o |nhCp@s4dZddlmZddlmZdZGdddeZdS)zPKI methods module.)utils) VaultApiBasepkic@seZdZdZefddZefddZefddZefdd Zefd d Z efd d Z dddefddZ efddZ efddZ efddZefddZdedfddZefddZdedfddZefdd Zdefd!d"Zefd#d$Zefd%d&Zefd'd(Zdedfd)d*Zefd+d,Zdefd-d.Zefd/d0Zdefd1d2Zd3defd4d5Zdefd6d7Zefd8d9Zefd:d;Z defdd?Z"efd@dAZ#dS)BPkizdPki Secrets Engine (API). Reference: https://www.vaultproject.io/api/secret/pki/index.html cC&tjd|d}|jj|d}t|jS)abRead CA Certificate. Retrieves the CA certificate in raw DER-encoded form. Supported methods: GET: /{mount_point}/ca/pem. Produces: String :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The certificate as pem. :rtype: str z/v1/{mount_point}/ca/pem mount_pointurlr format_url_adaptergetstrtextselfrapi_pathresponserG/usr/local/lib/python3.10/dist-packages/hvac/api/secrets_engines/pki.pyread_ca_certificates   zPki.read_ca_certificatecCr)a~Read CA Certificate Chain. Retrieves the CA certificate chain, including the CA in PEM format. Supported methods: GET: /{mount_point}/ca_chain. Produces: String :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The certificate chain as pem. :rtype: str z/v1/{mount_point}/ca_chainrr r rrrrread_ca_certificate_chain"s  zPki.read_ca_certificate_chaincCtjd||d}|jj|dS)aRead Certificate. Retrieves one of a selection of certificates. Supported methods: GET: /{mount_point}/cert/{serial}. Produces: 200 application/json :param serial: the serial of the key to read. :type serial: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/{mount_point}/cert/{serial})rserialr rr r r)rrrrrrrread_certificate7zPki.read_certificatecCtjd|d}|jj|dS)aList Certificates. The list of the current certificates by serial number only. Supported methods: LIST: /{mount_point}/certs. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/{mount_point}/certsrr rr r listrrrrrrlist_certificatesO zPki.list_certificatescCs&d|i}tjd|d}|jj||dS)aSubmit CA Information. Submitting the CA information for the backend. Supported methods: POST: /{mount_point}/config/ca. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response pem_bundlez/v1/{mount_point}/config/carr jsonrr r post)rr$rparamsrrrrsubmit_ca_informationaszPki.submit_ca_informationcCr)aRead CRL Configuration. Getting the duration for which the generated CRL should be marked valid. Supported methods: GET: /{mount_point}/config/crl. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict /v1/{mount_point}/config/crlrr rr!rrrread_crl_configurationy  zPki.read_crl_configurationNcCsD|duri}tjd|d}|}|t||d|jj||dS)a-Set CRL Configuration. Setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL. Supported methods: POST: /{mount_point}/config/crl. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nr+r)expirydisabler%)rr update remove_nonesr r()rr.r/ extra_paramsrrr)rrrset_crl_configurations" zPki.set_crl_configurationcCr)azRead URLs. Fetches the URLs to be encoded in generated certificates. Supported methods: GET: /{mount_point}/config/urls. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict /v1/{mount_point}/config/urlsrr rr!rrr read_urlsr-z Pki.read_urlscCstjd|d}|jj||dS)aSet URLs. Setting the issuing certificate endpoints, CRL distribution points, and OCSP server endpoints that will be encoded into issued certificates. You can update any of the values at any time without affecting the other existing values. To remove the values, simply use a blank string as the parameter. Supported methods: POST: /{mount_point}/config/urls. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response r4rr%r')rr)rrrrrset_urlssz Pki.set_urlscCr)aRead CRL. Retrieves the current CRL in PEM format. This endpoint is an unauthenticated. Supported methods: GET: /{mount_point}/crl/pem. Produces: 200 application/pkix-crl :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The content of the request e.g. CRL string representation. :rtype: str z/v1/{mount_point}/crl/pemrr r rrrrread_crls z Pki.read_crlcCr)a_Rotate CRLs. Forces a rotation of the CRL. Supported methods: GET: /{mount_point}/crl/rotate. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/{mount_point}/crl/rotaterr rr!rrr rotate_crlr-zPki.rotate_crlcC:|duri}tjd||d}|}||d<|jj|||dS)aGenerate Intermediate. Generates a new private key and a CSR for signing. Supported methods: POST: /{mount_point}/intermediate/generate/{type}. Produces: 200 application/json :param type: Specifies the type to create. `exported` (private key also exported) or `internal`. :type type: str | unicode :param common_name: Specifies the requested CN for the certificate. :type common_name: str | unicode :param extra_params: Dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param wrap_ttl: Specifies response wrapping token creation with duration. IE: '15s', '20m', '25h'. :type wrap_ttl: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz./v1/{mount_point}/intermediate/generate/{type}rtype common_namer r&wrap_ttlr'rr;r<r2rr>rr)rrrgenerate_intermediate zPki.generate_intermediatecC*tjd|d}i}||d<|jj||dS)aGSet Signed Intermediate. Allows submitting the signed CA certificate corresponding to a private key generated via "Generate Intermediate" Supported methods: POST: /{mount_point}/intermediate/set-signed. Produces: 200 application/json :param certificate: Specifies the certificate in PEM format. :type certificate: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response z)/v1/{mount_point}/intermediate/set-signedr certificater%r'rrCrrr)rrrset_signed_intermediate9szPki.set_signed_intermediatecCr9)aGenerate Certificate. Generates a new set of credentials (private key and certificate) based on the role named in the endpoint. Supported methods: POST: /{mount_point}/issue/{name}. Produces: 200 application/json :param name: The name of the role to create the certificate against. :name name: str | unicode :param common_name: The requested CN for the certificate. :name common_name: str | unicode :param extra_params: A dictionary with extra parameters. :name extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :name mount_point: str | unicode :param wrap_ttl: Specifies response wrapping token creation with duration. IE: '15s', '20m', '25h'. :type wrap_ttl: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz/v1/{mount_point}/issue/{name}rnamer<r=r')rrGr<r2rr>rr)rrrgenerate_certificateUrAzPki.generate_certificatecCrB)aRevoke Certificate. Revokes a certificate using its serial number. Supported methods: POST: /{mount_point}/revoke. Produces: 200 application/json :param serial_number: The serial number of the certificate to revoke. :name serial_number: str | unicode :param mount_point: The "path" the method/backend was mounted on. :name mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response z/v1/{mount_point}/revoker serial_numberr%r')rrIrrr)rrrrevoke_certificateszPki.revoke_certificatecCs8|duri}tjd||d}|}||d<|jj||dS)a9Create/Update Role. Creates or updates the role definition. Supported methods: POST: /{mount_point}/roles/{name}. Produces: 200 application/json :param name: The name of the role to create. :name name: str | unicode :param extra_params: A dictionary with extra parameters. :name extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :name mount_point: str | unicode :return: The JSON response of the request. :rname: requests.Response N/v1/{mount_point}/roles/{name}rFrGr%r')rrGr2rrr)rrrcreate_or_update_roleszPki.create_or_update_rolecCr)aRead Role. Queries the role definition. Supported methods: GET: /{mount_point}/roles/{name}. Produces: 200 application/json :param name: The name of the role to read. :type name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict rKrFr rrrGrrrrr read_rolerz Pki.read_rolecCr)a[List Roles. Get a list of available roles. Supported methods: LIST: /{mount_point}/roles. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: dict z/v1/{mount_point}/rolesrr rr!rrr list_rolesr#zPki.list_rolescCr)aDelete Role. Deletes the role definition. Supported methods: DELETE: /{mount_point}/roles/{name}. Produces: 200 application/json :param name: The name of the role to delete. :name name: str | unicode :param mount_point: The "path" the method/backend was mounted on. :name mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response rKrFr rr r deleterMrrr delete_rolezPki.delete_rolecCr9)aGenerate Root. Generates a new self-signed CA certificate and private key. Supported methods: POST: /{mount_point}/root/generate/{type}. Produces: 200 application/json :param type: Specifies the type to create. `exported` (private key also exported) or `internal`. :type type: str | unicode :param common_name: The requested CN for the certificate. :type common_name: str | unicode :param extra_params: A dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param wrap_ttl: Specifies response wrapping token creation with duration. IE: '15s', '20m', '25h'. :type wrap_ttl: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz&/v1/{mount_point}/root/generate/{type}r:r<r=r'r?rrr generate_rootrAzPki.generate_rootcCr)agDelete Root. Deletes the current CA key. Supported methods: DELETE: /{mount_point}/root. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response z/v1/{mount_point}/rootrr rPr!rrr delete_root. zPki.delete_rootcCs>|duri}tjd|d}|}||d<||d<|jj||dS)aSign Intermediate. Issue a certificate with appropriate values for acting as an intermediate CA. Supported methods: POST: /{mount_point}/root/sign-intermediate. Produces: 200 application/json :param csr: The PEM-encoded CSR. :type csr: str | unicode :param common_name: The requested CN for the certificate. :type common_name: str | unicode :param extra_params: Dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz(/v1/{mount_point}/root/sign-intermediatercsrr<r%r')rrWr<r2rrr)rrrsign_intermediateDszPki.sign_intermediatecCrB)aSign Self-Issued. Sign a self-issued certificate. Supported methods: POST: /{mount_point}/root/sign-self-issued. Produces: 200 application/json :param certificate: The PEM-encoded self-issued certificate. :type certificate: str | unicode :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response z'/v1/{mount_point}/root/sign-self-issuedrrCr%r'rDrrrsign_self_issuedhszPki.sign_self_issuedcCs@|duri}tjd||d}|}||d<||d<|jj||dS)aNSign Certificate. Signs a new certificate based upon the provided CSR and the supplied parameters. Supported methods: POST: /{mount_point}/sign/{name}. Produces: 200 application/json :param name: The role to sign the certificate. :type name: str | unicode :param csr: The PEM-encoded CSR. :type csr: str | unicode :param common_name: The requested CN for the certificate. If the CN is allowed by role policy, it will be issued. :type common_name: str | unicode :param extra_params: A dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz/v1/{mount_point}/sign/{name}rFrWr<r%r')rrGrWr<r2rrr)rrrsign_certificateszPki.sign_certificateFcCsH|duri}d}|r|d}tj|||d}|}||d<|jj||dS)a~Sign Verbatim. Signs a new certificate based upon the provided CSR. Supported methods: POST: /{mount_point}/sign-verbatim. Produces: 200 application/json :param csr: The PEM-encoded CSR. :type csr: str | unicode :param name: Specifies a role. :type name: str | unicode :param extra_params: A dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz/v1/{mount_point}/sign-verbatimz/{name}rFrWr%r')rrWrGr2rurl_to_transformrr)rrr sign_verbatims zPki.sign_verbatimcCs.|duri}tjd|d}|}|jj||dS)aKTidy. Allows tidying up the storage backend and/or CRL by removing certificates that have expired and are past a certain buffer period beyond their expiration time. Supported methods: POST: /{mount_point}/tidy. Produces: 200 application/json :param extra_params: A dictionary with extra parameters. :type extra_params: dict :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response Nz/v1/{mount_point}/tidyrr%r')rr2rrr)rrrtidyszPki.tidycCr)aRead issuer. Get configuration of a issuer by its reference ID. Supported methods: GET: /{mount_point}/issuer/{issuer_ref}. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param issuer_ref: The reference ID of the issuer to get :type issuer_ref: str | unicode :return: The JSON response of the request. :rtype: requests.Response %/v1/{mount_point}/issuer/{issuer_ref}r issuer_refr rrr`rrrrr read_issuerrSzPki.read_issuercCr)a|List issuers. Get list of all issuers for a given pki mount. Supported methods: LIST: /{mount_point}/issuers. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :return: The JSON response of the request. :rtype: requests.Response z/v1/{mount_point}/issuersrr rr!rrr list_issuers rVzPki.list_issuerscCs$|}tjd||d}|jj||dS)a=Update issuer. Update a given issuer. Supported methods: POST: /{mount_point}/issuer/{issuer_ref}. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param issuer_ref: The reference ID of the issuer to update :type issuer_ref: str | unicode :param extra_params: Dictionary with extra parameters. :type extra_params: dict :return: The JSON response of the request. :rtype: requests.Response r^r_r%r')rr`r2rr)rrrr update_issuer!szPki.update_issuercCr)aRevoke issuer. Revokes a given issuer. Supported methods: POST: /{mount_point}/issuer/{issuer_ref}/revoke. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param issuer_ref: The reference ID of the issuer to revoke :type issuer_ref: str | unicode :return: The JSON response of the request. :rtype: requests.Response z,/v1/{mount_point}/issuer/{issuer_ref}/revoker_r r'rarrr revoke_issuer>rSzPki.revoke_issuercCr)aDelete issuer. Delete a given issuer. Deleting the default issuer will result in a warning Supported methods: DELETE: /{mount_point}/issuer/{issuer_ref}. Produces: 200 application/json :param mount_point: The "path" the method/backend was mounted on. :type mount_point: str | unicode :param issuer_ref: The reference ID of the issuer to delete :type issuer_ref: str | unicode :return: The JSON response of the request. :rtype: requests.Response r^r_r rPrarrr delete_issuerWrSzPki.delete_issuer)$__name__ __module__ __qualname____doc__DEFAULT_MOUNT_POINTrrrr"r*r,r3r5r6r7r8r@rErHrJrLrNrOrRrTrUrXrYrZr\r]rbrcrdrerfrrrrr sf       )    -  - #   - $ ) )   rN)rjhvacrhvac.api.vault_api_baserrkrrrrrs