def create_unsigned_certificates_from_roster(config):
roster = os.path.join(config.abs_data_dir, config.roster)
template = os.path.join(config.abs_data_dir, config.template_dir,
config.template_file_name)
issued_on = str(date.today())
output_dir = os.path.join(config.abs_data_dir,
config.unsigned_certificates_dir)
recipients = []
with open(roster, 'r') as theFile:
reader = csv.DictReader(theFile)
for line in reader:
r = Recipient(line)
recipients.append(r)
with open(template) as template:
cert_str = template.read()
template = json.loads(cert_str)
for recipient in recipients:
uid = str(uuid.uuid4())
cert = copy.deepcopy(template)
instantiate_assertion(config, cert, uid, issued_on)
instantiate_recipient(config, cert, recipient)
# validate certificate before writing
schema_validator.validate_unsigned_v1_2(cert)
with open(os.path.join(output_dir, uid + '.json'),
'w') as unsigned_cert:
json.dump(cert, unsigned_cert)
def main(app_config):
# find certificates to process
certificates = find_unsigned_certificates(app_config)
if not certificates:
logging.info('No certificates to process')
exit(0)
batch_id = helpers.get_batch_id(list(certificates.keys()))
logging.info('Processing %d certificates with batch id=%s',
len(certificates), batch_id)
# validate schema
for uid, certificate in certificates.items():
with open(certificate.unsigned_certificate_file_name) as cert:
cert_json = json.load(cert)
schema_validator.validate_unsigned_v1_2(cert_json)
# ensure they are not already signed. We want the user to know about this in case there
# is a failure from a previous run
for uid, certificate in certificates.items():
with open(certificate.unsigned_certificate_file_name) as cert:
cert_json = json.load(cert)
if 'signature' in cert_json and cert_json['signature']:
logging.warning(
'Certificate with uid=%s has already been signed.', uid)
exit(0)
logging.info('Signing certificates and writing to folder %s',
app_config.signed_certs_file_pattern)
sign_certs(certificates)
logging.info('Archiving unsigned files to archive folder %s', batch_id)
helpers.archive_files(app_config.unsigned_certs_file_pattern,
app_config.archive_path,
app_config.unsigned_certs_file_part, batch_id)
def main(app_config):
# find certificates to process
certificates = find_unsigned_certificates(app_config)
if not certificates:
logging.info('No certificates to process')
exit(0)
batch_id = helpers.get_batch_id(list(certificates.keys()))
logging.info('Processing %d certificates with batch id=%s', len(certificates), batch_id)
# validate schema
for uid, certificate in certificates.items():
with open(certificate.unsigned_certificate_file_name) as cert:
cert_json = json.load(cert)
schema_validator.validate_unsigned_v1_2(cert_json)
# ensure they are not already signed. We want the user to know about this in case there
# is a failure from a previous run
for uid, certificate in certificates.items():
with open(certificate.unsigned_certificate_file_name) as cert:
cert_json = json.load(cert)
if 'signature' in cert_json and cert_json['signature']:
logging.warning('Certificate with uid=%s has already been signed.', uid)
exit(0)
logging.info('Signing certificates and writing to folder %s', app_config.signed_certs_file_pattern)
sign_certs(certificates)
logging.info('Archiving unsigned files to archive folder %s', batch_id)
helpers.archive_files(app_config.unsigned_certs_file_pattern,
app_config.archive_path,
app_config.unsigned_certs_file_part,
batch_id)
def validate_schema(self):
"""
Ensure certificates are valid v1.2 schema
:return:
"""
for _, certificate in self.certificates_to_issue.items():
with open(certificate.signed_certificate_file_name) as cert:
cert_json = json.load(cert)
schema_validator.validate_unsigned_v1_2(cert_json)
def main(app_config):
unsigned_certs_dir = app_config.unsigned_certificates_dir
signed_certs_dir = app_config.signed_certificates_dir
signed_certs_file_pattern = str(os.path.join(signed_certs_dir, '*.json'))
if os.path.exists(signed_certs_dir) and glob.glob(signed_certs_file_pattern):
message = "The output directory {} is not empty. Make sure you have cleaned up results from your previous run".format(signed_certs_dir)
logging.warning(message)
raise NonemptyOutputDirectoryError(message)
# find certificates to sign
certificates = helpers.find_certificates_to_process(unsigned_certs_dir, signed_certs_dir)
if not certificates:
logging.warning('No certificates to process')
raise NoCertificatesFoundError('No certificates to process')
logging.info('Processing %d certificates', len(certificates))
# create output dir if it doesn't exist
os.makedirs(signed_certs_dir, exist_ok=True)
# validate schema
for uid, certificate in certificates.items():
with open(certificate.unsigned_cert_file_name) as cert:
cert_json = json.load(cert)
schema_validator.validate_unsigned_v1_2(cert_json)
# ensure they are not already signed. We want the user to know about this in case there
# is a failure from a previous run
for uid, certificate in certificates.items():
with open(certificate.unsigned_cert_file_name) as cert:
cert_json = json.load(cert)
if 'signature' in cert_json and cert_json['signature']:
logging.warning('Certificate with uid=%s has already been signed.', uid)
raise AlreadySignedError('Certificate has already been signed')
logging.info('Signing certificates and writing to folder %s', signed_certs_dir)
path_to_secret = os.path.join(app_config.usb_name, app_config.key_file)
signer = Signer(FileSecretManager(path_to_secret=path_to_secret, disable_safe_mode=app_config.safe_mode))
signer.sign_certs(certificates)
logging.info('Signed certificates are in folder %s', signed_certs_dir)
def test_v1_2_unsigned(self):
with open('../examples/1.2/sample_unsigned_cert-1.2.json') as data_f:
data = json.load(data_f)
valid = schema_validator.validate_unsigned_v1_2(data['document'])
self.assertTrue(valid)
def test_v1_2_unsigned(self):
with open('../examples/1.2/sample_unsigned_cert-1.2.json') as data_f:
data = json.load(data_f)
valid = schema_validator.validate_unsigned_v1_2(data['document'])
self.assertTrue(valid)
