Commit 792059be authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: use caucase webservice for certificate management

parent 300091cc
...@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager ...@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
from Products.ERP5.Document.Person import Person as ERP5Person from Products.ERP5.Document.Person import Person as ERP5Person
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
class UserCertificateNotFound(Exception):
"""Exception raised when certificate is not found"""
pass
class UserCertificateFound(Exception):
"""Exception raised when certificate is found"""
pass
class Person(ERP5Person): class Person(ERP5Person):
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declarePublic('getCertificate')
def _checkCertificateRequest(self): def _checkCertificateRequest(self):
try: try:
...@@ -19,24 +26,46 @@ class Person(ERP5Person): ...@@ -19,24 +26,46 @@ class Person(ERP5Person):
if getSecurityManager().getUser().getId() != reference: if getSecurityManager().getUser().getId() != reference:
raise raise
def _getCertificate(self): security.declarePublic('signCertificate')
return self.getPortalObject().portal_certificate_authority\ def signCertificate(self, csr):
.getNewCertificate(self.getReference()) """Send csr for certificate signature"""
self._checkCertificateRequest()
if self.getDestinationReference():
raise UserCertificateFound("A Certificate already exists, please revoke it first!")
ca_service = self.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(csr)
def _revokeCertificate(self): # Sign the csr immediately
return self.getPortalObject().portal_certificate_authority\ crt_id, url = ca_service.signCertificate(csr_id)
.revokeCertificateByCommonName(self.getReference()) self.setDestinationReference(crt_id)
return crt_id, url
security.declarePublic('getCertificate')
def getCertificate(self): def getCertificate(self):
"""Returns new SSL certificate""" """Returns existing SSL certificate"""
self._checkCertificateRequest() self._checkCertificateRequest()
return self._getCertificate() crt_id = self.getDestinationReference()
if crt_id:
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(crt_id)
raise UserCertificateNotFound(
"No certificate set for the user %s" % self.getReference()
)
security.declarePublic('revokeCertificate') security.declarePublic('revokeCertificate')
def revokeCertificate(self): def revokeCertificate(self):
"""Revokes existing certificate""" """Revokes existing certificate"""
self._checkCertificateRequest() self._checkCertificateRequest()
self._revokeCertificate() crt_id = self.getDestinationReference()
if crt_id:
response = self.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(crt_id)
# Remove Destination Reference
self.setDestinationReference("")
return response.read()
raise UserCertificateNotFound(
"No certificate set for the user %s" % self.getReference()
)
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getTitle') 'getTitle')
......
...@@ -6,10 +6,22 @@ ...@@ -6,10 +6,22 @@
</pickle> </pickle>
<pickle> <pickle>
<dictionary> <dictionary>
<item>
<key> <string>_recorded_property_dict</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item> <item>
<key> <string>default_reference</string> </key> <key> <string>default_reference</string> </key>
<value> <string>Person</string> </value> <value> <string>Person</string> </value>
</item> </item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>document.erp5.Person</string> </value> <value> <string>document.erp5.Person</string> </value>
...@@ -43,13 +55,28 @@ ...@@ -43,13 +55,28 @@
<item> <item>
<key> <string>workflow_history</string> </key> <key> <string>workflow_history</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="2" aka="AAAAAAAAAAI="> <record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle> <pickle>
<global name="PersistentMapping" module="Persistence.mapping"/> <global name="PersistentMapping" module="Persistence.mapping"/>
</pickle> </pickle>
...@@ -62,7 +89,7 @@ ...@@ -62,7 +89,7 @@
<item> <item>
<key> <string>component_validation_workflow</string> </key> <key> <string>component_validation_workflow</string> </key>
<value> <value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent> <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value> </value>
</item> </item>
</dictionary> </dictionary>
...@@ -71,7 +98,7 @@ ...@@ -71,7 +98,7 @@
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="3" aka="AAAAAAAAAAM="> <record id="4" aka="AAAAAAAAAAQ=">
<pickle> <pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/> <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
</pickle> </pickle>
......
computer = state_change['object'] computer = state_change['object']
# Get required arguments
kwargs = state_change.kwargs
try:
certificate_signature_request = kwargs["csr"]
except KeyError, e:
raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
if computer.getDestinationReference() is not None: if computer.getDestinationReference() is not None:
context.REQUEST.set("computer_certificate", None) context.REQUEST.set("computer_certificate", None)
context.REQUEST.set("computer_key", None) context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.') raise ValueError('Certificate still active.')
ca = context.getPortalObject().portal_certificate_authority ca_service = context.getPortalObject().portal_web_services.caucase_adapter
certificate_dict = ca.getNewCertificate(computer.getReference()) csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
certificate = ca_service.getCertificate(crt_id)
computer.setDestinationReference(certificate_dict["id"]) computer.setDestinationReference(crt_id)
context.REQUEST.set("computer_certificate", certificate_dict["certificate"]) context.REQUEST.set("computer_certificate", certificate)
context.REQUEST.set("computer_key", certificate_dict["key"]) context.REQUEST.set("computer_certificate_url", url)
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>state_change</string> </value> <value> <string>state_change</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Computer_generateCertificate</string> </value> <value> <string>Computer_generateCertificate</string> </value>
......
computer = state_change['object'] computer = state_change['object']
context.REQUEST.set('computer_certificate', None) context.REQUEST.set('computer_certificate', None)
context.REQUEST.set('computer_key', None) context.REQUEST.set('computer_certificate_url', None)
destination_reference = computer.getDestinationReference() destination_reference = computer.getDestinationReference()
if destination_reference is None: if destination_reference is None:
raise ValueError('No certificate') raise ValueError('No certificate')
context.getPortalObject().portal_certificate_authority.revokeCertificate(destination_reference) context.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(destination_reference)
computer.setDestinationReference(None) computer.setDestinationReference(None)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment