erp5_certificate_authority: Use source_reference rather them destination_reference

Change the property used to clearly identify if this document used caucase or some previous legacy implementation not supported anymore. In such case, invalidate the Certificate Login is enough to prevent access.

erp5_certificate_authority: Use source_reference rather them destination_reference
Change the property used to clearly identify if this document used caucase or some previous legacy implementation not supported anymore. In such case, invalidate the Certificate Login is enough to prevent access.
e8be15fe · Rafael Monnerat · 59dbcde2 · e8be15fe
Commit e8be15fe authored Sep 21, 2023 by Rafael Monnerat
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 19 deletions

bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py ...tem/portal_components/mixin.erp5.CertificateLoginMixin.py +14 -19

No files found.
--- a/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
+++ b/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
@@ -51,7 +51,6 @@ class CertificateLoginMixin:
    return csr.public_bytes(serialization.Encoding.PEM).decode()
  def _getCaucaseConnector(self):
    portal = self.getPortalObject()
    connector_list = portal.portal_catalog.unrestrictedSearchResults(
@@ -73,9 +72,9 @@ class CertificateLoginMixin:
    certificate_dict = {
      "common_name" : self.getReference()
    }
-    if self.getReference and self.getDestinationReference():
+    if self.getReference and self.getSourceReference():
-      certificate_dict["id"] = self.getDestinationReference()
+      certificate_dict["id"] = self.getSourceReference()
-      crt_pem = caucase_connector.getCertificate(self.getDestinationReference())
+      crt_pem = caucase_connector.getCertificate(self.getSourceReference())
      certificate_dict["certificate"] = crt_pem
      # We should assert that reference is the CN of crt_pem
      return certificate_dict
@@ -93,18 +92,18 @@ class CertificateLoginMixin:
    caucase_connector.createCertificate(csr_id, template_csr=template_csr)
    crt_pem = caucase_connector.getCertificate(csr_id)
-    self.setDestinationReference(csr_id)
+    self.setSourceReference(csr_id)
    return {
      "certificate" : crt_pem,
-      "id" : self.getDestinationReference(),
+      "id" : self.getSourceReference(),
      "common_name" : self.getReference()
    }
  security.declarePublic('getCertificate')
  def getCertificate(self, csr=None):
    """Returns new SSL certificate"""
-    if csr is None and self.getDestinationReference() is None:
+    if csr is None and self.getSourceReference() is None:
      key, csr = self._getCaucaseConnector()._createCertificateRequest()
      certificate_dict = self._getCertificate(csr=csr)
      certificate_dict["key"] = key
@@ -113,18 +112,14 @@ class CertificateLoginMixin:
      return self._getCertificate(csr=csr)
  def _revokeCertificate(self):
-    if self.getDestinationReference() is not None:
+    if self.getDestinationReference() is not None or (
-      certificate_dict = self.getPortalObject().portal_certificate_authority\
+      self.getReference() is not None and self.getSourceReference() is None
-        .revokeCertificate(self.getDestinationReference())
+    ):
-      self.setDestinationReference(None)
+      raise ValueError("You cannot revoke certificates from prior implementation!")
-      return certificate_dict
-    elif self.getReference() is not None:
+    if self.getSourceReference() is not None:
-      # Backward compatibility whenever the serial wast set
+      raise NotImplementedError()
-      certificate_dict = self.getPortalObject().portal_certificate_authority\
-        .revokeCertificateByCommonName(self.getReference())
-      # Ensure it is None
-      self.setDestinationReference(None)
-      return certificate_dict
    else:
      raise ValueError("No certificate found to revoke!")