ASWI - Pokročilé softwarové inženýrství » ASWI 2021 » Aplikace pro správu X.509 certifikátů (Yoso Czech s.r.o.) - JMSD

from flask import Response, request

from injector import inject

import base64

from src.exceptions.certificate_not_found_exception import CertificateNotFoundException

from src.exceptions.private_key_not_found_exception import PrivateKeyNotFoundException

from src.services.crl_ocsp.crl_ocsp_service import CrlOcspService

from src.controllers.return_codes import *

from src.utils.logger import Logger

E_WRONG_PARAMETERS = {"success": False, "data": "Invalid request, wrong parameters."}

E_NO_CERTIFICATES_FOUND = {"success": False, "data": "No such certificate found."}

class CrlOcspController:

    @inject

    def __init__(self, crl_service: CrlOcspService):

        self.crl_service = crl_service

    def get_crl(self, ca_id: str):

        """

        Generate and download a CRL for a selected certificate authority

        :param ca_id: certificate authority whose CRL is requested

        :return: download response / error

        """

        # TODO check log

        Logger.info(f"\n\t{request.referrer}"

                    f"\n\t{request.method}   {request.path}   {request.scheme}"

                    f"\n\tCertificate ID = {ca_id}")

        # convert id from string to int

        try:

            identifier = int(ca_id)

        except ValueError:

            Logger.error(f"Invalid request, wrong parameters 'id'[{ca_id}].")

            return E_WRONG_PARAMETERS, C_BAD_REQUEST

        # generate the CRL

        try:

            crl = self.crl_service.generate_crl_response(identifier)

        except CertificateNotFoundException:

            Logger.error(f"No such certificate found 'ID = {identifier}'.")

            return E_NO_CERTIFICATES_FOUND, C_NOT_FOUND

        return Response(crl, mimetype="application/x-x509-ca-cert",

                        headers={"Content-Disposition": f"attachment;filename={ca_id}_crl.pem"})

    def get_ocsp_from_base64(self, ca_id, base64_der_ocsp_request):

        """

        Generate an OCSP Response for a base-64 encoded DER encoded OCSP Request.

        :param ca_id: certificate authority ID

        :param base64_der_ocsp_request: encoded request

        :return: DER OCSP response

        """

        Logger.info(f"\n\t{request.referrer}"

                    f"\n\t{request.method}   {request.path}   {request.scheme}"

                    f"\n\tCertificate ID = {ca_id}")

        return self.get_ocsp_from_der(ca_id, base64.b64decode(base64_der_ocsp_request))

    def get_ocsp_from_der(self, ca_id, der_ocsp_request):

        """

        Generate an OCSP Response for a DER encoded OCSP Request.

        :param ca_id: certificate authority ID

        :param der_ocsp_request: encoded request

        :return: DER OCSP response

        """

        Logger.info(f"\n\t{request.referrer}"

                    f"\n\t{request.method}   {request.path}   {request.scheme}"

                    f"\n\tCertificate ID = {ca_id}")

        if len(der_ocsp_request) == 0:

            Logger.error(f"Invalid request, wrong parameters 'der_ocsp_request'.")

            return E_WRONG_PARAMETERS, C_BAD_REQUEST

        try:

            ca_id = int(ca_id)

        except ValueError:

            Logger.error(f"Invalid request, wrong parameters 'id'[{ca_id}].")

            return E_WRONG_PARAMETERS, C_BAD_REQUEST

        try:

            ocsp_response = self.crl_service.generate_ocsp_response(ca_id, der_ocsp_request)

        except CertificateNotFoundException:

            Logger.error(f"No such certificate found 'ID = {ca_id}'.")

            return E_NO_CERTIFICATES_FOUND, C_NOT_FOUND

        return Response(ocsp_response, mimetype="application/ocsp-response")