%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/runners/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/runners/digicertapi.pyo

�
���^c@@scdZddlmZmZmZddlZddlZddlZddlZddl	Z	ddl
Z
ddljZddl
ZddlZddlZddlZddlmZddlmZddlmZmZyddlmZeZWnOek
rJeZyddlmZWqKek
rFddl mZqKXnXdZ!ej"e#�Z$d	�Z%d
�Z&d�Z'd�Z(dd
�Z*dd�Z+dd�Z,dddddd�Z-ded�Z.ddddddddeddd�Z/dddd�Z0d�Z1ddddd�Z2d�Z3d�Z4d�Z5d�Z6d�Z7d�Z8dS(u<
Support for Digicert.  Heavily based on the Venafi runner by Joseph Hall (jphall@saltstack.com).

Before using this module you need to register an account with Digicert's CertCentral.

Login to CertCentral, ensure you have a payment method configured and/or there are adequate
funds attached to your account.  Click the ``Account`` item in the left sidebar, and select
``Account Access``.  The right hand pane should show "Account Access" and a link to create
an API key.  Create a new API key and assign it to the user that should be attached to requests
coming from Salt.

NOTE CertCentral will not show the API key again after revealing it the first time.  Make sure
you copy it right away or you will have to revoke it and generate a new one.

Now open ``/etc/salt/master`` and add the API key as shown below.

.. code-block:: yaml

    digicert:
      api_key: ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABC


Restart your Salt Master.

You can also include default values of the following variables to help with creating CSRs:

.. code-block:: yaml

    digicert:
      api_key: ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABC
      shatype: sha256

This API currently only supports RSA key types.  Support for other key types will be added
if interest warrants.

i(tabsolute_importtprint_functiontunicode_literalsN(tsix(trange(tCommandExecutionErrortSaltRunnerError(tRSAudigicertcC@s#tjdi�jd�rtStS(uE
    Only load the module if digicert has configuration in place
    udigicertuapi_key(t__opts__tgett__virtualname__tFalse(((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt__virtual__CscC@stjdi�jdd�S(u
    Return the base_url
    udigicertubase_urlu%https://www.digicert.com/services/v2/(RR	(((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt	_base_urlLscC@stjdi�jdd�S(u
    Return the API key
    udigicertuapi_keyu(RR	(((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt_api_keyUscO@stjjj||�}d|dkr0|dSt|ddd�}t|ddd�}|dkrpiS||d}|dkr�|d|S|d|}|d}xctd|�D]R}	|d	j||	d�}
tjjj|
|�}||j|d|�q�W|S(
uN
    Wrapper to assist with paginated responses from Digicert's REST API.
    uerrorsudictupageulimitutotaliiiu?offset={0}(tsalttutilsthttptquerytintRtformattextend(turlttopkeytargstkwargstrettlimttotaltnumpagest
aggregate_rettpt	param_urltnext_ret((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt	_paginate\s"
c
C@sy|rdjt�|�}ndjt��}t|ddddtddd	it�d
6dd6�}i|d6}|S(
u�
    List domains that CertCentral knows about. You can filter by
    container_id (also known as "Division") by passing a container_id.

    CLI Example:

    .. code-block:: bash

        salt-run digicert.list_domains
    u{0}/domain?{1}u
{0}/domainudomainstmethoduGETtdecodetdecode_typeujsontheader_dictuX-DC-DEVKEYuapplication/jsonuContent-Type(RR
R"tTrueR(tcontainer_idRtorgsR((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytlist_domains{s


cC@s|rdjt�|�}ndjt��}t|ddddtddd	td
it�d6dd
6�}i|d6}|S(u�
    List certificate requests made to CertCentral. You can filter by
    status: ``pending``, ``approved``, ``rejected``

    CLI Example:

    .. code-block:: bash

        salt-run digicert.list_requests pending
    u{0}/request?status={1}u{0}/requesturequestsR#uGETR$R%ujsontraise_errorR&uX-DC-DEVKEYuapplication/jsonuContent-Type(RR
R"R'RR(tstatusRtreqsR((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt
list_requests�s


cC@sadjt��}t|ddddtdddtd	it�d
6dd6�}i|d6}|S(
u�
    List certificate orders made to CertCentral.

    CLI Example:

    .. code-block:: bash

        salt-run digicert.list_orders
    u{0}/order/certificateuordersR#uGETR$R%ujsonR+R&uX-DC-DEVKEYuapplication/jsonuContent-Type(RR
R"R'RR(R,RR-R((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytlist_orders�s



upem_allcC@s�|r�tjjjdjt�|�dddtdtdddit�d	6d
d6�}|dj	d
�dkr�i|dd6S|dj	dt�r�i|dd6S|dj	d�j	dd+�}|dj	d�j	d�}n|s
iiidd6dd6d6d6S|rntjjjdjt�||�dddtdtdtd|dtdit�d	6�}nOtjjjdjt�||�dddtdtdtdit�d	6�}d|kr�i|d6Sd|kr�i|d6}|}	nt|t�r|d}|}	n|}|}	d+}
|sht
j�\}}
|
}tj||	�tj|�nddddd d!d"|g}tj|�}
d+}x?|
j�D]1}tjd#|�}|r�|jd$�}Pq�q�W|
r�tj|
�n|rdd%}tjjttj�}y|j||�}Wntk
rMi|	d6}nX|j |||�nd&|kr�ii|d'6|d&j	d(d)�d*6|d&j	dd)�d6d6Si|	d6S(,u�
    Retrieve a certificate by order_id or certificate_id and write it to stdout or a filename.

    A list of permissible cert_formats is here:
        https://www.digicert.com/services/v2/documentation/appendix-certificate-formats

    CLI Example:

    .. code-block:: bash

        salt-run digicert.get_certificate order_id=48929454 cert_format=apache

    Including a 'filename' will write the certificate to the desired file.
    Note that some cert formats are zipped files, and some are binary.

    If the certificate has not been issued, this function will return the order details
    inside of which will be a status (one of pending, rejected, processing, issued,
    revoked, canceled, needs_csr, and needs_approval)

    If for some reason you want to pipe the output of this command to a file or other
    command you will want to leave off the ``filename`` argument and make sure to include
    ``--no-color`` so there will be no terminal ANSI escape sequences.

    u{0}/order/certificate/{1}R#uGETR+R$R%ujsonR&uX-DC-DEVKEYuapplication/jsonuContent-Typeudictustatusuissueducertificateuerrorsuiducommon_nameuunknownucodeuTUnknown error, no certificate ID passed on command line or in body returned from APIumessageu'{0}/certificate/{1}/download/format/{2}ttexttheadersttext_outubodyuopensslux509u-nooutu-subjectu-nameoptu	multilineu-inu *commonName *= *(.*)iudigicert/domainsuheadersufilenameuContent-DispositionuNot provideduoriginal_filenameN(!RRRRRR
RR'RR	tNonet
isinstancetdictttempfiletmkstemptostwritetcloset
subprocesstcheck_outputt
splitlinestretsearchtgrouptunlinktcachetCacheRtsyspathst	CACHE_DIRtfetcht	TypeErrortstore(torder_idtcertificate_idt	minion_idtcert_formattfilenamet
order_certtcommon_nametret_certRtcertttmpfilenametfdtcmdtouttltcommon_name_matchtbankRBtdata((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytget_certificate�s�	


		
	
	

c
C@sUtdjt��ddddtdddit�d	6d
d6�}i|d6}|S(u`
    List organizations that CertCentral knows about. You can filter by
    container_id (also known as "Division") by passing a container_id.
    This function returns validation information by default; pass
    ``include_validation=False`` to turn it off.

    CLI Example:

    .. code-block:: bash

        salt-run digicert.list_organizations
    u{0}/organizationu
organizationsR#uGETR$R%ujsonR&uX-DC-DEVKEYuapplication/jsonuContent-Type(R"RR
R'R(R(tinclude_validationR)R((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytlist_organizationsYs


icC@s0|r$t|tj�r$|g}n|rLt|tj�rLtd��ni|d6}||d<|rv||d<n"tjdi�jdd�|d<i}|r�t|tj�r�|g}n|r�t|tj�r�td��n|r�||d	<n|r8t|||d
|dd|dd
|d|�}n(t|||d|dd
|d|�}||d<|	r�|	|dd<ni|d6|d<|
r�|
|d<n|r�||d<n|r�||d<n||d<|
r�i|
d6|d<n|r||d<n||d<t	j
jj|�}t	j
j
jdjt��ddd|dtd d!d"it�d#6d$d%6d&t�}d'|d(kr!d)}t	jjttj�}|j||�}|d.kr�i}n|ji|d*6|d(d+ddd,6|d6�|j|||�t||�ni|d(d-6S(/u�
    Order a certificate.  Requires that an Organization has been created inside Digicert's CertCentral.

    See here for API documentation:
    https://www.digicert.com/services/v2/documentation/order/order-ssl-determinator

    CLI Example:

    .. code-block:: bash

        salt-run digicert.order_certificate my_minionid my.domain.com 10             3 signature_hash=sha256             dns_names=['this.domain.com', 'that.domain.com']             organization_units='My Domain Org Unit'             comments='Comment goes here for the approver'

    This runner can also be used to renew a certificate by passing `renewal_of_order_id`.
    Previous order details can be retrieved with digicertapi.list_orders.
    uDorder_certificate needs a single dns_name, or an array of dns_names.ucommon_nameu	dns_namesusignature_hashudigicertushatypeusha256u,Organization_units is not a valid data type.uorganization_unitstou_nameitshatypetkey_lentpassworducsruserver_platformuiduorganizationucustom_expiration_dateuvalidity_yearsucommentsudisable_renewal_notificationsu	type_hintuproducturenewal_of_order_iducertificateu{0}/order/certificate/sslR#uPOSTRYR$R%ujsonR&uX-DC-DEVKEYuapplication/jsonuContent-TypeR+uerrorsudictudigicert/domainsu	minion_idurequestsuorder_iduorderN(R4Rtstring_typestcollectionstSequenceRRR	tgen_csrRRtjsontdumpsRRRR
R'RRRBRCRDRERFR3tupdateRHt_id_map(RKROtorganization_idtvalidity_yearstcert_key_passphrasetsignature_hashR_t	dns_namestorganization_unitstserver_platformtcustom_expiration_datetcommentstdisable_renewal_notificationstproduct_type_hinttrenewal_of_order_idtcertificatetbodytcsrtencoded_bodytqdataRXRBRY((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytorder_certificatevs�


"

	








			c
@sd}|dkrtrNtj|d�}|jddd�fd��}n$tjd|�}|jd��}|dk	rd	}tjj	t
tj�}y*|j
||�}	||	d
<||	d<Wn%tk
r�i|d
6|d6}	nX|j|||	�qn|S(
u�
    Generate and return a private_key. If a ``dns_name`` is passed in, the
    private_key will be cached under that name.

    CLI Example:

    .. code-block:: bash

        salt-run digicert.gen_key <minion_id> [dns_name] [password]
    uRSAitcipherudes_ede3_cbctcallbackc@s
tj��S(N(Rtb(tx(R`(s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt<lambda>�stbitsuPEMudigicert/domainsuprivate_keyu	minion_idN(tHAS_M2Rtgen_keytas_pemtgeneratet	exportKeyR3RRBRCRRDRERFRGRH(
RKtdns_nameR`R_tkeygen_typetgentprivate_keyRXRBRY((R`s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyR��s&$


cC@sQtjjjdjt�|�dddtdddit�d6d	d
6�}|S(u�
    Return the details for an organization

    CLI Example:

    .. code-block:: bash

        salt-run digicert.get_org_details 34

    Returns a dictionary with the org details, or with 'error' and 'status' keys.
    u{0}/organization/{1}R#uGETR$R%ujsonR&uX-DC-DEVKEYuapplication/jsonuContent-Type(RRRRRR
R'R(RiRy((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytget_org_details	s


usha256cC@sjt|�}d|kr7tdj||d���n|djdd�dkrktdj|���ntj�}tj|d�d	}	tj	j
ttj
�}
|
j|	|�}|dkr�i}nd
|kr�t|||d|�|d
<ndj|�}d
j|�}
tjjj|d��'}|jtjjj|d
��WdQXdj|dd|dd|dd|dd�}|r�|dj|�}n|dj|�}dj|||
|�}tdd|�}d|krtd��ntjjj|
d��"}tjjj|j��}WdQX||d<||d<|
j|	||�|S(uk

    CLI Example:

    .. code-block:: bash

        salt-run digicert.gen_csr <minion_id> <dns_name>
    uerroruBProblem getting organization details for organization_id={0} ({1})udictustatusuactiveuinactiveu8Organization with organization_id={0} is marked inactivei�udigicert/domainsuprivate_keyR_u{0}/privu{0}/csruwNu/C={0}/ST={1}/L={2}/O={3}ucountryustateucityudisplay_nameu/OU={0}u/CN={0}u3openssl req -new -{0} -key {1} -out {2} -subj '{3}'usalt.cmducmd.runu#problems making Certificate RequestuwThere was a problem generating the CSR. Please ensure that you have a valid Organization established inside CertCentraluru	minion_iducsr(R�RRR	R6tmkdtempR8tchmodRRBRCRRDRERFR3R�RtfilestfopenR9tstringutilstto_strt__salt__Rt
to_unicodetreadRH(RKR�RiR]R_R^R`torg_detailsttmpdirRXRBRYttmpprivttmpcsrtif_tsubjectRTtoutputtof_Rw((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyRd#sR	&	!

cC@s{d}tjjttj�}|j||�}t|t�sHg}n||krd|j	|�n|j
|||�dS(uA
    Maintain a relationship between a minion and a dns name
    udigicert/minionsN(RRBRCRRDRERFR4tlisttappendRH(RKR�RXRBRm((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyRhps	cC@s�tjjjdjt�|�dtdtdddit�d6�}|d}tj	|�j
d	�s�tj	|�j
d
�r�tdj|d���n|jd
i�S(u�
    Show organization information, especially the company id

    CLI Example:

    .. code-block:: bash

        salt-run digicert.show_company example.com
    u{0}/companies/domain/{1}R,R$R%ujsonR&utppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(
RRRRRR
R'RRt	text_typet
startswithRR	(tdomainRYR,((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytshow_organization~s

0cC@s�tjjjdjt��dtdtdddit�d6�}|d}tj	|�j
d	�s}tj	|�j
d
�r�tdj|d���n|jd
i�S(u�
    Show certificate requests for this API key

    CLI Example:

    .. code-block:: bash

        salt-run digicert.show_csrs
    u{0}/certificaterequestsR,R$R%ujsonR&utppl-api-keyustatusu4u5uThere was an API error: {0}uerrorudict(
RRRRRR
R'RRR�R�RR	(RYR,((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt	show_csrs�s

0cC@s8tjjttj�}d}|j||�}|dS(u�
    Show a private RSA key

    CLI Example:

    .. code-block:: bash

        salt-run digicert.show_rsa myminion domain.example.com
    udigicert/domainsuprivate_key(RRBRCRRDRERF(RKR�RBRXRY((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytshow_rsa�s

cC@s%tjjttj�}|jd�S(u�
    List domains that have been cached

    CLI Example:

    .. code-block:: bash

        salt-run digicert.list_domain_cache
    udigicert/domains(RRBRCRRDRER�(RB((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytlist_domain_cache�s
cC@s�tjjttj�}t|tj�r<|j	d�}nt|t
�sZtd��ng}g}xP|D]H}y!|jd|�|j
|�Wqmtk
r�|j
|�qmXqmWi|d6|d6S(u�
    Delete cached domains from the master

    CLI Example:

    .. code-block:: bash

        salt-run digicert.del_cached_domain domain1.example.com,domain2.example.com
    u,uwYou must pass in either a string containing one or more domains separated by commas, or a list of single domain stringsudigicert/domainsu	SucceededuFailed(RRBRCRRDRER4RRatsplitR�RtflushR�(tdomainsRBtsuccesstfailedR�((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pytdel_cached_domain�s


(9t__doc__t
__future__RRRR8tloggingR6R;RbR>t
salt.syspathsRDt
salt.cacheRtsalt.utils.filestsalt.utils.httptsalt.utils.jsontsalt.extRtsalt.ext.six.movesRtsalt.exceptionsRRtM2CryptoRR'R�tImportErrorRtCryptodome.PublicKeytCrypto.PublicKeyR
t	getLoggert__name__tlogRR
RR"R3R*R.R/RZR\RzR�R�RdRhR�R�R�R�R�(((s</usr/lib/python2.7/site-packages/salt/runners/digicertapi.pyt<module>%sf


						 �			m"	F					

Zerion Mini Shell 1.0