Commit 7476c6b8 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Improve security settings

parent 665f162e
...@@ -78,7 +78,7 @@ class CaucaseConnector(XMLObject): ...@@ -78,7 +78,7 @@ class CaucaseConnector(XMLObject):
return self._getConnection(user_key=user_key_file.name) return self._getConnection(user_key=user_key_file.name)
security.declarePublic('bootstrapCaucaseConfiguration') security.declareProtected(Permissions.ManageUsers, 'bootstrapCaucaseConfiguration')
def bootstrapCaucaseConfiguration(self): def bootstrapCaucaseConfiguration(self):
if self.getUserCertificate() is None: if self.getUserCertificate() is None:
caucase_connection = self._getConnection(mode="user") caucase_connection = self._getConnection(mode="user")
...@@ -103,7 +103,6 @@ class CaucaseConnector(XMLObject): ...@@ -103,7 +103,6 @@ class CaucaseConnector(XMLObject):
else: else:
self.setUserCertificate(crt_pem) self.setUserCertificate(crt_pem)
def _getSubjectNameAttributeList(self): def _getSubjectNameAttributeList(self):
crt_pem = None #self.getUserCertificate() crt_pem = None #self.getUserCertificate()
if crt_pem is None: if crt_pem is None:
...@@ -154,12 +153,15 @@ class CaucaseConnector(XMLObject): ...@@ -154,12 +153,15 @@ class CaucaseConnector(XMLObject):
def createCertificateSigningRequest(self, csr): def createCertificateSigningRequest(self, csr):
return self._getConnection().createCertificateSigningRequest(csr) return self._getConnection().createCertificateSigningRequest(csr)
security.declareProtected(Permissions.ManageUsers, 'createCertificate')
def createCertificate(self, csr_id, template_csr=""): def createCertificate(self, csr_id, template_csr=""):
return self._getAuthenticatedConnection().createCertificate(csr_id, template_csr) return self._getAuthenticatedConnection().createCertificate(csr_id, template_csr)
security.declareProtected(Permissions.ManageUsers, 'getCertificate')
def getCertificate(self, csr_id): def getCertificate(self, csr_id):
return self._getAuthenticatedConnection().getCertificate(csr_id) return self._getAuthenticatedConnection().getCertificate(csr_id)
security.declareProtected(Permissions.ManageUsers, 'revokeCertificate')
def revokeCertificate(self, crt_pem, key_pem=None): def revokeCertificate(self, crt_pem, key_pem=None):
if key_pem is None: if key_pem is None:
return self._getAuthenticatedConnection().revokeCertificate(crt_pem) return self._getAuthenticatedConnection().revokeCertificate(crt_pem)
......
...@@ -24,6 +24,14 @@ ...@@ -24,6 +24,14 @@
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>user_certificate_property</string> </value> <value> <string>user_certificate_property</string> </value>
</item> </item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
......
...@@ -24,6 +24,14 @@ ...@@ -24,6 +24,14 @@
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>user_certificate_request_reference_property</string> </value> <value> <string>user_certificate_request_reference_property</string> </value>
</item> </item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
......
...@@ -24,6 +24,14 @@ ...@@ -24,6 +24,14 @@
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>user_key_property</string> </value> <value> <string>user_key_property</string> </value>
</item> </item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment