Commit accf8b64 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: save certificate serial instead of certificate ID

parent b17809ef
...@@ -108,23 +108,25 @@ class CaucaseRESTClientInterface(XMLObject): ...@@ -108,23 +108,25 @@ class CaucaseRESTClientInterface(XMLObject):
""" """
return loads(self._request('/crt/ca.crt.json').read()) return loads(self._request('/crt/ca.crt.json').read())
def getCertificateFromSerial(self, serial): def getCertificateFromId(self, crt_id):
""" """
Get Certificate as PEM string Get Certificate as PEM string from CRT ID
""" """
return self._request('crt/serial/%s' % serial).read() return self._request('crt/%s' % crt_id).read()
def getCertificate(self, crt_id): def getCertificate(self, serial):
""" """
Get Certificate as PEM string Get Certificate as PEM string from serial
""" """
crt_id = '%s.crt.pem' % serial
return self._request('crt/%s' % crt_id).read() return self._request('crt/%s' % crt_id).read()
def signCertificate(self, csr_id, subject=None): def signCertificate(self, csr_id, subject=None):
""" """
Sign a certificate from the CSR id Sign a certificate from the CSR id
return the certificate ID and URL to download certificate return the certificate ID and URL to download certificate and serial into
dict
""" """
if not subject: if not subject:
data = urllib.urlencode({'csr_id': csr_id}) data = urllib.urlencode({'csr_id': csr_id})
...@@ -135,12 +137,17 @@ class CaucaseRESTClientInterface(XMLObject): ...@@ -135,12 +137,17 @@ class CaucaseRESTClientInterface(XMLObject):
}) })
response = self._request('/crt', data=data, method='PUT') response = self._request('/crt', data=data, method='PUT')
cert_id = response.headers['Location'].split('/')[-1] cert_id = response.headers['Location'].split('/')[-1]
return (cert_id, response.headers['Location']) # XXX - remove extension on cert_id (.crt.pem) to get serial
serial = cert_id[:-8]
return {'id': cert_id,
'serial': serial,
'url': response.headers['Location']}
def revokeCertificate(self, crt_id): def revokeCertificate(self, serial):
""" """
Revoke existing and valid certificate Revoke existing and valid certificate
""" """
crt_id = '%s.crt.pem' % serial
return self._request( return self._request(
'/crt/revoke/id', '/crt/revoke/id',
data=urllib.urlencode({'crt_id': crt_id}), data=urllib.urlencode({'crt_id': crt_id}),
...@@ -175,5 +182,5 @@ class CaucaseRESTClientInterface(XMLObject): ...@@ -175,5 +182,5 @@ class CaucaseRESTClientInterface(XMLObject):
Delete CSR from his id Delete CSR from his id
""" """
response = self._request('/csr/%s' % csr_id, method='DELETE').read() response = self._request('/csr/%s' % csr_id, method='DELETE').read()
InitializeClass(CaucaseRESTClientInterface) InitializeClass(CaucaseRESTClientInterface)
\ No newline at end of file
...@@ -33,28 +33,28 @@ class Person(ERP5Person): ...@@ -33,28 +33,28 @@ class Person(ERP5Person):
csr_id = ca_service.putCertificateSigningRequest(csr) csr_id = ca_service.putCertificateSigningRequest(csr)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate( result_dict = ca_service.signCertificate(
csr_id, csr_id,
subject={'CN': self.getReference()}) subject={'CN': self.getReference()})
# link to the user # link to the user
certificate_id = self.newContent( certificate_id = self.newContent(
portal_type="Certificate Login", portal_type="Certificate Login",
reference=crt_id, reference=result_dict['serial'],
url_string=url) url_string=result_dict['url'])
certificate_id.validate() certificate_id.validate()
return crt_id, url return result_dict['serial'], result_dict['url']
security.declarePublic('getCertificate') security.declarePublic('getCertificate')
def getCertificate(self): def getCertificate(self):
"""Returns existing SSL certificate""" """Returns existing SSL certificate"""
self._checkCertificateRequest() self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList() crt_login_list = self.getPersonCertificateList()
if crt_id_list: if crt_login_list:
# XXX - considering there is only one certificate per user # XXX - considering there is only one certificate per user
return self.getPortalObject().portal_web_services.caucase_adapter\ return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(crt_id_list[0].getReference()) .getCertificate(crt_login_list[0].getReference())
raise ValueError( raise ValueError(
"No certificate set for the user %s" % self.getReference() "No certificate set for the user %s" % self.getReference()
) )
...@@ -63,10 +63,10 @@ class Person(ERP5Person): ...@@ -63,10 +63,10 @@ class Person(ERP5Person):
def revokeCertificate(self): def revokeCertificate(self):
"""Revokes existing certificate""" """Revokes existing certificate"""
self._checkCertificateRequest() self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList() crt_login_list = self.getPersonCertificateList()
if crt_id_list: if crt_login_list:
# XXX - considering there is only one certificate per user # XXX - considering there is only one certificate per user
certificate_id = crt_id_list[0] certificate_id = crt_login_list[0]
response = self.getPortalObject().portal_web_services.caucase_adapter\ response = self.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference()) .revokeCertificate(certificate_id.getReference())
# Invalidate certificate id of the user # Invalidate certificate id of the user
......
...@@ -77,9 +77,9 @@ class SoftwareInstance(Item): ...@@ -77,9 +77,9 @@ class SoftwareInstance(Item):
if certificate_id_list: if certificate_id_list:
return certificate_id_list[0] return certificate_id_list[0]
def _getCertificate(self, cert_id): def _getCertificate(self, serial):
return self.getPortalObject().portal_web_services.caucase_adapter\ return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(cert_id) .getCertificate(serial)
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getCertificate') 'getCertificate')
...@@ -105,7 +105,7 @@ class SoftwareInstance(Item): ...@@ -105,7 +105,7 @@ class SoftwareInstance(Item):
csr_id = ca_service.putCertificateSigningRequest(certificate_request) csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate( result_dict = ca_service.signCertificate(
csr_id, csr_id,
subject={'CN': self.getReference()} subject={'CN': self.getReference()}
) )
...@@ -113,8 +113,8 @@ class SoftwareInstance(Item): ...@@ -113,8 +113,8 @@ class SoftwareInstance(Item):
# link to the Instance # link to the Instance
certificate_id = self.newContent( certificate_id = self.newContent(
portal_type="Certificate Login", portal_type="Certificate Login",
reference=crt_id, reference=result_dict['serial'],
url_string=url) url_string=result_dict['url'])
certificate_id.validate() certificate_id.validate()
return self._getCertificate(certificate_id.getReference()) return self._getCertificate(certificate_id.getReference())
......
...@@ -8,11 +8,11 @@ except KeyError, e: ...@@ -8,11 +8,11 @@ except KeyError, e:
raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e)) raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
certificate_portal_type = "Certificate Login" certificate_portal_type = "Certificate Login"
certificate_id_list = [x for x in certificate_login_list = [x for x in
computer.contentValues(portal_type=certificate_portal_type) computer.contentValues(portal_type=certificate_portal_type)
if x.getValidationState() == 'validated'] if x.getValidationState() == 'validated']
if len(certificate_id_list): if len(certificate_login_list):
context.REQUEST.set("computer_certificate", None) context.REQUEST.set("computer_certificate", None)
context.REQUEST.set("computer_certificate_url", None) context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.') raise ValueError('Certificate still active.')
...@@ -20,17 +20,17 @@ if len(certificate_id_list): ...@@ -20,17 +20,17 @@ if len(certificate_id_list):
ca_service = context.getPortalObject().portal_web_services.caucase_adapter ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request) csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate( result_dict = ca_service.signCertificate(
csr_id, csr_id,
subject={'CN': computer.getReference()}) subject={'CN': computer.getReference()})
certificate = ca_service.getCertificate(crt_id) certificate = ca_service.getCertificate(result_dict['serial'])
certificate_id = computer.newContent( certificate_id = computer.newContent(
portal_type=certificate_portal_type, portal_type=certificate_portal_type,
reference=crt_id, reference=result_dict['serial'],
url_string=url) url_string=result_dict['url'])
certificate_id.validate() certificate_id.validate()
context.REQUEST.set("computer_certificate", certificate) context.REQUEST.set("computer_certificate", certificate)
context.REQUEST.set("computer_certificate_url", url) context.REQUEST.set("computer_certificate_url", result_dict['url'])
computer = state_change['object'] computer = state_change['object']
context.REQUEST.set('computer_certificate', None) context.REQUEST.set('computer_certificate', None)
context.REQUEST.set('computer_certificate_url', None) context.REQUEST.set('computer_certificate_url', None)
certificate_id_list = [x for x in certificate_login_list = [x for x in
computer.contentValues(portal_type="Certificate Login") computer.contentValues(portal_type="Certificate Login")
if x.getValidationState() == 'validated'] if x.getValidationState() == 'validated']
if not len(certificate_id_list): if not len(certificate_login_list):
raise ValueError('No certificate') raise ValueError('No certificate')
# XXX - considering that there is always one objects # XXX - considering that there is always one objects
certificate_id = certificate_id_list[0] certificate_login = certificate_login_list[0]
context.getPortalObject().portal_web_services.caucase_adapter\ context.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference()) .revokeCertificate(certificate_login.getReference())
# Invalidate certificate # Invalidate certificate
certificate_id.invalidate() certificate_login.invalidate()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment