diff options
| author | Christian Heimes <cheimes@redhat.com> | 2015-08-11 20:55:48 +0200 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2015-08-14 13:03:18 +0200 |
| commit | 12badcabc1cd345256a4902f7b0583cf667ecd8d (patch) | |
| tree | d0a45d096fab9c0b14d5221557a616824ecfd24a | |
| parent | d63ade55f5cc2a9ecf21ea2b43cfac80149c4c29 (diff) | |
| download | pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.gz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.xz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.zip | |
Make pki PEP 8 compatible
Large portions of the patch was automatically created with autopep8:
find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \
--aggressive
find base/common/upgrade base/server/upgrade -type f -and \
-not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive
autopep8 --in-place --ignore E309 --aggressive \
base/common/sbin/pki-upgrade \
base/server/sbin/pkispawn \
base/server/sbin/pkidestroy \
base/server/sbin/pki-server \
base/server/sbin/pki-server-upgrade
About two dozent violations were fixed manually.
https://fedorahosted.org/pki/ticket/708
50 files changed, 756 insertions, 538 deletions
diff --git a/base/common/python/conf.py b/base/common/python/conf.py index 67c59e610..ba29afa41 100644 --- a/base/common/python/conf.py +++ b/base/common/python/conf.py @@ -11,14 +11,15 @@ # All configuration values have a default; values that are commented out # serve to show the default. -import sys, os +import sys +import os # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. sys.path.insert(0, os.path.abspath('pki')) -# -- General configuration ----------------------------------------------------- +# -- General configuration ----------------------------------------------- # If your documentation needs a minimal Sphinx version, state it here. #needs_sphinx = '1.0' @@ -87,7 +88,7 @@ pygments_style = 'sphinx' #modindex_common_prefix = [] -# -- Options for HTML output --------------------------------------------------- +# -- Options for HTML output --------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. @@ -167,24 +168,24 @@ html_static_path = ['_static'] htmlhelp_basename = 'pythondoc' -# -- Options for LaTeX output -------------------------------------------------- +# -- Options for LaTeX output -------------------------------------------- latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', -# Additional stuff for the LaTeX preamble. -#'preamble': '', + # Additional stuff for the LaTeX preamble. + #'preamble': '', } # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, documentclass [howto/manual]). latex_documents = [ - ('index', 'dogtag.tex', u'Dogtag Python Client API', - u'Author', 'manual'), + ('index', 'dogtag.tex', u'Dogtag Python Client API', + u'Author', 'manual'), ] # The name of an image file (relative to this directory) to place at the top of @@ -208,7 +209,7 @@ latex_documents = [ #latex_domain_indices = True -# -- Options for manual page output -------------------------------------------- +# -- Options for manual page output -------------------------------------- # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). @@ -221,15 +222,15 @@ man_pages = [ #man_show_urls = False -# -- Options for Texinfo output ------------------------------------------------ +# -- Options for Texinfo output ------------------------------------------ # Grouping the document tree into Texinfo files. List of tuples # (source start file, target name, title, author, # dir menu entry, description, category) texinfo_documents = [ - ('index', 'Dogtag', u'Dogtag Python Client API', - u'Author', 'Dogtag PKI Team', 'Dogtag is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.', - 'Miscellaneous'), + ('index', 'Dogtag', u'Dogtag Python Client API', + u'Author', 'Dogtag PKI Team', 'Dogtag is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.', + 'Miscellaneous'), ] # Documents to append as an appendix to all manuals. @@ -242,7 +243,7 @@ texinfo_documents = [ #texinfo_show_urls = 'footnote' -# -- Options for Epub output --------------------------------------------------- +# -- Options for Epub output --------------------------------------------- # Bibliographic Dublin Core info. epub_title = u'Dogtag Certificate Server' diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py index 39a0db717..77e5b2365 100644 --- a/base/common/python/pki/__init__.py +++ b/base/common/python/pki/__init__.py @@ -118,7 +118,7 @@ def implementation_version(): raise Exception('Missing implementation version.') -#pylint: disable=R0903 +# pylint: disable=R0903 class Attribute(object): """ Class representing a key/value pair. @@ -132,7 +132,7 @@ class Attribute(object): self.value = value -#pylint: disable=R0903 +# pylint: disable=R0903 class AttributeList(object): """ Class representing a list of attributes. diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py index 7df9acfd9..575491ffe 100644 --- a/base/common/python/pki/cert.py +++ b/base/common/python/pki/cert.py @@ -335,16 +335,16 @@ class CertSearchRequest(object): setattr(self, 'serialNumberRangeInUse', True) for param, value in cert_search_params.viewitems(): - if not param in CertSearchRequest.search_params: + if param not in CertSearchRequest.search_params: raise ValueError('Invalid search parameter: ' + param) if param in {'serial_to', 'serial_from'}: setattr(self, CertSearchRequest.search_params[param], value) setattr(self, 'serialNumberRangeInUse', True) - if param in {\ - 'email', 'common_name', 'user_id', 'org_unit', 'org',\ - 'locality', 'state', 'country', 'match_exactly'\ + if param in { + 'email', 'common_name', 'user_id', 'org_unit', 'org', + 'locality', 'state', 'country', 'match_exactly' }: setattr(self, CertSearchRequest.search_params[param], value) setattr(self, 'subjectInUse', True) @@ -380,16 +380,16 @@ class CertSearchRequest(object): setattr(self, CertSearchRequest.search_params[param], value) setattr(self, 'validNotAfterInUse', True) - if param in {\ - 'validity_operation', 'validity_count', 'validity_unit'\ + if param in { + 'validity_operation', 'validity_count', 'validity_unit' }: setattr(self, CertSearchRequest.search_params[param], value) setattr(self, 'validityLengthInUse', True) - if param in {\ - 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca',\ - 'cert_type_secure_email', 'cert_type_ssl_client',\ - 'cert_type_ssl_server'\ + if param in { + 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca', + 'cert_type_secure_email', 'cert_type_ssl_client', + 'cert_type_ssl_server' }: setattr(self, CertSearchRequest.search_params[param], value) setattr(self, 'certTypeInUse', True) @@ -411,7 +411,8 @@ class CertRevokeRequest(object): 'Certificate_Hold', 'Remove_from_CRL', 'Privilege_Withdrawn', 'AA_Compromise'] - def __init__(self, nonce, reason=None, invalidity_date=None, comments=None): + def __init__(self, nonce, reason=None, invalidity_date=None, + comments=None): """ Constructor """ setattr(self, "Nonce", nonce) @@ -506,7 +507,8 @@ class CertEnrollmentRequest(object): inputs = attr_list['Input'] if not isinstance(inputs, list): - enroll_request.inputs.append(profile.ProfileInput.from_json(inputs)) + enroll_request.inputs.append( + profile.ProfileInput.from_json(inputs)) else: for profile_input in inputs: enroll_request.inputs.append( @@ -585,7 +587,7 @@ class CertReviewResponse(CertEnrollmentRequest): @classmethod def from_json(cls, attr_list): - #First read the values for attributes defined in CertEnrollmentRequest + # First read the values for attributes defined in CertEnrollmentRequest review_response = super(CertReviewResponse, cls).from_json(attr_list) for k, v in attr_list.iteritems(): @@ -634,7 +636,7 @@ class CertClient(object): url = self.cert_url + '/' + str(cert_serial_number) r = self.connection.get(url, self.headers) - #print r.json() + # print r.json() return CertData.from_json(r.json()) @pki.handle_exceptions() @@ -716,7 +718,8 @@ class CertClient(object): This method requires an agent's authentication cert in the connection object. """ - url = self.agent_cert_url + '/' + str(cert_serial_number) + '/revoke-ca' + url = self.agent_cert_url + '/' + str(cert_serial_number) + \ + '/revoke-ca' return self._submit_revoke_request(url, cert_serial_number, revocation_reason, invalidity_date, comments, nonce) @@ -812,7 +815,7 @@ class CertClient(object): review_response = json.dumps(cert_review_response, cls=encoder.CustomTypeEncoder, sort_keys=True) - #print review_response + # print review_response r = self.connection.post(url, review_response, headers=self.headers) return r @@ -823,7 +826,8 @@ class CertClient(object): to fetch the CertReviewResponse object. Requires as agent level authentication. """ - return self._perform_action(request_id, cert_review_response, 'approve') + return self._perform_action( + request_id, cert_review_response, 'approve') def cancel_request(self, request_id, cert_review_response=None): """ @@ -914,8 +918,8 @@ class CertClient(object): return copy.deepcopy(self.enrollment_templates[profile_id]) url = self.cert_requests_url + '/profiles/' + str(profile_id) r = self.connection.get(url, self.headers) - #print r.json() - #Caching the enrollment template object in-memory for future use. + # print r.json() + # Caching the enrollment template object in-memory for future use. enrollment_template = CertEnrollmentRequest.from_json(r.json()) self.enrollment_templates[profile_id] = enrollment_template @@ -951,7 +955,7 @@ class CertClient(object): request_object = json.dumps(enrollment_request, cls=encoder.CustomTypeEncoder, sort_keys=True) - #print request_object + # print request_object r = self.connection.post(self.cert_requests_url, request_object, self.headers) return CertRequestInfoCollection.from_json(r.json()) @@ -1035,12 +1039,12 @@ def main(): # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes connection.set_authentication_cert("/tmp/auth.pem") - #Instantiate the CertClient + # Instantiate the CertClient cert_client = CertClient(connection) cert_client.get_enrollment_template('caUserCert') - #Enrolling an user certificate + # Enrolling an user certificate print 'Enrolling an user certificate' print '-----------------------------' @@ -1130,8 +1134,8 @@ def main(): print "Status: " + cert_data_info.status print - #Trying to get a non-existing cert - #Assuming that there is no certificate with serial number = 100 + # Trying to get a non-existing cert + # Assuming that there is no certificate with serial number = 100 try: cert_data = cert_client.get_cert(100) print 'Serial Number: ' + cert_data.serial_number @@ -1146,7 +1150,7 @@ def main(): # Following examples use the serial number of the user certificate enrolled # before. - #Get certificate data + # Get certificate data print 'Getting information of a certificate' print '------------------------------------' @@ -1176,7 +1180,7 @@ def main(): print 'Nonce: ' + str(cert_data.nonce) print - #Revoke a certificate + # Revoke a certificate print 'Revoking a certificate' print '----------------------' @@ -1187,7 +1191,7 @@ def main(): print 'Request Status: ' + cert_request_info.request_status print - #Un-revoke a certificate + # Un-revoke a certificate print 'Un-revoking a certificate' print '-------------------------' @@ -1199,4 +1203,4 @@ def main(): if __name__ == "__main__": - main()
\ No newline at end of file + main() diff --git a/base/common/python/pki/cli.py b/base/common/python/pki/cli.py index 4379780b2..12b8656e8 100644 --- a/base/common/python/pki/cli.py +++ b/base/common/python/pki/cli.py @@ -99,7 +99,8 @@ class CLI(object): sub_command = None # Search the module by incrementally adding parts into module name. - # Repeat until it finds the module or until there is no more parts to add. + # Repeat until it finds the module or until there is no more parts to + # add. module = None position = 0 @@ -110,7 +111,7 @@ class CLI(object): if i >= 0: # Dash found. Split command into module name and sub command. module_name = command[0:i] - sub_command = command[i+1:] + sub_command = command[i + 1:] else: # Dash not found. Use the whole command. module_name = command @@ -127,7 +128,8 @@ class CLI(object): module = m break - # There is a sub command. It must be processed by module's children. + # There is a sub command. It must be processed by module's + # children. if len(m.modules) > 0: # Module has children. Use this module. module = m @@ -153,7 +155,8 @@ class CLI(object): # Prepare module arguments. if sub_command: - # If module command exists, include it as arguments: <module command> <args>... + # If module command exists, include it as arguments: + # <module command> <args>... module_args = [sub_command] + args[1:] else: diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index 6a99c13fe..2a33f0638 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -62,7 +62,8 @@ class CryptoProvider(object): pass @abc.abstractmethod - def symmetric_wrap(self, data, wrapping_key, mechanism=None, nonce_iv=None): + def symmetric_wrap(self, data, wrapping_key, mechanism=None, + nonce_iv=None): """ encrypt data using a symmetric key (wrapping key)""" pass @@ -86,7 +87,7 @@ class CryptoProvider(object): """ pass - #abc.abstractmethod + # abc.abstractmethod def get_cert(self, cert_nick): """ Get the certificate for the specified cert_nick. """ pass @@ -101,7 +102,8 @@ class NSSCryptoProvider(CryptoProvider): """ @staticmethod - def setup_database(db_dir, password=None, over_write=False, password_file=None): + def setup_database( + db_dir, password=None, over_write=False, password_file=None): """ Create an NSS database """ if os.path.exists(db_dir): if not over_write: @@ -188,7 +190,8 @@ class NSSCryptoProvider(CryptoProvider): None, slot.get_best_key_length(mechanism)) - # If initialization vector was supplied use it, otherwise set it to None + # If initialization vector was supplied use it, otherwise set it to + # None if nonce_iv: iv_si = nss.SecItem(nonce_iv) iv_param = nss.param_from_iv(mechanism, iv_si) diff --git a/base/common/python/pki/encoder.py b/base/common/python/pki/encoder.py index 84bf32506..6d5725f0f 100644 --- a/base/common/python/pki/encoder.py +++ b/base/common/python/pki/encoder.py @@ -32,6 +32,7 @@ class CustomTypeEncoder(json.JSONEncoder): when-instance-variable-name-is-same-as-method-name """ # pylint: disable=E0202 + def default(self, obj): for k, v in TYPES.iteritems(): if isinstance(obj, v): @@ -56,7 +57,7 @@ class CustomTypeEncoder(json.JSONEncoder): return new_dict -def CustomTypeDecoder(dct): +def CustomTypeDecoder(dct): # nopep8 if len(dct) == 1: type_name, value = dct.items()[0] if type_name in TYPES: diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index f428481f0..0df868657 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -32,8 +32,8 @@ import pki import pki.encoder as encoder -#should be moved to request.py -#pylint: disable=R0903 +# should be moved to request.py +# pylint: disable=R0903 class RequestId(object): """ Class representing a Request ID @@ -44,7 +44,7 @@ class RequestId(object): self.value = req_id -#pylint: disable=R0903 +# pylint: disable=R0903 class KeyData(object): """ This is the object that contains the encoded wrapped secret @@ -85,7 +85,8 @@ class Key(object): def __init__(self, key_data): """ Constructor """ - self.encrypted_data = base64.decodestring(key_data.wrapped_private_data) + self.encrypted_data = base64.decodestring( + key_data.wrapped_private_data) self.nonce_data = base64.decodestring(key_data.nonce_data) self.algorithm = key_data.algorithm self.size = key_data.size @@ -139,7 +140,7 @@ class KeyInfo(object): return None -#pylint: disable=R0903 +# pylint: disable=R0903 class KeyInfoCollection(object): """ This class represents data returned when searching the DRM archived @@ -211,7 +212,7 @@ class KeyRequestInfo(object): return None -#pylint: disable=R0903 +# pylint: disable=R0903 class KeyRequestInfoCollection(object): """ This class represents the data returned when searching the key @@ -419,7 +420,7 @@ class KeyClient(object): RSA_ALGORITHM = "RSA" DSA_ALGORITHM = "DSA" - #default session key wrapping algorithm + # default session key wrapping algorithm DES_EDE3_CBC_OID = "{1 2 840 113549 3 7}" def __init__(self, connection, crypto, transport_cert_nick=None): @@ -440,7 +441,8 @@ class KeyClient(object): def set_transport_cert(self, transport_cert_nick): """ Set the transport certificate for crypto operations """ if transport_cert_nick is None: - raise TypeError("Transport certificate nickname must be specified.") + raise TypeError( + "Transport certificate nickname must be specified.") self.transport_cert = self.crypto.get_cert(transport_cert_nick) @pki.handle_exceptions() @@ -626,7 +628,7 @@ class KeyClient(object): if algorithm == self.RSA_ALGORITHM: if key_size < 256: raise ValueError("Invalid key size specified.") - if ((key_size-256) % 16) != 0: + if ((key_size - 256) % 16) != 0: raise ValueError("Invalid key size specified.") if algorithm == self.DSA_ALGORITHM: if key_size not in [512, 768, 1024]: @@ -686,7 +688,9 @@ class KeyClient(object): nonce_iv = self.crypto.generate_nonce_iv() session_key = self.crypto.generate_session_key() - wrapped_session_key = self.crypto.asymmetric_wrap(session_key, self.transport_cert) + wrapped_session_key = self.crypto.asymmetric_wrap( + session_key, + self.transport_cert) encrypted_data = self.crypto.symmetric_wrap( private_data, @@ -704,15 +708,15 @@ class KeyClient(object): key_size=key_size) @pki.handle_exceptions() - def archive_encrypted_data(self,\ - client_key_id,\ - data_type,\ - encrypted_data,\ - wrapped_session_key,\ - algorithm_oid=None,\ - nonce_iv=None,\ - key_algorithm=None,\ - key_size=None): + def archive_encrypted_data(self, + client_key_id, + data_type, + encrypted_data, + wrapped_session_key, + algorithm_oid=None, + nonce_iv=None, + key_algorithm=None, + key_size=None): """ Archive a secret (symmetric key or passphrase) on the DRM. diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py index 81e2a6c90..00318d0f2 100644 --- a/base/common/python/pki/profile.py +++ b/base/common/python/pki/profile.py @@ -161,7 +161,8 @@ class ProfileAttribute(object): if 'Value' in attr_list: attribute.value = attr_list['Value'] if 'Descriptor' in attr_list: - attribute.descriptor = Descriptor.from_json(attr_list['Descriptor']) + attribute.descriptor = Descriptor.from_json( + attr_list['Descriptor']) return attribute @@ -501,6 +502,7 @@ class PolicyConstraintValue(object): """ Represents a PolicyConstraintValue """ + def __init__(self, name=None, value=None, descriptor=None): self.name = name self.value = value @@ -783,7 +785,8 @@ class PolicySetList(object): policy_set_list = cls() policy_sets = attr_list['PolicySet'] if not isinstance(policy_sets, list): - policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets)) + policy_set_list.policy_sets.append( + PolicySet.from_json(policy_sets)) else: for policy_set in policy_sets: policy_set_list.policy_sets.append( @@ -1157,7 +1160,7 @@ def main(): # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes connection.set_authentication_cert("/tmp/auth.pem") - #Initialize the ProfileClient class + # Initialize the ProfileClient class profile_client = ProfileClient(connection) # Folder to store the files generated during test @@ -1165,7 +1168,7 @@ def main(): if not os.path.exists(file_path): os.makedirs(file_path) - #Fetching a list of profiles + # Fetching a list of profiles profile_data_infos = profile_client.list_profiles() print 'List of profiles:' print '-----------------' @@ -1203,7 +1206,7 @@ def main(): print ' Profile ID: ' + profile_data.profile_id print ' Is profile enabled? ' + str(profile.enabled) print - #profile_client.delete_profile('MySampleProfile') + # profile_client.delete_profile('MySampleProfile') # Create a new sample profile print 'Creating a new profile:' print '-----------------------' @@ -1271,7 +1274,9 @@ def main(): "Validity to the request. The default " "values are Range=180 in days") attr_descriptor = Descriptor(syntax="string", description="Not Before") - policy_attribute = ProfileAttribute("notBefore", descriptor=attr_descriptor) + policy_attribute = ProfileAttribute( + "notBefore", + descriptor=attr_descriptor) policy_default.add_attribute(policy_attribute) attr_descriptor = Descriptor(syntax="string", description="Not After") @@ -1283,7 +1288,7 @@ def main(): policy_default.add_parameter(profile_param) policy_default.add_parameter(profile_param2) - #Defining the policy constraint + # Defining the policy constraint policy_constraint = PolicyConstraint("Validity Constraint", "This constraint rejects the validity " "that is not between 365 days.", @@ -1316,7 +1321,7 @@ def main(): profile_data.add_policy_set(policy_set) # Write the profile data object to a file for testing a file input - with open(file_path+'/original.json', 'w') as output_file: + with open(file_path + '/original.json', 'w') as output_file: output_file.write(json.dumps(profile_data, cls=encoder.CustomTypeEncoder, sort_keys=True, indent=4)) @@ -1368,7 +1373,7 @@ def main(): fetch.name += " (Modified)" modified_profile = profile_client.modify_profile(fetch) - with open(file_path+'modified.json', 'w') as output_file: + with open(file_path + 'modified.json', 'w') as output_file: output_file.write(json.dumps(fetch, cls=encoder.CustomTypeEncoder, sort_keys=True, indent=4)) @@ -1410,10 +1415,10 @@ def main(): # Test clean up profile_client.delete_profile('MySampleProfile') - os.remove(file_path+'original.json') - os.remove(file_path+'modified.json') + os.remove(file_path + 'original.json') + os.remove(file_path + 'modified.json') os.removedirs(file_path) if __name__ == "__main__": - main()
\ No newline at end of file + main() diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index 76b505909..b3d5fc641 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -112,7 +112,7 @@ class SecurityDomainSubsystem(object): hosts = json_value['Host'] if isinstance(hosts, dict): - hosts = [ hosts ] + hosts = [hosts] for h in hosts: host = SecurityDomainHost.from_json(h) @@ -155,7 +155,7 @@ class SecurityDomainInfo(object): subsystems = domain_info['Subsystem'] if isinstance(subsystems, dict): - subsystems = [ subsystems ] + subsystems = [subsystems] for s in subsystems: subsystem = SecurityDomainSubsystem.from_json(s) @@ -211,6 +211,7 @@ class ConfigurationRequest(object): This class is the python equivalent of the Java class: com.netscape.certsrv.system.ConfigurationRequest """ + def __init__(self): self.token = "Internal Key Storage Token" self.isClone = "false" @@ -227,6 +228,7 @@ class ConfigurationResponse(object): This class is the python equivalent of the Java class: com.netscape.certsrv.system.ConfigurationRequest """ + def __init__(self): pass @@ -240,6 +242,7 @@ class SystemCertData(object): This class is the python equivalent of the Java class: com.netscape.certsrv.system.SystemCertData """ + def __init__(self): pass @@ -252,6 +255,7 @@ class SystemConfigClient(object): The connection details for the system being configured are passed in the PKIConnection object used when constructing this object. """ + def __init__(self, connection): self.connection = connection @@ -276,6 +280,7 @@ class SystemStatusClient(object): """ Client used to check the status of a Dogtag subsystem. """ + def __init__(self, connection): self.connection = connection diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py index d59e07b3d..b5f7b03b8 100644 --- a/base/common/python/pki/systemcert.py +++ b/base/common/python/pki/systemcert.py @@ -35,7 +35,7 @@ class SystemCertClient(object): def __init__(self, connection): """ Constructor """ - #super(PKIResource, self).__init__(connection) + # super(PKIResource, self).__init__(connection) self.connection = connection self.headers = {'Content-type': 'application/json', 'Accept': 'application/json'} diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py index 30911613a..010f88c81 100644 --- a/base/common/python/pki/upgrade.py +++ b/base/common/python/pki/upgrade.py @@ -283,7 +283,7 @@ class PKIUpgradeScriptlet(object): backup_dir = self.get_backup_dir() if os.path.exists(backup_dir): - # remove old backup dir + # remove old backup dir shutil.rmtree(backup_dir) # create backup dir @@ -334,7 +334,7 @@ class PKIUpgradeScriptlet(object): # restore all backed up files for sourcepath, _, filenames in os.walk(oldfiles): - #unused item _ for dirnames + # unused item _ for dirnames destpath = sourcepath[len(oldfiles):] if destpath == '': @@ -525,7 +525,9 @@ class PKIUpgrader(object): try: i = filename.index('-') except ValueError as e: - raise pki.PKIException('Invalid scriptlet name: ' + filename, e) + raise pki.PKIException( + 'Invalid scriptlet name: ' + filename, + e) index = int(filename[0:i]) classname = filename[i + 1:] @@ -622,7 +624,7 @@ class PKIUpgrader(object): except pki.PKIException: raise - except Exception as e: # pylint: disable=W0703 + except Exception as e: # pylint: disable=W0703 print @@ -689,7 +691,7 @@ class PKIUpgrader(object): except pki.PKIException: raise - except Exception as e: # pylint: disable=W0703 + except Exception as e: # pylint: disable=W0703 print diff --git a/base/common/sbin/pki-upgrade b/base/common/sbin/pki-upgrade index 0fbfde3d6..48b7c826b 100755 --- a/base/common/sbin/pki-upgrade +++ b/base/common/sbin/pki-upgrade @@ -27,6 +27,8 @@ import pki import pki.upgrade # pylint: disable=W0613 + + def interrupt_handler(event, frame): print print diff --git a/base/java-tools/bin/pki b/base/java-tools/bin/pki index 152bf3f62..fc61f354b 100644 --- a/base/java-tools/bin/pki +++ b/base/java-tools/bin/pki @@ -23,6 +23,7 @@ import shlex import subprocess import sys + def run_java_cli(args): # read RESTEasy library path diff --git a/base/kra/functional/drmclient_deprecated.py b/base/kra/functional/drmclient_deprecated.py index 602057f92..33149bed7 100644 --- a/base/kra/functional/drmclient_deprecated.py +++ b/base/kra/functional/drmclient_deprecated.py @@ -48,9 +48,11 @@ import base64 CERT_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----" CERT_FOOTER = "-----END NEW CERTIFICATE REQUEST-----" + def _(string): return string + def parse_key_request_info_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -79,29 +81,30 @@ def parse_key_request_info_xml(doc): request_type = doc.xpath('requestType') if len(request_type) == 1: request_type = etree.tostring(request_type[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['request_type'] = request_type request_status = doc.xpath('requestStatus') if len(request_status) == 1: request_status = etree.tostring(request_status[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['request_status'] = request_status request_url = doc.xpath('requestURL') if len(request_url) == 1: request_url = etree.tostring(request_url[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['request_id'] = request_url.rsplit('/', 1)[1] key_url = doc.xpath('keyURL') if len(key_url) == 1: key_url = etree.tostring(key_url[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['key_id'] = key_url.rsplit('/', 1)[1] return response + def parse_key_request_infos_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -152,6 +155,7 @@ def parse_key_request_infos_xml(doc): return response + def parse_key_data_info_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -176,17 +180,18 @@ def parse_key_data_info_xml(doc): client_id = doc.xpath('clientID') if len(client_id) == 1: client_id = etree.tostring(client_id[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['client_id'] = client_id key_url = doc.xpath('keyURL') if len(key_url) == 1: key_url = etree.tostring(key_url[0], method='text', - encoding=unicode).strip() + encoding=unicode).strip() response['key_url'] = key_url return response + def parse_key_data_infos_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -238,6 +243,7 @@ def parse_key_data_infos_xml(doc): return response + def parse_key_data_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -271,6 +277,7 @@ def parse_key_data_xml(doc): return response + def parse_certificate_data_xml(doc): ''' :param doc: The root node of the xml document to parse @@ -293,11 +300,14 @@ def parse_certificate_data_xml(doc): if len(b64) == 1: b64 = etree.tostring(b64[0], method='text', encoding=unicode).strip() - response['cert'] = b64.replace(CERT_HEADER, "").replace(CERT_FOOTER, "") + b64 = b64.replace(CERT_HEADER, "").replace(CERT_FOOTER, "") + response['cert'] = b64 return response -def https_request(host, port, url, secdir, password, nickname, operation, args, **kw): + +def https_request( + host, port, url, secdir, password, nickname, operation, args, **kw): """ :param url: The URL to post to. :param operation: GET, POST, (PUT and DELETE not yet implemented) @@ -316,9 +326,9 @@ def https_request(host, port, url, secdir, password, nickname, operation, args, request_headers = {"Content-type": "application/xml", "Accept": "application/xml"} if operation == "POST": - if args != None: + if args is not None: post = args - elif kw != None: + elif kw is not None: post = urlencode(kw) request_headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"} @@ -342,7 +352,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args, http_reason_phrase = unicode(res.reason, 'utf-8') http_headers = res.msg.dict http_body = res.read() - except Exception, e: + except Exception as e: raise NetworkError(uri=uri, error=str(e)) finally: if conn is not None: @@ -350,6 +360,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args, return http_status, http_reason_phrase, http_headers, http_body + def http_request(host, port, url, operation, args): """ :param url: The URL to post to. @@ -365,16 +376,16 @@ def http_request(host, port, url, operation, args): uri = 'http://%s%s' % (ipautil.format_netloc(host, port), url) logging.info('request %r', uri) request_headers = {"Content-type": "application/xml", - "Accept": "application/xml"} + "Accept": "application/xml"} if operation == "POST": - if args != None: + if args is not None: post = args else: post = "" conn = httplib.HTTPConnection(host, port) try: if operation == "GET": - if args != None: + if args is not None: url = url + "?" + args conn.request("GET", url) elif operation == "POST": @@ -386,7 +397,7 @@ def http_request(host, port, url, operation, args): http_reason_phrase = unicode(res.reason, 'utf-8') http_headers = res.msg.dict http_body = res.read() - except NSPRError, e: + except NSPRError as e: raise NetworkError(uri=uri, error=str(e)) finally: if conn is not None: @@ -399,7 +410,8 @@ def http_request(host, port, url, operation, args): return http_status, http_reason_phrase, http_headers, http_body -class kra: + +class KRA: """ Key Repository Authority backend plugin. """ @@ -411,7 +423,6 @@ class kra: iv = "e4:bb:3b:d3:c3:71:2e:58" fullname = "kra" - def __init__(self, work_dir, kra_host, kra_port, kra_nickname): # crypto self.sec_dir = work_dir @@ -427,10 +438,11 @@ class kra: # set up key db for crypto functions try: nss.nss_init(self.sec_dir) - except Exception, e: - raise CertificateOperationError(error=_('Error in initializing certdb (%s)') \ - + e.strerror) - self.transport_cert = nss.find_cert_from_nickname(self.transport_cert_nickname) + except Exception as e: + raise CertificateOperationError(error=_('Error in initializing certdb (%s)') + + e.strerror) + self.transport_cert = nss.find_cert_from_nickname( + self.transport_cert_nickname) # DRM info self.kra_host = kra_host @@ -441,10 +453,14 @@ class kra: # Get a PK11 slot based on the cipher slot = nss.get_best_slot(mechanism) - if sym_key == None: - sym_key = slot.key_gen(mechanism, None, slot.get_best_key_length(mechanism)) + if sym_key is None: + sym_key = slot.key_gen( + mechanism, + None, + slot.get_best_key_length(mechanism)) - # If initialization vector was supplied use it, otherwise set it to None + # If initialization vector was supplied use it, otherwise set it to + # None if iv: iv_data = nss.read_hex(iv) iv_si = nss.SecItem(iv_data) @@ -497,7 +513,7 @@ class kra: Perform an HTTPS request """ return https_request(self.kra_host, port, url, self.sec_dir, self.password, - self.ipa_certificate_nickname, operation, args, **kw) + self.ipa_certificate_nickname, operation, args, **kw) def symmetric_wrap(self, data, wrapping_key): """ @@ -506,8 +522,10 @@ class kra: Wrap (encrypt) data using the supplied symmetric key """ - encoding_ctx, _decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, self.iv) - wrapped_data = encoding_ctx.cipher_op(data) + encoding_ctx.digest_final() + encoding_ctx, _decoding_ctx = self.setup_contexts( + self.mechanism, wrapping_key, self.iv) + wrapped_data = encoding_ctx.cipher_op( + data) + encoding_ctx.digest_final() return wrapped_data def asymmetric_wrap(self, data, wrapping_cert): @@ -527,10 +545,12 @@ class kra: Unwrap (decrypt) data using the supplied symmetric key """ - if iv == None: + if iv is None: iv = self.iv - _encoding_ctx, decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, iv) - unwrapped_data = decoding_ctx.cipher_op(data) + decoding_ctx.digest_final() + _encoding_ctx, decoding_ctx = self.setup_contexts( + self.mechanism, wrapping_key, iv) + unwrapped_data = decoding_ctx.cipher_op( + data) + decoding_ctx.digest_final() return unwrapped_data def get_parse_result_xml(self, xml_text, parse_func): @@ -546,7 +566,9 @@ class kra: parser = etree.XMLParser() doc = etree.fromstring(xml_text, parser) result = parse_func(doc) - self.debug("%s() xml_text:\n%s\nparse_result:\n%s" % (parse_func.__name__, xml_text, result)) + self.debug( + "%s() xml_text:\n%s\nparse_result:\n%s" % + (parse_func.__name__, xml_text, result)) return result def create_archival_request(self, client_id, security_data, data_type): @@ -561,13 +583,16 @@ class kra: root = etree.Element("KeyArchivalRequest") client_id_element = etree.SubElement(root, "clientId") client_id_element.text = client_id - wrapped_private_data_element = etree.SubElement(root, "wrappedPrivateData") + wrapped_private_data_element = etree.SubElement( + root, + "wrappedPrivateData") wrapped_private_data_element.text = security_data data_type_element = etree.SubElement(root, "dataType") data_type_element.text = data_type return etree.ElementTree(root) - def create_recovery_request(self, key_id, request_id, session_key, passphrase, nonce=None): + def create_recovery_request( + self, key_id, request_id, session_key, passphrase, nonce=None): """ :param key_id: identifier of key to be recovered :param request_id: id for the recovery request @@ -575,22 +600,26 @@ class kra: :param passphrase passphrase wrapped in session key :return doc: xml doc with archival request - """ + """ self.debug('%s.create_recovery_request()', self.fullname) root = etree.Element("KeyRecoveryRequest") - if key_id != None: + if key_id is not None: key_id_element = etree.SubElement(root, "keyId") key_id_element.text = key_id - if request_id != None: + if request_id is not None: request_id_element = etree.SubElement(root, "requestId") request_id_element.text = request_id - if session_key != None: - session_key_element = etree.SubElement(root, "transWrappedSessionKey") + if session_key is not None: + session_key_element = etree.SubElement( + root, + "transWrappedSessionKey") session_key_element.text = session_key - if passphrase != None: - passphrase_element = etree.SubElement(root, "sessionWrappedPassphrase") + if passphrase is not None: + passphrase_element = etree.SubElement( + root, + "sessionWrappedPassphrase") passphrase_element.text = passphrase - if nonce != None: + if nonce is not None: nonce_element = etree.SubElement(root, "nonceData") nonce_element.text = nonce return etree.ElementTree(root) @@ -612,24 +641,30 @@ class kra: self.debug('%s.archive_security_data()', self.fullname) # check clientID and security data - if ((client_id == None) or (security_data == None)): - raise CertificateOperationError(error=_('Bad arguments to archive_security_data')) + if ((client_id is None) or (security_data is None)): + raise CertificateOperationError( + error=_('Bad arguments to archive_security_data')) - request = self.create_archival_request(client_id, security_data, data_type) + request = self.create_archival_request( + client_id, + security_data, + data_type) # Call CMS http_status, http_reason_phrase, _http_headers, http_body = \ self._request('/kra/rest/agent/keyrequests/archive', - self.kra_agent_port, - self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) + self.kra_agent_port, + self.POST, + etree.tostring(request.getroot(), encoding='UTF-8')) # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in archiving request (%s)') % + http_reason_phrase) - parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml) + parse_result = self.get_parse_result_xml( + http_body, + parse_key_request_info_xml) return parse_result def get_transport_cert(self, etag=None): @@ -645,17 +680,19 @@ class kra: # Call CMS http_status, http_reason_phrase, http_headers, http_body = \ self._request('/kra/rest/config/cert/transport', - self.kra_agent_port, - self.GET, - None) + self.kra_agent_port, + self.GET, + None) - self.debug("headers: %s" , http_headers) + self.debug("headers: %s", http_headers) # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in archiving request (%s)') % + http_reason_phrase) - parse_result = self.get_parse_result_xml(http_body, parse_certificate_data_xml) + parse_result = self.get_parse_result_xml( + http_body, + parse_certificate_data_xml) return parse_result def list_security_data(self, client_id, key_state=None, next_id=None): @@ -669,14 +706,15 @@ class kra: The command returns a dict as specified in parse_key_data_infos_xml(). """ self.debug('%s.list_security_data()', self.fullname) - if client_id == None: - raise CertificateOperationError(error=_('Bad argument to list_security_data')) + if client_id is None: + raise CertificateOperationError( + error=_('Bad argument to list_security_data')) get_args = "clientID=" + quote_plus(client_id) - if key_state != None: + if key_state is not None: get_args = get_args + "&status=" + quote_plus(key_state) - if next_id != None: + if next_id is not None: # currnently not implemented on server get_args = get_args + "&start=" + quote_plus(next_id) @@ -689,10 +727,12 @@ class kra: # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in listing keys (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in listing keys (%s)') % + http_reason_phrase) - parse_result = self.get_parse_result_xml(http_body, parse_key_data_infos_xml) + parse_result = self.get_parse_result_xml( + http_body, + parse_key_data_infos_xml) return parse_result def list_key_requests(self, request_state=None, request_type=None, client_id=None, @@ -709,16 +749,16 @@ class kra: self.debug('%s.list_key_requests()', self.fullname) get_args = "" - if request_state != None: + if request_state is not None: get_args = get_args + "&requestState=" + quote_plus(request_state) - if request_type != None: + if request_type is not None: get_args = get_args + "&requestType=" + quote_plus(request_type) - if client_id != None: + if client_id is not None: get_args = get_args + "&clientID=" + quote_plus(client_id) - if next_id != None: + if next_id is not None: # currnently not implemented on server get_args = get_args + "&start=" + quote_plus(next_id) @@ -731,10 +771,12 @@ class kra: # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in listing key requests (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in listing key requests (%s)') % + http_reason_phrase) - parse_result = self.get_parse_result_xml(http_body, parse_key_request_infos_xml) + parse_result = self.get_parse_result_xml( + http_body, + parse_key_request_infos_xml) return parse_result def submit_recovery_request(self, key_id): @@ -750,24 +792,27 @@ class kra: self.debug('%s.submit_recovery_request()', self.fullname) # check clientID and security data - if key_id == None: - raise CertificateOperationError(error=_('Bad argument to archive_security_data')) + if key_id is None: + raise CertificateOperationError( + error=_('Bad argument to archive_security_data')) request = self.create_recovery_request(key_id, None, None, None) # Call CMS http_status, http_reason_phrase, _http_headers, http_body = \ self._request('/kra/rest/agent/keyrequests/recover', - self.kra_agent_port, - self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) + self.kra_agent_port, + self.POST, + etree.tostring(request.getroot(), encoding='UTF-8')) # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in archiving request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in archiving request (%s)') % + http_reason_phrase) - parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml) + parse_result = self.get_parse_result_xml( + http_body, + parse_key_request_info_xml) return parse_result def check_request_status(self, request_id): @@ -800,20 +845,21 @@ class kra: Approve recovery request """ self.debug('%s.approve_recovery_request()', self.fullname) - if request_id == None: - raise CertificateOperationError(error=_('Bad argument to approve_recovery_request')) + if request_id is None: + raise CertificateOperationError( + error=_('Bad argument to approve_recovery_request')) # Call CMS http_status, http_reason_phrase, _http_headers, _http_body = \ self._request('/kra/rest/agent/keyrequests/' + request_id + '/approve', - self.kra_agent_port, - self.POST, - None) + self.kra_agent_port, + self.POST, + None) # Parse and handle errors if (http_status > 399): - raise CertificateOperationError(error=_('Error in approving request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in approving request (%s)') % + http_reason_phrase) def reject_recovery_request(self, request_id): """ @@ -822,20 +868,21 @@ class kra: Reject recovery request """ self.debug('%s.reject_recovery_request()', self.fullname) - if request_id == None: - raise CertificateOperationError(error=_('Bad argument to reject_recovery_request')) + if request_id is None: + raise CertificateOperationError( + error=_('Bad argument to reject_recovery_request')) # Call CMS http_status, http_reason_phrase, _http_headers, _http_body = \ self._request('/kra/rest/agent/keyrequests/' + request_id + '/reject', - self.kra_agent_port, - self.POST, - None) + self.kra_agent_port, + self.POST, + None) # Parse and handle errors if (http_status > 399): - raise CertificateOperationError(error=_('Error in rejecting request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in rejecting request (%s)') % + http_reason_phrase) def cancel_recovery_request(self, request_id): """ @@ -844,20 +891,21 @@ class kra: Cancel recovery request """ self.debug('%s.cancel_recovery_request()', self.fullname) - if request_id == None: - raise CertificateOperationError(error=_('Bad argument to cancel_recovery_request')) + if request_id is None: + raise CertificateOperationError( + error=_('Bad argument to cancel_recovery_request')) # Call CMS http_status, http_reason_phrase, _http_headers, _http_body = \ self._request('/kra/rest/agent/keyrequests/' + request_id + '/cancel', - self.kra_agent_port, - self.POST, - None) + self.kra_agent_port, + self.POST, + None) # Parse and handle errors if (http_status > 399): - raise CertificateOperationError(error=_('Error in cancelling request (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in cancelling request (%s)') % + http_reason_phrase) def retrieve_security_data(self, recovery_request_id, passphrase=None): """ @@ -881,23 +929,35 @@ class kra: |data |String | Key data (either wrapped using | | | | passphrase or unwrapped) | +-----------------+---------------+---------------------------------------+ - """ + """ self.debug('%s.retrieve_security_data()', self.fullname) - if recovery_request_id == None: - raise CertificateOperationError(error=_('Bad arguments to retrieve_security_data')) + if recovery_request_id is None: + raise CertificateOperationError( + error=_('Bad arguments to retrieve_security_data')) # generate symmetric key slot = nss.get_best_slot(self.mechanism) - session_key = slot.key_gen(self.mechanism, None, slot.get_best_key_length(self.mechanism)) + session_key = slot.key_gen( + self.mechanism, + None, + slot.get_best_key_length( + self.mechanism)) # wrap this key with the transport cert public_key = self.transport_cert.subject_public_key_info.public_key - wrapped_session_key = base64.b64encode(nss.pub_wrap_sym_key(self.mechanism, public_key, session_key)) + wrapped_session_key = base64.b64encode( + nss.pub_wrap_sym_key( + self.mechanism, + public_key, + session_key)) wrapped_passphrase = None - if passphrase != None: + if passphrase is not None: # wrap passphrase with session key - wrapped_session_key = base64.b64encode(self.symmetric_wrap(passphrase, session_key)) + wrapped_session_key = base64.b64encode( + self.symmetric_wrap( + passphrase, + session_key)) request = self.create_recovery_request(None, recovery_request_id, wrapped_session_key, @@ -906,21 +966,24 @@ class kra: # Call CMS http_status, http_reason_phrase, _http_headers, http_body = \ self._request('/kra/rest/agent/keys/retrieve', - self.kra_agent_port, - self.POST, - etree.tostring(request.getroot(), encoding='UTF-8')) + self.kra_agent_port, + self.POST, + etree.tostring(request.getroot(), encoding='UTF-8')) # Parse and handle errors if (http_status != 200): - raise CertificateOperationError(error=_('Error in retrieving security data (%s)') % \ - http_reason_phrase) + raise CertificateOperationError(error=_('Error in retrieving security data (%s)') % + http_reason_phrase) parse_result = self.get_parse_result_xml(http_body, parse_key_data_xml) - if passphrase == None: - iv = nss.data_to_hex(base64.decodestring(parse_result['nonce_data'])) - parse_result['data'] = self.symmetric_unwrap(base64.decodestring(parse_result['wrapped_data']), - session_key, iv) + if passphrase is None: + iv = nss.data_to_hex( + base64.decodestring( + parse_result['nonce_data'])) + parse_result['data'] = self.symmetric_unwrap( + base64.decodestring(parse_result['wrapped_data']), + session_key, iv) return parse_result @@ -945,13 +1008,26 @@ class kra: import argparse parser = argparse.ArgumentParser(description="Sample Test execution") -parser.add_argument('-d', default='/tmp/drmtest', dest='work_dir', help='Working directory') +parser.add_argument( + '-d', + default='/tmp/drmtest', + dest='work_dir', + help='Working directory') parser.add_argument('--options', default='options.out', dest='options_file', help='File containing test PKIArchiveOptions to be archived') parser.add_argument('--symkey', default='symkey.out', dest='symkey_file', help='File containing test symkey') -parser.add_argument('--host', default='localhost', dest='kra_host', help='DRM hostname') -parser.add_argument('-p', default='10080', type=int, dest='kra_port', help='DRM Port') +parser.add_argument( + '--host', + default='localhost', + dest='kra_host', + help='DRM hostname') +parser.add_argument( + '-p', + default='10080', + type=int, + dest='kra_port', + help='DRM Port') parser.add_argument('-n', default='DRM TransportCert Nickname', dest='kra_nickname', help="DRM Nickname") @@ -963,7 +1039,7 @@ kra_nickname = args.kra_nickname options_file = args.options_file symkey_file = args.symkey_file -test_kra = kra(work_dir, kra_host, kra_port, kra_nickname) +test_kra = KRA(work_dir, kra_host, kra_port, kra_nickname) # list requests requests = test_kra.list_key_requests() @@ -977,7 +1053,10 @@ print transport_cert f = open(work_dir + "/" + options_file) wrapped_key = f.read() client_id = "Python symmetric key " + datetime.now().strftime("%Y-%m-%d %H:%M") -response = test_kra.archive_security_data(client_id, wrapped_key, "symmetricKey") +response = test_kra.archive_security_data( + client_id, + wrapped_key, + "symmetricKey") print response # list keys with client_id @@ -999,7 +1078,7 @@ print "Testing invalid request ID" try: response = test_kra.retrieve_security_data("INVALID") print "Failure: No exception thrown" -except CertificateOperationError, e: +except CertificateOperationError as e: if 'Error in retrieving security data (Bad Request)' == e.error: print "Success: " + e.error else: diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index 0a7bbeaae..d951d5f25 100755 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -34,7 +34,6 @@ See drmtest.readme.txt. import base64 import getopt -import os import random import shutil import string @@ -84,14 +83,15 @@ def print_key_data(key_data): print "Private Data: " + base64.encodestring(key_data.data) -def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password): +def run_test(protocol, hostname, port, client_cert, certdb_dir, + certdb_password): """ test code execution """ # set up the connection to the DRM, including authentication credentials connection = PKIConnection(protocol, hostname, port, 'kra') connection.set_authentication_cert(client_cert) - #create kraclient + # create kraclient crypto = pki.crypto.NSSCryptoProvider(certdb_dir, certdb_password) kraclient = KRAClient(connection, crypto) keyclient = kraclient.keys @@ -207,7 +207,7 @@ def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) print "KeyNotFoundException thrown - Code:" + exc.code + \ " Message: " + exc.message - #Test 13 = getKeyInfo + # Test 13 = getKeyInfo print "Get key info for existing key" key_info = keyclient.get_key_info(key_id) print_key_info(key_info) @@ -217,7 +217,7 @@ def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) key_info = keyclient.get_active_key_info(client_key_id) print_key_info(key_info) - #Test 15: change the key status + # Test 15: change the key status print "Change the key status" keyclient.modify_key_status(key_id, keyclient.KEY_STATUS_INACTIVE) print_key_info(keyclient.get_key_info(key_id)) @@ -239,7 +239,7 @@ def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) print "ResourceNotFoundException thrown - Code: " + exc.code +\ "Message: " + exc.message - #Test 18: Generate a symmetric key with default parameters + # Test 18: Generate a symmetric key with default parameters client_key_id = "Vek #3" + time.strftime('%c') response = keyclient.generate_symmetric_key(client_key_id) print_key_request(response.request_info) @@ -270,7 +270,7 @@ def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) print "Error: archived and recovered keys do not match" print - #Test 20: Generating asymmetric keys + # Test 20: Generating asymmetric keys print "Generating asymmetric keys" try: response = keyclient.generate_asymmetric_key( @@ -284,7 +284,7 @@ def run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) print "BadRequestException thrown - Code:" + exc.code +\ " Message: " + exc.message - #Test 21: Get key information of the newly generated asymmetric keys + # Test 21: Get key information of the newly generated asymmetric keys print "Retrieving key information" key_info = keyclient.get_key_info(response.request_info.get_key_id()) print_key_info(key_info) @@ -296,7 +296,7 @@ def usage(): print ' -P <protocol> KRA server protocol (default: https).' print ' -h <hostname> KRA server hostname (default: localhost).' print ' -p <port> KRA server port (default: 8443).' - print ' -n <path> KRA agent certificate and private key (default: kraagent.pem).' + print ' -n <path> KRA agent certificate and private key (default: kraagent.pem).' # nopep8 print print ' --help Show this help message.' @@ -310,9 +310,9 @@ def main(argv): usage() sys.exit(1) - protocol = 'https' - hostname = 'localhost' - port = '8443' + protocol = 'https' + hostname = 'localhost' + port = '8443' client_cert = 'kraagent.pem' for o, a in opts: @@ -340,11 +340,20 @@ def main(argv): certdb_dir = tempfile.mkdtemp(prefix='pki-kra-test-') print "NSS database dir: %s" % certdb_dir - certdb_password = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(8)) + certdb_password = ''.join( + random.choice( + string.ascii_letters + + string.digits) for i in range(8)) print "NSS database password: %s" % certdb_password try: - run_test(protocol, hostname, port, client_cert, certdb_dir, certdb_password) + run_test( + protocol, + hostname, + port, + client_cert, + certdb_dir, + certdb_password) finally: shutil.rmtree(certdb_dir) diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 9777d221f..3a2cf6bef 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -108,7 +108,7 @@ class PKISubsystem(object): class PKIInstance(object): - def __init__(self, name, instanceType=10): + def __init__(self, name, instanceType=10): # nopep8 self.name = name self.type = instanceType @@ -121,7 +121,10 @@ class PKIInstance(object): self.conf_dir = os.path.join(self.base_dir, 'conf') self.lib_dir = os.path.join(self.base_dir, 'lib') - self.registry_dir = os.path.join(pki.server.REGISTRY_DIR, 'tomcat', self.name) + self.registry_dir = os.path.join( + pki.server.REGISTRY_DIR, + 'tomcat', + self.name) self.registry_file = os.path.join(self.registry_dir, self.name) self.service_name = 'pki-tomcatd@%s.service' % self.name @@ -149,7 +152,8 @@ class PKIInstance(object): subprocess.check_call(['systemctl', 'stop', self.service_name]) def is_active(self): - rc = subprocess.call(['systemctl', '--quiet', 'is-active', self.service_name]) + rc = subprocess.call( + ['systemctl', '--quiet', 'is-active', self.service_name]) return rc == 0 def load(self): @@ -215,7 +219,7 @@ class PKIInstance(object): # set deployment descriptor ownership and permission os.chown(context_xml, self.uid, self.gid) - os.chmod(context_xml, 00660) + os.chmod(context_xml, 0o0660) def undeploy(self, webapp_name): context_xml = os.path.join( diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index becad1447..95a708bee 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -322,7 +322,9 @@ class InstanceMigrateCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.migrate(instance, tomcat_version) # pylint: disable=no-member,maybe-no-member + module.migrate( # pylint: disable=no-member,maybe-no-member + instance, + tomcat_version) self.print_message('%s instance migrated' % instance_name) @@ -369,14 +371,15 @@ class InstanceNuxwdogEnableCLI(pki.cli.CLI): self.print_help() sys.exit(1) - #module = self.top.find_module('nuxwdog-enable') + # module = self.top.find_module('nuxwdog-enable') module = pki.server.cli.nuxwdog.NuxwdogEnableCLI() module.set_verbose(self.verbose) instance = pki.server.PKIInstance(instance_name) instance.load() - module.enable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.enable_nuxwdog( # pylint: disable=no-member,maybe-no-member + instance) self.print_message('Nuxwdog enabled for instance %s.' % instance_name) @@ -430,6 +433,7 @@ class InstanceNuxwdogDisableCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.disable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.disable_nuxwdog( + instance) # pylint: disable=no-member,maybe-no-member self.print_message('Nuxwdog disabled for instance %s.' % instance_name) diff --git a/base/server/python/pki/server/cli/migrate.py b/base/server/python/pki/server/cli/migrate.py index bb807d8ca..de62a24b4 100644 --- a/base/server/python/pki/server/cli/migrate.py +++ b/base/server/python/pki/server/cli/migrate.py @@ -46,7 +46,6 @@ class MigrateCLI(pki.cli.CLI): print def execute(self, argv): - try: opts, _ = getopt.getopt(argv, 'i:v', [ 'tomcat=', 'verbose', 'debug', 'help']) @@ -91,25 +90,30 @@ class MigrateCLI(pki.cli.CLI): self.print_message('System migrated') def migrate(self, instance, tomcat_version): - self.migrate_instance(instance, tomcat_version) self.migrate_subsystems(instance, tomcat_version) def migrate_instance(self, instance, tomcat_version): - server_xml = os.path.join(instance.conf_dir, 'server.xml') self.migrate_server_xml(server_xml, tomcat_version) - root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + root_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'ROOT.xml') self.migrate_context_xml(root_context_xml, tomcat_version) - pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + pki_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'pki.xml') self.migrate_context_xml(pki_context_xml, tomcat_version) self.migrate_tomcat_libraries(instance) def migrate_server_xml(self, filename, tomcat_version): - if self.verbose: print 'Migrating %s' % filename @@ -130,61 +134,60 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_server_xml_to_tomcat7(self, document): - server = document.getroot() - jasper_comment = etree.Comment('Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html ') + jasper_comment = etree.Comment( + 'Initialize Jasper prior to webapps are loaded. Documentation ' + 'at /docs/jasper-howto.html ') jasper_listener = etree.Element('Listener') - jasper_listener.set('className', 'org.apache.catalina.core.JasperListener') + jasper_listener.set( + 'className', + 'org.apache.catalina.core.JasperListener') - jmx_support_comment = etree.Comment(' JMX Support for the Tomcat server. Documentation at /docs/non-existent.html ') + jmx_support_comment = etree.Comment( + ' JMX Support for the Tomcat server. Documentation at ' + '/docs/non-existent.html ') - excluded_comment1 = etree.Comment(' The following class has been commented out because it ') - excluded_comment2 = etree.Comment(' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') + excluded_comment1 = etree.Comment( + ' The following class has been commented out because it ') + excluded_comment2 = etree.Comment( + ' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') - server_lifecycle_comment = etree.Comment(' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') + server_lifecycle_comment = etree.Comment( + ' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') global_resources_lifecycle_listener = None children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: server.remove(child) - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: jasper_comment = None - elif 'JMX Support for the Tomcat server.' in child.text: jmx_support_comment = None - elif 'The following class has been commented out because it' in child.text: excluded_comment1 = None - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: excluded_comment2 = None - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server_lifecycle_comment = None - if 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: server.remove(child) elif child.tag == 'Listener': class_name = child.get('className') - if class_name == 'org.apache.catalina.startup.VersionLoggerListener'\ - or class_name == 'org.apache.catalina.security.SecurityListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener'\ - or class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener'\ - or class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': - + if class_name in { + 'org.apache.catalina.startup.VersionLoggerListener', + 'org.apache.catalina.security.SecurityListener', + 'org.apache.catalina.mbeans.ServerLifecycleListener', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener'}: if self.debug: print '* removing %s' % class_name - server.remove(child) elif class_name == 'org.apache.catalina.core.JasperListener': @@ -231,7 +234,6 @@ class MigrateCLI(pki.cli.CLI): connectors = server.findall('Service/Connector') for connector in connectors: - if connector.get('secure') == 'true': connector.set('protocol', 'HTTP/1.1') @@ -240,78 +242,68 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log.') def migrate_server_xml_to_tomcat8(self, document): - server = document.getroot() version_logger_listener = etree.Element('Listener') - version_logger_listener.set('className', 'org.apache.catalina.startup.VersionLoggerListener') + version_logger_listener.set( + 'className', + 'org.apache.catalina.startup.VersionLoggerListener') security_listener_comment = etree.Comment(''' Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> ''') jre_memory_leak_prevention_listener = etree.Element('Listener') - jre_memory_leak_prevention_listener.set('className', 'org.apache.catalina.core.JreMemoryLeakPreventionListener') + jre_memory_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener') global_resources_lifecycle_listener = None thread_local_leak_prevention_listener = etree.Element('Listener') - thread_local_leak_prevention_listener.set('className', 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') + thread_local_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') - prevent_comment = etree.Comment(' Prevent memory leaks due to use of particular java/javax APIs') + prevent_comment = etree.Comment( + ' Prevent memory leaks due to use of particular java/javax APIs') children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: security_listener_comment = None - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: server.remove(child) - elif 'JMX Support for the Tomcat server.' in child.text: server.remove(child) - elif 'The following class has been commented out because it' in child.text: server.remove(child) - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: server.remove(child) - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server.remove(child) - elif 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: prevent_comment = None elif child.tag == 'Listener': - class_name = child.get('className') if class_name == 'org.apache.catalina.core.JasperListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': - + or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': if self.debug: print '* removing %s' % class_name - server.remove(child) - elif class_name == 'org.apache.catalina.startup.VersionLoggerListener': version_logger_listener = None - elif class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener': jre_memory_leak_prevention_listener = None - elif class_name == 'org.apache.catalina.mbeans.GlobalResourcesLifecycleListener': global_resources_lifecycle_listener = child - elif class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': thread_local_leak_prevention_listener = None @@ -359,7 +351,9 @@ class MigrateCLI(pki.cli.CLI): for connector in connectors: if connector.get('secure') == 'true': - connector.set('protocol', 'org.apache.coyote.http11.Http11Protocol') + connector.set( + 'protocol', + 'org.apache.coyote.http11.Http11Protocol') if self.debug: print '* updating AccessLogValve' @@ -367,20 +361,18 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': + if valve.get( + 'className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log') def migrate_subsystems(self, instance, tomcat_version): - for subsystem in instance.subsystems: self.migrate_subsystem(subsystem, tomcat_version) def migrate_subsystem(self, subsystem, tomcat_version): - self.migrate_context_xml(subsystem.context_xml, tomcat_version) def migrate_context_xml(self, filename, tomcat_version): - if not os.path.exists(filename): return @@ -404,7 +396,6 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_context_xml_to_tomcat7(self, document): - context = document.getroot() context.set('allowLinking', 'true') @@ -418,9 +409,8 @@ class MigrateCLI(pki.cli.CLI): context.remove(resources) def migrate_context_xml_to_tomcat8(self, document): - context = document.getroot() - if context.attrib.has_key('allowLinking'): + if 'allowLinking' in context.attrib: context.attrib.pop('allowLinking') resources = context.find('Resources') @@ -436,7 +426,6 @@ class MigrateCLI(pki.cli.CLI): resources.set('allowLinking', 'true') def migrate_tomcat_libraries(self, instance): - # remove old links for filename in os.listdir(instance.lib_dir): diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 43eb564ee..a63eb86d7 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -248,7 +248,9 @@ class SubsystemEnableCLI(pki.cli.CLI): class SubsystemDisableCLI(pki.cli.CLI): def __init__(self): - super(SubsystemDisableCLI, self).__init__('disable', 'Disable subsystem') + super(SubsystemDisableCLI, self).__init__( + 'disable', + 'Disable subsystem') def usage(self): print 'Usage: pki-server subsystem-disable [OPTIONS] <subsystem ID>' diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index 5ffed768b..8bca657de 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -20,14 +20,14 @@ # # PKI Deployment Constants -PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 -PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 -PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 -PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 -PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 -PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 +PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 0o0755 +PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 0o0660 +PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 0o0600 +PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 0o2770 +PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 0o0777 +PKI_DEPLOYMENT_DEFAULT_UMASK = 0o0002 PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" PKI_DEPLOYMENT_DEFAULT_GID = 17 diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index cf04e68bc..62abce74e 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -111,13 +111,13 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): shutil.copy2(srcname, dstname) # catch the Error from the recursive pki_copytree so that we can # continue with other files - except Error, err: + except Error as err: errors.extend(err.args[0]) - except EnvironmentError, why: + except EnvironmentError as why: errors.append((srcname, dstname, str(why))) try: shutil.copystat(src, dst) - except OSError, why: + except OSError as why: if WindowsError is not None and isinstance(why, WindowsError): # Copying file access times may fail on Windows pass @@ -307,16 +307,16 @@ class Identity: def group_exists(self, pki_group): try: - _ = getgrnam(pki_group)[1] + _ = getgrnam(pki_group)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def user_exists(self, pki_user): try: - _ = getpwnam(pki_user)[1] + _ = getpwnam(pki_user)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def is_user_a_member_of_group(self, pki_user, pki_group): @@ -369,7 +369,8 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'])) else: - if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): + if os.path.exists( + self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, @@ -548,7 +549,8 @@ class ConfigurationFile: self.subsystem) if config.str2bool( self.mdict['pki_subordinate_create_new_security_domain']): - self.confirm_data_exists('pki_subordinate_security_domain_name') + self.confirm_data_exists( + 'pki_subordinate_security_domain_name') def confirm_external_step_two(self): # ALWAYS defined via 'pkiparser.py' @@ -562,7 +564,7 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not param in self.mdict or not len(self.mdict[param]): + if param not in self.mdict or not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, @@ -600,8 +602,8 @@ class ConfigurationFile: # If HSM, verify absence of all PKCS #12 backup parameters if (config.str2bool(self.mdict['pki_hsm_enable']) and (config.str2bool(self.mdict['pki_backup_keys']) or - ('pki_backup_password' in self.mdict and - len(self.mdict['pki_backup_password'])))): + ('pki_backup_password' in self.mdict and + len(self.mdict['pki_backup_password'])))): config.pki_log.error( log.PKIHELPER_HSM_KEYS_CANNOT_BE_BACKED_UP_TO_PKCS12_FILES, extra=config.PKI_INDENTATION_LEVEL_2) @@ -623,7 +625,7 @@ class ConfigurationFile: # Verify absence of all PKCS #12 clone parameters for HSMs elif (os.path.exists(self.mdict['pki_clone_pkcs12_path']) or ('pki_clone_pkcs12_password' in self.mdict and - len(self.mdict['pki_clone_pkcs12_password']))): + len(self.mdict['pki_clone_pkcs12_password']))): config.pki_log.error( log.PKIHELPER_HSM_CLONES_MUST_SHARE_HSM_MASTER_PRIVATE_KEYS, extra=config.PKI_INDENTATION_LEVEL_2) @@ -966,7 +968,9 @@ class Instance: if os.path.isdir(os.path.join(self.mdict['pki_path'], instance))\ and not\ os.path.islink(os.path.join(self.mdict['pki_path'], instance)): - instance_dir = os.path.join(self.mdict['pki_path'], instance) + instance_dir = os.path.join( + self.mdict['pki_path'], + instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance @@ -989,7 +993,8 @@ class Instance: rv = [] try: for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() + path = self.mdict['pki_instance_path'] + \ + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) except OSError as exc: @@ -1008,13 +1013,13 @@ class Instance: # present within the PKI 'tomcat' registry directory for instance in os.listdir( self.mdict['pki_instance_type_registry_path']): - if os.path.isdir(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + if os.path.isdir( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)) and not\ - os.path.islink(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + os.path.islink( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)): rv += 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, @@ -1074,7 +1079,9 @@ class Instance: try: client = pki.system.SystemStatusClient(connection) response = client.get_status() - config.pki_log.debug(response, extra=config.PKI_INDENTATION_LEVEL_3) + config.pki_log.debug( + response, + extra=config.PKI_INDENTATION_LEVEL_3) root = ET.fromstring(response) status = root.findtext("Status") @@ -1465,7 +1472,10 @@ class Directory: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1578,7 +1588,9 @@ class File: log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1624,7 +1636,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1668,7 +1682,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1726,7 +1743,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1741,7 +1761,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1796,7 +1818,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -2119,7 +2144,9 @@ class Password: token_name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) + raise Exception( + log.PKIHELPER_PASSWORD_NOT_FOUND_1 % + token_name) else: return return token_pwd @@ -2141,11 +2168,11 @@ class HSM: def initialize_ncipher(self): if (self.file.exists(config.PKI_HSM_NCIPHER_EXE) and - self.file.exists(config.PKI_HSM_NCIPHER_LIB) and - self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): + self.file.exists(config.PKI_HSM_NCIPHER_LIB) and + self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): # Check if 'pki_user' is a member of the default "nCipher" group if not self.identity.is_user_a_member_of_group( - self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): + self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): # Make 'pki_user' a member of the default "nCipher" group self.identity.add_user_to_group(self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP) @@ -2696,7 +2723,6 @@ class Modutil: extra=config.PKI_INDENTATION_LEVEL_2) return True - def register_security_module(self, path, modulename, libfile, prefix=None, critical_failure=True): try: @@ -2944,7 +2970,8 @@ class KRAConnector: sechost, secport) except Exception as e: config.pki_log.error( - "unable to access security domain. Continuing .. " + str(e), + "unable to access security domain. Continuing .. " + + str(e), extra=config.PKI_INDENTATION_LEVEL_2) ca_list = [] @@ -3085,7 +3112,7 @@ class TPSConnector: else: return - #retrieve tks host and port + # retrieve tks host and port if ':' in tkshostport: tkshost = tkshostport.split(':')[0] tksport = tkshostport.split(':')[1] @@ -3854,7 +3881,7 @@ class ConfigClient: admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) - except Exception, e: + except Exception as e: config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), extra=config.PKI_INDENTATION_LEVEL_2) @@ -3862,7 +3889,7 @@ class ConfigClient: if hasattr(e, 'response'): try: root = ET.fromstring(e.response.text) - except ET.ParseError, pe: + except ET.ParseError as pe: config.pki_log.error( "ParseError: %s: %s " % (pe, e.response.text), extra=config.PKI_INDENTATION_LEVEL_2) @@ -4007,8 +4034,8 @@ class ConfigClient: with open(self.mdict['pki_external_admin_csr_path'], "w") as f: f.write("-----BEGIN CERTIFICATE REQUEST-----\n") admin_certreq = None - with open(os.path.join(\ - self.mdict['pki_client_database_dir'],\ + with open(os.path.join( + self.mdict['pki_client_database_dir'], "admin_pkcs10.bin.asc"), "r") as f: admin_certreq = f.read() with open(self.mdict['pki_external_admin_csr_path'], "a") as f: @@ -4021,8 +4048,10 @@ class ConfigClient: log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq, extra=config.PKI_INDENTATION_LEVEL_2) - def save_admin_cert(self, message, input_data, output_file, subsystem_name): - config.pki_log.debug(message + " '" + output_file + "'", subsystem_name, + def save_admin_cert(self, message, input_data, output_file, + subsystem_name): + config.pki_log.debug(message + " '" + output_file + "'", + subsystem_name, extra=config.PKI_INDENTATION_LEVEL_2) with open(output_file, "w") as f: f.write(input_data) @@ -4058,7 +4087,7 @@ class ConfigClient: cert.certChain = f.read() def set_system_certs(self, data): - systemCerts = [] + systemCerts = [] # nopep8 # Create 'CA Signing Certificate' if not self.clone: @@ -4277,7 +4306,8 @@ class ConfigClient: data.securityDomainType = "existingdomain" data.securityDomainUri = self.mdict['pki_security_domain_uri'] data.securityDomainUser = self.mdict['pki_security_domain_user'] - data.securityDomainPassword = self.mdict['pki_security_domain_password'] + data.securityDomainPassword = self.mdict[ + 'pki_security_domain_password'] def set_new_security_domain(self, data): data.securityDomainType = "newdomain" @@ -4559,4 +4589,6 @@ class PKIDeployer: f.write(etree.tostring(document, pretty_print=True)) os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) - os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) + os.chmod( + new_descriptor, + config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py index 593fb20d3..67b9348c1 100644 --- a/base/server/python/pki/server/deployment/pkimanifest.py +++ b/base/server/python/pki/server/deployment/pkimanifest.py @@ -101,4 +101,3 @@ class File: config.pki_log.error(log.PKI_IOERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_1) raise - diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index cc9102161..649237307 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -146,7 +146,7 @@ REMINDER: Finally, if an optional '-p <prefix>' is defined, this value WILL NOT be prepended in front of the mandatory '-f <configuration_file>'. """ + PKI_VERBOSITY -PKISPAWN_INTERACTIVE_INSTALLATION=''' +PKISPAWN_INTERACTIVE_INSTALLATION = ''' IMPORTANT: Interactive installation currently only exists for very basic deployments! diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index c1b6be395..f192cc924 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -52,7 +52,7 @@ class PKIConfigParser: def __init__(self, description, epilog): self.pki_config = None - #Read and process command-line options + # Read and process command-line options self.arg_parser = argparse.ArgumentParser( description=description, add_help=False, @@ -64,7 +64,8 @@ class PKIConfigParser: 'mandatory arguments') # Establish 'Optional' command-line options - self.optional = self.arg_parser.add_argument_group('optional arguments') + self.optional = self.arg_parser.add_argument_group( + 'optional arguments') self.optional.add_argument( '-s', dest='pki_subsystem', action='store', @@ -239,17 +240,17 @@ class PKIConfigParser: self.pki_config.set(section, key, value) self.flatten_master_dict() - if section != "DEFAULT" and not config.user_config.has_section(section): + if section != "DEFAULT" and not config.user_config.has_section( + section): config.user_config.add_section(section) config.user_config.set(section, key, value) def print_text(self, message): print ' ' * self.indent + message - def read_text( - self, message, - section=None, key=None, default=None, - options=None, sign=':', allow_empty=True, case_sensitive=True): + def read_text(self, message, section=None, key=None, default=None, + options=None, sign=':', allow_empty=True, + case_sensitive=True): if default is None and key is not None: default = self.mdict[key] @@ -289,12 +290,11 @@ class PKIConfigParser: return value - def read_password( - self, message, section=None, key=None, - verifyMessage=None): + def read_password(self, message, section=None, key=None, # nopep8 + verifyMessage=None): message = ' ' * self.indent + message + ': ' - if verifyMessage is not None: - verifyMessage = ' ' * self.indent + verifyMessage + ': ' + if verifyMessage is not None: # nopep8 + verifyMessage = ' ' * self.indent + verifyMessage + ': ' # nopep8 while True: password = '' @@ -370,7 +370,7 @@ class PKIConfigParser: section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: print err rv = err return rv @@ -578,25 +578,25 @@ class PKIConfigParser: self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not 'pki_enable_access_log' in self.mdict or\ + if 'pki_enable_access_log' not in self.mdict or\ not len(self.mdict['pki_enable_access_log']): self.mdict['pki_enable_access_log'] = "false" - if not 'pki_external' in self.mdict or\ + if 'pki_external' not in self.mdict or\ not len(self.mdict['pki_external']): self.mdict['pki_external'] = "false" - if not 'pki_req_ext_add' in self.mdict or\ + if 'pki_req_ext_add' not in self.mdict or\ not len(self.mdict['pki_req_ext_add']): self.mdict['pki_req_ext_add'] = "false" - if not 'pki_external_step_two' in self.mdict or\ + if 'pki_external_step_two' not in self.mdict or\ not len(self.mdict['pki_external_step_two']): self.mdict['pki_external_step_two'] = "false" - if not 'pki_standalone' in self.mdict or\ + if 'pki_standalone' not in self.mdict or\ not len(self.mdict['pki_standalone']): self.mdict['pki_standalone'] = "false" - if not 'pki_subordinate' in self.mdict or\ + if 'pki_subordinate' not in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" - if not 'pki_san_inject' in self.mdict or\ + if 'pki_san_inject' not in self.mdict or\ not len(self.mdict['pki_san_inject']): self.mdict['pki_san_inject'] = "false" @@ -636,8 +636,8 @@ class PKIConfigParser: # and add this to the "sensitive" key value pairs read in from # the configuration file self.mdict['pki_one_time_pin'] = \ - ''.join(random.choice(string.ascii_letters + string.digits)\ - for x in range(20)) + ''.join(random.choice(string.ascii_letters + string.digits) + for x in range(20)) self.mdict['pki_target_catalina_properties'] = \ os.path.join( @@ -789,11 +789,9 @@ class PKIConfigParser: self.mdict['pki_ds_secure_connection'].lower() self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.mdict['pki_https_port'] @@ -1175,8 +1173,8 @@ class PKIConfigParser: # Stand-alone PKI self.mdict['pki_security_domain_type'] = "new" self.mdict['pki_issuing_ca'] = "External CA" - elif (config.pki_subsystem != "CA" or\ - config.str2bool(self.mdict['pki_clone']) or\ + elif (config.pki_subsystem != "CA" or + config.str2bool(self.mdict['pki_clone']) or config.str2bool(self.mdict['pki_subordinate'])): # PKI KRA, PKI OCSP, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone @@ -1229,7 +1227,7 @@ class PKIConfigParser: self.mdict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in self.mdict: + if 'pki_import_admin_cert' not in self.mdict: self.mdict['pki_import_admin_cert'] = 'false' elif not config.str2bool(self.mdict['pki_skip_configuration']) and \ (config.str2bool(self.mdict['pki_standalone'])): @@ -1303,7 +1301,7 @@ class PKIConfigParser: parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs self.slots_dict = dict(parser.items('Tomcat')) - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: rv = err return rv @@ -1324,5 +1322,3 @@ class PKIConfigParser: break return data - - diff --git a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py index fcd9fa63e..630ef38cc 100644 --- a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py @@ -55,7 +55,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.directory.create( deployer.mdict['pki_instance_type_registry_path']) deployer.directory.create(deployer.mdict['pki_instance_registry_path']) - deployer.directory.create(deployer.mdict['pki_subsystem_registry_path']) + deployer.directory.create( + deployer.mdict['pki_subsystem_registry_path']) deployer.file.copy( deployer.mdict['pki_default_deployment_cfg'], deployer.mdict['pki_default_deployment_cfg_replica']) diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 9545c4d4e..378343eb5 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -51,8 +51,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or \ - config.str2bool(deployer.mdict['pki_standalone'])) and \ + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and \ config.str2bool(deployer.mdict['pki_external_step_two']): # verify that this External CA (Step 2), or Stand-alone PKI # (Step 2) currently EXISTS for this "instance" diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index c3d4d9e49..3ffe452bb 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -138,7 +138,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Import the directory server CA certificate rv = deployer.certutil.import_cert( deployer.mdict['pki_ds_secure_connection_ca_nickname'], - deployer.mdict['pki_ds_secure_connection_ca_trustargs'], + deployer.mdict[ + 'pki_ds_secure_connection_ca_trustargs'], deployer.mdict['pki_ds_secure_connection_ca_pem_file'], password_file=deployer.mdict['pki_shared_pfile'], path=deployer.mdict['pki_database_path'], diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 1db945e12..c1ee0e7b1 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -38,14 +38,12 @@ SUBSYSTEM_TRACKER = '%s/CS.cfg' class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): def __init__(self): - super(PKIServerUpgradeScriptlet, self).__init__() def get_backup_dir(self): return BACKUP_DIR + '/' + str(self.version) + '/' + str(self.index) def can_upgrade_server(self, instance, subsystem=None): - # A scriptlet can run if the version matches the tracker and # the index is the next to be executed. @@ -55,7 +53,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): self.index == tracker.get_index() + 1 def update_server_tracker(self, instance, subsystem=None): - # Increment the index in the tracker. If it's the last scriptlet # in this version, update the tracker version. @@ -70,7 +67,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): tracker.set_version(self.version.next) def upgrade(self): - for instance in self.upgrader.instances(): self.upgrade_subsystems(instance) @@ -112,7 +108,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): 'Upgrade failed in %s: %s' % (instance, e), e, instance) def upgrade_subsystems(self, instance): - for subsystem in self.upgrader.subsystems(instance): if not self.can_upgrade_server(instance, subsystem): @@ -159,10 +154,9 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): class PKIServerUpgrader(pki.upgrade.PKIUpgrader): - def __init__( - self, instanceName=None, instanceType=None, subsystemName=None, - upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False): - + def __init__(self, instanceName=None, instanceType=None, # nopep8 + subsystemName=None, upgrade_dir=UPGRADE_DIR, # nopep8 + version=None, index=None, silent=False): super(PKIServerUpgrader, self).__init__( upgrade_dir, version, index, silent) @@ -179,9 +173,10 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): self.subsystem_trackers = {} def instances(self): - if self.instanceName and self.instanceType: - instance = pki.server.PKIInstance(self.instanceName, self.instanceType) + instance = pki.server.PKIInstance( + self.instanceName, + self.instanceType) instance.validate() instance.load() return [instance] @@ -215,7 +210,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return instance_list def subsystems(self, instance): - if self.subsystemName: subsystem = pki.server.PKISubsystem(instance, self.subsystemName) subsystem.validate() @@ -229,7 +223,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): instance.name) for subsystemName in os.listdir(registry_dir): if subsystemName in pki.server.SUBSYSTEM_TYPES: - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) else: @@ -239,7 +235,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystemName, instance.name) if os.path.exists(registry_dir): - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) @@ -248,7 +246,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return subsystem_list def get_server_tracker(self, instance, subsystem=None): - if subsystem: name = str(subsystem) try: @@ -275,7 +272,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return tracker def get_current_version(self): - current_version = None for instance in self.instances(): @@ -306,7 +302,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return current_version def show_tracker(self): - for instance in self.instances(): if not self.subsystemName: @@ -319,7 +314,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): tracker.show() def set_tracker(self, version): - for instance in self.instances(): if not self.subsystemName: @@ -334,7 +328,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): print 'Tracker has been set to version ' + str(version) + '.' def remove_tracker(self): - for instance in self.instances(): if not self.subsystemName: diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server index 627a4765e..2afaaa547 100644 --- a/base/server/sbin/pki-server +++ b/base/server/sbin/pki-server @@ -32,8 +32,9 @@ import pki.server.cli.nuxwdog class PKIServerCLI(pki.cli.CLI): def __init__(self): - - super(PKIServerCLI, self).__init__('pki-server', 'PKI server command-line interface') + super(PKIServerCLI, self).__init__( + 'pki-server', + 'PKI server command-line interface') self.add_module(pki.server.cli.instance.InstanceCLI()) self.add_module(pki.server.cli.subsystem.SubsystemCLI()) @@ -44,7 +45,6 @@ class PKIServerCLI(pki.cli.CLI): return module_name def print_help(self): - print 'Usage: pki-server [OPTIONS]' print print ' -v, --verbose Run in verbose mode.' @@ -55,7 +55,6 @@ class PKIServerCLI(pki.cli.CLI): super(PKIServerCLI, self).print_help() def execute(self, argv): - try: opts, args = getopt.getopt(argv[1:], 'v', [ 'verbose', 'debug', 'help']) diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy index abc11dc8d..fa5232e10 100755 --- a/base/server/sbin/pkidestroy +++ b/base/server/sbin/pkidestroy @@ -45,11 +45,11 @@ There was a problem importing one of the required Python modules. The error was: %s -""" % sys.exc_value +""" % sys.exc_info()[1] sys.exit(1) -#Handle the Keyboard Interrupt +# Handle the Keyboard Interrupt # pylint: disable=W0613 def interrupt_handler(event, frame): print @@ -114,7 +114,7 @@ def main(argv): action='store', nargs=1, metavar='<security domain user>', help='security domain user') - + parser.optional.add_argument( '-W', dest='pki_secdomain_pass_file', diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index fb5a61a8f..760febee2 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -48,7 +48,7 @@ There was a problem importing one of the required Python modules. The error was: %s -""" % sys.exc_value +""" % sys.exc_info()[1] sys.exit(1) @@ -116,7 +116,8 @@ def main(argv): # -f <user deployment config> if args.user_deployment_cfg is not None: - config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']') + config.user_deployment_cfg = str( + args.user_deployment_cfg).strip('[\']') parser.validate() interactive = False @@ -234,22 +235,22 @@ def main(argv): # print "Interactive HSM installation is currently unsupported." # sys.exit(0) - # TBD: Interactive HSM installation - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_enable', - # 'True') - # modulename = parser.read_text( - # 'HSM Module Name (e. g. - nethsm)', allow_empty=False) - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_modulename', - # modulename) - # libfile = parser.read_text( - # 'HSM Lib File ' + - # '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)', - # allow_empty=False) - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_libfile', - # libfile) + # TBD: Interactive HSM installation + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_enable', + # 'True') + # modulename = parser.read_text( + # 'HSM Module Name (e. g. - nethsm)', allow_empty=False) + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_modulename', + # modulename) + # libfile = parser.read_text( + # 'HSM Lib File ' + + # '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)', + # allow_empty=False) + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_libfile', + # libfile) # print print "Directory Server:" @@ -415,7 +416,7 @@ def main(argv): parser.set_property(config.pki_subsystem, 'pki_enable_server_side_keygen', 'True') - + parser.read_text('KRA URL', config.pki_subsystem, 'pki_kra_uri') @@ -487,7 +488,8 @@ def main(argv): sys.exit(1) # Enable 'pkispawn' logging. - config.pki_log_dir = config.pki_root_prefix + config.PKI_DEPLOYMENT_LOG_ROOT + config.pki_log_dir = config.pki_root_prefix + \ + config.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" + \ config.pki_subsystem.lower() + \ "-" + "spawn" + "." + \ @@ -533,7 +535,7 @@ def main(argv): not config.str2bool(parser.mdict['pki_skip_configuration']): try: # Verify existence of Directory Server Password - if not 'pki_ds_password' in parser.mdict or\ + if 'pki_ds_password' not in parser.mdict or\ not len(parser.mdict['pki_ds_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -557,7 +559,7 @@ def main(argv): if parser.mdict['pki_security_domain_type'] != "new": try: # Verify existence of Security Domain Password - if not 'pki_security_domain_password' in parser.mdict or\ + if 'pki_security_domain_password' not in parser.mdict or\ not len(parser.mdict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -643,10 +645,10 @@ def print_install_information(mdict): % mdict['pki_client_database_dir'] print log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'] print log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'] - if (((config.pki_subsystem == "KRA" or\ - config.pki_subsystem == "OCSP") and\ - config.str2bool(mdict['pki_standalone'])) and\ - not config.str2bool(mdict['pki_external_step_two'])): + if (((config.pki_subsystem == "KRA" or + config.pki_subsystem == "OCSP") and + config.str2bool(mdict['pki_standalone'])) and + not config.str2bool(mdict['pki_external_step_two'])): # Stand-alone PKI KRA/OCSP (External CA Step 1) print log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem else: diff --git a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator index 5cf4e581b..7b477da0b 100755 --- a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator +++ b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator @@ -27,7 +27,8 @@ import pki import pki.server.upgrade -class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet): +class ReplaceRandomNumberGenerator( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(ReplaceRandomNumberGenerator, self).__init__() @@ -38,7 +39,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def upgrade_subsystem(self, instance, subsystem): - meta_inf = os.path.join(instance.base_dir, 'webapps', subsystem.name, 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name, + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -54,7 +59,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) document = etree.parse(context_xml, self.parser) self.add_manager(document) - if subsystem.type >=10: + if subsystem.type >= 10: self.update_authenticator(document) else: self.remove_authenticator(document) @@ -70,7 +75,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def update_root_context_xml(self, instance): - meta_inf = os.path.join(instance.base_dir, 'webapps', 'ROOT', 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + 'ROOT', + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -92,7 +101,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def update_pki_context_xml(self, instance): - meta_inf = os.path.join(instance.base_dir, 'webapps', 'pki', 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + 'pki', + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -118,7 +131,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) os.mkdir(path) os.chown(path, instance.uid, instance.gid) - os.chmod(path, 0770) + os.chmod(path, 0o770) def create_context_xml(self, instance, source, target): @@ -126,7 +139,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) shutil.copyfile(source, target) os.chown(target, instance.uid, instance.gid) - os.chmod(target, 0660) + os.chmod(target, 0o660) def add_manager(self, document): @@ -164,7 +177,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) # Create new authenticator' authenticator = etree.SubElement(authenticator, 'Valve') authenticator.set('className', - 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback') + 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback') # Update authenticator's attributes authenticator.set('secureRandomProvider', 'Mozilla-JSS') diff --git a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges index 5960f1d2d..3c77b424e 100755 --- a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges +++ b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges @@ -25,6 +25,7 @@ from lxml import etree as ET import pki import pki.server.upgrade + class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): updateDomainServletData = """ @@ -151,7 +152,7 @@ class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): self.root.remove(mapping) def modify_update_domain_xml(self): - #add caUpdateDomainXML-admin servlet and mapping + # add caUpdateDomainXML-admin servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() @@ -174,9 +175,8 @@ class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): mapping = ET.fromstring(self.updateDomainMappingData) self.root.insert(index, mapping) - def modify_token_authenticate(self): - #add caTokenAuthenticate-admin servlet and mapping + # add caTokenAuthenticate-admin servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() diff --git a/base/server/upgrade/10.0.1/03-AddRestServlet b/base/server/upgrade/10.0.1/03-AddRestServlet index 2f375cd42..46559373d 100755 --- a/base/server/upgrade/10.0.1/03-AddRestServlet +++ b/base/server/upgrade/10.0.1/03-AddRestServlet @@ -25,6 +25,7 @@ from lxml import etree as ET import pki import pki.server.upgrade + class AddRestServlet(pki.server.upgrade.PKIServerUpgradeScriptlet): restServicesServletData = """ @@ -63,7 +64,7 @@ class AddRestServlet(pki.server.upgrade.PKIServerUpgradeScriptlet): self.doc.write(web_xml) def add_rest_services_servlet(self): - #add rest-services servlet and mapping + # add rest-services servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() diff --git a/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator index fe954c662..53d97ab01 100755 --- a/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator +++ b/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator @@ -25,7 +25,8 @@ from lxml import etree import pki.server.upgrade -class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet): +class EnableSessionInAuthenticator( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(EnableSessionInAuthenticator, self).__init__() diff --git a/base/server/upgrade/10.0.99/01-FixJavaOpts b/base/server/upgrade/10.0.99/01-FixJavaOpts index da2ece18a..8b5187397 100755 --- a/base/server/upgrade/10.0.99/01-FixJavaOpts +++ b/base/server/upgrade/10.0.99/01-FixJavaOpts @@ -36,4 +36,3 @@ class FixJavaOpts(pki.server.upgrade.PKIServerUpgradeScriptlet): with open(fname, "w") as outfile: for line in lines: outfile.write(re.sub(r'\$JAVA_OPTS *', '', line)) - diff --git a/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile b/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile index 76dbb23d6..7fa6c937e 100755 --- a/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile +++ b/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile @@ -24,7 +24,8 @@ import os import pki.server.upgrade -class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationContextFile( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationContextFile, self).__init__() @@ -41,7 +42,11 @@ class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet def upgrade_webapp(self, instance, webapp): - metainf_dir = os.path.join(instance.base_dir, 'webapps', webapp, 'META-INF') + metainf_dir = os.path.join( + instance.base_dir, + 'webapps', + webapp, + 'META-INF') if not os.path.exists(metainf_dir): # upgrade already done return diff --git a/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile b/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile index 76dbb23d6..7fa6c937e 100755 --- a/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile +++ b/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile @@ -24,7 +24,8 @@ import os import pki.server.upgrade -class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationContextFile( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationContextFile, self).__init__() @@ -41,7 +42,11 @@ class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet def upgrade_webapp(self, instance, webapp): - metainf_dir = os.path.join(instance.base_dir, 'webapps', webapp, 'META-INF') + metainf_dir = os.path.join( + instance.base_dir, + 'webapps', + webapp, + 'META-INF') if not os.path.exists(metainf_dir): # upgrade already done return diff --git a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson index b74f9d3ee..2da03a600 100755 --- a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson +++ b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson @@ -55,7 +55,9 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-annotations.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson', 'jackson-core-asl.jar') + source = os.path.join( + '/usr/share/java/jackson', + 'jackson-core-asl.jar') link = os.path.join(common_lib, 'jackson-core-asl.jar') self.create_link(instance, source, link) @@ -67,7 +69,9 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-databind.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson-jaxrs-providers', 'jackson-jaxrs-base.jar') + source = os.path.join( + '/usr/share/java/jackson-jaxrs-providers', + 'jackson-jaxrs-base.jar') link = os.path.join(common_lib, 'jackson-jaxrs-base.jar') self.create_link(instance, source, link) @@ -75,15 +79,21 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-jaxrs.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson-jaxrs-providers', 'jackson-jaxrs-json-provider.jar') + source = os.path.join( + '/usr/share/java/jackson-jaxrs-providers', + 'jackson-jaxrs-json-provider.jar') link = os.path.join(common_lib, 'jackson-jaxrs-json-provider.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson', 'jackson-mapper-asl.jar') + source = os.path.join( + '/usr/share/java/jackson', + 'jackson-mapper-asl.jar') link = os.path.join(common_lib, 'jackson-mapper-asl.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java', 'jackson-module-jaxb-annotations.jar') + source = os.path.join( + '/usr/share/java', + 'jackson-module-jaxb-annotations.jar') link = os.path.join(common_lib, 'jackson-module-jaxb-annotations.jar') self.create_link(instance, source, link) diff --git a/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass b/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass index 870fa981c..1cfff29f6 100755 --- a/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass +++ b/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass @@ -25,7 +25,9 @@ from lxml import etree as ET import pki import pki.server.upgrade -class ReplaceRESTEasyApplicationClass(pki.server.upgrade.PKIServerUpgradeScriptlet): + +class ReplaceRESTEasyApplicationClass( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(ReplaceRESTEasyApplicationClass, self).__init__() @@ -58,15 +60,20 @@ class ReplaceRESTEasyApplicationClass(pki.server.upgrade.PKIServerUpgradeScriptl if servlet is None: raise Exception('Resteasy servlet not found in ' + web_xml) - param = servlet.find('init-param[param-name="javax.ws.rs.Application"]') + param = servlet.find( + 'init-param[param-name="javax.ws.rs.Application"]') if param is None: - raise Exception('Resteasy application parameter not found in ' + web_xml) + raise Exception( + 'Resteasy application parameter not found in ' + + web_xml) value = param.find('param-value') if value is None: - raise Exception('Resteasy application value not found in ' + web_xml) + raise Exception( + 'Resteasy application value not found in ' + + web_xml) value.text = self.class_names[subsystem.name] diff --git a/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML b/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML index edc27e3f8..4117b7e6a 100755 --- a/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML +++ b/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML @@ -33,8 +33,17 @@ class RemoveConfigPathFromWebXML(pki.server.upgrade.PKIServerUpgradeScriptlet): def upgrade_subsystem(self, instance, subsystem): - default_cs_cfg = os.path.join(instance.base_dir, 'conf', subsystem.name, 'CS.cfg') - web_xml = os.path.join(instance.base_dir, 'webapps', subsystem.name, 'WEB-INF', 'web.xml') + default_cs_cfg = os.path.join( + instance.base_dir, + 'conf', + subsystem.name, + 'CS.cfg') + web_xml = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name, + 'WEB-INF', + 'web.xml') if not os.path.exists(web_xml): return diff --git a/base/server/upgrade/10.2.1/01-AddTLSRangeSupport b/base/server/upgrade/10.2.1/01-AddTLSRangeSupport index e2259245b..c9db5503b 100755 --- a/base/server/upgrade/10.2.1/01-AddTLSRangeSupport +++ b/base/server/upgrade/10.2.1/01-AddTLSRangeSupport @@ -34,21 +34,20 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): self.parser = etree.XMLParser(remove_blank_text=True) - def upgrade_instance(self, instance): - server_xml = os.path.join(instance.conf_dir, 'server.xml') - #Backup the file before modify + server_xml = os.path.join(instance.conf_dir, 'server.xml') + # Backup the file before modify self.backup(server_xml) - #Parse the server.xml into an XML object + # Parse the server.xml into an XML object document = etree.parse(server_xml, self.parser) - #perform the upgrade in memory + # perform the upgrade in memory self.add_tls_range(document) - #Once all changes are made, write the XML back into the same server.xml - #This way we're preserving any other customization that has been done + # Once all changes are made, write the XML back into the same server.xml + # This way we're preserving any other customization that has been done # to the server.xml with open(server_xml, 'w') as f: - f.write(etree.tostring(document, pretty_print=True)) + f.write(etree.tostring(document, pretty_print=True)) def add_tls_range(self, document): @@ -57,7 +56,7 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): connectors = server.findall('.//Connector') for connector in connectors: - + secure = connector.get('secure') if secure == 'true': # Update Connector's attributes @@ -65,38 +64,37 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): connector.set('sslVersionRangeStream', 'tls1_0:tls1_2') connector.set('sslVersionRangeDatagram', 'tls1_1:tls1_2') connector.set('sslRangeCiphers', - '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,' \ - '-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_256_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256') - + '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,' + '-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,' + '+TLS_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,' + '+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,' + '+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,' + '+TLS_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_RSA_WITH_AES_256_CBC_SHA256,' + '+TLS_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,' + '+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256') diff --git a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations index 8d63a5563..5689f2526 100755 --- a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations +++ b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations @@ -27,7 +27,8 @@ import pki import pki.server.upgrade -class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationDeploymentLocations( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationDeploymentLocations, self).__init__() @@ -37,7 +38,10 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS def upgrade_subsystem(self, instance, subsystem): - subsystem_webapps = os.path.join(instance.base_dir, subsystem.name, 'webapps') + subsystem_webapps = os.path.join( + instance.base_dir, + subsystem.name, + 'webapps') self.backup(subsystem_webapps) # remove old subsystem webapps symlink @@ -49,14 +53,24 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS os.mkdir(subsystem_webapps) os.chown(subsystem_webapps, instance.uid, instance.gid) - os.chmod(subsystem_webapps, 0770) + os.chmod(subsystem_webapps, 0o770) # move subsystem webapp - subsystem_old_webapp = os.path.join(instance.base_dir, 'webapps', subsystem.name) + subsystem_old_webapp = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name) subsystem_new_webapp = os.path.join(subsystem_webapps, subsystem.name) - subsystem_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', subsystem.name + '.xml') + subsystem_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + subsystem.name + '.xml') - self.move_webapp(subsystem_old_webapp, subsystem_new_webapp, subsystem_context_xml) + self.move_webapp( + subsystem_old_webapp, + subsystem_new_webapp, + subsystem_context_xml) def upgrade_instance(self, instance): @@ -68,19 +82,27 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS os.mkdir(common_webapps) os.chown(common_webapps, instance.uid, instance.gid) - os.chmod(common_webapps, 0770) + os.chmod(common_webapps, 0o770) # move ROOT webapp root_old_webapp = os.path.join(instance.base_dir, 'webapps', 'ROOT') root_new_webapp = os.path.join(common_webapps, 'ROOT') - root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + root_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'ROOT.xml') self.move_webapp(root_old_webapp, root_new_webapp, root_context_xml) # move pki webapp pki_old_webapp = os.path.join(instance.base_dir, 'webapps', 'pki') pki_new_webapp = os.path.join(common_webapps, 'pki') - pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + pki_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'pki.xml') self.move_webapp(pki_old_webapp, pki_new_webapp, pki_context_xml) diff --git a/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy b/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy index 6e2731d27..5493e1e21 100755 --- a/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy +++ b/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy @@ -26,7 +26,8 @@ import pki import pki.server.upgrade -class EnableWebApplicationAutoDeploy(pki.server.upgrade.PKIServerUpgradeScriptlet): +class EnableWebApplicationAutoDeploy( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(EnableWebApplicationAutoDeploy, self).__init__() diff --git a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership index 3c7f21aaf..83ec67d6b 100755 --- a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership +++ b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership @@ -23,7 +23,8 @@ import os import pki.server.upgrade -class FixInstanceWorkFolderOwnership(pki.server.upgrade.PKIServerUpgradeScriptlet): +class FixInstanceWorkFolderOwnership( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(FixInstanceWorkFolderOwnership, self).__init__() @@ -31,6 +32,8 @@ class FixInstanceWorkFolderOwnership(pki.server.upgrade.PKIServerUpgradeScriptle def upgrade_instance(self, instance): - directory = os.path.join(instance.base_dir, 'work/Catalina/localhost/pki') + directory = os.path.join( + instance.base_dir, + 'work/Catalina/localhost/pki') if os.path.exists(directory): pki.util.chown(directory, instance.uid, instance.gid) diff --git a/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML index dfc6a98a6..5e4077371 100755 --- a/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML +++ b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML @@ -25,7 +25,9 @@ from lxml import etree as ET import pki import pki.server.upgrade -class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgradeScriptlet): + +class AddMissingOCSPGETServletMappingToWebXML( + pki.server.upgrade.PKIServerUpgradeScriptlet): OCSPGETServletMappingData = """ <servlet-mapping> @@ -41,7 +43,6 @@ class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgrad self.doc = None self.root = None - def upgrade_subsystem(self, instance, subsystem): # only affects CA if subsystem.name != "ca": @@ -64,7 +65,7 @@ class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgrad self.doc.write(web_xml) def add_ocsp_get_servlet_mapping(self): - #add missing OCSP Get servlet mapping + # add missing OCSP Get servlet mapping mappingFound = False urlPattern = "" index = 0 diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML index 240fd28fc..8fd67271c 100755 --- a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML +++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML @@ -25,7 +25,7 @@ import pki.server.upgrade class RemoveInaccessableURLsFromServerXML( - pki.server.upgrade.PKIServerUpgradeScriptlet): + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(RemoveInaccessableURLsFromServerXML, self).__init__() self.message = 'Remove inaccessable URLs from server.xml' diff --git a/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML b/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML index 1cf7413ed..8dee70db6 100755 --- a/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML +++ b/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML @@ -25,7 +25,7 @@ import pki.server.upgrade class AddPhoneHomeURLsToTPSsServerXML( - pki.server.upgrade.PKIServerUpgradeScriptlet): + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(AddPhoneHomeURLsToTPSsServerXML, self).__init__() self.message = 'Add Phone Home URLs to TPS section of server.xml.' @@ -25,6 +25,7 @@ from distutils.core import setup UPGRADE_SCRIPT = re.compile('^[0-9]+-.*') + def find_upgrade(origroot, destroot): upgrades = {} for dirpath, dirnames, filenames in os.walk(origroot): @@ -77,8 +77,9 @@ commands = python_files = tests/python/*.py [flake8] -exclude = .tox,*.egg,dist,build,conf.py,tests/* -include = *.py,pki-upgrade,pkidestroy,pki-server,pki-server-upgrade,pkispawn,pki +ignore = N802,N806,N812 +exclude = .tox,*.egg,dist,build,conf.py,tests/*,.git +filename = *.py,pki,pkidestroy,pki-upgrade,pki-server,pki-server-upgrade,pkispawn,[0-9][0-9]-* show-source = true max-line-length = 99 application-import-names = pki |