Commit 792059be authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: use caucase webservice for certificate management

parent 300091cc
......@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
from Products.ERP5.Document.Person import Person as ERP5Person
from Products.ERP5Type import Permissions
class UserCertificateNotFound(Exception):
"""Exception raised when certificate is not found"""
pass
class UserCertificateFound(Exception):
"""Exception raised when certificate is found"""
pass
class Person(ERP5Person):
security = ClassSecurityInfo()
security.declarePublic('getCertificate')
def _checkCertificateRequest(self):
try:
......@@ -19,24 +26,46 @@ class Person(ERP5Person):
if getSecurityManager().getUser().getId() != reference:
raise
def _getCertificate(self):
return self.getPortalObject().portal_certificate_authority\
.getNewCertificate(self.getReference())
security.declarePublic('signCertificate')
def signCertificate(self, csr):
"""Send csr for certificate signature"""
self._checkCertificateRequest()
if self.getDestinationReference():
raise UserCertificateFound("A Certificate already exists, please revoke it first!")
ca_service = self.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(csr)
def _revokeCertificate(self):
return self.getPortalObject().portal_certificate_authority\
.revokeCertificateByCommonName(self.getReference())
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
self.setDestinationReference(crt_id)
return crt_id, url
security.declarePublic('getCertificate')
def getCertificate(self):
"""Returns new SSL certificate"""
"""Returns existing SSL certificate"""
self._checkCertificateRequest()
return self._getCertificate()
crt_id = self.getDestinationReference()
if crt_id:
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(crt_id)
raise UserCertificateNotFound(
"No certificate set for the user %s" % self.getReference()
)
security.declarePublic('revokeCertificate')
def revokeCertificate(self):
"""Revokes existing certificate"""
self._checkCertificateRequest()
self._revokeCertificate()
crt_id = self.getDestinationReference()
if crt_id:
response = self.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(crt_id)
# Remove Destination Reference
self.setDestinationReference("")
return response.read()
raise UserCertificateNotFound(
"No certificate set for the user %s" % self.getReference()
)
security.declareProtected(Permissions.AccessContentsInformation,
'getTitle')
......
......@@ -6,10 +6,22 @@
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_recorded_property_dict</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>default_reference</string> </key>
<value> <string>Person</string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>document.erp5.Person</string> </value>
......@@ -43,13 +55,28 @@
<item>
<key> <string>workflow_history</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
......@@ -62,7 +89,7 @@
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
</dictionary>
......@@ -71,7 +98,7 @@
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
</pickle>
......
computer = state_change['object']
# Get required arguments
kwargs = state_change.kwargs
try:
certificate_signature_request = kwargs["csr"]
except KeyError, e:
raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
if computer.getDestinationReference() is not None:
context.REQUEST.set("computer_certificate", None)
context.REQUEST.set("computer_key", None)
context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.')
ca = context.getPortalObject().portal_certificate_authority
certificate_dict = ca.getNewCertificate(computer.getReference())
ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
certificate = ca_service.getCertificate(crt_id)
computer.setDestinationReference(certificate_dict["id"])
computer.setDestinationReference(crt_id)
context.REQUEST.set("computer_certificate", certificate_dict["certificate"])
context.REQUEST.set("computer_key", certificate_dict["key"])
context.REQUEST.set("computer_certificate", certificate)
context.REQUEST.set("computer_certificate_url", url)
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>state_change</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Computer_generateCertificate</string> </value>
......
computer = state_change['object']
context.REQUEST.set('computer_certificate', None)
context.REQUEST.set('computer_key', None)
context.REQUEST.set('computer_certificate_url', None)
destination_reference = computer.getDestinationReference()
if destination_reference is None:
raise ValueError('No certificate')
context.getPortalObject().portal_certificate_authority.revokeCertificate(destination_reference)
context.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(destination_reference)
computer.setDestinationReference(None)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment