Features

1. Clean OOP Abstraction / Models

The framework features a clean Object-Oriented Programming (OOP) abstraction, including comprehensive database and exception handling support.

  • Clean hierarchical implementation code

  • Clean hierarchical service call metadata

Example Implementation Code:

  1import abc
  2import logging
  3import datetime
  4
  5from microesb import microesb
  6
  7logger = logging.getLogger(__name__)
  8
  9
 10class Cert(microesb.ClassHandler, metaclass=abc.ABCMeta):
 11
 12    def __init__(self):
 13        super().__init__()
 14
 15        self.register_property(
 16            'generation_timestamp',
 17            {
 18                'type': 'str',
 19                'default': None,
 20                'required': False,
 21                'description': 'SysInternal Certificate Generation Date'
 22            }
 23        )
 24
 25        self.register_property(
 26            'cert_data',
 27            {
 28                'type': 'str',
 29                'default': None,
 30                'required': False,
 31                'description': 'SysInternal Generated Certificate Base64 encoded'
 32            }
 33        )
 34
 35    @abc.abstractmethod
 36    def _load_ref_cert_data(self):
 37        """ Abstract _load_ref_cert_data() method.
 38        """
 39
 40    @abc.abstractmethod
 41    def _gen_openssl_cert(self):
 42        """ Abstract _gen_openssl_cert() method.
 43        """
 44
 45    @abc.abstractmethod
 46    def _store_cert_data(self):
 47        """ Abstract _store_cert_data() method.
 48        """
 49
 50    def gen_cert(self):
 51
 52        self._load_ref_cert_data()
 53
 54        if getattr(self, 'Smartcard') is not None:
 55            logger.info('Gen HSM Keypair')
 56            self._hsm_gen_keypair()
 57        if getattr(self, 'Smartcard') is None:
 58            logger.info('Gen OpenSSL PrivKey')
 59            self._gen_openssl_privkey()
 60
 61        self._gen_openssl_cert()
 62        self.generation_timestamp = datetime.datetime.now().isoformat('T')
 63        self._store_cert_data()
 64
 65    def _gen_openssl_privkey(self):
 66        logger.info('Gen openssl private key.')
 67
 68    def _get_cert_data_by_id(self):
 69        logger.info('Get cert data from ESB. Type:{}.'.format(self.type))
 70        self.set_properties(
 71            self._ServiceRouter.send('CertGetById', metadata=self.id)
 72        )
 73
 74    def _hsm_gen_keypair(self):
 75        logger.info('Smartcard container label:{}'.format(
 76            self.Smartcard.SmartcardContainer.label)
 77        )
 78        self.Smartcard.gen_keypair()
 79
 80    def _store_cert_data(self):
 81        logger.info('Store {} cert metadata.'.format(self.type))
 82        self._ServiceRouter.send('CertStore', metadata=self.property_dict)
 83
 84
 85class CertCA(Cert):
 86
 87    def __init__(self):
 88        self.type = 'ca'
 89        super().__init__()
 90
 91    def _load_ref_cert_data(self):
 92        pass
 93
 94    def _gen_openssl_cert(self):
 95        logger.info('Generating {} cert.'.format(self.type))
 96
 97        srv_metadata = {
 98            "CertCA": self.property_dict
 99        }
100
101        self.cert_data = 'dummy_cacert_data'
102        logger.info('Generating cert with metadata:{}'.format(srv_metadata))
103
104
105class CertServer(Cert):
106
107    def __init__(self):
108        self.type = 'server'
109        super().__init__()
110
111    def _load_ref_cert_data(self):
112        self.CertCA._get_cert_data_by_id()
113
114    def _gen_openssl_cert(self):
115        logger.info('Generating {} cert.'.format(self.type))
116
117        srv_metadata = {
118            "CertServer": self.property_dict,
119            "CertCA": self.CertCA.property_dict
120        }
121
122        logger.info('Generating cert with metadata:{}'.format(srv_metadata))
123
124        self.cert_data = 'dummy_servercert_data'
125
126
127class CertClient(Cert):
128
129    def __init__(self):
130        self.type = 'client'
131        super().__init__()
132
133    def _load_ref_cert_data(self):
134        self.CertCA._get_cert_data_by_id()
135        self.CertServer._get_cert_data_by_id()
136
137    def _gen_openssl_cert(self):
138        logger.info('Generating {} cert.'.format(self.type))
139
140        srv_metadata = {
141            "CertClient": self.property_dict,
142            "CertServer": self.CertServer.property_dict,
143            "CertCA": self.CertCA.property_dict
144        }
145
146        logger.info('Generating cert with metadata:{}'.format(srv_metadata))
147        self.cert_data = 'dummy_clientcert_data'
148
149
150class Smartcard(microesb.ClassHandler):
151
152    def __init__(self):
153        super().__init__()
154
155        self.register_property(
156            'gen_status',
157            {
158                'type': bool,
159                'default': False,
160                'required': False,
161                'description': 'SysInternal Generated Smartcard Keypair Status'
162            }
163        )
164
165    def gen_keypair(self):
166        logger.info('Gen keypair on smartcard:{} with keypair label:{}'.format(
167            self.label,
168            self.SmartcardContainer.label
169        ))
170
171        srv_metadata = {
172            "SmartcardID": self.label,
173            "SmartcardContainerLabel": self.SmartcardContainer.label
174        }
175
176        self.gen_status = self._ServiceRouter.send('KeypairGenerate', metadata=srv_metadata)
177
178
179class SmartcardContainer(microesb.ClassHandler):
180
181    def __init__(self):
182        super().__init__()

2. Structured Service Call Metadata

The service call metadata is well-structured, as demonstrated in the following example:

call_JSON = {
    'SYSServiceID': 'generateCertClient',
    'data': [
        {
            'CertClient': {
                'id': 'test-client1',
                'CertCA': {
                    'id': 'test-ca1'
                },
                'CertServer': {
                    'id': 'test-server1'
                },
                'Smartcard': {
                    'label': 'smartcard_customer1',
                    'user_pin': 'pin2',
                    'SmartcardContainer': {
                        'label': 'testserver1_client1_keypair'
                    }
                },
                'country': 'DE',
                'state': 'Berlin',
                'locality': 'Berlin',
                'org': 'WEBcodeX',
                'org_unit': 'Security',
                'common_name': 'testclient1@domain.com',
                'email': 'pki@webcodex.de',
                'valid_days': 365
            }
        }
    ]
}

For the full example, see 2. PKI Provisioning / Class Types.

3. Multi-Object Abstraction

Process multiple hierarchical input metadata elements simultaneously.

Example Service Call Metadata:

 1service_metadata = {
 2    'SYSServiceID': 'insertUserDomain',
 3    'data': [
 4        {
 5            'User':
 6            {
 7                'SYSServiceMethod': 'init',
 8                'name': 'testuser1',
 9                'Domain': {
10                    'SYSServiceMethod': 'add',
11                    'name': 'testdomain1',
12                    'ending': 'com',
13                    'Host': [
14                        {
15                            'SYSServiceMethod': 'add',
16                            'type': 'MX',
17                            'value': 'mx01.mailserver.com',
18                            'priority': 1
19                        },
20                        {
21                            'SYSServiceMethod': 'add',
22                            'name': 'host1',
23                            'type': 'A',
24                            'value': '5.44.111.165',
25                            'ttl': 36000
26                        }
27                    ]
28                }
29            }
30        }
31    ]
32}

For the full example, see 1. Hosting Use Case.

4. Structured Service Property Definition

Define structured service call properties easily and efficiently.

Example Service Property Definition:

 1service_properties = {
 2    'SYSBackendMethods': [
 3        ('gen_cert', 'on_recursion_finish')
 4    ],
 5    'Cert': {
 6        'properties': {
 7            'id': {
 8                'type': 'str',
 9                'default': None,
10                'required': True,
11                'description': 'Textual cert database id'
12            },
13            'country': {
14                'type': 'str',
15                'default': 'DE',
16                'required': True,
17                'description': 'Certificate country ref'
18            },
19            'state': {
20                'type': 'str',
21                'default': None,
22                'required': True,
23                'description': 'Certificate state ref'
24            },
25            'locality': {
26                'type': 'str',
27                'default': None,
28                'required': True,
29                'description': 'Certificate locality ref'
30            },
31            'org': {
32                'type': 'str',
33                'default': None,
34                'required': True,
35                'description': 'Certificate organization ref'
36            },
37            'org_unit': {
38                'type': 'str',
39                'default': None,
40                'required': True,
41                'description': 'Certificate organization unit ref'
42            },
43            'common_name': {
44                'type': 'str',
45                'default': None,
46                'required': True,
47                'description': 'Certificate common name'
48            },
49            'email': {
50                'type': 'str',
51                'default': None,
52                'required': True,
53                'description': 'Certificate email ref'
54            },
55            'valid_days': {
56                'type': 'int',
57                'default': 365,
58                'required': True,
59                'description': 'Certificate validity range in days'
60            }
61        },
62        'methods': ['gen_cert']
63    },
64    'Smartcard': {
65        'properties': {
66            'label': {
67                'type': 'str',
68                'default': None,
69                'required': True,
70                'description': 'Smartcard textual label'
71            },
72            'user_pin': {
73                'type': 'str',
74                'default': None,
75                'required': True,
76                'description': 'Smartcard pin'
77            }
78        }
79    },
80    'SmartcardContainer': {
81        'properties': {
82            'label': {
83                'type': 'str',
84                'default': None,
85                'required': True,
86                'description': 'Container object on smartcards textual label'
87            }
88        }
89    }
90}

For the full example, see 2. PKI Provisioning / Class Types.

5. Planned Features

Planned for upcoming releases:

  • Service Registry / API Server

  • Service Registry / YANG Model Export

  • Service Registry / Web Interface

  • Service API / Auto Documentation

  • Extended “Encapsulated” Service Routing

  • Mincepy Integration / Metadata Mapping