Commit d3ed1fe6 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: use a custom subject CN in signed certificates

parent 73562467
...@@ -31,7 +31,7 @@ from Products.ERP5Type.Globals import InitializeClass ...@@ -31,7 +31,7 @@ from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
import functools import functools
from json import loads from json import loads, dumps
import urllib2, urllib import urllib2, urllib
from httplib import HTTPSConnection from httplib import HTTPSConnection
import urlparse import urlparse
...@@ -120,13 +120,19 @@ class CaucaseRESTClientInterface(XMLObject): ...@@ -120,13 +120,19 @@ class CaucaseRESTClientInterface(XMLObject):
""" """
return self._request('crt/%s' % crt_id).read() return self._request('crt/%s' % crt_id).read()
def signCertificate(self, csr_id): def signCertificate(self, csr_id, subject=None):
""" """
Sign a certificate from the CSR id Sign a certificate from the CSR id
return the certificate ID and URL to download certificate return the certificate ID and URL to download certificate
""" """
if not subject:
data = urllib.urlencode({'csr_id': csr_id}) data = urllib.urlencode({'csr_id': csr_id})
else:
data = urllib.urlencode({
'csr_id': csr_id,
'subject': dumps(subject)
})
response = self._request('/crt', data=data, method='PUT') response = self._request('/crt', data=data, method='PUT')
cert_id = response.headers['Location'].split('/')[-1] cert_id = response.headers['Location'].split('/')[-1]
return (cert_id, response.headers['Location']) return (cert_id, response.headers['Location'])
......
...@@ -33,7 +33,9 @@ class Person(ERP5Person): ...@@ -33,7 +33,9 @@ class Person(ERP5Person):
csr_id = ca_service.putCertificateSigningRequest(csr) csr_id = ca_service.putCertificateSigningRequest(csr)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id) crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()})
# link to the user # link to the user
certificate_id = self.newContent( certificate_id = self.newContent(
......
...@@ -99,13 +99,16 @@ class SoftwareInstance(Item): ...@@ -99,13 +99,16 @@ class SoftwareInstance(Item):
certificate_id = self._getInstanceCertificate() certificate_id = self._getInstanceCertificate()
if certificate_id is not None: if certificate_id is not None:
# Get new Certificate will automatically revoke the previous # Get new Certificate will automatically revoke the previous
self.revokeCertificate(certificate_id) self.revokeCertificate(certificate_id=certificate_id)
ca_service = self.getPortalObject().portal_web_services.caucase_adapter ca_service = self.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_request) csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id) crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': self.getReference()}
)
# link to the Instance # link to the Instance
certificate_id = self.newContent( certificate_id = self.newContent(
...@@ -123,8 +126,10 @@ class SoftwareInstance(Item): ...@@ -123,8 +126,10 @@ class SoftwareInstance(Item):
if certificate_id is None: if certificate_id is None:
certificate_id = self._getInstanceCertificate() certificate_id = self._getInstanceCertificate()
if certificate_id: if certificate_id:
return self.getPortalObject().portal_web_services.caucase_adapter \ self.getPortalObject().portal_web_services.caucase_adapter \
.revokeCertificate(certificate_id.getReference()) .revokeCertificate(certificate_id.getReference())
certificate_id.invalidate()
else:
raise ValueError( raise ValueError(
"No certificate found for Software Instance %s" % self.getReference() "No certificate found for Software Instance %s" % self.getReference()
) )
......
...@@ -20,7 +20,9 @@ if len(certificate_id_list): ...@@ -20,7 +20,9 @@ if len(certificate_id_list):
ca_service = context.getPortalObject().portal_web_services.caucase_adapter ca_service = context.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request) csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
# Sign the csr immediately # Sign the csr immediately
crt_id, url = ca_service.signCertificate(csr_id) crt_id, url = ca_service.signCertificate(
csr_id,
subject={'CN': computer.getReference()})
certificate = ca_service.getCertificate(crt_id) certificate = ca_service.getCertificate(crt_id)
certificate_id = computer.newContent( certificate_id = computer.newContent(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment