Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Rafael Monnerat
erp5
Commits
c6fb21f0
Commit
c6fb21f0
authored
Oct 18, 2023
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
erp5_certificate_authority: Ensure extra namedattributes are added when master sign certificates
parent
7476c6b8
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
88 additions
and
17 deletions
+88
-17
bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5.CaucaseConnector.py
...eItem/portal_components/document.erp5.CaucaseConnector.py
+1
-1
bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
...tem/portal_components/mixin.erp5.CertificateLoginMixin.py
+10
-5
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityCaucaseConnector.py
...nts/test.erp5.testCertificateAuthorityCaucaseConnector.py
+24
-0
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityPerson.py
...al_components/test.erp5.testCertificateAuthorityPerson.py
+49
-10
product/ERP5Type/tests/ERP5TypeCaucaseTestCase.py
product/ERP5Type/tests/ERP5TypeCaucaseTestCase.py
+4
-1
No files found.
bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5.CaucaseConnector.py
View file @
c6fb21f0
...
...
@@ -104,7 +104,7 @@ class CaucaseConnector(XMLObject):
self
.
setUserCertificate
(
crt_pem
)
def
_getSubjectNameAttributeList
(
self
):
crt_pem
=
None
#
self.getUserCertificate()
crt_pem
=
self
.
getUserCertificate
()
if
crt_pem
is
None
:
name_attribute_list
=
[]
for
oid
,
value
in
[
...
...
bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
View file @
c6fb21f0
...
...
@@ -43,11 +43,16 @@ class CertificateLoginMixin:
key
=
rsa
.
generate_private_key
(
public_exponent
=
65537
,
key_size
=
2048
,
backend
=
default_backend
())
# Probably we should extend a bit more the attributes.
csr
=
x509
.
CertificateSigningRequestBuilder
().
subject_name
(
x509
.
Name
([
# The cryptography library only accept Unicode.
x509
.
NameAttribute
(
NameOID
.
COMMON_NAME
,
self
.
getReference
().
decode
(
'UTF-8'
)),
])).
sign
(
key
,
hashes
.
SHA256
(),
default_backend
())
name_attribute_list
=
self
.
_getCaucaseConnector
().
_getSubjectNameAttributeList
()
name_attribute_list
.
append
(
x509
.
NameAttribute
(
NameOID
.
COMMON_NAME
,
# The cryptography library only accept Unicode.
self
.
getReference
().
decode
(
'UTF-8'
)))
csr
=
x509
.
CertificateSigningRequestBuilder
().
subject_name
(
x509
.
Name
(
name_attribute_list
)).
sign
(
key
,
hashes
.
SHA256
(),
default_backend
())
return
csr
.
public_bytes
(
serialization
.
Encoding
.
PEM
).
decode
()
...
...
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityCaucaseConnector.py
View file @
c6fb21f0
...
...
@@ -33,10 +33,19 @@ from cryptography import x509
from
cryptography.hazmat.backends
import
default_backend
from
cryptography.hazmat.primitives
import
serialization
from
caucase.client
import
CaucaseHTTPError
from
cryptography.x509.oid
import
NameOID
class
TestCertificateAuthorityCaucaseConnector
(
ERP5TypeCaucaseTestCase
):
caucase_certificate_kw
=
{
"company_name"
:
"ERP5 Company"
,
"country_name"
:
"FR"
,
"email_address"
:
"noreply@erp5.net"
,
"locality_name"
:
"Lille"
,
"state_or_province_name"
:
"Nord-Pas-de-Calais"
}
def
afterSetUp
(
self
):
self
.
setUpCaucase
()
self
.
caucase_connector
=
self
.
portal
.
portal_web_services
.
test_caucase_connector
...
...
@@ -85,6 +94,21 @@ class TestCertificateAuthorityCaucaseConnector(ERP5TypeCaucaseTestCase):
cert
=
x509
.
load_pem_x509_certificate
(
cert_data
,
default_backend
())
privkey
=
serialization
.
load_pem_private_key
(
key
.
encode
(),
None
,
default_backend
())
self
.
assertEqual
([
"ERP5 Company"
],
[
i
.
value
for
i
in
cert
.
subject
if
i
.
oid
==
NameOID
.
ORGANIZATION_NAME
])
self
.
assertEqual
([
"FR"
],
[
i
.
value
for
i
in
cert
.
subject
if
i
.
oid
==
NameOID
.
COUNTRY_NAME
])
self
.
assertEqual
([
"noreply@erp5.net"
],
[
i
.
value
for
i
in
cert
.
subject
if
i
.
oid
==
NameOID
.
EMAIL_ADDRESS
])
self
.
assertEqual
([
"Lille"
],
[
i
.
value
for
i
in
cert
.
subject
if
i
.
oid
==
NameOID
.
LOCALITY_NAME
])
self
.
assertEqual
([
"Nord-Pas-de-Calais"
],
[
i
.
value
for
i
in
cert
.
subject
if
i
.
oid
==
NameOID
.
STATE_OR_PROVINCE_NAME
])
cerfificate_pub
=
cert
.
public_key
().
public_bytes
(
serialization
.
Encoding
.
PEM
,
format
=
serialization
.
PublicFormat
.
SubjectPublicKeyInfo
)
private_key_pub
=
privkey
.
public_key
().
public_bytes
(
...
...
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityPerson.py
View file @
c6fb21f0
...
...
@@ -39,6 +39,14 @@ from cryptography.x509.oid import NameOID
class
TestPersonCertificateLogin
(
ERP5TypeCaucaseTestCase
):
caucase_certificate_kw
=
{
"company_name"
:
"ERP5 Company"
,
"country_name"
:
"FR"
,
"email_address"
:
"noreply@erp5.net"
,
"locality_name"
:
"Lille"
,
"state_or_province_name"
:
"Nord-Pas-de-Calais"
}
def
afterSetUp
(
self
):
self
.
setUpCaucase
()
if
getattr
(
self
.
portal
.
portal_types
.
Person
,
...
...
@@ -80,10 +88,26 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
][
0
]
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn
)
self
.
assertEqual
([
"ERP5 Company"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
ORGANIZATION_NAME
])
self
.
assertEqual
([
"FR"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COUNTRY_NAME
])
self
.
assertEqual
([
"noreply@erp5.net"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
EMAIL_ADDRESS
])
self
.
assertEqual
([
"Lille"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
LOCALITY_NAME
])
self
.
assertEqual
([
"Nord-Pas-de-Calais"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
STATE_OR_PROVINCE_NAME
])
def
test_person_duplicated_login
(
self
):
user_id
,
login
=
self
.
_createPerson
()
self
.
loginByUserName
(
login
)
...
...
@@ -103,7 +127,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
][
0
]
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn
)
...
...
@@ -127,7 +151,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
][
0
]
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn
)
...
...
@@ -151,7 +175,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
new_certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
new_certificate
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
][
0
]
self
.
assertEqual
(
new_certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn
)
...
...
@@ -204,7 +228,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
@@ -214,6 +238,21 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
certificate_login
.
validate
()
self
.
assertEqual
(
certificate_login
.
getValidationState
(),
"validated"
)
self
.
assertEqual
([
"ERP5 Company"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
ORGANIZATION_NAME
])
self
.
assertEqual
([
"FR"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COUNTRY_NAME
])
self
.
assertEqual
([
"noreply@erp5.net"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
EMAIL_ADDRESS
])
self
.
assertEqual
([
"Lille"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
LOCALITY_NAME
])
self
.
assertEqual
([
"Nord-Pas-de-Calais"
],
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
STATE_OR_PROVINCE_NAME
])
def
test_certificate_login_get_certificate_set_reference
(
self
):
person
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
)
certificate_login
=
person
.
newContent
(
portal_type
=
'Certificate Login'
,
...
...
@@ -229,7 +268,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
certificate_login
.
getReference
().
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
@@ -254,7 +293,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertIn
(
"key"
,
certificate_dict
.
keys
())
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
@@ -280,7 +319,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
reference
.
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
@@ -306,7 +345,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
reference
.
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
@@ -332,7 +371,7 @@ class TestPersonCertificateLogin(ERP5TypeCaucaseTestCase):
self
.
assertTrue
(
reference
.
startswith
(
"CERT"
))
ssl_certificate
=
x509
.
load_pem_x509_certificate
(
certificate_dict
[
'certificate'
])
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
1
)
self
.
assertEqual
(
len
(
ssl_certificate
.
subject
),
6
)
cn_list
=
[
i
.
value
for
i
in
ssl_certificate
.
subject
if
i
.
oid
==
NameOID
.
COMMON_NAME
]
self
.
assertEqual
(
len
(
cn_list
),
1
)
self
.
assertEqual
(
certificate_login
.
getReference
().
decode
(
"UTF-8"
),
cn_list
[
0
])
...
...
product/ERP5Type/tests/ERP5TypeCaucaseTestCase.py
View file @
c6fb21f0
...
...
@@ -78,6 +78,7 @@ def retry(callback, try_count=10, try_delay=0.1):
class
ERP5TypeCaucaseTestCase
(
ERP5TypeTestCase
):
""" Helpfull code to start/stop/control a caucased service for the tests
"""
caucase_certificate_kw
=
{}
def
_startCaucaseServer
(
self
,
argv
=
(),
timeout
=
10
):
"""
Start caucased server
...
...
@@ -152,7 +153,8 @@ class ERP5TypeCaucaseTestCase(ERP5TypeTestCase):
portal_type
=
"Caucase Connector"
,
reference
=
"erp5-certificate-login"
,
user_key
=
None
,
user_certificate
=
None
user_certificate
=
None
,
**
self
.
caucase_certificate_kw
)
test_caucase_connector
.
validate
()
...
...
@@ -177,3 +179,4 @@ class ERP5TypeCaucaseTestCase(ERP5TypeTestCase):
try_delay
=
1
):
raise
ValueError
(
"Unable to configure"
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment