Updated KRA Python client library.

The Python client library for KRA has been modified to simplify the usage. The NSSCryptoProvider's setup_database() and __init__() now take a password file parameter. The import_cert() now can take either cert binary/encoded data or CertData object. It also provides a default value for the trust attribute. The KRAClient now stores the crypto provider object. The KRA test has been updated to provide options to override the default test configuration (e.g. hostname, port). It also has been modified to use a temporary NSS database. The setup document has been updated to describe the process to run the test as root and as a regular user.
author: Endi S. Dewata <edewata@redhat.com> 2014-10-07 13:47:10 -0400
committer: Endi S. Dewata <edewata@redhat.com> 2014-10-09 17:08:20 -0400
commit: 906dde7b9a993efc23f8f44d1fff9d4b567c1525 (patch)
tree: 88786aea5f9b539591419bb4b31c49dbf3fc0851 /base/common
parent: 27e27f8b63bc4c45d25a8bc5e07ac3a8e199565e (diff)
download: pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.gz
pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.xz
pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.zip
2 files changed, 30 insertions, 13 deletions
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py
index f9aed3f36..147e65447 100644
--- a/base/common/python/pki/crypto.py
+++ b/base/common/python/pki/crypto.py
@@ -102,7 +102,7 @@ class NSSCryptoProvider(CryptoProvider):
     """
 
     @staticmethod
-    def setup_database(db_dir, password, over_write=False):
+    def setup_database(db_dir, password=None, over_write=False, password_file=None):
         """ Create an NSS database """
         if os.path.exists(db_dir):
             if not over_write:
@@ -113,14 +113,20 @@ class NSSCryptoProvider(CryptoProvider):
                 os.remove(db_dir)
         os.makedirs(db_dir)
 
-        home = os.path.expanduser("~")
-        with tempfile.NamedTemporaryFile(dir=home) as pwd_file:
-            pwd_file.write(password)
-            pwd_file.flush()
-            command = ['certutil', '-N', '-d', db_dir, '-f', pwd_file.name]
+        try:
+            if password:
+                (f, password_file) = tempfile.mkstemp()
+                os.write(f, password)
+                os.close(f)
+
+            command = ['certutil', '-N', '-d', db_dir, '-f', password_file]
             subprocess.check_call(command)
 
-    def __init__(self, certdb_dir, certdb_password):
+        finally:
+            if password and password_file:
+                os.remove(password_file)
+
+    def __init__(self, certdb_dir, certdb_password=None, password_file=None):
         """ Initialize nss and nss related parameters
 
             This method expects a NSS database to have already been created at
@@ -128,7 +134,14 @@ class NSSCryptoProvider(CryptoProvider):
         """
         CryptoProvider.__init__(self)
         self.certdb_dir = certdb_dir
-        self.certdb_password = certdb_password
+
+        if certdb_password:
+            self.certdb_password = certdb_password
+
+        elif password_file:
+            with open(password_file, 'r') as f:
+                self.certdb_password = f.readline().strip()
+
         self.nonce_iv = "e4:bb:3b:d3:c3:71:2e:58"
 
     def initialize(self):
@@ -137,12 +150,18 @@ class NSSCryptoProvider(CryptoProvider):
         """
         nss.nss_init(self.certdb_dir)
 
-    def import_cert(self, cert_nick, cert, trust):
+    def import_cert(self, cert_nick, cert, trust=',,'):
         """ Import a certificate into the nss database
         """
+        # accept both CertData object or cert actual data
+        if type(cert).__name__ == 'CertData':
+            content = cert.encoded
+        else:
+            content = cert
+
         # certutil -A -d db_dir -n cert_nick -t trust -i cert_file
         with tempfile.NamedTemporaryFile() as cert_file:
-            cert_file.write(cert.binary)
+            cert_file.write(content)
             cert_file.flush()
             command = ['certutil', '-A', '-d', self.certdb_dir,
                        '-n', cert_nick, '-t', trust,
diff --git a/base/common/python/pki/kra.py b/base/common/python/pki/kra.py
index 6559b986b..9e46235d2 100644
--- a/base/common/python/pki/kra.py
+++ b/base/common/python/pki/kra.py
@@ -52,8 +52,6 @@ class KRAClient(object):
                         initialized beforehand.
         """
         self.connection = connection
+        self.crypto = crypto
         self.keys = key.KeyClient(connection, crypto, transport_cert_nick)
         self.system_certs = SystemCertClient(connection)
-
-
-
author	Endi S. Dewata <edewata@redhat.com>	2014-10-07 13:47:10 -0400
committer	Endi S. Dewata <edewata@redhat.com>	2014-10-09 17:08:20 -0400
commit	906dde7b9a993efc23f8f44d1fff9d4b567c1525 (patch)
tree	88786aea5f9b539591419bb4b31c49dbf3fc0851 /base/common
parent	27e27f8b63bc4c45d25a8bc5e07ac3a8e199565e (diff)
download	pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.gz pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.xz pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.zip