From 701ccd146394aed1fecdff0cc993ac54807003a6 Mon Sep 17 00:00:00 2001 From: mowdash <59023279+mowdash@users.noreply.github.com> Date: Fri, 2 Dec 2022 16:38:30 -0500 Subject: [PATCH 1/3] fix: raise error if cert not found instead of continuing within infinite while loop --- vcert/connection_tpp_abstract.py | 6 ++++-- vcert/errors.py | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/vcert/connection_tpp_abstract.py b/vcert/connection_tpp_abstract.py index 91ba5df..0816c4d 100644 --- a/vcert/connection_tpp_abstract.py +++ b/vcert/connection_tpp_abstract.py @@ -28,7 +28,7 @@ from .common import CertField, CommonConnection, CertificateRequest, CSR_ORIGIN_LOCAL, CSR_ORIGIN_PROVIDED, \ CSR_ORIGIN_SERVICE, KeyType, CHAIN_OPTION_LAST, CHAIN_OPTION_FIRST, CHAIN_OPTION_IGNORE, Policy, ZoneConfig from .errors import VenafiError, ServerUnexptedBehavior, ClientBadData, RetrieveCertificateTimeoutError, \ - CertificateRequestError, CertificateRenewError + RetrieveCertificateNotFoundError, CertificateRequestError, CertificateRenewError from .http_status import HTTPStatus from .pem import parse_pem from .policy import RPA, SPA @@ -214,7 +214,7 @@ def retrieve_cert(self, cert_request): status, data = self._post(URLS.CERTIFICATE_RETRIEVE, data=retrieve_request) except VenafiError: log.debug(f"Certificate with id {cert_request.id} not found") - status = 0 + status = HTTPStatus.NOT_FOUND if status == HTTPStatus.OK: pem64 = data['CertificateData'] @@ -224,6 +224,8 @@ def retrieve_cert(self, cert_request): log.debug("Adding private key to response...") cert_response.key = cert_request.private_key_pem return cert_response + elif status == HTTPStatus.NOT_FOUND: + raise RetrieveCertificateNotFoundError(f"Certificate with id {cert_request.id} not found") elif (time.time() - time_start) < cert_request.timeout: log.debug("Waiting for certificate...") time.sleep(2) diff --git a/vcert/errors.py b/vcert/errors.py index 8adb4f1..abc697c 100644 --- a/vcert/errors.py +++ b/vcert/errors.py @@ -53,3 +53,7 @@ class VenafiParsingError(VenafiError): class RetrieveCertificateTimeoutError(VenafiError): pass + + +class RetrieveCertificateNotFoundError(VenafiError): + pass From 6489a59b5cda01b52828279e383db892d460f1c1 Mon Sep 17 00:00:00 2001 From: mowdash <59023279+mowdash@users.noreply.github.com> Date: Mon, 12 Dec 2022 23:04:40 -0500 Subject: [PATCH 2/3] return correct error status when retrieving cert --- vcert/common.py | 5 ++++- vcert/connection_tpp_abstract.py | 8 +++++--- vcert/errors.py | 5 ++++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/vcert/common.py b/vcert/common.py index feabf23..feeb850 100644 --- a/vcert/common.py +++ b/vcert/common.py @@ -715,7 +715,10 @@ def process_server_response(r): log_errors(r.content) raise VenafiConnectionError(f"\n\tServer status: {r.status_code}" f"\n\tURL: {r.request.url}" - f"\n\tResponse: {r.content}") + f"\n\tResponse: {r.content}", + status_code = r.status_code, + url = r.request.url, + content = r.content) content_type = r.headers.get("content-type") # Content-type not present, return status and reason (if any) diff --git a/vcert/connection_tpp_abstract.py b/vcert/connection_tpp_abstract.py index 0816c4d..33b3db7 100644 --- a/vcert/connection_tpp_abstract.py +++ b/vcert/connection_tpp_abstract.py @@ -212,9 +212,9 @@ def retrieve_cert(self, cert_request): try: # TODO: Change _post() with post(args) status, data = self._post(URLS.CERTIFICATE_RETRIEVE, data=retrieve_request) - except VenafiError: - log.debug(f"Certificate with id {cert_request.id} not found") - status = HTTPStatus.NOT_FOUND + except VenafiError as e: + log.debug(str(e)) + status = e.status_code if status == HTTPStatus.OK: pem64 = data['CertificateData'] @@ -226,6 +226,8 @@ def retrieve_cert(self, cert_request): return cert_response elif status == HTTPStatus.NOT_FOUND: raise RetrieveCertificateNotFoundError(f"Certificate with id {cert_request.id} not found") + elif status == HTTPStatus.BAD_REQUEST: + raise ClientBadData elif (time.time() - time_start) < cert_request.timeout: log.debug("Waiting for certificate...") time.sleep(2) diff --git a/vcert/errors.py b/vcert/errors.py index abc697c..505ad9a 100644 --- a/vcert/errors.py +++ b/vcert/errors.py @@ -16,7 +16,10 @@ class VenafiError(Exception): - pass + def __init__(self, *args, **kwargs): + super().__init__(*args) + for (k,v) in kwargs.items(): + setattr(self, k, v) class VenafiConnectionError(VenafiError): From b2d9e3b9db3d0b12c308777675143b1fb34a076d Mon Sep 17 00:00:00 2001 From: mowdash <59023279+mowdash@users.noreply.github.com> Date: Mon, 12 Dec 2022 23:34:56 -0500 Subject: [PATCH 3/3] move errors into except block --- vcert/connection_tpp_abstract.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/vcert/connection_tpp_abstract.py b/vcert/connection_tpp_abstract.py index 33b3db7..bb98732 100644 --- a/vcert/connection_tpp_abstract.py +++ b/vcert/connection_tpp_abstract.py @@ -212,9 +212,13 @@ def retrieve_cert(self, cert_request): try: # TODO: Change _post() with post(args) status, data = self._post(URLS.CERTIFICATE_RETRIEVE, data=retrieve_request) - except VenafiError as e: - log.debug(str(e)) - status = e.status_code + except VenafiError as error: + log.debug(error.content) + status = error.status_code + if status == HTTPStatus.NOT_FOUND: + raise RetrieveCertificateNotFoundError(f"Certificate with id {cert_request.id} not found") + elif status == HTTPStatus.BAD_REQUEST: + raise ClientBadData(error.content) if status == HTTPStatus.OK: pem64 = data['CertificateData'] @@ -224,10 +228,6 @@ def retrieve_cert(self, cert_request): log.debug("Adding private key to response...") cert_response.key = cert_request.private_key_pem return cert_response - elif status == HTTPStatus.NOT_FOUND: - raise RetrieveCertificateNotFoundError(f"Certificate with id {cert_request.id} not found") - elif status == HTTPStatus.BAD_REQUEST: - raise ClientBadData elif (time.time() - time_start) < cert_request.timeout: log.debug("Waiting for certificate...") time.sleep(2)