def revoke_user(self, user, author_rand): possible_authors = [ device for device_id, device in self.local_devices.items() if device_id.user_id != user and device.profile == UserProfile.ADMIN ] author = possible_authors[author_rand % len(possible_authors)] note(f"revoke user: {user} (author: {author.device_id})") revoked_user = RevokedUserCertificateContent( author=author.device_id, timestamp=pendulum_now(), user_id=user ) self.revoked_users_content[user] = revoked_user self.revoked_users_certifs[user] = revoked_user.dump_and_sign(author.signing_key) return user
def _trustchain_data_factory(todo_devices, todo_users): data = TrustchainData(coolorg.organization_id, coolorg.root_verify_key) def _get_certifier_id_and_key(certifier): if not certifier: # Certified by root certifier_id = None certifier_key = coolorg.root_signing_key else: certifier_ld = data.get_local_device(certifier) if not certifier_ld: raise RuntimeError( f"Missing `{certifier}` to sign creation of `{todo_device}`" ) certifier_id = certifier_ld.device_id certifier_key = certifier_ld.signing_key return certifier_id, certifier_key # First create all the devices for todo_device in todo_devices: local_device = local_device_factory(todo_device["id"], org=coolorg) data.add_local_device(local_device) # Generate device certificate certifier_id, certifier_key = _get_certifier_id_and_key( todo_device.get("certifier")) created_on = todo_device.get("created_on", now) device_certificate = DeviceCertificateContent( author=certifier_id, timestamp=created_on, device_id=local_device.device_id, device_label=local_device.device_label, verify_key=local_device.verify_key, ) data.add_device_certif( device_certificate, device_certificate.dump_and_sign(certifier_key)) # Now deal with the users for todo_user in todo_users: local_user = next((u for u in data.local_devices.values() if str(u.user_id) == todo_user["id"]), None) if not local_user: raise RuntimeError( f"Missing device for user `{todo_user['id']}`") # Generate user certificate certifier_id, certifier_key = _get_certifier_id_and_key( todo_user.get("certifier")) created_on = todo_user.get("created_on", now) user_certif = UserCertificateContent( author=certifier_id, timestamp=created_on, user_id=local_user.user_id, human_handle=local_device.human_handle, public_key=local_user.public_key, profile=todo_user.get("profile", UserProfile.STANDARD), ) data.add_user_certif(user_certif, user_certif.dump_and_sign(certifier_key)) # Generate user revocation certificate if needed revoker = todo_user.get("revoker", None) if revoker: revoked_on = todo_user.get("revoked_on", now) revoker_ld = data.get_local_device(revoker) if not revoker_ld: raise RuntimeError( f"Missing `{revoker}` to sign revocation of `{todo_user['id']}`" ) revoked_user_certificate = RevokedUserCertificateContent( author=revoker_ld.device_id, timestamp=revoked_on, user_id=local_user.user_id) data.add_revoked_user_certif( revoked_user_certificate, revoked_user_certificate.dump_and_sign( revoker_ld.signing_key), ) return data