Commit 5d576369 authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Improve security settings

parent 778fc611
......@@ -78,7 +78,7 @@ class CaucaseConnector(XMLObject):
return self._getConnection(user_key=user_key_file.name)
security.declarePublic('bootstrapCaucaseConfiguration')
security.declareProtected(Permissions.ManageUsers, 'bootstrapCaucaseConfiguration')
def bootstrapCaucaseConfiguration(self):
if self.getUserCertificate() is None:
caucase_connection = self._getConnection(mode="user")
......@@ -103,7 +103,6 @@ class CaucaseConnector(XMLObject):
else:
self.setUserCertificate(crt_pem)
def _getSubjectNameAttributeList(self):
crt_pem = None #self.getUserCertificate()
if crt_pem is None:
......@@ -154,12 +153,15 @@ class CaucaseConnector(XMLObject):
def createCertificateSigningRequest(self, csr):
return self._getConnection().createCertificateSigningRequest(csr)
security.declareProtected(Permissions.ManageUsers, 'createCertificate')
def createCertificate(self, csr_id, template_csr=""):
return self._getAuthenticatedConnection().createCertificate(csr_id, template_csr)
security.declareProtected(Permissions.ManageUsers, 'getCertificate')
def getCertificate(self, csr_id):
return self._getAuthenticatedConnection().getCertificate(csr_id)
security.declareProtected(Permissions.ManageUsers, 'revokeCertificate')
def revokeCertificate(self, crt_pem, key_pem=None):
if key_pem is None:
return self._getAuthenticatedConnection().revokeCertificate(crt_pem)
......
......@@ -24,6 +24,14 @@
<key> <string>id</string> </key>
<value> <string>user_certificate_property</string> </value>
</item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary>
</pickle>
</record>
......
......@@ -24,6 +24,14 @@
<key> <string>id</string> </key>
<value> <string>user_certificate_request_reference_property</string> </value>
</item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary>
</pickle>
</record>
......
......@@ -24,6 +24,14 @@
<key> <string>id</string> </key>
<value> <string>user_key_property</string> </value>
</item>
<item>
<key> <string>read_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
<item>
<key> <string>write_permission</string> </key>
<value> <string>Manage users</string> </value>
</item>
</dictionary>
</pickle>
</record>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment