.lemur_cloudca.plugin:CloudCAIssuerPlugin', 'cloudca_source = lemur.plugins.lemur_cloudca.plugin:CloudCASourcePlugin', 'aws_destination = lemur.plugins.lemur_aws.plugin:AWSDestinationPlugin', From e80b58899de1c1148f1bb7d6285bb1e27d6ac6cc Mon Sep 17 00:00:00 2001 From: kevgliss Date: Fri, 11 Sep 2015 08:39:27 -0700 Subject: [PATCH 3/3] following RFC --- AUTHORS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index d15393b1..4d2c1186 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,2 +1,2 @@ -- Kevin Glisson (kglisson@netflix.com) +- Kevin Glisson - Jeremy Heffner