Refactor for new CFSSL library

lasley · lasley · commit 0bb79e34ff97 · 2016-12-16T16:25:18.000-08:00
diff --git a/clouder_certificate_authority/api.py b/clouder_certificate_authority/api.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 LasLabs Inc.
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+import logging
+
+_logger = logging.getLogger(__name__)
+
+try:
+    import cfssl
+except ImportError:
+    _logger.info('CFSSL Python library is not installed.')
+
+
+class API(object):
+    """ It provides a base for all Models requiring API functionality """
+
+    cfssl = cfssl
diff --git a/clouder_certificate_authority/models/certificate.py b/clouder_certificate_authority/models/certificate.py
@@ -27,12 +27,12 @@ class ClouderCertificate(models.Model):
         comodel_name='clouder.certificate.name',
         required=True,
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request """
         for record in self:
             record.computed = {
diff --git a/clouder_certificate_authority/models/certificate_authority.py b/clouder_certificate_authority/models/certificate_authority.py
@@ -3,9 +3,17 @@
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
 import json
+import logging
 
 from odoo import api, fields, models
 
+_logger = logging.getLogger(__name__)
+
+try:
+    from cfssl import CFSSL
+except ImportError:
+    _logger.info('CFSSL Python Library Not Installed.')
+
 
 class ClouderCertificateAuthority(models.Model):
     """ It provides an interface for controlling a Cert Authority. """
@@ -23,6 +31,10 @@ class ClouderCertificateAuthority(models.Model):
             'clouder_certificate_authority.tag_cert_authority',
         ),
     )
+    host_id = fields.Many2one(
+        string='Host',
+        comodel_name='clouder.certificate.host',
+    )
     private_key_id = fields.Many2one(
         string='Private Key',
         comodel_name='clouder.key.private',
diff --git a/clouder_certificate_authority/models/certificate_host.py b/clouder_certificate_authority/models/certificate_host.py
@@ -2,10 +2,12 @@
 # Copyright 2016 LasLabs Inc.
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
-from odoo import fields, models
+from odoo import api, fields, models
 
+from ..api import API
 
-class ClouderCertificateHost(models.Model):
+
+class ClouderCertificateHost(models.Model, API):
     """ It provides the concept of a cert's CommonName """
 
     _name = 'clouder.certificate.host'
@@ -18,3 +20,16 @@ class ClouderCertificateHost(models.Model):
         required=True,
     )
     port = fields.Integer()
+    api_object = fields.Binary(
+        compute="_compute_api_object",
+    )
+
+    @api.multi
+    def _compute_api_object(self):
+        """ It computes the keys required for the JSON request """
+        for record in self:
+            record.computed = self.cfssl.Host(
+                name=record.name,
+                host=record.host,
+                port=record.port,
+            )
diff --git a/clouder_certificate_authority/models/certificate_name.py b/clouder_certificate_authority/models/certificate_name.py
@@ -27,7 +27,7 @@ class ClouderCertificateName(models.Model):
         default=lambda s: s.env.user.city,
     )
     company_id = fields.Many2one(
-        string='Company',
+        string='Organization',
         model='res.company',
         required=True,
         domain='[(company_id, "=", company_id)]',
@@ -36,18 +36,18 @@ class ClouderCertificateName(models.Model):
     organization_unit = fields.Char(
         required=True,
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request """
         for record in self:
-            record.computed = {
-                'C': record.country_id.code,
-                'ST': record.state_id.name,
-                'L': record.city,
-                'O': record.company_id.name,
-                'OU': record.organization_unit,
-            }
+            record.computed = self.cfssl.SubjectInfo(
+                record.company_id.name,
+                record.organizational_unit,
+                record.city,
+                record.state_id.name,
+                record.country_id.code,
+            )
diff --git a/clouder_certificate_authority/models/certificate_policy_auth.py b/clouder_certificate_authority/models/certificate_policy_auth.py
@@ -26,8 +26,8 @@ class ClouderCertificatePolicyAuth(models.Model):
         default='standard',
         required=True,
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     _sql_constraints = [
@@ -41,10 +41,11 @@ def _default_key(self):
         return passwd.encode('hex')[:16]
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request """
         for record in self:
-            record.computed = {
+            record.computed = self.cfssl.PolicyAuth({
+                'name': record.name,
                 'key': record.key,
-                'type': record.key_type,
-            }
+                'key_type': record.key_type,
+            })
diff --git a/clouder_certificate_authority/models/certificate_policy_sign.py b/clouder_certificate_authority/models/certificate_policy_sign.py
@@ -28,18 +28,16 @@ class ClouderCertificatePolicySign(models.Model):
         required=True,
         default=(365 * 24),
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request """
         for record in self:
-            record.computed = {
-                'auth_key': record.auth_policy_id.name,
-                'expiry': '%sh' % expire_hours,
-                'usages': [
-                    usage.code for usage in record.usage_ids
-                ],
-            }
+            record.computed = self.cfssl.PolicySign({
+                'name': record.name,
+                'usage_policies': record.usage_ids.mapped('computed'),
+                'auth_policy': record.auth_policy_id.computed,
+            })
diff --git a/clouder_certificate_authority/models/certificate_policy_use.py b/clouder_certificate_authority/models/certificate_policy_use.py
@@ -22,8 +22,20 @@ class ClouderCertificatePolicyUse(models.Model):
         required=True,
         default=5,
     )
+    api_object = fields.Binary(
+        compute="_compute_api_object",
+    )
 
     _sql_constraints = [
         ('code_uniq', 'UNIQUE(code)', 'Code must be unique.'),
         ('name_uniq', 'UNIQUE(name)', 'Name must be unique.'),
     ]
+
+    @api.multi
+    def _compute_api_object(self):
+        """ It computes the keys required for the JSON request """
+        for record in self:
+            record.computed = self.cfssl.PolicyUse(
+                name=record.name,
+                code=record.code,
+            )
diff --git a/clouder_certificate_authority/models/certificate_request.py b/clouder_certificate_authority/models/certificate_request.py
@@ -2,8 +2,6 @@
 # Copyright 2016 LasLabs Inc.
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
 
-import json
-
 from odoo import api, fields, models
 
 
@@ -45,30 +43,20 @@ class ClouderCertificateRequest(models.Model):
         default='rsa',
         selection=lambda s: s.env['clouder.key.abstract']._get_algorithms(),
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request """
         for record in self:
-            record.computed = {
-                'CN': record.name,
-                'names': [
-                    name.computed for name in record.subject_info_ids
-                ],
-                'hosts': [
-                    '%s:%s' % (h.host, h.port) for h in record.host_ids
-                ],
-                'key': {
-                    'algo': record.algorithm,
-                    'size': record.strength,
-                },
-            }
-
-    @api.multi
-    def to_json(self):
-        """ It returns the JSON representation of this object """
-        self.ensure_one()
-        return json.dumps(self.computed)
+            record.computed = self.cfssl.CertificateRequest(
+                CN=record.name,
+                names=record.subject_info_ids.mapped('computed'),
+                hosts=record.host_ids.mapped('computed'),
+                key=self.cfssl.ConfigKey(
+                    algorithm=record.algorithm,
+                    strength=record.strength,
+                ),
+            )
diff --git a/clouder_certificate_authority/models/config_certificate_abstract.py b/clouder_certificate_authority/models/config_certificate_abstract.py
@@ -25,30 +25,18 @@ class ClouderConfigCertificateAbstract(models.AbstractModel):
         comodel_name='clouder.certificate.policy.auth',
         compute='_compute_auth_policy_ids',
     )
-    computed = fields.Serialized(
-        compute="_compute_computed",
+    api_object = fields.Binary(
+        compute="_compute_api_object",
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request. """
         for record in self:
-            profiles = {
-                p.name: p.computed for p in record.sign_policy_profile_ids
-            }
-            auth_keys = {
-                auth.name: auth.computed for auth in record.auth_policy_ids
-            }
-            record.computed_config = {
-                'signing': {
-                    'default': record.sign_policy_default_id.computed,
-                    'profiles': profiles,
-                },
-                'auth_keys': auth_keys,
-            }
-
-    @api.multi
-    def to_json(self):
-        """ It returns the JSON representation of this object """
-        self.ensure_one()
-        return json.dumps(self.computed)
+            profiles = record.sign_policy_profile_ids.mapped('computed')
+            auth_keys = record.auth_policy_ids.mapped('computed')
+            record.computed = self.cfssl.ConfigMixer(
+                sign_policy=record.sign_policy_default_id.computed,
+                sign_policies=profiles,
+                auth_policies=auth_keys,
+            )
diff --git a/clouder_certificate_authority/models/config_certificate_client.py b/clouder_certificate_authority/models/config_certificate_client.py
@@ -19,10 +19,16 @@ class ClouderConfigCertificateClient(models.Model):
     )
 
     @api.multi
-    def _compute_computed(self):
+    def _compute_api_object(self):
         """ It computes the keys required for the JSON request. """
         for record in self:
-            super(ClouderConfigCertificateClient, record)._compute_computed()
-            record.computed['remotes'] = {
-                r.name: '%s:%s' % (r.host, r.port) for r in record.remote_ids
+            super(ClouderConfigCertificateClient, record)._compute_api_object()
+            remotes = {
+                remote.name: remote.computed for remote in record.remote_ids
             }
+            record.computed = self.cfssl.ConfigClient(
+                sign_policy_default=record.sign_policy,
+                sign_policies_add=record.sign_policies,
+                auth_policies=record.auth_policies,
+                remotes=remotes,
+            )
diff --git a/clouder_certificate_authority/models/config_certificate_server.py b/clouder_certificate_authority/models/config_certificate_server.py
@@ -11,3 +11,14 @@ class ClouderConfigCertificateServer(models.Model):
     _name = 'clouder.config.certificate.server'
     _inherit = 'clouder.config.certificate.abstract'
     _description = 'Clouder Config Certificate Server'
+
+    @api.multi
+    def _compute_api_object(self):
+        """ It computes the keys required for the JSON request. """
+        for record in self:
+            super(ClouderConfigCertificateServer, record)._compute_api_object()
+            record.computed = self.cfssl.ConfigServer(
+                sign_policy_default=record.sign_policy,
+                sign_policies_add=record.sign_policies,
+                auth_policies=record.auth_policies,
+            )
