Add unauthorized error handling for missing client certificate header (2985249e) · Commits · OCF / capif

services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py

+7 −1

Original line number	Diff line number	Diff line
		@@ -6,6 +6,8 @@ from cryptography import x509
		from cryptography.hazmat.backends import default_backend
		from flask import current_app, request

		from ..core.responses import unauthorized_error

		from ..core.apiinvokerenrolmentdetails import InvokerManagementOperations
		from ..core.validate_user import ControlAccess
		from ..models.api_invoker_enrolment_details import \
		@@ -20,7 +22,11 @@ def cert_validation():
		def __cert_validation(args, *kwargs):

		args = request.view_args
		cert_tmp = request.headers['X-Ssl-Client-Cert']
		cert_tmp = request.headers.get('X-Ssl-Client-Cert')

		if not cert_tmp:
		return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

		cert_raw = cert_tmp.replace('\t', '')

		cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

+7 −0

Original line number	Diff line number	Diff line
		@@ -41,3 +41,10 @@ def not_found_error(detail, cause):
		prob = serialize_clean_camel_case(prob)

		return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)


		def unauthorized_error(detail, cause):
		prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause)
		prob = serialize_clean_camel_case(prob)

		return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype)

+7 −1

Original line number	Diff line number	Diff line
		@@ -9,6 +9,8 @@ from cryptography.hazmat.backends import default_backend
		from flask import current_app, request
		from flask_jwt_extended import get_jwt_identity, jwt_required

		from ..core.responses import unauthorized_error

		from ..core.provider_enrolment_details_api import ProviderManagementOperations
		from ..core.validate_user import ControlAccess

		@@ -21,7 +23,11 @@ def cert_validation():
		def __cert_validation(args, *kwargs):

		args = request.view_args
		cert_tmp = request.headers['X-Ssl-Client-Cert']
		cert_tmp = request.headers.get('X-Ssl-Client-Cert')

		if not cert_tmp:
		return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

		cert_raw = cert_tmp.replace('\t', '')

		cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

+7 −1

Original line number	Diff line number	Diff line
		@@ -3,6 +3,8 @@ from flask import current_app, request
		from cryptography import x509
		from cryptography.hazmat.backends import default_backend

		from ..core.responses import unauthorized_error

		from ..core.provider_enrolment_details_api import ProviderManagementOperations
		from ..core.validate_user import ControlAccess
		from ..models.api_provider_enrolment_details_patch import \
		@@ -17,7 +19,11 @@ def cert_validation():
		def __cert_validation(args, *kwargs):

		args = request.view_args
		cert_tmp = request.headers['X-Ssl-Client-Cert']
		cert_tmp = request.headers.get('X-Ssl-Client-Cert')

		if not cert_tmp:
		return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing")

		cert_raw = cert_tmp.replace('\t', '')

		cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())

+7 −0

Original line number	Diff line number	Diff line
		@@ -41,3 +41,10 @@ def not_found_error(detail, cause):
		prob = serialize_clean_camel_case(prob)

		return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype)


		def unauthorized_error(detail, cause):
		prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause)
		prob = serialize_clean_camel_case(prob)

		return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype)