Simplify computer certificate management.

Do not generate certificate when requesting a computer.
Reduce number of method in libslap.

master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_getCertificate.xml → master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml

@@ -70,7 +70,7 @@ context.REQUEST.set("computer_key", certificate_dict["key"])\n
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Computer_getCertificate</string> </value>
+            <value> <string>Computer_generateCertificate</string> </value>
         </item>
       </dictionary>
     </pickle>

master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/states/draft.xml

@@ -24,7 +24,7 @@
               <tuple>
                 <string>approve_computer_registration</string>
                 <string>create_computer_registration</string>
-                <string>get_certificate</string>
+                <string>generate_certificate</string>
                 <string>report_computer_bang</string>
                 <string>request_computer_registration</string>
                 <string>request_software_release</string>

master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/transitions/get_certificate.xml → master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/transitions/generate_certificate.xml

@@ -24,7 +24,7 @@
         </item>
         <item>
             <key> <string>after_script_name</string> </key>
-            <value> <string>Computer_getCertificate</string> </value>
+            <value> <string>Computer_generateCertificate</string> </value>
         </item>
         <item>
             <key> <string>description</string> </key>
@@ -38,7 +38,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>get_certificate</string> </value>
+            <value> <string>generate_certificate</string> </value>
         </item>
         <item>
             <key> <string>new_state_id</string> </key>

master/bt5/vifib_slap/WorkflowTemplateItem/portal_workflow/person_slap_interface_workflow/scripts/Person_requestComputer.xml

@@ -72,19 +72,16 @@ if (portal.portal_activities.countMessageWithTag(tag) > 0):\n
   raise NotImplementedError(tag)\n
 \n
 computer_portal_type = "Computer"\n
-certificate_dict = {\'certificate\': None, \'key\': None}\n
 computer = portal.portal_catalog.getResultValue(portal_type=computer_portal_type, title=computer_title)\n
 if computer is None:\n
   reference = "COMP-%s" % portal.portal_ids.generateNewId(\n
     id_group=\'slap_computer_reference\',\n
     id_generator=\'uid\')\n
-  certificate_dict = portal.portal_certificate_authority.getNewCertificate(reference)\n
   module = portal.getDefaultModule(portal_type=computer_portal_type)\n
   computer = module.newContent(\n
     portal_type=computer_portal_type,\n
     title=computer_title,\n
     reference=reference,\n
-    destination_reference=certificate_dict["id"],\n
     capacity_scope=\'open\',\n
     activate_kw={\'tag\': tag}\n
   )\n
@@ -94,8 +91,6 @@ if computer is None:\n
 \n
 computer = context.restrictedTraverse(computer.getRelativeUrl())\n
 \n
-context.REQUEST.set("computer_certificate", certificate_dict["certificate"])\n
-context.REQUEST.set("computer_key", certificate_dict["key"])\n
 context.REQUEST.set("computer", computer.getRelativeUrl())\n
 context.REQUEST.set("computer_url", computer.absolute_url())\n
 context.REQUEST.set("computer_reference", computer.getReference())\n

master/bt5/vifib_slap/bt/revision

-841
\ No newline at end of file
+842
\ No newline at end of file

master/bt5/vifib_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_registerNewComputer.xml

@@ -55,6 +55,7 @@ person = portal.ERP5Site_getAuthenticatedMemberPersonValue()\n
 request_kw = dict(computer_title=title)\n
 person.requestComputer(**request_kw)\n
 computer = context.restrictedTraverse(context.REQUEST.get(\'computer\'))\n
+computer.generateCertificate()\n
 message = "Registering Computer"\n
 context.REQUEST.set("portal_status_message", message)\n
 return computer.Computer_viewConnectionInformationAsWeb()\n

master/bt5/vifib_web/SkinTemplateItem/portal_skins/vifib_hosting/WebSection_requestNewComputerCertificate.xml

@@ -53,7 +53,7 @@
             <value> <string>computer = context\n
 request = context.REQUEST\n
 try:\n
-  computer.getCertificate()\n
+  computer.generateCertificate()\n
   request.set(\'portal_status_message\', context.Base_translateString(\'Certificate created.\'))\n
 except ValueError:\n
   request.set(\'portal_status_message\', context.Base_translateString(\'Certificate is still active, please revoke existing one.\'))\n

master/bt5/vifib_web/bt/revision

-473
\ No newline at end of file
+474
\ No newline at end of file

master/product/Vifib/Tool/SlapTool.py

@@ -398,8 +398,6 @@ class SlapTool(BaseTool):
     person = portal.ERP5Site_getAuthenticatedMemberPersonValue()
     person.requestComputer(computer_title=computer_title)
     computer = Computer(self.REQUEST.get('computer_reference'))
-    computer._certificate = self.REQUEST.get('computer_certificate')
-    computer._key = self.REQUEST.get('computer_key')
     return xml_marshaller.xml_marshaller.dumps(computer)
 
   security.declareProtected(Permissions.AccessContentsInformation,
@@ -609,18 +607,19 @@ class SlapTool(BaseTool):
               WARNING : this method is deprecated. Please use useComputer."""
 
   @convertToREST
-  def _getComputerCertificate(self, computer_id):
-    self._getComputerDocument(computer_id).getCertificate()
-    computer = Computer(computer_id)
-    computer._certificate = self.REQUEST.get('computer_certificate')
-    computer._key = self.REQUEST.get('computer_key')
-    return xml_marshaller.xml_marshaller.dumps(computer)
+  def _generateComputerCertificate(self, computer_id):
+    self._getComputerDocument(computer_id).generateCertificate()
+    result = {
+     'certificate': self.REQUEST.get('computer_certificate'),
+     'key': self.REQUEST.get('computer_key')
+     }
+    return xml_marshaller.xml_marshaller.dumps(result)
 
   security.declareProtected(Permissions.AccessContentsInformation,
-    'getComputerCertificate')
-  def getComputerCertificate(self, computer_id):
+    'generateComputerCertificate')
+  def generateComputerCertificate(self, computer_id):
     """Fetches new computer certificate"""
-    return self._getComputerCertificate(computer_id)
+    return self._generateComputerCertificate(computer_id)
 
   @convertToREST
   def _revokeComputerCertificate(self, computer_id):

master/product/Vifib/tests/testVifibSlapComputer.py

@@ -7,7 +7,8 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
   def stepCheckRequestedComputerCertificate(self, sequence, **kw):
     computer = sequence['requested_computer']
     sequence['computer_reference'] = computer._computer_id
-    certificate_dict = computer.getCertificateDict()
+    certificate_dict = computer.generateCertificate()
+    transaction.commit()
     self.assertTrue('certificate' in certificate_dict)
     self.assertTrue('key' in certificate_dict)
     self.assertNotEqual(None, certificate_dict['certificate'])
@@ -34,35 +35,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
     sequence_list.addSequenceString(sequence_string)
     sequence_list.play(self)
 
-  def stepCheckSecondRequestComputer(self, sequence, **kw):
-    computer = sequence['requested_computer']
-    self.assertEqual(computer._computer_id, sequence['computer_reference'])
-    certificate_dict = computer.getCertificateDict()
-    self.assertTrue('certificate' in certificate_dict)
-    self.assertTrue('key' in certificate_dict)
-    self.assertEqual(None, certificate_dict['certificate'])
-    self.assertEqual(None, certificate_dict['key'])
-    computer_document = self.portal.portal_catalog.getResultValue(
-      reference=sequence['computer_reference'], portal_type='Computer')
-    self.assertEqual(sequence['certificate_reference'],
-      computer_document.getDestinationReference())
-
-  def test_request_twice(self):
-    sequence_list = SequenceList()
-    sequence_string = '\
-      SlapLoginTestVifibAdmin \
-      SetComputerTitle \
-      RequestComputer \
-      CleanTic \
-      CheckRequestedComputerCertificate \
-      RequestComputer \
-      CleanTic \
-      CheckSecondRequestComputer \
-      SlapLogout \
-    '
-    sequence_list.addSequenceString(sequence_string)
-    sequence_list.play(self)
-
   def stepCheckDoubleRequestRaisesNotImplementedError(self, sequence, **kw):
     person = self.portal.ERP5Site_getAuthenticatedMemberPersonValue()
     person.requestComputer(computer_title=sequence['computer_title'])
@@ -134,7 +106,6 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
       CheckRequestedComputerCertificate \
       RevokeComputerCertificate \
       CheckComputerNoCertificate \
-      GetComputerCertificate \
       CleanTic \
       CheckRequestedComputerCertificate \
       SlapLogout \
@@ -145,7 +116,7 @@ class TestVifibSlapComputer(TestVifibSlapWebServiceMixin):
   def stepCheckGetComputerCertificateRaisesValueError(self, sequence, **kw):
     computer = self.portal.portal_catalog.getResultValue(
       reference=sequence['computer_reference'], portal_type='Computer')
-    self.assertRaises(ValueError, computer.getCertificate)
+    self.assertRaises(ValueError, computer.generateCertificate)
 
   def test_getCertificateNotRevoked(self):
     sequence_list = SequenceList()

master/product/Vifib/tests/testVifibSlapWebService.py

@@ -670,7 +670,9 @@ class TestVifibSlapWebServiceMixin(testVifibMixin):
     self.slap = slap.slap()
     self.slap.initializeConnection(self.server_url, timeout=None)
     sequence['computer_title'] = str(random())
-    self.slap.requestComputer(sequence['computer_title'])
+    open_order = self.slap.registerOpenOrder()
+    sequence['requested_computer'] = open_order.requestComputer(
+        sequence['computer_title'])
 
   def stepSetComputerTitle(self, sequence, **kw):
     sequence['computer_title'] = str(random())
@@ -678,19 +680,12 @@ class TestVifibSlapWebServiceMixin(testVifibMixin):
   def stepRequestComputer(self, sequence, **kw):
     self.slap = slap.slap()
     self.slap.initializeConnection(self.server_url, timeout=None)
-    sequence['requested_computer'] = self.slap.requestComputer(
-      sequence['computer_title'])
+    open_order = self.slap.registerOpenOrder()
+    sequence['requested_computer'] = open_order.requestComputer(
+        sequence['computer_title'])
 
   def stepRevokeComputerCertificate(self, sequence, **kw):
-    self.slap = slap.slap()
-    self.slap.initializeConnection(self.server_url, timeout=None)
-    self.slap.revokeComputerCertificate(sequence['computer_reference'])
-
-  def stepGetComputerCertificate(self, sequence, **kw):
-    self.slap = slap.slap()
-    self.slap.initializeConnection(self.server_url, timeout=None)
-    sequence['requested_computer'] = self.slap.getComputerCertificate(
-      sequence['computer_reference'])
+    sequence['requested_computer'].revokeCertificate()
 
   def stepSetComputerCoordinatesFromComputerTitle(self, sequence, **kw):
     computer = self.portal.portal_catalog.getResultValue(

slapos/slap/interface/slap.py

@@ -354,6 +354,24 @@ class IComputer(Interface):
       text -- message log of the status
     """
 
+  def generateCertificate():
+    """
+    Returns a dictionnary containing the new certificate files for 
+    the computer.
+    The dictionnary keys are:
+      key -- key file
+      certificate -- certificate file
+
+    Raise ValueError is another certificate is already valid.
+    """
+
+  def revokeCertificate():
+    """
+    Revoke current computer certificate.
+
+    Raise ValueError is there is not valid certificate.
+    """
+
 class IOpenOrder(IRequester):
   """
   Open Order interface specification
@@ -362,6 +380,15 @@ class IOpenOrder(IRequester):
   is requested by a given client.
   """
 
+  def requestComputer(computer_reference):
+    """
+    Request a computer to slapgrid server.
+
+    Returns a new computer document.
+
+    computer_reference -- local reference of the computer
+    """
+
 class ISupply(Interface):
   """
   Supply interface specification

slapos/slap/slap.py

@@ -220,6 +220,17 @@ class OpenOrder(SlapDocument):
         computer_partition._parameter_dict = software_instance._parameter_dict
       return computer_partition
 
+  def requestComputer(self, computer_reference):
+    """
+    Requests a computer.
+    """
+    self._connection_helper.POST('/requestComputer',
+      {'computer_title': computer_reference})
+    xml = self._connection_helper.response.read()
+    computer = xml_marshaller.loads(xml)
+    computer._connection_helper = self._connection_helper
+    return computer
+
 def _syncComputerInformation(func):
   """
   Synchronize computer object with server information
@@ -286,17 +297,21 @@ class Computer(SlapDocument):
       'computer_id': self._computer_id,
       'message': message})
 
-  def getCertificateDict(self):
-    return {
-      'key': getattr(self, '_key', None),
-      'certificate': getattr(self, '_certificate', None)
-    }
-
   def getStatus(self):
     self._connection_helper.GET(
         '/getComputerStatus?computer_id=%s' % self._computer_id)
     return xml_marshaller.loads(self._connection_helper.response.read())
 
+  def revokeCertificate(self):
+    self._connection_helper.POST('/revokeComputerCertificate', {
+      'computer_id': self._computer_id})
+
+  def generateCertificate(self):
+    self._connection_helper.POST('/generateComputerCertificate', {
+      'computer_id': self._computer_id})
+    xml = self._connection_helper.response.read()
+    return xml_marshaller.loads(xml)
+
 def _syncComputerPartitionInformation(func):
   """
   Synchronize computer partition object with server information
@@ -688,27 +703,6 @@ class slap:
       connection_helper=self._connection_helper,
     )
 
-  def requestComputer(self, computer_title):
-    """
-    Requests a computer.
-    """
-    self._connection_helper.POST('/requestComputer',
-      {'computer_title': computer_title})
-    xml = self._connection_helper.response.read()
-    computer = xml_marshaller.loads(xml)
-    return computer
-
-  def revokeComputerCertificate(self, computer_id):
-    self._connection_helper.POST('/revokeComputerCertificate', {
-      'computer_id': computer_id})
-
-  def getComputerCertificate(self, computer_id):
-    self._connection_helper.POST('/getComputerCertificate', {
-      'computer_id': computer_id})
-    xml = self._connection_helper.response.read()
-    computer = xml_marshaller.loads(xml)
-    return computer
-
   def registerComputer(self, computer_guid):
     """
     Registers connected representation of computer and