Commit fb5c849a authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_certificate_authority: Ensure to invalidate all serials for a given CN

   if a duplicated certificate (with same CN) is eventually generated by a
   bug or external tool (for whatever reason), revoke should revoke them all.
parent 5224c417
...@@ -281,15 +281,15 @@ class CertificateAuthorityTool(BaseTool): ...@@ -281,15 +281,15 @@ class CertificateAuthorityTool(BaseTool):
index = open(self.index).read().splitlines() index = open(self.index).read().splitlines()
valid_line_list = [q for q in index if q.startswith('V') and valid_line_list = [q for q in index if q.startswith('V') and
('CN=%s/' % common_name in q)] ('CN=%s/' % common_name in q)]
if len(valid_line_list) != 1: if len(valid_line_list) < 1:
raise ValueError('No certificate for %r' % common_name) raise ValueError('No certificate for %r' % common_name)
return valid_line_list[0].split('\t')[3] return [l.split('\t')[3] for l in valid_line_list]
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'revokeCertificate') 'revokeCertificateByCommonName')
def revokeCertificateByCommonName(self, common_name): def revokeCertificateByCommonName(self, common_name):
self._checkCertificateAuthority() self._checkCertificateAuthority()
serial = self._getValidSerial(common_name) for serial in self._getValidSerial(common_name):
self.revokeCertificate(serial) self.revokeCertificate(serial)
InitializeClass(CertificateAuthorityTool) InitializeClass(CertificateAuthorityTool)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment