erp5_certificate_authority: Ensure to invalidate all serials for a given CN

if a duplicated certificate (with same CN) is eventually generated by a bug or external tool (for whatever reason), revoke should revoke them all.

erp5_certificate_authority: Ensure to invalidate all serials for a given CN
if a duplicated certificate (with same CN) is eventually generated by a bug or external tool (for whatever reason), revoke should revoke them all.
49f6cb18 · Rafael Monnerat · c2a7e1e8 · 49f6cb18
Commit 49f6cb18 authored Jul 27, 2023 by Rafael Monnerat
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.py ...m/portal_components/tool.erp5.CertificateAuthorityTool.py +5 -5

No files found.
--- a/bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.py
+++ b/bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.py
@@ -281,15 +281,15 @@ class CertificateAuthorityTool(BaseTool):
    index = open(self.index).read().splitlines()
    valid_line_list = [q for q in index if q.startswith('V') and
      ('CN=%s/' % common_name in q)]
-    if len(valid_line_list) != 1:
+    if len(valid_line_list) < 1:
      raise ValueError('No certificate for %r' % common_name)
-    return valid_line_list[0].split('\t')[3]
+    return [l.split('\t')[3] for l in valid_line_list]

  security.declareProtected(Permissions.AccessContentsInformation,
-    'revokeCertificate')
+    'revokeCertificateByCommonName')
  def revokeCertificateByCommonName(self, common_name):
    self._checkCertificateAuthority()
-    serial = self._getValidSerial(common_name)
-    self.revokeCertificate(serial)
+    for serial in self._getValidSerial(common_name):
+      self.revokeCertificate(serial)

 InitializeClass(CertificateAuthorityTool)