Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
feaf1ebe
Commit
feaf1ebe
authored
Jan 16, 2013
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
CertificateAuthorityTool: fix cleanup and exception handling when generating or revoking certs
parent
9016d309
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
14 deletions
+20
-14
product/ERP5/Tool/CertificateAuthorityTool.py
product/ERP5/Tool/CertificateAuthorityTool.py
+20
-14
No files found.
product/ERP5/Tool/CertificateAuthorityTool.py
View file @
feaf1ebe
...
...
@@ -27,6 +27,8 @@
#
##############################################################################
import
glob
,
os
,
subprocess
,
sys
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Globals
import
InitializeClass
from
Products.ERP5Type.Tool.BaseTool
import
BaseTool
...
...
@@ -34,9 +36,6 @@ from Products.ERP5Type import Permissions
from
Products.PageTemplates.PageTemplateFile
import
PageTemplateFile
from
zLOG
import
LOG
,
INFO
import
os
import
subprocess
def
popenCommunicate
(
command_list
,
input
=
None
,
**
kwargs
):
kwargs
.
update
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
popen
=
subprocess
.
Popen
(
command_list
,
**
kwargs
)
...
...
@@ -216,14 +215,15 @@ class CertificateAuthorityTool(BaseTool):
id
=
new_id
,
common_name
=
common_name
)
except
:
e
=
sys
.
exc_info
()
try
:
for
p
in
[
key
,
csr
,
cert
]
:
for
p
in
key
,
csr
,
cert
:
if
os
.
path
.
exists
(
p
):
os
.
unlink
(
p
)
except
:
# do not raise during cleanup
pass
raise
raise
e
[
0
],
e
[
1
],
e
[
2
]
finally
:
self
.
_unlockCertificateAuthority
()
...
...
@@ -241,26 +241,32 @@ class CertificateAuthorityTool(BaseTool):
cert
=
os
.
path
.
join
(
self
.
certificate_authority_path
,
'certs'
,
serial
.
lower
()
+
'.crt'
)
if
not
os
.
path
.
exists
(
cert
):
raise
ValueError
(
'Certificate with serial %r does not exists'
%
serial
)
raise
ValueError
(
'Certificate with serial %r does not exist'
%
serial
)
created
=
[
crl
]
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-revoke'
,
cert
])
try
:
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-revoke'
,
cert
])
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-config'
,
self
.
openssl_config
,
'-gencrl'
,
'-out'
,
crl
])
hash
=
popenCommunicate
([
self
.
openssl_binary
,
'crl'
,
'-noout'
,
'-hash'
,
'-in'
,
crl
]).
strip
()
previous_id
=
int
(
len
([
q
for
q
in
os
.
listdir
(
crl_path
)
if
hash
in
q
]))
os
.
symlink
(
crl
,
os
.
path
.
join
(
crl_path
,
'%s.%s'
%
(
hash
,
previous_id
)))
alias
=
os
.
path
.
join
(
crl_path
,
popenCommunicate
([
self
.
openssl_binary
,
'crl'
,
'-noout'
,
'-hash'
,
'-in'
,
crl
]).
strip
()
+
'.'
)
alias
+=
str
(
len
(
glob
.
glob
(
alias
+
'*'
)))
created
.
append
(
alias
)
os
.
symlink
(
crl
,
alias
)
return
dict
(
crl
=
open
(
crl
).
read
())
except
:
e
=
sys
.
exc_info
()
try
:
for
p
in
[
crl
]:
for
p
in
'index.txt'
,
'crlnumber'
:
p
=
os
.
path
.
join
(
self
.
certificate_authority_path
,
p
)
os
.
rename
(
p
+
'.old'
,
p
)
for
p
in
created
:
if
os
.
path
.
exists
(
p
):
os
.
unlink
(
p
)
except
:
# do not raise during cleanup
pass
raise
raise
e
[
0
],
e
[
1
],
e
[
2
]
finally
:
self
.
_unlockCertificateAuthority
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment