Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos.core
Commits
98475e38
Commit
98475e38
authored
Jun 22, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update SlapTool: request certificate method should now receive certificate request
parent
661783ef
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
23 deletions
+31
-23
master/product/Vifib/Tool/SlapTool.py
master/product/Vifib/Tool/SlapTool.py
+31
-23
No files found.
master/product/Vifib/Tool/SlapTool.py
View file @
98475e38
...
@@ -350,16 +350,13 @@ class SlapTool(BaseTool):
...
@@ -350,16 +350,13 @@ class SlapTool(BaseTool):
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
'getComputerPartitionCertificate'
)
'getComputerPartitionCertificate'
)
def
getComputerPartitionCertificate
(
self
,
computer_id
,
computer_partition_id
):
def
getComputerPartitionCertificate
(
self
,
computer_id
,
computer_partition_id
,
certificate_request
=
None
):
"""Method to fetch certificate"""
"""Method to fetch certificate"""
self
.
REQUEST
.
response
.
setHeader
(
'Content-Type'
,
'text/xml; charset=utf-8'
)
self
.
REQUEST
.
response
.
setHeader
(
'Content-Type'
,
'text/xml; charset=utf-8'
)
software_instance
=
self
.
_getSoftwareInstanceForComputerPartition
(
software_instance
=
self
.
_getSoftwareInstanceForComputerPartition
(
computer_id
,
computer_partition_id
)
computer_id
,
computer_partition_id
)
certificate_dict
=
dict
(
key
=
software_instance
.
getSslKey
(),
certificate
=
software_instance
.
getSslCertificate
()
)
result
=
xml_marshaller
.
xml_marshaller
.
dumps
(
certificate_dict
)
# Cache with revalidation
# Cache with revalidation
self
.
REQUEST
.
response
.
setStatus
(
200
)
self
.
REQUEST
.
response
.
setStatus
(
200
)
self
.
REQUEST
.
response
.
setHeader
(
'Cache-Control'
,
self
.
REQUEST
.
response
.
setHeader
(
'Cache-Control'
,
...
@@ -368,6 +365,22 @@ class SlapTool(BaseTool):
...
@@ -368,6 +365,22 @@ class SlapTool(BaseTool):
'REMOTE_USER'
)
'REMOTE_USER'
)
self
.
REQUEST
.
response
.
setHeader
(
'Last-Modified'
,
self
.
REQUEST
.
response
.
setHeader
(
'Last-Modified'
,
rfc1123_date
(
software_instance
.
getModificationDate
()))
rfc1123_date
(
software_instance
.
getModificationDate
()))
try
:
if
certificate_request
is
None
:
certificate_pem
=
software_instance
.
getCertificate
()
else
:
certificate_pem
=
software_instance
.
getCertificate
()
certificate_dict
=
dict
(
key
=
''
,
certificate
=
certificate_pem
)
except
ValueError
,
e
:
self
.
REQUEST
.
response
.
setStatus
(
400
)
self
.
REQUEST
.
response
.
setBody
(
str
(
e
))
return
self
.
REQUEST
.
response
result
=
xml_marshaller
.
xml_marshaller
.
dumps
(
certificate_dict
)
self
.
REQUEST
.
response
.
setBody
(
result
)
self
.
REQUEST
.
response
.
setBody
(
result
)
return
self
.
REQUEST
.
response
return
self
.
REQUEST
.
response
...
@@ -749,11 +762,13 @@ class SlapTool(BaseTool):
...
@@ -749,11 +762,13 @@ class SlapTool(BaseTool):
WARNING : this method is deprecated. Please use useComputer."""
WARNING : this method is deprecated. Please use useComputer."""
@
convertToREST
@
convertToREST
def
_generateComputerCertificate
(
self
,
computer_id
):
def
_generateComputerCertificate
(
self
,
computer_id
,
certificate_request
):
self
.
_getComputerDocument
(
computer_id
).
generateCertificate
()
self
.
_getComputerDocument
(
computer_id
).
generateCertificate
(
certificate_request
=
certificate_request
)
result
=
{
result
=
{
'certificate'
:
self
.
REQUEST
.
get
(
'computer_certificate'
).
decode
(
"UTF-8"
),
'certificate'
:
self
.
REQUEST
.
get
(
'computer_certificate'
).
decode
(
"UTF-8"
),
'
key'
:
self
.
REQUEST
.
get
(
'computer_key
'
).
decode
(
"UTF-8"
)
'
url'
:
self
.
REQUEST
.
get
(
'computer_certificate_url
'
).
decode
(
"UTF-8"
)
}
}
return
xml_marshaller
.
xml_marshaller
.
dumps
(
result
)
return
xml_marshaller
.
xml_marshaller
.
dumps
(
result
)
...
@@ -1189,28 +1204,21 @@ class SlapTool(BaseTool):
...
@@ -1189,28 +1204,21 @@ class SlapTool(BaseTool):
computer_id
,
computer_id
,
computer_partition_id
)
computer_partition_id
)
if
instance
.
getSlapState
()
==
'destroy_requested'
:
if
instance
.
getSlapState
()
==
'destroy_requested'
:
# remove certificate from SI
# remove certificate from SI
(Backward compatibility)
if
instance
.
getSslKey
()
is
not
None
or
instance
.
getSslCertificate
()
is
not
None
:
if
instance
.
getSslKey
()
is
not
None
or
instance
.
getSslCertificate
()
is
not
None
:
instance
.
edit
(
instance
.
edit
(
ssl_key
=
None
,
ssl_key
=
None
,
ssl_certificate
=
None
,
ssl_certificate
=
None
,
)
)
# revoke certificate associated to this instance
for
certificate_id
in
instance
.
contentValues
(
portal_type
=
'Certificate Access ID'
,
validation_state
=
'validated'
):
if
certificate_id
.
getValidationState
()
==
'validated'
:
instance
.
revokeCertificate
(
certificate_id
.
getReference
())
if
instance
.
getValidationState
()
==
'validated'
:
if
instance
.
getValidationState
()
==
'validated'
:
instance
.
invalidate
()
instance
.
invalidate
()
# XXX Integrate with REST API
# Code duplication will be needed until SlapTool is removed
# revoke certificate
portal
=
self
.
getPortalObject
()
try
:
portal
.
portal_certificate_authority
\
.
revokeCertificate
(
instance
.
getDestinationReference
())
except
ValueError
:
# Ignore already revoked certificates, as OpenSSL backend is
# non transactional, so it is ok to allow multiple tries to destruction
# even if certificate was already revoked
pass
@
convertToREST
@
convertToREST
def
_setComputerPartitionConnectionXml
(
self
,
computer_id
,
def
_setComputerPartitionConnectionXml
(
self
,
computer_id
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment