Features
1. Clean OOP Abstraction / Models
The framework features a clean Object-Oriented Programming (OOP) abstraction, including comprehensive database and exception handling support.
Clean hierarchical implementation code
Clean hierarchical service call metadata
Example Implementation Code:
1import abc
2import logging
3import datetime
4
5from microesb import microesb
6
7logger = logging.getLogger(__name__)
8
9
10class Cert(microesb.ClassHandler, metaclass=abc.ABCMeta):
11
12 def __init__(self):
13 super().__init__()
14
15 self.register_property(
16 'generation_timestamp',
17 {
18 'type': 'str',
19 'default': None,
20 'required': False,
21 'description': 'SysInternal Certificate Generation Date'
22 }
23 )
24
25 self.register_property(
26 'cert_data',
27 {
28 'type': 'str',
29 'default': None,
30 'required': False,
31 'description': 'SysInternal Generated Certificate Base64 encoded'
32 }
33 )
34
35 @abc.abstractmethod
36 def _load_ref_cert_data(self):
37 """ Abstract _load_ref_cert_data() method.
38 """
39
40 @abc.abstractmethod
41 def _gen_openssl_cert(self):
42 """ Abstract _gen_openssl_cert() method.
43 """
44
45 @abc.abstractmethod
46 def _store_cert_data(self):
47 """ Abstract _store_cert_data() method.
48 """
49
50 def gen_cert(self):
51
52 self._load_ref_cert_data()
53
54 if getattr(self, 'Smartcard') is not None:
55 logger.info('Gen HSM Keypair')
56 self._hsm_gen_keypair()
57 if getattr(self, 'Smartcard') is None:
58 logger.info('Gen OpenSSL PrivKey')
59 self._gen_openssl_privkey()
60
61 self._gen_openssl_cert()
62 self.generation_timestamp = datetime.datetime.now().isoformat('T')
63 self._store_cert_data()
64
65 def _gen_openssl_privkey(self):
66 logger.info('Gen openssl private key.')
67
68 def _get_cert_data_by_id(self):
69 logger.info('Get cert data from ESB. Type:{}.'.format(self.type))
70 self.set_properties(
71 self._ServiceRouter.send('CertGetById', metadata=self.id)
72 )
73
74 def _hsm_gen_keypair(self):
75 logger.info('Smartcard container label:{}'.format(
76 self.Smartcard.SmartcardContainer.label)
77 )
78 self.Smartcard.gen_keypair()
79
80 def _store_cert_data(self):
81 logger.info('Store {} cert metadata.'.format(self.type))
82 self._ServiceRouter.send('CertStore', metadata=self.property_dict)
83
84
85class CertCA(Cert):
86
87 def __init__(self):
88 self.type = 'ca'
89 super().__init__()
90
91 def _load_ref_cert_data(self):
92 pass
93
94 def _gen_openssl_cert(self):
95 logger.info('Generating {} cert.'.format(self.type))
96
97 srv_metadata = {
98 "CertCA": self.property_dict
99 }
100
101 self.cert_data = 'dummy_cacert_data'
102 logger.info('Generating cert with metadata:{}'.format(srv_metadata))
103
104
105class CertServer(Cert):
106
107 def __init__(self):
108 self.type = 'server'
109 super().__init__()
110
111 def _load_ref_cert_data(self):
112 self.CertCA._get_cert_data_by_id()
113
114 def _gen_openssl_cert(self):
115 logger.info('Generating {} cert.'.format(self.type))
116
117 srv_metadata = {
118 "CertServer": self.property_dict,
119 "CertCA": self.CertCA.property_dict
120 }
121
122 logger.info('Generating cert with metadata:{}'.format(srv_metadata))
123
124 self.cert_data = 'dummy_servercert_data'
125
126
127class CertClient(Cert):
128
129 def __init__(self):
130 self.type = 'client'
131 super().__init__()
132
133 def _load_ref_cert_data(self):
134 self.CertCA._get_cert_data_by_id()
135 self.CertServer._get_cert_data_by_id()
136
137 def _gen_openssl_cert(self):
138 logger.info('Generating {} cert.'.format(self.type))
139
140 srv_metadata = {
141 "CertClient": self.property_dict,
142 "CertServer": self.CertServer.property_dict,
143 "CertCA": self.CertCA.property_dict
144 }
145
146 logger.info('Generating cert with metadata:{}'.format(srv_metadata))
147 self.cert_data = 'dummy_clientcert_data'
148
149
150class Smartcard(microesb.ClassHandler):
151
152 def __init__(self):
153 super().__init__()
154
155 self.register_property(
156 'gen_status',
157 {
158 'type': bool,
159 'default': False,
160 'required': False,
161 'description': 'SysInternal Generated Smartcard Keypair Status'
162 }
163 )
164
165 def gen_keypair(self):
166 logger.info('Gen keypair on smartcard:{} with keypair label:{}'.format(
167 self.label,
168 self.SmartcardContainer.label
169 ))
170
171 srv_metadata = {
172 "SmartcardID": self.label,
173 "SmartcardContainerLabel": self.SmartcardContainer.label
174 }
175
176 self.gen_status = self._ServiceRouter.send('KeypairGenerate', metadata=srv_metadata)
177
178
179class SmartcardContainer(microesb.ClassHandler):
180
181 def __init__(self):
182 super().__init__()
2. Structured Service Call Metadata
The service call metadata is well-structured, as demonstrated in the following example:
call_JSON = {
'SYSServiceID': 'generateCertClient',
'data': [
{
'CertClient': {
'id': 'test-client1',
'CertCA': {
'id': 'test-ca1'
},
'CertServer': {
'id': 'test-server1'
},
'Smartcard': {
'label': 'smartcard_customer1',
'user_pin': 'pin2',
'SmartcardContainer': {
'label': 'testserver1_client1_keypair'
}
},
'country': 'DE',
'state': 'Berlin',
'locality': 'Berlin',
'org': 'WEBcodeX',
'org_unit': 'Security',
'common_name': 'testclient1@domain.com',
'email': 'pki@webcodex.de',
'valid_days': 365
}
}
]
}
For the full example, see 2. PKI Provisioning / Class Types.
3. Multi-Object Abstraction
Process multiple hierarchical input metadata elements simultaneously.
Example Service Call Metadata:
1service_metadata = {
2 'SYSServiceID': 'insertUserDomain',
3 'data': [
4 {
5 'User':
6 {
7 'SYSServiceMethod': 'init',
8 'name': 'testuser1',
9 'Domain': {
10 'SYSServiceMethod': 'add',
11 'name': 'testdomain1',
12 'ending': 'com',
13 'Host': [
14 {
15 'SYSServiceMethod': 'add',
16 'type': 'MX',
17 'value': 'mx01.mailserver.com',
18 'priority': 1
19 },
20 {
21 'SYSServiceMethod': 'add',
22 'name': 'host1',
23 'type': 'A',
24 'value': '5.44.111.165',
25 'ttl': 36000
26 }
27 ]
28 }
29 }
30 }
31 ]
32}
For the full example, see 1. Hosting Use Case.
4. Structured Service Property Definition
Define structured service call properties easily and efficiently.
Example Service Property Definition:
1service_properties = {
2 'SYSBackendMethods': [
3 ('gen_cert', 'on_recursion_finish')
4 ],
5 'Cert': {
6 'properties': {
7 'id': {
8 'type': 'str',
9 'default': None,
10 'required': True,
11 'description': 'Textual cert database id'
12 },
13 'country': {
14 'type': 'str',
15 'default': 'DE',
16 'required': True,
17 'description': 'Certificate country ref'
18 },
19 'state': {
20 'type': 'str',
21 'default': None,
22 'required': True,
23 'description': 'Certificate state ref'
24 },
25 'locality': {
26 'type': 'str',
27 'default': None,
28 'required': True,
29 'description': 'Certificate locality ref'
30 },
31 'org': {
32 'type': 'str',
33 'default': None,
34 'required': True,
35 'description': 'Certificate organization ref'
36 },
37 'org_unit': {
38 'type': 'str',
39 'default': None,
40 'required': True,
41 'description': 'Certificate organization unit ref'
42 },
43 'common_name': {
44 'type': 'str',
45 'default': None,
46 'required': True,
47 'description': 'Certificate common name'
48 },
49 'email': {
50 'type': 'str',
51 'default': None,
52 'required': True,
53 'description': 'Certificate email ref'
54 },
55 'valid_days': {
56 'type': 'int',
57 'default': 365,
58 'required': True,
59 'description': 'Certificate validity range in days'
60 }
61 },
62 'methods': ['gen_cert']
63 },
64 'Smartcard': {
65 'properties': {
66 'label': {
67 'type': 'str',
68 'default': None,
69 'required': True,
70 'description': 'Smartcard textual label'
71 },
72 'user_pin': {
73 'type': 'str',
74 'default': None,
75 'required': True,
76 'description': 'Smartcard pin'
77 }
78 }
79 },
80 'SmartcardContainer': {
81 'properties': {
82 'label': {
83 'type': 'str',
84 'default': None,
85 'required': True,
86 'description': 'Container object on smartcards textual label'
87 }
88 }
89 }
90}
For the full example, see 2. PKI Provisioning / Class Types.
5. Planned Features
Planned for upcoming releases:
Service Registry / API Server
Service Registry / YANG Model Export
Service Registry / Web Interface
Service API / Auto Documentation
Extended “Encapsulated” Service Routing
Mincepy Integration / Metadata Mapping