Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos.core
Commits
792059be
Commit
792059be
authored
Jun 19, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos_cloud: use caucase webservice for certificate management
parent
300091cc
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
96 additions
and
21 deletions
+96
-21
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
...entTemplateItem/portal_components/document.erp5.Person.py
+39
-10
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
...ntTemplateItem/portal_components/document.erp5.Person.xml
+30
-3
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
...nterface_workflow/scripts/Computer_generateCertificate.py
+16
-6
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
...terface_workflow/scripts/Computer_generateCertificate.xml
+8
-0
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
..._interface_workflow/scripts/Computer_revokeCertificate.py
+3
-2
No files found.
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
View file @
792059be
...
@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
...
@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
from
Products.ERP5.Document.Person
import
Person
as
ERP5Person
from
Products.ERP5.Document.Person
import
Person
as
ERP5Person
from
Products.ERP5Type
import
Permissions
from
Products.ERP5Type
import
Permissions
class
UserCertificateNotFound
(
Exception
):
"""Exception raised when certificate is not found"""
pass
class
UserCertificateFound
(
Exception
):
"""Exception raised when certificate is found"""
pass
class
Person
(
ERP5Person
):
class
Person
(
ERP5Person
):
security
=
ClassSecurityInfo
()
security
=
ClassSecurityInfo
()
security
.
declarePublic
(
'getCertificate'
)
def
_checkCertificateRequest
(
self
):
def
_checkCertificateRequest
(
self
):
try
:
try
:
...
@@ -19,24 +26,46 @@ class Person(ERP5Person):
...
@@ -19,24 +26,46 @@ class Person(ERP5Person):
if
getSecurityManager
().
getUser
().
getId
()
!=
reference
:
if
getSecurityManager
().
getUser
().
getId
()
!=
reference
:
raise
raise
def
_getCertificate
(
self
):
security
.
declarePublic
(
'signCertificate'
)
return
self
.
getPortalObject
().
portal_certificate_authority
\
def
signCertificate
(
self
,
csr
):
.
getNewCertificate
(
self
.
getReference
())
"""Send csr for certificate signature"""
self
.
_checkCertificateRequest
()
if
self
.
getDestinationReference
():
raise
UserCertificateFound
(
"A Certificate already exists, please revoke it first!"
)
ca_service
=
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
csr_id
=
ca_service
.
putCertificateSigningRequest
(
csr
)
def
_revokeCertificate
(
self
):
# Sign the csr immediately
return
self
.
getPortalObject
().
portal_certificate_authority
\
crt_id
,
url
=
ca_service
.
signCertificate
(
csr_id
)
.
revokeCertificateByCommonName
(
self
.
getReference
())
self
.
setDestinationReference
(
crt_id
)
return
crt_id
,
url
security
.
declarePublic
(
'getCertificate'
)
def
getCertificate
(
self
):
def
getCertificate
(
self
):
"""Returns
new
SSL certificate"""
"""Returns
existing
SSL certificate"""
self
.
_checkCertificateRequest
()
self
.
_checkCertificateRequest
()
return
self
.
_getCertificate
()
crt_id
=
self
.
getDestinationReference
()
if
crt_id
:
return
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
getCertificate
(
crt_id
)
raise
UserCertificateNotFound
(
"No certificate set for the user %s"
%
self
.
getReference
()
)
security
.
declarePublic
(
'revokeCertificate'
)
security
.
declarePublic
(
'revokeCertificate'
)
def
revokeCertificate
(
self
):
def
revokeCertificate
(
self
):
"""Revokes existing certificate"""
"""Revokes existing certificate"""
self
.
_checkCertificateRequest
()
self
.
_checkCertificateRequest
()
self
.
_revokeCertificate
()
crt_id
=
self
.
getDestinationReference
()
if
crt_id
:
response
=
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
revokeCertificate
(
crt_id
)
# Remove Destination Reference
self
.
setDestinationReference
(
""
)
return
response
.
read
()
raise
UserCertificateNotFound
(
"No certificate set for the user %s"
%
self
.
getReference
()
)
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
'getTitle'
)
'getTitle'
)
...
...
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
View file @
792059be
...
@@ -6,10 +6,22 @@
...
@@ -6,10 +6,22 @@
</pickle>
</pickle>
<pickle>
<pickle>
<dictionary>
<dictionary>
<item>
<key>
<string>
_recorded_property_dict
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<item>
<key>
<string>
default_reference
</string>
</key>
<key>
<string>
default_reference
</string>
</key>
<value>
<string>
Person
</string>
</value>
<value>
<string>
Person
</string>
</value>
</item>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<item>
<key>
<string>
id
</string>
</key>
<key>
<string>
id
</string>
</key>
<value>
<string>
document.erp5.Person
</string>
</value>
<value>
<string>
document.erp5.Person
</string>
</value>
...
@@ -43,13 +55,28 @@
...
@@ -43,13 +55,28 @@
<item>
<item>
<key>
<string>
workflow_history
</string>
</key>
<key>
<string>
workflow_history
</string>
</key>
<value>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
I
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
</value>
</value>
</item>
</item>
</dictionary>
</dictionary>
</pickle>
</pickle>
</record>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
</pickle>
...
@@ -62,7 +89,7 @@
...
@@ -62,7 +89,7 @@
<item>
<item>
<key>
<string>
component_validation_workflow
</string>
</key>
<key>
<string>
component_validation_workflow
</string>
</key>
<value>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
Q
=
</string>
</persistent>
</value>
</value>
</item>
</item>
</dictionary>
</dictionary>
...
@@ -71,7 +98,7 @@
...
@@ -71,7 +98,7 @@
</dictionary>
</dictionary>
</pickle>
</pickle>
</record>
</record>
<record
id=
"
3"
aka=
"AAAAAAAAAAM
="
>
<record
id=
"
4"
aka=
"AAAAAAAAAAQ
="
>
<pickle>
<pickle>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.patches.WorkflowTool"
/>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.patches.WorkflowTool"
/>
</pickle>
</pickle>
...
...
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
View file @
792059be
computer
=
state_change
[
'object'
]
computer
=
state_change
[
'object'
]
# Get required arguments
kwargs
=
state_change
.
kwargs
try
:
certificate_signature_request
=
kwargs
[
"csr"
]
except
KeyError
,
e
:
raise
TypeError
(
"Computer_generateCertificate takes exactly 1 argument: %s"
%
str
(
e
))
if
computer
.
getDestinationReference
()
is
not
None
:
if
computer
.
getDestinationReference
()
is
not
None
:
context
.
REQUEST
.
set
(
"computer_certificate"
,
None
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
None
)
context
.
REQUEST
.
set
(
"computer_
key
"
,
None
)
context
.
REQUEST
.
set
(
"computer_
certificate_url
"
,
None
)
raise
ValueError
(
'Certificate still active.'
)
raise
ValueError
(
'Certificate still active.'
)
ca
=
context
.
getPortalObject
().
portal_certificate_authority
ca_service
=
context
.
getPortalObject
().
portal_web_services
.
caucase_adapter
certificate_dict
=
ca
.
getNewCertificate
(
computer
.
getReference
())
csr_id
=
ca_service
.
putCertificateSigningRequest
(
certificate_signature_request
)
# Sign the csr immediately
crt_id
,
url
=
ca_service
.
signCertificate
(
csr_id
)
certificate
=
ca_service
.
getCertificate
(
crt_id
)
computer
.
setDestinationReference
(
c
ertificate_dict
[
"id"
]
)
computer
.
setDestinationReference
(
c
rt_id
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
certificate
_dict
[
"certificate"
]
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
certificate
)
context
.
REQUEST
.
set
(
"computer_
key"
,
certificate_dict
[
"key"
]
)
context
.
REQUEST
.
set
(
"computer_
certificate_url"
,
url
)
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
View file @
792059be
...
@@ -52,6 +52,14 @@
...
@@ -52,6 +52,14 @@
<key>
<string>
_params
</string>
</key>
<key>
<string>
_params
</string>
</key>
<value>
<string>
state_change
</string>
</value>
<value>
<string>
state_change
</string>
</value>
</item>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
<value>
<tuple>
<string>
Manager
</string>
</tuple>
</value>
</item>
<item>
<item>
<key>
<string>
id
</string>
</key>
<key>
<string>
id
</string>
</key>
<value>
<string>
Computer_generateCertificate
</string>
</value>
<value>
<string>
Computer_generateCertificate
</string>
</value>
...
...
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
View file @
792059be
computer
=
state_change
[
'object'
]
computer
=
state_change
[
'object'
]
context
.
REQUEST
.
set
(
'computer_certificate'
,
None
)
context
.
REQUEST
.
set
(
'computer_certificate'
,
None
)
context
.
REQUEST
.
set
(
'computer_
key
'
,
None
)
context
.
REQUEST
.
set
(
'computer_
certificate_url
'
,
None
)
destination_reference
=
computer
.
getDestinationReference
()
destination_reference
=
computer
.
getDestinationReference
()
if
destination_reference
is
None
:
if
destination_reference
is
None
:
raise
ValueError
(
'No certificate'
)
raise
ValueError
(
'No certificate'
)
context
.
getPortalObject
().
portal_certificate_authority
.
revokeCertificate
(
destination_reference
)
context
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
revokeCertificate
(
destination_reference
)
computer
.
setDestinationReference
(
None
)
computer
.
setDestinationReference
(
None
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment