Implement a CFSSL issuer plugin (#452)

* Implement CFSSL issuer plugin Implement a Lemur plugin for generating certificates from the open source certificate authority CFSSL (https://github.com/cloudflare/cfssl). The plugin interacts with CFSSL through the CFSSL REST API. The CFSSL configuration is defined in the lemur.conf.py property file using property names prefixed with "CFSSL_". * Update documentation to include CFSSL plugin
2016-10-22 02:52:18 -05:00
parent a8f44944b1
commit cd9c112218
8 changed files with 129 additions and 1 deletions
--- a/lemur/plugins/lemur_cfssl/init.py
+++ b/lemur/plugins/lemur_cfssl/init.py
@ -0,0 +1,5 @@
+try:
+    VERSION = __import__('pkg_resources') \
+        .get_distribution(__name__).version
+except Exception as e:
+    VERSION = 'unknown'
--- a/lemur/plugins/lemur_cfssl/plugin.py
+++ b/lemur/plugins/lemur_cfssl/plugin.py
@ -0,0 +1,64 @@
+"""
+.. module: lemur.plugins.lemur_cfssl.plugin
+    :platform: Unix
+    :synopsis: This module is responsible for communicating with the CFSSL private CA.
+    :copyright: (c) 2016 by Thomson Reuters
+    :license: Apache, see LICENSE for more details.
+
+.. moduleauthor:: Charles Hendrie <chad.hendrie@tr.com>
+"""
+
+import json
+import requests
+
+from flask import current_app
+
+from lemur.plugins.bases import IssuerPlugin
+from lemur.plugins import lemur_cfssl as cfssl
+
+
+class CfsslIssuerPlugin(IssuerPlugin):
+    title = 'CFSSL'
+    slug = 'cfssl-issuer'
+    description = 'Enables the creation of certificates by CFSSL private CA'
+    version = cfssl.VERSION
+
+    author = 'Charles Hendrie'
+    author_url = 'https://github.com/netflix/lemur.git'
+
+    def __init__(self, *args, **kwargs):
+        self.session = requests.Session()
+        super(CfsslIssuerPlugin, self).__init__(*args, **kwargs)
+
+    def create_certificate(self, csr, issuer_options):
+        """
+        Creates a CFSSL certificate.
+
+        :param csr:
+        :param issuer_options:
+        :return:
+        """
+        current_app.logger.info("Requesting a new cfssl certificate with csr: {0}".format(csr))
+
+        url = "{0}{1}".format(current_app.config.get('CFSSL_URL'), '/api/v1/cfssl/sign')
+
+        data = {'certificate_request': csr.decode('utf_8')}
+        data = json.dumps(data)
+
+        response = self.session.post(url, data=data.encode(encoding='utf_8', errors='strict'))
+        response_json = json.loads(response.content.decode('utf_8'))
+        cert = response_json['result']['certificate']
+
+        return cert, current_app.config.get('CFSSL_INTERMEDIATE'),
+
+    @staticmethod
+    def create_authority(options):
+        """
+        Creates an authority, this authority is then used by Lemur to allow a user
+        to specify which Certificate Authority they want to sign their certificate.
+
+        :param options:
+        :return:
+        """
+        role = {'username': '', 'password': '', 'name': 'cfssl'}
+        return current_app.config.get('CFSSL_ROOT'), "", [role]
--- a/lemur/plugins/lemur_cfssl/tests/conftest.py
+++ b/lemur/plugins/lemur_cfssl/tests/conftest.py
@ -0,0 +1 @@
+from lemur.tests.conftest import *  # noqa
--- a/lemur/plugins/lemur_cfssl/tests/test_cfssl.py
+++ b/lemur/plugins/lemur_cfssl/tests/test_cfssl.py
@ -0,0 +1,6 @@
+
+def test_get_certificates(app):
+    from lemur.plugins.base import plugins
+
+    p = plugins.get('cfssl-issuer')
+    assert p