Remove from-crl

bh3000 · bh3000 · commit 9b0a2fdab979 · 2025-02-28T14:34:37.000Z
diff --git a/credentials/generate_revocation_set.py b/credentials/generate_revocation_set.py
@@ -21,14 +21,14 @@
 #     python ./credentials/generate-revocation-set.py --help
 
 import base64
-import dataclasses
 import json
 import logging
 import os
 import subprocess
 import sys
 import unittest
 from enum import Enum
+import dataclasses 
 from typing import Optional
 
 import click
@@ -53,7 +53,6 @@
 class RevocationType(Enum):
     CRL = 1
 
-
 class CertVerificationResult(Enum):
     SUCCESS = 1
     SKID_NOT_FOUND = 2
@@ -62,7 +61,6 @@ class CertVerificationResult(Enum):
     ISSUER_MISMATCH = 5
     AKID_MISMATCH = 6
 
-
 @dataclasses.dataclass
 class RevocationPoint:
     vid: int
@@ -79,7 +77,6 @@ class RevocationPoint:
     schemaVersion: int
     crlSignerDelegator: str
 
-
 @dataclasses.dataclass
 class RevocationSet:
     type: str
@@ -88,10 +85,10 @@ class RevocationSet:
     revoked_serial_numbers: [str]
     crl_signer_cert: str
     crl_signer_delegator: str = None
-
+    
     def asDict(self):
         return dataclasses.asdict(self)
-
+    
 
 OID_VENDOR_ID = x509.ObjectIdentifier("1.3.6.1.4.1.37244.2.1")
 OID_PRODUCT_ID = x509.ObjectIdentifier("1.3.6.1.4.1.37244.2.2")
@@ -178,8 +175,7 @@ def is_self_signed_certificate(cert: x509.Certificate) -> bool:
     if result == CertVerificationResult.SUCCESS:
         return True
     else:
-        logging.debug(
-            f"Certificate with subject: {cert.subject.rfc4514_string()} is not a valid self-signed certificate. Result: {result.name}")
+        logging.debug(f"Certificate with subject: {cert.subject.rfc4514_string()} is not a valid self-signed certificate. Result: {result.name}")
     return False
 
 
@@ -196,21 +192,18 @@ def validate_cert_chain(crl_signer: x509.Certificate, crl_signer_delegator: x509
     if crl_signer_delegator:
         result_signer = verify_cert(crl_signer, crl_signer_delegator)
         if not result_signer == CertVerificationResult.SUCCESS:
-            logging.debug(
-                f"Cannot verify certificate subject: {crl_signer.subject.rfc4514_string()} issued by certificate subject: {crl_signer_delegator.subject.rfc4514_string()}. Result: {result_signer.name}")
+            logging.debug(f"Cannot verify certificate subject: {crl_signer.subject.rfc4514_string()} issued by certificate subject: {crl_signer_delegator.subject.rfc4514_string()}. Result: {result_signer.name}")
             return False
 
         result_delegator = verify_cert(crl_signer_delegator, paa)
         if not result_delegator == CertVerificationResult.SUCCESS:
-            logging.debug(
-                f"Cannot verify certificate subject: {crl_signer_delegator.subject.rfc4514_string()} issued by certificate subject: {paa.subject.rfc4514_string()}. Result: {result.name}")
+            logging.debug(f"Cannot verify certificate subject: {crl_signer_delegator.subject.rfc4514_string()} issued by certificate subject: {paa.subject.rfc4514_string()}. Result: {result.name}")
             return False
         return True
     else:
         result = verify_cert(crl_signer, paa)
         if not result == CertVerificationResult.SUCCESS:
-            logging.debug(
-                f"Cannot verify certificate subject: {crl_signer.subject.rfc4514_string()} issued by certificate subject: {paa.subject.rfc4514_string()}. Result: {result.name}")
+            logging.debug(f"Cannot verify certificate subject: {crl_signer.subject.rfc4514_string()} issued by certificate subject: {paa.subject.rfc4514_string()}. Result: {result.name}")
             return False
         return True
 
@@ -359,7 +352,6 @@ def fetch_crl_from_url(url: str, timeout: int) -> x509.CertificateRevocationList
     except Exception as e:
         logging.error('Failed to fetch a valid CRL', e)
 
-
 class DclClientInterface:
     '''
     An interface for interacting with DCLD.
@@ -606,7 +598,7 @@ def get_revocation_points(self) -> list[RevocationPoint]:
         '''
 
         response = self.send_get_request(f"{self.rest_node_url}/dcl/pki/revocation-points")
-
+        
         return [RevocationPoint(**r) for r in response["PkiRevocationDistributionPoint"]]
 
     def get_revocation_points_by_skid(self, issuer_subject_key_id) -> list[RevocationPoint]:
@@ -674,8 +666,7 @@ def __init__(self, crls: [], dcl_certificates: [], revocation_points_response_fi
         logging.debug(f"Loading crls from {crls}")
         logging.debug(f"Loading revocation points response from {revocation_points_response_file}")
         self.crls = self.get_crls(crls)
-        self.revocation_points = [RevocationPoint(**r)
-                                  for r in json.load(revocation_points_response_file)["PkiRevocationDistributionPoint"]]
+        self.revocation_points = [RevocationPoint(**r) for r in json.load(revocation_points_response_file)["PkiRevocationDistributionPoint"]]
         self.authoritative_certs = self.get_authoritative_certificates(dcl_certificates)
 
     def get_lookup_key(self, certificate: x509.Certificate) -> str:
@@ -851,7 +842,6 @@ def get_crl_file(self,
                 return crl
         return None
 
-
 @click.group()
 def cli():
     pass
@@ -995,7 +985,6 @@ def from_dcl(use_main_net_dcld: str, use_test_net_dcld: str, use_main_net_http:
     with open(output, 'w+') as outfile:
         json.dump([revocation.asDict() for revocation in revocation_set], outfile, indent=4)
 
-
 class TestRevocationSetGeneration(unittest.TestCase):
     """Test class for revocation set generation"""
 
@@ -1062,7 +1051,6 @@ def test_pai_revocation_set(self):
             'test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json'
         )
 
-
 if __name__ == "__main__":
     if len(sys.argv) > 1 and sys.argv[1] == 'test':
         # Remove the 'test' argument and run tests
