def lambda_handler()

in lambda-authorizer/main.py [0:0]

• 26 lines of code
• 5 McCabe index (conditional complexity)

def lambda_handler(event, context):
    print("Method ARN: " + event['methodArn'])
    principalId = "user|a1b2c3d4"
    
    # Get the public key from the CSR
    device_csr = base64.b64decode(event['headers']['device-csr']).decode('utf-8')
    req = load_certificate_request( FILETYPE_PEM, device_csr )
    req_pubkey = req.get_pubkey()
    req_pubkey_pem = dump_publickey( FILETYPE_PEM, req_pubkey )

    # Get the public key from Dynamo. Load and then dump to format proper
    # Whole certificate is base64 encoded for maintaining textual integrity
    ori_pubkey_pem = base64.b64decode(get_pubkey(req))
    pubbuf = OpenSSL.crypto.load_publickey(FILETYPE_PEM, ori_pubkey_pem)
    ori_pubkey_pem = dump_publickey( FILETYPE_PEM, pubbuf)
    
    print(ori_pubkey_pem)
    print(req_pubkey_pem)
    
    if ( ori_pubkey_pem == req_pubkey_pem ):
        # Return 201 and respond w sigv4 uri to signed certificate
        tmp = event['methodArn'].split(':')
        apiGatewayArnTmp = tmp[5].split('/')
        awsAccountId = tmp[4]
    
        policy = AuthPolicy(principalId, awsAccountId)
        policy.restApiId = apiGatewayArnTmp[0]
        policy.region = tmp[3]
        policy.stage = apiGatewayArnTmp[1]
        policy.allowMethod(HttpVerb.POST, "/new")
        policy.allowMethod(HttpVerb.POST, "/proto")
    
        # Finally, build the policy
        authResponse = policy.build()

        return authResponse
    else:
        raise Exception('Unauthorized')