Commit a47132ee authored by Rafael Monnerat's avatar Rafael Monnerat 👻

erp5_certificate_authority: Use source_reference rather them destination_reference

   Change the property used to clearly identify if this document used caucase or some previous legacy implementation not supported anymore.

   In such case, invalidate the Certificate Login is enough to prevent access.
parent f29b8fa9
......@@ -51,7 +51,6 @@ class CertificateLoginMixin:
return csr.public_bytes(serialization.Encoding.PEM).decode()
def _getCaucaseConnector(self):
portal = self.getPortalObject()
connector_list = portal.portal_catalog.unrestrictedSearchResults(
......@@ -73,9 +72,9 @@ class CertificateLoginMixin:
certificate_dict = {
"common_name" : self.getReference()
if self.getReference and self.getDestinationReference():
certificate_dict["id"] = self.getDestinationReference()
crt_pem = caucase_connector.getCertificate(self.getDestinationReference())
if self.getReference and self.getSourceReference():
certificate_dict["id"] = self.getSourceReference()
crt_pem = caucase_connector.getCertificate(self.getSourceReference())
certificate_dict["certificate"] = crt_pem
# We should assert that reference is the CN of crt_pem
return certificate_dict
......@@ -93,18 +92,18 @@ class CertificateLoginMixin:
caucase_connector.createCertificate(csr_id, template_csr=template_csr)
crt_pem = caucase_connector.getCertificate(csr_id)
return {
"certificate" : crt_pem,
"id" : self.getDestinationReference(),
"id" : self.getSourceReference(),
"common_name" : self.getReference()
def getCertificate(self, csr=None):
"""Returns new SSL certificate"""
if csr is None and self.getDestinationReference() is None:
if csr is None and self.getSourceReference() is None:
key, csr = self._getCaucaseConnector()._createCertificateRequest()
certificate_dict = self._getCertificate(csr=csr)
certificate_dict["key"] = key
......@@ -113,18 +112,14 @@ class CertificateLoginMixin:
return self._getCertificate(csr=csr)
def _revokeCertificate(self):
if self.getDestinationReference() is not None:
certificate_dict = self.getPortalObject().portal_certificate_authority\
return certificate_dict
elif self.getReference() is not None:
# Backward compatibility whenever the serial wast set
certificate_dict = self.getPortalObject().portal_certificate_authority\
# Ensure it is None
return certificate_dict
if self.getDestinationReference() is not None or (
self.getReference() is not None and self.getSourceReference() is None
raise ValueError("You cannot revoke certificates from prior implementation!")
if self.getSourceReference() is not None:
raise NotImplementedError()
raise ValueError("No certificate found to revoke!")
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment