Commit accf8b64 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: save certificate serial instead of certificate ID

parent b17809ef
......@@ -108,23 +108,25 @@ class CaucaseRESTClientInterface(XMLObject):
"""
return loads(self._request('/crt/ca.crt.json').read())
def getCertificateFromSerial(self, serial):
def getCertificateFromId(self, crt_id):
"""
Get Certificate as PEM string
Get Certificate as PEM string from CRT ID
"""
return self._request('crt/serial/%s' % serial).read()
return self._request('crt/%s' % crt_id).read()
def getCertificate(self, crt_id):
def getCertificate(self, serial):
"""
Get Certificate as PEM string
Get Certificate as PEM string from serial
"""
crt_id = '%s.crt.pem' % serial
return self._request('crt/%s' % crt_id).read()
def signCertificate(self, csr_id, subject=None):
"""
Sign a certificate from the CSR id
return the certificate ID and URL to download certificate
return the certificate ID and URL to download certificate and serial into
dict
"""
if not subject:
data = urllib.urlencode({'csr_id': csr_id})
......@@ -135,12 +137,17 @@ class CaucaseRESTClientInterface(XMLObject):
})
response = self._request('/crt', data=data, method='PUT')
cert_id = response.headers['Location'].split('/')[-1]
return (cert_id, response.headers['Location'])
# XXX - remove extension on cert_id (.crt.pem) to get serial
serial = cert_id[:-8]
return {'id': cert_id,
'serial': serial,
'url': response.headers['Location']}
def revokeCertificate(self, crt_id):
def revokeCertificate(self, serial):
"""
Revoke existing and valid certificate
"""
crt_id = '%s.crt.pem' % serial
return self._request(
'/crt/revoke/id',
data=urllib.urlencode({'crt_id': crt_id}),
......
......@@ -33,28 +33,28 @@ class Person(ERP5Person):
csr_id = ca_service.putCertificateSigningRequest(csr)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()})
# link to the user
certificate_id = self.newContent(
portal_type="Certificate Login",
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
return crt_id, url
return result_dict['serial'], result_dict['url']
security.declarePublic('getCertificate')
def getCertificate(self):
"""Returns existing SSL certificate"""
self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList()
if crt_id_list:
crt_login_list = self.getPersonCertificateList()
if crt_login_list:
# XXX - considering there is only one certificate per user
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(crt_id_list[0].getReference())
.getCertificate(crt_login_list[0].getReference())
raise ValueError(
"No certificate set for the user %s" % self.getReference()
)
......@@ -63,10 +63,10 @@ class Person(ERP5Person):
def revokeCertificate(self):
"""Revokes existing certificate"""
self._checkCertificateRequest()
crt_id_list = self.getPersonCertificateList()
if crt_id_list:
crt_login_list = self.getPersonCertificateList()
if crt_login_list:
# XXX - considering there is only one certificate per user
certificate_id = crt_id_list[0]
certificate_id = crt_login_list[0]
response = self.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference())
# Invalidate certificate id of the user
......
......@@ -77,9 +77,9 @@ class SoftwareInstance(Item):
if certificate_id_list:
return certificate_id_list[0]
def _getCertificate(self, cert_id):
def _getCertificate(self, serial):
return self.getPortalObject().portal_web_services.caucase_adapter\
.getCertificate(cert_id)
.getCertificate(serial)
security.declareProtected(Permissions.AccessContentsInformation,
'getCertificate')
......@@ -105,7 +105,7 @@ class SoftwareInstance(Item):
csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()}
)
......@@ -113,8 +113,8 @@ class SoftwareInstance(Item):
# link to the Instance
certificate_id = self.newContent(
portal_type="Certificate Login",
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
return self._getCertificate(certificate_id.getReference())
......
......@@ -8,11 +8,11 @@ except KeyError, e:
raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
certificate_portal_type = "Certificate Login"
certificate_id_list = [x for x in
certificate_login_list = [x for x in
computer.contentValues(portal_type=certificate_portal_type)
if x.getValidationState() == 'validated']
if len(certificate_id_list):
if len(certificate_login_list):
context.REQUEST.set("computer_certificate", None)
context.REQUEST.set("computer_certificate_url", None)
raise ValueError('Certificate still active.')
......@@ -20,17 +20,17 @@ if len(certificate_id_list):
ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately
crt_id, url = ca_service.signCertificate(
result_dict = ca_service.signCertificate(
csr_id,
subject={'CN': computer.getReference()})
certificate = ca_service.getCertificate(crt_id)
certificate = ca_service.getCertificate(result_dict['serial'])
certificate_id = computer.newContent(
portal_type=certificate_portal_type,
reference=crt_id,
url_string=url)
reference=result_dict['serial'],
url_string=result_dict['url'])
certificate_id.validate()
context.REQUEST.set("computer_certificate", certificate)
context.REQUEST.set("computer_certificate_url", url)
context.REQUEST.set("computer_certificate_url", result_dict['url'])
computer = state_change['object']
context.REQUEST.set('computer_certificate', None)
context.REQUEST.set('computer_certificate_url', None)
certificate_id_list = [x for x in
certificate_login_list = [x for x in
computer.contentValues(portal_type="Certificate Login")
if x.getValidationState() == 'validated']
if not len(certificate_id_list):
if not len(certificate_login_list):
raise ValueError('No certificate')
# XXX - considering that there is always one objects
certificate_id = certificate_id_list[0]
certificate_login = certificate_login_list[0]
context.getPortalObject().portal_web_services.caucase_adapter\
.revokeCertificate(certificate_id.getReference())
.revokeCertificate(certificate_login.getReference())
# Invalidate certificate
certificate_id.invalidate()
certificate_login.invalidate()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment