Source code for request.operation_processor.revoke_cert

"""Certificate revocation operation processor classes."""

from cmp.util import PKIFailureInfo
from pki.models.certificate import CertificateModel
from request.request_context import (
    BaseRequestContext,
    BaseRevocationRequestContext,
)

from .base import AbstractOperationProcessor


[docs] class CertificateRevocationProcessor(AbstractOperationProcessor): """Operation processor for revoking certificates."""
[docs] def process_operation(self, context: BaseRequestContext) -> None: """Process the certificate revocation operation.""" if not isinstance(context, BaseRevocationRequestContext): exc_msg = 'Certificate revocation requires a subclass of BaseCertificateRequestContext.' raise TypeError(exc_msg) # decide which processor to use based on domain configuration if context.domain and context.domain.issuing_ca: processor = LocalCaCertificateRevocationProcessor() return processor.process_operation(context) exc_msg = 'No suitable operation processor found for certificate revocation.' raise ValueError(exc_msg)
[docs] class LocalCaCertificateRevocationProcessor(CertificateRevocationProcessor): """Operation processor for revoking certificates via a local CA."""
[docs] def process_operation(self, context: BaseRequestContext) -> None: """Process the certificate revocation operation.""" if not isinstance(context, BaseRevocationRequestContext): exc_msg = 'Certificate revocation requires a subclass of BaseRevocationRequestContext.' raise TypeError(exc_msg) if not context.device: exc_msg = 'Device must be set in the context to revoke a certificate.' raise ValueError(exc_msg) if not context.domain: exc_msg = 'Domain must be set in the context to revoke a certificate.' raise ValueError(exc_msg) if not context.credential_to_revoke: exc_msg = 'Credential to revoke must be set in the context to revoke a certificate.' raise ValueError(exc_msg) ca = context.domain.get_issuing_ca_or_value_error() context.issuer_credential = ca.get_credential() cred_cert = context.credential_to_revoke.credential.certificate_or_error if (cred_cert.certificate_status == CertificateModel.CertificateStatus.REVOKED): exc_msg = 'The certificate is already revoked.' context.error(exc_msg, http_status=422, cmp_code=PKIFailureInfo.CERT_REVOKED) raise ValueError(exc_msg) context.credential_to_revoke.revoke()