slapos_cloud: save certificate serial instead of certificate ID

accf8b64 · Alain Takoudjou · b17809ef · accf8b64 · accf8b64 · accf8b64
Commit accf8b64 authored Jul 07, 2017 by Alain Takoudjou
5 changed files
--- a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.py
+++ b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.py
@@ -108,23 +108,25 @@ class CaucaseRESTClientInterface(XMLObject):
    """
    return loads(self._request('/crt/ca.crt.json').read())

-  def getCertificateFromSerial(self, serial):
+  def getCertificateFromId(self, crt_id):
    """
-      Get Certificate as PEM string
+      Get Certificate as PEM string from CRT ID
    """
-    return self._request('crt/serial/%s' % serial).read()
+    return self._request('crt/%s' % crt_id).read()

-  def getCertificate(self, crt_id):
+  def getCertificate(self, serial):
    """
-      Get Certificate as PEM string
+      Get Certificate as PEM string from serial
    """
+    crt_id = '%s.crt.pem' % serial
    return self._request('crt/%s' % crt_id).read()

  def signCertificate(self, csr_id, subject=None):
    """
      Sign a certificate from the CSR id
      
-      return the certificate ID and URL to download certificate
+      return the certificate ID and URL to download certificate and serial into
+        dict
    """
    if not subject:
      data = urllib.urlencode({'csr_id': csr_id})
@@ -135,12 +137,17 @@ class CaucaseRESTClientInterface(XMLObject):
      })
    response = self._request('/crt', data=data, method='PUT')
    cert_id = response.headers['Location'].split('/')[-1]
-    return (cert_id, response.headers['Location'])
+    # XXX - remove extension on cert_id (.crt.pem) to get serial
+    serial = cert_id[:-8]
+    return {'id': cert_id,
+            'serial': serial,
+            'url': response.headers['Location']}

-  def revokeCertificate(self, crt_id):
+  def revokeCertificate(self, serial):
    """
      Revoke existing and valid certificate
    """
+    crt_id = '%s.crt.pem' % serial
    return self._request(
      '/crt/revoke/id',
      data=urllib.urlencode({'crt_id': crt_id}),

--- a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
+++ b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
@@ -33,28 +33,28 @@ class Person(ERP5Person):
    csr_id = ca_service.putCertificateSigningRequest(csr)

    # Sign the csr immediately
-    crt_id, url = ca_service.signCertificate(
+    result_dict = ca_service.signCertificate(
      csr_id,
      subject={'CN': self.getReference()})

    # link to the user
    certificate_id = self.newContent(
      portal_type="Certificate Login",
-      reference=crt_id,
-      url_string=url)
+      reference=result_dict['serial'],
+      url_string=result_dict['url'])

    certificate_id.validate()
-    return crt_id, url
+    return result_dict['serial'], result_dict['url']

  security.declarePublic('getCertificate')
  def getCertificate(self):
    """Returns existing SSL certificate"""
    self._checkCertificateRequest()
-    crt_id_list = self.getPersonCertificateList()
-    if crt_id_list:
+    crt_login_list = self.getPersonCertificateList()
+    if crt_login_list:
      # XXX - considering there is only one certificate per user
      return self.getPortalObject().portal_web_services.caucase_adapter\
-        .getCertificate(crt_id_list[0].getReference())
+        .getCertificate(crt_login_list[0].getReference())
    raise ValueError(
      "No certificate set for the user %s" % self.getReference()
    )
@@ -63,10 +63,10 @@ class Person(ERP5Person):
  def revokeCertificate(self):
    """Revokes existing certificate"""
    self._checkCertificateRequest()
-    crt_id_list = self.getPersonCertificateList()
-    if crt_id_list:
+    crt_login_list = self.getPersonCertificateList()
+    if crt_login_list:
      # XXX - considering there is only one certificate per user
-      certificate_id = crt_id_list[0]
+      certificate_id = crt_login_list[0]
      response = self.getPortalObject().portal_web_services.caucase_adapter\
        .revokeCertificate(certificate_id.getReference())
      # Invalidate certificate id of the user

--- a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py
+++ b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py
@@ -77,9 +77,9 @@ class SoftwareInstance(Item):
    if certificate_id_list:
      return certificate_id_list[0]

-  def _getCertificate(self, cert_id):
+  def _getCertificate(self, serial):
    return self.getPortalObject().portal_web_services.caucase_adapter\
-        .getCertificate(cert_id)
+        .getCertificate(serial)

  security.declareProtected(Permissions.AccessContentsInformation,
    'getCertificate')
@@ -105,7 +105,7 @@ class SoftwareInstance(Item):
    csr_id = ca_service.putCertificateSigningRequest(certificate_request)

    # Sign the csr immediately
-    crt_id, url = ca_service.signCertificate(
+    result_dict = ca_service.signCertificate(
      csr_id,
      subject={'CN': self.getReference()}
    )
@@ -113,8 +113,8 @@ class SoftwareInstance(Item):
    # link to the Instance
    certificate_id = self.newContent(
      portal_type="Certificate Login",
-      reference=crt_id,
-      url_string=url)
+      reference=result_dict['serial'],
+      url_string=result_dict['url'])

    certificate_id.validate()
    return self._getCertificate(certificate_id.getReference())

--- a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
+++ b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
@@ -8,11 +8,11 @@ except KeyError, e:
  raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))

 certificate_portal_type = "Certificate Login"
-certificate_id_list = [x for x in
+certificate_login_list = [x for x in
  computer.contentValues(portal_type=certificate_portal_type)
  if x.getValidationState() == 'validated']

-if len(certificate_id_list):
+if len(certificate_login_list):
  context.REQUEST.set("computer_certificate", None)
  context.REQUEST.set("computer_certificate_url", None)
  raise ValueError('Certificate still active.')
@@ -20,17 +20,17 @@ if len(certificate_id_list):
 ca_service = context.getPortalObject().portal_web_services.caucase_adapter
 csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
 # Sign the csr immediately
-crt_id, url = ca_service.signCertificate(
+result_dict = ca_service.signCertificate(
      csr_id,
      subject={'CN': computer.getReference()})
-certificate = ca_service.getCertificate(crt_id)
+certificate = ca_service.getCertificate(result_dict['serial'])

 certificate_id = computer.newContent(
  portal_type=certificate_portal_type,
-  reference=crt_id,
-  url_string=url)
+  reference=result_dict['serial'],
+  url_string=result_dict['url'])

 certificate_id.validate()

 context.REQUEST.set("computer_certificate", certificate)
-context.REQUEST.set("computer_certificate_url", url)
+context.REQUEST.set("computer_certificate_url", result_dict['url'])
--- a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
+++ b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
 computer = state_change['object']
 context.REQUEST.set('computer_certificate', None)
 context.REQUEST.set('computer_certificate_url', None)
-certificate_id_list = [x for x in
+certificate_login_list = [x for x in
  computer.contentValues(portal_type="Certificate Login")
  if x.getValidationState() == 'validated']

-if not len(certificate_id_list):
+if not len(certificate_login_list):
  raise ValueError('No certificate')

 # XXX - considering that there is always one objects
-certificate_id = certificate_id_list[0]
+certificate_login = certificate_login_list[0]
 context.getPortalObject().portal_web_services.caucase_adapter\
-  .revokeCertificate(certificate_id.getReference())
+  .revokeCertificate(certificate_login.getReference())

 # Invalidate certificate
-certificate_id.invalidate()
+certificate_login.invalidate()