reverts revoke changes and minor logic update to vaas retire

Author: Pmaraveyias

tests/test_tpp.py

@@ -160,22 +160,24 @@ def test_revoke_not_issued(self):
     def test_revoke_normal(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         rev_req = RevocationRequest(req_id=req.id)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        with self.assertRaises(Exception):
+            self.tpp_conn.renew_cert(req)
 
     def test_revoke_without_disable(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         rev_req = RevocationRequest(req_id=req.id, disable=False)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        self.tpp_conn.renew_cert(req)
 
     def test_revoke_normal_thumbprint(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend())
         thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
         rev_req = RevocationRequest(thumbprint=thumbprint)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        with self.assertRaises(Exception):
+            self.tpp_conn.renew_cert(req)

tests/test_tpp_token.py

@@ -170,26 +170,28 @@ def test_token_revoke_not_issued(self):
     def test_token_revoke_normal(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         rev_req = RevocationRequest(req_id=req.id)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        with self.assertRaises(Exception):
+            self.tpp_conn.renew_cert(req)
 
 
     def test_token_revoke_without_disable(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         rev_req = RevocationRequest(req_id=req.id, disable=False)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        self.tpp_conn.renew_cert(req)
 
     def test_token_revoke_normal_thumbprint(self):
         req, cert = simple_enroll(self.tpp_conn, self.tpp_zone)
         cert = x509.load_pem_x509_certificate(cert.cert.encode(), default_backend())
         thumbprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())).decode()
         rev_req = RevocationRequest(thumbprint=thumbprint)
-        revoke_data = self.tpp_conn.revoke_cert(rev_req)
+        self.tpp_conn.revoke_cert(rev_req)
         time.sleep(1)
-        assert revoke_data['Success'] is True
+        with self.assertRaises(Exception):
+            self.tpp_conn.renew_cert(req)
 
     def test_tpp_token_enroll_valid_hours(self):
         cn = f"{random_word(10)}.venafi.example.com"

vcert/connection_cloud.py

@@ -484,17 +484,17 @@ def retire_cert(self, request):
             log.error("id or thumbprint must be specified for retiring certificate")
             raise ClientBadData
 
-        if request.thumbprint:
+        if request.id:
+            cert_id = request.id
+
+        elif request.thumbprint:
             response = self.search_by_thumbprint(request.thumbprint)
             cert_ids = response.certificateIds
             if len(cert_ids) > 1:
                 log.error(f"multiple certificates matching thumbprint found")
                 raise VenafiError
             cert_id = cert_ids[0]
 
-        if request.id:
-            cert_id = request.id
-
         retire_data = {
             'certificateIds': [
                 cert_id

vcert/connection_tpp_abstract.py

@@ -331,17 +331,17 @@ def renew_cert(self, request, reuse_key=False):
     def revoke_cert(self, request):
         if not (request.id or request.thumbprint):
             raise ClientBadData
-        d = dict()
+        d = {
+            'Disable': request.disable
+        }
+        if request.reason:
+            d['Reason'] = request.reason
         if request.id:
             d['CertificateDN'] = request.id
         elif request.thumbprint:
             d['Thumbprint'] = request.thumbprint
         else:
             raise ClientBadData
-        req_args = {
-            'url': URLS.CERTIFICATE_REVOKE,
-            'data': d
-        }
         # TODO: Change _post() with post(args)
         status, data = self._post(URLS.CERTIFICATE_REVOKE, data=d)
         if status in (HTTPStatus.OK, HTTPStatus.ACCEPTED):