erp5_certificate_authority: Manage Certificates from Certificate Login

rather them use person directly to Manage it. It might allow an user use more them one certificate to authenticate. An Unique reference is set whenever issue a certificate, this prevents conflicts if the transaction is restarted/retry after getNewCertificate is already called, since we cannot rollback the call to openssl. Include and improve test coverage

erp5_certificate_authority: Manage Certificates from Certificate Login
rather them use person directly to Manage it. It might allow an user use more them one certificate to authenticate. An Unique reference is set whenever issue a certificate, this prevents conflicts if the transaction is restarted/retry after getNewCertificate is already called, since we cannot rollback the call to openssl. Include and improve test coverage
16b6eb07 · Rafael Monnerat · 49f6cb18 · 16b6eb07 · 16b6eb07 · 16b6eb07
Commit 16b6eb07 authored Jul 27, 2023 by Rafael Monnerat
14 changed files
--- a/bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5_certificate_authority.Person.py
+++ b/bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5_certificate_authority.Person.py
@@ -5,30 +5,7 @@ from Products.ERP5Type import Permissions
 class Person(ERP5Person):
  security = ClassSecurityInfo()

-  def _getCertificateLoginDocument(self):
-    for _erp5_login in self.objectValues(
-          portal_type=["ERP5 Login"]):
-      if _erp5_login.getValidationState() == "validated" and \
-        _erp5_login.getReference() == self.getUserId():
-        # The user already created a Login document as UserId, so
-        # So just use this one.
-        return _erp5_login
-
-    for _certificate_login in self.objectValues(
-         portal_type=["Certificate Login"]):
-      if _certificate_login.getValidationState() == "validated":
-        return _certificate_login
-
-    certificate_login = self.newContent(
-      portal_type="Certificate Login",
-      # For now use UserId as easy way.
-      reference=self.getUserId()
-    )
-    certificate_login.validate()
-    return certificate_login
-
-
-  def _checkCertificateRequest(self):
+  def checkCertificateRequest(self):
    try:
      self.checkUserCanChangePassword()
    except Unauthorized:
@@ -41,25 +18,20 @@ class Person(ERP5Person):
      if getSecurityManager().getUser().getId() != user_id:
        raise

-  def _getCertificate(self):
-    return self.getPortalObject().portal_certificate_authority\
-      .getNewCertificate(self._getCertificateLoginDocument().getReference())
-
-  def _revokeCertificate(self):
-    return self.getPortalObject().portal_certificate_authority\
-      .revokeCertificateByCommonName(self._getCertificateLoginDocument().getReference())
-
-  security.declarePublic('getCertificate')
-  def getCertificate(self):
-    """Returns new SSL certificate"""
-    self._checkCertificateRequest()
-    return self._getCertificate()
-
-  security.declarePublic('revokeCertificate')
-  def revokeCertificate(self):
-    """Revokes existing certificate"""
-    self._checkCertificateRequest()
-    self._revokeCertificate()
+  def _generateCertificate(self):
+    certificate_login = self.newContent(
+      portal_type="Certificate Login",
+    )
+    certificate_dict = certificate_login.getCertificate()
+    certificate_login.validate()
+    return certificate_dict
+
+  security.declarePublic('generateCertificate')
+  def generateCertificate(self):
+    """Returns new SSL certificate
+       This API was kept for backward compatibility"""
+    self.checkCertificateRequest()
+    return self._generateCertificate()

  security.declareProtected(Permissions.AccessContentsInformation,
                            'getTitle')

--- a/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
+++ b/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2023 Nexedi SA and Contributors. All Rights Reserved.
+#                    Rafael Monnerat <rafael@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly advised to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from AccessControl import ClassSecurityInfo
+
+class CertificateLoginMixin:
+  security = ClassSecurityInfo()
+
+  def _getCertificate(self):
+    portal = self.getPortalObject()
+    _id = self._generateRandomId()
+    reference = 'CERTLOGIN-%i-%s' % (
+      portal.portal_ids.generateNewId(
+        id_group='certificate_login',
+        id_generator='non_continuous_integer_increasing',
+      ), _id
+    )
+    self.setReference(reference)
+    certificate_dict = self.getPortalObject().portal_certificate_authority\
+      .getNewCertificate(self.getReference())
+    self.setDestinationReference(certificate_dict['id'])
+    return certificate_dict
+
+  def _revokeCertificate(self):
+    if self.getDestinationReference() is not None:
+      certificate_dict = self.getPortalObject().portal_certificate_authority\
+        .revokeCertificate(self.getDestinationReference())
+      self.setDestinationReference(None)
+      return certificate_dict
+    elif self.getReference() is not None:
+      # Backward compatibility whenever the serial wast set
+      certificate_dict = self.getPortalObject().portal_certificate_authority\
+        .revokeCertificateByCommonName(self.getReference())
+      # Ensure it is None
+      self.setDestinationReference(None)
+      return certificate_dict
+    else:
+      raise ValueError("No certificate found to revoke!")
+
+  security.declarePublic('getCertificate')
+  def getCertificate(self):
+    """Returns new SSL certificate"""
+    if self.getDestinationReference() is not None:
+      raise ValueError("Certificate was already issued, please revoke first.")
+    return self._getCertificate()
+
+  security.declarePublic('revokeCertificate')
+  def revokeCertificate(self):
+    """Revokes existing certificate"""
+    self._revokeCertificate()
--- a/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.xml
+++ b/bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Mixin Component" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>CertificateLoginMixin</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>mixin.erp5.CertificateLoginMixin</string> </value>
+        </item>
+        <item>
+            <key> <string>sid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_error_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_warning_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>version</string> </key>
+            <value> <string>erp5</string> </value>
+        </item>
+        <item>
+            <key> <string>workflow_history</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>component_validation_workflow</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_log</string> </key>
+            <value>
+              <list>
+                <dictionary>
+                  <item>
+                      <key> <string>action</string> </key>
+                      <value> <string>validate</string> </value>
+                  </item>
+                  <item>
+                      <key> <string>validation_state</string> </key>
+                      <value> <string>validated</string> </value>
+                  </item>
+                </dictionary>
+              </list>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/PortalTypeTemplateItem/portal_types/Certificate%20Authority%20Tool.xml
+++ b/bt5/erp5_certificate_authority/PortalTypeTemplateItem/portal_types/Certificate%20Authority%20Tool.xml
@@ -10,22 +10,16 @@
            <key> <string>_property_domain_dict</string> </key>
            <value>
              <dictionary>
-                <item>
-                    <key> <string>description</string> </key>
-                    <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-                    </value>
-                </item>
                <item>
                    <key> <string>short_title</string> </key>
                    <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
                    </value>
                </item>
                <item>
                    <key> <string>title</string> </key>
                    <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
                    </value>
                </item>
              </dictionary>
@@ -45,9 +39,7 @@
        </item>
        <item>
            <key> <string>description</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>Certificate Authority Tool contains Certificate Authority.</string> </value>
        </item>
        <item>
            <key> <string>factory</string> </key>
@@ -79,9 +71,15 @@
              <none/>
            </value>
        </item>
+        <item>
+            <key> <string>searchable_text_property_id</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
        <item>
            <key> <string>title</string> </key>
-            <value> <string>Contribution Tool</string> </value>
+            <value> <string></string> </value>
        </item>
        <item>
            <key> <string>type_class</string> </key>
@@ -104,28 +102,7 @@
      <dictionary>
        <item>
            <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>property_name</string> </key>
-            <value> <string>description</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
-    <pickle>
-      <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>erp5_ui</string> </value>
        </item>
        <item>
            <key> <string>property_name</string> </key>
@@ -134,7 +111,7 @@
      </dictionary>
    </pickle>
  </record>
-  <record id="4" aka="AAAAAAAAAAQ=">
+  <record id="3" aka="AAAAAAAAAAM=">
    <pickle>
      <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
    </pickle>
@@ -142,9 +119,7 @@
      <dictionary>
        <item>
            <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>erp5_ui</string> </value>
        </item>
        <item>
            <key> <string>property_name</string> </key>

--- a/bt5/erp5_certificate_authority/PortalTypeTypeMixinTemplateItem/type_mixin.xml
+++ b/bt5/erp5_certificate_authority/PortalTypeTypeMixinTemplateItem/type_mixin.xml
+<type_mixin>
+ <portal_type id="Certificate Login">
+  <item>CertificateLoginMixin</item>
+ </portal_type>
+</type_mixin>
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view.xml
@@ -106,6 +106,7 @@
                    <key> <string>right</string> </key>
                    <value>
                      <list>
+                        <string>my_destination_reference</string>
                        <string>my_translated_validation_state_title</string>
                      </list>
                    </value>

--- a/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view/my_destination_reference.xml
+++ b/bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view/my_destination_reference.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_destination_reference</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_view_mode_read_only_reference</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Authorisation Identity</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.py
+++ b/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.py
--- a/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.xml
+++ b/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.xml
@@ -8,7 +8,7 @@
      <dictionary>
        <item>
            <key> <string>default_reference</string> </key>
-            <value> <string>testCertificateAuthorityTool</string> </value>
+            <value> <string>testCertificateAuthorityPerson</string> </value>
        </item>
        <item>
            <key> <string>default_source_reference</string> </key>
@@ -22,7 +22,7 @@
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>test.erp5_certificate_authority.testCertificateAuthorityTool</string> </value>
+            <value> <string>test.erp5.testCertificateAuthorityPerson</string> </value>
        </item>
        <item>
            <key> <string>portal_type</string> </key>
@@ -48,7 +48,7 @@
        </item>
        <item>
            <key> <string>version</string> </key>
-            <value> <string>erp5_certificate_authority</string> </value>
+            <value> <string>erp5</string> </value>
        </item>
        <item>
            <key> <string>workflow_history</string> </key>

--- a/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.py
+++ b/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.py
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2005 Nexedi SARL and Contributors. All Rights Reserved.
+#                     Ivan Tyagov <ivan@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+import os
+import random
+from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+from erp5.component.tool.CertificateAuthorityTool import CertificateAuthorityBusy
+#from AccessControl import Unauthorized
+
+class TestCertificateAuthorityTool(ERP5TypeTestCase):
+
+  def afterSetUp(self):
+    if "TEST_CA_PATH" in os.environ:
+      self.portal.portal_certificate_authority.certificate_authority_path = \
+          os.environ['TEST_CA_PATH']
+
+  def getBusinessTemplateList(self):
+    return ('erp5_base', 'erp5_certificate_authority')
+
+  def test_lock_unlock(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    certificate_authority_tool._checkCertificateAuthority()
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+      certificate_authority_tool._unlockCertificateAuthority()
+      certificate_authority_tool._lockCertificateAuthority()
+      self.assertRaises(CertificateAuthorityBusy, certificate_authority_tool._lockCertificateAuthority)
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+
+  def test_getNewCertificate(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertNotEqual(None, certificate_dict['key'])
+    self.assertNotEqual(None, certificate_dict['certificate'])
+
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    # Check serial
+    serial = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(serial, [certificate_dict['id'].upper()])
+
+    self.assertRaises(ValueError,
+      certificate_authority_tool.getNewCertificate, common_name)
+
+  def test_getNewCertificate_locked(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    certificate_authority_tool._checkCertificateAuthority()
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+
+      common_name = str(random.random())
+      self.assertRaises(CertificateAuthorityBusy,
+        certificate_authority_tool.getNewCertificate, common_name)
+      certificate_authority_tool._unlockCertificateAuthority()
+      certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+      self.assertEqual(common_name, certificate_dict['common_name'])
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+
+  def test_revokeCertificate_raise(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    common_name = str(random.random())
+    self.assertRaises(ValueError,
+        certificate_authority_tool.revokeCertificate, common_name)
+
+  def test_revokeCertificate(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    # Check serial
+    serial_list = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(len(serial_list), 1)
+    self.assertEqual(serial_list[0], certificate_dict['id'].upper())
+
+    revoke_dict = certificate_authority_tool.revokeCertificate(serial_list[0])
+    self.assertNotEqual(revoke_dict['crl'], None)
+
+    # No valid certificate anymore
+    self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+
+  def test_revokeCertificateByName(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    serial_list = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(len(serial_list), 1)
+    self.assertEqual(serial_list[0], certificate_dict['id'].upper())
+
+    response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
+    self.assertEqual(None, response)
+
+    # No valid certificate anymore
+    self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+
+  def test_revokeCertificate_locked(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+
+      self.assertRaises(CertificateAuthorityBusy,
+        certificate_authority_tool.revokeCertificateByCommonName, common_name)
+      certificate_authority_tool._unlockCertificateAuthority()
+      response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
+      self.assertEqual(None, response)
+      # No valid certificate anymore
+      self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+
--- a/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.xml
+++ b/bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Test Component" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>testCertificateAuthorityTool</string> </value>
+        </item>
+        <item>
+            <key> <string>default_source_reference</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>test.erp5.testCertificateAuthorityTool</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Test Component</string> </value>
+        </item>
+        <item>
+            <key> <string>sid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_error_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_warning_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>version</string> </key>
+            <value> <string>erp5</string> </value>
+        </item>
+        <item>
+            <key> <string>workflow_history</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>component_validation_workflow</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_log</string> </key>
+            <value>
+              <list>
+                <dictionary>
+                  <item>
+                      <key> <string>action</string> </key>
+                      <value> <string>validate</string> </value>
+                  </item>
+                  <item>
+                      <key> <string>validation_state</string> </key>
+                      <value> <string>validated</string> </value>
+                  </item>
+                </dictionary>
+              </list>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/bt5/erp5_certificate_authority/bt/template_mixin_id_list
+++ b/bt5/erp5_certificate_authority/bt/template_mixin_id_list
+mixin.erp5.CertificateLoginMixin
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_portal_type_type_mixin_list
+++ b/bt5/erp5_certificate_authority/bt/template_portal_type_type_mixin_list
+Certificate Login | CertificateLoginMixin
\ No newline at end of file
--- a/bt5/erp5_certificate_authority/bt/template_test_id_list
+++ b/bt5/erp5_certificate_authority/bt/template_test_id_list
-test.erp5_certificate_authority.testCertificateAuthorityTool
\ No newline at end of file
+test.erp5.testCertificateAuthorityPerson
+test.erp5.testCertificateAuthorityTool
\ No newline at end of file