Commit 9c95c6d0 by Alain Takoudjou

add option to say how many csr must be signed automatically

1 parent d3832c5a
......@@ -58,7 +58,7 @@ class CertificateAuthority(object):
crt_life_time, crl_renew_period, digest_list=None,
crl_base_url=None, ca_subject='',
max_csr_amount=50, crt_keep_time=0,
auto_sign_csr=True):
auto_sign_csr_amount=0):
self._storage = storage
self.ca_life_period = ca_life_period
self.digest_list = digest_list
......@@ -67,7 +67,7 @@ class CertificateAuthority(object):
self.ca_renew_period = ca_renew_period
self.default_digest = 'sha256'
self.crl_base_url = crl_base_url
self.auto_sign_csr = auto_sign_csr
self.auto_sign_csr_amount = auto_sign_csr_amount
self.extension_manager = utils.X509Extension()
self.mandatory_subject_key_list = ['CN']
......@@ -197,9 +197,9 @@ class CertificateAuthority(object):
# XXX check extensions
csr_id = self._storage.storeCertificateSigningRequest(csr_pem)
if self._storage.getCertificateSigningRequestAmount() == 1 \
and self.auto_sign_csr:
# if this is the first csr, sign immediately
if self._storage.getCertificateSigningRequestAmount() <= \
self.auto_sign_csr_amount:
# if allowed to sign this certificate automaticaly
self.createCertificate(csr_id)
return csr_id
......
......@@ -100,8 +100,9 @@ def parseArguments(argument_list=[]):
help='The time in seconds before a generated certificate will be deleted on CA server. Set 0 to never delete. Default: 30*24*60*60 seconds (30 days)')
parser.add_argument('--external-url',
help="The HTTP URL at which this tool's \"/\" path is reachable by all certificates users in order to retrieve latest CRL.")
parser.add_argument('--no-auto-sign-csr', action='store_true',
help='Say if the first csr must be signed automatically. Has no effect if there is more that one submitted CSR')
parser.add_argument('--auto-sign-csr-amount',
default=1, type=int,
help='Say how many csr must be signed automatically. Has no effect if there is more than the specified value of csr submitted.')
if argument_list:
return parser.parse_args(argument_list)
......@@ -205,7 +206,7 @@ def configure_flask(options):
digest_list=options.digest_list,
crl_base_url='%s/crl' % options.external_url,
ca_subject=options.subject,
auto_sign_csr=(not options.no_auto_sign_csr)
auto_sign_csr_amount=options.auto_sign_csr_amount
)
# XXX - Storage argument Will go away when switching to CA for Users
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!