diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py index 69c78c3d1656c50a9832584cd17a97ef7a6b7022..aaff12d09ccadfe5957b5f693b4b6a88e8c147c2 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/individual_on_boarded_api_invoker_document_controller.py @@ -6,6 +6,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.apiinvokerenrolmentdetails import InvokerManagementOperations from ..core.validate_user import ControlAccess from ..models.api_invoker_enrolment_details import \ @@ -20,7 +22,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py index ad4e191d07af3d05fe5dea98d7f45fedc7a58997..82305f4b9663242c41a36091ec47c4c9f808ce5d 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py @@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): @@ -41,3 +41,10 @@ def not_found_error(detail, cause): prob = serialize_clean_camel_case(prob) return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py index 4a58db7f448b7e421cf3d1f904842072481bf453..cbe36042f2146e5d831481bd7bec6da55d81b734 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py @@ -9,6 +9,8 @@ from cryptography.hazmat.backends import default_backend from flask import current_app, request from flask_jwt_extended import get_jwt_identity, jwt_required +from ..core.responses import unauthorized_error + from ..core.provider_enrolment_details_api import ProviderManagementOperations from ..core.validate_user import ControlAccess @@ -21,7 +23,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py index bb76af311aaf50060eb059c977476e72f6bd5607..9305c73b0e0e51f63b352e99e5e0b558c31668ff 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py @@ -3,6 +3,8 @@ from flask import current_app, request from cryptography import x509 from cryptography.hazmat.backends import default_backend +from ..core.responses import unauthorized_error + from ..core.provider_enrolment_details_api import ProviderManagementOperations from ..core.validate_user import ControlAccess from ..models.api_provider_enrolment_details_patch import \ @@ -17,7 +19,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py index ad4e191d07af3d05fe5dea98d7f45fedc7a58997..82305f4b9663242c41a36091ec47c4c9f808ce5d 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py @@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): @@ -41,3 +41,10 @@ def not_found_error(detail, cause): prob = serialize_clean_camel_case(prob) return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py index 256c17d806d48ad3447b1a825479b4d29a20c12f..ed6cb97b22246d8dc9dd3527b468931367549d10 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py @@ -7,6 +7,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.accesscontrolpolicyapi import accessControlPolicyApi @@ -16,7 +18,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py index 8f975cbf426c304c4ae0681f65af67fcad9abca5..8ba055f9295f90258ff39547a9f4af1b22a75a30 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py @@ -33,11 +33,18 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py b/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py index acf154aa48fcd49fd183851a03869d396e7a7e8a..e5ac1ef79690f9b3930b8233f736b3ae5617b759 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py @@ -3,6 +3,8 @@ from functools import wraps from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request + +from ..core.responses import bad_request_error, unauthorized_error from logs import util from logs.models.interface_description import \ InterfaceDescription # noqa: E501 @@ -27,7 +29,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py b/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py index 8f975cbf426c304c4ae0681f65af67fcad9abca5..8ba055f9295f90258ff39547a9f4af1b22a75a30 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py @@ -33,11 +33,18 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py index a9c52362f3fb85b44b018efca50208e6246b4999..457716d59b5d5df3dc1e2f7596f2ec41456aa5a2 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py @@ -14,6 +14,8 @@ from service_apis.models.net_slice_id import NetSliceId # noqa: E501 from service_apis.models.o_auth_grant_type import OAuthGrantType # noqa: E501 from service_apis.models.problem_details import ProblemDetails # noqa: E501 from service_apis.models.protocol import Protocol # noqa: E501 + +from ..core.responses import unauthorized_error from service_apis.models.res_oper_info import ResOperInfo # noqa: E501 from service_apis.models.service_kpis import ServiceKpis # noqa: E501 @@ -30,7 +32,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py index 0aafcc670abba4ff62f51e9c6feef77815589a1c..1de771cd973f52d9cdf47538c78b7ad8e12b83da 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py @@ -33,11 +33,18 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Events_API/capif_events/controllers/capifs_events_subscriptions_collection_controller.py b/services/TS29222_CAPIF_Events_API/capif_events/controllers/capifs_events_subscriptions_collection_controller.py index 59d82a7b8e8a20ef1322412b55b93ffdd3361d7a..d4fc1c3a23e9755744935aa308b786f4900f0785 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/controllers/capifs_events_subscriptions_collection_controller.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/controllers/capifs_events_subscriptions_collection_controller.py @@ -7,6 +7,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.events_apis import EventSubscriptionsOperations from ..core.validate_user import ControlAccess @@ -19,7 +21,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/controllers/individual_capifs_events_subscription_document_controller.py b/services/TS29222_CAPIF_Events_API/capif_events/controllers/individual_capifs_events_subscription_document_controller.py index cac833f9ba921b00351e774ec384834144e5674c..3339992a87b58cb41eab39e7bed546b1409665e5 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/controllers/individual_capifs_events_subscription_document_controller.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/controllers/individual_capifs_events_subscription_document_controller.py @@ -9,6 +9,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.events_apis import EventSubscriptionsOperations from ..core.validate_user import ControlAccess @@ -21,7 +23,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py b/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py index 8f975cbf426c304c4ae0681f65af67fcad9abca5..8ba055f9295f90258ff39547a9f4af1b22a75a30 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py @@ -33,11 +33,18 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=404, mimetype=mimetype) + + +def unauthorized_error(detail, cause): + prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = serialize_clean_camel_case(prob) + + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py index dc120879f3ef6965afbcc272690d3b8c9c3b0de5..ce62116b04c912315b62f5b4cd513ba0e50cf1ed 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py @@ -8,6 +8,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.invocationlogs import LoggingInvocationOperations from ..core.validate_user import ControlAccess @@ -22,7 +24,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend()) diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py index 1f0302f64b0ac1791aa594b5b16772343af286b9..8ba055f9295f90258ff39547a9f4af1b22a75a30 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py @@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py index a7c06cdd46ffa4ddabd4980d4c002abb056956fb..7908b28e5607d59023a21a47f3f267a0b16713d7 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py @@ -3,6 +3,8 @@ from functools import wraps from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request + +from ..core.responses import bad_request_error, unauthorized_error from published_apis.models.problem_details import ProblemDetails # noqa: E501 from published_apis.vendor_specific import (find_attribute_in_body, vendor_specific_key_n_value) @@ -24,7 +26,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate( diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/individual_apf_published_api_controller.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/individual_apf_published_api_controller.py index d8098277e4df7d966488ad9aa81046382f436990..291ca99c79fb1dc1cf4aa2549e37ac6dfcf1ebdc 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/individual_apf_published_api_controller.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/individual_apf_published_api_controller.py @@ -3,6 +3,8 @@ from functools import wraps from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request + +from ..core.responses import unauthorized_error from published_apis.models.service_api_description_patch import \ ServiceAPIDescriptionPatch # noqa: E501 @@ -18,7 +20,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate( diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py index 1f0302f64b0ac1791aa594b5b16772343af286b9..8ba055f9295f90258ff39547a9f4af1b22a75a30 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py @@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py b/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py index 21a51cfc0696c43a59593b7271e8001859e21dc1..7a65eb7ddcaf7b07b800cfe3353ff43e1281bf9f 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py @@ -9,6 +9,8 @@ from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask import current_app, request +from ..core.responses import unauthorized_error + from ..core.publisher import Publisher from ..core.redis_internal_event import RedisInternalEvent from ..core.servicesecurity import SecurityOperations @@ -25,7 +27,11 @@ def cert_validation(): def __cert_validation(*args, **kwargs): args = request.view_args - cert_tmp = request.headers['X-Ssl-Client-Cert'] + cert_tmp = request.headers.get('X-Ssl-Client-Cert') + + if not cert_tmp: + return unauthorized_error("Client certificate required", "X-Ssl-Client-Cert header is missing") + cert_raw = cert_tmp.replace('\t', '') cert = x509.load_pem_x509_certificate( diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py b/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py index 849e7f8668ca60a2dac8c71e440b3447dba9b726..1de771cd973f52d9cdf47538c78b7ad8e12b83da 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py @@ -33,7 +33,7 @@ def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) prob = serialize_clean_camel_case(prob) - return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=cause) + return Response(json.dumps(prob, cls=CustomJSONEncoder), status=400, mimetype=mimetype) def not_found_error(detail, cause):