Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
E
erp5_workflow
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wenjie.zheng
erp5_workflow
Commits
2de005e0
Commit
2de005e0
authored
Jan 16, 2013
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Plain Diff
Merge fixes to Certificate Authority Tool
parents
2f7141ca
142a719f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
23 additions
and
14 deletions
+23
-14
product/ERP5/Tool/CertificateAuthorityTool.py
product/ERP5/Tool/CertificateAuthorityTool.py
+23
-14
No files found.
product/ERP5/Tool/CertificateAuthorityTool.py
View file @
2de005e0
...
...
@@ -27,6 +27,8 @@
#
##############################################################################
import
glob
,
os
,
subprocess
,
sys
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Globals
import
InitializeClass
from
Products.ERP5Type.Tool.BaseTool
import
BaseTool
...
...
@@ -34,9 +36,6 @@ from Products.ERP5Type import Permissions
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
zLOG
import
LOG
,
INFO
import
os
import
subprocess
def
popenCommunicate
(
command_list
,
input
=
None
,
**
kwargs
):
kwargs
.
update
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
popen
=
subprocess
.
Popen
(
command_list
,
**
kwargs
)
...
...
@@ -186,6 +185,8 @@ class CertificateAuthorityTool(BaseTool):
# No docstring in order to make this method non publishable
# Returns certificate for passed common name, as dictionary of
# {key, certificate, id, common_name}
if
not
common_name
:
raise
ValueError
(
"Invalid common name: %r"
%
common_name
)
self
.
_checkCertificateAuthority
()
self
.
_lockCertificateAuthority
()
try
:
...
...
@@ -196,6 +197,7 @@ class CertificateAuthorityTool(BaseTool):
cert
=
os
.
path
.
join
(
self
.
certificate_authority_path
,
'certs'
,
new_id
+
'.crt'
)
try
:
os
.
close
(
os
.
open
(
key
,
os
.
O_CREAT
|
os
.
O_EXCL
,
0600
))
popenCommunicate
([
self
.
openssl_binary
,
'req'
,
'-nodes'
,
'-config'
,
self
.
openssl_config
,
'-new'
,
'-keyout'
,
key
,
'-out'
,
csr
,
'-days'
,
'3650'
],
'%s
\
n
'
%
common_name
,
stdin
=
subprocess
.
PIPE
)
...
...
@@ -209,14 +211,15 @@ class CertificateAuthorityTool(BaseTool):
id
=
new_id
,
common_name
=
common_name
)
except
:
e
=
sys
.
exc_info
()
try
:
for
p
in
[
key
,
csr
,
cert
]
:
for
p
in
key
,
csr
,
cert
:
if
os
.
path
.
exists
(
p
):
os
.
unlink
(
p
)
except
:
# do not raise during cleanup
pass
raise
raise
e
[
0
],
e
[
1
],
e
[
2
]
finally
:
self
.
_unlockCertificateAuthority
()
...
...
@@ -234,26 +237,32 @@ class CertificateAuthorityTool(BaseTool):
cert
=
os
.
path
.
join
(
self
.
certificate_authority_path
,
'certs'
,
serial
.
lower
()
+
'.crt'
)
if
not
os
.
path
.
exists
(
cert
):
raise
ValueError
(
'Certificate with serial %r does not exists'
%
serial
)
raise
ValueError
(
'Certificate with serial %r does not exist'
%
serial
)
created
=
[
crl
]
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-revoke'
,
cert
])
try
:
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-revoke'
,
cert
])
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-gencrl'
,
'-out'
,
crl
])
hash
=
popenCommunicate
([
self
.
openssl_binary
,
'crl'
,
'-noout'
,
'-hash'
,
'-in'
,
crl
]).
strip
()
previous_id
=
int
(
len
([
q
for
q
in
os
.
listdir
(
crl_path
)
if
hash
in
q
]))
os
.
symlink
(
crl
,
os
.
path
.
join
(
crl_path
,
'%s.%s'
%
(
hash
,
previous_id
)))
alias
=
os
.
path
.
join
(
crl_path
,
popenCommunicate
([
self
.
openssl_binary
,
'crl'
,
'-noout'
,
'-hash'
,
'-in'
,
crl
]).
strip
()
+
'.'
)
alias
+=
str
(
len
(
glob
.
glob
(
alias
+
'*'
)))
created
.
append
(
alias
)
os
.
symlink
(
os
.
path
.
basename
(
crl
),
alias
)
return
dict
(
crl
=
open
(
crl
).
read
())
except
:
e
=
sys
.
exc_info
()
try
:
for
p
in
[
crl
]:
for
p
in
'index.txt'
,
'crlnumber'
:
p
=
os
.
path
.
join
(
self
.
certificate_authority_path
,
p
)
os
.
rename
(
p
+
'.old'
,
p
)
for
p
in
created
:
if
os
.
path
.
exists
(
p
):
os
.
unlink
(
p
)
except
:
# do not raise during cleanup
pass
raise
raise
e
[
0
],
e
[
1
],
e
[
2
]
finally
:
self
.
_unlockCertificateAuthority
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment