Handle certificate signing errors and improve error reporting (4a8e566d) · Commits · OCF / capif

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py

+33 −9

Original line number	Original line	Diff line number	Diff line
	@@ -77,9 +77,17 @@ class ProviderManagementOperations(Resource):
	for api_provider_func in api_provider_enrolment_details.api_prov_funcs:		for api_provider_func in api_provider_enrolment_details.api_prov_funcs:
	api_provider_func.api_prov_func_id = api_provider_func.api_prov_func_role + \		api_provider_func.api_prov_func_id = api_provider_func.api_prov_func_role + \
	str(secrets.token_hex(15))		str(secrets.token_hex(15))
			try:
	certificate = sign_certificate(		certificate = sign_certificate(
	api_provider_func.reg_info.api_prov_pub_key, api_provider_func.api_prov_func_id)		api_provider_func.reg_info.api_prov_pub_key, api_provider_func.api_prov_func_id)
	api_provider_func.reg_info.api_prov_cert = certificate		api_provider_func.reg_info.api_prov_cert = certificate
			except Exception as e:
			current_app.logger.error(f"Certificate signing failed: {str(e)}")
			return bad_request_error(
			detail="Certificate signing failed",
			cause=str(e),
			invalid_params=[{"param": "apiProvPubKey", "reason": "Invalid public key format or certificate signing error"}]
			)

	self.auth_manager.add_auth_provider(certificate, api_provider_func.api_prov_func_id,		self.auth_manager.add_auth_provider(certificate, api_provider_func.api_prov_func_id,
	api_provider_func.api_prov_func_role, api_provider_enrolment_details.api_prov_dom_id)		api_provider_func.api_prov_func_role, api_provider_enrolment_details.api_prov_dom_id)
	@@ -172,9 +180,17 @@ class ProviderManagementOperations(Resource):
	if func.api_prov_func_id is None:		if func.api_prov_func_id is None:
	func.api_prov_func_id = func.api_prov_func_role + \		func.api_prov_func_id = func.api_prov_func_role + \
	str(secrets.token_hex(15))		str(secrets.token_hex(15))
			try:
	certificate = sign_certificate(		certificate = sign_certificate(
	func.reg_info.api_prov_pub_key, func.api_prov_func_id)		func.reg_info.api_prov_pub_key, func.api_prov_func_id)
	func.reg_info.api_prov_cert = certificate		func.reg_info.api_prov_cert = certificate
			except Exception as e:
			current_app.logger.error(f"Certificate signing failed: {str(e)}")
			return bad_request_error(
			detail="Certificate signing failed",
			cause=str(e),
			invalid_params=[{"param": "apiProvPubKey", "reason": "Invalid public key format or certificate signing error"}]
			)

	self.auth_manager.update_auth_provider(		self.auth_manager.update_auth_provider(
	certificate, func.api_prov_func_id, api_prov_dom_id, func.api_prov_func_role)		certificate, func.api_prov_func_id, api_prov_dom_id, func.api_prov_func_role)
	@@ -185,9 +201,17 @@ class ProviderManagementOperations(Resource):
	if func.api_prov_func_role != api_func["api_prov_func_role"]:		if func.api_prov_func_role != api_func["api_prov_func_role"]:
	return bad_request_error(detail="Bad Role in provider", cause="Different role in update reqeuest", invalid_params=[{"param": "api_prov_func_role", "reason": "different role with same id"}])		return bad_request_error(detail="Bad Role in provider", cause="Different role in update reqeuest", invalid_params=[{"param": "api_prov_func_role", "reason": "different role with same id"}])
	if func.reg_info.api_prov_pub_key != api_func["reg_info"]["api_prov_pub_key"]:		if func.reg_info.api_prov_pub_key != api_func["reg_info"]["api_prov_pub_key"]:
			try:
	certificate = sign_certificate(		certificate = sign_certificate(
	func.reg_info.api_prov_pub_key, api_func["api_prov_func_id"])		func.reg_info.api_prov_pub_key, api_func["api_prov_func_id"])
	func.reg_info.api_prov_cert = certificate		func.reg_info.api_prov_cert = certificate
			except Exception as e:
			current_app.logger.error(f"Certificate signing failed: {str(e)}")
			return bad_request_error(
			detail="Certificate signing failed",
			cause=str(e),
			invalid_params=[{"param": "apiProvPubKey", "reason": "Invalid public key format or certificate signing error"}]
			)
	self.auth_manager.update_auth_provider(		self.auth_manager.update_auth_provider(
	certificate, func.api_prov_func_id, api_prov_dom_id, func.api_prov_func_role)		certificate, func.api_prov_func_id, api_prov_dom_id, func.api_prov_func_role)

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -27,4 +27,11 @@ def sign_certificate(publick_key, provider_id):
	response = requests.request("POST", url, headers=headers, data=json.dumps(data), verify = config["ca_factory"].get("verify", False))		response = requests.request("POST", url, headers=headers, data=json.dumps(data), verify = config["ca_factory"].get("verify", False))
	response_payload = json.loads(response.text)		response_payload = json.loads(response.text)

			if "errors" in response_payload:
			error_msg = "; ".join(response_payload["errors"])
			raise Exception(f"Certificate signing failed: {error_msg}")

			if "data" not in response_payload or "certificate" not in response_payload["data"]:
			raise Exception("Vault response missing certificate data")

	return response_payload["data"]["certificate"]		return response_payload["data"]["certificate"]
			No newline at end of file