Class: Vcert::CloudConnection

Inherits:
Object
  • Object
show all
Defined in:
lib/cloud/cloud.rb

Constant Summary collapse

CLOUD_PREFIX =
'<Cloud>'.freeze

Instance Method Summary collapse

Constructor Details

#initialize(url, apikey) ⇒ CloudConnection

Returns a new instance of CloudConnection.



8
9
10
11
12
13
14
15
# File 'lib/cloud/cloud.rb', line 8

def initialize(url, apikey)
  @url = if url.nil?
           'https://api.venafi.cloud'.freeze
         else
           url
         end
  @apikey = apikey
end

Instance Method Details

#policy(zone_id) ⇒ Object



168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# File 'lib/cloud/cloud.rb', line 168

def policy(zone_id)
  unless zone_id
    raise Vcert::ClientBadDataError, "Zone should be not nil"
  end
  arr = zone_id.split("\\", 2)

  app_name = arr[0]
  cit_alias = arr[1]

  if app_name.to_s.strip.empty? || cit_alias.to_s.strip.empty?
    raise Vcert::ClientBadDataError, "The parameters: app_name, cit_alias or both are empty"
  end

  app_name =  Addressable::URI.encode_component(app_name, Addressable::URI::CharacterClasses::QUERY)
  cit_alias =  Addressable::URI.encode_component(cit_alias, Addressable::URI::CharacterClasses::QUERY)
  status, data = get(URL_CIT_BY_APP_NAME_CIT_ALIAS % [app_name, cit_alias])
  puts data
  if status != 200
    raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting issuing template: %s for zone %s" % status, zone_id
  end
  parse_policy_responce_to_object(data)
end

#renew(request, generate_new_key: true) ⇒ Object



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'lib/cloud/cloud.rb', line 60

def renew(request, generate_new_key: true)
  puts("Trying to renew certificate")
  if request.id == nil && request.thumbprint == nil
    raise Vcert::ClientBadDataError, "Either request ID or certificate thumbprint is required to renew the certificate"
  end
  if request.thumbprint != nil
    cert_id, request_id = search_by_thumbprint(request.thumbprint)
  end
  if request.id != nil
    prev_request = get_cert_status(request)
    request_id = request.id
    zone = prev_request[:zoneId]
  end
  if request_id == nil
    raise Vcert::VcertError, "Can't find the existing certificate request id"
  end

  status, data = get(URL_CERTIFICATE_STATUS % request_id)

  if status == 200
    request.id = data['id']
    cert_id = data['certificateIds'][0]
  else
    raise Vcert::ServerUnexpectedBehaviorError, "Status #{status}"
  end


  if prev_request == nil
    prev_request = get_cert_status(request)
  end


  d = {existingCertificateId: cert_id,
       applicationId: data["applicationId"],
       certificateIssuingTemplateId: data["certificateIssuingTemplateId"],
       apiClientInformation: getApiClientInformation

  }
  if request.csr?
    d.merge!(certificateSigningRequest: request.csr)
    d.merge!(reuseCSR: false)
  elsif generate_new_key
    parsed_csr = parse_csr_fields(prev_request[:csr])
    renew_request = Vcert::Request.new(
        common_name: parsed_csr[:CN],
        san_dns: parsed_csr[:DNS],
        country: parsed_csr[:C],
        province: parsed_csr[:ST],
        locality: parsed_csr[:L],
        organization: parsed_csr[:O],
        organizational_unit: parsed_csr[:OU])
    d.merge!(certificateSigningRequest: renew_request.csr)
  else
    raise Vcert::VcertError, "This operation is not yet supported"
    #d.merge!(reuseCSR: true)
  end

  status, data = post(URL_CERTIFICATE_REQUESTS, data = d)
  if status == 201
    if generate_new_key
      return data['certificateRequests'][0]['id'], renew_request.private_key
    else
      return data['certificateRequests'][0]['id'], nil
    end

  else
    raise Vcert::ServerUnexpectedBehaviorError, "Status: #{status} Message: #{data}"
  end

end

#request(zone_tag, request) ⇒ Object



18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/cloud/cloud.rb', line 18

def request(zone_tag, request)
  zone_config = zone_configuration(zone_tag)
  _, data = post(URL_CERTIFICATE_REQUESTS, {:applicationId => zone_config.app_id,
                                            :certificateIssuingTemplateId=>zone_config.cit_id,
                                            :certificateSigningRequest => request.csr,
                                            :apiClientInformation => getApiClientInformation
  })
  LOG.debug("Raw response to certificate request:")
  LOG.debug(JSON.pretty_generate(data))
  request.id = data['certificateRequests'][0]["id"]
  request
end

#retrieve(request) ⇒ Object



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/cloud/cloud.rb', line 31

def retrieve(request)
  LOG.info(("Getting certificate status for ID %s" % request.id))
  status, data = get(URL_CERTIFICATE_STATUS % request.id)
  if [200, 409].include? status
    case data['status']
    when CERT_STATUS_PENDING, CERT_STATUS_REQUESTED
      LOG.info(("Certificate status is: %s" % data['status']))
      return nil
    when CERT_STATUS_FAILED
      raise Vcert::ServerUnexpectedBehaviorError, "Certificate issue status is FAILED"
    when CERT_STATUS_ISSUED
      cert_arr = data["certificateIds"]
      status, full_chain = get(URL_CERTIFICATE_RETRIEVE % cert_arr[0] + "?chainOrder=#{CHAIN_OPTION_ROOT_LAST}&format=PEM")
      if status == 200
        cert = parse_full_chain full_chain
        if cert.private_key == nil
          cert.private_key = request.private_key
        end
        return cert
      else
        LOG.error("Can't issue certificate: #{full_chain}")
        raise Vcert::ServerUnexpectedBehaviorError, "Status #{status}"
      end
    else
      raise Vcert::ServerUnexpectedBehaviorError, "Unknown certificate status #{data['status']}"
    end
  end
end

#zone_configuration(tag) ⇒ Object



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# File 'lib/cloud/cloud.rb', line 131

def zone_configuration(tag)
  if tag.to_s.strip.empty?
    raise Vcert::ClientBadDataError, "Zone should not be empty"
  end
  LOG.info("Getting configuration for zone #{tag}")
  arr = tag.split("\\", 2)

  app_name = arr[0]
  cit_alias = arr[1]

  if app_name.to_s.strip.empty? || cit_alias.to_s.strip.empty?
    raise Vcert::ClientBadDataError, "The parameters: app_name, cit_alias or both are empty"
  end
  app_name =  Addressable::URI.encode_component(app_name, Addressable::URI::CharacterClasses::QUERY)
  cit_alias =  Addressable::URI.encode_component(cit_alias, Addressable::URI::CharacterClasses::QUERY)

  #get cit
  _, data = get(URL_CIT_BY_APP_NAME_CIT_ALIAS % [app_name, cit_alias])

  #get app info
  _, app = get(URL_APPLICATION_BY_NAME % app_name)

  kt = Vcert::KeyType.new data['keyTypes'][0]["keyType"], data['keyTypes'][0]["keyLengths"][0].to_i
  z = Vcert::ZoneConfiguration.new(
      country: Vcert::CertField.new(""),
      province: Vcert::CertField.new(""),
      locality: Vcert::CertField.new(""),
      organization: Vcert::CertField.new(""),
      organizational_unit: Vcert::CertField.new(""),
      key_type: Vcert::CertField.new(kt, locked: true),
  )
  z.app_id = app["id"]
  z.cit_id = data["id"]

  return z
end