def deleteUser(username, reason='UNSPECIFIED', deleteAfter=False):
try:
reasonCode = enumList.REVOKATION_REASON[reason].value
except KeyError:
raise RequestError(400, 'invalid revokation reason ' + reason)
try:
ejbcaServ().revokeUser(username, reasonCode, deleteAfter)
except zeep.exceptions.Fault as error:
raise RequestError(400, 'soap message: ' + error.message)
def createOrEditUser():
if request.mimetype != 'application/json':
return formatResponse(400, 'invalid mimetype')
try:
userInfoJson = json.loads(request.data)
#TODO: check parameters
except ValueError:
return formatResponse(400, 'malformed JSON')
try:
ejbcaServ().editUser(userInfoJson)
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return formatResponse(200)
def pkcs10Request(cname):
if request.mimetype != 'application/json':
return formatResponse(400, 'invalid mimetype')
try:
info = json.loads(request.data)
keys = info.keys()
if 'passwd' not in keys and 'certificate' not in keys:
return formatResponse(
400, 'Missing parameter.'
' Expected: passwd and certificate')
except ValueError:
return formatResponse(400, 'malformed JSON')
try:
resp = (zeep.helpers.serialize_object(ejbcaServ().pkcs10Request(
cname, info['passwd'], info['certificate'], None, "CERTIFICATE")))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
ret = dict(resp)
ret['data'] = ret['data'].decode('utf-8')
resp_obj = {
'status': {
'data': ret['data'],
'responseType': ret['responseType']
}
}
return make_response(json.dumps(resp_obj), 200)
def getCAChain(cacn):
try:
cert = zeep.helpers.serialize_object(ejbcaServ().getLastCAChain(cacn))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return make_response(
json.dumps({'certificate': cert[0]['certificateData']}), 200)
def getCert(cacn, certsn):
try:
cert = zeep.helpers.serialize_object(ejbcaServ().getCertificate(certsn, cacn))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
if cert is None:
return formatResponse(404, 'no certificates found')
return make_response(json.dumps({'certificate': cert}), 200)
def verifyCert(cacn, certsn):
try:
cert = zeep.helpers.serialize_object(ejbcaServ().checkRevokationStatus(cacn, certsn))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
resp = {
'reason': enumList.REVOKATION_REASON(cert['reason']).name,
'date': cert['revocationDate'].isoformat()
}
return make_response(json.dumps({'status': resp}), 200)
def findUser(username):
query = {"matchtype": 0, "matchvalue": username, "matchwith": 0}
try:
user = zeep.helpers.serialize_object(ejbcaServ().findUser(query))
print(user)
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
if len(user) == 0:
return formatResponse(404, 'no certificates found')
return make_response(json.dumps({'user': user}), 200)
def getLatestCRL(caname):
delta = False
if len(request.args) > 0:
if 'delta' in request.args:
delta = request.args['delta'] in ['True', 'true']
try:
resp = ejbcaServ().getLatestCRL(caname, delta)
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
encoded = b64encode(resp)
return make_response(json.dumps({'CRL': encoded}), 200)
def deleteUser(username):
#default values
deleteAfter = False
reasonCode = enumList.REVOKATION_REASON['UNSPECIFIED'].value
#URL param
if len(request.args) > 0:
if 'reason' in request.args:
try:
reasonCode = enumList.REVOKATION_REASON[
request.args['reason']].value
except KeyError:
return formatResponse(
400, 'invalid revokation reason ' + request.args['reason'])
elif 'delete' in request.args:
deleteAfter = request.args['delete'] in ['True', 'true']
try:
ejbcaServ().revokeUser(username, reasonCode, deleteAfter)
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return formatResponse(200)
def createOrEditUser(userInfoJson):
fillable = ['caName', 'username', 'certificateProfileName', 'clearPwd',
'endEntityProfileName', 'keyRecoverable', 'password',
'tokenType', 'subjectDN', 'sendNotification', 'status'
]
required = ['username']
# drop not 'filable' keys
userData = {k: userInfoJson[k] for k in userInfoJson if k in fillable}
for r in required:
if r not in userData.keys():
raise RequestError(400, 'required field ' + r + 'missing.')
# default values for not required fields
if 'sendNotification' not in userData.keys():
userData['sendNotification'] = False
if 'status' not in userData.keys():
userData['status'] = 10 # user created. Pending certification
if 'keyRecoverable' not in userData.keys():
userData['keyRecoverable'] = False
if 'clearPwd' not in userData.keys():
userData['clearPwd'] = True
if 'certificateProfileName' not in userData.keys():
userData['certificateProfileName'] = 'CFREE'
if 'endEntityProfileName' not in userData.keys():
userData['endEntityProfileName'] = 'EMPTY_CFREE'
if 'password' not in userData.keys():
userData['password'] = '******'
if 'tokenType' not in userData.keys():
userData['tokenType'] = 'USERGENERATED'
if 'subjectDN' not in userData.keys():
userData['subjectDN'] = 'CN=' + userData['username']
if 'caName' not in userData.keys():
userData['caName'] = 'IOTmidCA'
try:
ejbcaServ().editUser(userData)
except (zeep.exceptions.Fault, zeep.exceptions.ValidationError) as error:
raise RequestError(400, 'soap message: ' + error.message)
print(f"user {userInfoJson['username']} created")
def revokeCert(cacn, certsn):
reasonCode = enumList.REVOKATION_REASON['UNSPECIFIED'].value
if len(request.args) > 0:
if 'reason' in request.args:
try:
reasonCode = enumList.REVOKATION_REASON[request.args['reason']].value
except KeyError:
return formatResponse(400, 'invalid revokation reason ' + request.args['reason'])
try:
resp = zeep.helpers.serialize_object( ejbcaServ().revokeCert(cacn, certsn, reasonCode))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return formatResponse(200)
def findCerts(username):
onlyValid = True
if len(request.args) > 0:
if 'valid' in request.args:
onlyValid = request.args['valid'] in ['True', 'true']
try:
certs = zeep.helpers.serialize_object(ejbcaServ().findCerts(username, onlyValid))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
if len(certs) == 0:
return formatResponse(404, 'no certificates found')
return make_response(json.dumps({'certs': certs}), 200)
def pkcs10Request(username):
if request.mimetype != 'application/json':
return formatResponse(400, 'invalid mimetype')
try:
info = json.loads(request.data)
if not info.keys() <= ['passwd', 'certificate']:
return formatResponse(
400, 'Missing parameter. Expected: passwd and certificate')
except ValueError:
return formatResponse(400, 'malformed JSON')
try:
resp = zeep.helpers.serialize_object(ejbcaServ().pkcs10Request(
username, info['passwd'], info['certificate'], None,
"CERTIFICATE"))
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return make_response(json.dumps({'status': resp}), 200)
def getAvalibleCA():
caList = zeep.helpers.serialize_object(ejbcaServ().getAvailableCAs())
return make_response(json.dumps({'CAs': caList}), 200)
def checkVersion():
version = ejbcaServ().getEjbcaVersion()
return make_response(json.dumps({'version': version}), 200)
def createCRL(caname):
try:
ejbcaServ().createCRL(caname)
except zeep.exceptions.Fault as error:
return formatResponse(400, 'soap message: ' + error.message)
return formatResponse(200)
