From fdbe30c52c01a95739fbb85cea88a43c84321724 Mon Sep 17 00:00:00 2001
From: Kev-Roche <kevin.roche@akretion.com>
Date: Mon, 27 May 2024 16:12:22 +0200
Subject: [PATCH] add desktop certificat

---
 desktop_certificate/README.rst                |  70 +++
 desktop_certificate/__init__.py               |   1 +
 desktop_certificate/__manifest__.py           |  28 ++
 desktop_certificate/data/data.xml             |  56 +++
 desktop_certificate/models/__init__.py        |   3 +
 desktop_certificate/models/desktop.py         | 190 ++++++++
 .../models/desktop_certificate.py             |  91 ++++
 desktop_certificate/readme/CONTRIBUTORS.rst   |   1 +
 desktop_certificate/readme/DESCRIPTION.rst    |   3 +
 .../security/ir.model.access.csv              |   5 +
 desktop_certificate/security/res_groups.xml   |  14 +
 desktop_certificate/security/rule.xml         |  13 +
 .../static/description/index.html             | 419 ++++++++++++++++++
 desktop_certificate/tests/__init__.py         |   1 +
 desktop_certificate/tests/test_certificats.py |  65 +++
 desktop_certificate/views/desktop.xml         | 125 ++++++
 .../views/desktop_certificate.xml             |  46 ++
 .../odoo/addons/desktop_certificate           |   1 +
 setup/desktop_certificate/setup.py            |   6 +
 19 files changed, 1138 insertions(+)
 create mode 100644 desktop_certificate/README.rst
 create mode 100644 desktop_certificate/__init__.py
 create mode 100644 desktop_certificate/__manifest__.py
 create mode 100644 desktop_certificate/data/data.xml
 create mode 100644 desktop_certificate/models/__init__.py
 create mode 100644 desktop_certificate/models/desktop.py
 create mode 100644 desktop_certificate/models/desktop_certificate.py
 create mode 100644 desktop_certificate/readme/CONTRIBUTORS.rst
 create mode 100644 desktop_certificate/readme/DESCRIPTION.rst
 create mode 100644 desktop_certificate/security/ir.model.access.csv
 create mode 100644 desktop_certificate/security/res_groups.xml
 create mode 100644 desktop_certificate/security/rule.xml
 create mode 100644 desktop_certificate/static/description/index.html
 create mode 100644 desktop_certificate/tests/__init__.py
 create mode 100644 desktop_certificate/tests/test_certificats.py
 create mode 100644 desktop_certificate/views/desktop.xml
 create mode 100644 desktop_certificate/views/desktop_certificate.xml
 create mode 120000 setup/desktop_certificate/odoo/addons/desktop_certificate
 create mode 100644 setup/desktop_certificate/setup.py

diff --git a/desktop_certificate/README.rst b/desktop_certificate/README.rst
new file mode 100644
index 000000000..0991cd32b
--- /dev/null
+++ b/desktop_certificate/README.rst
@@ -0,0 +1,70 @@
+===================
+Desktop Certificats
+===================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:2bffd83f3e44d4fff1cab3eca36cc7170c1008fed1bf1fea9222d041e920e331
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-akretion%2Fak--odoo--incubator-lightgray.png?logo=github
+    :target: https://github.com/akretion/ak-odoo-incubator/tree/14.0/desktop_certificate
+    :alt: akretion/ak-odoo-incubator
+
+|badge1| |badge2| |badge3|
+
+This module allows to manage certificates TLS / MPKI / SSL.
+It manages the creation and renewal of certificates and the installation of the certificates on your server.
+It allows you to manage your certificates in a simple and efficient way.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/akretion/ak-odoo-incubator/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/akretion/ak-odoo-incubator/issues/new?body=module:%20desktop_certificate%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Akretion
+
+Contributors
+~~~~~~~~~~~~
+
+* Kévin Roche <kevin.roche@akretion.com>
+
+Maintainers
+~~~~~~~~~~~
+
+.. |maintainer-Kev-Roche| image:: https://github.com/Kev-Roche.png?size=40px
+    :target: https://github.com/Kev-Roche
+    :alt: Kev-Roche
+
+Current maintainer:
+
+|maintainer-Kev-Roche| 
+
+This module is part of the `akretion/ak-odoo-incubator <https://github.com/akretion/ak-odoo-incubator/tree/14.0/desktop_certificate>`_ project on GitHub.
+
+You are welcome to contribute.
diff --git a/desktop_certificate/__init__.py b/desktop_certificate/__init__.py
new file mode 100644
index 000000000..0650744f6
--- /dev/null
+++ b/desktop_certificate/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/desktop_certificate/__manifest__.py b/desktop_certificate/__manifest__.py
new file mode 100644
index 000000000..8508514ba
--- /dev/null
+++ b/desktop_certificate/__manifest__.py
@@ -0,0 +1,28 @@
+# Copyright 2024 Akretion (https://www.akretion.com).
+# @author Kévin Roche <kevin.roche@akretion.com>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Desktop Certificats",
+    "summary": "Generate and manage TSL certificates of users",
+    "version": "14.0.1.0.0",
+    "category": "tools",
+    "website": "https://github.com/akretion/ak-odoo-incubator",
+    "author": "Akretion, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "maintainers": ["Kev-Roche"],
+    "application": False,
+    "installable": True,
+    "depends": [
+        "stock",
+        "mail",
+    ],
+    "data": [
+        "data/data.xml",
+        "security/res_groups.xml",
+        "security/ir.model.access.csv",
+        "security/rule.xml",
+        "views/desktop.xml",
+        "views/desktop_certificate.xml",
+    ],
+}
diff --git a/desktop_certificate/data/data.xml b/desktop_certificate/data/data.xml
new file mode 100644
index 000000000..baddb177f
--- /dev/null
+++ b/desktop_certificate/data/data.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo noupdate="1">
+    <record id="mpki_api_url" model="ir.config_parameter">
+        <field name="key">mpki_api_url</field>
+        <field name="value">http://front.home.arpa:8096/certs</field>
+    </record>
+    <record id="mpki_api_user" model="ir.config_parameter">
+        <field name="key">mpki_api_user</field>
+        <field name="value"></field>
+    </record>
+    <record id="mpki_api_password" model="ir.config_parameter">
+        <field name="key">mpki_api_password</field>
+        <field name="value" />
+    </record>
+
+    <record id="ir_cron_send_email_certificate_expiration" model="ir.cron">
+        <field
+            name="name"
+        >Email d'alerte d'expiration de certificats informatique.</field>
+        <field name="active" eval="True" />
+        <field name="user_id" ref="base.user_root" />
+        <field name="interval_number">3</field>
+        <field name="interval_type">days</field>
+        <field name="numbercall">-1</field>
+        <field name="model_id" ref="model_desktop" />
+        <field name="code">model.cron_send_email_certificate_expiration()</field>
+    </record>
+    <record id="mail_certificate_expiration" model="mail.template">
+        <field
+            name="name"
+        >Email d'alerte d'expiration de certificats informatique</field>
+        <field name="model_id" ref="model_desktop" />
+        <field name="subject">Certificats à renouveler sous 15 jours</field>
+        <field name="email_to" />
+        <field name="body_html" type="xml">
+            <div style="margin: 0px; padding: 0px;">
+                <p style="margin: 0px; padding: 0px; font-size: 13px;">
+                    --- MAIL AUTOMATIQUE ---<br /><br />
+                    Bonjour,<br /><br />
+                    Voici la liste des certificats qui expireront sous 15 jours:
+                    <br />
+                    <ul>
+                    % for line in object.env.context.get('certifs_ids'):
+                      <li><b>${line.name}</b> :  ${line.expiration_date}</li>
+                    % endfor
+                    </ul>
+
+                    <br />
+                    Cordialement
+                </p>
+            </div>
+        </field>
+        <field name="report_name">${(object.name or '').replace('/','-')}</field>
+        <field name="auto_delete" eval="True" />
+    </record>
+</odoo>
diff --git a/desktop_certificate/models/__init__.py b/desktop_certificate/models/__init__.py
new file mode 100644
index 000000000..206dab761
--- /dev/null
+++ b/desktop_certificate/models/__init__.py
@@ -0,0 +1,3 @@
+from . import desktop_certificate
+
+from . import desktop
diff --git a/desktop_certificate/models/desktop.py b/desktop_certificate/models/desktop.py
new file mode 100644
index 000000000..51e74f3af
--- /dev/null
+++ b/desktop_certificate/models/desktop.py
@@ -0,0 +1,190 @@
+# Copyright 2024 Akretion (https://www.akretion.com).
+# @author Kévin Roche <kevin.roche@akretion.com>
+
+import json
+from datetime import datetime
+
+import requests
+
+from odoo import _, api, fields, models
+from odoo.exceptions import UserError
+
+
+class Desktop(models.Model):
+    _name = "desktop"
+    _inherit = ["mail.thread"]
+    _description = "Desktop"
+
+    name = fields.Char(string="Nom")
+    location_id = fields.Many2one(
+        comodel_name="stock.warehouse", string="Lieu", required=True
+    )
+    company_id = fields.Many2one(
+        comodel_name="res.company",
+        string="Société",
+        default=lambda self: self.env.company,
+    )
+    certificate_partner_id = fields.Many2one(
+        comodel_name="res.partner",
+        string="Certificats envoyés à",
+        domain=[("user_ids", "!=", False)],
+        default=lambda self: self.env.user.partner_id,
+    )
+    certificate_email = fields.Char(
+        string="Certificat envoyé à", related="certificate_partner_id.email"
+    )
+    certificate_phone = fields.Char(
+        string="Mot de passe du certificat envoyé à",
+        related="certificate_partner_id.mobile",
+    )
+
+    certificate_ids = fields.One2many(
+        comodel_name="desktop.certificate",
+        inverse_name="desktop_id",
+        string="Certificats",
+    )
+    certificate_state = fields.Selection(
+        selection=[
+            ("1_short", "< 15 jours"),
+            ("2_medium", "< 3 mois"),
+            ("3_long", "> 3 mois"),
+            ("4_revoked", "Révoqué"),
+            ("5_obsolete", "Obsolète"),
+            ("none", "Aucun certificat"),
+        ],
+        string="Etat Certificats",
+        compute="_compute_valid_certificate_state",
+        store=True,
+    )
+
+    certificate_min_exp_date = fields.Date(
+        string="Date d'expiration",
+        compute="_compute_certificate_min_exp_date",
+    )
+
+    valid_certificate_count = fields.Integer(
+        compute="_compute_valid_certificate_count", string="Certificats Valides"
+    )
+
+    def _compute_certificate_min_exp_date(self):
+        for rec in self:
+            rec.certificate_min_exp_date = None
+            certifs = rec.certificate_ids
+            if certifs:
+                current_datetime = datetime.now()
+                valid_datetime_list = [
+                    certif.expiration_date
+                    for certif in certifs
+                    if certif.expiration_date >= current_datetime
+                    and not certif.revoked
+                    and certif.active
+                ]
+                if valid_datetime_list:
+                    rec.certificate_min_exp_date = max(valid_datetime_list).date()
+
+    def _compute_valid_certificate_state(self):
+        for rec in self:
+            certif_states = rec.certificate_ids.mapped("state")
+            if certif_states:
+                if "short" in certif_states:
+                    rec.certificate_state = "1_short"
+                elif "medium" in certif_states:
+                    rec.certificate_state = "2_medium"
+                elif "long" in certif_states:
+                    rec.certificate_state = "3_long"
+                elif "revoked" in certif_states:
+                    rec.certificate_state = "4_revoked"
+                else:
+                    rec.certificate_state = "5_obsolete"
+            else:
+                rec.certificate_state = "none"
+
+    def cron_send_email_certificate_expiration(self):
+        certifs = self.env["maintenance.certificate"].search([])
+        certifs._compute_valid_certificate_state()
+        short_certifs = certifs.filtered(lambda x: x.state == "short")
+        if short_certifs:
+            email_template = self.env.ref("infra.mail_certificate_expiration")
+            self.with_context(
+                certifs_ids=short_certifs.equipment_id
+            ).message_post_with_template(email_template.id)
+
+    @api.depends("certificate_ids")
+    def _compute_valid_certificate_count(self):
+        for record in self:
+            record.valid_certificate_count = len(
+                record.certificate_ids.filtered(
+                    lambda c: not c.revoked and c.expiration_date > datetime.now()
+                )
+            )
+
+    def _get_mpki_api(self):
+        ir_config_model = self.env["ir.config_parameter"].sudo()
+        mpki_api = {}
+        mpki_api["url"] = ir_config_model.get_param("mpki_api_url")
+        mpki_api["user"] = ir_config_model.get_param("mpki_api_user")
+        mpki_api["password"] = ir_config_model.get_param("mpki_api_password")
+        return mpki_api
+
+    def generate_certificate(self):
+        mpki_api = self._get_mpki_api()
+        for record in self:
+            partner = record.certificate_partner_id
+            if not partner.email:
+                raise UserError(_("L'email du destinataire est vide"))
+            if not partner.mobile:
+                raise UserError(_("Le mobile du destinataire est vide"))
+            location = record.location_id.partner_id
+            params = {
+                "certificate": {
+                    "name": record.name,
+                },
+                "partner": {
+                    "name": partner.display_name,
+                    "phone": partner.mobile,
+                    "email": partner.email,
+                },
+                "location": {
+                    "name": location.name,
+                    "company": location.company_id.name,
+                    "city": location.city,
+                    "zipcode": location.zip,
+                    "country": location.country_id.name,
+                },
+            }
+            res = requests.post(
+                mpki_api["url"],
+                auth=(mpki_api["user"], mpki_api["password"]),
+                json=params,
+            )
+            if res.status_code == requests.codes.ok:
+                res_dict = res.json()
+                self.env["desktop.certificate"].create(
+                    {
+                        "revoked": not res_dict["valid"],
+                        "name": res_dict["name"],
+                        "expiration_date": datetime.fromisoformat(
+                            res_dict["valid_until"]
+                        ),
+                        "desktop_id": record.id,
+                        "sent_to_email": record.certificate_email,
+                        "sent_to_phone": record.certificate_phone,
+                    }
+                )
+            else:
+                try:
+                    raise UserError(json.dumps(res.json(), indent=4))
+                except ValueError:
+                    raise UserError(res.text)
+        return None
+
+    @api.onchange("location_id")
+    def _onchange_location(self):
+        if self.location_id:
+            self.company_id = self.location_id.company_id.id or False
+
+    def unlink(self):
+        desktops = self.mapped("desktop_id")
+        super().unlink()
+        desktops.unlink()
+        return True
diff --git a/desktop_certificate/models/desktop_certificate.py b/desktop_certificate/models/desktop_certificate.py
new file mode 100644
index 000000000..8cda56dea
--- /dev/null
+++ b/desktop_certificate/models/desktop_certificate.py
@@ -0,0 +1,91 @@
+# Copyright 2024 Akretion (https://www.akretion.com).
+# @author Kévin Roche <kevin.roche@akretion.com>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import json
+from datetime import datetime
+
+import requests
+from dateutil.relativedelta import relativedelta
+
+from odoo import _, fields, models
+from odoo.exceptions import UserError
+
+
+class DesktopCertificate(models.Model):
+    _name = "desktop.certificate"
+    _description = "Desktop Certificate"
+
+    name = fields.Char(string="Nom")
+    desktop_id = fields.Many2one(
+        comodel_name="desktop",
+        string="Poste",
+    )
+    active = fields.Boolean(default=True, string="Actif")
+    revoked = fields.Boolean(string="Révoqué", default=False)
+    expiration_date = fields.Datetime(string="Date d'expiration")
+    sent_to_email = fields.Char(string="Destinataire mail")
+    sent_to_phone = fields.Char(
+        string="Destinataire SMS",
+    )
+    company_id = fields.Many2one(
+        comodel_name="res.company",
+        related="desktop_id.company_id",
+    )
+
+    state = fields.Selection(
+        selection=[
+            ("obsolete", "Obsolète"),
+            ("revoked", "Révoqué"),
+            ("long", "> 3 mois"),
+            ("medium", "< 3 mois"),
+            ("short", "< 15 jours"),
+        ],
+        string="Etat du Certificat",
+        compute="_compute_state",
+        store=False,
+    )
+
+    def _compute_state(self):
+        for rec in self:
+            if rec.revoked or not rec.active:
+                rec.state = "revoked"
+            elif rec.expiration_date < datetime.now():
+                rec.state = "obsolete"
+            elif rec.expiration_date < datetime.now() + relativedelta(weeks=2):
+                rec.state = "short"
+            elif rec.expiration_date < datetime.now() + relativedelta(months=3):
+                rec.state = "medium"
+            else:
+                rec.state = "long"
+
+    def action_archive(self):
+        mpki_api = self[0].equipment_id._get_mpki_api()
+        usable = self.filtered(
+            lambda c: c.expiration_date > datetime.now() and not c.revoked
+        )
+        for record in usable:
+            res = requests.delete(
+                mpki_api["url"],
+                auth=(mpki_api["user"], mpki_api["password"]),
+                params={"serial": record.serial},
+            )
+            # Archive if certificate is revoked or not found (already revoked)
+            if res.status_code == requests.codes.ok or res.status_code == 404:
+                record.revoked = True
+                super(DesktopCertificate, record).action_archive()
+            else:
+                try:
+                    raise UserError(json.dumps(res.json(), indent=4))
+                except ValueError:
+                    raise UserError(res.text)
+        # standard archive process for unusable certificates
+        return super(DesktopCertificate, self - usable).action_archive()
+
+    def action_unarchive(self):
+        raise UserError(
+            _(
+                "Vous ne pouvez pas désarchiver un certificat, "
+                "veuillez en générer un nouveau."
+            )
+        )
diff --git a/desktop_certificate/readme/CONTRIBUTORS.rst b/desktop_certificate/readme/CONTRIBUTORS.rst
new file mode 100644
index 000000000..5ef178f72
--- /dev/null
+++ b/desktop_certificate/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Kévin Roche <kevin.roche@akretion.com>
\ No newline at end of file
diff --git a/desktop_certificate/readme/DESCRIPTION.rst b/desktop_certificate/readme/DESCRIPTION.rst
new file mode 100644
index 000000000..2c7364600
--- /dev/null
+++ b/desktop_certificate/readme/DESCRIPTION.rst
@@ -0,0 +1,3 @@
+This module allows to manage certificates TLS / MPKI / SSL.
+It manages the creation and renewal of certificates and the installation of the certificates on your server.
+It allows you to manage your certificates in a simple and efficient way.
diff --git a/desktop_certificate/security/ir.model.access.csv b/desktop_certificate/security/ir.model.access.csv
new file mode 100644
index 000000000..0e45b0a78
--- /dev/null
+++ b/desktop_certificate/security/ir.model.access.csv
@@ -0,0 +1,5 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_desktop_manager,desktop.manager,model_desktop,desktop_certificate.group_certificat_manager,1,1,1,0
+access_desktop,desktop.user,model_desktop,base.group_user,1,0,0,0
+access_desktop_certificate_manager,desktop.certificate.manager,model_desktop_certificate,desktop_certificate.group_certificat_manager,1,1,1,0
+access_desktop_certificate,desktop.certificate.user,model_desktop_certificate,base.group_user,1,0,0,0
diff --git a/desktop_certificate/security/res_groups.xml b/desktop_certificate/security/res_groups.xml
new file mode 100644
index 000000000..abcb69520
--- /dev/null
+++ b/desktop_certificate/security/res_groups.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Copyright (C) 2024 Akretion (<http://www.akretion.com>).
+     @author Kévin Roche <kevin.roche@akretion.com>
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+    <record id="group_certificat_manager" model="res.groups">
+        <field name="name">Gestionnaire des certificats utilisateurs</field>
+        <field name="comment">Permet de générer/révoquer les certificats</field>
+        <field
+            name="users"
+            eval="[(4, ref('base.user_root')), (4, ref('base.user_admin')) ]"
+        />
+    </record>
+</odoo>
diff --git a/desktop_certificate/security/rule.xml b/desktop_certificate/security/rule.xml
new file mode 100644
index 000000000..1fa574a24
--- /dev/null
+++ b/desktop_certificate/security/rule.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+        <record id="desktop_certificat_rule" model="ir.rule">
+            <field name="name">Certificat multicompany rule</field>
+            <field name="model_id" ref="model_desktop_certificate" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_create" eval="True" />
+            <field name="perm_write" eval="True" />
+            <field name="perm_unlink" eval="True" />
+            <field name="domain_force"> [('company_id', 'in', company_ids)]</field>
+        </record>
+
+</odoo>
diff --git a/desktop_certificate/static/description/index.html b/desktop_certificate/static/description/index.html
new file mode 100644
index 000000000..577c8292e
--- /dev/null
+++ b/desktop_certificate/static/description/index.html
@@ -0,0 +1,419 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Desktop Certificats</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="desktop-certificats">
+<h1 class="title">Desktop Certificats</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:2bffd83f3e44d4fff1cab3eca36cc7170c1008fed1bf1fea9222d041e920e331
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/akretion/ak-odoo-incubator/tree/14.0/desktop_certificate"><img alt="akretion/ak-odoo-incubator" src="https://img.shields.io/badge/github-akretion%2Fak--odoo--incubator-lightgray.png?logo=github" /></a></p>
+<p>This module allows to manage certificates TLS / MPKI / SSL.
+It manages the creation and renewal of certificates and the installation of the certificates on your server.
+It allows you to manage your certificates in a simple and efficient way.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-1">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-2">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-3">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-4">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-5">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-1">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/akretion/ak-odoo-incubator/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/akretion/ak-odoo-incubator/issues/new?body=module:%20desktop_certificate%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-2">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-3">Authors</a></h2>
+<ul class="simple">
+<li>Akretion</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-4">Contributors</a></h2>
+<ul class="simple">
+<li>Kévin Roche &lt;<a class="reference external" href="mailto:kevin.roche&#64;akretion.com">kevin.roche&#64;akretion.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-5">Maintainers</a></h2>
+<p>Current maintainer:</p>
+<p><a class="reference external image-reference" href="https://github.com/Kev-Roche"><img alt="Kev-Roche" src="https://github.com/Kev-Roche.png?size=40px" /></a></p>
+<p>This module is part of the <a class="reference external" href="https://github.com/akretion/ak-odoo-incubator/tree/14.0/desktop_certificate">akretion/ak-odoo-incubator</a> project on GitHub.</p>
+<p>You are welcome to contribute.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/desktop_certificate/tests/__init__.py b/desktop_certificate/tests/__init__.py
new file mode 100644
index 000000000..84962768b
--- /dev/null
+++ b/desktop_certificate/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_certificats
diff --git a/desktop_certificate/tests/test_certificats.py b/desktop_certificate/tests/test_certificats.py
new file mode 100644
index 000000000..f92124b04
--- /dev/null
+++ b/desktop_certificate/tests/test_certificats.py
@@ -0,0 +1,65 @@
+# Copyright 2024 Akretion (https://www.akretion.com).
+# @author Pierrick Brun <pierrick.brun@akretion.com>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+
+from odoo.exceptions import UserError
+from odoo.tests.common import TransactionCase
+
+try:
+    from vcr_unittest import VCRMixin
+except ImportError:
+    VCRMixin = None
+
+
+class TestCertificateApi(TransactionCase, VCRMixin):
+    def setUp(self):
+        super().setUp()
+        warehouse = self.env.ref("stock.warehouse0")
+        contact = self.env["res.partner"].create(
+            {
+                "name": "Jhon Doe",
+                "email": "jhon.doe@akretion.com",
+                "mobile": "+33699999999",
+            }
+        )
+        self.desktop = self.env["desktop"].create(
+            {
+                "location_id": warehouse.id,
+                "name": "TEST",
+                "certificate_partner_id": contact.id,
+            }
+        )
+        self._set_mpki_api()
+
+    def _set_mpki_api(self):
+        ir_config_model = self.env["ir.config_parameter"].sudo()
+        # This is the IP address of the docker host
+        ir_config_model.set_param("mpki_api_url", "http://172.17.0.1:8000/certs")
+        ir_config_model.set_param("mpki_api_user", "abilis")
+        ir_config_model.set_param("mpki_api_password", "TESTTESTTESTTEST")
+
+    def _get_vcr_kwargs(self, **kwargs):
+        return {
+            "record_mode": "once",
+            "match_on": ["method", "path", "query"],
+            "filter_headers": ["Authorization"],
+            "decode_compressed_response": True,
+        }
+
+    def test_generate_certificate(self):
+        self.assertEqual(len(self.desktop.certificate_ids), 0)
+        self.desktop.generate_certificate()
+        self.assertEqual(len(self.desktop.certificate_ids), 1)
+        certificate1 = self.desktop.certificate_ids
+        self.desktop.generate_certificate()
+        self.assertEqual(len(self.desktop.certificate_ids), 2)
+        for cert in self.desktop.certificate_ids:
+            self.assertEqual(cert.sent_to_email, "jhon.doe@akretion.com")
+            self.assertEqual(cert.sent_to_phone, "+33699999999")
+            self.assertEqual(cert.revoked, False)
+        certificate1.action_archive()
+        self.assertEqual(certificate1.revoked, True)
+        with self.assertRaises(UserError):
+            certificate1.action_unarchive()
+        self.assertEqual(len(self.desktop.certificate_ids), 1)
diff --git a/desktop_certificate/views/desktop.xml b/desktop_certificate/views/desktop.xml
new file mode 100644
index 000000000..ddcfe1a61
--- /dev/null
+++ b/desktop_certificate/views/desktop.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Copyright (C) 2024 Akretion (<http://www.akretion.com>).
+@author Kévin Roche <kevin.roche@akretion.com>  -->
+<odoo>
+<record id="desktop_certificate_action" model="ir.actions.act_window">
+    <field name="name">Certificats</field>
+    <field name="res_model">desktop.certificate</field>
+    <field name="view_mode">tree</field>
+    <field name="domain">[("desktop_id", "=", active_id)]</field>
+    <field name="context">{"active_test": False}</field>
+</record>
+
+
+<!-- form view -->
+<record id="desktop_form" model="ir.ui.view">
+    <field name="model">desktop</field>
+    <field name="arch" type="xml">
+        <form>
+            <header>
+                <button
+                        name="generate_certificate"
+                        string="Créer un certificat"
+                        type="object"
+                    />
+            </header>
+            <sheet>
+                <div class="oe_button_box" name="button_box">
+                    <button
+                            name="%(desktop_certificate_action)d"
+                            type="action"
+                            class="oe_stat_button"
+                            icon="fa-file-archive-o"
+                        >
+                        <field
+                                string="Certificat(s)"
+                                name="valid_certificate_count"
+                                widget="statinfo"
+                            />
+                    </button>
+                </div>
+                <group>
+                    <field name="name" />
+                    <field name="location_id" />
+                    <field name="certificate_state" />
+                </group>
+                <group string="Utilisateur">
+                    <field name="certificate_partner_id" />
+                    <field name="certificate_email" readonly="1" />
+                    <field name="certificate_phone" readonly="1" />
+                </group>
+            </sheet>
+        </form>
+    </field>
+</record>
+
+
+<!-- tree view -->
+<record id="desktop_tree" model="ir.ui.view">
+    <field name="model">desktop</field>
+    <field name="arch" type="xml">
+        <tree
+                decoration-warning="certificate_state == '2_medium'"
+                decoration-danger="certificate_state == '1_short'"
+            >
+            <field name="name" />
+            <field name="location_id" />
+            <field name="certificate_state" />
+            <field name="certificate_partner_id" />
+        </tree>
+    </field>
+</record>
+
+
+<!-- search view -->
+<record id="desktop_search" model="ir.ui.view">
+    <field name="model">desktop</field>
+    <field name="arch" type="xml">
+        <search>
+            <filter
+                    name="certificate_state"
+                    string=" Etat du certificat"
+                    domain="[]"
+                    context="{'group_by':'certificate_state'}"
+                />
+            <filter
+                    name="certificate_partner_id"
+                    string="Utilisateur"
+                    domain="[]"
+                    context="{'group_by':'certificate_partner_id'}"
+                />
+            <filter
+                    name="location_id"
+                    string="Lieu"
+                    domain="[]"
+                    context="{'group_by':'location_id'}"
+                />
+        </search>
+    </field>
+</record>
+
+<record id="generate_certificate_act_server" model="ir.actions.server">
+    <field name="name">Générer le(s) certificat(s)</field>
+    <field name="model_id" ref="desktop_certificate.model_desktop" />
+    <field name="binding_model_id" ref="desktop_certificate.model_desktop" />
+    <field name="state">code</field>
+    <field
+            name="code"
+        >action = model.browse(env.context['active_ids']).generate_certificate()</field>
+</record>
+
+
+<record id="desktop_action" model="ir.actions.act_window">
+    <field name="name">Postes</field>
+    <field name="res_model">desktop</field>
+    <field name="view_mode">tree,form</field>
+    <field name="context">{"active_test": False}</field>
+</record>
+<menuitem
+        id="desktop_certificate_menu"
+        name="Postes / Certificats"
+        parent="base.menu_administration"
+        sequence="3"
+        action="desktop_certificate.desktop_action"
+    />
+</odoo>
diff --git a/desktop_certificate/views/desktop_certificate.xml b/desktop_certificate/views/desktop_certificate.xml
new file mode 100644
index 000000000..3af7edf3f
--- /dev/null
+++ b/desktop_certificate/views/desktop_certificate.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Copyright (C) 2024 Akretion (<http://www.akretion.com>).
+@author Kévin Roche <kevin.roche@akretion.com>
+License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<odoo>
+<record id="desktop_certificate_form" model="ir.ui.view">
+    <field name="model">desktop.certificate</field>
+    <field name="arch" type="xml">
+        <form>
+            <sheet>
+                <group>
+                    <field name="name" />
+                    <field name="desktop_id" readonly="1" />
+                    <field name="expiration_date" />
+                    <field name="state" />
+                </group>
+                <group string="Utilisateur">
+                    <field name="sent_to_email" readonly="1" />
+                    <field name="sent_to_phone" readonly="1" />
+                </group>
+            </sheet>
+        </form>
+    </field>
+</record>
+<record id="desktop_certificate_tree" model="ir.ui.view">
+    <field name="model">desktop.certificate</field>
+    <field name="arch" type="xml">
+        <tree
+                string="Certificats"
+                create="0"
+                edit="0"
+                delete="0"
+                duplicate="0"
+                decoration-muted="active == False"
+            >
+            <field name="name" />
+            <field name="desktop_id" readonly="1" />
+            <field name="state" />
+            <field name="expiration_date" />
+            <field name="active" />
+            <field name="sent_to_email" />
+            <field name="sent_to_phone" />
+        </tree>
+    </field>
+</record>
+</odoo>
diff --git a/setup/desktop_certificate/odoo/addons/desktop_certificate b/setup/desktop_certificate/odoo/addons/desktop_certificate
new file mode 120000
index 000000000..6967cdf56
--- /dev/null
+++ b/setup/desktop_certificate/odoo/addons/desktop_certificate
@@ -0,0 +1 @@
+../../../../desktop_certificate
\ No newline at end of file
diff --git a/setup/desktop_certificate/setup.py b/setup/desktop_certificate/setup.py
new file mode 100644
index 000000000..28c57bb64
--- /dev/null
+++ b/setup/desktop_certificate/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)