Skip to content

erp5
erp5
Commit cd88a38a authored by Rafael Monnerat's avatar Rafael Monnerat
Browse files
Options

erp5_certificate_authority: Drop CertificateAuthorityTool 

  This tool will be replaced by caucase implementation and drop
  related code that is not needed anymore
parent 3c28911e
Show whitespace changes
Inline Side-by-side
Showing with 1 addition and 716 deletions
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.py deleted 100644 → 0
View file @ 3c28911e
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2005 Nexedi SARL and Contributors. All Rights Reserved.
# Ivan Tyagov <ivan@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import random
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from erp5.component.tool.CertificateAuthorityTool import CertificateAuthorityBusy
#from AccessControl import Unauthorized
class TestCertificateAuthorityTool(ERP5TypeTestCase):
def afterSetUp(self):
if "TEST_CA_PATH" in os.environ:
self.portal.portal_certificate_authority.certificate_authority_path = \
os.environ['TEST_CA_PATH']
def getBusinessTemplateList(self):
return ('erp5_base', 'erp5_certificate_authority')
def test_lock_unlock(self):
certificate_authority_tool = self.portal.portal_certificate_authority
certificate_authority_tool._checkCertificateAuthority()
try:
certificate_authority_tool._lockCertificateAuthority()
certificate_authority_tool._unlockCertificateAuthority()
certificate_authority_tool._lockCertificateAuthority()
self.assertRaises(CertificateAuthorityBusy, certificate_authority_tool._lockCertificateAuthority)
finally:
certificate_authority_tool._unlockCertificateAuthority()
def test_getNewCertificate(self):
certificate_authority_tool = self.portal.portal_certificate_authority
common_name = str(random.random())
certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
self.assertEqual(common_name, certificate_dict['common_name'])
self.assertNotEqual(None, certificate_dict['id'])
self.assertNotEqual(None, certificate_dict['key'])
self.assertNotEqual(None, certificate_dict['certificate'])
self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
# Check serial
serial = certificate_authority_tool._getValidSerial(common_name)
self.assertEqual(serial, [certificate_dict['id'].upper()])
self.assertRaises(ValueError,
certificate_authority_tool.getNewCertificate, common_name)
def test_getNewCertificate_locked(self):
certificate_authority_tool = self.portal.portal_certificate_authority
certificate_authority_tool._checkCertificateAuthority()
try:
certificate_authority_tool._lockCertificateAuthority()
common_name = str(random.random())
self.assertRaises(CertificateAuthorityBusy,
certificate_authority_tool.getNewCertificate, common_name)
certificate_authority_tool._unlockCertificateAuthority()
certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
self.assertEqual(common_name, certificate_dict['common_name'])
finally:
certificate_authority_tool._unlockCertificateAuthority()
def test_revokeCertificate_raise(self):
certificate_authority_tool = self.portal.portal_certificate_authority
common_name = str(random.random())
self.assertRaises(ValueError,
certificate_authority_tool.revokeCertificate, common_name)
def test_revokeCertificate(self):
certificate_authority_tool = self.portal.portal_certificate_authority
common_name = str(random.random())
certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
self.assertEqual(common_name, certificate_dict['common_name'])
self.assertNotEqual(None, certificate_dict['id'])
self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
# Check serial
serial_list = certificate_authority_tool._getValidSerial(common_name)
self.assertEqual(len(serial_list), 1)
self.assertEqual(serial_list[0], certificate_dict['id'].upper())
revoke_dict = certificate_authority_tool.revokeCertificate(serial_list[0])
self.assertNotEqual(revoke_dict['crl'], None)
# No valid certificate anymore
self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
def test_revokeCertificateByName(self):
certificate_authority_tool = self.portal.portal_certificate_authority
common_name = str(random.random())
certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
self.assertEqual(common_name, certificate_dict['common_name'])
self.assertNotEqual(None, certificate_dict['id'])
self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
serial_list = certificate_authority_tool._getValidSerial(common_name)
self.assertEqual(len(serial_list), 1)
self.assertEqual(serial_list[0], certificate_dict['id'].upper())
response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
self.assertEqual(None, response)
# No valid certificate anymore
self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
def test_revokeCertificate_locked(self):
certificate_authority_tool = self.portal.portal_certificate_authority
common_name = str(random.random())
certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
self.assertEqual(common_name, certificate_dict['common_name'])
try:
certificate_authority_tool._lockCertificateAuthority()
self.assertRaises(CertificateAuthorityBusy,
certificate_authority_tool.revokeCertificateByCommonName, common_name)
certificate_authority_tool._unlockCertificateAuthority()
response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
self.assertEqual(None, response)
# No valid certificate anymore
self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
finally:
certificate_authority_tool._unlockCertificateAuthority()
bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.xml deleted 100644 → 0
View file @ 3c28911e
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Test Component" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>default_reference</string> </key>
<value> <string>testCertificateAuthorityTool</string> </value>
</item>
<item>
<key> <string>default_source_reference</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>test.erp5.testCertificateAuthorityTool</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Test Component</string> </value>
</item>
<item>
<key> <string>sid</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>text_content_error_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>version</string> </key>
<value> <string>erp5</string> </value>
</item>
<item>
<key> <string>workflow_history</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_log</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>action</string> </key>
<value> <string>validate</string> </value>
</item>
<item>
<key> <string>validation_state</string> </key>
<value> <string>validated</string> </value>
</item>
</dictionary>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.py deleted 100644 → 0
View file @ 3c28911e
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved.
# Łukasz Nowak <luke@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly advised to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import glob, os, subprocess, sys
import Products.ERP5
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.Tool.BaseTool import BaseTool
from Products.ERP5Type import Permissions
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from zLOG import LOG, INFO
from six import reraise
def popenCommunicate(command_list, input_=None, **kwargs):
kwargs.update(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
popen = subprocess.Popen(command_list, **kwargs)
result = popen.communicate(input_)[0]
if popen.returncode is None:
popen.kill()
if popen.returncode != 0:
raise ValueError('Issue during calling %r, result was:\n%s' % (
command_list, result))
return result
def binary_search(binary):
env_path_list = [p for p in os.getenv('PATH', '').split(os.pathsep)
if os.path.isdir(p)]
mode = os.R_OK | os.X_OK
for path in env_path_list:
pathbin = os.path.join(path, binary)
if os.access(pathbin, mode) == 1:
return pathbin
class CertificateAuthorityBusy(Exception):
"""Exception raised when certificate authority is busy"""
pass
class CertificateAuthorityDamaged(Exception):
"""Exception raised when certificate authority is damaged"""
pass
class CertificateAuthorityTool(BaseTool):
"""CertificateAuthorityTool
This tool assumes that in certificate_authority_path openssl configuration
is ready.
"""
id = 'portal_certificate_authority'
meta_type = 'ERP5 Certificate Authority Tool'
portal_type = 'Certificate Authority Tool'
title = 'Certificate Authorities'
security = ClassSecurityInfo()
allowed_types = ()
isIndexable = 1
certificate_authority_path = os.environ.get('CA_PATH', '')
openssl_binary = binary_search('openssl')
manage_options = (({'label': 'Edit',
'action': 'manage_editCertificateAuthorityToolForm',},
)
) + BaseTool.manage_options
_properties = (({'id':'certificate_authority_path',
'type':'string',
'mode':'w',
'label':'Absolute path to certificate authority',
},
)
)
def _lockCertificateAuthority(self):
"""Checks lock and locks Certificate Authority tool
Raises CertificateAuthorityBusy"""
if os.path.exists(self.lock):
raise CertificateAuthorityBusy
open(self.lock, 'w').write('locked')
def _unlockCertificateAuthority(self):
"""Checks lock and locks Certificate Authority tool"""
if os.path.exists(self.lock):
os.unlink(self.lock)
else:
LOG('CertificateAuthorityTool', INFO, 'Lock file %r did not existed '
'during unlocking' % self.lock)
def _checkCertificateAuthority(self):
"""Checks Certificate Authority configuration
Raises CertificateAuthorityDamaged"""
if not self.certificate_authority_path:
raise CertificateAuthorityDamaged('Certificate authority path is not '
'configured')
if not os.path.isdir(self.certificate_authority_path):
raise CertificateAuthorityDamaged('Path to Certificate Authority %r is '
'wrong' % self.certificate_authority_path)
self.openssl_binary = binary_search('openssl')
self.serial = os.path.join(self.certificate_authority_path, 'serial')
self.crl = os.path.join(self.certificate_authority_path, 'crlnumber')
self.index = os.path.join(self.certificate_authority_path, 'index.txt')
self.openssl_config = os.path.join(self.certificate_authority_path,
'openssl.cnf')
self.lock = os.path.join(self.certificate_authority_path, 'lock')
for f in [self.serial, self.crl, self.index]:
if not os.path.isfile(f):
raise CertificateAuthorityDamaged('File %r does not exists.' % f)
security.declarePrivate('manage_afterAdd')
def manage_afterAdd(self, item, container) :
"""Init permissions right after creation.
Permissions in tool are simple:
o Each member can access the tool.
o Only manager can view and create.
o Anonymous can not access
"""
item.manage_permission(Permissions.AddPortalContent,
['Manager'])
item.manage_permission(Permissions.AccessContentsInformation,
['Member', 'Manager'])
item.manage_permission(Permissions.View,
['Manager',])
BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
#'Edit' option form
manage_editCertificateAuthorityToolForm = PageTemplateFile(
os.path.join(os.path.dirname(Products.ERP5.__file__), 'www',
'CertificateAuthorityTool_editPropertyList'),
__name__='manage_editCertificateAuthorityToolForm')
security.declareProtected(Permissions.ManageProperties,
'manage_editCertificateAuthorityTool')
def manage_editCertificateAuthorityTool(self, certificate_authority_path,
RESPONSE=None):
"""Edit the object"""
error_message = ''
if certificate_authority_path == '' or certificate_authority_path is None:
error_message += 'Invalid Certificate Authority'
else:
self.certificate_authority_path = certificate_authority_path
#Redirect
if RESPONSE is not None:
if error_message != '':
self.REQUEST.form['manage_tabs_message'] = error_message
return self.manage_editCertificateAuthorityToolForm(RESPONSE)
else:
message = "Updated"
RESPONSE.redirect('%s/manage_editCertificateAuthorityToolForm'
'?manage_tabs_message=%s'
% (self.absolute_url(), message)
)
security.declareProtected(Permissions.AccessContentsInformation,
'getNewCertificate')
def getNewCertificate(self, common_name):
# No docstring in order to make this method non publishable
# Returns certificate for passed common name, as dictionary of
# {key, certificate, id, common_name}
if not common_name:
raise ValueError("Invalid common name: %r" % common_name)
self._checkCertificateAuthority()
self._lockCertificateAuthority()
index = open(self.index).read().splitlines()
valid_line_list = [q for q in index if q.startswith('V') and
('CN=%s/' % common_name in q)]
if len(valid_line_list) >= 1:
self._unlockCertificateAuthority()
raise ValueError('The common name %r already has a certificate'
'please revoke it before request a new one..' % common_name)
try:
new_id = open(self.serial, 'r').read().strip().lower()
key = os.path.join(self.certificate_authority_path, 'private',
new_id+'.key')
csr = os.path.join(self.certificate_authority_path, new_id + '.csr')
cert = os.path.join(self.certificate_authority_path, 'certs',
new_id + '.crt')
try:
os.close(os.open(key, os.O_CREAT | os.O_EXCL, 0o600))
popenCommunicate([self.openssl_binary, 'req', '-utf8', '-nodes', '-config',
self.openssl_config, '-new', '-keyout', key, '-out', csr, '-days',
'3650'], '%s\n' % common_name, stdin=subprocess.PIPE)
popenCommunicate([self.openssl_binary, 'ca', '-utf8', '-days', '3650',
'-batch', '-config', self.openssl_config, '-out', cert, '-infiles',
csr])
os.unlink(csr)
return dict(
key=open(key).read(),
certificate=open(cert).read(),
id=new_id,
common_name=common_name)
except Exception:
e = sys.exc_info()
try:
for p in key, csr, cert:
if os.path.exists(p):
os.unlink(p)
except Exception:
# do not raise during cleanup
pass
reraise(*e)
finally:
self._unlockCertificateAuthority()
security.declareProtected(Permissions.AccessContentsInformation,
'revokeCertificate')
def revokeCertificate(self, serial):
# No docstring in order to make this method non publishable
# Revokes certificate with serial, returns dictionary {crl}
self._checkCertificateAuthority()
self._lockCertificateAuthority()
try:
new_id = open(self.crl, 'r').read().strip().lower()
crl_path = os.path.join(self.certificate_authority_path, 'crl')
crl = os.path.join(crl_path, new_id + '.crl')
cert = os.path.join(self.certificate_authority_path, 'certs',
serial.lower() + '.crt')
if not os.path.exists(cert):
raise ValueError('Certificate with serial %r does not exist' % serial)
created = [crl]
popenCommunicate([self.openssl_binary, 'ca', '-config',
self.openssl_config, '-revoke', cert])
try:
popenCommunicate([self.openssl_binary, 'ca', '-utf8', '-config',
self.openssl_config, '-gencrl', '-out', crl])
alias = os.path.join(crl_path, popenCommunicate([self.openssl_binary,
'crl', '-noout', '-hash', '-in', crl]).strip() + '.r')
alias += str(len(glob.glob(alias + '*')))
created.append(alias)
os.symlink(os.path.basename(crl), alias)
return dict(crl=open(crl).read())
except Exception:
e = sys.exc_info()
try:
for p in 'index.txt', 'crlnumber':
p = os.path.join(self.certificate_authority_path, p)
os.rename(p + '.old', p)
for p in created:
if os.path.exists(p):
os.unlink(p)
except Exception:
# do not raise during cleanup
pass
reraise(*e)
finally:
self._unlockCertificateAuthority()
def _getValidSerial(self, common_name):
index = open(self.index).read().splitlines()
valid_line_list = [q for q in index if q.startswith('V') and
('CN=%s/' % common_name in q)]
if len(valid_line_list) < 1:
raise ValueError('No certificate for %r' % common_name)
return [l.split('\t')[3] for l in valid_line_list]
security.declareProtected(Permissions.AccessContentsInformation,
'revokeCertificateByCommonName')
def revokeCertificateByCommonName(self, common_name):
self._checkCertificateAuthority()
for serial in self._getValidSerial(common_name):
self.revokeCertificate(serial)
InitializeClass(CertificateAuthorityTool)
bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.xml deleted 100644 → 0
View file @ 3c28911e
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Tool Component" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>default_reference</string> </key>
<value> <string>CertificateAuthorityTool</string> </value>
</item>
<item>
<key> <string>default_source_reference</string> </key>
<value> <string>Products.ERP5.Tool.CertificateAuthorityTool</string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>tool.erp5.CertificateAuthorityTool</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Tool Component</string> </value>
</item>
<item>
<key> <string>sid</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>text_content_error_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>version</string> </key>
<value> <string>erp5</string> </value>
</item>
<item>
<key> <string>workflow_history</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_log</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>action</string> </key>
<value> <string>validate</string> </value>
</item>
<item>
<key> <string>validation_state</string> </key>
<value> <string>validated</string> </value>
</item>
</dictionary>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_certificate_authority/ToolTemplateItem/portal_certificate_authority.xml deleted 100644 → 0
View file @ 3c28911e
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Certificate Authority Tool" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_Access_contents_information_Permission</string> </key>
<value>
<tuple>
<string>Member</string>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_content_Permission</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>_View_Permission</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>portal_certificate_authority</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
bt5/erp5_certificate_authority/bt/template_test_id_list
View file @ cd88a38a
test.erp5.testCertificateAuthorityPerson
\ No newline at end of file
test.erp5.testCertificateAuthorityTool
\ No newline at end of file
bt5/erp5_certificate_authority/bt/template_tool_id_list deleted 100644 → 0
View file @ 3c28911e
portal_certificate_authority
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7