Commit f9819934 by Alain Takoudjou Committed by Alain Takoudjou

use crt_id istead of serial when revoke directly a certificate

1 parent 7a09ecac
......@@ -345,14 +345,15 @@ class CertificateAuthority(object):
utils.getSerialToInt(crt),
reason)
def revokeCertificateFromSerial(self, serial):
def revokeCertificateFromID(self, crt_id):
"""
Directly revoke a certificate from serial
Directly revoke a certificate from crt_id
@param serial: The serial of the certificate (int)
@param crt_id: The ID of the certificate (string)
"""
return self._storage.revokeCertificate(
serial,
crt_id=crt_id,
reason="")
def renew(self, wrapped_csr):
......
......@@ -326,20 +326,29 @@ class Storage(object):
return data_list
def revokeCertificate(self, serial, reason=''):
def revokeCertificate(self, serial=None, crt_id=None, reason=''):
"""
Add serial to the list of revoked certificates.
Associated certificate must expire at (or before) not_after_date, so
revocation can be pruned.
serial or crt_id should be send to get the certificate. If both are set,
serial is used.
"""
cert = Certificate.query.filter(
Certificate.status == STATUS_VALIDATED
).filter(
Certificate.serial == serial
).first()
if serial is None and crt_id is None:
raise ValueError("serial or crt_id are not set to revokeCertificate.")
query = Certificate.query.filter(Certificate.status == STATUS_VALIDATED)
if serial:
query = query.filter(Certificate.serial == serial)
else:
query = query.filter(Certificate.crt_id == crt_id)
cert = query.first()
if not cert:
raise NotFound('No certficate with serial %r' % (serial, ))
raise NotFound('No certficate with serial or id %r found!' % (
serial or crt_id, ))
expire_in = cert.expire_after - datetime.utcnow()
if expire_in.days < 0:
......
......@@ -606,7 +606,7 @@ def request_revoke_crt():
response = Response("", status=201, )
return response
@app.route('/crt/revoke/serial', methods=['PUT'])
@app.route('/crt/revoke/id', methods=['PUT'])
@authenticated_method
def revoke_crt():
"""
......@@ -614,8 +614,12 @@ def revoke_crt():
"""
try:
serial = request.form.get('serial', '')
app.config.ca.revokeCertificateFromSerial(serial)
crt_id = request.form.get('crt_id', '')
if not crt_id:
raise FlaskException("'crt_id' parameter is mandatory",
payload={"name": "MissingParameter", "code": 2})
app.config.ca.revokeCertificateFromID(crt_id)
except ValueError, e:
traceback.print_exc()
raise FlaskException(str(e),
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!