Revize 4e70d22a
Přidáno uživatelem Stanislav Král před asi 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 129 | 129 |
return self.certificate_repository.read_all(cert_type) |
| 130 | 130 |
|
| 131 | 131 |
def get_chain_of_trust(self, from_id: int, to_id: int = -1, exclude_root=True) -> List[Certificate]: |
| 132 |
""" |
|
| 133 |
Traverses the certificate hierarchy tree upwards till a certificate with the `to_id` ID is found or till a |
|
| 134 |
root CA certificate is found. Root certificates are excluded from the chain by default. |
|
| 135 |
:param from_id: ID of the first certificate to be included in the chain of trust |
|
| 136 |
:param to_id: ID of the last certificate to be included in the chain of trust |
|
| 137 |
:param exclude_root: a flag indicating whether root CA certificate should be excluded |
|
| 138 |
:return: a list of certificates representing the chain of trust starting with the certificate given by `from_id` |
|
| 139 |
ID |
|
| 140 |
""" |
|
| 141 |
# read the first certificate of the chain |
|
| 132 | 142 |
start_cert = self.certificate_repository.read(from_id) |
| 133 | 143 |
|
| 144 |
# if no cert is found or the current cert is root CA and root CAs should be excluded, then return an empty list |
|
| 134 | 145 |
if start_cert is None or (start_cert.type_id == ROOT_CA_ID and exclude_root): |
| 135 | 146 |
return [] |
| 136 | 147 |
|
| ... | ... | |
| 139 | 150 |
|
| 140 | 151 |
# TODO could possibly be simplified |
| 141 | 152 |
if start_cert.type_id == ROOT_CA_ID: |
| 153 |
# the first cert found is a root ca |
|
| 142 | 154 |
return chain_of_trust |
| 143 | 155 |
|
| 144 | 156 |
while True: |
| 145 | 157 |
parent_cert = self.certificate_repository.read(current_cert.parent_id) |
| 146 | 158 |
|
| 147 |
# check whether parent certificate |
|
| 148 |
if parent_cert is None or parent_cert.type_id == ROOT_CA_ID: |
|
| 159 |
# check whether parent certificate exists |
|
| 160 |
if parent_cert is None: |
|
| 161 |
break |
|
| 162 |
|
|
| 163 |
# check whether the found certificate is a root certificate |
|
| 164 |
if parent_cert.type_id == ROOT_CA_ID: |
|
| 149 | 165 |
if not exclude_root: |
| 166 |
# append the found root cert only if root certificates should not be excluded from the CoT |
|
| 150 | 167 |
chain_of_trust.append(parent_cert) |
| 151 | 168 |
break |
| 152 | 169 |
|
| 170 |
# append the certificate |
|
| 153 | 171 |
chain_of_trust.append(parent_cert) |
| 154 | 172 |
|
| 173 |
# stop iterating over certificates if the id of the found certificate matches `to_id` method parameter |
|
| 155 | 174 |
if parent_cert.certificate_id == to_id: |
| 156 | 175 |
break |
| 157 | 176 |
|
Také k dispozici: Unified diff
Re #8472 - Added get_chain_of_trust method documentation and comments