add option to say how many csr must be signed automatically

9c95c6d0 · Alain Takoudjou · d3832c5a · 9c95c6d0 · 9c95c6d0
Commit 9c95c6d0 authored Jul 21, 2017 by Alain Takoudjou
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 8 deletions

caucase/ca.py caucase/ca.py +5 -5

caucase/web.py caucase/web.py +4 -3

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -58,7 +58,7 @@ class CertificateAuthority(object):
                crt_life_time, crl_renew_period, digest_list=None,
                crl_base_url=None, ca_subject='',
                max_csr_amount=50, crt_keep_time=0,
-                auto_sign_csr=True):
+                auto_sign_csr_amount=0):
    self._storage = storage
    self.ca_life_period = ca_life_period
    self.digest_list = digest_list
@@ -67,7 +67,7 @@ class CertificateAuthority(object):
    self.ca_renew_period = ca_renew_period
    self.default_digest = 'sha256'
    self.crl_base_url = crl_base_url
-    self.auto_sign_csr = auto_sign_csr
+    self.auto_sign_csr_amount = auto_sign_csr_amount
    self.extension_manager = utils.X509Extension()
    self.mandatory_subject_key_list = ['CN']
@@ -197,9 +197,9 @@ class CertificateAuthority(object):
    # XXX check extensions
    csr_id = self._storage.storeCertificateSigningRequest(csr_pem)
-    if self._storage.getCertificateSigningRequestAmount() == 1 \
+    if self._storage.getCertificateSigningRequestAmount() <=  \
-            and self.auto_sign_csr:
+            self.auto_sign_csr_amount:
-      # if this is the first csr, sign immediately
+      # if allowed to sign this certificate automaticaly
      self.createCertificate(csr_id)
    return csr_id

--- a/caucase/web.py
+++ b/caucase/web.py
@@ -100,8 +100,9 @@ def parseArguments(argument_list=[]):
                      help='The time in seconds before a generated certificate will be deleted on CA server. Set 0 to never delete. Default: 30*24*60*60 seconds (30 days)')
  parser.add_argument('--external-url',
                      help="The HTTP URL at which this tool's \"/\" path is reachable by all certificates users in order to retrieve latest CRL.")
-  parser.add_argument('--no-auto-sign-csr',  action='store_true',
+  parser.add_argument('--auto-sign-csr-amount', 
-                      help='Say if the first csr must be signed automatically. Has no effect if there is more that one submitted CSR')
+                      default=1, type=int,
+                      help='Say how many csr must be signed automatically. Has no effect if there is more than the specified value of csr submitted.')
  if argument_list:
    return parser.parse_args(argument_list)
@@ -205,7 +206,7 @@ def configure_flask(options):
      digest_list=options.digest_list,
      crl_base_url='%s/crl' % options.external_url,
      ca_subject=options.subject,
-      auto_sign_csr=(not options.no_auto_sign_csr)
+      auto_sign_csr_amount=options.auto_sign_csr_amount
    )
  # XXX - Storage argument Will go away when switching to CA for Users