Beispiel #1
0
 def get(self, username):
     user = User.find_by_name(username)
     if not user:
         return {
             'message': "Username '{}' does not exist.".format(username)
         }, 404
     cert = CertModel.get_by_user(user=user)
     if not cert:
         return {'message': "No valid certificate for this user."}, 404
     return cert.json()
Beispiel #2
0
 def get(self, username):
     user = User.find_by_name(username)
     if not user:
         return {
             'message': "Username '{}' does not exist.".format(username)
         }, 404
     # revocation list is always freshly created, when requested by client
     certs = CertModel.get_all_invalid_by_user(user=user)
     if not certs:
         return {'message': "No revoked certificate for this user."}, 404
     certs = list(certs)
     return RevList(username, certs).json()
Beispiel #3
0
 def validate_request(self, initiator, replier, step, method):
     if initiator == replier:
         return {'message': "You may not use SMP to verify your own certificate."}, 400
     if not step in self.steps:
         return {'message': "Resource '{}' does not exist.".format(step)}, 404
     init = User.find_by_name(initiator)
     rep  = User.find_by_name(replier)
     if not init:
         return {'message': "Username '{}' does not exist.".format(initiator)}, 404
     if not rep:
         return {'message': "Username '{}' does not exist.".format(replier)}, 404
     username = User.get_username_by_id(session["user_id"])
     if not username in [initiator, replier]:
         return {'message': "You may not access other users' SMP data."}, 400
     if username == initiator and step not in ['question', 'step2', 'step4'] and not method == 'get':
         return {'message': "You may not access someone else's SMP data."}, 400
     if username == replier and step not in ['step1', 'step3'] and not method == 'get':
         return {'message': "You may not access someone else's SMP data."}, 400
     if not init.active:
         return {'message': "User '{}' is not logged in.".format(initiator)}, 404
     if not rep.active:
         return {'message': "User '{}' is not logged in.".format(replier)}, 404
     return True, init, rep
Beispiel #4
0
 def post(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not update another user's certificate."
         }, 400
     data = self.parser.parse_args()
     if not data['csr']:
         return {'message': "No certificate Signing Request in Body."}, 400
     cert = CertModel.create(data['csr'], User.find_by_name(username).id)
     if not cert:
         return {
             'message':
             "Signature in CSR could not be verified or invalid CSR data!"
         }, 400
     cert.save_to_db()
     return cert.json()
Beispiel #5
0
 def delete(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not delete another user's certificate."
         }, 400
     data = self.parser.parse_args()
     certs = list(
         CertModel.get_all_valid_by_user(user=User.find_by_name(username)))
     if len(certs) < 1:
         return {'message': "No valid certificate for user found."}, 404
     if data['cert_serial']:
         certs = list(
             filter(lambda x: x.serial_number() == data['cert_serial'],
                    certs))
         if len(certs) < 1:
             return {
                 'message': "No valid certificate with the given id found."
             }, 404
     #revoke all of the user's certificates
     certs = list(map(lambda x: x.revoke(), certs))
     #returns the revocation list, which only includes the certificates revoked by this request
     #previously revoked certificates are not includede in the returned list!
     return RevocationList(username, certs).json()