def get(self, username):
user = User.find_by_name(username)
if not user:
return {
'message': "Username '{}' does not exist.".format(username)
}, 404
cert = CertModel.get_by_user(user=user)
if not cert:
return {'message': "No valid certificate for this user."}, 404
return cert.json()
def get(self, username):
user = User.find_by_name(username)
if not user:
return {
'message': "Username '{}' does not exist.".format(username)
}, 404
# revocation list is always freshly created, when requested by client
certs = CertModel.get_all_invalid_by_user(user=user)
if not certs:
return {'message': "No revoked certificate for this user."}, 404
certs = list(certs)
return RevList(username, certs).json()
def validate_request(self, initiator, replier, step, method):
if initiator == replier:
return {'message': "You may not use SMP to verify your own certificate."}, 400
if not step in self.steps:
return {'message': "Resource '{}' does not exist.".format(step)}, 404
init = User.find_by_name(initiator)
rep = User.find_by_name(replier)
if not init:
return {'message': "Username '{}' does not exist.".format(initiator)}, 404
if not rep:
return {'message': "Username '{}' does not exist.".format(replier)}, 404
username = User.get_username_by_id(session["user_id"])
if not username in [initiator, replier]:
return {'message': "You may not access other users' SMP data."}, 400
if username == initiator and step not in ['question', 'step2', 'step4'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if username == replier and step not in ['step1', 'step3'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if not init.active:
return {'message': "User '{}' is not logged in.".format(initiator)}, 404
if not rep.active:
return {'message': "User '{}' is not logged in.".format(replier)}, 404
return True, init, rep
def post(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not update another user's certificate."
}, 400
data = self.parser.parse_args()
if not data['csr']:
return {'message': "No certificate Signing Request in Body."}, 400
cert = CertModel.create(data['csr'], User.find_by_name(username).id)
if not cert:
return {
'message':
"Signature in CSR could not be verified or invalid CSR data!"
}, 400
cert.save_to_db()
return cert.json()
def delete(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not delete another user's certificate."
}, 400
data = self.parser.parse_args()
certs = list(
CertModel.get_all_valid_by_user(user=User.find_by_name(username)))
if len(certs) < 1:
return {'message': "No valid certificate for user found."}, 404
if data['cert_serial']:
certs = list(
filter(lambda x: x.serial_number() == data['cert_serial'],
certs))
if len(certs) < 1:
return {
'message': "No valid certificate with the given id found."
}, 404
#revoke all of the user's certificates
certs = list(map(lambda x: x.revoke(), certs))
#returns the revocation list, which only includes the certificates revoked by this request
#previously revoked certificates are not includede in the returned list!
return RevocationList(username, certs).json()