Support multiple certificates per user

See merge request nexedi/erp5!1811

bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/get_certificate.xml → bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Certificate%20Login/get_certificate.xml

@@ -26,7 +26,9 @@
         </item>
         <item>
             <key> <string>condition</string> </key>
-            <value> <string></string> </value>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
         </item>
         <item>
             <key> <string>description</string> </key>
@@ -56,7 +58,7 @@
         </item>
         <item>
             <key> <string>priority</string> </key>
-            <value> <float>10.0</float> </value>
+            <value> <float>11.0</float> </value>
         </item>
         <item>
             <key> <string>title</string> </key>
@@ -77,7 +79,20 @@
       <dictionary>
         <item>
             <key> <string>text</string> </key>
-            <value> <string>string:${object_url}/Person_getCertificate</string> </value>
+            <value> <string>string:${object_url}/CertificateLogin_getCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>python: here.getDestinationReference() is None</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Person/revoke_certificate.xml → bt5/erp5_certificate_authority/ActionTemplateItem/portal_types/Certificate%20Login/revoke_certificate.xml

@@ -26,7 +26,9 @@
         </item>
         <item>
             <key> <string>condition</string> </key>
-            <value> <string></string> </value>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
         </item>
         <item>
             <key> <string>description</string> </key>
@@ -77,7 +79,20 @@
       <dictionary>
         <item>
             <key> <string>text</string> </key>
-            <value> <string>string:${object_url}/Person_revokeCertificate</string> </value>
+            <value> <string>string:${object_url}/CertificateLogin_revokeCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>python: here.getDestinationReference() is not None</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5_certificate_authority.Person.py

@@ -5,30 +5,7 @@ from Products.ERP5Type import Permissions
 class Person(ERP5Person):
   security = ClassSecurityInfo()
 
-  def _getCertificateLoginDocument(self):
-    for _erp5_login in self.objectValues(
-          portal_type=["ERP5 Login"]):
-      if _erp5_login.getValidationState() == "validated" and \
-        _erp5_login.getReference() == self.getUserId():
-        # The user already created a Login document as UserId, so
-        # So just use this one.
-        return _erp5_login
-
-    for _certificate_login in self.objectValues(
-         portal_type=["Certificate Login"]):
-      if _certificate_login.getValidationState() == "validated":
-        return _certificate_login
-
-    certificate_login = self.newContent(
-      portal_type="Certificate Login",
-      # For now use UserId as easy way.
-      reference=self.getUserId()
-    )
-    certificate_login.validate()
-    return certificate_login
-
-
-  def _checkCertificateRequest(self):
+  def checkCertificateRequest(self):
     try:
       self.checkUserCanChangePassword()
     except Unauthorized:
@@ -41,25 +18,20 @@ class Person(ERP5Person):
       if getSecurityManager().getUser().getId() != user_id:
         raise
 
-  def _getCertificate(self):
-    return self.getPortalObject().portal_certificate_authority\
-      .getNewCertificate(self._getCertificateLoginDocument().getReference())
-
-  def _revokeCertificate(self):
-    return self.getPortalObject().portal_certificate_authority\
-      .revokeCertificateByCommonName(self._getCertificateLoginDocument().getReference())
-
-  security.declarePublic('getCertificate')
-  def getCertificate(self):
-    """Returns new SSL certificate"""
-    self._checkCertificateRequest()
-    return self._getCertificate()
-
-  security.declarePublic('revokeCertificate')
-  def revokeCertificate(self):
-    """Revokes existing certificate"""
-    self._checkCertificateRequest()
-    self._revokeCertificate()
+  def _generateCertificate(self):
+    certificate_login = self.newContent(
+      portal_type="Certificate Login",
+    )
+    certificate_dict = certificate_login.getCertificate()
+    certificate_login.validate()
+    return certificate_dict
+
+  security.declarePublic('generateCertificate')
+  def generateCertificate(self):
+    """Returns new SSL certificate
+       This API was kept for backward compatibility"""
+    self.checkCertificateRequest()
+    return self._generateCertificate()
 
   security.declareProtected(Permissions.AccessContentsInformation,
                             'getTitle')

bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.py

+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2023 Nexedi SA and Contributors. All Rights Reserved.
+#                    Rafael Monnerat <rafael@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly advised to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from AccessControl import ClassSecurityInfo
+
+class CertificateLoginMixin:
+  security = ClassSecurityInfo()
+
+  def _getCertificate(self):
+    portal = self.getPortalObject()
+    _id = self._generateRandomId()
+    reference = 'CERTLOGIN-%i-%s' % (
+      portal.portal_ids.generateNewId(
+        id_group='certificate_login',
+        id_generator='non_continuous_integer_increasing',
+      ), _id
+    )
+    self.setReference(reference)
+    certificate_dict = self.getPortalObject().portal_certificate_authority\
+      .getNewCertificate(self.getReference())
+    self.setDestinationReference(certificate_dict['id'])
+    return certificate_dict
+
+  def _revokeCertificate(self):
+    if self.getDestinationReference() is not None:
+      certificate_dict = self.getPortalObject().portal_certificate_authority\
+        .revokeCertificate(self.getDestinationReference())
+      self.setDestinationReference(None)
+      return certificate_dict
+    elif self.getReference() is not None:
+      # Backward compatibility whenever the serial wast set
+      certificate_dict = self.getPortalObject().portal_certificate_authority\
+        .revokeCertificateByCommonName(self.getReference())
+      # Ensure it is None
+      self.setDestinationReference(None)
+      return certificate_dict
+    else:
+      raise ValueError("No certificate found to revoke!")
+
+  security.declarePublic('getCertificate')
+  def getCertificate(self):
+    """Returns new SSL certificate"""
+    if self.getDestinationReference() is not None:
+      raise ValueError("Certificate was already issued, please revoke first.")
+    return self._getCertificate()
+
+  security.declarePublic('revokeCertificate')
+  def revokeCertificate(self):
+    """Revokes existing certificate"""
+    self._revokeCertificate()

bt5/erp5_certificate_authority/MixinTemplateItem/portal_components/mixin.erp5.CertificateLoginMixin.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Mixin Component" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>CertificateLoginMixin</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>mixin.erp5.CertificateLoginMixin</string> </value>
+        </item>
+        <item>
+            <key> <string>sid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_error_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_warning_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>version</string> </key>
+            <value> <string>erp5</string> </value>
+        </item>
+        <item>
+            <key> <string>workflow_history</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>component_validation_workflow</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_log</string> </key>
+            <value>
+              <list>
+                <dictionary>
+                  <item>
+                      <key> <string>action</string> </key>
+                      <value> <string>validate</string> </value>
+                  </item>
+                  <item>
+                      <key> <string>validation_state</string> </key>
+                      <value> <string>validated</string> </value>
+                  </item>
+                </dictionary>
+              </list>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_certificate_authority/PortalTypeTemplateItem/portal_types/Certificate%20Authority%20Tool.xml

@@ -10,22 +10,16 @@
             <key> <string>_property_domain_dict</string> </key>
             <value>
               <dictionary>
-                <item>
-                    <key> <string>description</string> </key>
-                    <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-                    </value>
-                </item>
                 <item>
                     <key> <string>short_title</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
                     </value>
                 </item>
                 <item>
                     <key> <string>title</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -45,9 +39,7 @@
         </item>
         <item>
             <key> <string>description</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>Certificate Authority Tool contains Certificate Authority.</string> </value>
         </item>
         <item>
             <key> <string>factory</string> </key>
@@ -79,9 +71,15 @@
               <none/>
             </value>
         </item>
+        <item>
+            <key> <string>searchable_text_property_id</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
-            <value> <string>Contribution Tool</string> </value>
+            <value> <string></string> </value>
         </item>
         <item>
             <key> <string>type_class</string> </key>
@@ -104,28 +102,7 @@
       <dictionary>
         <item>
             <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>property_name</string> </key>
-            <value> <string>description</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
-    <pickle>
-      <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>erp5_ui</string> </value>
         </item>
         <item>
             <key> <string>property_name</string> </key>
@@ -134,7 +111,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="4" aka="AAAAAAAAAAQ=">
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
     </pickle>
@@ -142,9 +119,7 @@
       <dictionary>
         <item>
             <key> <string>domain_name</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>erp5_ui</string> </value>
         </item>
         <item>
             <key> <string>property_name</string> </key>

bt5/erp5_certificate_authority/PortalTypeTypeMixinTemplateItem/type_mixin.xml

+<type_mixin>
+ <portal_type id="Certificate Login">
+  <item>CertificateLoginMixin</item>
+ </portal_type>
+</type_mixin>
\ No newline at end of file

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificate.py → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_getCertificate.py

+parent = context.getParentValue()
+
+if parent.getPortalType() == "Person":
+  parent.checkCertificateRequest()
+
 certificate = context.getCertificate()
 request = context.REQUEST
 request.set('your_certificate', certificate['certificate'])
 request.set('your_key', certificate['key'])
-return context.Person_viewCertificateDialog()
+return context.CertificateLogin_viewCertificateDialog(
+  keep_items = {'portal_status_message' : 'Certificate generated.'}
+)

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_revokeCertificate.xml → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_getCertificate.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_revokeCertificate</string> </value>
+            <value> <string>CertificateLogin_getCertificate</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_revokeCertificate.py → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_revokeCertificate.py

+parent = context.getParentValue()
+
+if parent.getPortalType() == "Person":
+  parent.checkCertificateRequest()
+
 context.revokeCertificate()
 return context.Base_redirect(form_id, keep_items = {'portal_status_message' : 'Certificate revoked.'},  **kw)

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_getCertificate.xml → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_revokeCertificate.xml

@@ -54,7 +54,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_getCertificate</string> </value>
+            <value> <string>CertificateLogin_revokeCertificate</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view.xml

@@ -106,6 +106,7 @@
                     <key> <string>right</string> </key>
                     <value>
                       <list>
+                        <string>my_destination_reference</string>
                         <string>my_translated_validation_state_title</string>
                       </list>
                     </value>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view/my_destination_reference.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_destination_reference</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_view_mode_read_only_reference</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Authorisation Identity</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_view/my_reference.xml

@@ -78,7 +78,7 @@
                 </item>
                 <item>
                     <key> <string>field_id</string> </key>
-                    <value> <string>my_string_field</string> </value>
+                    <value> <string>my_view_mode_read_only_reference</string> </value>
                 </item>
                 <item>
                     <key> <string>form_id</string> </key>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_viewCertificateDialog.xml → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_viewCertificateDialog.xml

@@ -41,6 +41,10 @@
             <key> <string>action</string> </key>
             <value> <string></string> </value>
         </item>
+        <item>
+            <key> <string>action_title</string> </key>
+            <value> <string></string> </value>
+        </item>
         <item>
             <key> <string>description</string> </key>
             <value> <string></string> </value>
@@ -115,7 +119,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Person_viewCertificateDialog</string> </value>
+            <value> <string>CertificateLogin_viewCertificateDialog</string> </value>
         </item>
         <item>
             <key> <string>method</string> </key>
@@ -123,7 +127,7 @@
         </item>
         <item>
             <key> <string>name</string> </key>
-            <value> <string>Person_viewCertificateDialog</string> </value>
+            <value> <string>CertificateLogin_viewCertificateDialog</string> </value>
         </item>
         <item>
             <key> <string>pt</string> </key>
@@ -139,7 +143,7 @@
         </item>
         <item>
             <key> <string>title</string> </key>
-            <value> <string>Certificate Request</string> </value>
+            <value> <string>Request Certificate</string> </value>
         </item>
         <item>
             <key> <string>unicode_mode</string> </key>

bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/Person_viewCertificateDialog/your_tip.xml → bt5/erp5_certificate_authority/SkinTemplateItem/portal_skins/erp5_certificate_authority/CertificateLogin_viewCertificateDialog/your_tip.xml

@@ -211,7 +211,9 @@
                     <key> <string>default</string> </key>
                     <value> <string>Please copy both key and certificate.\n
 \n
-They are NOT stored anywhere for security reason.</string> </value>
+They are NOT stored anywhere for security reason.\n
+\n
+To activate the certificate, you still have to validate the Certificate Login</string> </value>
                 </item>
                 <item>
                     <key> <string>description</string> </key>

bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5_certificate_authority.testCertificateAuthorityTool.xml → bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityPerson.xml

@@ -8,7 +8,7 @@
       <dictionary>
         <item>
             <key> <string>default_reference</string> </key>
-            <value> <string>testCertificateAuthorityTool</string> </value>
+            <value> <string>testCertificateAuthorityPerson</string> </value>
         </item>
         <item>
             <key> <string>default_source_reference</string> </key>
@@ -22,7 +22,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>test.erp5_certificate_authority.testCertificateAuthorityTool</string> </value>
+            <value> <string>test.erp5.testCertificateAuthorityPerson</string> </value>
         </item>
         <item>
             <key> <string>portal_type</string> </key>
@@ -48,7 +48,7 @@
         </item>
         <item>
             <key> <string>version</string> </key>
-            <value> <string>erp5_certificate_authority</string> </value>
+            <value> <string>erp5</string> </value>
         </item>
         <item>
             <key> <string>workflow_history</string> </key>

bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.py

+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2005 Nexedi SARL and Contributors. All Rights Reserved.
+#                     Ivan Tyagov <ivan@nexedi.com>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+import os
+import random
+from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+from erp5.component.tool.CertificateAuthorityTool import CertificateAuthorityBusy
+#from AccessControl import Unauthorized
+
+class TestCertificateAuthorityTool(ERP5TypeTestCase):
+
+  def afterSetUp(self):
+    if "TEST_CA_PATH" in os.environ:
+      self.portal.portal_certificate_authority.certificate_authority_path = \
+          os.environ['TEST_CA_PATH']
+
+  def getBusinessTemplateList(self):
+    return ('erp5_base', 'erp5_certificate_authority')
+
+  def test_lock_unlock(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    certificate_authority_tool._checkCertificateAuthority()
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+      certificate_authority_tool._unlockCertificateAuthority()
+      certificate_authority_tool._lockCertificateAuthority()
+      self.assertRaises(CertificateAuthorityBusy, certificate_authority_tool._lockCertificateAuthority)
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+
+  def test_getNewCertificate(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertNotEqual(None, certificate_dict['key'])
+    self.assertNotEqual(None, certificate_dict['certificate'])
+
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    # Check serial
+    serial = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(serial, [certificate_dict['id'].upper()])
+
+    self.assertRaises(ValueError,
+      certificate_authority_tool.getNewCertificate, common_name)
+
+  def test_getNewCertificate_locked(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    certificate_authority_tool._checkCertificateAuthority()
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+
+      common_name = str(random.random())
+      self.assertRaises(CertificateAuthorityBusy,
+        certificate_authority_tool.getNewCertificate, common_name)
+      certificate_authority_tool._unlockCertificateAuthority()
+      certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+      self.assertEqual(common_name, certificate_dict['common_name'])
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+
+  def test_revokeCertificate_raise(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    common_name = str(random.random())
+    self.assertRaises(ValueError,
+        certificate_authority_tool.revokeCertificate, common_name)
+
+  def test_revokeCertificate(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    # Check serial
+    serial_list = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(len(serial_list), 1)
+    self.assertEqual(serial_list[0], certificate_dict['id'].upper())
+
+    revoke_dict = certificate_authority_tool.revokeCertificate(serial_list[0])
+    self.assertNotEqual(revoke_dict['crl'], None)
+
+    # No valid certificate anymore
+    self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+
+  def test_revokeCertificateByName(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+    self.assertNotEqual(None, certificate_dict['id'])
+    self.assertIn('CN=%s' % common_name, certificate_dict['certificate'])
+
+    serial_list = certificate_authority_tool._getValidSerial(common_name)
+    self.assertEqual(len(serial_list), 1)
+    self.assertEqual(serial_list[0], certificate_dict['id'].upper())
+
+    response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
+    self.assertEqual(None, response)
+
+    # No valid certificate anymore
+    self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+
+  def test_revokeCertificate_locked(self):
+    certificate_authority_tool = self.portal.portal_certificate_authority
+    common_name = str(random.random())
+    certificate_dict = certificate_authority_tool.getNewCertificate(common_name)
+    self.assertEqual(common_name, certificate_dict['common_name'])
+
+    try:
+      certificate_authority_tool._lockCertificateAuthority()
+
+      self.assertRaises(CertificateAuthorityBusy,
+        certificate_authority_tool.revokeCertificateByCommonName, common_name)
+      certificate_authority_tool._unlockCertificateAuthority()
+      response = certificate_authority_tool.revokeCertificateByCommonName(common_name)
+      self.assertEqual(None, response)
+      # No valid certificate anymore
+      self.assertRaises(ValueError, certificate_authority_tool._getValidSerial, common_name)
+    finally:
+      certificate_authority_tool._unlockCertificateAuthority()
+

bt5/erp5_certificate_authority/TestTemplateItem/portal_components/test.erp5.testCertificateAuthorityTool.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Test Component" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>default_reference</string> </key>
+            <value> <string>testCertificateAuthorityTool</string> </value>
+        </item>
+        <item>
+            <key> <string>default_source_reference</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>test.erp5.testCertificateAuthorityTool</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Test Component</string> </value>
+        </item>
+        <item>
+            <key> <string>sid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_error_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>text_content_warning_message</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>version</string> </key>
+            <value> <string>erp5</string> </value>
+        </item>
+        <item>
+            <key> <string>workflow_history</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>component_validation_workflow</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_log</string> </key>
+            <value>
+              <list>
+                <dictionary>
+                  <item>
+                      <key> <string>action</string> </key>
+                      <value> <string>validate</string> </value>
+                  </item>
+                  <item>
+                      <key> <string>validation_state</string> </key>
+                      <value> <string>validated</string> </value>
+                  </item>
+                </dictionary>
+              </list>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_certificate_authority/ToolComponentTemplateItem/portal_components/tool.erp5.CertificateAuthorityTool.py

@@ -281,15 +281,15 @@ class CertificateAuthorityTool(BaseTool):
     index = open(self.index).read().splitlines()
     valid_line_list = [q for q in index if q.startswith('V') and
       ('CN=%s/' % common_name in q)]
-    if len(valid_line_list) != 1:
+    if len(valid_line_list) < 1:
       raise ValueError('No certificate for %r' % common_name)
-    return valid_line_list[0].split('\t')[3]
+    return [l.split('\t')[3] for l in valid_line_list]
 
   security.declareProtected(Permissions.AccessContentsInformation,
-    'revokeCertificate')
+    'revokeCertificateByCommonName')
   def revokeCertificateByCommonName(self, common_name):
     self._checkCertificateAuthority()
-    serial = self._getValidSerial(common_name)
-    self.revokeCertificate(serial)
+    for serial in self._getValidSerial(common_name):
+      self.revokeCertificate(serial)
 
 InitializeClass(CertificateAuthorityTool)

bt5/erp5_certificate_authority/bt/template_action_path_list

-Certificate Login | view
-Person | get_certificate
-Person | revoke_certificate
+Certificate Login | get_certificate
+Certificate Login | revoke_certificate
+Certificate Login | view
\ No newline at end of file

bt5/erp5_certificate_authority/bt/template_mixin_id_list

+mixin.erp5.CertificateLoginMixin
\ No newline at end of file

bt5/erp5_certificate_authority/bt/template_portal_type_type_mixin_list

+Certificate Login | CertificateLoginMixin
\ No newline at end of file

bt5/erp5_certificate_authority/bt/template_test_id_list

-test.erp5_certificate_authority.testCertificateAuthorityTool
+test.erp5.testCertificateAuthorityPerson
\ No newline at end of file
+test.erp5.testCertificateAuthorityTool
\ No newline at end of file