Skip to content

S
slapos.core
Commit accf8b64 authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

slapos_cloud: save certificate serial instead of certificate ID

parent b17809ef
Hide whitespace changes
Inline Side-by-side
Showing with 43 additions and 36 deletions
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.py
View file @ accf8b64
......@@ -108,23 +108,25 @@ class CaucaseRESTClientInterface(XMLObject):
"""
return loads(self._request('/crt/ca.crt.json').read())
def getCertificateFromSerial(self, serial):
def getCertificateFromId(self, crt_id):
"""
Get Certificate as PEM string
Get Certificate as PEM string from CRT ID
"""
return self._request('crt/serial/%s' % serial).read()
return self._request('crt/%s' % crt_id).read()
def getCertificate(self, crt_id):
def getCertificate(self, serial):
"""
Get Certificate as PEM string
Get Certificate as PEM string from serial
"""
crt_id = '%s.crt.pem' % serial
return self._request('crt/%s' % crt_id).read()
def signCertificate(self, csr_id, subject=None):
"""
Sign a certificate from the CSR id
return the certificate ID and URL to download certificate
return the certificate ID and URL to download certificate and serial into
dict
"""
if not subject:
data = urllib.urlencode({'csr_id': csr_id})
......@@ -135,12 +137,17 @@ class CaucaseRESTClientInterface(XMLObject):
})
response = self._request('/crt', data=data, method='PUT')
cert_id = response.headers['Location'].split('/')[-1]
return (cert_id, response.headers['Location'])
# XXX - remove extension on cert_id (.crt.pem) to get serial
serial = cert_id[:-8]
return {'id': cert_id,
'serial': serial,
'url': response.headers['Location']}
def revokeCertificate(self, crt_id):
def revokeCertificate(self, serial):
"""
Revoke existing and valid certificate
"""
crt_id = '%s.crt.pem' % serial
return self._request(
'/crt/revoke/id',
data=urllib.urlencode({'crt_id': crt_id}),
......@@ -175,5 +182,5 @@ class CaucaseRESTClientInterface(XMLObject):
Delete CSR from his id
"""
response = self._request('/csr/%s' % csr_id, method='DELETE').read()
InitializeClass(CaucaseRESTClientInterface)
\ No newline at end of file
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
View file @ accf8b64
......@@ -33,28 +33,28 @@ class Person(ERP5Person):
csr_id = ca_service.putCertificateSigningRequest(csr)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()})
# link to the user
certificate_id = self.newContent(
portal_type="Certificate Login",
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
return crt_id, url
return result_dict['serial'], result_dict['url']
security.declarePublic('getCertificate')
def getCertificate(self):
"""Returns existing SSL certificate"""
self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList()
if crt_id_list:
crt_login_list = self.getPersonCertificateList()
if crt_login_list:
# XXX - considering there is only one certificate per user
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(crt_id_list[0].getReference())
.getCertificate(crt_login_list[0].getReference())
raise ValueError(
"No certificate set for the user %s" % self.getReference()
)
......@@ -63,10 +63,10 @@ class Person(ERP5Person):
def revokeCertificate(self):
"""Revokes existing certificate"""
self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList()
if crt_id_list:
crt_login_list = self.getPersonCertificateList()
if crt_login_list:
# XXX - considering there is only one certificate per user
certificate_id = crt_id_list[0]
certificate_id = crt_login_list[0]
response = self.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference())
# Invalidate certificate id of the user
......
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py
View file @ accf8b64
......@@ -77,9 +77,9 @@ class SoftwareInstance(Item):
if certificate_id_list:
return certificate_id_list[0]
def _getCertificate(self, cert_id):
def _getCertificate(self, serial):
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(cert_id)
.getCertificate(serial)
security.declareProtected(Permissions.AccessContentsInformation,
'getCertificate')
......@@ -105,7 +105,7 @@ class SoftwareInstance(Item):
csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()}
)
......@@ -113,8 +113,8 @@ class SoftwareInstance(Item):
# link to the Instance
certificate_id = self.newContent(
portal_type="Certificate Login",
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
return self._getCertificate(certificate_id.getReference())
......
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
View file @ accf8b64
......@@ -8,11 +8,11 @@ except KeyError, e:
raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
certificate_portal_type = "Certificate Login"
certificate_id_list = [x for x in
certificate_login_list = [x for x in
computer.contentValues(portal_type=certificate_portal_type)
if x.getValidationState() == 'validated']
if len(certificate_id_list):
if len(certificate_login_list):
context.REQUEST.set("computer_certificate", None)
context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.')
......@@ -20,17 +20,17 @@ if len(certificate_id_list):
ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': computer.getReference()})
certificate = ca_service.getCertificate(crt_id)
certificate = ca_service.getCertificate(result_dict['serial'])
certificate_id = computer.newContent(
portal_type=certificate_portal_type,
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
context.REQUEST.set("computer_certificate", certificate)
context.REQUEST.set("computer_certificate_url", url)
context.REQUEST.set("computer_certificate_url", result_dict['url'])
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
View file @ accf8b64
computer = state_change['object']
context.REQUEST.set('computer_certificate', None)
context.REQUEST.set('computer_certificate_url', None)
certificate_id_list = [x for x in
certificate_login_list = [x for x in
computer.contentValues(portal_type="Certificate Login")
if x.getValidationState() == 'validated']
if not len(certificate_id_list):
if not len(certificate_login_list):
raise ValueError('No certificate')
# XXX - considering that there is always one objects
certificate_id = certificate_id_list[0]
certificate_login = certificate_login_list[0]
context.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference())
.revokeCertificate(certificate_login.getReference())
# Invalidate certificate
certificate_id.invalidate()
certificate_login.invalidate()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7