Commit d3ed1fe6 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: use a custom subject CN in signed certificates

parent 73562467
......@@ -31,7 +31,7 @@ from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.XMLObject import XMLObject
import functools
from json import loads
from json import loads, dumps
import urllib2, urllib
from httplib import HTTPSConnection
import urlparse
......@@ -120,13 +120,19 @@ class CaucaseRESTClientInterface(XMLObject):
"""
return self._request('crt/%s' % crt_id).read()
def signCertificate(self, csr_id):
def signCertificate(self, csr_id, subject=None):
"""
Sign a certificate from the CSR id
return the certificate ID and URL to download certificate
"""
data = urllib.urlencode({'csr_id': csr_id})
if not subject:
data = urllib.urlencode({'csr_id': csr_id})
else:
data = urllib.urlencode({
'csr_id': csr_id,
'subject': dumps(subject)
})
response = self._request('/crt', data=data, method='PUT')
cert_id = response.headers['Location'].split('/')[-1]
return (cert_id, response.headers['Location'])
......
......@@ -33,7 +33,9 @@ class Person(ERP5Person):
csr_id = ca_service.putCertificateSigningRequest(csr)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()})
# link to the user
certificate_id = self.newContent(
......
......@@ -99,13 +99,16 @@ class SoftwareInstance(Item):
certificate_id = self._getInstanceCertificate()
if certificate_id is not None:
# Get new Certificate will automatically revoke the previous
self.revokeCertificate(certificate_id)
self.revokeCertificate(certificate_id=certificate_id)
ca_service = self.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()}
)
# link to the Instance
certificate_id = self.newContent(
......@@ -123,11 +126,13 @@ class SoftwareInstance(Item):
if certificate_id is None:
certificate_id = self._getInstanceCertificate()
if certificate_id:
return self.getPortalObject().portal_web_services.caucase_adapter \
self.getPortalObject().portal_web_services.caucase_adapter \
.revokeCertificate(certificate_id.getReference())
raise ValueError(
"No certificate found for Software Instance %s" % self.getReference()
)
certificate_id.invalidate()
else:
raise ValueError(
"No certificate found for Software Instance %s" % self.getReference()
)
security.declareProtected(Permissions.AccessContentsInformation,
'getSlaXmlAsDict')
......
......@@ -20,7 +20,9 @@ if len(certificate_id_list):
ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id)
crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': computer.getReference()})
certificate = ca_service.getCertificate(crt_id)
certificate_id = computer.newContent(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment