Commit 15a3c8f6 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Create CSR with more data

   While generate the first certificate include more typical information for the CSR, like city, company, email, state, country.

   Reuse the values from User Certificate to generate the next CSR, in case this API is called by the Certificate Login. This is consistent with the previous legacy API (portal_certificate_authority) that will rely on openssl.cnf defined versions.
parent e78bf8e1
...@@ -74,11 +74,13 @@ class CaucaseConnector(XMLObject): ...@@ -74,11 +74,13 @@ class CaucaseConnector(XMLObject):
if self.getUserCertificate() is None: if self.getUserCertificate() is None:
raise ValueError("You need to set the User Key and Certificate!") raise ValueError("You need to set the User Key and Certificate!")
return self._getConnection(user_key="/srv/slapgrid/slappart19/tmp/couscous")
with tempfile.NamedTemporaryFile(prefix='caucase_user_') as user_key_file: with tempfile.NamedTemporaryFile(prefix='caucase_user_') as user_key_file:
user_key_file.write( user_key_file.write(
self.getUserKey() + self.getUserCertificate() self.getUserKey() + self.getUserCertificate()
) )
# XXX Ensure the file is fully writen # XXX Ensure the file is fully writen
user_key_file.flush()
user_key_file.seek(0) user_key_file.seek(0)
return self._getConnection(user_key=user_key_file.name) return self._getConnection(user_key=user_key_file.name)
...@@ -106,6 +108,34 @@ class CaucaseConnector(XMLObject): ...@@ -106,6 +108,34 @@ class CaucaseConnector(XMLObject):
else: else:
self.setUserCertificate(crt_pem) self.setUserCertificate(crt_pem)
def _getSubjectNameAttributeList(self):
crt_pem = None #self.getUserCertificate()
if crt_pem is None:
name_attribute_list = []
for oid, value in [
(NameOID.ORGANIZATION_NAME, self.getCompanyName("ERP5")),
(NameOID.LOCALITY_NAME, self.getLocalityName()),
(NameOID.EMAIL_ADDRESS, self.getEmailAddress()),
(NameOID.STATE_OR_PROVINCE_NAME, self.getStateOrProvinceName()),
(NameOID.COUNTRY_NAME, self.getCountryName()),
]:
if value:
name_attribute_list.append(x509.NameAttribute(oid, value.decode()))
return name_attribute_list
else:
# Extract name attributes from the existing crt
ssl_certificate = x509.load_pem_x509_certificate(crt_pem)
# Filtered to a set of relevant OID
name_oid_list = [
NameOID.ORGANIZATION_NAME,
NameOID.LOCALITY_NAME,
NameOID.EMAIL_ADDRESS,
NameOID.STATE_OR_PROVINCE_NAME,
NameOID.COUNTRY_NAME,
]
return [i for i in ssl_certificate.subject if i.oid in name_oid_list ]
def _createCertificateRequest(self): def _createCertificateRequest(self):
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, key_size=2048, backend=default_backend()) public_exponent=65537, key_size=2048, backend=default_backend())
...@@ -115,10 +145,11 @@ class CaucaseConnector(XMLObject): ...@@ -115,10 +145,11 @@ class CaucaseConnector(XMLObject):
encryption_algorithm=serialization.NoEncryption() encryption_algorithm=serialization.NoEncryption()
) )
name_attribute_list = self._getSubjectNameAttributeList()
# Probably we should extend a bit more the attributes. # Probably we should extend a bit more the attributes.
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([ csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name(
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"ERP5"), name_attribute_list
])).sign(key, hashes.SHA256(), default_backend()) )).sign(key, hashes.SHA256(), default_backend())
return key_pem.decode(), csr.public_bytes(serialization.Encoding.PEM).decode() return key_pem.decode(), csr.public_bytes(serialization.Encoding.PEM).decode()
...@@ -139,4 +170,4 @@ class CaucaseConnector(XMLObject): ...@@ -139,4 +170,4 @@ class CaucaseConnector(XMLObject):
return self._getAuthenticatedConnection().revokeCertificate(crt_pem) return self._getAuthenticatedConnection().revokeCertificate(crt_pem)
return self._getConnection().revokeCertificate(crt_pem, key_pem) return self._getConnection().revokeCertificate(crt_pem, key_pem)
InitializeClass(CaucaseConnector) InitializeClass(CaucaseConnector)
\ No newline at end of file
...@@ -45,7 +45,9 @@ ...@@ -45,7 +45,9 @@
<item> <item>
<key> <string>text_content_warning_message</string> </key> <key> <string>text_content_warning_message</string> </key>
<value> <value>
<tuple/> <tuple>
<string>W: 78, 9: Unreachable code (unreachable)</string>
</tuple>
</value> </value>
</item> </item>
<item> <item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/text</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>company_name_property</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/text</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>country_name_property</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/text</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>email_address_property</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/text</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>locality_name_property</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Standard Property" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>elementary_type/text</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>state_or_province_name_property</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment