Commit bf12a67c authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Use source_reference rather them destination_reference

   Change the property used to clearly identify if this document used caucase or some previous legacy implementation not supported anymore.

   In such case, invalidate the Certificate Login is enough to prevent access.
parent 9e64e48d
...@@ -51,7 +51,6 @@ class CertificateLoginMixin: ...@@ -51,7 +51,6 @@ class CertificateLoginMixin:
return csr.public_bytes(serialization.Encoding.PEM).decode() return csr.public_bytes(serialization.Encoding.PEM).decode()
def _getCaucaseConnector(self): def _getCaucaseConnector(self):
portal = self.getPortalObject() portal = self.getPortalObject()
connector_list = portal.portal_catalog.unrestrictedSearchResults( connector_list = portal.portal_catalog.unrestrictedSearchResults(
...@@ -73,9 +72,9 @@ class CertificateLoginMixin: ...@@ -73,9 +72,9 @@ class CertificateLoginMixin:
certificate_dict = { certificate_dict = {
"common_name" : self.getReference() "common_name" : self.getReference()
} }
if self.getReference and self.getDestinationReference(): if self.getReference and self.getSourceReference():
certificate_dict["id"] = self.getDestinationReference() certificate_dict["id"] = self.getSourceReference()
crt_pem = caucase_connector.getCertificate(self.getDestinationReference()) crt_pem = caucase_connector.getCertificate(self.getSourceReference())
certificate_dict["certificate"] = crt_pem certificate_dict["certificate"] = crt_pem
# We should assert that reference is the CN of crt_pem # We should assert that reference is the CN of crt_pem
return certificate_dict return certificate_dict
...@@ -93,18 +92,18 @@ class CertificateLoginMixin: ...@@ -93,18 +92,18 @@ class CertificateLoginMixin:
caucase_connector.createCertificate(csr_id, template_csr=template_csr) caucase_connector.createCertificate(csr_id, template_csr=template_csr)
crt_pem = caucase_connector.getCertificate(csr_id) crt_pem = caucase_connector.getCertificate(csr_id)
self.setDestinationReference(csr_id) self.setSourceReference(csr_id)
return { return {
"certificate" : crt_pem, "certificate" : crt_pem,
"id" : self.getDestinationReference(), "id" : self.getSourceReference(),
"common_name" : self.getReference() "common_name" : self.getReference()
} }
security.declarePublic('getCertificate') security.declarePublic('getCertificate')
def getCertificate(self, csr=None): def getCertificate(self, csr=None):
"""Returns new SSL certificate""" """Returns new SSL certificate"""
if csr is None and self.getDestinationReference() is None: if csr is None and self.getSourceReference() is None:
key, csr = self._getCaucaseConnector()._createCertificateRequest() key, csr = self._getCaucaseConnector()._createCertificateRequest()
certificate_dict = self._getCertificate(csr=csr) certificate_dict = self._getCertificate(csr=csr)
certificate_dict["key"] = key certificate_dict["key"] = key
...@@ -113,18 +112,14 @@ class CertificateLoginMixin: ...@@ -113,18 +112,14 @@ class CertificateLoginMixin:
return self._getCertificate(csr=csr) return self._getCertificate(csr=csr)
def _revokeCertificate(self): def _revokeCertificate(self):
if self.getDestinationReference() is not None: if self.getDestinationReference() is not None or (
certificate_dict = self.getPortalObject().portal_certificate_authority\ self.getReference() is not None and self.getSourceReference() is None
.revokeCertificate(self.getDestinationReference()) ):
self.setDestinationReference(None) raise ValueError("You cannot revoke certificates from prior implementation!")
return certificate_dict
elif self.getReference() is not None: if self.getSourceReference() is not None:
# Backward compatibility whenever the serial wast set raise NotImplementedError()
certificate_dict = self.getPortalObject().portal_certificate_authority\
.revokeCertificateByCommonName(self.getReference())
# Ensure it is None
self.setDestinationReference(None)
return certificate_dict
else: else:
raise ValueError("No certificate found to revoke!") raise ValueError("No certificate found to revoke!")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment