slapos_cloud: use a custom subject CN in signed certificates

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.py

@@ -31,7 +31,7 @@ from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.XMLObject import XMLObject
 import functools
-from json import loads
+from json import loads, dumps
 import urllib2, urllib
 from httplib import HTTPSConnection
 import urlparse
@@ -120,13 +120,19 @@ class CaucaseRESTClientInterface(XMLObject):
     """
     return self._request('crt/%s' % crt_id).read()
 
-  def signCertificate(self, csr_id):
+  def signCertificate(self, csr_id, subject=None):
     """
       Sign a certificate from the CSR id
       
       return the certificate ID and URL to download certificate
     """
-    data = urllib.urlencode({'csr_id': csr_id})
+    if not subject:
+      data = urllib.urlencode({'csr_id': csr_id})
+    else:
+      data = urllib.urlencode({
+        'csr_id': csr_id,
+        'subject': dumps(subject)
+      })
     response = self._request('/crt', data=data, method='PUT')
     cert_id = response.headers['Location'].split('/')[-1]
     return (cert_id, response.headers['Location'])

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py

@@ -33,7 +33,9 @@ class Person(ERP5Person):
     csr_id = ca_service.putCertificateSigningRequest(csr)
 
     # Sign the csr immediately
-    crt_id, url = ca_service.signCertificate(csr_id)
+    crt_id, url = ca_service.signCertificate(
+      csr_id,
+      subject={'CN': self.getReference()})
 
     # link to the user
     certificate_id = self.newContent(

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py

@@ -99,13 +99,16 @@ class SoftwareInstance(Item):
     certificate_id = self._getInstanceCertificate()
     if certificate_id is not None:
       # Get new Certificate will automatically revoke the previous
-      self.revokeCertificate(certificate_id)
+      self.revokeCertificate(certificate_id=certificate_id)
 
     ca_service = self.getPortalObject().portal_web_services.caucase_adapter
     csr_id = ca_service.putCertificateSigningRequest(certificate_request)
 
     # Sign the csr immediately
-    crt_id, url = ca_service.signCertificate(csr_id)
+    crt_id, url = ca_service.signCertificate(
+      csr_id,
+      subject={'CN': self.getReference()}
+    )
 
     # link to the Instance
     certificate_id = self.newContent(
@@ -123,11 +126,13 @@ class SoftwareInstance(Item):
     if certificate_id is None:
       certificate_id = self._getInstanceCertificate()
     if certificate_id:
-      return self.getPortalObject().portal_web_services.caucase_adapter \
+      self.getPortalObject().portal_web_services.caucase_adapter \
           .revokeCertificate(certificate_id.getReference())
-    raise ValueError(
-      "No certificate found for Software Instance %s" % self.getReference()
-    )
+      certificate_id.invalidate()
+    else:
+      raise ValueError(
+        "No certificate found for Software Instance %s" % self.getReference()
+      )
 
   security.declareProtected(Permissions.AccessContentsInformation,
     'getSlaXmlAsDict')

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py

@@ -20,7 +20,9 @@ if len(certificate_id_list):
 ca_service = context.getPortalObject().portal_web_services.caucase_adapter
 csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
 # Sign the csr immediately
-crt_id, url = ca_service.signCertificate(csr_id)
+crt_id, url = ca_service.signCertificate(
+      csr_id,
+      subject={'CN': computer.getReference()})
 certificate = ca_service.getCertificate(crt_id)
 
 certificate_id = computer.newContent(