Revize 9e6f791a
Přidáno uživatelem Jan Pašek před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 6 | 6 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID, CERTIFICATE_ID, CERTIFICATE_STATES, \ |
| 7 | 7 |
CERTIFICATE_REVOCATION_REASONS |
| 8 | 8 |
from src.dao.certificate_repository import CertificateRepository |
| 9 |
from src.exceptions.unknown_exception import UnknownException |
|
| 9 | 10 |
from src.model.certificate import Certificate |
| 10 | 11 |
from src.model.private_key import PrivateKey |
| 11 | 12 |
from src.model.subject import Subject |
| ... | ... | |
| 279 | 280 |
if reason not in CERTIFICATE_REVOCATION_REASONS: |
| 280 | 281 |
raise RevocationReasonInvalidException(reason) |
| 281 | 282 |
|
| 283 |
# check whether the certificate exists |
|
| 284 |
certificate = self.certificate_repository.read(id) |
|
| 285 |
if certificate is None: |
|
| 286 |
raise CertificateNotFoundException(id) |
|
| 287 |
|
|
| 282 | 288 |
updated = False |
| 283 | 289 |
if status == STATUS_VALID: |
| 284 | 290 |
updated = self.certificate_repository.clear_certificate_revocation(id) |
| 285 | 291 |
elif status == STATUS_REVOKED: |
| 292 |
# check if the certificate is not revoked already |
|
| 293 |
revoked = self.certificate_repository.get_all_revoked_by(certificate.parent_id) |
|
| 294 |
if certificate.certificate_id in [x.certificate_id for x in revoked]: |
|
| 295 |
raise CertificateAlreadyRevokedException(id) |
|
| 296 |
|
|
| 286 | 297 |
revocation_timestamp = int(time.time()) |
| 287 | 298 |
updated = self.certificate_repository.set_certificate_revoked(id, str(revocation_timestamp), reason) |
| 288 | 299 |
|
| 289 | 300 |
if not updated: |
| 290 |
raise CertificateNotFoundException(id) |
|
| 301 |
# TODO log this |
|
| 302 |
raise UnknownException("Repository returned 'false' from clear_certificate_revocation() "
|
|
| 303 |
"or set_certificate_revoked().") |
|
| 291 | 304 |
|
| 292 | 305 |
def get_subject_from_certificate(self, certificate: Certificate) -> Subject: |
| 293 | 306 |
""" |
| ... | ... | |
| 357 | 370 |
class CertificateNotFoundException(Exception): |
| 358 | 371 |
""" |
| 359 | 372 |
Exception that denotes that the caller was trying to set |
| 360 |
a certificate to an invalid state
|
|
| 373 |
work with non-existing certificate
|
|
| 361 | 374 |
""" |
| 362 | 375 |
|
| 363 | 376 |
def __init__(self, id): |
| ... | ... | |
| 365 | 378 |
|
| 366 | 379 |
def __str__(self): |
| 367 | 380 |
return f"Certificate id '{self.id}' does not exist."
|
| 381 |
|
|
| 382 |
|
|
| 383 |
class CertificateAlreadyRevokedException(Exception): |
|
| 384 |
""" |
|
| 385 |
Exception that denotes that the caller was trying to revoke |
|
| 386 |
a certificate that is already revoked |
|
| 387 |
""" |
|
| 388 |
|
|
| 389 |
def __init__(self, id): |
|
| 390 |
self.id = id |
|
| 391 |
|
|
| 392 |
def __str__(self): |
|
| 393 |
return f"Certificate id '{self.id}' is already revoked."
|
|
Také k dispozici: Unified diff
Re #8571 - Fixed problems during walk-through code review