Commit b4baa57e authored by Romain Courteaud's avatar Romain Courteaud

Simplify computer certificate management.

Do not generate certificate when requesting a computer.
Reduce number of method in libslap.
parent 94883c3c
...@@ -70,7 +70,7 @@ context.REQUEST.set("computer_key", certificate_dict["key"])\n ...@@ -70,7 +70,7 @@ context.REQUEST.set("computer_key", certificate_dict["key"])\n
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Computer_getCertificate</string> </value> <value> <string>Computer_generateCertificate</string> </value>
</item> </item>
</dictionary> </dictionary>
</pickle> </pickle>
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
<tuple> <tuple>
<string>approve_computer_registration</string> <string>approve_computer_registration</string>
<string>create_computer_registration</string> <string>create_computer_registration</string>
<string>get_certificate</string> <string>generate_certificate</string>
<string>report_computer_bang</string> <string>report_computer_bang</string>
<string>request_computer_registration</string> <string>request_computer_registration</string>
<string>request_software_release</string> <string>request_software_release</string>
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
</item> </item>
<item> <item>
<key> <string>after_script_name</string> </key> <key> <string>after_script_name</string> </key>
<value> <string>Computer_getCertificate</string> </value> <value> <string>Computer_generateCertificate</string> </value>
</item> </item>
<item> <item>
<key> <string>description</string> </key> <key> <string>description</string> </key>
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>get_certificate</string> </value> <value> <string>generate_certificate</string> </value>
</item> </item>
<item> <item>
<key> <string>new_state_id</string> </key> <key> <string>new_state_id</string> </key>
......
...@@ -72,19 +72,16 @@ if (portal.portal_activities.countMessageWithTag(tag) > 0):\n ...@@ -72,19 +72,16 @@ if (portal.portal_activities.countMessageWithTag(tag) > 0):\n
raise NotImplementedError(tag)\n raise NotImplementedError(tag)\n
\n \n
computer_portal_type = "Computer"\n computer_portal_type = "Computer"\n
certificate_dict = {\'certificate\': None, \'key\': None}\n
computer = portal.portal_catalog.getResultValue(portal_type=computer_portal_type, title=computer_title)\n computer = portal.portal_catalog.getResultValue(portal_type=computer_portal_type, title=computer_title)\n
if computer is None:\n if computer is None:\n
reference = "COMP-%s" % portal.portal_ids.generateNewId(\n reference = "COMP-%s" % portal.portal_ids.generateNewId(\n
id_group=\'slap_computer_reference\',\n id_group=\'slap_computer_reference\',\n
id_generator=\'uid\')\n id_generator=\'uid\')\n
certificate_dict = portal.portal_certificate_authority.getNewCertificate(reference)\n
module = portal.getDefaultModule(portal_type=computer_portal_type)\n module = portal.getDefaultModule(portal_type=computer_portal_type)\n
computer = module.newContent(\n computer = module.newContent(\n
portal_type=computer_portal_type,\n portal_type=computer_portal_type,\n
title=computer_title,\n title=computer_title,\n
reference=reference,\n reference=reference,\n
destination_reference=certificate_dict["id"],\n
capacity_scope=\'open\',\n capacity_scope=\'open\',\n
activate_kw={\'tag\': tag}\n activate_kw={\'tag\': tag}\n
)\n )\n
...@@ -94,8 +91,6 @@ if computer is None:\n ...@@ -94,8 +91,6 @@ if computer is None:\n
\n \n
computer = context.restrictedTraverse(computer.getRelativeUrl())\n computer = context.restrictedTraverse(computer.getRelativeUrl())\n
\n \n
context.REQUEST.set("computer_certificate", certificate_dict["certificate"])\n
context.REQUEST.set("computer_key", certificate_dict["key"])\n
context.REQUEST.set("computer", computer.getRelativeUrl())\n context.REQUEST.set("computer", computer.getRelativeUrl())\n
context.REQUEST.set("computer_url", computer.absolute_url())\n context.REQUEST.set("computer_url", computer.absolute_url())\n
context.REQUEST.set("computer_reference", computer.getReference())\n context.REQUEST.set("computer_reference", computer.getReference())\n
......
841 842
\ No newline at end of file \ No newline at end of file
...@@ -55,6 +55,7 @@ person = portal.ERP5Site_getAuthenticatedMemberPersonValue()\n ...@@ -55,6 +55,7 @@ person = portal.ERP5Site_getAuthenticatedMemberPersonValue()\n
request_kw = dict(computer_title=title)\n request_kw = dict(computer_title=title)\n
person.requestComputer(**request_kw)\n person.requestComputer(**request_kw)\n
computer = context.restrictedTraverse(context.REQUEST.get(\'computer\'))\n computer = context.restrictedTraverse(context.REQUEST.get(\'computer\'))\n
computer.generateCertificate()\n
message = "Registering Computer"\n message = "Registering Computer"\n
context.REQUEST.set("portal_status_message", message)\n context.REQUEST.set("portal_status_message", message)\n
return computer.Computer_viewConnectionInformationAsWeb()\n return computer.Computer_viewConnectionInformationAsWeb()\n
......
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
<value> <string>computer = context\n <value> <string>computer = context\n
request = context.REQUEST\n request = context.REQUEST\n
try:\n try:\n
computer.getCertificate()\n computer.generateCertificate()\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
except ValueError:\n except ValueError:\n
request.set(\'portal_status_message\', context.Base_translateString(\'Certificate is still active, please revoke existing one.\'))\n request.set(\'portal_status_message\', context.Base_translateString(\'Certificate is still active, please revoke existing one.\'))\n
......
473 474
\ No newline at end of file \ No newline at end of file
...@@ -398,8 +398,6 @@ class SlapTool(BaseTool): ...@@ -398,8 +398,6 @@ class SlapTool(BaseTool):
person = portal.ERP5Site_getAuthenticatedMemberPersonValue() person = portal.ERP5Site_getAuthenticatedMemberPersonValue()
person.requestComputer(computer_title=computer_title) person.requestComputer(computer_title=computer_title)
computer = Computer(self.REQUEST.get('computer_reference')) computer = Computer(self.REQUEST.get('computer_reference'))
computer._certificate = self.REQUEST.get('computer_certificate')
computer._key = self.REQUEST.get('computer_key')
return xml_marshaller.xml_marshaller.dumps(computer) return xml_marshaller.xml_marshaller.dumps(computer)
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
...@@ -609,18 +607,19 @@ class SlapTool(BaseTool): ...@@ -609,18 +607,19 @@ class SlapTool(BaseTool):
WARNING : this method is deprecated. Please use useComputer.""" WARNING : this method is deprecated. Please use useComputer."""
@convertToREST @convertToREST
def _getComputerCertificate(self, computer_id): def _generateComputerCertificate(self, computer_id):
self._getComputerDocument(computer_id).getCertificate() self._getComputerDocument(computer_id).generateCertificate()
computer = Computer(computer_id) result = {
computer._certificate = self.REQUEST.get('computer_certificate') 'certificate': self.REQUEST.get('computer_certificate'),
computer._key = self.REQUEST.get('computer_key') 'key': self.REQUEST.get('computer_key')
return xml_marshaller.xml_marshaller.dumps(computer) }
return xml_marshaller.xml_marshaller.dumps(result)
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getComputerCertificate') 'generateComputerCertificate')
def getComputerCertificate(self, computer_id): def generateComputerCertificate(self, computer_id):
"""Fetches new computer certificate""" """Fetches new computer certificate"""
return self._getComputerCertificate(computer_id) return self._generateComputerCertificate(computer_id)
@convertToREST @convertToREST
def _revokeComputerCertificate(self, computer_id): def _revokeComputerCertificate(self, computer_id):
......
...@@ -7,7 +7,8 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin): ...@@ -7,7 +7,8 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
def stepCheckRequestedComputerCertificate(self, sequence, **kw): def stepCheckRequestedComputerCertificate(self, sequence, **kw):
computer = sequence['requested_computer'] computer = sequence['requested_computer']
sequence['computer_reference'] = computer._computer_id sequence['computer_reference'] = computer._computer_id
certificate_dict = computer.getCertificateDict() certificate_dict = computer.generateCertificate()
transaction.commit()
self.assertTrue('certificate' in certificate_dict) self.assertTrue('certificate' in certificate_dict)
self.assertTrue('key' in certificate_dict) self.assertTrue('key' in certificate_dict)
self.assertNotEqual(None, certificate_dict['certificate']) self.assertNotEqual(None, certificate_dict['certificate'])
...@@ -34,35 +35,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin): ...@@ -34,35 +35,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
sequence_list.addSequenceString(sequence_string) sequence_list.addSequenceString(sequence_string)
sequence_list.play(self) sequence_list.play(self)
def stepCheckSecondRequestComputer(self, sequence, **kw):
computer = sequence['requested_computer']
self.assertEqual(computer._computer_id, sequence['computer_reference'])
certificate_dict = computer.getCertificateDict()
self.assertTrue('certificate' in certificate_dict)
self.assertTrue('key' in certificate_dict)
self.assertEqual(None, certificate_dict['certificate'])
self.assertEqual(None, certificate_dict['key'])
computer_document = self.portal.portal_catalog.getResultValue(
reference=sequence['computer_reference'], portal_type='Computer')
self.assertEqual(sequence['certificate_reference'],
computer_document.getDestinationReference())
def test_request_twice(self):
sequence_list = SequenceList()
sequence_string = '\
SlapLoginTestVifibAdmin \
SetComputerTitle \
RequestComputer \
CleanTic \
CheckRequestedComputerCertificate \
RequestComputer \
CleanTic \
CheckSecondRequestComputer \
SlapLogout \
'
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
def stepCheckDoubleRequestRaisesNotImplementedError(self, sequence, **kw): def stepCheckDoubleRequestRaisesNotImplementedError(self, sequence, **kw):
person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue() person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue()
person.requestComputer(computer_title=sequence['computer_title']) person.requestComputer(computer_title=sequence['computer_title'])
...@@ -134,7 +106,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin): ...@@ -134,7 +106,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
CheckRequestedComputerCertificate \ CheckRequestedComputerCertificate \
RevokeComputerCertificate \ RevokeComputerCertificate \
CheckComputerNoCertificate \ CheckComputerNoCertificate \
GetComputerCertificate \
CleanTic \ CleanTic \
CheckRequestedComputerCertificate \ CheckRequestedComputerCertificate \
SlapLogout \ SlapLogout \
...@@ -145,7 +116,7 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin): ...@@ -145,7 +116,7 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
def stepCheckGetComputerCertificateRaisesValueError(self, sequence, **kw): def stepCheckGetComputerCertificateRaisesValueError(self, sequence, **kw):
computer = self.portal.portal_catalog.getResultValue( computer = self.portal.portal_catalog.getResultValue(
reference=sequence['computer_reference'], portal_type='Computer') reference=sequence['computer_reference'], portal_type='Computer')
self.assertRaises(ValueError, computer.getCertificate) self.assertRaises(ValueError, computer.generateCertificate)
def test_getCertificateNotRevoked(self): def test_getCertificateNotRevoked(self):
sequence_list = SequenceList() sequence_list = SequenceList()
......
...@@ -670,7 +670,9 @@ class TestVifibSlapWebServiceMixin(testVifibMixin): ...@@ -670,7 +670,9 @@ class TestVifibSlapWebServiceMixin(testVifibMixin):
self.slap = slap.slap() self.slap = slap.slap()
self.slap.initializeConnection(self.server_url, timeout=None) self.slap.initializeConnection(self.server_url, timeout=None)
sequence['computer_title'] = str(random()) sequence['computer_title'] = str(random())
self.slap.requestComputer(sequence['computer_title']) open_order = self.slap.registerOpenOrder()
sequence['requested_computer'] = open_order.requestComputer(
sequence['computer_title'])
def stepSetComputerTitle(self, sequence, **kw): def stepSetComputerTitle(self, sequence, **kw):
sequence['computer_title'] = str(random()) sequence['computer_title'] = str(random())
...@@ -678,19 +680,12 @@ class TestVifibSlapWebServiceMixin(testVifibMixin): ...@@ -678,19 +680,12 @@ class TestVifibSlapWebServiceMixin(testVifibMixin):
def stepRequestComputer(self, sequence, **kw): def stepRequestComputer(self, sequence, **kw):
self.slap = slap.slap() self.slap = slap.slap()
self.slap.initializeConnection(self.server_url, timeout=None) self.slap.initializeConnection(self.server_url, timeout=None)
sequence['requested_computer'] = self.slap.requestComputer( open_order = self.slap.registerOpenOrder()
sequence['computer_title']) sequence['requested_computer'] = open_order.requestComputer(
sequence['computer_title'])
def stepRevokeComputerCertificate(self, sequence, **kw): def stepRevokeComputerCertificate(self, sequence, **kw):
self.slap = slap.slap() sequence['requested_computer'].revokeCertificate()
self.slap.initializeConnection(self.server_url, timeout=None)
self.slap.revokeComputerCertificate(sequence['computer_reference'])
def stepGetComputerCertificate(self, sequence, **kw):
self.slap = slap.slap()
self.slap.initializeConnection(self.server_url, timeout=None)
sequence['requested_computer'] = self.slap.getComputerCertificate(
sequence['computer_reference'])
def stepSetComputerCoordinatesFromComputerTitle(self, sequence, **kw): def stepSetComputerCoordinatesFromComputerTitle(self, sequence, **kw):
computer = self.portal.portal_catalog.getResultValue( computer = self.portal.portal_catalog.getResultValue(
......
...@@ -354,6 +354,24 @@ class IComputer(Interface): ...@@ -354,6 +354,24 @@ class IComputer(Interface):
text -- message log of the status text -- message log of the status
""" """
def generateCertificate():
"""
Returns a dictionnary containing the new certificate files for
the computer.
The dictionnary keys are:
key -- key file
certificate -- certificate file
Raise ValueError is another certificate is already valid.
"""
def revokeCertificate():
"""
Revoke current computer certificate.
Raise ValueError is there is not valid certificate.
"""
class IOpenOrder(IRequester): class IOpenOrder(IRequester):
""" """
Open Order interface specification Open Order interface specification
...@@ -362,6 +380,15 @@ class IOpenOrder(IRequester): ...@@ -362,6 +380,15 @@ class IOpenOrder(IRequester):
is requested by a given client. is requested by a given client.
""" """
def requestComputer(computer_reference):
"""
Request a computer to slapgrid server.
Returns a new computer document.
computer_reference -- local reference of the computer
"""
class ISupply(Interface): class ISupply(Interface):
""" """
Supply interface specification Supply interface specification
......
...@@ -220,6 +220,17 @@ class OpenOrder(SlapDocument): ...@@ -220,6 +220,17 @@ class OpenOrder(SlapDocument):
computer_partition._parameter_dict = software_instance._parameter_dict computer_partition._parameter_dict = software_instance._parameter_dict
return computer_partition return computer_partition
def requestComputer(self, computer_reference):
"""
Requests a computer.
"""
self._connection_helper.POST('/requestComputer',
{'computer_title': computer_reference})
xml = self._connection_helper.response.read()
computer = xml_marshaller.loads(xml)
computer._connection_helper = self._connection_helper
return computer
def _syncComputerInformation(func): def _syncComputerInformation(func):
""" """
Synchronize computer object with server information Synchronize computer object with server information
...@@ -286,17 +297,21 @@ class Computer(SlapDocument): ...@@ -286,17 +297,21 @@ class Computer(SlapDocument):
'computer_id': self._computer_id, 'computer_id': self._computer_id,
'message': message}) 'message': message})
def getCertificateDict(self):
return {
'key': getattr(self, '_key', None),
'certificate': getattr(self, '_certificate', None)
}
def getStatus(self): def getStatus(self):
self._connection_helper.GET( self._connection_helper.GET(
'/getComputerStatus?computer_id=%s' % self._computer_id) '/getComputerStatus?computer_id=%s' % self._computer_id)
return xml_marshaller.loads(self._connection_helper.response.read()) return xml_marshaller.loads(self._connection_helper.response.read())
def revokeCertificate(self):
self._connection_helper.POST('/revokeComputerCertificate', {
'computer_id': self._computer_id})
def generateCertificate(self):
self._connection_helper.POST('/generateComputerCertificate', {
'computer_id': self._computer_id})
xml = self._connection_helper.response.read()
return xml_marshaller.loads(xml)
def _syncComputerPartitionInformation(func): def _syncComputerPartitionInformation(func):
""" """
Synchronize computer partition object with server information Synchronize computer partition object with server information
...@@ -688,27 +703,6 @@ class slap: ...@@ -688,27 +703,6 @@ class slap:
connection_helper=self._connection_helper, connection_helper=self._connection_helper,
) )
def requestComputer(self, computer_title):
"""
Requests a computer.
"""
self._connection_helper.POST('/requestComputer',
{'computer_title': computer_title})
xml = self._connection_helper.response.read()
computer = xml_marshaller.loads(xml)
return computer
def revokeComputerCertificate(self, computer_id):
self._connection_helper.POST('/revokeComputerCertificate', {
'computer_id': computer_id})
def getComputerCertificate(self, computer_id):
self._connection_helper.POST('/getComputerCertificate', {
'computer_id': computer_id})
xml = self._connection_helper.response.read()
computer = xml_marshaller.loads(xml)
return computer
def registerComputer(self, computer_guid): def registerComputer(self, computer_guid):
""" """
Registers connected representation of computer and Registers connected representation of computer and
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment