erp5_antivirus_clammit: support secure connection to clammit

The CA certificate can be stored on the connector (it is obtained from
the clammit instance).

bt5/erp5_antivirus_clammit/DocumentTemplateItem/portal_components/document.erp5.ClammitConnector.py

@@ -31,6 +31,7 @@ from Products.ERP5Type import Permissions
 from Products.ERP5Type.XMLObject import XMLObject
 
 import requests
+import tempfile
 
 class ClammitConnector(XMLObject):
   # CMF Type Definition
@@ -45,12 +46,27 @@ class ClammitConnector(XMLObject):
   _INFECTED_HTTP_STATUS_CODE = 418
   _DEFAULT_TIMEOUT = 30 # In seconds
 
+  def _query(self, *args, **kw):
+    def _request(*args, **kw):
+      return requests.request(*args, **kw)
+
+    kw.setdefault("timeout", self.getTimeout(self._DEFAULT_TIMEOUT))
+
+    ca_certificate = self.getCertificateAuthorityCertificate()
+    if ca_certificate:
+      with tempfile.NamedTemporaryFile() as certificate_authoritity_certificate:
+        certificate_authoritity_certificate.write(ca_certificate)
+        certificate_authoritity_certificate.seek(0)
+        kw["verify"] = certificate_authoritity_certificate.name
+        return _request(*args, **kw)
+
+    return _request(*args, **kw)
+
   def isSafe(self, data):
-    response = requests.post(
-      self.getUrlString() + '/scan',
-      files={'file': data},
-      timeout=self.getTimeout(self._DEFAULT_TIMEOUT),
-      verify=False, # TODO: how to do self-certs correctly ?
+    response = self._query(
+      "POST",
+      self.getUrlString() + "/scan",
+      files={"file": data},
     )
     if response.status_code == self._SANE_HTTP_STATUS_CODE:
       return True
@@ -60,10 +76,10 @@ class ClammitConnector(XMLObject):
       raise ValueError("Unknown status code")
 
   def isReady(self):
-    response = requests.get(
-      self.getUrlString() + '/readyz',
-      timeout=self.getTimeout(self._DEFAULT_TIMEOUT),
-      verify=False, # TODO: how to do self-certs correctly ?
+    response = self._query(
+      "GET",
+      self.getUrlString() + "/readyz",
+      timeout=3, # The timeout is much shorter as it is a light query
     )
     if response.status_code == 200:
       return True

bt5/erp5_antivirus_clammit/PortalTypePropertySheetTemplateItem/property_sheet_list.xml

@@ -3,5 +3,6 @@
   <item>Reference</item>
   <item>SocketClient</item>
   <item>Url</item>
+  <item>X509</item>
  </portal_type>
 </property_sheet_list>
\ No newline at end of file

bt5/erp5_antivirus_clammit/SkinTemplateItem/portal_skins/erp5_antivirus_clammit/ClammitConnector_view.xml

@@ -90,6 +90,7 @@
                     <value>
                       <list>
                         <string>my_description</string>
+                        <string>my_ssl_certificate_authority_certificate</string>
                       </list>
                     </value>
                 </item>

bt5/erp5_antivirus_clammit/SkinTemplateItem/portal_skins/erp5_antivirus_clammit/ClammitConnector_view/my_description.xml

@@ -9,9 +9,7 @@
         <item>
             <key> <string>delegated_list</string> </key>
             <value>
-              <list>
-                <string>title</string>
-              </list>
+              <list/>
             </value>
         </item>
         <item>
@@ -73,7 +71,7 @@
               <dictionary>
                 <item>
                     <key> <string>field_id</string> </key>
-                    <value> <string>my_text_area_field</string> </value>
+                    <value> <string>my_view_mode_description</string> </value>
                 </item>
                 <item>
                     <key> <string>form_id</string> </key>
@@ -83,10 +81,6 @@
                     <key> <string>target</string> </key>
                     <value> <string>Click to edit the target</string> </value>
                 </item>
-                <item>
-                    <key> <string>title</string> </key>
-                    <value> <string>Private Key</string> </value>
-                </item>
               </dictionary>
             </value>
         </item>

bt5/erp5_antivirus_clammit/SkinTemplateItem/portal_skins/erp5_antivirus_clammit/ClammitConnector_view/my_ssl_certificate_authority_certificate.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_ssl_certificate_authority_certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_text_area_field</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>CA Certificate</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_antivirus_clammit/TestTemplateItem/portal_components/test.erp5.testClammitAntivirus.py

@@ -61,7 +61,7 @@ class TestClammitAntivirus(ERP5TypeTestCase):
         portal_type="Clammit Connector",
         reference="clammit_test_connector",
         url_string="https://localhost:3000/clammit",
-        timeout=30,
+        timeout=5,
       )
 
   @mock.patch("requests.request")

bt5/erp5_antivirus_clammit/bt/template_portal_type_property_sheet_list

 Clammit Connector | Reference
 Clammit Connector | SocketClient
 Clammit Connector | Url
+Clammit Connector | X509
\ No newline at end of file