Implement ERP5 Certificate Authority.

ERP5 Certificate Authority is simple tool to manage SSL certificates related with various documents. By default it provides user interface for Person getting and revocation of certificates. It comes from Vifib project code.

Implement ERP5 Certificate Authority.
ERP5 Certificate Authority is simple tool to manage SSL certificates related with various documents. By default it provides user interface for Person getting and revocation of certificates. It comes from Vifib project code.
499da29e · Łukasz Nowak · 6cb6e445 · 499da29e · 499da29e · 499da29e
Commit 499da29e authored Aug 29, 2011 by Łukasz Nowak
29 changed files
--- a/bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/get_certificate.xml
+++ b/bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/get_certificate.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ActionInformation" module="Products.CMFCore.ActionInformation"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>action</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>action_type/object_action</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>category</string> </key>
+            <value> <string>object_action</string> </value>
+        </item>
+        <item>
+            <key> <string>condition</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>icon</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>get_certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>permissions</string> </key>
+            <value>
+              <tuple>
+                <string>Modify portal content</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Action Information</string> </value>
+        </item>
+        <item>
+            <key> <string>priority</string> </key>
+            <value> <float>10.0</float> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Get Certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>visible</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>string:${object_url}/Person_getCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/revoke_certificate.xml
+++ b/bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/revoke_certificate.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ActionInformation" module="Products.CMFCore.ActionInformation"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>action</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>action_type/object_action</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>category</string> </key>
+            <value> <string>object_action</string> </value>
+        </item>
+        <item>
+            <key> <string>condition</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>icon</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>revoke_certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>permissions</string> </key>
+            <value>
+              <tuple>
+                <string>Modify portal content</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Action Information</string> </value>
+        </item>
+        <item>
+            <key> <string>priority</string> </key>
+            <value> <float>11.0</float> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Revoke Certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>visible</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>string:${object_url}/Person_revokeCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/DocumentTemplateItem/Person.py
+++ b/bt5/erp5_certificate_authority/DocumentTemplateItem/Person.py
+from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
+from Products.ERP5.Document.Person import Person as ERP5Person
+
+class Person(ERP5Person):
+  security = ClassSecurityInfo()
+  security.declarePublic('getCertificate')
+
+  def _checkCertificateRequest(self):
+    try:
+      self.checkUserCanChangePassword()
+    except Unauthorized:
+      # in ERP5 user has no SetOwnPassword permission on Person document
+      # referring himself, so implement "security" by checking that currently
+      # logged in user is trying to get/revoke his own certificate
+      reference = self.getReference()
+      if not reference:
+        raise
+      if getSecurityManager().getUser().getId() != reference:
+        raise
+
+  def _getCertificate(self):
+    return self.getPortalObject().portal_certificate_authority\
+      .getNewCertificate(self.getReference())
+
+  def _revokeCertificate(self):
+    return self.getPortalObject().portal_certificate_authority\
+      .revokeCertificateByCommonName(self.getReference())
+
+  def getCertificate(self):
+    """Returns new SSL certificate"""
+    self._checkCertificateRequest()
+    return self._getCertificate()
+
+  security.declarePublic('revokeCertificate')
+  def revokeCertificate(self):
+    """Revokes existing certificate"""
+    self._checkCertificateRequest()
+    self._revokeCertificate()
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Folder" module="OFS.Folder"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_local_properties</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_objects</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>erp5_certificate_authority</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificate.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificate.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>certificate = context.getCertificate()\n
+request = context.REQUEST\n
+request.set(\'your_certificate\', certificate[\'certificate\'])\n
+request.set(\'your_key\', certificate[\'key\'])\n
+return context.Person_getCertificateForm()\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>dialog_id=None, form_id=None, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Person_getCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ERP5Form" module="Products.ERP5Form.Form"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary/>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_objects</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>action</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>edit_order</string> </key>
+            <value>
+              <list/>
+            </value>
+        </item>
+        <item>
+            <key> <string>encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>enctype</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>group_list</string> </key>
+            <value>
+              <list>
+                <string>left</string>
+                <string>right</string>
+                <string>center</string>
+                <string>bottom</string>
+                <string>hidden</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>groups</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>bottom</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>center</string> </key>
+                    <value>
+                      <list>
+                        <string>your_certificate</string>
+                        <string>your_key</string>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>left</string> </key>
+                    <value>
+                      <list>
+                        <string>your_tip</string>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>right</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Person_getCertificateForm</string> </value>
+        </item>
+        <item>
+            <key> <string>method</string> </key>
+            <value> <string>POST</string> </value>
+        </item>
+        <item>
+            <key> <string>name</string> </key>
+            <value> <string>Person_getCertificateForm</string> </value>
+        </item>
+        <item>
+            <key> <string>pt</string> </key>
+            <value> <string>form_dialog</string> </value>
+        </item>
+        <item>
+            <key> <string>row_length</string> </key>
+            <value> <int>4</int> </value>
+        </item>
+        <item>
+            <key> <string>stored_encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Certificate Request</string> </value>
+        </item>
+        <item>
+            <key> <string>unicode_mode</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>update_action</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>update_action_title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_certificate.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_certificate.xml
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_key.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_key.xml
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_tip.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificateForm/your_tip.xml
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_revokeCertificate.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_revokeCertificate.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>context.revokeCertificate()\n
+return context.Base_redirect(form_id, keep_items = {\'portal_status_message\' : \'Certificate revoked.\'},  **kw)\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>dialog_id=None, form_id=None, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Person_revokeCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/ToolTemplateItem/portal_certificate_authority.xml
+++ b/bt5/erp5_certificate_authority/ToolTemplateItem/portal_certificate_authority.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Certificate Authority Tool" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_Access_contents_information_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Member</string>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_Add_portal_content_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>_View_Permission</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>portal_certificate_authority</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/bt/change_log
+++ b/bt5/erp5_certificate_authority/bt/change_log
+2011-07-25 Lucas
+* Initial version.
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/copyright_list
+++ b/bt5/erp5_certificate_authority/bt/copyright_list
+Nexedi 2011
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/dependency_list
+++ b/bt5/erp5_certificate_authority/bt/dependency_list
+erp5_base
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/description
+++ b/bt5/erp5_certificate_authority/bt/description
+This bt5 aims to provide the tool to create certificates for a given ERP5 user, based on the keys provided by a service (i.e. Apache).
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/license
+++ b/bt5/erp5_certificate_authority/bt/license
+GPL
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/maintainer_list
+++ b/bt5/erp5_certificate_authority/bt/maintainer_list
+lucas
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/revision
+++ b/bt5/erp5_certificate_authority/bt/revision
+3
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_action_path_list
+++ b/bt5/erp5_certificate_authority/bt/template_action_path_list
+Person | get_certificate
+Person | revoke_certificate
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_document_id_list
+++ b/bt5/erp5_certificate_authority/bt/template_document_id_list
+Person
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_format_version
+++ b/bt5/erp5_certificate_authority/bt/template_format_version
+1
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_skin_id_list
+++ b/bt5/erp5_certificate_authority/bt/template_skin_id_list
+erp5_certificate_authority
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_tool_id_list
+++ b/bt5/erp5_certificate_authority/bt/template_tool_id_list
+portal_certificate_authority
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/title
+++ b/bt5/erp5_certificate_authority/bt/title
+erp5_certificate_authority
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/version
+++ b/bt5/erp5_certificate_authority/bt/version
+5.4.7
\ No newline at end of file
--- a/product/ERP5/Tool/CertificateAuthorityTool.py
+++ b/product/ERP5/Tool/CertificateAuthorityTool.py
--- a/product/ERP5/__init__.py
+++ b/product/ERP5/__init__.py
@@ -50,7 +50,8 @@ from Tool import CategoryTool, SimulationTool, RuleTool, IdTool, TemplateTool,\
                 TrashTool, ContributionTool, NotificationTool, PasswordTool,\
                 GadgetTool, ContributionRegistryTool, IntrospectionTool,\
                 AcknowledgementTool, SolverTool, SolverProcessTool,\
-                 ConversionTool, RoundingTool, UrlRegistryTool
+                 ConversionTool, RoundingTool, UrlRegistryTool,\
+                 CertificateAuthorityTool
 import ERP5Site
 from Document import PythonScript
 object_classes = ( ERP5Site.ERP5Site,
@@ -79,6 +80,7 @@ portal_tools = ( CategoryTool.CategoryTool,
                 ConversionTool.ConversionTool,
                 RoundingTool.RoundingTool,
                 UrlRegistryTool.UrlRegistryTool,
+                 CertificateAuthorityTool.CertificateAuthorityTool,
                )
 content_classes = ()
 content_constructors = ()

--- a/product/ERP5/tests/testCertificateAuthorityTool.py
+++ b/product/ERP5/tests/testCertificateAuthorityTool.py
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2005 Nexedi SARL and Contributors. All Rights Reserved.
+#                     Ivan Tyagov <ivan@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+import os
+import random
+import unittest
+from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+from AccessControl import Unauthorized
+
+class TestCertificateAuthority(ERP5TypeTestCase):
+
+  def getTitle(self):
+    return "Test Certificate Authority"
+
+  def afterSetUp(self):
+    self.portal.portal_certificate_authority.certificate_authority_path = \
+        os.environ['TEST_CA_PATH']
+    self.portal.portal_certificate_authority.openssl_binary = \
+        os.environ['OPENSSL_BINARY']
+
+  def getBusinessTemplateList(self):
+    return ('erp5_base', 'erp5_certificate_authority')
+
+  def _createPerson(self):
+    login = str(random.random())
+    person = self.portal.person_module.newContent(portal_type='Person',
+      reference=login, password=login)
+    person.newContent(portal_type='Assignment').open()
+    self.stepTic()
+    return login
+
+  def test_person_request_certificate(self):
+    login = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login)
+    certificate = person.getCertificate()
+    self.assertTrue('CN=%s' % login in certificate['certificate'])
+
+  def test_person_revoke_certificate(self):
+    login = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login)
+    self.assertRaises(ValueError, person.revokeCertificate)
+
+  def test_person_request_revoke_certificate(self):
+    login = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login)
+    certificate = person.getCertificate()
+    self.assertTrue('CN=%s' % login in certificate['certificate'])
+    person.revokeCertificate()
+
+  def test_person_request_certificate_twice(self):
+    login = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login)
+    certificate = person.getCertificate()
+    self.assertTrue('CN=%s' % login in certificate['certificate'])
+    self.assertRaises(ValueError, person.getCertificate)
+
+  def test_person_request_certificate_for_another(self):
+    login = self._createPerson()
+    login2 = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login2)
+    self.assertRaises(Unauthorized, person.getCertificate)
+
+  def test_person_revoke_certificate_for_another(self):
+    login = self._createPerson()
+    login2 = self._createPerson()
+    person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue(login)
+    self.login(login)
+    certificate = person.getCertificate()
+    self.assertTrue('CN=%s' % login in certificate['certificate'])
+    self.login(login2)
+    self.assertRaises(Unauthorized, person.revokeCertificate)
+
+def test_suite():
+  suite = unittest.TestSuite()
+  suite.addTest(unittest.makeSuite(TestCertificateAuthority))
+  return suite
--- a/product/ERP5/www/CertificateAuthorityTool_editPropertyList.zpt
+++ b/product/ERP5/www/CertificateAuthorityTool_editPropertyList.zpt
+<h1 tal:replace="structure context/manage_page_header">PAGE HEADER</h1>
+<h2 tal:replace="structure here/manage_tabs"> TABS </h2>
+<h2 tal:define="form_title string:Edit ERP5 Certificate Authority Tool"
+    tal:replace="structure context/manage_form_title">FORM TITLE</h2>
+
+<p class="form-help">Please input the Certificate Authority path</p>
+
+<form action="manage_editCertificateAuthorityTool" method="POST">
+
+<table
+ tal:define="certificate_authority_path request/certificate_authority_path|context/certificate_authority_path|string:; openssl_binary request/openssl_binary|context/openssl_binary|string:;">
+
+<tr>
+   <td>Absolute path to configured Certificate Authority</td>
+   <td>
+     <input type="text" name="certificate_authority_path" value=""
+            tal:attributes="value certificate_authority_path;" />
+   </td>
+</tr>
+<tr>
+   <td>Absolute path to OpenSSL binary</td>
+   <td>
+     <input type="text" name="openssl_binary" value=""
+            tal:attributes="value openssl_binary;" />
+   </td>
+</tr>
+<tr>
+   <td colspan="2">
+    <input type="submit" value="save"/>
+   </td>
+</tr>
+
+</table>
+
+</form>
+
+<h1 tal:replace="structure context/manage_page_footer">PAGE FOOTER</h1>