diff --git a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
index a44fd7386e58576010ca042b049af85f2ea4c406..50d997b22bca2c14166eaa6e15060b55211f77e8 100644
--- a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
+++ b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
from Products.ERP5.Document.Person import Person as ERP5Person
from Products.ERP5Type import Permissions
+class UserCertificateNotFound(Exception):
+ """Exception raised when certificate is not found"""
+ pass
+
+class UserCertificateFound(Exception):
+ """Exception raised when certificate is found"""
+ pass
+
class Person(ERP5Person):
security = ClassSecurityInfo()
- security.declarePublic('getCertificate')
def _checkCertificateRequest(self):
try:
@@ -19,24 +26,46 @@ class Person(ERP5Person):
if getSecurityManager().getUser().getId() != reference:
raise
- def _getCertificate(self):
- return self.getPortalObject().portal_certificate_authority\
- .getNewCertificate(self.getReference())
+ security.declarePublic('signCertificate')
+ def signCertificate(self, csr):
+ """Send csr for certificate signature"""
+ self._checkCertificateRequest()
+ if self.getDestinationReference():
+ raise UserCertificateFound("A Certificate already exists, please revoke it first!")
+ ca_service = self.getPortalObject().portal_web_services.caucase_adapter
+ csr_id = ca_service.putCertificateSigningRequest(csr)
- def _revokeCertificate(self):
- return self.getPortalObject().portal_certificate_authority\
- .revokeCertificateByCommonName(self.getReference())
+ # Sign the csr immediately
+ crt_id, url = ca_service.signCertificate(csr_id)
+ self.setDestinationReference(crt_id)
+ return crt_id, url
+ security.declarePublic('getCertificate')
def getCertificate(self):
- """Returns new SSL certificate"""
+ """Returns existing SSL certificate"""
self._checkCertificateRequest()
- return self._getCertificate()
+ crt_id = self.getDestinationReference()
+ if crt_id:
+ return self.getPortalObject().portal_web_services.caucase_adapter\
+ .getCertificate(crt_id)
+ raise UserCertificateNotFound(
+ "No certificate set for the user %s" % self.getReference()
+ )
security.declarePublic('revokeCertificate')
def revokeCertificate(self):
"""Revokes existing certificate"""
self._checkCertificateRequest()
- self._revokeCertificate()
+ crt_id = self.getDestinationReference()
+ if crt_id:
+ response = self.getPortalObject().portal_web_services.caucase_adapter\
+ .revokeCertificate(crt_id)
+ # Remove Destination Reference
+ self.setDestinationReference("")
+ return response.read()
+ raise UserCertificateNotFound(
+ "No certificate set for the user %s" % self.getReference()
+ )
security.declareProtected(Permissions.AccessContentsInformation,
'getTitle')
diff --git a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
index bec0fd0c8a8919c7fdce09c7b2c76e20469f7478..96a1300ab1fcecffc4307c04753605debcfdd329 100644
--- a/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
+++ b/master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
@@ -6,10 +6,22 @@
</pickle>
<pickle>
<dictionary>
+ <item>
+ <key> <string>_recorded_property_dict</string> </key>
+ <value>
+ <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+ </value>
+ </item>
<item>
<key> <string>default_reference</string> </key>
<value> <string>Person</string> </value>
</item>
+ <item>
+ <key> <string>description</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
<item>
<key> <string>id</string> </key>
<value> <string>document.erp5.Person</string> </value>
@@ -43,13 +55,28 @@
<item>
<key> <string>workflow_history</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
+ <pickle>
+ <global name="PersistentMapping" module="Persistence.mapping"/>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>data</string> </key>
+ <value>
+ <dictionary/>
+ </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+ <record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
@@ -62,7 +89,7 @@
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
</dictionary>
@@ -71,7 +98,7 @@
</dictionary>
</pickle>
</record>
- <record id="3" aka="AAAAAAAAAAM=">
+ <record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
</pickle>
diff --git a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
index 1935b9271bc9fbb2914f98009e6761086690f297..afcaaa7c675f268a01c1c7c76e50eef94fc840ed 100644
--- a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
+++ b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
@@ -1,14 +1,24 @@
computer = state_change['object']
+# Get required arguments
+kwargs = state_change.kwargs
+
+try:
+ certificate_signature_request = kwargs["csr"]
+except KeyError, e:
+ raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
if computer.getDestinationReference() is not None:
context.REQUEST.set("computer_certificate", None)
- context.REQUEST.set("computer_key", None)
+ context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.')
-ca = context.getPortalObject().portal_certificate_authority
-certificate_dict = ca.getNewCertificate(computer.getReference())
+ca_service = context.getPortalObject().portal_web_services.caucase_adapter
+csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
+# Sign the csr immediately
+crt_id, url = ca_service.signCertificate(csr_id)
+certificate = ca_service.getCertificate(crt_id)
-computer.setDestinationReference(certificate_dict["id"])
+computer.setDestinationReference(crt_id)
-context.REQUEST.set("computer_certificate", certificate_dict["certificate"])
-context.REQUEST.set("computer_key", certificate_dict["key"])
+context.REQUEST.set("computer_certificate", certificate)
+context.REQUEST.set("computer_certificate_url", url)
diff --git a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
index 56308f63454a1b88b5c50da50195ae4ff7a58462..96e88cc9ef856aa7967f9050ae93d238827c2c3b 100644
--- a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
+++ b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>state_change</string> </value>
</item>
+ <item>
+ <key> <string>_proxy_roles</string> </key>
+ <value>
+ <tuple>
+ <string>Manager</string>
+ </tuple>
+ </value>
+ </item>
<item>
<key> <string>id</string> </key>
<value> <string>Computer_generateCertificate</string> </value>
diff --git a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
index b4c5b60e641aaaee80db7b8f70c61d1c80d4a8ff..d5ae8b1655bda4bf84a9873b917ce2759bf16b74 100644
--- a/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
+++ b/master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
@@ -1,8 +1,9 @@
computer = state_change['object']
context.REQUEST.set('computer_certificate', None)
-context.REQUEST.set('computer_key', None)
+context.REQUEST.set('computer_certificate_url', None)
destination_reference = computer.getDestinationReference()
if destination_reference is None:
raise ValueError('No certificate')
-context.getPortalObject().portal_certificate_authority.revokeCertificate(destination_reference)
+context.getPortalObject().portal_web_services.caucase_adapter\
+ .revokeCertificate(destination_reference)
computer.setDestinationReference(None)