Revize 1d8ff0a3
Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)
| src/controllers/certificates_controller.py | ||
|---|---|---|
| 3 | 3 |
from itertools import chain |
| 4 | 4 |
from json import JSONDecodeError |
| 5 | 5 |
|
| 6 |
from flask import request |
|
| 6 |
from flask import request, Response
|
|
| 7 | 7 |
from injector import inject |
| 8 | 8 |
|
| 9 | 9 |
from src.constants import CA_ID, \ |
| ... | ... | |
| 37 | 37 |
STATUS = "status" |
| 38 | 38 |
REASON = "reason" |
| 39 | 39 |
REASON_UNDEFINED = "unspecified" |
| 40 |
NAME = "name" |
|
| 41 |
PASSWORD = "password" |
|
| 40 | 42 |
|
| 41 | 43 |
E_NO_ISSUER_FOUND = {"success": False, "data": "No certificate authority with such unique ID exists."}
|
| 42 | 44 |
E_NO_CERTIFICATES_FOUND = {"success": False, "data": "No such certificate found."}
|
| ... | ... | |
| 48 | 50 |
E_GENERAL_ERROR = {"success": False, "data": "Internal server error (unknown origin)."}
|
| 49 | 51 |
E_MISSING_PARAMETERS = {"success": False, "data": "Invalid request, missing parameters."}
|
| 50 | 52 |
E_WRONG_PARAMETERS = {"success": False, "data": "Invalid request, wrong parameters."}
|
| 53 |
E_IDENTITY_NAME_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity name."}
|
|
| 54 |
E_IDENTITY_PASSWORD_NOT_SPECIFIED = {"success": False, "data": "Invalid request, missing identity password."}
|
|
| 51 | 55 |
|
| 52 | 56 |
|
| 53 | 57 |
class CertController: |
| ... | ... | |
| 591 | 595 |
Logger.error(f"Internal server error (unknown origin).") |
| 592 | 596 |
return E_GENERAL_ERROR, C_INTERNAL_SERVER_ERROR |
| 593 | 597 |
|
| 594 |
return {"success": True, "data": "The certificate and its descendants have been successfully deleted."}
|
|
| 598 |
return {"success": True, "data": "The certificate and its descendants have been successfully deleted."}
|
|
| 599 |
|
|
| 600 |
def generate_certificate_pkcs_identity(self, id): |
|
| 601 |
""" |
|
| 602 |
Generates a PKCS12 identity (including the chain of trust) of the certificate given by the specified ID. |
|
| 603 |
Response is of application/x-pkcs12 type. |
|
| 604 |
|
|
| 605 |
:param id: ID of a certificate whose PKCS12 identity should be generated |
|
| 606 |
:type id: int |
|
| 607 |
|
|
| 608 |
:rtype: Response |
|
| 609 |
""" |
|
| 610 |
|
|
| 611 |
Logger.info(f"\n\t{request.referrer}"
|
|
| 612 |
f"\n\t{request.method} {request.path} {request.scheme}"
|
|
| 613 |
f"\n\tCertificate ID = {id}")
|
|
| 614 |
|
|
| 615 |
# try to parse the supplied ID |
|
| 616 |
try: |
|
| 617 |
v = int(id) |
|
| 618 |
except ValueError: |
|
| 619 |
Logger.error(f"Invalid request, wrong parameters 'id'[{id}] (expected integer).")
|
|
| 620 |
return E_WRONG_PARAMETERS, C_BAD_REQUEST |
|
| 621 |
|
|
| 622 |
# find a certificate using the given ID |
|
| 623 |
cert = self.certificate_service.get_certificate(v) |
|
| 624 |
|
|
| 625 |
if request.is_json: # accept JSON only |
|
| 626 |
body = request.get_json() |
|
| 627 |
|
|
| 628 |
# check whether the request is well formed meaning that it contains all required fields |
|
| 629 |
if NAME not in body.keys(): |
|
| 630 |
return E_IDENTITY_NAME_NOT_SPECIFIED, C_BAD_REQUEST |
|
| 631 |
|
|
| 632 |
if PASSWORD not in body.keys(): |
|
| 633 |
return E_IDENTITY_PASSWORD_NOT_SPECIFIED, C_BAD_REQUEST |
|
| 634 |
|
|
| 635 |
# parse required fields from the request |
|
| 636 |
identity_name = body[NAME] |
|
| 637 |
identity_password = body[PASSWORD] |
|
| 638 |
|
|
| 639 |
# check whether a certificated specified by the given ID exists |
|
| 640 |
if cert is None: |
|
| 641 |
Logger.error(f"No such certificate found 'ID = {v}'.")
|
|
| 642 |
return E_NO_CERTIFICATES_FOUND, C_NOT_FOUND |
|
| 643 |
else: |
|
| 644 |
# try to load it's private key |
|
| 645 |
key = self.key_service.get_key(cert.private_key_id) |
|
| 646 |
if key is None: |
|
| 647 |
Logger.error( |
|
| 648 |
f"The private key 'ID = {cert.private_key_id}'of the certificate 'ID = {cert.certificate_id}' does not exist.")
|
|
| 649 |
return E_NO_CERTIFICATES_FOUND, C_INTERNAL_SERVER_ERROR |
|
| 650 |
else: |
|
| 651 |
# generate PKCS12 identity |
|
| 652 |
identity_byte_array = self.certificate_service.generate_pkcs_identity(cert.certificate_id, key, |
|
| 653 |
identity_name, |
|
| 654 |
identity_password) |
|
| 655 |
return Response(identity_byte_array, mimetype='application/x-pkcs12') |
|
Také k dispozici: Unified diff
Re #8708 - Added a new REST API endpoint used for generating a PKCS12 identities of certificates