Commit f9819934 authored by Alain Takoudjou's avatar Alain Takoudjou Committed by Alain Takoudjou

use crt_id istead of serial when revoke directly a certificate

parent 7a09ecac
...@@ -345,14 +345,15 @@ class CertificateAuthority(object): ...@@ -345,14 +345,15 @@ class CertificateAuthority(object):
utils.getSerialToInt(crt), utils.getSerialToInt(crt),
reason) reason)
def revokeCertificateFromSerial(self, serial): def revokeCertificateFromID(self, crt_id):
""" """
Directly revoke a certificate from serial Directly revoke a certificate from crt_id
@param serial: The serial of the certificate (int) @param crt_id: The ID of the certificate (string)
""" """
return self._storage.revokeCertificate( return self._storage.revokeCertificate(
serial, crt_id=crt_id,
reason="") reason="")
def renew(self, wrapped_csr): def renew(self, wrapped_csr):
......
...@@ -326,20 +326,29 @@ class Storage(object): ...@@ -326,20 +326,29 @@ class Storage(object):
return data_list return data_list
def revokeCertificate(self, serial, reason=''): def revokeCertificate(self, serial=None, crt_id=None, reason=''):
""" """
Add serial to the list of revoked certificates. Add serial to the list of revoked certificates.
Associated certificate must expire at (or before) not_after_date, so Associated certificate must expire at (or before) not_after_date, so
revocation can be pruned. revocation can be pruned.
serial or crt_id should be send to get the certificate. If both are set,
serial is used.
""" """
cert = Certificate.query.filter( if serial is None and crt_id is None:
Certificate.status == STATUS_VALIDATED raise ValueError("serial or crt_id are not set to revokeCertificate.")
).filter(
Certificate.serial == serial query = Certificate.query.filter(Certificate.status == STATUS_VALIDATED)
).first() if serial:
query = query.filter(Certificate.serial == serial)
else:
query = query.filter(Certificate.crt_id == crt_id)
cert = query.first()
if not cert: if not cert:
raise NotFound('No certficate with serial %r' % (serial, )) raise NotFound('No certficate with serial or id %r found!' % (
serial or crt_id, ))
expire_in = cert.expire_after - datetime.utcnow() expire_in = cert.expire_after - datetime.utcnow()
if expire_in.days < 0: if expire_in.days < 0:
......
...@@ -606,7 +606,7 @@ def request_revoke_crt(): ...@@ -606,7 +606,7 @@ def request_revoke_crt():
response = Response("", status=201, ) response = Response("", status=201, )
return response return response
@app.route('/crt/revoke/serial', methods=['PUT']) @app.route('/crt/revoke/id', methods=['PUT'])
@authenticated_method @authenticated_method
def revoke_crt(): def revoke_crt():
""" """
...@@ -614,8 +614,12 @@ def revoke_crt(): ...@@ -614,8 +614,12 @@ def revoke_crt():
""" """
try: try:
serial = request.form.get('serial', '') crt_id = request.form.get('crt_id', '')
app.config.ca.revokeCertificateFromSerial(serial) if not crt_id:
raise FlaskException("'crt_id' parameter is mandatory",
payload={"name": "MissingParameter", "code": 2})
app.config.ca.revokeCertificateFromID(crt_id)
except ValueError, e: except ValueError, e:
traceback.print_exc() traceback.print_exc()
raise FlaskException(str(e), raise FlaskException(str(e),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment