dxlconsole.modules.certificates.module module¶
-
class
dxlconsole.modules.certificates.module.
CertificateModule
(app)¶ Bases:
dxlconsole.module.Module
Module used to generate client certificates that are compatible with the OpenDXL broker
Constructor parameters:
Parameters: app -- The application that the module is a part of -
CERTS_BROKER_CA_BUNDLE_FILE_PROP
= 'brokerCaBundleFile'¶ The location of the broker CA bundle file
-
CERTS_BROKER_CA_KEY_FILE_PROP
= 'brokerCaKeyFile'¶ The location of the broker CA key file
-
CERTS_BROKER_CA_LIST_FILE_PROP
= 'brokerCaListFile'¶ The location of the broker CA list file
-
CERTS_BROKER_CA_PASSWORD_PROP
= 'brokerCaPassword'¶ The password for the broker CA
-
CERTS_BROKER_STATE_POLICY_FILE_PROP
= 'brokerStatePolicyFile'¶ The location of the broker state policy file
-
CERTS_CLIENT_CA_CERT_FILE_PROP
= 'clientCaCertFile'¶ The location of the client CA certificate file (used for signing)
-
CERTS_CLIENT_CA_KEY_FILE_PROP
= 'clientCaKeyFile'¶ The location of the client CA key file (used for signing)
-
CERTS_CLIENT_CA_PASSWORD_PROP
= 'clientCaPassword'¶ The password for the client CA
-
CERTS_CONFIG_SECTION
= 'Certificates'¶ The name of the "Certificates" section within the application configuration file
-
CLIENT_CONFIG_TEMPLATE_FILE_PROP
= 'clientConfigTemplateFile'¶ The location of the client configuration template file
-
DIGEST
= 'sha256'¶
-
DXL_CONFIG_FILE_NAME
= 'dxlclient.config'¶
-
ZIP_BROKER_CA_BUNDLE_FILE_NAME
= 'ca-broker.crt'¶
-
ZIP_BROKER_CA_LIST_FILE_NAME
= 'ca-brokers.lst'¶
-
ZIP_BROKER_CERT_FILE_NAME
= 'broker.crt'¶
-
ZIP_BROKER_KEY_FILE_NAME
= 'broker.key'¶
-
ZIP_CLIENT_CA_CERT_FILE_NAME
= 'ca-client.crt'¶
-
ZIP_CLIENT_CERT_FILE_NAME
= 'client.crt'¶
-
ZIP_CLIENT_KEY_FILE_NAME
= 'client.key'¶
-
broker_ca_bundle_file
¶ Returns the path to the broker CA bundle file
Returns: The path to the broker CA bundle file
-
broker_ca_key_file
¶ Returns the path to the broker CA key file
Returns: The path to the broker CA key file
-
broker_ca_list_file
¶ Returns the path to the broker CA list file
Returns: The path to the broker CA list file
-
broker_ca_password
¶ Returns the password for the broker CA
Returns: The password for the broker CA
-
broker_state_policy_file
¶ Returns the location of the broker state policy file
Returns: The location of the broker state policy file
-
client_ca_cert_file
¶ Returns the path to the CA certificate file
Returns: The path to the CA certificate file
-
client_ca_key_file
¶ Returns the path to the CA key file
Returns: The path to the CA key file
-
client_ca_password
¶ Returns the password for the client CA
Returns: The password for the client CA
-
client_config_template_file
¶ Returns the path to the client configuration template file
Returns: The path to the client configuration template file
-
content
¶ The content of the module (JS code)
Returns: The content of the module (JS code)
-
enabled
¶ Returns whether the module is enabled
Returns: Whether the module is enabled
-
handlers
¶ Web (Tornado) handlers for the module
Returns: The web (Tornado) handlers for the module
-
-
class
dxlconsole.modules.certificates.module.
CreateClientBundleManagementServiceHandler
(application, request, module)¶ Bases:
dxlconsole.modules.certificates.module._BaseCertHandler
This mimics the ePO service which is called by the Python client CLI updateconfig command The response is similar to the ePO remote command "DxlClientMgmt.createClientCaBundle"
-
get
(*args, **kwargs)¶ The HTTP response payload for this request should look like the following:
OK: "[ca bundle]"
Sections of the response include:
- A line with the text "OK:" if the request was successful, else error on failure.
- A JSON-encoded string with a double-quote character at the beginning and end. The string contains a concatenation of one or more PEM-encoded CA certificates.
Returns: CA certificates
-
-
class
dxlconsole.modules.certificates.module.
GenerateCertHandler
(application, request, module)¶ Bases:
dxlconsole.modules.certificates.module._BaseCertHandler
Handles post request to generate certs with the provided subject parameters
-
data_received
(chunk)¶ Invoked when streamed request data is received
Param: chunk The next chuck of data
-
post
(*args, **kwargs)¶ Returns a client cert package using specified values
-
-
class
dxlconsole.modules.certificates.module.
GetBrokerListManagementServiceHandler
(application, request, module)¶ Bases:
dxlconsole.modules.certificates.module._BaseCertHandler
This mimics the ePO service which is called by the Python client CLI updateconfig command The response is similar to the ePO remote command "DxlClientMgmt.getBrokerList"
-
get
(*args, **kwargs)¶ Returns the broker list.The HTTP response payload for this request should look like the following:
OK: "[broker config]"
Sections of the response include:
A line with the text "OK:" if the request was successful, else error on failure.
A JSON-encoded string with a double-quote character at the beginning and end. The string should contain a JSON document which looks similar to the following
{ "brokers": [ { "guid": "{2c5b107c-7f51-11e7-0ebf-0800271cfa58}", "hostName": "broker1", "ipAddress": "10.10.100.100", "port": 8883 }, { "guid": "{e90335b2-8dc8-11e7-1bc3-0800270989e4}", "hostName": "broker2", "ipAddress": "10.10.100.101", "port": 8883 } ], "certVersion": 0 }
Returns: Json broker list
-
-
class
dxlconsole.modules.certificates.module.
ProvisionManagementServiceHandler
(application, request, module)¶ Bases:
dxlconsole.modules.certificates.module._BaseCertHandler
This mimics the ePO service which is called by the Python client CLI provisionconfig command The response is similar to the ePO remote command "DxlBrokerMgmt.generateOpenDXLClientProvisioningPackageCmd"
-
get
(*args, **kwargs)¶ Returns a client cert package using submitted CSR
The HTTP response payload for this request should look like the following:
OK: "[ca bundle],[signed client cert],[broker config]"
Sections of the response include:
- A line with the text 'OK:' if the request was successful, else error on failure.
- A JSON-encoded string with a double-quote character at the beginning and end and with the following parts, comma-delimited:
- [ca bundle] - a concatenation of one or more PEM-encoded CA certificates
- [signed client cert] - a PEM-encoded certificate signed from the certificate request
- [broker config] - zero or more lines, each delimited by a line feed character, for each of the brokers known to the management service. Each line contains a key and value, delimited by an equal sign. The key contains a broker guid. The value contains other metadata for the broker, e.g., the broker guid, port, hostname, and ip address. For example:'[guid1]=[guid1];8883;broker;10.10.1.1<newline>[guid2]=[guid2]...'.
Returns: provisioning information
-