use crt_id istead of serial when revoke directly a certificate

f9819934 · Alain Takoudjou · Alain Takoudjou · 7a09ecac · f9819934 · f9819934
Commit f9819934 authored Jun 21, 2017 by Alain Takoudjou Committed by Alain Takoudjou Jun 28, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 14 deletions

caucase/ca.py caucase/ca.py +5 -4

caucase/storage.py caucase/storage.py +16 -7

caucase/web.py caucase/web.py +7 -3

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -345,14 +345,15 @@ class CertificateAuthority(object):
              utils.getSerialToInt(crt),
              reason)

-  def revokeCertificateFromSerial(self, serial):
+  def revokeCertificateFromID(self, crt_id):
    """
-      Directly revoke a certificate from serial
+      Directly revoke a certificate from crt_id
      
-      @param serial: The serial of the certificate (int)
+      @param crt_id: The ID of the certificate (string)
    """
+    
    return self._storage.revokeCertificate(
-              serial,
+              crt_id=crt_id,
              reason="")

  def renew(self, wrapped_csr):

--- a/caucase/storage.py
+++ b/caucase/storage.py
@@ -326,20 +326,29 @@ class Storage(object):

    return data_list

-  def revokeCertificate(self, serial, reason=''):
+  def revokeCertificate(self, serial=None, crt_id=None, reason=''):
    """
    Add serial to the list of revoked certificates.
    Associated certificate must expire at (or before) not_after_date, so
    revocation can be pruned.
+    
+    serial or crt_id should be send to get the certificate. If both are set,
+    serial is used.
    """
-    cert = Certificate.query.filter(
-        Certificate.status == STATUS_VALIDATED
-      ).filter(
-        Certificate.serial == serial
-      ).first()
+    if serial is None and crt_id is None:
+      raise ValueError("serial or crt_id are not set to revokeCertificate.")
+
+    query = Certificate.query.filter(Certificate.status == STATUS_VALIDATED)
+    if serial:
+      query = query.filter(Certificate.serial == serial)
+    else:
+      query = query.filter(Certificate.crt_id == crt_id)
+
+    cert = query.first()

    if not cert:
-      raise NotFound('No certficate with serial %r' % (serial, ))
+      raise NotFound('No certficate with serial or id %r found!' % (
+                    serial or crt_id, ))

    expire_in = cert.expire_after  - datetime.utcnow()
    if expire_in.days < 0:

--- a/caucase/web.py
+++ b/caucase/web.py
@@ -606,7 +606,7 @@ def request_revoke_crt():
  response = Response("", status=201, )
  return response

-@app.route('/crt/revoke/serial', methods=['PUT'])
+@app.route('/crt/revoke/id', methods=['PUT'])
 @authenticated_method
 def revoke_crt():
  """
@@ -614,8 +614,12 @@ def revoke_crt():
  """

  try:
-    serial = request.form.get('serial', '')
-    app.config.ca.revokeCertificateFromSerial(serial)
+    crt_id = request.form.get('crt_id', '')
+    if not crt_id:
+      raise FlaskException("'crt_id' parameter is mandatory",
+              payload={"name": "MissingParameter", "code": 2})
+
+    app.config.ca.revokeCertificateFromID(crt_id)
  except ValueError, e:
    traceback.print_exc()
    raise FlaskException(str(e),