Revize 94f8d5cf
Přidáno uživatelem Jan Pašek před téměř 4 roky(ů)
| src/services/certificate_service.py | ||
|---|---|---|
| 4 | 4 |
|
| 5 | 5 |
from src.config.configuration import Configuration |
| 6 | 6 |
from src.constants import ROOT_CA_ID, INTERMEDIATE_CA_ID, CA_ID, CERTIFICATE_ID, CERTIFICATE_STATES, \ |
| 7 |
CERTIFICATE_REVOCATION_REASONS, SSL_ID, SIGNATURE_ID, AUTHENTICATION_ID |
|
| 7 |
CERTIFICATE_REVOCATION_REASONS, SSL_ID, SIGNATURE_ID, AUTHENTICATION_ID, CERTIFICATE_REVOCATION_REASON_HOLD
|
|
| 8 | 8 |
from src.dao.certificate_repository import CertificateRepository |
| 9 | 9 |
from src.exceptions.certificate_not_found_exception import CertificateNotFoundException |
| 10 | 10 |
from src.exceptions.database_exception import DatabaseException |
| ... | ... | |
| 326 | 326 |
:param reason: reason for revocation |
| 327 | 327 |
:param id: identifier of the certificate whose status is to be changed |
| 328 | 328 |
:param status: new status of the certificate |
| 329 |
:raises CertificateStatusInvalidException: if status is not valid |
|
| 330 |
:raises RevocationReasonInvalidException: if reason is not valid |
|
| 331 |
:raises CertificateNotFoundException: if certificate with given id cannot be found |
|
| 332 |
:raises CertificateCannotBeSetToValid: if certificate was already revoked and not on hold, |
|
| 333 |
it cannot be set revalidated |
|
| 334 |
:raises CertificateAlreadyRevokedException: if caller tries to revoke a certificate that is already revoked |
|
| 335 |
:raises UnknownException: if the database is corrupted |
|
| 329 | 336 |
""" |
| 330 | 337 |
if status not in CERTIFICATE_STATES: |
| 331 | 338 |
raise CertificateStatusInvalidException(status) |
| ... | ... | |
| 339 | 346 |
|
| 340 | 347 |
updated = False |
| 341 | 348 |
if status == STATUS_VALID: |
| 349 |
# if the certificate is revoked but the reason is not certificateHold, it cannot be re-validated |
|
| 350 |
# -> throw an exception |
|
| 351 |
if certificate.revocation_reason != "" and \ |
|
| 352 |
certificate.revocation_reason != CERTIFICATE_REVOCATION_REASON_HOLD: |
|
| 353 |
raise CertificateCannotBeSetToValid(certificate.revocation_reason) |
|
| 342 | 354 |
updated = self.certificate_repository.clear_certificate_revocation(id) |
| 343 | 355 |
elif status == STATUS_REVOKED: |
| 344 | 356 |
# check if the certificate is not revoked already |
| ... | ... | |
| 430 | 442 |
|
| 431 | 443 |
def __str__(self): |
| 432 | 444 |
return f"Certificate id '{self.id}' is already revoked."
|
| 445 |
|
|
| 446 |
|
|
| 447 |
class CertificateCannotBeSetToValid(Exception): |
|
| 448 |
""" |
|
| 449 |
Exception that denotes that the caller was trying to |
|
| 450 |
set certificate to valid if the certificate was already |
|
| 451 |
revoked but not certificateHold. |
|
| 452 |
""" |
|
| 453 |
|
|
| 454 |
def __init__(self, old_reason): |
|
| 455 |
self.old_state = old_reason |
|
| 456 |
|
|
| 457 |
def __str__(self): |
|
| 458 |
return "Cannot set revoked certificate back to valid when the certificate revocation reason is not " \ |
|
| 459 |
"certificateHold. " \ |
|
| 460 |
f"The revocation reason of the certificate is {self.old_state}"
|
|
Také k dispozici: Unified diff
Re #8700 - Implemented certificate revalidation check and fixed affected tests