diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2013-06-25 00:38:30 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2013-06-27 15:38:50 -0400 |
| commit | c1d47410a09ed7f15ff929021b3815137f5ff94e (patch) | |
| tree | c8de83c5dead38c5162a6e20d6aca64c285262dd | |
| parent | 66c34cfbe1ca67c7ad7b5fddae26cd1b2d53e8c4 (diff) | |
| download | pki-c1d47410a09ed7f15ff929021b3815137f5ff94e.tar.gz pki-c1d47410a09ed7f15ff929021b3815137f5ff94e.tar.xz pki-c1d47410a09ed7f15ff929021b3815137f5ff94e.zip | |
Applied PEP8 formatting to python files.
General formatting done for all the python files except for the line
length issue, which could not be formatted using Pydev in Eclipse.
Ticket #316
| -rw-r--r-- | .pydevproject | 12 | ||||
| -rw-r--r-- | base/common/python/pki/__init__.py | 10 | ||||
| -rw-r--r-- | base/common/python/pki/client.py | 2 | ||||
| -rw-r--r-- | base/common/python/pki/system.py | 2 | ||||
| -rw-r--r-- | base/common/python/pki/upgrade.py | 18 | ||||
| -rw-r--r-- | base/kra/functional/drmclient.py | 348 | ||||
| -rw-r--r-- | base/server/python/pki/server/__init__.py | 6 | ||||
| -rw-r--r-- | base/server/python/pki/server/upgrade.py | 10 | ||||
| -rw-r--r-- | base/server/src/engine/pkiconfig.py | 18 | ||||
| -rw-r--r-- | base/server/src/engine/pkihelper.py | 798 | ||||
| -rw-r--r-- | base/server/src/engine/pkilogging.py | 8 | ||||
| -rw-r--r-- | base/server/src/engine/pkimanifest.py | 4 | ||||
| -rw-r--r-- | base/server/src/engine/pkiparser.py | 398 | ||||
| -rw-r--r-- | base/server/src/scriptlets/configuration.py | 6 | ||||
| -rw-r--r-- | base/server/src/scriptlets/infrastructure_layout.py | 6 | ||||
| -rw-r--r-- | base/server/src/scriptlets/security_databases.py | 2 | ||||
| -rw-r--r-- | base/server/src/scriptlets/slot_substitution.py | 8 |
17 files changed, 831 insertions, 825 deletions
diff --git a/.pydevproject b/.pydevproject index a9cca037b..f77c43e10 100644 --- a/.pydevproject +++ b/.pydevproject @@ -1,7 +1,13 @@ <?xml version="1.0" encoding="UTF-8" standalone="no"?> -<?eclipse-pydev version="1.0"?> - -<pydev_project> +<?eclipse-pydev version="1.0"?><pydev_project> <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property> <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property> +<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH"> +<path>/pki/base/server/src</path> +<path>/pki/base/server/src/engine</path> +<path>/pki/base/server/src/scriptlets</path> +<path>/pki/base/server/python/pki/server</path> +<path>/pki/base/common/python/pki</path> +<path>/pki/base/kra/functional</path> +</pydev_pathproperty> </pydev_project> diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py index 404aa92d4..979bf64d9 100644 --- a/base/common/python/pki/__init__.py +++ b/base/common/python/pki/__init__.py @@ -23,12 +23,12 @@ import os import re -CONF_DIR = '/etc/pki' -SHARE_DIR = '/usr/share/pki' -BASE_DIR = '/var/lib' -LOG_DIR = '/var/log/pki' +CONF_DIR = '/etc/pki' +SHARE_DIR = '/usr/share/pki' +BASE_DIR = '/var/lib' +LOG_DIR = '/var/log/pki' -PACKAGE_VERSION = SHARE_DIR + '/VERSION' +PACKAGE_VERSION = SHARE_DIR + '/VERSION' def read_text(message, diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py index 05f42ba06..00343bb7c 100644 --- a/base/common/python/pki/client.py +++ b/base/common/python/pki/client.py @@ -35,7 +35,7 @@ class PKIConnection: self.port = port self.subsystem = subsystem - self.serverURI = self.protocol + '://' +\ + self.serverURI = self.protocol + '://' + \ self.hostname + ':' + self.port + '/' + \ self.subsystem diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index 5b4caf7f3..4dd3baac2 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -87,7 +87,7 @@ class SystemStatusClient: self.connection = connection def getStatus(self): - r = self.connection.get('/admin/' +\ + r = self.connection.get('/admin/' + \ self.connection.subsystem + '/getStatus') return r.text diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py index 9f927130f..e9e40b15c 100644 --- a/base/common/python/pki/upgrade.py +++ b/base/common/python/pki/upgrade.py @@ -29,12 +29,12 @@ import pki import pki.util -DEFAULT_VERSION = '10.0.0' +DEFAULT_VERSION = '10.0.0' -UPGRADE_DIR = pki.SHARE_DIR + '/upgrade' -BACKUP_DIR = pki.LOG_DIR + '/upgrade' -SYSTEM_TRACKER = pki.CONF_DIR + '/pki.version' -verbose = False +UPGRADE_DIR = pki.SHARE_DIR + '/upgrade' +BACKUP_DIR = pki.LOG_DIR + '/upgrade' +SYSTEM_TRACKER = pki.CONF_DIR + '/pki.version' +verbose = False @functools.total_ordering @@ -172,14 +172,14 @@ class PKIUpgradeTracker(object): i = self.properties.index(self.version_key) if i >= 0: # if version exists, add index after version - self.properties.set(self.index_key, str(index), index=i+1) + self.properties.set(self.index_key, str(index), index=i + 1) else: # otherwise, add index at the end separated by a blank line # if last line is not empty, append empty line length = len(self.properties.lines) - if length > 0 and self.properties.lines[length-1] != '': + if length > 0 and self.properties.lines[length - 1] != '': self.properties.insert_line(length, '') length = length + 1 @@ -219,7 +219,7 @@ class PKIUpgradeTracker(object): # if last line is not empty, append empty line length = len(self.properties.lines) - if length > 0 and self.properties.lines[length-1] != '': + if length > 0 and self.properties.lines[length - 1] != '': self.properties.insert_line(length, '') length = length + 1 @@ -460,7 +460,7 @@ class PKIUpgrader(object): raise pki.PKIException('Invalid scriptlet name: ' + filename, e) index = int(filename[0:i]) - classname = filename[i+1:] + classname = filename[i + 1:] if self.index and index != self.index: continue diff --git a/base/kra/functional/drmclient.py b/base/kra/functional/drmclient.py index 5dd2336ea..6e3a2ac61 100644 --- a/base/kra/functional/drmclient.py +++ b/base/kra/functional/drmclient.py @@ -27,7 +27,7 @@ This is a python client that can be used to retrieve key requests and keys from a KRA using the new RESTful interface. Moreover, given a PKIArchiveOptions structure containing either a passphrase or a symmetric key, this data can be stored in and retrieved from the KRA. - + A sample test execution is provided at the end of the file. ''' @@ -78,25 +78,25 @@ def parse_key_request_info_xml(doc): request_type = etree.tostring(request_type[0], method='text', encoding=unicode).strip() response['request_type'] = request_type - + request_status = doc.xpath('requestStatus') if len(request_status) == 1: request_status = etree.tostring(request_status[0], method='text', encoding=unicode).strip() response['request_status'] = request_status - + request_url = doc.xpath('requestURL') if len(request_url) == 1: request_url = etree.tostring(request_url[0], method='text', encoding=unicode).strip() - response['request_id'] = request_url.rsplit('/',1)[1] - + response['request_id'] = request_url.rsplit('/', 1)[1] + key_url = doc.xpath('keyURL') if len(key_url) == 1: key_url = etree.tostring(key_url[0], method='text', encoding=unicode).strip() - response['key_id'] = key_url.rsplit('/',1)[1] - + response['key_id'] = key_url.rsplit('/', 1)[1] + return response def parse_key_request_infos_xml(doc): @@ -119,10 +119,10 @@ def parse_key_request_infos_xml(doc): +----------------------+------------------------+-----------------------+---------------+ |info for each request |KeyRequestInfo |request_id [2] |dict | +----------------------+------------------------+-----------------------+---------------+ - - [1] prev_id and next_id are the starting ids for the previous and next pages + + [1] prev_id and next_id are the starting ids for the previous and next pages respectively. They are extracted from the href elements of the Link - nodes (if they exist) + nodes (if they exist) [2] For each key request info returned, we store a dict containing the key request data. See parse_key_request_info_xml for details. Each dict is referenced by the id of the key request (extracted from the key request URL). @@ -132,21 +132,21 @@ def parse_key_request_infos_xml(doc): if len(next_link) == 1: next_link = etree.tostring(next_link[0], method='text', encoding=unicode).strip() - next_link = next_link.rsplit('/',1)[1] + next_link = next_link.rsplit('/', 1)[1] response['next_id'] = next_link - + prev_link = doc.xpath('//Link[@rel="previous"]/href') if len(prev_link) == 1: prev_link = etree.tostring(prev_link[0], method='text', encoding=unicode).strip() prev_link = prev_link.rsplit('/', 1)[1] response['prev_id'] = prev_link - + key_request_infos = doc.xpath('//KeyRequestInfo') for key_request in key_request_infos: node = parse_key_request_info_xml(key_request) response[node['request_id']] = node - + return response def parse_key_data_info_xml(doc): @@ -204,21 +204,21 @@ def parse_key_data_infos_xml(doc): +----------------------+-----------------+-----------------------+---------------+ |info for each key |KeyDataInfo |key_id [2] |dict | +----------------------+-----------------+-----------------------+---------------+ - - [1] prev_id and next_id are the starting ids for the previous and next pages + + [1] prev_id and next_id are the starting ids for the previous and next pages respectively. They are extracted from the href elements of the Link - nodes (if they exist) + nodes (if they exist) [2] For each key info returned, we store a dict containing the key data. See parse_key_data_info_xml for details. Each dict is referenced by the id of the key (extracted from the key URL). ''' response = {} - + next_link = doc.xpath('//Link[@rel="next"]/href') if len(next_link) == 1: next_link = etree.tostring(next_link[0], method='text', encoding=unicode).strip() - next_link = next_link.rsplit('/',1)[1] + next_link = next_link.rsplit('/', 1)[1] response['next_id'] = next_link prev_link = doc.xpath('//Link[@rel="previous"]/href') @@ -227,12 +227,12 @@ def parse_key_data_infos_xml(doc): encoding=unicode).strip() prev_link = prev_link.rsplit('/', 1)[1] response['prev_id'] = prev_link - + key_data_infos = doc.xpath('//KeyDataInfo') for key_data in key_data_infos: node = parse_key_data_info_xml(key_data) - response[node['key_url'].rsplit('/',1)[1]] = node - + response[node['key_url'].rsplit('/', 1)[1]] = node + return response def parse_key_data_xml(doc): @@ -241,7 +241,7 @@ def parse_key_data_xml(doc): :returns: result dict :except ValueError: - After parsing the results are returned in a result dict. + After parsing the results are returned in a result dict. +----------------------+----------------+-----------------------+---------------+ |cms name |cms type |result name |result type | @@ -250,22 +250,22 @@ def parse_key_data_xml(doc): +----------------------+----------------+-----------------------+---------------+ |nonceData |string |nonce_data |unicode | +----------------------+----------------+-----------------------+---------------+ - + ''' response = {} - + wrapped_data = doc.xpath('wrappedPrivateData') if len(wrapped_data) == 1: wrapped_data = etree.tostring(wrapped_data[0], method='text', encoding=unicode).strip() response['wrapped_data'] = wrapped_data - + nonce_data = doc.xpath('nonceData') if len(nonce_data) == 1: nonce_data = etree.tostring(nonce_data[0], method='text', encoding=unicode).strip() response['nonce_data'] = nonce_data - + return response def parse_certificate_data_xml(doc): @@ -274,26 +274,26 @@ def parse_certificate_data_xml(doc): :returns: result dict :except ValueError: - After parsing the results are returned in a result dict. + After parsing the results are returned in a result dict. +----------------------+----------------+-----------------------+---------------+ |cms name |cms type |result name |result type | +======================+================+=======================+===============+ |b64 |string [1] |cert |unicode | +----------------------+----------------+-----------------------+---------------+ - + [1] Base-64 encoded certificate with header and footer ''' response = {} - + b64 = doc.xpath('b64') if len(b64) == 1: b64 = etree.tostring(b64[0], method='text', encoding=unicode).strip() response['cert'] = b64.replace(CERT_HEADER, "").replace(CERT_FOOTER, "") - + return response - + def https_request(host, port, url, secdir, password, nickname, operation, args, **kw): """ :param url: The URL to post to. @@ -309,7 +309,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args, host = host.encode('utf-8') uri = 'https://%s%s' % (ipautil.format_netloc(host, port), url) logging.info('sslget %r', uri) - + request_headers = {"Content-type": "application/xml", "Accept": "application/xml"} if operation == "POST": @@ -330,7 +330,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args, if operation == "GET": url = url + "?" + args conn.request("GET", url) - elif operation == "POST": + elif operation == "POST": conn.request("POST", url, post, request_headers) res = conn.getresponse() @@ -367,7 +367,7 @@ def http_request(host, port, url, operation, args): if args != None: post = args else: - post = "" + post = "" conn = httplib.HTTPConnection(host, port) try: if operation == "GET": @@ -376,7 +376,7 @@ def http_request(host, port, url, operation, args): conn.request("GET", url) elif operation == "POST": conn.request("POST", url, post, request_headers) - + res = conn.getresponse() http_status = res.status @@ -389,10 +389,10 @@ def http_request(host, port, url, operation, args): if conn is not None: conn.close() - logging.debug('request status %d', http_status) + logging.debug('request status %d', http_status) logging.debug('request reason_phrase %r', http_reason_phrase) - logging.debug('request headers %s', http_headers) - logging.debug('request body %r', http_body) + logging.debug('request headers %s', http_headers) + logging.debug('request body %r', http_body) return http_status, http_reason_phrase, http_headers, http_body @@ -400,7 +400,7 @@ class kra: """ Key Repository Authority backend plugin. """ - + POST = "POST" GET = "GET" transport_cert = "byte array with transport cert" @@ -408,9 +408,9 @@ class kra: iv = "e4:bb:3b:d3:c3:71:2e:58" fullname = "kra" - + def __init__(self, work_dir, kra_host, kra_port, kra_nickname): - #crypto + # crypto self.sec_dir = work_dir self.pwd_file = work_dir + "/pwdfile.txt" self.transport_cert_nickname = kra_nickname @@ -420,15 +420,15 @@ class kra: self.password = f.readline().strip() except IOError: self.password = '' - - #set up key db for crypto functions + + # set up key db for crypto functions try: nss.nss_init(self.sec_dir) except Exception, e: raise CertificateOperationError(error=_('Error in initializing certdb (%s)') \ + e.strerror) self.transport_cert = nss.find_cert_from_nickname(self.transport_cert_nickname) - + # DRM info self.kra_host = kra_host self.kra_agent_port = kra_port @@ -437,12 +437,12 @@ class kra: def setup_contexts(self, mechanism, sym_key, iv): # Get a PK11 slot based on the cipher slot = nss.get_best_slot(mechanism) - + if sym_key == None: sym_key = slot.key_gen(mechanism, None, slot.get_best_key_length(mechanism)) # If initialization vector was supplied use it, otherwise set it to None - if iv: + if iv: iv_data = nss.read_hex(iv) iv_si = nss.SecItem(iv_data) iv_param = nss.param_from_iv(mechanism, iv_si) @@ -458,7 +458,7 @@ class kra: # Create an encoding context encoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_ENCRYPT, sym_key, iv_param) - + # Create a decoding context decoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_DECRYPT, sym_key, iv_param) @@ -493,35 +493,35 @@ class kra: Perform an HTTPS request """ - return https_request(self.kra_host, port, url, self.sec_dir, self.password, + return https_request(self.kra_host, port, url, self.sec_dir, self.password, self.ipa_certificate_nickname, operation, args, **kw) def symmetric_wrap(self, data, wrapping_key): """ :param data: Data to be wrapped :param wrapping_key Symmetric key to wrap data - + Wrap (encrypt) data using the supplied symmetric key """ encoding_ctx, decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, self.iv) wrapped_data = encoding_ctx.cipher_op(data) + encoding_ctx.digest_final() return wrapped_data - + def asymmetric_wrap(self, data, wrapping_cert): """ :param data: Data to be wrapped :param wrapping_cert Public key to wrap data - + Wrap (encrypt) data using the supplied asymmetric key """ - + return None - - def symmetric_unwrap(self, data, wrapping_key, iv = None): + + def symmetric_unwrap(self, data, wrapping_key, iv=None): """ :param data: Data to be unwrapped :param wrapping_key Symmetric key to unwrap data - + Unwrap (decrypt) data using the supplied symmetric key """ if iv == None: @@ -529,7 +529,7 @@ class kra: encoding_ctx, decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, iv) unwrapped_data = decoding_ctx.cipher_op(data) + decoding_ctx.digest_final() return unwrapped_data - + def get_parse_result_xml(self, xml_text, parse_func): ''' :param xml_text: The XML text to parse @@ -549,7 +549,7 @@ class kra: def create_archival_request(self, client_id, security_data, data_type): """ :param :param client_id: identifier to be used for this stored key - :param security_data: data blob (PKIArchiveOptions) containing passphrase + :param security_data: data blob (PKIArchiveOptions) containing passphrase or symmetric key to be archived :param data_type: data type (symmetricKey, pass_phrase, asymmetricKey) :return doc: xml doc with archival request @@ -563,15 +563,15 @@ class kra: data_type_element = etree.SubElement(root, "dataType") data_type_element.text = data_type return etree.ElementTree(root) - - def create_recovery_request(self, key_id, request_id, session_key, passphrase, nonce = None): + + def create_recovery_request(self, key_id, request_id, session_key, passphrase, nonce=None): """ :param key_id: identifier of key to be recovered - :param request_id: id for the recovery request + :param request_id: id for the recovery request :param session_key session key wrapped in transport key :param passphrase passphrase wrapped in session key :return doc: xml doc with archival request - + """ self.debug('%s.create_recovery_request()', self.fullname) root = etree.Element("KeyRecoveryRequest") @@ -591,36 +591,36 @@ class kra: nonce_element = etree.SubElement(root, "nonceData") nonce_element.text = nonce return etree.ElementTree(root) - + def archive_security_data(self, client_id, security_data, data_type): """ :param client_id: identifier to be used for this stored key - :param security_data: data blob (PKIArchiveOptions) containing passphrase + :param security_data: data blob (PKIArchiveOptions) containing passphrase or symmetric key to be archived :param data_type: data type (symmetricKey, pass_phrase, asymmetricKey) - + Archives security data packaged in a PKIArchiveOptions blob - - The command returns a dict with key/value pairs as defined in + + The command returns a dict with key/value pairs as defined in parse_key_request_info_xml(). These include the request_id of the created archival request, the status of the request, and the key_id of the archived key. """ self.debug('%s.archive_security_data()', self.fullname) - + # check clientID and security data if ((client_id == None) or (security_data == None)): raise CertificateOperationError(error=_('Bad arguments to archive_security_data')) - + request = self.create_archival_request(client_id, security_data, data_type) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/agent/keyrequests/archive', self.kra_agent_port, self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) - + etree.tostring(request.getroot(), encoding='UTF-8')) + # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ @@ -628,25 +628,25 @@ class kra: parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml) return parse_result - + def get_transport_cert(self, etag=None): """ :param etag: etag info for last cert retrieval from DRM - + Gets the transport certificate from the DRM - - The command returns a dict as defined in parse_certificate_data_xml() + + The command returns a dict as defined in parse_certificate_data_xml() """ self.debug('%s.get_transport_cert()', self.fullname) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/config/cert/transport', self.kra_agent_port, self.GET, - None) - - self.debug("headers: %s" , http_headers) + None) + + self.debug("headers: %s" , http_headers) # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ @@ -654,78 +654,78 @@ class kra: parse_result = self.get_parse_result_xml(http_body, parse_certificate_data_xml) return parse_result - - def list_security_data(self, client_id, key_state = None, next_id = None): + + def list_security_data(self, client_id, key_state=None, next_id=None): """ :param client_id: identifier to be searched for :param key_state: state for key (active, inactive, all) :param next_id: id for starting key on next page (if more than one page) - + List security data matching the specified client id and state - - The command returns a dict as specified in parse_key_data_infos_xml(). + + The command returns a dict as specified in parse_key_data_infos_xml(). """ self.debug('%s.list_security_data()', self.fullname) if client_id == None: - raise CertificateOperationError(error=_('Bad argument to list_security_data')) + raise CertificateOperationError(error=_('Bad argument to list_security_data')) get_args = "clientID=" + quote_plus(client_id) - + if key_state != None: get_args = get_args + "&status=" + quote_plus(key_state) - + if next_id != None: # currnently not implemented on server get_args = get_args + "&start=" + quote_plus(next_id) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/agent/keys', self.kra_agent_port, self.GET, get_args) - + # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in listing keys (%s)') % \ http_reason_phrase) parse_result = self.get_parse_result_xml(http_body, parse_key_data_infos_xml) - return parse_result - - def list_key_requests(self, request_state = None, request_type = None, client_id = None, - next_id = None): + return parse_result + + def list_key_requests(self, request_state=None, request_type=None, client_id=None, + next_id=None): """ :param request_state: state of request (pending, complete, cancelled, rejected, approved) :param request_type: request type (enrollment, recovery) :param next_id: id for starting key on next page (if more than one page) - + List security data matching the specified client id and state - - The command returns a dict as specified in parse_key_request_infos_xml(). + + The command returns a dict as specified in parse_key_request_infos_xml(). """ self.debug('%s.list_key_requests()', self.fullname) get_args = "" - + if request_state != None: get_args = get_args + "&requestState=" + quote_plus(request_state) - + if request_type != None: get_args = get_args + "&requestType=" + quote_plus(request_type) - + if client_id != None: get_args = get_args + "&clientID=" + quote_plus(client_id) - + if next_id != None: # currnently not implemented on server get_args = get_args + "&start=" + quote_plus(next_id) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/agent/keyrequests', self.kra_agent_port, self.GET, get_args) - + # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in listing key requests (%s)') % \ @@ -733,32 +733,32 @@ class kra: parse_result = self.get_parse_result_xml(http_body, parse_key_request_infos_xml) return parse_result - + def submit_recovery_request(self, key_id): """ :param key_id: identifier of data to be recovered - + Create a recovery request for a passphrase or symmetric key - - The command returns a dict as described in the comments to + + The command returns a dict as described in the comments to parse_key_request_info_xml(). This data includes the request_id - of the created recovery request + of the created recovery request """ self.debug('%s.submit_recovery_request()', self.fullname) - + # check clientID and security data if key_id == None: raise CertificateOperationError(error=_('Bad argument to archive_security_data')) - + request = self.create_recovery_request(key_id, None, None, None) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/agent/keyrequests/recover', self.kra_agent_port, self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) - + etree.tostring(request.getroot(), encoding='UTF-8')) + # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ @@ -766,13 +766,13 @@ class kra: parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml) return parse_result - + def check_request_status(self, request_id): """ :param recovery_request_id: identifier of key recovery request - + Check recovery request status - + The command returns a dict with these possible key/value pairs. Some key/value pairs may be absent @@ -789,89 +789,89 @@ class kra: +-----------------+---------------+---------------------------------------+ """ self.debug('%s.check_request_status()', self.fullname) - + def approve_recovery_request(self, request_id): """ :param request_id: identifier of key recovery request - - Approve recovery request + + Approve recovery request """ self.debug('%s.approve_recovery_request()', self.fullname) if request_id == None: raise CertificateOperationError(error=_('Bad argument to approve_recovery_request')) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/rest/agent/keyrequests/'+request_id+'/approve', + self._request('/kra/rest/agent/keyrequests/' + request_id + '/approve', self.kra_agent_port, self.POST, - None) - + None) + # Parse and handle errors if (http_status > 399): raise CertificateOperationError(error=_('Error in approving request (%s)') % \ http_reason_phrase) - + def reject_recovery_request(self, request_id): """ :param recovery_request_id: identifier of key recovery request - + Reject recovery request """ self.debug('%s.reject_recovery_request()', self.fullname) if request_id == None: raise CertificateOperationError(error=_('Bad argument to reject_recovery_request')) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/rest/agent/keyrequests/'+request_id+'/reject', + self._request('/kra/rest/agent/keyrequests/' + request_id + '/reject', self.kra_agent_port, self.POST, - None) - + None) + # Parse and handle errors if (http_status > 399): raise CertificateOperationError(error=_('Error in rejecting request (%s)') % \ http_reason_phrase) - + def cancel_recovery_request(self, request_id): """ :param recovery_request_id: identifier of key recovery request - + Cancel recovery request """ self.debug('%s.cancel_recovery_request()', self.fullname) if request_id == None: raise CertificateOperationError(error=_('Bad argument to cancel_recovery_request')) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ - self._request('/kra/rest/agent/keyrequests/'+request_id+'/cancel', + self._request('/kra/rest/agent/keyrequests/' + request_id + '/cancel', self.kra_agent_port, self.POST, - None) - + None) + # Parse and handle errors if (http_status > 399): raise CertificateOperationError(error=_('Error in cancelling request (%s)') % \ http_reason_phrase) - + def retrieve_security_data(self, recovery_request_id, passphrase=None): """ :param recovery_request_id: identifier of key recovery request :param passphrase: passphrase to be used to wrap the data - - Recover the passphrase or symmetric key. We require an approved - recovery request. - - If a passphrase is provided, the DRM will return a blob that can be decrypted + + Recover the passphrase or symmetric key. We require an approved + recovery request. + + If a passphrase is provided, the DRM will return a blob that can be decrypted with the passphrase. If not, then a symmetric key will be created to wrap the data for transport to this server. Upon receipt, the data will be unwrapped and returned unencrypted. - - The command returns a dict with the values described in parse_key_data_xml(), - as well as the following field - + + The command returns a dict with the values described in parse_key_data_xml(), + as well as the following field + +-----------------+---------------+-------------------------------------- + |result name |result type |comments | +=================+===============+=======================================+ @@ -880,14 +880,14 @@ class kra: +-----------------+---------------+---------------------------------------+ """ self.debug('%s.retrieve_security_data()', self.fullname) - + if recovery_request_id == None: raise CertificateOperationError(error=_('Bad arguments to retrieve_security_data')) - + # generate symmetric key slot = nss.get_best_slot(self.mechanism) session_key = slot.key_gen(self.mechanism, None, slot.get_best_key_length(self.mechanism)) - + # wrap this key with the transport cert public_key = self.transport_cert.subject_public_key_info.public_key wrapped_session_key = base64.b64encode(nss.pub_wrap_sym_key(self.mechanism, public_key, session_key)) @@ -895,44 +895,44 @@ class kra: if passphrase != None: # wrap passphrase with session key wrapped_session_key = base64.b64encode(self.symmetric_wrap(passphrase, session_key)) - + request = self.create_recovery_request(None, recovery_request_id, wrapped_session_key, wrapped_passphrase) - - #Call CMS + + # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/agent/keys/retrieve', self.kra_agent_port, self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) - + etree.tostring(request.getroot(), encoding='UTF-8')) + # Parse and handle errors if (http_status != 200): raise CertificateOperationError(error=_('Error in retrieving security data (%s)') % \ http_reason_phrase) parse_result = self.get_parse_result_xml(http_body, parse_key_data_xml) - + if passphrase == None: iv = nss.data_to_hex(base64.decodestring(parse_result['nonce_data'])) parse_result['data'] = self.symmetric_unwrap(base64.decodestring(parse_result['wrapped_data']), session_key, iv) - + return parse_result - + def recover_security_data(self, key_id, passphrase=None): """ :param key_id: identifier of key to be recovered :param passphrase: passphrase to wrap key data for delivery outside of this server - + Recover the key data (symmetric key or passphrase) in a one step process. This is the case when only one approver is required to extract a key such that the agent submitting the recovery request is the only approver required. - + In this case, the request is automatically approved, and the KRA just returns the key data. - + This has not yet been implemented on the server """ self.debug('%s.recover_security_data()', self.fullname) @@ -943,7 +943,7 @@ import argparse parser = argparse.ArgumentParser(description="Sample Test execution") parser.add_argument('-d', default='/tmp/drmtest', dest='work_dir', help='Working directory') -parser.add_argument('--options', default='options.out', dest='options_file', +parser.add_argument('--options', default='options.out', dest='options_file', help='File containing test PKIArchiveOptions to be archived') parser.add_argument('--symkey', default='symkey.out', dest='symkey_file', help='File containing test symkey') @@ -970,18 +970,18 @@ print requests transport_cert = test_kra.get_transport_cert() print transport_cert -#archive symmetric key +# archive symmetric key f = open(work_dir + "/" + options_file) -wrapped_key = f.read() +wrapped_key = f.read() client_id = "Python symmetric key " + datetime.now().strftime("%Y-%m-%d %H:%M") -response = test_kra.archive_security_data(client_id, wrapped_key,"symmetricKey") +response = test_kra.archive_security_data(client_id, wrapped_key, "symmetricKey") print response # list keys with client_id response = test_kra.list_security_data(client_id, "active") print response -#create recovery request +# create recovery request key_id = response.keys()[0] print key_id response = test_kra.submit_recovery_request(key_id) @@ -1007,7 +1007,7 @@ response = test_kra.retrieve_security_data(request_id) print response print "retrieved data is " + base64.encodestring(response['data']) -#read original symkey from file +# read original symkey from file f = open(work_dir + "/" + symkey_file) orig_key = f.read() print "orig key is " + orig_key @@ -1015,4 +1015,4 @@ print "orig key is " + orig_key if orig_key.strip() == base64.encodestring(response['data']).strip(): print "Success: the keys match" else: - print "Failure: keys do not match" + print "Failure: keys do not match" diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 759b01836..c60c5a325 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -25,8 +25,8 @@ import os import pki INSTANCE_BASE_DIR = '/var/lib/pki' -REGISTRY_DIR = '/etc/sysconfig/pki' -SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks'] +REGISTRY_DIR = '/etc/sysconfig/pki' +SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks'] class PKISubsystem(object): @@ -84,7 +84,7 @@ class PKIInstance(object): class PKIServerException(pki.PKIException): - def __init__(self, message, exception=None,\ + def __init__(self, message, exception=None, \ instance=None, subsystem=None): pki.PKIException.__init__(self, message, exception) diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 940dbe44a..5de961df3 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -28,10 +28,10 @@ import pki.server from pki.upgrade import verbose -UPGRADE_DIR = pki.SHARE_DIR + '/server/upgrade' -BACKUP_DIR = pki.LOG_DIR + '/server/upgrade' +UPGRADE_DIR = pki.SHARE_DIR + '/server/upgrade' +BACKUP_DIR = pki.LOG_DIR + '/server/upgrade' -INSTANCE_TRACKER = '%s/tomcat.conf' +INSTANCE_TRACKER = '%s/tomcat.conf' SUBSYSTEM_TRACKER = '%s/CS.cfg' @@ -168,8 +168,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): list = [] - if not self.instanceType or self.instanceType >=10: - if os.path.exists(os.path.join(pki.server.REGISTRY_DIR,'tomcat')): + if not self.instanceType or self.instanceType >= 10: + if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, 'tomcat')): for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR): if not self.instanceName or \ self.instanceName == instanceName: diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py index 10fcdc676..d9be80507 100644 --- a/base/server/src/engine/pkiconfig.py +++ b/base/server/src/engine/pkiconfig.py @@ -37,10 +37,10 @@ PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin" PKI_DEPLOYMENT_DEFAULT_UID = 17 PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" -PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] -PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] +PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "RA", "TKS", "TPS"] +PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_APACHE_SUBSYSTEMS = ["RA"] -PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"] +PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", "work"] @@ -78,9 +78,9 @@ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat" DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg" USER_DEPLOYMENT_CONFIGURATION = "deployment.cfg" -PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\ +PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = \ PKI_DEPLOYMENT_CONFIGURATION_ROOT + "/" + DEFAULT_DEPLOYMENT_CONFIGURATION -PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\ +PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE = \ PKI_DEPLOYMENT_SOURCE_ROOT + "/deployment/config/pkislots.cfg" # subtypes of PKI subsystems @@ -169,8 +169,8 @@ pki_console_log_level = None # PKI Selinux Constants and parameters PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t" -PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" -PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" -PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" -PKI_PORT_SELINUX_CONTEXT = "http_port_t" +PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t" +PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t" +PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t" +PKI_PORT_SELINUX_CONTEXT = "http_port_t" pki_selinux_config_ports = [] diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py index d90f76c16..009c76e3d 100644 --- a/base/server/src/engine/pkihelper.py +++ b/base/server/src/engine/pkihelper.py @@ -57,7 +57,7 @@ import pki.client import pki.system # PKI Deployment Helper Functions -def pki_copytree(src, dst, symlinks = False, ignore = None): +def pki_copytree(src, dst, symlinks=False, ignore=None): """Recursively copy a directory tree using copy2(). PATCH: This code was copied from 'shutil.py' and patched to @@ -140,18 +140,18 @@ class Identity: pki_gid = getgrnam(pki_group)[2] # Yes, group 'pki_group' exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_2, pki_group, pki_gid, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) except KeyError as exc: # No, group 'pki_group' does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known GID already defined? group = getgrgid(config.PKI_DEPLOYMENT_DEFAULT_GID)[0] # Yes, the default well-known GID exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_DEFAULT_2, group, config.PKI_DEPLOYMENT_DEFAULT_GID, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_group' using a random GID. command = "/usr/sbin/groupadd" + " " + \ pki_group + " " + \ @@ -159,7 +159,7 @@ class Identity: except KeyError as exc: # No, the default well-known GID does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_GID_KEYERROR_1, - exc, extra = config.PKI_INDENTATION_LEVEL_2) + exc, extra=config.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_group' the default well-known group? if pki_group == config.PKI_DEPLOYMENT_DEFAULT_GROUP: # Yes, attempt to create the default well-known group @@ -176,10 +176,10 @@ class Identity: pki_group + " " + \ "> /dev/null 2>&1" # Execute this "groupadd" command. - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return @@ -190,19 +190,19 @@ class Identity: pki_uid = getpwnam(pki_user)[2] # Yes, user 'pki_user' exists! config.pki_log.info(log.PKIHELPER_USER_ADD_2, pki_user, pki_uid, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # NOTE: For now, never check validity of specified 'pki_group'! except KeyError as exc: # No, user 'pki_user' does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known UID already defined? user = getpwuid(config.PKI_DEPLOYMENT_DEFAULT_UID)[0] # Yes, the default well-known UID exists! config.pki_log.info(log.PKIHELPER_USER_ADD_DEFAULT_2, user, config.PKI_DEPLOYMENT_DEFAULT_UID, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_user' using a random UID. command = "/usr/sbin/useradd" + " " + \ "-g" + " " + \ @@ -218,7 +218,7 @@ class Identity: except KeyError as exc: # No, the default well-known UID does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_UID_KEYERROR_1, - exc, extra = config.PKI_INDENTATION_LEVEL_2) + exc, extra=config.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_user' the default well-known user? if pki_user == config.PKI_DEPLOYMENT_DEFAULT_USER: # Yes, attempt to create the default well-known user @@ -251,10 +251,10 @@ class Identity: pki_user + " " + \ "> /dev/null 2>&1" # Execute this "useradd" command. - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return @@ -263,54 +263,54 @@ class Identity: self.__add_uid(pki_user, pki_group) return - def get_uid(self, critical_failure = True): + def get_uid(self, critical_failure=True): try: pki_uid = self.master_dict['pki_uid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_uid - def get_gid(self, critical_failure = True): + def get_gid(self, critical_failure=True): try: pki_gid = self.master_dict['pki_gid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_gid - def set_uid(self, name, critical_failure = True): + def set_uid(self, name, critical_failure=True): try: config.pki_log.debug(log.PKIHELPER_USER_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # id -u <name> pki_uid = getpwnam(name)[2] self.master_dict['pki_uid'] = pki_uid config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_uid - def set_gid(self, name, critical_failure = True): + def set_gid(self, name, critical_failure=True): try: config.pki_log.debug(log.PKIHELPER_GROUP_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # id -g <name> pki_gid = getgrnam(name)[2] self.master_dict['pki_gid'] = pki_gid config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_gid @@ -332,7 +332,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_path'])) else: @@ -342,7 +342,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_target_tomcat_conf_instance_id'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_target_tomcat_conf_instance_id'])) if os.path.exists(self.master_dict['pki_cgroup_systemd_service']): @@ -351,7 +351,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_cgroup_systemd_service_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_cgroup_systemd_service_path'])) if os.path.exists(self.master_dict['pki_cgroup_cpu_systemd_service']): @@ -360,7 +360,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_cgroup_cpu_systemd_service_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_cgroup_cpu_systemd_service_path'])) if os.path.exists(self.master_dict['pki_instance_log_path']) and\ @@ -370,7 +370,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_log_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_log_path'])) if os.path.exists(self.master_dict['pki_instance_configuration_path']) and\ @@ -380,7 +380,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_configuration_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_configuration_path'])) if os.path.exists(self.master_dict['pki_instance_registry_path']) and\ @@ -390,7 +390,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions @@ -400,7 +400,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path @@ -410,7 +410,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_configuration_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_configuration_path'])) if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -421,7 +421,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'])) elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: @@ -432,7 +432,7 @@ class Namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'], self.master_dict['pki_instance_registry_path'])) @@ -448,10 +448,10 @@ class ConfigurationFile: # parameter that may be stored in a log file. config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, self.master_dict['pki_configuration_url'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, self.master_dict['pki_registry_initscript_command'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) def display_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive @@ -472,7 +472,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Admin Password (except for Clones) @@ -483,7 +483,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_admin_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_admin_password", self.master_dict['pki_user_deployment_cfg'])) # If required, verify existence of Backup Password @@ -494,7 +494,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_backup_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_backup_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Client Pin for NSS client security databases @@ -504,7 +504,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2, "pki_client_database_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 % ("pki_client_database_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Client PKCS #12 Password for Admin Cert @@ -514,7 +514,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_client_pkcs12_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_client_pkcs12_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of PKCS #12 Password (ONLY for Clones) @@ -525,7 +525,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", self.master_dict['pki_user_deployment_cfg'])) # Verify existence of Security Domain Password File @@ -539,7 +539,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password", self.master_dict['pki_user_deployment_cfg'])) # If required, verify existence of Token Password @@ -550,7 +550,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_token_password", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_token_password", self.master_dict['pki_user_deployment_cfg'])) return @@ -565,28 +565,28 @@ class ConfigurationFile: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) elif config.str2bool(self.master_dict['pki_clone']) and\ config.str2bool(self.master_dict['pki_external']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.master_dict['pki_user_deployment_cfg']) elif config.str2bool(self.master_dict['pki_clone']) and\ config.str2bool(self.master_dict['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.master_dict['pki_user_deployment_cfg']) elif config.str2bool(self.master_dict['pki_external']) and\ config.str2bool(self.master_dict['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg']) def verify_predefined_configuration_file_data(self): @@ -609,7 +609,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_base_dn", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_base_dn", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_ds_ldap_port') or\ @@ -621,7 +621,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldap_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldap_port", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_ds_ldaps_port') or\ @@ -633,7 +633,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldaps_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldaps_port", self.master_dict['pki_user_deployment_cfg'])) # NOTE: Although this will be checked prior to getting to @@ -650,7 +650,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ajp_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ajp_port", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_http_port') or\ @@ -662,7 +662,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_http_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_http_port", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_https_port') or\ @@ -674,7 +674,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_https_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_https_port", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_tomcat_server_port') or\ @@ -686,7 +686,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_tomcat_server_port", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_tomcat_server_port", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_clone_pkcs12_path') or\ @@ -695,14 +695,14 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_path", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_path", self.master_dict['pki_user_deployment_cfg'])) elif not os.path.isfile(self.master_dict['pki_clone_pkcs12_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, self.master_dict['pki_clone_pkcs12_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % "pki_clone_pkcs12_path") if not self.master_dict.has_key('pki_clone_replication_security') or\ not len(self.master_dict['pki_clone_replication_security']): @@ -710,7 +710,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_replication_security", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_replication_security", self.master_dict['pki_user_deployment_cfg'])) if not self.master_dict.has_key('pki_clone_uri') or\ @@ -719,7 +719,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_uri", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_uri", self.master_dict['pki_user_deployment_cfg'])) elif self.master_dict['pki_subsystem'] == "CA" and\ @@ -730,7 +730,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_step_two", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_step_two", self.master_dict['pki_user_deployment_cfg'])) if not config.str2bool(self.master_dict['pki_external_step_two']): @@ -741,7 +741,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_csr_path", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_csr_path", self.master_dict['pki_user_deployment_cfg'])) elif os.path.exists(self.master_dict['pki_external_csr_path']) and\ @@ -749,7 +749,7 @@ class ConfigurationFile: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, self.master_dict['pki_external_csr_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_csr_path") else: # External CA (Step 2) @@ -759,7 +759,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_chain_path", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_chain_path", self.master_dict['pki_user_deployment_cfg'])) elif os.path.exists( @@ -769,7 +769,7 @@ class ConfigurationFile: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, self.master_dict['pki_external_ca_cert_chain_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_chain_path") if not self.master_dict.has_key('pki_external_ca_cert_path') or\ not len(self.master_dict['pki_external_ca_cert_path']): @@ -777,7 +777,7 @@ class ConfigurationFile: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_path", self.master_dict['pki_user_deployment_cfg'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_path", self.master_dict['pki_user_deployment_cfg'])) elif os.path.exists(self.master_dict['pki_external_ca_cert_path']) and\ @@ -786,7 +786,7 @@ class ConfigurationFile: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, self.master_dict['pki_external_ca_cert_path'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_path") return @@ -814,7 +814,7 @@ class ConfigurationFile: if not bool(selinux.is_selinux_enabled()): config.pki_log.error( log.PKIHELPER_SELINUX_DISABLED, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) return portrecs = seobject.portRecords().get_all() @@ -841,7 +841,7 @@ class ConfigurationFile: config.pki_log.error( log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, port, context, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context)) return @@ -855,7 +855,7 @@ class ConfigurationFile: log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, self.master_dict['pki_deployed_instance_name'], self.master_dict['pki_instance_name'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.master_dict['pki_deployed_instance_name'], self.master_dict['pki_instance_name'])) return @@ -909,10 +909,10 @@ class Instance: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, self.master_dict['pki_instance_path'], - rv, extra = config.PKI_INDENTATION_LEVEL_2) + rv, extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -936,10 +936,10 @@ class Instance: config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, self.master_dict['pki_instance_type_registry_path'], rv, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -964,10 +964,10 @@ class Instance: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, self.master_dict['pki_instance_path'], rv, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -981,7 +981,7 @@ class Instance: rv.append(subsystem) except OSErr as e: config.pki_log.error(log.PKI_OSERROR_1, str(e), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -1005,10 +1005,10 @@ class Instance: config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, self.master_dict['pki_instance_type_registry_path'], rv, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -1018,12 +1018,12 @@ class Instance: config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, self.master_dict['pki_subsystem'], self.master_dict['pki_instance_name'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], self.master_dict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise def verify_subsystem_does_not_exist(self): @@ -1032,34 +1032,34 @@ class Instance: config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, self.master_dict['pki_subsystem'], self.master_dict['pki_instance_name'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'], self.master_dict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise def get_instance_status(self): self.connection = pki.client.PKIConnection( - protocol = 'https', - hostname = self.master_dict['pki_hostname'], - port = self.master_dict['pki_https_port'], - subsystem = self.master_dict['pki_subsystem_type'], - accept = 'application/xml') + protocol='https', + hostname=self.master_dict['pki_hostname'], + port=self.master_dict['pki_https_port'], + subsystem=self.master_dict['pki_subsystem_type'], + accept='application/xml') try: client = pki.system.SystemStatusClient(self.connection) response = client.getStatus() config.pki_log.debug(response, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) root = ET.fromstring(response) status = root.findtext("Status") return status except requests.exceptions.ConnectionError: config.pki_log.debug("No connection", - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) return None def wait_for_startup(self, timeout): @@ -1080,18 +1080,18 @@ class Directory: self.master_dict = deployer.master_dict self.identity = deployer.identity - def create(self, name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - acls = None, critical_failure = True): + def create(self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name): # mkdir -p <name> config.pki_log.info(log.PKIHELPER_MKDIR_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) os.makedirs(name) # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1100,7 +1100,7 @@ class Directory: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1116,7 +1116,7 @@ class Directory: elif not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) except OSError as exc: @@ -1124,30 +1124,30 @@ class Directory: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - acls = None, silent = False, critical_failure = True): + def modify(self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + acls=None, silent=False, critical_failure=True): try: if os.path.exists(name): if not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, - name, extra = config.PKI_INDENTATION_LEVEL_2) + name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) # Always re-process each directory whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # chmod <perms> <name> if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1157,7 +1157,7 @@ class Directory: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1174,37 +1174,37 @@ class Directory: else: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_NISSING_OR_NOT_A_DIRECTORY_1 % name) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, name, recursive_flag = True, critical_failure = True): + def delete(self, name, recursive_flag=True, critical_failure=True): try: if not os.path.exists(name) or not os.path.isdir(name): # Simply issue a warning and continue config.pki_log.warning( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: if recursive_flag == True: # rm -rf <name> config.pki_log.info(log.PKIHELPER_RM_RF_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) shutil.rmtree(name) else: # rmdir <name> config.pki_log.info(log.PKIHELPER_RMDIR_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) os.rmdir(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1217,41 +1217,41 @@ class Directory: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise def is_empty(self, name): try: if not os.listdir(name): config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_EMPTY_1, - name, extra = config.PKI_INDENTATION_LEVEL_2) + name, extra=config.PKI_INDENTATION_LEVEL_2) return True else: config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_NOT_EMPTY_1, - name, extra = config.PKI_INDENTATION_LEVEL_2) + name, extra=config.PKI_INDENTATION_LEVEL_2) return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise - def set_mode(self, name, uid = None, gid = None, - dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms = \ + def set_mode(self, name, uid=None, gid=None, + dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms=\ config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls = None, file_acls = None, symlink_acls = None, - recursive_flag = True, critical_failure = True): + dir_acls=None, file_acls=None, symlink_acls=None, + recursive_flag=True, critical_failure=True): try: if not os.path.exists(name) or not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) else: config.pki_log.info( log.PKIHELPER_SET_MODE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if uid == None: uid = self.identity.get_uid() if gid == None: @@ -1264,16 +1264,16 @@ class Directory: file = entity config.pki_log.debug( log.PKIHELPER_IS_A_FILE_1, file, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) # chmod <file_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, file_perms, file, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(file, file_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, file, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(file, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1290,7 +1290,7 @@ class Directory: symlink = entity config.pki_log.debug( log.PKIHELPER_IS_A_SYMLINK_1, symlink, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) # REMINDER: Due to POSIX compliance, 'lchmod' # is NEVER implemented on Linux # systems since 'chmod' CANNOT be @@ -1299,7 +1299,7 @@ class Directory: # chown -h <uid>:<gid> <symlink> config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, symlink, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.lchown(symlink, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1316,16 +1316,16 @@ class Directory: dir = os.path.join(root, name) config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, dir, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) # chmod <dir_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, dir, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(dir, dir_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, dir, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(dir, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1341,17 +1341,17 @@ class Directory: else: config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) name = os.path.join(root, name) # chmod <dir_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, dir_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1366,34 +1366,34 @@ class Directory: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise - def copy(self, old_name, new_name, uid = None, gid = None, - dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms = config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls = None, file_acls = None, symlink_acls = None, - recursive_flag = True, overwrite_flag = False, critical_failure = True): + def copy(self, old_name, new_name, uid=None, gid=None, + dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + dir_acls=None, file_acls=None, symlink_acls=None, + recursive_flag=True, overwrite_flag=False, critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isdir(old_name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) if recursive_flag == True: # cp -rp <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_RP_2, old_name, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Due to a limitation in the 'shutil.copytree()' # implementation which requires that # 'The destination directory must not already exist.', @@ -1406,7 +1406,7 @@ class Directory: # cp -p <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) # set ownerships, permissions, and acls # of newly created top-level directory @@ -1420,12 +1420,12 @@ class Directory: recursive_flag, critical_failure) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1438,18 +1438,18 @@ class File: self.slots = deployer.slots self.identity = deployer.identity - def create(self, name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls = None, critical_failure = True): + def create(self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name): # touch <name> config.pki_log.info(log.PKIHELPER_TOUCH_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1458,7 +1458,7 @@ class File: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1474,7 +1474,7 @@ class File: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: @@ -1482,30 +1482,30 @@ class File: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls = None, silent = False, critical_failure = True): + def modify(self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, silent=False, critical_failure=True): try: if os.path.exists(name): if not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - name, extra = config.PKI_INDENTATION_LEVEL_2) + name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) # Always re-process each file whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # chmod <perms> <name> if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1515,7 +1515,7 @@ class File: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1532,31 +1532,31 @@ class File: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, name, critical_failure = True): + def delete(self, name, critical_failure=True): try: if not os.path.exists(name) or not os.path.isfile(name): # Simply issue a warning and continue config.pki_log.warning( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: # rm -f <name> config.pki_log.info(log.PKIHELPER_RM_F_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) os.remove(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1569,29 +1569,29 @@ class File: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise - def copy(self, old_name, new_name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls = None, - overwrite_flag = False, critical_failure = True): + def copy(self, old_name, new_name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, + overwrite_flag=False, critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # cp -p <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) if uid == None: uid = self.identity.get_uid() @@ -1600,12 +1600,12 @@ class File: # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown <uid>:<gid> <new_name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1620,37 +1620,37 @@ class File: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def apply_slot_substitution( - self, name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls = None, critical_failure = True): + self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name) or not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) # applying in-place slot substitutions on <name> config.pki_log.info(log.PKIHELPER_APPLY_SLOT_SUBSTITUTION_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) - for line in fileinput.FileInput(name, inplace = 1): + extra=config.PKI_INDENTATION_LEVEL_2) + for line in fileinput.FileInput(name, inplace=1): for slot in self.slots: if slot != '__name__' and self.slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, self.slots[slot], self.master_dict[slot], - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) line = line.replace(self.slots[slot], self.master_dict[slot]) sys.stdout.write(line) if uid == None: @@ -1660,12 +1660,12 @@ class File: # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1680,38 +1680,38 @@ class File: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def copy_with_slot_substitution( - self, old_name, new_name, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls = None, overwrite_flag = False, - critical_failure = True): + self, old_name, new_name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, overwrite_flag=False, + critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # copy <old_name> to <new_name> with slot substitutions config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2, old_name, new_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) with open(new_name, "w") as FILE: for line in fileinput.FileInput(old_name): for slot in self.slots: @@ -1719,7 +1719,7 @@ class File: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, self.slots[slot], self.master_dict[slot], - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) line = line.replace(self.slots[slot], self.master_dict[slot]) FILE.write(line) if uid == None: @@ -1729,12 +1729,12 @@ class File: # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown <uid>:<gid> <new_name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1749,33 +1749,33 @@ class File: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def generate_noise_file(self, name, bytes, uid = None, gid = None, - perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls = None, critical_failure = True): + def generate_noise_file(self, name, bytes, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name): # generating noise file called <name> and # filling it with <bytes> random bytes config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, bytes, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() with open(name, "w") as FILE: - noise = ''.join(random.choice(string.ascii_letters +\ + noise = ''.join(random.choice(string.ascii_letters + \ string.digits) for x in range(bytes)) FILE.write(noise) # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1784,7 +1784,7 @@ class File: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1800,7 +1800,7 @@ class File: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: @@ -1808,7 +1808,7 @@ class File: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1820,19 +1820,19 @@ class Symlink: self.master_dict = deployer.master_dict self.identity = deployer.identity - def create(self, name, link, uid = None, gid = None, - acls = None, allow_dangling_symlink = False, critical_failure = True): + def create(self, name, link, uid=None, gid=None, + acls=None, allow_dangling_symlink=False, critical_failure=True): try: if not os.path.exists(link): if not os.path.exists(name): config.pki_log.warning( log.PKIHELPER_DANGLING_SYMLINK_2, link, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if not allow_dangling_symlink: raise Exception("Dangling symlink " + link + " not allowed") # ln -s <name> <link> config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) os.symlink(name, link) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' @@ -1844,7 +1844,7 @@ class Symlink: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1861,7 +1861,7 @@ class Symlink: elif not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) except OSError as exc: @@ -1869,25 +1869,25 @@ class Symlink: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, link, uid = None, gid = None, - acls = None, silent = False, critical_failure = True): + def modify(self, link, uid=None, gid=None, + acls=None, silent=False, critical_failure=True): try: if os.path.exists(link): if not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, - link, extra = config.PKI_INDENTATION_LEVEL_2) + link, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) # Always re-process each link whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! @@ -1899,7 +1899,7 @@ class Symlink: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra = config.PKI_INDENTATION_LEVEL_3) + extra=config.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest if not silent: @@ -1917,31 +1917,31 @@ class Symlink: else: config.pki_log.error( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, link, critical_failure = True): + def delete(self, link, critical_failure=True): try: if not os.path.exists(link) or not os.path.islink(link): # Simply issue a warning and continue config.pki_log.warning( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: # rm -f <link> config.pki_log.info(log.PKIHELPER_RM_F_1, link, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) os.remove(link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1954,7 +1954,7 @@ class Symlink: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise class War: @@ -1963,24 +1963,24 @@ class War: def __init__(self, deployer): self.master_dict = deployer.master_dict - def explode(self, name, path, critical_failure = True): + def explode(self, name, path, critical_failure=True): try: if os.path.exists(name) and os.path.isfile(name): if not zipfile.is_zipfile(name): config.pki_log.error( log.PKI_FILE_NOT_A_WAR_FILE_1, - name, extra = config.PKI_INDENTATION_LEVEL_2) + name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name) if not os.path.exists(path) or not os.path.isdir(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, - path, extra = config.PKI_INDENTATION_LEVEL_2) + path, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path) # jar -xf <name> -C <path> config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Open war file war = zipfile.ZipFile(name, 'r') # Extract contents of war file to path @@ -1988,22 +1988,22 @@ class War: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except zipfile.BadZipfile as exc: config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except zipfile.LargeZipFile as exc: config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2014,14 +2014,14 @@ class Password: def __init__(self, deployer): self.master_dict = deployer.master_dict - def create_password_conf(self, path, pin, pin_sans_token = False, - overwrite_flag = False, critical_failure = True): + def create_password_conf(self, path, pin, pin_sans_token=False, + overwrite_flag=False, critical_failure=True): try: if os.path.exists(path): if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: @@ -2036,7 +2036,7 @@ class Password: fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # create a new 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: @@ -2051,38 +2051,38 @@ class Password: fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def create_client_pkcs12_password_conf(self, path, overwrite_flag = False, - critical_failure = True): + def create_client_pkcs12_password_conf(self, path, overwrite_flag=False, + critical_failure=True): try: if os.path.exists(path): if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(self.master_dict['pki_client_pkcs12_password']) fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # create a new 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(self.master_dict['pki_client_pkcs12_password']) fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def get_password(self, path, token_name, critical_failure = True): + def get_password(self, path, token_name, critical_failure=True): if os.path.exists(path) and os.path.isfile(path) and\ os.access(path, os.R_OK): tokens = PKIConfigParser.read_simple_configuration_file(path) @@ -2097,7 +2097,7 @@ class Password: # TODO prompt for this password config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1, token_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) else: @@ -2112,8 +2112,8 @@ class Certutil: def create_security_databases(self, path, pki_cert_database, pki_key_database, pki_secmod_database, - password_file = None, prefix = None, - critical_failure = True): + password_file=None, prefix=None, + critical_failure=True): try: # Compose this "certutil" command command = "certutil" + " " + "-N" @@ -2123,7 +2123,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) if password_file != None: command = command + " " + "-f" + " " + password_file @@ -2132,7 +2132,7 @@ class Certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if os.path.exists(pki_cert_database) or\ os.path.exists(pki_key_database) or\ @@ -2143,7 +2143,7 @@ class Certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: if password_file != None: if not os.path.exists(password_file) or\ @@ -2151,31 +2151,31 @@ class Certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CREATE_SECURITY_DATABASES_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "certutil" command - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def verify_certificate_exists(self, path, pki_cert_database, pki_key_database, pki_secmod_database, - token, nickname, password_file = None, - silent = True): + token, nickname, password_file=None, + silent=True, critical_failure=True): rv = 0 try: # Compose this "certutil" command @@ -2186,7 +2186,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) # Specify the 'token' if token: @@ -2194,7 +2194,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN) # Specify the nickname of this self-signed certificate if nickname: @@ -2202,7 +2202,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # OPTIONALLY specify a password file if password_file != None: @@ -2213,7 +2213,7 @@ class Certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ @@ -2224,7 +2224,7 @@ class Certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, pki_key_database, pki_secmod_database)) if password_file != None: @@ -2233,15 +2233,15 @@ class Certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command - subprocess.check_call(command, shell = True) + subprocess.check_call(command, shell=True) except subprocess.CalledProcessError as exc: return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return True @@ -2252,8 +2252,8 @@ class Certutil: subject, serial_number, validity_period, issuer_name, trustargs, noise_file, - password_file = None, - critical_failure = True): + password_file=None, + critical_failure=True): try: # Compose this "certutil" command command = "certutil" + " " + "-S" @@ -2263,7 +2263,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) # Specify the 'token' if token: @@ -2271,7 +2271,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN) # Specify the nickname of this self-signed certificate if nickname: @@ -2279,7 +2279,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # Specify the subject name (RFC1485) if subject: @@ -2287,7 +2287,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SUBJECT, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) # Specify the serial number if serial_number != None: @@ -2295,7 +2295,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER) # Specify the months valid if validity_period != None: @@ -2303,7 +2303,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD) # Specify the nickname of the issuer certificate if issuer_name: @@ -2312,7 +2312,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME) # Specify the certificate trust attributes if trustargs: @@ -2320,7 +2320,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS) # Specify a noise file to be used for key generation if noise_file: @@ -2328,7 +2328,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) # OPTIONALLY specify a password file if password_file != None: @@ -2340,11 +2340,11 @@ class Certutil: # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ @@ -2355,14 +2355,14 @@ class Certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, pki_key_database, pki_secmod_database)) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if password_file != None: if not os.path.exists(password_file) or\ @@ -2370,24 +2370,24 @@ class Certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def import_cert(self, nickname, trust, input_file, password_file, - path = None, token = None, critical_failure = True): + path=None, token=None, critical_failure=True): try: command = ["certutil", "-A"] if path: @@ -2401,7 +2401,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) if trust: @@ -2409,7 +2409,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS) if input_file: @@ -2417,7 +2417,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE) if password_file: @@ -2425,29 +2425,29 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) config.pki_log.info(command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def generate_certificate_request(self, subject, key_size, password_file, noise_file, - output_file = None, path = None, - ascii_format = None, token = None, - critical_failure = True): + output_file=None, path=None, + ascii_format=None, token=None, + critical_failure=True): try: command = ["certutil", "-R"] if path: @@ -2463,7 +2463,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SUBJECT, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) if key_size: @@ -2474,7 +2474,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) if password_file: @@ -2482,7 +2482,7 @@ class Certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) if output_file: @@ -2495,31 +2495,31 @@ class Certutil: # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_GENERATE_CSR_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command with open(os.devnull, "w") as fnull: - subprocess.call(command, stdout = fnull, stderr = fnull) + subprocess.call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2531,7 +2531,7 @@ class PK12util: self.master_dict = deployer.master_dict def create_file(self, out_file, nickname, out_pwfile, - db_pwfile, path = None): + db_pwfile, path=None, critical_failure=True): try: command = ["pk12util"] if path: @@ -2541,42 +2541,42 @@ class PK12util: else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_OUTFILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTFILE) if nickname: command.extend(["-n", nickname]) else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_PK12UTIL_MISSING_NICKNAME) if out_pwfile: command.extend(["-w", out_pwfile]) else: config.pki_log.error( - log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE, - extra = config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE) + log.PKIHELPER_PK12UTIL_MISSING_PWFILE, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_PK12UTIL_MISSING_PWFILE) if db_pwfile: command.extend(["-k", db_pwfile]) else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE) config.pki_log.info(command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) with open(os.devnull, "w") as fnull: - subprocess.call(command, stdout = fnull, stderr = fnull) + subprocess.call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2588,7 +2588,7 @@ class KRAConnector: self.master_dict = deployer.master_dict self.password = deployer.password - def deregister(self, critical_failure = False): + def deregister(self, critical_failure=False): try: # this is applicable to KRAs only if self.master_dict['pki_subsystem_type'] != "kra": @@ -2596,7 +2596,7 @@ class KRAConnector: config.pki_log.info( log.PKIHELPER_KRACONNECTOR_UPDATE_CONTACT, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( self.master_dict['pki_target_cs_cfg']) @@ -2608,10 +2608,10 @@ class KRAConnector: caport is None: config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_CA_HOST_PORT, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT) else: @@ -2622,10 +2622,10 @@ class KRAConnector: if subsystemnick is None: config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: @@ -2645,11 +2645,11 @@ class KRAConnector: if token_pwd is None or token_pwd == '': config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: @@ -2663,15 +2663,15 @@ class KRAConnector: log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2, str(krahost), str(kraport), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def execute_using_pki(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport, critical_failure = False): + token_pwd, krahost, kraport, critical_failure=False): command = "/bin/pki -p '{}' -h '{}' -n '{}' -P https -d '{}' -c '{}' "\ "kraconnector-del {} {}".format( caport, cahost, subsystemnick, @@ -2679,8 +2679,8 @@ class KRAConnector: token_pwd, krahost, kraport) output = subprocess.check_output(command, - stderr = subprocess.STDOUT, - shell = True) + stderr=subprocess.STDOUT, + shell=True) error = re.findall("ClientResponseFailure:(.*?)", output) if error: @@ -2688,9 +2688,9 @@ class KRAConnector: log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2, str(krahost), str(kraport), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) @@ -2714,8 +2714,8 @@ class KRAConnector: # Note that sslget will return non-zero value for HTTP code != 200 # and this will raise an exception output = subprocess.check_output(command, - stderr = subprocess.STDOUT, - shell = True) + stderr=subprocess.STDOUT, + shell=True) class SecurityDomain: """PKI Deployment Security Domain Class""" @@ -2724,7 +2724,7 @@ class SecurityDomain: self.master_dict = deployer.master_dict self.password = deployer.password - def deregister(self, install_token, critical_failure = False): + def deregister(self, install_token, critical_failure=False): # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( self.master_dict['pki_target_cs_cfg']) @@ -2754,10 +2754,10 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED) else: @@ -2765,7 +2765,7 @@ class SecurityDomain: config.pki_log.info(log.PKIHELPER_SECURITY_DOMAIN_CONTACT_1, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) listval = typeval.lower() + "List" urlheader = "https://{}:{}".format(sechost, seceeport) urlagentheader = "https://{}:{}".format(sechost, secagentport) @@ -2793,13 +2793,13 @@ class SecurityDomain: params, adminUpdateURL, sechost, secadminport) output = subprocess.check_output(command, - stderr = subprocess.STDOUT, - shell = True) + stderr=subprocess.STDOUT, + shell=True) except subprocess.CalledProcessError as exc: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) output = self.update_domain_using_agent_port(typeval, secname, params, updateURL, sechost, secagentport, critical_failure) @@ -2816,14 +2816,14 @@ class SecurityDomain: config.pki_log.debug(log.PKIHELPER_SSLGET_OUTPUT_1, output, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Search the output for Status status = re.findall("\<Status\>(.*?)\<\/Status\>", output) if not status: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) elif status[0] != "0": @@ -2834,13 +2834,13 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UNREGISTERED_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3, typeval, secname, error, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 % @@ -2850,10 +2850,10 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) def update_domain_using_agent_port(self, typeval, secname, params, - updateURL, sechost, secagentport, critical_failure = False): + updateURL, sechost, secagentport, critical_failure=False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( self.master_dict['pki_target_cs_cfg']) @@ -2865,10 +2865,10 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: @@ -2890,7 +2890,7 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 % @@ -2906,28 +2906,28 @@ class SecurityDomain: sechost, secagentport) try: output = subprocess.check_output(command, - stderr = subprocess.STDOUT, - shell = True) + stderr=subprocess.STDOUT, + shell=True) return output except subprocess.CalledProcessError as exc: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return None - def get_installation_token(self, secuser, secpass, critical_failure = True): + def get_installation_token(self, secuser, secpass, critical_failure=True): token = None if not secuser or not secpass: @@ -2952,8 +2952,8 @@ class SecurityDomain: machinename, cstype) try: output = subprocess.check_output(command, - stderr = subprocess.STDOUT, - shell = True) + stderr=subprocess.STDOUT, + shell=True) token_list = re.findall("Install token: \"(.*)\"", output) if not token_list: @@ -2961,9 +2961,9 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, str(sechost), str(secadminport), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 % @@ -2976,9 +2976,9 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, str(sechost), str(secadminport), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return None @@ -2989,7 +2989,7 @@ class Systemd: def __init__(self, deployer): self.master_dict = deployer.master_dict - def start(self, critical_failure = True): + def start(self, critical_failure=True): try: # Compose this "systemd" execution management command if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -3005,17 +3005,17 @@ class Systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def stop(self, critical_failure = True): + def stop(self, critical_failure=True): try: # Compose this "systemd" execution management command if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -3031,17 +3031,17 @@ class Systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def restart(self, critical_failure = True): + def restart(self, critical_failure=True): try: # Compose this "systemd" execution management command if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -3057,12 +3057,12 @@ class Systemd: # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell = True) + subprocess.call(command, shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -3077,13 +3077,13 @@ class ConfigClient: def configure_pki_data(self, data): config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) self.connection = pki.client.PKIConnection( - protocol = 'https', - hostname = self.master_dict['pki_hostname'], - port = self.master_dict['pki_https_port'], - subsystem = self.master_dict['pki_subsystem_type']) + protocol='https', + hostname=self.master_dict['pki_hostname'], + port=self.master_dict['pki_https_port'], + subsystem=self.master_dict['pki_subsystem_type']) try: client = pki.system.SystemConfigClient(self.connection) @@ -3091,7 +3091,7 @@ class ConfigClient: config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \ " " + str(response['status']), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) try: certs = response['systemCerts'] except KeyError: @@ -3110,12 +3110,12 @@ class ConfigClient: if cdata['tag'].lower() == "signing": config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ " " + cdata['request'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Save 'External CA Signing Certificate' CSR (Step 1) config.pki_log.info(log.PKI_CONFIG_EXTERNAL_CSR_SAVE + \ " '" + self.master_dict['pki_external_csr_path'] + "'", - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) self.deployer.directory.create( os.path.dirname(self.master_dict['pki_external_csr_path'])) with open(self.master_dict['pki_external_csr_path'], "w") as f: @@ -3124,13 +3124,13 @@ class ConfigClient: else: config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \ " " + cdata['tag'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \ " " + cdata['cert'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \ " " + cdata['request'], - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Cloned PKI subsystems do not return an Admin Certificate if not config.str2bool(self.master_dict['pki_clone']) and \ @@ -3145,32 +3145,32 @@ class ConfigClient: message = root.findall('.//Message')[0].text if message is not None: config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) raise return def process_admin_cert(self, admin_cert): config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \ " " + admin_cert, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file admin_cert_file = self.master_dict['pki_client_admin_cert'] admin_cert_bin_file = admin_cert_file + ".der" config.pki_log.debug(log.PKI_CONFIG_ADMIN_CERT_SAVE + \ " '" + admin_cert_file + "'", - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) with open(admin_cert_file, "w") as f: f.write(admin_cert) # convert the cert file to binary command = ["AtoB", admin_cert_file, admin_cert_bin_file] config.pki_log.info(command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) os.chmod(admin_cert_file, @@ -3209,7 +3209,7 @@ class ConfigClient: def construct_pki_configuration_data(self): config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) data = pki.system.ConfigurationRequest() @@ -3445,7 +3445,7 @@ class ConfigClient: # convert output to ascii command = ["BtoA", output_file, output_file + ".asc"] config.pki_log.info(command, - extra = config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) with open(output_file + ".asc") as f: @@ -3499,7 +3499,7 @@ class ConfigClient: class PKIDeployer: """Holds the global dictionaries and the utility objects""" - def __init__(self, pki_master_dict, pki_slots_dict = None): + def __init__(self, pki_master_dict, pki_slots_dict=None): # Global dictionary variables self.master_dict = pki_master_dict self.slots = pki_slots_dict diff --git a/base/server/src/engine/pkilogging.py b/base/server/src/engine/pkilogging.py index 319616145..b73650ee5 100644 --- a/base/server/src/engine/pkilogging.py +++ b/base/server/src/engine/pkilogging.py @@ -57,8 +57,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure console handler console = logging.StreamHandler() console.setLevel(console_log_level) - console_format = logging.Formatter('%(name)-12s: ' +\ - '%(levelname)-8s ' +\ + console_format = logging.Formatter('%(name)-12s: ' + \ + '%(levelname)-8s ' + \ '%(indent)s%(message)s') console.setFormatter(console_format) logger.addHandler(console) @@ -66,8 +66,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure file handler file = logging.FileHandler(log_dir + "/" + log_name, 'w') file.setLevel(log_level) - file_format = logging.Formatter('%(asctime)s %(name)-12s: ' +\ - '%(levelname)-8s ' +\ + file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + \ + '%(levelname)-8s ' + \ '%(indent)s%(message)s', '%Y-%m-%d %H:%M:%S') file.setFormatter(file_format) diff --git a/base/server/src/engine/pkimanifest.py b/base/server/src/engine/pkimanifest.py index addc5a7d8..aaabbf5fd 100644 --- a/base/server/src/engine/pkimanifest.py +++ b/base/server/src/engine/pkimanifest.py @@ -79,7 +79,7 @@ class file: c.writerow(tuple(record)) except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_1) + extra=config.PKI_INDENTATION_LEVEL_1) raise def read(self): @@ -90,7 +90,7 @@ class file: print tuple(row) except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, - extra = config.PKI_INDENTATION_LEVEL_1) + extra=config.PKI_INDENTATION_LEVEL_1) raise # PKI Deployment Global Named Tuples diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index a180db507..7ad8ad3fe 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -48,7 +48,7 @@ import pki.system class PKIConfigParser: COMMENT_CHAR = '#' - OPTION_CHAR = '=' + OPTION_CHAR = '=' def __init__(self, description, epilog): self.pki_config = None @@ -128,8 +128,8 @@ class PKIConfigParser: if len(config.pki_root_prefix) > 0: if not os.path.exists(config.pki_root_prefix) or\ not os.path.isdir(config.pki_root_prefix): - print "ERROR: " +\ - log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\ + print "ERROR: " + \ + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \ config.pki_root_prefix print self.arg_parser.print_help() @@ -138,8 +138,8 @@ class PKIConfigParser: # always default that configuration file exists if not os.path.exists(config.default_deployment_cfg) or\ not os.path.isfile(config.default_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + print "ERROR: " + \ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.default_deployment_cfg print self.arg_parser.print_help() @@ -149,8 +149,8 @@ class PKIConfigParser: # verify user configuration file exists if not os.path.exists(config.user_deployment_cfg) or\ not os.path.isfile(config.user_deployment_cfg): - print "ERROR: " +\ - log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\ + print "ERROR: " + \ + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.user_deployment_cfg print parser.arg_parser.print_help() @@ -403,7 +403,7 @@ class PKIConfigParser: info = sd.getSecurityDomainInfo() except requests.exceptions.HTTPError as e: config.pki_log.info( - "unable to access security domain through REST interface. " +\ + "unable to access security domain through REST interface. " + \ "Trying old interface. " + str(e), extra=config.PKI_INDENTATION_LEVEL_2) info = sd.getOldSecurityDomainInfo() @@ -422,7 +422,7 @@ class PKIConfigParser: code = e.response.status_code if code == 404 or code == 501: config.pki_log.warning( - "unable to validate security domain user/password " +\ + "unable to validate security domain user/password " + \ "through REST interface. Interface not available", extra=config.PKI_INDENTATION_LEVEL_2) else: @@ -432,25 +432,25 @@ class PKIConfigParser: "Create a single master PKI dictionary from the sectional dictionaries" try: # 'pkispawn'/'pkidestroy' name/value pairs - self.pki_master_dict['pki_deployment_executable'] =\ + self.pki_master_dict['pki_deployment_executable'] = \ config.pki_deployment_executable self.pki_master_dict['pki_install_time'] = config.pki_install_time self.pki_master_dict['pki_timestamp'] = config.pki_timestamp - self.pki_master_dict['pki_certificate_timestamp'] =\ + self.pki_master_dict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp self.pki_master_dict['pki_architecture'] = config.pki_architecture self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg - self.pki_master_dict['pki_deployed_instance_name'] =\ + self.pki_master_dict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name # Generate random 'pin's for use as security database passwords # and add these to the "sensitive" key value pairs read in from # the configuration file - pin_low = 100000000000 + pin_low = 100000000000 pin_high = 999999999999 - self.pki_master_dict['pki_pin'] =\ + self.pki_master_dict['pki_pin'] = \ random.randint(pin_low, pin_high) - self.pki_master_dict['pki_client_pin'] =\ + self.pki_master_dict['pki_client_pin'] = \ random.randint(pin_low, pin_high) self.flatten_master_dict() @@ -458,11 +458,11 @@ class PKIConfigParser: pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split() # PKI Target (slot substitution) name/value pairs - self.pki_master_dict['pki_target_cs_cfg'] =\ + self.pki_master_dict['pki_target_cs_cfg'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "CS.cfg") - self.pki_master_dict['pki_target_registry'] =\ + self.pki_master_dict['pki_target_registry'] = \ os.path.join(self.pki_master_dict['pki_instance_registry_path'], self.pki_master_dict['pki_instance_name']) if self.pki_master_dict['pki_subsystem'] == "CA" and\ @@ -474,7 +474,7 @@ class PKIConfigParser: os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( self.pki_master_dict['pki_target_cs_cfg']) - self.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, @@ -485,92 +485,92 @@ class PKIConfigParser: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from # the configuration file - self.pki_master_dict['pki_one_time_pin'] =\ + self.pki_master_dict['pki_one_time_pin'] = \ ''.join(random.choice(string.ascii_letters + string.digits)\ for x in range(20)) if self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_target_catalina_properties'] =\ + self.pki_master_dict['pki_target_catalina_properties'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "catalina.properties") - self.pki_master_dict['pki_target_servercertnick_conf'] =\ + self.pki_master_dict['pki_target_servercertnick_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "serverCertNick.conf") - self.pki_master_dict['pki_target_server_xml'] =\ + self.pki_master_dict['pki_target_server_xml'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "server.xml") - self.pki_master_dict['pki_target_context_xml'] =\ + self.pki_master_dict['pki_target_context_xml'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "context.xml") - self.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\ - self.pki_master_dict['pki_root_prefix'] +\ - "/etc/sysconfig/" +\ + self.pki_master_dict['pki_target_tomcat_conf_instance_id'] = \ + self.pki_master_dict['pki_root_prefix'] + \ + "/etc/sysconfig/" + \ self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['pki_target_tomcat_conf'] =\ + self.pki_master_dict['pki_target_tomcat_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "tomcat.conf") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_velocity_properties'] =\ + self.pki_master_dict['pki_target_velocity_properties'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "velocity.properties") - self.pki_master_dict['pki_target_subsystem_web_xml'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml") - self.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\ + self.pki_master_dict['pki_target_subsystem_web_xml_orig'] = \ os.path.join( self.pki_master_dict['pki_tomcat_webapps_subsystem_path'], "WEB-INF", "web.xml.orig") # subystem-specific slot substitution name/value pairs if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['pki_target_flatfile_txt'] =\ + self.pki_master_dict['pki_target_flatfile_txt'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "flatfile.txt") - self.pki_master_dict['pki_target_proxy_conf'] =\ + self.pki_master_dict['pki_target_proxy_conf'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "proxy.conf") - self.pki_master_dict['pki_target_registry_cfg'] =\ + self.pki_master_dict['pki_target_registry_cfg'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "registry.cfg") # '*.profile' - self.pki_master_dict['pki_target_admincert_profile'] =\ + self.pki_master_dict['pki_target_admincert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "adminCert.profile") self.pki_master_dict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.pki_master_dict\ + = os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caAuditSigningCert.profile") - self.pki_master_dict['pki_target_cacert_profile'] =\ + self.pki_master_dict['pki_target_cacert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caCert.profile") - self.pki_master_dict['pki_target_caocspcert_profile'] =\ + self.pki_master_dict['pki_target_caocspcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "caOCSPCert.profile") - self.pki_master_dict['pki_target_servercert_profile'] =\ + self.pki_master_dict['pki_target_servercert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + self.pki_master_dict['pki_target_subsystemcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") # in-place slot substitution name/value pairs - self.pki_master_dict['pki_target_profileselect_template'] =\ + self.pki_master_dict['pki_target_profileselect_template'] = \ os.path.join( self.pki_master_dict\ ['pki_tomcat_webapps_subsystem_path'], @@ -579,30 +579,30 @@ class PKIConfigParser: "ProfileSelect.template") elif self.pki_master_dict['pki_subsystem'] == "KRA": # '*.profile' - self.pki_master_dict['pki_target_servercert_profile'] =\ + self.pki_master_dict['pki_target_servercert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "serverCert.profile") - self.pki_master_dict['pki_target_storagecert_profile'] =\ + self.pki_master_dict['pki_target_storagecert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "storageCert.profile") - self.pki_master_dict['pki_target_subsystemcert_profile'] =\ + self.pki_master_dict['pki_target_subsystemcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "subsystemCert.profile") - self.pki_master_dict['pki_target_transportcert_profile'] =\ + self.pki_master_dict['pki_target_transportcert_profile'] = \ os.path.join(self.pki_master_dict\ ['pki_subsystem_configuration_path'], "transportCert.profile") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] = \ self.pki_master_dict['pki_instance_name'] - self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \ os.path.join(self.pki_master_dict['pki_instance_path'], self.pki_master_dict['pki_instance_name']) - self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] =\ + self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], self.pki_master_dict['pki_instance_name']) if self.pki_master_dict['pki_subsystem'] in\ @@ -618,10 +618,10 @@ class PKIConfigParser: self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None self.pki_master_dict['NSS_CONF_SLOT'] = None self.pki_master_dict['OBJ_EXT_SLOT'] = None - self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "apache") - self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "apache") self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache" @@ -638,244 +638,244 @@ class PKIConfigParser: self.pki_master_dict['TPS_DIR_SLOT'] = None elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['INSTALL_TIME_SLOT'] =\ + self.pki_master_dict['INSTALL_TIME_SLOT'] = \ self.pki_master_dict['pki_install_time'] - self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] self.pki_master_dict\ - ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.pki_master_dict\ - ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\ + self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ "want" - self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_AJP_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AJP_PORT_SLOT'] = \ self.pki_master_dict['pki_ajp_port'] - self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\ + self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] =\ + self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] = \ self.pki_master_dict['pki_ca_hostname'] - self.pki_master_dict['PKI_CA_PORT_SLOT'] =\ + self.pki_master_dict['PKI_CA_PORT_SLOT'] = \ self.pki_master_dict['pki_ca_port'] - self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\ + self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] = \ self.pki_master_dict['pki_pin'] - self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\ + self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] = \ self.pki_master_dict['pki_target_cs_cfg'] self.pki_master_dict\ - ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ + ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" self.pki_master_dict\ - ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ + ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] self.pki_master_dict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] =\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.pki_master_dict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] =\ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_GROUP_SLOT'] =\ + self.pki_master_dict['PKI_GROUP_SLOT'] = \ self.pki_master_dict['pki_group'] - self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] = \ self.pki_master_dict['pki_instance_path'] - self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] =\ + self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] = \ self.pki_master_dict['pki_path'] - self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ + self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \ os.path.join("/var/lock/pki", "tomcat") - self.pki_master_dict['PKI_HOSTNAME_SLOT'] =\ + self.pki_master_dict['PKI_HOSTNAME_SLOT'] = \ self.pki_master_dict['pki_hostname'] self.pki_master_dict\ - ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ + ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "<!--" self.pki_master_dict\ - ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\ + ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_PIDDIR_SLOT'] =\ + self.pki_master_dict['PKI_PIDDIR_SLOT'] = \ os.path.join("/var/run/pki", "tomcat") if config.str2bool(self.pki_master_dict['pki_enable_proxy']): - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_proxy_https_port'] - self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_proxy_http_port'] - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "" else: - self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "-->" - self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \ "-->" self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = "" self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = "" - self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "<!--" - self.pki_master_dict['PKI_TMPDIR_SLOT'] =\ + self.pki_master_dict['PKI_TMPDIR_SLOT'] = \ self.pki_master_dict['pki_tomcat_tmpdir_path'] - self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] =\ + self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] = \ self.pki_master_dict['resteasy_lib'] - self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\ + self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] = \ self.pki_master_dict['pki_one_time_pin'] - self.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_SECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_https_port'] - self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Secure" - self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] =\ - "<!-- " +\ - "Shared Ports: Agent, EE, and Admin Secure Port Connector " +\ + self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ + "<!-- " + \ + "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \ "-->" - self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] =\ + self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] = \ self.pki_master_dict['pki_security_manager'] - self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\ + self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] = \ self.pki_master_dict['pki_target_server_xml'] - self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] =\ + self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \ self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\ + self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] = \ self.pki_master_dict['pki_subsystem'].lower() - self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\ - "pki-tomcatd" + "@" +\ + self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \ + "pki-tomcatd" + "@" + \ self.pki_master_dict['pki_instance_name'] + ".service" - self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] = \ self.pki_master_dict['pki_http_port'] - self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unsecure" - self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] =\ + self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \ "<!-- Shared Ports: Unsecure Port Connector -->" - self.pki_master_dict['PKI_USER_SLOT'] =\ + self.pki_master_dict['PKI_USER_SLOT'] = \ self.pki_master_dict['pki_user'] - self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] =\ + self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = \ "tomcat" - self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] =\ + self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] = \ "webapps" - self.pki_master_dict['TOMCAT_CFG_SLOT'] =\ + self.pki_master_dict['TOMCAT_CFG_SLOT'] = \ self.pki_master_dict['pki_target_tomcat_conf'] - self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] =\ + self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ os.path.join( self.pki_master_dict['pki_tomcat_common_lib_path'], "*.jar") - self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\ + self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] = \ self.pki_master_dict['pki_instance_log_path'] - self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\ + self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] = \ "/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid" - self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\ + self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] = \ self.pki_master_dict['pki_tomcat_server_port'] - self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\ - "-SSL2_RC4_128_WITH_MD5," +\ - "-SSL2_RC4_128_EXPORT40_WITH_MD5," +\ - "-SSL2_RC2_128_CBC_WITH_MD5," +\ - "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," +\ - "-SSL2_DES_64_CBC_WITH_MD5," +\ + self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ + "-SSL2_RC4_128_WITH_MD5," + \ + "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_WITH_MD5," + \ + "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \ + "-SSL2_DES_64_CBC_WITH_MD5," + \ "-SSL2_DES_192_EDE3_CBC_WITH_MD5" - self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] =\ - "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," +\ - "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," +\ - "+SSL3_RSA_WITH_RC4_128_SHA," +\ - "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," +\ - "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+SSL3_RSA_WITH_DES_CBC_SHA," +\ - "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," +\ - "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," +\ - "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," +\ - "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," +\ - "-SSL3_RSA_WITH_NULL_MD5," +\ - "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\ + self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] = \ + "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \ + "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \ + "+SSL3_RSA_WITH_RC4_128_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \ + "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+SSL3_RSA_WITH_DES_CBC_SHA," + \ + "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \ + "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \ + "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \ + "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \ + "-SSL3_RSA_WITH_NULL_MD5," + \ + "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] =\ - "ssl2=true," +\ - "ssl3=true," +\ + self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] = \ + "ssl2=true," + \ + "ssl3=true," + \ "tls=true" - self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] =\ - "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," +\ - "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," +\ - "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_RSA_WITH_AES_128_CBC_SHA," +\ - "+TLS_RSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +\ - "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +\ - "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +\ - "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," +\ - "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +\ + self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] = \ + "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" if self.pki_master_dict['pki_subsystem'] == "CA": - self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS']=\ + self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ self.pki_master_dict\ ['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs - self.pki_master_dict['pki_shared_pfile'] =\ + self.pki_master_dict['pki_shared_pfile'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "pfile") - self.pki_master_dict['pki_shared_password_conf'] =\ + self.pki_master_dict['pki_shared_password_conf'] = \ os.path.join( self.pki_master_dict['pki_instance_configuration_path'], "password.conf") - self.pki_master_dict['pki_cert_database'] =\ + self.pki_master_dict['pki_cert_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "cert8.db") - self.pki_master_dict['pki_key_database'] =\ + self.pki_master_dict['pki_key_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "key3.db") - self.pki_master_dict['pki_secmod_database'] =\ + self.pki_master_dict['pki_secmod_database'] = \ os.path.join(self.pki_master_dict['pki_database_path'], "secmod.db") self.pki_master_dict['pki_self_signed_token'] = "internal" - self.pki_master_dict['pki_self_signed_nickname'] =\ + self.pki_master_dict['pki_self_signed_nickname'] = \ self.pki_master_dict['pki_ssl_server_nickname'] - self.pki_master_dict['pki_self_signed_subject'] =\ - "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + self.pki_master_dict['pki_self_signed_subject'] = \ + "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ "o=" + self.pki_master_dict['pki_certificate_timestamp'] self.pki_master_dict['pki_self_signed_serial_number'] = 0 self.pki_master_dict['pki_self_signed_validity_period'] = 12 - self.pki_master_dict['pki_self_signed_issuer_name'] =\ - "cn=" + self.pki_master_dict['pki_hostname'] + "," +\ + self.pki_master_dict['pki_self_signed_issuer_name'] = \ + "cn=" + self.pki_master_dict['pki_hostname'] + "," + \ "o=" + self.pki_master_dict['pki_certificate_timestamp'] self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu" - self.pki_master_dict['pki_self_signed_noise_file'] =\ + self.pki_master_dict['pki_self_signed_noise_file'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "noise") self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024 # Shared Apache/Tomcat NSS security database convenience symbolic links self.pki_master_dict\ - ['pki_subsystem_configuration_password_conf_link'] =\ + ['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( self.pki_master_dict['pki_subsystem_configuration_path'], "password.conf") if not len(self.pki_master_dict['pki_client_database_password']): # use randomly generated client 'pin' - self.pki_master_dict['pki_client_database_password'] =\ + self.pki_master_dict['pki_client_database_password'] = \ str(self.pki_master_dict['pki_client_pin']) # Configuration scriptlet @@ -918,13 +918,13 @@ class PKIConfigParser: # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] = \ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: - self.pki_master_dict['pki_security_domain_user'] =\ + self.pki_master_dict['pki_security_domain_user'] = \ self.pki_config.get('DEFAULT', 'pki_admin_uid') # otherwise use the default CA admin uid @@ -938,9 +938,9 @@ class PKIConfigParser: # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA self.pki_master_dict['pki_security_domain_type'] = "existing" - self.pki_master_dict['pki_security_domain_uri'] =\ - "https" + "://" +\ - self.pki_master_dict['pki_security_domain_hostname'] + ":" +\ + self.pki_master_dict['pki_security_domain_uri'] = \ + "https" + "://" + \ + self.pki_master_dict['pki_security_domain_hostname'] + ":" + \ self.pki_master_dict['pki_security_domain_https_port'] elif config.str2bool(self.pki_master_dict['pki_external']): @@ -981,9 +981,9 @@ class PKIConfigParser: if config.str2bool(self.pki_master_dict['pki_backup_keys']): # NOTE: ALWAYS store the PKCS #12 backup keys file # in with the NSS "server" security databases - self.pki_master_dict['pki_backup_keys_p12'] =\ - self.pki_master_dict['pki_database_path'] + "/" +\ - self.pki_master_dict['pki_subsystem'].lower() + "_" +\ + self.pki_master_dict['pki_backup_keys_p12'] = \ + self.pki_master_dict['pki_database_path'] + "/" + \ + self.pki_master_dict['pki_subsystem'].lower() + "_" + \ "backup" + "_" + "keys" + "." + "p12" self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert" @@ -1003,23 +1003,23 @@ class PKIConfigParser: self.pki_master_dict['pki_storage_tag'] = "storage" # Finalization name/value pairs - self.pki_master_dict['pki_default_deployment_cfg_replica'] =\ + self.pki_master_dict['pki_default_deployment_cfg_replica'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.DEFAULT_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_replica'] =\ + self.pki_master_dict['pki_user_deployment_cfg_replica'] = \ os.path.join(self.pki_master_dict['pki_subsystem_registry_path'], config.USER_DEPLOYMENT_CONFIGURATION) - self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ - "spawn" + "_" +\ - config.USER_DEPLOYMENT_CONFIGURATION + "." +\ + self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] = \ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + "spawn" + "_" + \ + config.USER_DEPLOYMENT_CONFIGURATION + "." + \ self.pki_master_dict['pki_timestamp'] - self.pki_master_dict['pki_manifest'] =\ - self.pki_master_dict['pki_subsystem_registry_path'] + "/" +\ + self.pki_master_dict['pki_manifest'] = \ + self.pki_master_dict['pki_subsystem_registry_path'] + "/" + \ "manifest" - self.pki_master_dict['pki_manifest_spawn_archive'] =\ - self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\ - "spawn" + "_" + "manifest" + "." +\ + self.pki_master_dict['pki_manifest_spawn_archive'] = \ + self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \ + "spawn" + "_" + "manifest" + "." + \ self.pki_master_dict['pki_timestamp'] # Construct the configuration URL containing the one-time pin # and add this to the "sensitive" key value pairs read in from @@ -1029,7 +1029,7 @@ class PKIConfigParser: # parameter that may be stored in a log file and displayed # to the screen. # - self.pki_master_dict['pki_configuration_url'] =\ + self.pki_master_dict['pki_configuration_url'] = \ "https://{}:{}/{}/{}?pin={}".format( self.pki_master_dict['pki_hostname'], self.pki_master_dict['pki_https_port'], @@ -1039,17 +1039,17 @@ class PKIConfigParser: # Compose this "systemd" execution management command if self.pki_master_dict['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] =\ - "systemctl" + " " +\ - "restart" + " " +\ - "pki-apached" + "@" +\ + self.pki_master_dict['pki_registry_initscript_command'] = \ + "systemctl" + " " + \ + "restart" + " " + \ + "pki-apached" + "@" + \ self.pki_master_dict['pki_instance_name'] + "." + "service" elif self.pki_master_dict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: - self.pki_master_dict['pki_registry_initscript_command'] =\ - "systemctl" + " " +\ - "restart" + " " +\ - "pki-tomcatd" + "@" +\ + self.pki_master_dict['pki_registry_initscript_command'] = \ + "systemctl" + " " + \ + "restart" + " " + \ + "pki-tomcatd" + "@" + \ self.pki_master_dict['pki_instance_name'] + "." + "service" except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py index 970d1aefd..b2223cab7 100644 --- a/base/server/src/scriptlets/configuration.py +++ b/base/server/src/scriptlets/configuration.py @@ -74,7 +74,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Start/Restart this Apache/Tomcat PKI Process if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - apache_instance_subsystems =\ + apache_instance_subsystems = \ deployer.instance.apache_instance_subsystems() if apache_instance_subsystems == 1: deployer.systemd.start() @@ -86,7 +86,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if config.str2bool(deployer.master_dict['pki_enable_java_debugger']): config.prepare_for_an_external_java_debugger( deployer.master_dict['pki_target_tomcat_conf_instance_id']) - tomcat_instance_subsystems =\ + tomcat_instance_subsystems = \ len(deployer.instance.tomcat_instance_subsystems()) if tomcat_instance_subsystems == 1: deployer.systemd.start() @@ -115,7 +115,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif deployer.master_dict['pki_instance_type'] == "Tomcat": # CA, KRA, OCSP, TKS, or TPS data = deployer.config_client.construct_pki_configuration_data() - + # Configure the substem deployer.config_client.configure_pki_data( json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py index 4fe31ef3d..3becd34c3 100644 --- a/base/server/src/scriptlets/infrastructure_layout.py +++ b/base/server/src/scriptlets/infrastructure_layout.py @@ -60,7 +60,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): print "Storing deployment configuration into " + deployer.master_dict['pki_user_deployment_cfg_replica'] + "." - #Archive the user deployment configuration excluding the sensitive parameters + # Archive the user deployment configuration excluding the sensitive parameters sensitive_parameters = deployer.master_dict['sensitive_parameters'].split() sections = config.user_config.sections() for s in sections: @@ -87,7 +87,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # and will already exist # deployer.directory.create(deployer.master_dict['pki_log_path']) # establish top-level infrastructure configuration - if deployer.master_dict['pki_configuration_path'] !=\ + if deployer.master_dict['pki_configuration_path'] != \ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: deployer.directory.create(deployer.master_dict['pki_configuration_path']) return self.rv @@ -106,7 +106,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deployer.directory.delete(deployer.master_dict['pki_log_path']) # remove top-level infrastructure configuration if deployer.directory.is_empty(deployer.master_dict['pki_configuration_path'])\ - and deployer.master_dict['pki_configuration_path'] !=\ + and deployer.master_dict['pki_configuration_path'] != \ config.PKI_DEPLOYMENT_CONFIGURATION_ROOT: deployer.directory.delete(deployer.master_dict['pki_configuration_path']) # remove top-level infrastructure registry diff --git a/base/server/src/scriptlets/security_databases.py b/base/server/src/scriptlets/security_databases.py index d18e2151b..d8a6eeb65 100644 --- a/base/server/src/scriptlets/security_databases.py +++ b/base/server/src/scriptlets/security_databases.py @@ -62,7 +62,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) if len(deployer.instance.tomcat_instance_subsystems()) < 2: - # only create a self signed cert for a new instance + # only create a self signed cert for a new instance rv = deployer.certutil.verify_certificate_exists( deployer.master_dict['pki_database_path'], deployer.master_dict['pki_cert_database'], diff --git a/base/server/src/scriptlets/slot_substitution.py b/base/server/src/scriptlets/slot_substitution.py index a4c90908c..bd3211b9d 100644 --- a/base/server/src/scriptlets/slot_substitution.py +++ b/base/server/src/scriptlets/slot_substitution.py @@ -73,13 +73,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.master_dict['pki_target_subsystem_web_xml']) # Strip "<filter>" section from subsystem "web.xml" # This is ONLY necessary because XML comments cannot be "nested"! - #deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'], + # deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'], # deployer.master_dict['pki_target_subsystem_web_xml_orig']) - #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml']) - #util.xml_file.remove_filter_section_from_web_xml( + # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml']) + # util.xml_file.remove_filter_section_from_web_xml( # deployer.master_dict['pki_target_subsystem_web_xml_orig'], # deployer.master_dict['pki_target_subsystem_web_xml']) - #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig']) + # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig']) if deployer.master_dict['pki_subsystem'] == "CA": deployer.file.copy_with_slot_substitution( deployer.master_dict['pki_source_proxy_conf'], |