diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-10-07 13:47:10 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-10-09 17:08:20 -0400 |
commit | 906dde7b9a993efc23f8f44d1fff9d4b567c1525 (patch) | |
tree | 88786aea5f9b539591419bb4b31c49dbf3fc0851 /base/common | |
parent | 27e27f8b63bc4c45d25a8bc5e07ac3a8e199565e (diff) | |
download | pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.gz pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.tar.xz pki-906dde7b9a993efc23f8f44d1fff9d4b567c1525.zip |
Updated KRA Python client library.
The Python client library for KRA has been modified to simplify
the usage. The NSSCryptoProvider's setup_database() and __init__()
now take a password file parameter. The import_cert() now can
take either cert binary/encoded data or CertData object. It also
provides a default value for the trust attribute. The KRAClient
now stores the crypto provider object.
The KRA test has been updated to provide options to override
the default test configuration (e.g. hostname, port). It also has
been modified to use a temporary NSS database. The setup document
has been updated to describe the process to run the test as root
and as a regular user.
Diffstat (limited to 'base/common')
-rw-r--r-- | base/common/python/pki/crypto.py | 39 | ||||
-rw-r--r-- | base/common/python/pki/kra.py | 4 |
2 files changed, 30 insertions, 13 deletions
diff --git a/base/common/python/pki/crypto.py b/base/common/python/pki/crypto.py index f9aed3f36..147e65447 100644 --- a/base/common/python/pki/crypto.py +++ b/base/common/python/pki/crypto.py @@ -102,7 +102,7 @@ class NSSCryptoProvider(CryptoProvider): """ @staticmethod - def setup_database(db_dir, password, over_write=False): + def setup_database(db_dir, password=None, over_write=False, password_file=None): """ Create an NSS database """ if os.path.exists(db_dir): if not over_write: @@ -113,14 +113,20 @@ class NSSCryptoProvider(CryptoProvider): os.remove(db_dir) os.makedirs(db_dir) - home = os.path.expanduser("~") - with tempfile.NamedTemporaryFile(dir=home) as pwd_file: - pwd_file.write(password) - pwd_file.flush() - command = ['certutil', '-N', '-d', db_dir, '-f', pwd_file.name] + try: + if password: + (f, password_file) = tempfile.mkstemp() + os.write(f, password) + os.close(f) + + command = ['certutil', '-N', '-d', db_dir, '-f', password_file] subprocess.check_call(command) - def __init__(self, certdb_dir, certdb_password): + finally: + if password and password_file: + os.remove(password_file) + + def __init__(self, certdb_dir, certdb_password=None, password_file=None): """ Initialize nss and nss related parameters This method expects a NSS database to have already been created at @@ -128,7 +134,14 @@ class NSSCryptoProvider(CryptoProvider): """ CryptoProvider.__init__(self) self.certdb_dir = certdb_dir - self.certdb_password = certdb_password + + if certdb_password: + self.certdb_password = certdb_password + + elif password_file: + with open(password_file, 'r') as f: + self.certdb_password = f.readline().strip() + self.nonce_iv = "e4:bb:3b:d3:c3:71:2e:58" def initialize(self): @@ -137,12 +150,18 @@ class NSSCryptoProvider(CryptoProvider): """ nss.nss_init(self.certdb_dir) - def import_cert(self, cert_nick, cert, trust): + def import_cert(self, cert_nick, cert, trust=',,'): """ Import a certificate into the nss database """ + # accept both CertData object or cert actual data + if type(cert).__name__ == 'CertData': + content = cert.encoded + else: + content = cert + # certutil -A -d db_dir -n cert_nick -t trust -i cert_file with tempfile.NamedTemporaryFile() as cert_file: - cert_file.write(cert.binary) + cert_file.write(content) cert_file.flush() command = ['certutil', '-A', '-d', self.certdb_dir, '-n', cert_nick, '-t', trust, diff --git a/base/common/python/pki/kra.py b/base/common/python/pki/kra.py index 6559b986b..9e46235d2 100644 --- a/base/common/python/pki/kra.py +++ b/base/common/python/pki/kra.py @@ -52,8 +52,6 @@ class KRAClient(object): initialized beforehand. """ self.connection = connection + self.crypto = crypto self.keys = key.KeyClient(connection, crypto, transport_cert_nick) self.system_certs = SystemCertClient(connection) - - - |