dxlconsole.modules.certificates.module module¶

class dxlconsole.modules.certificates.module.CertificateModule(app)¶

Bases: dxlconsole.module.Module

Module used to generate client certificates that are compatible with the OpenDXL broker

Constructor parameters:

Parameters:	app -- The application that the module is a part of

CERTS_BROKER_CA_BUNDLE_FILE_PROP = 'brokerCaBundleFile'¶: The location of the broker CA bundle file

CERTS_BROKER_CA_KEY_FILE_PROP = 'brokerCaKeyFile'¶: The location of the broker CA key file

CERTS_BROKER_CA_LIST_FILE_PROP = 'brokerCaListFile'¶: The location of the broker CA list file

CERTS_BROKER_CA_PASSWORD_PROP = 'brokerCaPassword'¶: The password for the broker CA

CERTS_BROKER_STATE_POLICY_FILE_PROP = 'brokerStatePolicyFile'¶: The location of the broker state policy file

CERTS_CLIENT_CA_CERT_FILE_PROP = 'clientCaCertFile'¶: The location of the client CA certificate file (used for signing)

CERTS_CLIENT_CA_KEY_FILE_PROP = 'clientCaKeyFile'¶: The location of the client CA key file (used for signing)

CERTS_CLIENT_CA_PASSWORD_PROP = 'clientCaPassword'¶: The password for the client CA

CERTS_CONFIG_SECTION = 'Certificates'¶: The name of the "Certificates" section within the application configuration file

CLIENT_CONFIG_TEMPLATE_FILE_PROP = 'clientConfigTemplateFile'¶: The location of the client configuration template file

DIGEST = 'sha256'¶

DXL_CONFIG_FILE_NAME = 'dxlclient.config'¶

ZIP_BROKER_CA_BUNDLE_FILE_NAME = 'ca-broker.crt'¶

ZIP_BROKER_CA_LIST_FILE_NAME = 'ca-brokers.lst'¶

ZIP_BROKER_CERT_FILE_NAME = 'broker.crt'¶

ZIP_BROKER_KEY_FILE_NAME = 'broker.key'¶

ZIP_CLIENT_CA_CERT_FILE_NAME = 'ca-client.crt'¶

ZIP_CLIENT_CERT_FILE_NAME = 'client.crt'¶

ZIP_CLIENT_KEY_FILE_NAME = 'client.key'¶

broker_ca_bundle_file¶

Returns the path to the broker CA bundle file

Returns:	The path to the broker CA bundle file

broker_ca_key_file¶

Returns the path to the broker CA key file

Returns:	The path to the broker CA key file

broker_ca_list_file¶

Returns the path to the broker CA list file

Returns:	The path to the broker CA list file

broker_ca_password¶

Returns the password for the broker CA

Returns:	The password for the broker CA

broker_state_policy_file¶

Returns the location of the broker state policy file

Returns:	The location of the broker state policy file

client_ca_cert_file¶

Returns the path to the CA certificate file

Returns:	The path to the CA certificate file

client_ca_key_file¶

Returns the path to the CA key file

Returns:	The path to the CA key file

client_ca_password¶

Returns the password for the client CA

Returns:	The password for the client CA

client_config_template_file¶

Returns the path to the client configuration template file

Returns:	The path to the client configuration template file

content¶

The content of the module (JS code)

Returns:	The content of the module (JS code)

enabled¶

Returns whether the module is enabled

Returns:	Whether the module is enabled

handlers¶

Web (Tornado) handlers for the module

Returns:	The web (Tornado) handlers for the module

class dxlconsole.modules.certificates.module.CreateClientBundleManagementServiceHandler(application, request, module)¶

Bases: dxlconsole.modules.certificates.module._BaseCertHandler

This mimics the ePO service which is called by the Python client CLI updateconfig command The response is similar to the ePO remote command "DxlClientMgmt.createClientCaBundle"

get(*args, **kwargs)¶

The HTTP response payload for this request should look like the following:

OK: "[ca bundle]"

Sections of the response include:

A line with the text "OK:" if the request was successful, else error on failure.
A JSON-encoded string with a double-quote character at the beginning and end. The string contains a concatenation of one or more PEM-encoded CA certificates.

Returns:	CA certificates

class dxlconsole.modules.certificates.module.GenerateCertHandler(application, request, module)¶

Bases: dxlconsole.modules.certificates.module._BaseCertHandler

Handles post request to generate certs with the provided subject parameters

data_received(chunk)¶

Invoked when streamed request data is received

Param:	chunk The next chuck of data

post(*args, **kwargs)¶: Returns a client cert package using specified values

class dxlconsole.modules.certificates.module.GetBrokerListManagementServiceHandler(application, request, module)¶

Bases: dxlconsole.modules.certificates.module._BaseCertHandler

This mimics the ePO service which is called by the Python client CLI updateconfig command The response is similar to the ePO remote command "DxlClientMgmt.getBrokerList"

get(*args, **kwargs)¶

Returns the broker list.The HTTP response payload for this request should look like the following:

OK: "[broker config]"

Sections of the response include:

A line with the text "OK:" if the request was successful, else error on failure.

A JSON-encoded string with a double-quote character at the beginning and end. The string should contain a JSON document which looks similar to the following

{
  "brokers": [
      {
          "guid": "{2c5b107c-7f51-11e7-0ebf-0800271cfa58}",
          "hostName": "broker1",
          "ipAddress": "10.10.100.100",
          "port": 8883
      },
      {
          "guid": "{e90335b2-8dc8-11e7-1bc3-0800270989e4}",
          "hostName": "broker2",
          "ipAddress": "10.10.100.101",
          "port": 8883
      }
  ],
  "certVersion": 0
}

Returns:	Json broker list

class dxlconsole.modules.certificates.module.ProvisionManagementServiceHandler(application, request, module)¶

Bases: dxlconsole.modules.certificates.module._BaseCertHandler

This mimics the ePO service which is called by the Python client CLI provisionconfig command The response is similar to the ePO remote command "DxlBrokerMgmt.generateOpenDXLClientProvisioningPackageCmd"

get(*args, **kwargs)¶

Returns a client cert package using submitted CSR

The HTTP response payload for this request should look like the following:

OK: "[ca bundle],[signed client cert],[broker config]"

Sections of the response include:

A line with the text 'OK:' if the request was successful, else error on failure.
A JSON-encoded string with a double-quote character at the beginning and end and with the following parts, comma-delimited:
[ca bundle] - a concatenation of one or more PEM-encoded CA certificates
[signed client cert] - a PEM-encoded certificate signed from the certificate request
[broker config] - zero or more lines, each delimited by a line feed character, for each of the brokers known to the management service. Each line contains a key and value, delimited by an equal sign. The key contains a broker guid. The value contains other metadata for the broker, e.g., the broker guid, port, hostname, and ip address. For example:'[guid1]=[guid1];8883;broker;10.10.1.1<newline>[guid2]=[guid2]...'.

Returns:	provisioning information