Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 2cecaf70

Přidáno uživatelem Jan Pašek před asi 4 roky(ů)

Re #8571 - Added RestAPI endpoint for revoking certificates

Zobrazit rozdíly:

src/controllers/certificates_controller.py
9 9 
from src.constants import CA_ID, \
10 10 
    SSL_ID, SIGNATURE_ID, AUTHENTICATION_ID, \
11 11 
    DATETIME_FORMAT, ROOT_CA_ID, INTERMEDIATE_CA_ID, CERTIFICATE_ID  # TODO DATABASE_FILE - not the Controller's
12 
from src.exceptions.database_exception import DatabaseException
12 13 
from src.model.subject import Subject
13 
from src.services.certificate_service import CertificateService
14 
from src.services.certificate_service import CertificateService, RevocationReasonInvalidException, \
15 
    CertificateStatusInvalidException
14 16 
#  responsibility.
15 17 
from src.services.key_service import KeyService
16 18 

  		




  ......




  27
  29
  
    
SUBJECT = "subject"


  		




  28
  30
  
    
VALIDITY_DAYS = "validityDays"


  		




  29
  31
  
    
CA = "CA"


  		




  
  32
  
    
STATUS = "status"


  		




  
  33
  
    
REASON = "reason"


  		




  
  34
  
    
REASON_UNDEFINED = "undefined"


  		




  30
  35
  
    

  		




  31
  36
  
    
E_NO_ISSUER_FOUND = {"success": False, "data": "No certificate authority with such unique ID exists."}


  		




  32
  37
  
    
E_NO_CERTIFICATES_FOUND = {"success": False, "data": "No such certificate found."}


  		




  ......




  41
  46
  
    
C_CREATED_SUCCESSFULLY = 201


  		




  42
  47
  
    
C_BAD_REQUEST = 400


  		




  43
  48
  
    
C_NOT_FOUND = 404


  		




  44
  
  
    
C_NO_DATA = 205  # TODO related to 204 issue


  		




  
  49
  
    
C_NO_DATA = 205  # TODO related to 204 issue                                               # TODO related to 204 issue


  		




  45
  50
  
    
C_INTERNAL_SERVER_ERROR = 500


  		




  46
  51
  
    
C_SUCCESS = 200


  		




  47
  52
  
    

  		




  ......




  303
  308
  
    

  		




  304
  309
  
    
        return {"success": True, "data": "".join(ret)}, C_SUCCESS


  		




  305
  310
  
    

  		




  
  311
  
    
    def set_certificate_status(self, id):


  		




  
  312
  
    
        """


  		




  
  313
  
    
        Revoke a certificate given by ID


  		




  
  314
  
    
            - revocation request may contain revocation reason


  		




  
  315
  
    
            - revocation reason is verified based on the possible predefined values


  		




  
  316
  
    
            - if revocation reason is not specified 'undefined' value is used


  		




  
  317
  
    
        :param id: Identifier of the certificate to be revoked


  		




  
  318
  
    
        :type id: int


  		




  
  319
  
    

  		




  
  320
  
    
        :rtype: SuccessResponse | ErrorResponse (see OpenAPI definition)


  		




  
  321
  
    
        """


  		




  
  322
  
    
        required_keys = {STATUS}  # required keys


  		




  
  323
  
    

  		




  
  324
  
    
        # try to parse certificate identifier -> if it is not int return error 400


  		




  
  325
  
    
        try:


  		




  
  326
  
    
            identifier = int(id)


  		




  
  327
  
    
        except ValueError:


  		




  
  328
  
    
            return E_WRONG_PARAMETERS, C_BAD_REQUEST


  		




  
  329
  
    

  		




  
  330
  
    
        # check if the request contains a JSON body


  		




  
  331
  
    
        if request.is_json:


  		




  
  332
  
    
            request_body = request.get_json()


  		




  
  333
  
    
            # verify that all required keys are present


  		




  
  334
  
    
            if not all(k in request_body for k in required_keys):


  		




  
  335
  
    
                return E_MISSING_PARAMETERS, C_BAD_REQUEST


  		




  
  336
  
    

  		




  
  337
  
    
            # get status and reason from the request


  		




  
  338
  
    
            status = request_body[STATUS]


  		




  
  339
  
    
            reason = request_body.get(REASON, REASON_UNDEFINED)


  		




  
  340
  
    
            try:


  		




  
  341
  
    
                # set certificate status using certificate_service


  		




  
  342
  
    
                self.certificate_service.set_certificate_revocation_status(status, reason)


  		




  
  343
  
    
            except (RevocationReasonInvalidException, CertificateStatusInvalidException):


  		




  
  344
  
    
                # these exceptions are thrown in case invalid status or revocation reason is passed to the controller


  		




  
  345
  
    
                return E_WRONG_PARAMETERS, C_BAD_REQUEST


  		




  
  346
  
    
            except DatabaseException:


  		




  
  347
  
    
                return E_WRONG_PARAMETERS, C_BAD_REQUEST


  		




  
  348
  
    
            return {"success": True,


  		




  
  349
  
    
                    "data": "Certificate status updated successfully."}, C_CREATED_SUCCESSFULLY


  		




  
  350
  
    
        # throw an error in case the request does not contain a json body


  		




  
  351
  
    
        else:


  		




  
  352
  
    
            return E_NOT_JSON_FORMAT, C_BAD_REQUEST


  		




  
  353
  
    

  		




  306
  354
  
    
    def cert_to_dict_partial(self, c):


  		




  307
  355
  
    
        """


  		




  308
  356
  
    
        Dictionarizes a certificate directly fetched from the database. Contains partial information.


  		












Také k dispozici:  Unified diff