def deleteUser(username, reason='UNSPECIFIED', deleteAfter=False): try: reasonCode = enumList.REVOKATION_REASON[reason].value except KeyError: raise RequestError(400, 'invalid revokation reason ' + reason) try: ejbcaServ().revokeUser(username, reasonCode, deleteAfter) except zeep.exceptions.Fault as error: raise RequestError(400, 'soap message: ' + error.message)
def createOrEditUser(): if request.mimetype != 'application/json': return formatResponse(400, 'invalid mimetype') try: userInfoJson = json.loads(request.data) #TODO: check parameters except ValueError: return formatResponse(400, 'malformed JSON') try: ejbcaServ().editUser(userInfoJson) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return formatResponse(200)
def pkcs10Request(cname): if request.mimetype != 'application/json': return formatResponse(400, 'invalid mimetype') try: info = json.loads(request.data) keys = info.keys() if 'passwd' not in keys and 'certificate' not in keys: return formatResponse( 400, 'Missing parameter.' ' Expected: passwd and certificate') except ValueError: return formatResponse(400, 'malformed JSON') try: resp = (zeep.helpers.serialize_object(ejbcaServ().pkcs10Request( cname, info['passwd'], info['certificate'], None, "CERTIFICATE"))) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) ret = dict(resp) ret['data'] = ret['data'].decode('utf-8') resp_obj = { 'status': { 'data': ret['data'], 'responseType': ret['responseType'] } } return make_response(json.dumps(resp_obj), 200)
def getCAChain(cacn): try: cert = zeep.helpers.serialize_object(ejbcaServ().getLastCAChain(cacn)) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return make_response( json.dumps({'certificate': cert[0]['certificateData']}), 200)
def getCert(cacn, certsn): try: cert = zeep.helpers.serialize_object(ejbcaServ().getCertificate(certsn, cacn)) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) if cert is None: return formatResponse(404, 'no certificates found') return make_response(json.dumps({'certificate': cert}), 200)
def verifyCert(cacn, certsn): try: cert = zeep.helpers.serialize_object(ejbcaServ().checkRevokationStatus(cacn, certsn)) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) resp = { 'reason': enumList.REVOKATION_REASON(cert['reason']).name, 'date': cert['revocationDate'].isoformat() } return make_response(json.dumps({'status': resp}), 200)
def findUser(username): query = {"matchtype": 0, "matchvalue": username, "matchwith": 0} try: user = zeep.helpers.serialize_object(ejbcaServ().findUser(query)) print(user) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) if len(user) == 0: return formatResponse(404, 'no certificates found') return make_response(json.dumps({'user': user}), 200)
def getLatestCRL(caname): delta = False if len(request.args) > 0: if 'delta' in request.args: delta = request.args['delta'] in ['True', 'true'] try: resp = ejbcaServ().getLatestCRL(caname, delta) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) encoded = b64encode(resp) return make_response(json.dumps({'CRL': encoded}), 200)
def deleteUser(username): #default values deleteAfter = False reasonCode = enumList.REVOKATION_REASON['UNSPECIFIED'].value #URL param if len(request.args) > 0: if 'reason' in request.args: try: reasonCode = enumList.REVOKATION_REASON[ request.args['reason']].value except KeyError: return formatResponse( 400, 'invalid revokation reason ' + request.args['reason']) elif 'delete' in request.args: deleteAfter = request.args['delete'] in ['True', 'true'] try: ejbcaServ().revokeUser(username, reasonCode, deleteAfter) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return formatResponse(200)
def createOrEditUser(userInfoJson): fillable = ['caName', 'username', 'certificateProfileName', 'clearPwd', 'endEntityProfileName', 'keyRecoverable', 'password', 'tokenType', 'subjectDN', 'sendNotification', 'status' ] required = ['username'] # drop not 'filable' keys userData = {k: userInfoJson[k] for k in userInfoJson if k in fillable} for r in required: if r not in userData.keys(): raise RequestError(400, 'required field ' + r + 'missing.') # default values for not required fields if 'sendNotification' not in userData.keys(): userData['sendNotification'] = False if 'status' not in userData.keys(): userData['status'] = 10 # user created. Pending certification if 'keyRecoverable' not in userData.keys(): userData['keyRecoverable'] = False if 'clearPwd' not in userData.keys(): userData['clearPwd'] = True if 'certificateProfileName' not in userData.keys(): userData['certificateProfileName'] = 'CFREE' if 'endEntityProfileName' not in userData.keys(): userData['endEntityProfileName'] = 'EMPTY_CFREE' if 'password' not in userData.keys(): userData['password'] = '******' if 'tokenType' not in userData.keys(): userData['tokenType'] = 'USERGENERATED' if 'subjectDN' not in userData.keys(): userData['subjectDN'] = 'CN=' + userData['username'] if 'caName' not in userData.keys(): userData['caName'] = 'IOTmidCA' try: ejbcaServ().editUser(userData) except (zeep.exceptions.Fault, zeep.exceptions.ValidationError) as error: raise RequestError(400, 'soap message: ' + error.message) print(f"user {userInfoJson['username']} created")
def revokeCert(cacn, certsn): reasonCode = enumList.REVOKATION_REASON['UNSPECIFIED'].value if len(request.args) > 0: if 'reason' in request.args: try: reasonCode = enumList.REVOKATION_REASON[request.args['reason']].value except KeyError: return formatResponse(400, 'invalid revokation reason ' + request.args['reason']) try: resp = zeep.helpers.serialize_object( ejbcaServ().revokeCert(cacn, certsn, reasonCode)) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return formatResponse(200)
def findCerts(username): onlyValid = True if len(request.args) > 0: if 'valid' in request.args: onlyValid = request.args['valid'] in ['True', 'true'] try: certs = zeep.helpers.serialize_object(ejbcaServ().findCerts(username, onlyValid)) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) if len(certs) == 0: return formatResponse(404, 'no certificates found') return make_response(json.dumps({'certs': certs}), 200)
def pkcs10Request(username): if request.mimetype != 'application/json': return formatResponse(400, 'invalid mimetype') try: info = json.loads(request.data) if not info.keys() <= ['passwd', 'certificate']: return formatResponse( 400, 'Missing parameter. Expected: passwd and certificate') except ValueError: return formatResponse(400, 'malformed JSON') try: resp = zeep.helpers.serialize_object(ejbcaServ().pkcs10Request( username, info['passwd'], info['certificate'], None, "CERTIFICATE")) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return make_response(json.dumps({'status': resp}), 200)
def getAvalibleCA(): caList = zeep.helpers.serialize_object(ejbcaServ().getAvailableCAs()) return make_response(json.dumps({'CAs': caList}), 200)
def checkVersion(): version = ejbcaServ().getEjbcaVersion() return make_response(json.dumps({'version': version}), 200)
def createCRL(caname): try: ejbcaServ().createCRL(caname) except zeep.exceptions.Fault as error: return formatResponse(400, 'soap message: ' + error.message) return formatResponse(200)