def revoke_user(self, user, author_rand):
     possible_authors = [
         device
         for device_id, device in self.local_devices.items()
         if device_id.user_id != user and device.profile == UserProfile.ADMIN
     ]
     author = possible_authors[author_rand % len(possible_authors)]
     note(f"revoke user: {user} (author: {author.device_id})")
     revoked_user = RevokedUserCertificateContent(
         author=author.device_id, timestamp=pendulum_now(), user_id=user
     )
     self.revoked_users_content[user] = revoked_user
     self.revoked_users_certifs[user] = revoked_user.dump_and_sign(author.signing_key)
     return user
示例#2
0
    def _trustchain_data_factory(todo_devices, todo_users):
        data = TrustchainData(coolorg.organization_id, coolorg.root_verify_key)

        def _get_certifier_id_and_key(certifier):
            if not certifier:
                # Certified by root
                certifier_id = None
                certifier_key = coolorg.root_signing_key
            else:
                certifier_ld = data.get_local_device(certifier)
                if not certifier_ld:
                    raise RuntimeError(
                        f"Missing `{certifier}` to sign creation of `{todo_device}`"
                    )
                certifier_id = certifier_ld.device_id
                certifier_key = certifier_ld.signing_key
            return certifier_id, certifier_key

        # First create all the devices
        for todo_device in todo_devices:
            local_device = local_device_factory(todo_device["id"], org=coolorg)
            data.add_local_device(local_device)
            # Generate device certificate
            certifier_id, certifier_key = _get_certifier_id_and_key(
                todo_device.get("certifier"))
            created_on = todo_device.get("created_on", now)
            device_certificate = DeviceCertificateContent(
                author=certifier_id,
                timestamp=created_on,
                device_id=local_device.device_id,
                device_label=local_device.device_label,
                verify_key=local_device.verify_key,
            )
            data.add_device_certif(
                device_certificate,
                device_certificate.dump_and_sign(certifier_key))

        # Now deal with the users
        for todo_user in todo_users:
            local_user = next((u for u in data.local_devices.values()
                               if str(u.user_id) == todo_user["id"]), None)
            if not local_user:
                raise RuntimeError(
                    f"Missing device for user `{todo_user['id']}`")
            # Generate user certificate
            certifier_id, certifier_key = _get_certifier_id_and_key(
                todo_user.get("certifier"))
            created_on = todo_user.get("created_on", now)
            user_certif = UserCertificateContent(
                author=certifier_id,
                timestamp=created_on,
                user_id=local_user.user_id,
                human_handle=local_device.human_handle,
                public_key=local_user.public_key,
                profile=todo_user.get("profile", UserProfile.STANDARD),
            )
            data.add_user_certif(user_certif,
                                 user_certif.dump_and_sign(certifier_key))
            # Generate user revocation certificate if needed
            revoker = todo_user.get("revoker", None)
            if revoker:
                revoked_on = todo_user.get("revoked_on", now)
                revoker_ld = data.get_local_device(revoker)
                if not revoker_ld:
                    raise RuntimeError(
                        f"Missing `{revoker}` to sign revocation of `{todo_user['id']}`"
                    )
                revoked_user_certificate = RevokedUserCertificateContent(
                    author=revoker_ld.device_id,
                    timestamp=revoked_on,
                    user_id=local_user.user_id)
                data.add_revoked_user_certif(
                    revoked_user_certificate,
                    revoked_user_certificate.dump_and_sign(
                        revoker_ld.signing_key),
                )

        return data