summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2014-06-07 01:46:41 +0800
committerAde Lee <alee@redhat.com>2014-06-10 20:55:10 +0700
commitf603869e1e9964617fc36c82d19a3105c59a2495 (patch)
treeeef6164bf86aaa95076f267456dd4311cd134704 /base/server/python/pki
parent759565d9b641106fcd60988524659b1f5071592c (diff)
downloadpki-f603869e1e9964617fc36c82d19a3105c59a2495.tar.gz
pki-f603869e1e9964617fc36c82d19a3105c59a2495.tar.xz
pki-f603869e1e9964617fc36c82d19a3105c59a2495.zip
Fix pycharm warnings for server python classes
Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are.
Diffstat (limited to 'base/server/python/pki')
-rw-r--r--base/server/python/pki/server/__init__.py19
-rw-r--r--base/server/python/pki/server/deployment/pkiconfig.py20
-rw-r--r--base/server/python/pki/server/deployment/pkihelper.py942
-rw-r--r--base/server/python/pki/server/deployment/pkilogging.py10
-rw-r--r--base/server/python/pki/server/deployment/pkimanifest.py20
-rw-r--r--base/server/python/pki/server/deployment/pkimessages.py79
-rw-r--r--base/server/python/pki/server/deployment/pkiparser.py329
-rw-r--r--base/server/python/pki/server/deployment/pkiscriptlet.py1
-rw-r--r--base/server/python/pki/server/upgrade.py86
9 files changed, 847 insertions, 659 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index e41f1a980..3eb6b5f97 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -31,15 +31,17 @@ SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps']
class PKISubsystem(object):
- def __init__(self, instance, subsystemName):
+ def __init__(self, instance, subsystem_name):
self.instance = instance
- self.name = subsystemName
+ self.name = subsystem_name
self.type = instance.type
if self.type >= 10:
- self.conf_dir = os.path.join(INSTANCE_BASE_DIR, \
- instance.name, 'conf', subsystemName)
- self.base_dir = os.path.join(INSTANCE_BASE_DIR, \
- instance.name, subsystemName)
+ self.conf_dir = os.path.join(
+ INSTANCE_BASE_DIR,
+ instance.name, 'conf', subsystem_name)
+ self.base_dir = os.path.join(
+ INSTANCE_BASE_DIR,
+ instance.name, subsystem_name)
else:
self.conf_dir = os.path.join(pki.BASE_DIR, instance.name, 'conf')
self.base_dir = os.path.join(pki.BASE_DIR, instance.name)
@@ -50,8 +52,7 @@ class PKISubsystem(object):
if not os.path.exists(self.conf_dir):
raise pki.PKIException(
'Invalid subsystem: ' + self.__repr__(),
- None, self.instance)
-
+ None, self.instance)
def __repr__(self):
return str(self.instance) + '/' + self.name
@@ -84,7 +85,7 @@ class PKIInstance(object):
class PKIServerException(pki.PKIException):
- def __init__(self, message, exception=None, \
+ def __init__(self, message, exception=None,
instance=None, subsystem=None):
pki.PKIException.__init__(self, message, exception)
diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py
index bb89cc5fc..67edad1ee 100644
--- a/base/server/python/pki/server/deployment/pkiconfig.py
+++ b/base/server/python/pki/server/deployment/pkiconfig.py
@@ -41,18 +41,18 @@ PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
PKI_APACHE_SUBSYSTEMS = ["RA"]
PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
- "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps",
- "work"]
+ "lib", "logs", "ocsp", "temp", "tks", "tps",
+ "webapps", "work"]
PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
"rsyslog", "tls"]
PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"]
PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"]
-PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
-PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
-PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '}
-PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '}
-PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '}
+PKI_INDENTATION_LEVEL_0 = {'indent': ''}
+PKI_INDENTATION_LEVEL_1 = {'indent': '... '}
+PKI_INDENTATION_LEVEL_2 = {'indent': '....... '}
+PKI_INDENTATION_LEVEL_3 = {'indent': '........... '}
+PKI_INDENTATION_LEVEL_4 = {'indent': '............... '}
PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\
"-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-"
@@ -123,6 +123,7 @@ pki_root_prefix = None
def str2bool(string):
return string.lower() in ("yes", "true", "t", "1")
+
# NOTE: To utilize the 'preparations_for_an_external_java_debugger(master)'
# and 'wait_to_attach_an_external_java_debugger(master)' functions,
# change 'pki_enable_java_debugger=False' to
@@ -140,13 +141,14 @@ def prepare_for_an_external_java_debugger(instance):
print " \"address=8000,server=y,suspend=n \""
print " \"-Djava.awt.headless=true -Xmx128M\""
print
- raw_input("Enable external java debugger 'JAVA_OPTS' "\
+ raw_input("Enable external java debugger 'JAVA_OPTS' "
"and press return to continue . . . ")
print
print PKI_DEPLOYMENT_INTERRUPT_BANNER
print
return
+
def wait_to_attach_an_external_java_debugger():
print
print PKI_DEPLOYMENT_INTERRUPT_BANNER
@@ -155,7 +157,7 @@ def wait_to_attach_an_external_java_debugger():
print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and"
print "set any desired breakpoints"
print
- raw_input("Please attach an external java debugger "\
+ raw_input("Please attach an external java debugger "
"and press return to continue . . . ")
print
print PKI_DEPLOYMENT_INTERRUPT_BANNER
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index e33d43f52..713e7a381 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -55,6 +55,7 @@ import pki.account
import pki.client
import pki.system
+
# PKI Deployment Helper Functions
def pki_copytree(src, dst, symlinks=False, ignore=None):
"""Recursively copy a directory tree using copy2().
@@ -126,6 +127,7 @@ def pki_copytree(src, dst, symlinks=False, ignore=None):
if errors:
raise Error(errors)
+
class Identity:
"""PKI Deployment Identity Class"""
@@ -258,7 +260,7 @@ class Identity:
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return pki_uid
@@ -268,7 +270,7 @@ class Identity:
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return pki_gid
@@ -284,7 +286,7 @@ class Identity:
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return pki_uid
@@ -300,10 +302,11 @@ class Identity:
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return pki_gid
+
class Namespace:
"""PKI Deployment Namespace Class"""
@@ -322,8 +325,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_path']))
else:
if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']):
# Top-Level "/etc/sysconfig" path collision
@@ -332,8 +337,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_target_tomcat_conf_instance_id'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_target_tomcat_conf_instance_id']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_target_tomcat_conf_instance_id']))
if os.path.exists(self.mdict['pki_cgroup_systemd_service']):
# Systemd cgroup path collision
config.pki_log.error(
@@ -341,8 +348,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_cgroup_systemd_service_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_cgroup_systemd_service_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_cgroup_systemd_service_path']))
if os.path.exists(self.mdict['pki_cgroup_cpu_systemd_service']):
# Systemd cgroup CPU path collision
config.pki_log.error(
@@ -350,8 +359,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_cgroup_cpu_systemd_service_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_cgroup_cpu_systemd_service_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_cgroup_cpu_systemd_service_path']))
if os.path.exists(self.mdict['pki_instance_log_path']) and\
os.path.exists(self.mdict['pki_subsystem_log_path']):
# Top-Level PKI log path collision
@@ -360,8 +371,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_log_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_log_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_log_path']))
if os.path.exists(self.mdict['pki_instance_configuration_path']) and\
os.path.exists(self.mdict['pki_subsystem_configuration_path']):
# Top-Level PKI configuration path collision
@@ -370,8 +383,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_configuration_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_configuration_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_configuration_path']))
if os.path.exists(self.mdict['pki_instance_registry_path']) and\
os.path.exists(self.mdict['pki_subsystem_registry_path']):
# Top-Level PKI registry path collision
@@ -380,8 +395,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_registry_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_registry_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_COLLISION_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_registry_path']))
# Run simple checks for reserved name namespace collisions
if self.mdict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES:
# Top-Level PKI base path reserved name collision
@@ -390,18 +407,23 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_path']))
# No need to check for reserved name under Top-Level PKI log path
- if self.mdict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES:
+ if self.mdict['pki_instance_name'] in \
+ config.PKI_CONFIGURATION_RESERVED_NAMES:
# Top-Level PKI configuration path reserved name collision
config.pki_log.error(
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
self.mdict['pki_instance_name'],
self.mdict['pki_instance_configuration_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_configuration_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_configuration_path']))
if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
# Top-Level Apache PKI registry path reserved name collision
if self.mdict['pki_instance_name'] in\
@@ -411,8 +433,10 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_registry_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_registry_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_registry_path']))
elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
# Top-Level Tomcat PKI registry path reserved name collision
if self.mdict['pki_instance_name'] in\
@@ -422,8 +446,11 @@ class Namespace:
self.mdict['pki_instance_name'],
self.mdict['pki_instance_registry_path'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'],
- self.mdict['pki_instance_registry_path']))
+ raise Exception(
+ log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
+ self.mdict['pki_instance_name'],
+ self.mdict['pki_instance_registry_path']))
+
class ConfigurationFile:
"""PKI Deployment Configuration File Class"""
@@ -434,9 +461,9 @@ class ConfigurationFile:
self.clone = config.str2bool(self.mdict['pki_clone'])
self.external = config.str2bool(self.mdict['pki_external'])
self.external_step_two = config.str2bool(
- self.mdict['pki_external_step_two'])
+ self.mdict['pki_external_step_two'])
self.skip_configuration = config.str2bool(
- self.mdict['pki_skip_configuration'])
+ self.mdict['pki_skip_configuration'])
self.standalone = config.str2bool(self.mdict['pki_standalone'])
self.subordinate = config.str2bool(self.mdict['pki_subordinate'])
# set useful 'string' object variables for this class
@@ -511,16 +538,15 @@ class ConfigurationFile:
self.subsystem)
def confirm_data_exists(self, param):
- if not self.mdict.has_key(param) or\
- not len(self.mdict[param]):
+ if not param in self.mdict or not len(self.mdict[param]):
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
param,
self.mdict['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(
- log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 %
- (param, self.mdict['pki_user_deployment_cfg']))
+ log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 %
+ (param, self.mdict['pki_user_deployment_cfg']))
def confirm_missing_file(self, param):
if os.path.exists(self.mdict[param]):
@@ -562,11 +588,11 @@ class ConfigurationFile:
# Subordinate CA that will be automatically configured and
# are not Stand-alone PKI)
if (self.subsystem == "KRA" or
- self.subsystem == "OCSP" or
- self.subsystem == "TKS" or
- self.subsystem == "TPS" or
- self.clone or
- self.subordinate):
+ self.subsystem == "OCSP" or
+ self.subsystem == "TKS" or
+ self.subsystem == "TPS" or
+ self.clone or
+ self.subordinate):
if not self.skip_configuration and not self.standalone:
self.confirm_data_exists("pki_security_domain_password")
# If required, verify existence of Token Password
@@ -583,25 +609,33 @@ class ConfigurationFile:
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
self.mdict['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg'])
+ raise Exception(
+ log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA %
+ self.mdict['pki_user_deployment_cfg'])
elif self.clone and self.external:
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
self.mdict['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.mdict['pki_user_deployment_cfg'])
+ raise Exception(
+ log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA %
+ self.mdict['pki_user_deployment_cfg'])
elif self.clone and self.subordinate:
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
self.mdict['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.mdict['pki_user_deployment_cfg'])
+ raise Exception(
+ log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA %
+ self.mdict['pki_user_deployment_cfg'])
elif self.external and self.subordinate:
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
self.mdict['pki_user_deployment_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg'])
+ raise Exception(
+ log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA %
+ self.mdict['pki_user_deployment_cfg'])
elif self.standalone:
if self.clone:
config.pki_log.error(
@@ -669,8 +703,10 @@ class ConfigurationFile:
self.confirm_data_exists("pki_external_admin_csr_path")
self.confirm_missing_file("pki_external_admin_csr_path")
# Stand-alone PKI Audit Signing CSR (Step 1)
- self.confirm_data_exists("pki_external_audit_signing_csr_path")
- self.confirm_missing_file("pki_external_audit_signing_csr_path")
+ self.confirm_data_exists(
+ "pki_external_audit_signing_csr_path")
+ self.confirm_missing_file(
+ "pki_external_audit_signing_csr_path")
# Stand-alone PKI SSL Server CSR (Step 1)
self.confirm_data_exists("pki_external_sslserver_csr_path")
self.confirm_missing_file("pki_external_sslserver_csr_path")
@@ -680,16 +716,22 @@ class ConfigurationFile:
# Stand-alone PKI KRA CSRs
if self.subsystem == "KRA":
# Stand-alone PKI KRA Storage CSR (Step 1)
- self.confirm_data_exists("pki_external_storage_csr_path")
- self.confirm_missing_file("pki_external_storage_csr_path")
+ self.confirm_data_exists(
+ "pki_external_storage_csr_path")
+ self.confirm_missing_file(
+ "pki_external_storage_csr_path")
# Stand-alone PKI KRA Transport CSR (Step 1)
- self.confirm_data_exists("pki_external_transport_csr_path")
- self.confirm_missing_file("pki_external_transport_csr_path")
+ self.confirm_data_exists(
+ "pki_external_transport_csr_path")
+ self.confirm_missing_file(
+ "pki_external_transport_csr_path")
# Stand-alone PKI OCSP CSRs
if self.subsystem == "OCSP":
# Stand-alone PKI OCSP OCSP Signing CSR (Step 1)
- self.confirm_data_exists("pki_external_signing_csr_path")
- self.confirm_missing_file("pki_external_signing_csr_path")
+ self.confirm_data_exists(
+ "pki_external_signing_csr_path")
+ self.confirm_missing_file(
+ "pki_external_signing_csr_path")
else:
# Stand-alone PKI External CA Certificate Chain (Step 2)
self.confirm_data_exists("pki_external_ca_cert_chain_path")
@@ -701,8 +743,10 @@ class ConfigurationFile:
self.confirm_data_exists("pki_external_admin_cert_path")
self.confirm_file_exists("pki_external_admin_cert_path")
# Stand-alone PKI Audit Signing Certificate (Step 2)
- self.confirm_data_exists("pki_external_audit_signing_cert_path")
- self.confirm_file_exists("pki_external_audit_signing_cert_path")
+ self.confirm_data_exists(
+ "pki_external_audit_signing_cert_path")
+ self.confirm_file_exists(
+ "pki_external_audit_signing_cert_path")
# Stand-alone PKI SSL Server Certificate (Step 2)
self.confirm_data_exists("pki_external_sslserver_cert_path")
self.confirm_file_exists("pki_external_sslserver_cert_path")
@@ -712,30 +756,36 @@ class ConfigurationFile:
# Stand-alone PKI KRA Certificates
if self.subsystem == "KRA":
# Stand-alone PKI KRA Storage Certificate (Step 2)
- self.confirm_data_exists("pki_external_storage_cert_path")
- self.confirm_file_exists("pki_external_storage_cert_path")
+ self.confirm_data_exists(
+ "pki_external_storage_cert_path")
+ self.confirm_file_exists(
+ "pki_external_storage_cert_path")
# Stand-alone PKI KRA Transport Certificate (Step 2)
- self.confirm_data_exists("pki_external_transport_cert_path")
- self.confirm_file_exists("pki_external_transport_cert_path")
+ self.confirm_data_exists(
+ "pki_external_transport_cert_path")
+ self.confirm_file_exists(
+ "pki_external_transport_cert_path")
# Stand-alone PKI OCSP Certificates
if self.subsystem == "OCSP":
# Stand-alone PKI OCSP OCSP Signing Certificate (Step 2)
- self.confirm_data_exists("pki_external_signing_cert_path")
- self.confirm_file_exists("pki_external_signing_cert_path")
+ self.confirm_data_exists(
+ "pki_external_signing_cert_path")
+ self.confirm_file_exists(
+ "pki_external_signing_cert_path")
return
def populate_non_default_ports(self):
if (self.mdict['pki_http_port'] !=
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)):
+ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)):
ports.append(self.mdict['pki_http_port'])
if (self.mdict['pki_https_port'] !=
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)):
+ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)):
ports.append(self.mdict['pki_https_port'])
if (self.mdict['pki_tomcat_server_port'] !=
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)):
+ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)):
ports.append(self.mdict['pki_tomcat_server_port'])
if (self.mdict['pki_ajp_port'] !=
- str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)):
+ str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)):
ports.append(self.mdict['pki_ajp_port'])
return
@@ -757,10 +807,10 @@ class ConfigurationFile:
context = ""
for i in portrecs:
if (portrecs[i][0] == "unreserved_port_t" or
- portrecs[i][0] == "reserved_port_t" or
- i[2] != "tcp"):
+ portrecs[i][0] == "reserved_port_t" or
+ i[2] != "tcp"):
continue
- if i[0] <= int(port) and int(port) <= i[1]:
+ if i[0] <= int(port) <= i[1]:
context = portrecs[i][0]
break
if context == "":
@@ -773,10 +823,12 @@ class ConfigurationFile:
ports.remove(port)
else:
config.pki_log.error(
- log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
- port, context,
- extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context))
+ log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
+ port, context,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ raise Exception(
+ log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT %
+ (port, context))
return
def verify_command_matches_configuration_file(self):
@@ -790,8 +842,10 @@ class ConfigurationFile:
self.mdict['pki_deployed_instance_name'],
self.mdict['pki_instance_name'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.mdict['pki_deployed_instance_name'],
- self.mdict['pki_instance_name']))
+ raise Exception(
+ log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (
+ self.mdict['pki_deployed_instance_name'],
+ self.mdict['pki_instance_name']))
return
# PKI Deployment XML File Class
@@ -826,6 +880,7 @@ class ConfigurationFile:
# FILE.write(line)
# FILE.close()
+
class Instance:
"""PKI Deployment Instance Class"""
@@ -840,7 +895,7 @@ class Instance:
for subsystem in config.PKI_APACHE_SUBSYSTEMS:
path = self.mdict['pki_instance_path'] + "/" + subsystem.lower()
if os.path.exists(path) and os.path.isdir(path):
- rv = rv + 1
+ rv += 1
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2,
self.mdict['pki_instance_path'],
rv, extra=config.PKI_INDENTATION_LEVEL_2)
@@ -859,14 +914,16 @@ class Instance:
# simply count the number of PKI 'apache' instances (directories)
# present within the PKI 'apache' registry directory
for instance in\
- os.listdir(self.mdict['pki_instance_type_registry_path']):
+ os.listdir(self.mdict['pki_instance_type_registry_path']):
if os.path.isdir(
- os.path.join(self.mdict['pki_instance_type_registry_path'],
- instance)) and not\
+ os.path.join(
+ self.mdict['pki_instance_type_registry_path'],
+ instance)) and not\
os.path.islink(
- os.path.join(self.mdict['pki_instance_type_registry_path'],
- instance)):
- rv = rv + 1
+ os.path.join(
+ self.mdict['pki_instance_type_registry_path'],
+ instance)):
+ rv += 1
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2,
self.mdict['pki_instance_type_registry_path'],
rv,
@@ -895,7 +952,7 @@ class Instance:
if os.path.isdir(os.path.join(instance_dir, name)) and\
not os.path.islink(os.path.join(instance_dir, name)):
if name.upper() in config.PKI_SUBSYSTEMS:
- rv = rv + 1
+ rv += 1
config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2,
self.mdict['pki_instance_path'], rv,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -930,12 +987,14 @@ class Instance:
for instance in\
os.listdir(self.mdict['pki_instance_type_registry_path']):
if os.path.isdir(
- os.path.join(self.mdict['pki_instance_type_registry_path'],
- instance)) and not\
+ os.path.join(
+ self.mdict['pki_instance_type_registry_path'],
+ instance)) and not\
os.path.islink(
- os.path.join(self.mdict['pki_instance_type_registry_path'],
- instance)):
- rv = rv + 1
+ os.path.join(
+ self.mdict['pki_instance_type_registry_path'],
+ instance)):
+ rv += 1
config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2,
self.mdict['pki_instance_type_registry_path'],
rv,
@@ -953,8 +1012,10 @@ class Instance:
self.mdict['pki_subsystem'],
self.mdict['pki_instance_name'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'],
- self.mdict['pki_instance_name']))
+ raise Exception(
+ log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (
+ self.mdict['pki_subsystem'],
+ self.mdict['pki_instance_name']))
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -967,8 +1028,10 @@ class Instance:
self.mdict['pki_subsystem'],
self.mdict['pki_instance_name'],
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'],
- self.mdict['pki_instance_name']))
+ raise Exception(
+ log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (
+ self.mdict['pki_subsystem'],
+ self.mdict['pki_instance_name']))
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -996,10 +1059,11 @@ class Instance:
status = root.findtext("Status")
return status
except Exception as exc:
- config.pki_log.debug("No connection - server may still be down",
+ config.pki_log.debug(
+ "No connection - server may still be down",
extra=config.PKI_INDENTATION_LEVEL_3)
- config.pki_log.debug("No connection - exception thrown: " +\
- str(exc),
+ config.pki_log.debug(
+ "No connection - exception thrown: " + str(exc),
extra=config.PKI_INDENTATION_LEVEL_3)
return None
@@ -1014,6 +1078,7 @@ class Instance:
break
return status
+
class Directory:
"""PKI Deployment Directory Class"""
@@ -1036,9 +1101,9 @@ class Directory:
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
@@ -1059,15 +1124,17 @@ class Directory:
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 %
+ name)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1080,8 +1147,10 @@ class Directory:
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1,
name, extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 %
+ name)
# Always re-process each directory whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name,
@@ -1092,9 +1161,9 @@ class Directory:
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
@@ -1117,12 +1186,13 @@ class Directory:
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1134,7 +1204,7 @@ class Directory:
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
else:
- if recursive_flag == True:
+ if recursive_flag:
# rm -rf <name>
config.pki_log.info(log.PKIHELPER_RM_RF_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -1147,7 +1217,7 @@ class Directory:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1177,28 +1247,29 @@ class Directory:
extra=config.PKI_INDENTATION_LEVEL_2)
raise
- def set_mode(self, name, uid=None, gid=None,
- dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- symlink_perms=\
- config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
- dir_acls=None, file_acls=None, symlink_acls=None,
- recursive_flag=True, critical_failure=True):
+ def set_mode(
+ self, name, uid=None, gid=None,
+ dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
+ dir_acls=None, file_acls=None, symlink_acls=None,
+ recursive_flag=True, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
else:
config.pki_log.info(
log.PKIHELPER_SET_MODE_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
- if recursive_flag == True:
+ if recursive_flag:
for root, dirs, files in os.walk(name):
for name in files:
entity = os.path.join(root, name)
@@ -1208,12 +1279,14 @@ class Directory:
log.PKIHELPER_IS_A_FILE_1, temp_file,
extra=config.PKI_INDENTATION_LEVEL_3)
# chmod <file_perms> <name>
- config.pki_log.debug(log.PKIHELPER_CHMOD_2,
+ config.pki_log.debug(
+ log.PKIHELPER_CHMOD_2,
file_perms, temp_file,
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(temp_file, file_perms)
# chown <uid>:<gid> <name>
- config.pki_log.debug(log.PKIHELPER_CHOWN_3,
+ config.pki_log.debug(
+ log.PKIHELPER_CHOWN_3,
uid, gid, temp_file,
extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(temp_file, uid, gid)
@@ -1239,7 +1312,8 @@ class Directory:
# run directly against symbolic
# links!
# chown -h <uid>:<gid> <symlink>
- config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
+ config.pki_log.debug(
+ log.PKIHELPER_CHOWN_H_3,
uid, gid, symlink,
extra=config.PKI_INDENTATION_LEVEL_3)
os.lchown(symlink, uid, gid)
@@ -1260,12 +1334,14 @@ class Directory:
log.PKIHELPER_IS_A_DIRECTORY_1, temp_dir,
extra=config.PKI_INDENTATION_LEVEL_3)
# chmod <dir_perms> <name>
- config.pki_log.debug(log.PKIHELPER_CHMOD_2,
+ config.pki_log.debug(
+ log.PKIHELPER_CHMOD_2,
dir_perms, temp_dir,
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(temp_dir, dir_perms)
# chown <uid>:<gid> <name>
- config.pki_log.debug(log.PKIHELPER_CHOWN_3,
+ config.pki_log.debug(
+ log.PKIHELPER_CHOWN_3,
uid, gid, temp_dir,
extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(temp_dir, uid, gid)
@@ -1309,7 +1385,7 @@ class Directory:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
def copy(self, old_name, new_name, uid=None, gid=None,
@@ -1323,15 +1399,17 @@ class Directory:
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name)
- if recursive_flag == True:
+ raise Exception(
+ log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name)
+ if recursive_flag:
# cp -rp <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_RP_2,
old_name, new_name,
@@ -1363,15 +1441,16 @@ class Directory:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
+
class File:
"""PKI Deployment File Class (also used for executables)"""
@@ -1395,9 +1474,9 @@ class File:
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
@@ -1418,15 +1497,16 @@ class File:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1439,8 +1519,9 @@ class File:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
name, extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
# Always re-process each file whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name,
@@ -1451,9 +1532,9 @@ class File:
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
@@ -1476,12 +1557,12 @@ class File:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1500,7 +1581,7 @@ class File:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1530,15 +1611,16 @@ class File:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
+ raise Exception(
+ log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
# cp -p <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_P_2,
old_name, new_name,
extra=config.PKI_INDENTATION_LEVEL_2)
shutil.copy2(old_name, new_name)
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
@@ -1564,19 +1646,19 @@ class File:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
def apply_slot_substitution(
- self, name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls=None, critical_failure=True):
+ self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isfile(name):
config.pki_log.error(
@@ -1596,9 +1678,9 @@ class File:
extra=config.PKI_INDENTATION_LEVEL_3)
line = line.replace(self.slots[slot], self.mdict[slot])
sys.stdout.write(line)
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
@@ -1624,20 +1706,20 @@ class File:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
def copy_with_slot_substitution(
- self, old_name, new_name, uid=None, gid=None,
- perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls=None, overwrite_flag=False,
- critical_failure=True):
+ self, old_name, new_name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, overwrite_flag=False,
+ critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isfile(old_name):
config.pki_log.error(
@@ -1650,7 +1732,8 @@ class File:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
+ raise Exception(
+ log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
# copy <old_name> to <new_name> with slot substitutions
config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2,
old_name, new_name,
@@ -1663,11 +1746,13 @@ class File:
log.PKIHELPER_SLOT_SUBSTITUTION_2,
self.slots[slot], self.mdict[slot],
extra=config.PKI_INDENTATION_LEVEL_3)
- line = line.replace(self.slots[slot], self.mdict[slot])
+ line = line.replace(
+ self.slots[slot],
+ self.mdict[slot])
FILE.write(line)
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
@@ -1693,27 +1778,29 @@ class File:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
- def generate_noise_file(self, name, random_bytes, uid=None, gid=None,
+ def generate_noise_file(
+ self, name, random_bytes, uid=None, gid=None,
perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# generating noise file called <name> and
# filling it with <random_bytes> random bytes
- config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, random_bytes,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.info(
+ log.PKIHELPER_NOISE_FILE_2, name, random_bytes,
+ extra=config.PKI_INDENTATION_LEVEL_2)
open(name, "w").close()
with open(name, "w") as FILE:
- noise = ''.join(random.choice(string.ascii_letters + \
+ noise = ''.join(random.choice(string.ascii_letters +
string.digits) for x in range(random_bytes))
FILE.write(noise)
# chmod <perms> <name>
@@ -1721,9 +1808,9 @@ class File:
extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
@@ -1744,18 +1831,20 @@ class File:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
+ if critical_failure:
+ raise Exception(
+ log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
+
class Symlink:
"""PKI Deployment Symbolic Link Class"""
@@ -1773,7 +1862,8 @@ class Symlink:
log.PKIHELPER_DANGLING_SYMLINK_2, link, name,
extra=config.PKI_INDENTATION_LEVEL_2)
if not allow_dangling_symlink:
- raise Exception("Dangling symlink " + link + " not allowed")
+ raise Exception(
+ "Dangling symlink " + link + " not allowed")
# ln -s <name> <link>
config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -1782,9 +1872,9 @@ class Symlink:
# implemented on Linux systems since 'chmod'
# CANNOT be run directly against symbolic links!
# chown -h <uid>:<gid> <link>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, link,
@@ -1806,15 +1896,16 @@ class Symlink:
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link)
+ if critical_failure:
+ raise Exception(
+ log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link)
except OSError as exc:
if exc.errno == errno.EEXIST:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1826,8 +1917,10 @@ class Symlink:
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1,
link, extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link)
+ if critical_failure:
+ raise Exception(
+ log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 %
+ link)
# Always re-process each link whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link,
@@ -1836,9 +1929,9 @@ class Symlink:
# implemented on Linux systems since 'chmod'
# CANNOT be run directly against symbolic links!
# chown -h <uid>:<gid> <link>
- if uid == None:
+ if uid is None:
uid = self.identity.get_uid()
- if gid == None:
+ if gid is None:
gid = self.identity.get_gid()
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
@@ -1862,12 +1955,13 @@ class Symlink:
config.pki_log.error(
log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link)
+ if critical_failure:
+ raise Exception(
+ log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1886,7 +1980,7 @@ class Symlink:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -1901,6 +1995,7 @@ class Symlink:
extra=config.PKI_INDENTATION_LEVEL_2)
raise
+
class War:
"""PKI Deployment War File Class"""
@@ -1914,14 +2009,16 @@ class War:
config.pki_log.error(
log.PKI_FILE_NOT_A_WAR_FILE_1,
name, extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name)
if not os.path.exists(path) or not os.path.isdir(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
path, extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path)
+ if critical_failure:
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
+ path)
# jar -xf <name> -C <path>
config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path,
extra=config.PKI_INDENTATION_LEVEL_2)
@@ -1933,25 +2030,26 @@ class War:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except zipfile.BadZipfile as exc:
config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except zipfile.LargeZipFile as exc:
config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
+
class Password:
"""PKI Deployment Password Class"""
@@ -1968,33 +2066,33 @@ class Password:
extra=config.PKI_INDENTATION_LEVEL_2)
# overwrite the existing 'password.conf' file
with open(path, "w") as fd:
- if pin_sans_token == True:
+ if pin_sans_token:
fd.write(str(pin))
- elif self.mdict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
- fd.write(self.mdict['pki_self_signed_token'] + \
+ elif self.mdict['pki_subsystem'] in \
+ config.PKI_APACHE_SUBSYSTEMS:
+ fd.write(self.mdict['pki_self_signed_token'] +
":" + str(pin))
else:
- fd.write(self.mdict['pki_self_signed_token'] + \
+ fd.write(self.mdict['pki_self_signed_token'] +
"=" + str(pin))
else:
config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path,
extra=config.PKI_INDENTATION_LEVEL_2)
# create a new 'password.conf' file
with open(path, "w") as fd:
- if pin_sans_token == True:
+ if pin_sans_token:
fd.write(str(pin))
elif self.mdict['pki_subsystem'] in\
- config.PKI_APACHE_SUBSYSTEMS:
- fd.write(self.mdict['pki_self_signed_token'] + \
+ config.PKI_APACHE_SUBSYSTEMS:
+ fd.write(self.mdict['pki_self_signed_token'] +
":" + str(pin))
else:
- fd.write(self.mdict['pki_self_signed_token'] + \
+ fd.write(self.mdict['pki_self_signed_token'] +
"=" + str(pin))
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -2018,7 +2116,7 @@ class Password:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -2027,10 +2125,10 @@ class Password:
os.access(path, os.R_OK):
tokens = PKIConfigParser.read_simple_configuration_file(path)
hardware_token = "hardware-" + token_name
- if tokens.has_key(hardware_token):
+ if hardware_token in tokens:
token_name = hardware_token
token_pwd = tokens[hardware_token]
- elif tokens.has_key(token_name):
+ elif token_name in tokens:
token_pwd = tokens[token_name]
if token_pwd is None or token_pwd == '':
@@ -2038,12 +2136,13 @@ class Password:
config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1,
token_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name)
else:
return
return token_pwd
+
class Certutil:
"""PKI Deployment NSS 'certutil' Class"""
@@ -2065,15 +2164,16 @@ class Certutil:
log.PKIHELPER_CERTUTIL_MISSING_PATH,
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH)
- if password_file != None:
+ if password_file is not None:
command.extend(["-f", password_file])
- if prefix != None:
+ if prefix is not None:
command.extend(["-P", prefix])
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if os.path.exists(pki_cert_database) or\
os.path.exists(pki_key_database) or\
os.path.exists(pki_secmod_database):
@@ -2085,14 +2185,16 @@ class Certutil:
pki_secmod_database,
extra=config.PKI_INDENTATION_LEVEL_2)
else:
- if password_file != None:
+ if password_file is not None:
if not os.path.exists(password_file) or\
not os.path.isfile(password_file):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
+ raise Exception(
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %
+ password_file)
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CREATE_SECURITY_DATABASES_1,
@@ -2103,12 +2205,12 @@ class Certutil:
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -2144,13 +2246,14 @@ class Certutil:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME)
# OPTIONALLY specify a password file
- if password_file != None:
+ if password_file is not None:
command.extend(["-f", password_file])
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
not os.path.exists(pki_secmod_database):
@@ -2161,22 +2264,26 @@ class Certutil:
pki_key_database,
pki_secmod_database,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database,
- pki_key_database, pki_secmod_database))
- if password_file != None:
+ raise Exception(
+ log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (
+ pki_cert_database,
+ pki_key_database,
+ pki_secmod_database))
+ if password_file is not None:
if not os.path.exists(password_file) or\
not os.path.isfile(password_file):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
+ raise Exception(
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1,
' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2)
# Execute this "certutil" command
- if silent != False:
+ if silent:
# By default, execute this command silently
with open(os.devnull, "w") as fnull:
subprocess.check_call(command, stdout=fnull, stderr=fnull)
@@ -2187,7 +2294,7 @@ class Certutil:
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return True
@@ -2235,7 +2342,7 @@ class Certutil:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT)
# Specify the serial number
- if serial_number != None:
+ if serial_number is not None:
command.extend(["-m", str(serial_number)])
else:
config.pki_log.error(
@@ -2243,7 +2350,7 @@ class Certutil:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER)
# Specify the months valid
- if validity_period != None:
+ if validity_period is not None:
command.extend(["-v", str(validity_period)])
else:
config.pki_log.error(
@@ -2275,7 +2382,7 @@ class Certutil:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE)
# OPTIONALLY specify a password file
- if password_file != None:
+ if password_file is not None:
command.extend(["-f", password_file])
# ALWAYS self-sign this certificate
command.append("-x")
@@ -2287,7 +2394,8 @@ class Certutil:
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
not os.path.exists(pki_secmod_database):
@@ -2298,22 +2406,27 @@ class Certutil:
pki_key_database,
pki_secmod_database,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database,
- pki_key_database, pki_secmod_database))
+ raise Exception(
+ log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (
+ pki_cert_database,
+ pki_key_database,
+ pki_secmod_database))
if not os.path.exists(noise_file):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
noise_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
- if password_file != None:
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
+ if password_file is not None:
if not os.path.exists(password_file) or\
not os.path.isfile(password_file):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
+ raise Exception(
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Execute this "certutil" command
#
# NOTE: ALWAYS mask the command-line output of this command
@@ -2323,12 +2436,12 @@ class Certutil:
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -2343,7 +2456,7 @@ class Certutil:
command.extend(["-h", token])
if nickname:
- command.extend(["-n", nickname ])
+ command.extend(["-n", nickname])
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
@@ -2374,18 +2487,19 @@ class Certutil:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE)
- config.pki_log.info(' '.join(command),
+ config.pki_log.info(
+ ' '.join(command),
extra=config.PKI_INDENTATION_LEVEL_2)
subprocess.check_call(command)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -2447,29 +2561,32 @@ class Certutil:
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
noise_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
+ raise Exception(
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
if not os.path.exists(password_file) or\
not os.path.isfile(password_file):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
extra=config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
+ raise Exception(
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Execute this "certutil" command
with open(os.devnull, "w") as fnull:
subprocess.check_call(command, stdout=fnull, stderr=fnull)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
+
class PK12util:
"""PKI Deployment pk12util class"""
@@ -2511,22 +2628,24 @@ class PK12util:
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE)
- config.pki_log.info(' '.join(command),
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.info(
+ ' '.join(command),
+ extra=config.PKI_INDENTATION_LEVEL_2)
with open(os.devnull, "w") as fnull:
subprocess.check_call(command, stdout=fnull, stderr=fnull)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
+
class KRAConnector:
"""PKI Deployment KRA Connector Class"""
@@ -2545,7 +2664,7 @@ class KRAConnector:
extra=config.PKI_INDENTATION_LEVEL_2)
cs_cfg = PKIConfigParser.read_simple_configuration_file(
- self.mdict['pki_target_cs_cfg'])
+ self.mdict['pki_target_cs_cfg'])
krahost = cs_cfg.get('service.machineName')
kraport = cs_cfg.get('pkicreate.secure_port')
cahost = cs_cfg.get('cloning.ca.hostname')
@@ -2558,7 +2677,7 @@ class KRAConnector:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CA_HOST_PORT,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT)
else:
return
@@ -2572,7 +2691,7 @@ class KRAConnector:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME)
else:
return
@@ -2584,9 +2703,9 @@ class KRAConnector:
token_name = "internal"
token_pwd = self.password.get_password(
- self.mdict['pki_shared_password_conf'],
- token_name,
- critical_failure)
+ self.mdict['pki_shared_password_conf'],
+ token_name,
+ critical_failure)
if token_pwd is None or token_pwd == '':
config.pki_log.warning(
@@ -2596,13 +2715,15 @@ class KRAConnector:
log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1,
token_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name)
+ if critical_failure:
+ raise Exception(
+ log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name)
else:
return
- self.execute_using_sslget(caport, cahost, subsystemnick,
- token_pwd, krahost, kraport)
+ self.execute_using_sslget(
+ caport, cahost, subsystemnick,
+ token_pwd, krahost, kraport)
except subprocess.CalledProcessError as exc:
config.pki_log.warning(
@@ -2612,12 +2733,13 @@ class KRAConnector:
extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
- def execute_using_pki(self, caport, cahost, subsystemnick,
- token_pwd, krahost, kraport, critical_failure=False):
+ def execute_using_pki(
+ self, caport, cahost, subsystemnick,
+ token_pwd, krahost, kraport, critical_failure=False):
command = ["/bin/pki",
"-p", str(caport),
"-h", cahost,
@@ -2638,14 +2760,16 @@ class KRAConnector:
str(krahost),
str(kraport),
extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output,
+ config.pki_log.error(
+ log.PKI_SUBPROCESS_ERROR_1, output,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output)
- def execute_using_sslget(self, caport, cahost, subsystemnick,
- token_pwd, krahost, kraport):
- updateURL = "/ca/rest/admin/kraconnector/remove"
+ def execute_using_sslget(
+ self, caport, cahost, subsystemnick,
+ token_pwd, krahost, kraport):
+ update_url = "/ca/rest/admin/kraconnector/remove"
params = "host=" + str(krahost) + \
"&port=" + str(kraport)
@@ -2656,13 +2780,14 @@ class KRAConnector:
"-d", self.mdict['pki_database_path'],
"-e", params,
"-v",
- "-r", updateURL, cahost + ":" + str(caport)]
+ "-r", update_url, cahost + ":" + str(caport)]
# update KRA connector
# Execute this "sslget" command
# Note that sslget will return non-zero value for HTTP code != 200
# and this will raise an exception
- subprocess.check_output(command,stderr=subprocess.STDOUT)
+ subprocess.check_output(command, stderr=subprocess.STDOUT)
+
class TPSConnector:
"""PKI Deployment TPS Connector Class"""
@@ -2682,7 +2807,7 @@ class TPSConnector:
extra=config.PKI_INDENTATION_LEVEL_2)
cs_cfg = PKIConfigParser.read_simple_configuration_file(
- self.mdict['pki_target_cs_cfg'])
+ self.mdict['pki_target_cs_cfg'])
tpshost = cs_cfg.get('service.machineName')
tpsport = cs_cfg.get('pkicreate.secure_port')
tkshostport = cs_cfg.get('conn.tks1.hostport')
@@ -2693,7 +2818,7 @@ class TPSConnector:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_TKS_HOST_PORT,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_UNDEFINED_TKS_HOST_PORT)
else:
return
@@ -2715,7 +2840,7 @@ class TPSConnector:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME)
else:
return
@@ -2727,9 +2852,9 @@ class TPSConnector:
token_name = "internal"
token_pwd = self.password.get_password(
- self.mdict['pki_shared_password_conf'],
- token_name,
- critical_failure)
+ self.mdict['pki_shared_password_conf'],
+ token_name,
+ critical_failure)
if token_pwd is None or token_pwd == '':
config.pki_log.warning(
@@ -2739,13 +2864,15 @@ class TPSConnector:
log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1,
token_name,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name)
+ if critical_failure:
+ raise Exception(
+ log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name)
else:
return
- self.execute_using_pki(tkshost, tksport, subsystemnick,
- token_pwd, tpshost, tpsport)
+ self.execute_using_pki(
+ tkshost, tksport, subsystemnick,
+ token_pwd, tpshost, tpsport)
except subprocess.CalledProcessError as exc:
config.pki_log.warning(
@@ -2755,12 +2882,13 @@ class TPSConnector:
extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
- def execute_using_pki(self, tkshost, tksport, subsystemnick,
- token_pwd, tpshost, tpsport, critical_failure=False):
+ def execute_using_pki(
+ self, tkshost, tksport, subsystemnick,
+ token_pwd, tpshost, tpsport, critical_failure=False):
command = ["/bin/pki",
"-p", str(tksport),
"-h", tkshost,
@@ -2784,11 +2912,13 @@ class TPSConnector:
str(tpshost),
str(tpsport),
extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output,
+ config.pki_log.error(
+ log.PKI_SUBPROCESS_ERROR_1, output,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output)
+
class SecurityDomain:
"""PKI Deployment Security Domain Class"""
@@ -2828,7 +2958,7 @@ class SecurityDomain:
config.pki_log.error(
log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED)
else:
return
@@ -2837,7 +2967,7 @@ class SecurityDomain:
secname,
extra=config.PKI_INDENTATION_LEVEL_2)
listval = typeval.lower() + "List"
- updateURL = "/ca/agent/ca/updateDomainXML"
+ update_url = "/ca/agent/ca/updateDomainXML"
params = "name=" + "\"" + self.mdict['pki_instance_path'] + "\"" + \
"&type=" + str(typeval) + \
@@ -2853,31 +2983,32 @@ class SecurityDomain:
try:
# first try install token-based servlet
params += "&sessionID=" + str(install_token)
- adminUpdateURL = "/ca/admin/ca/updateDomainXML"
+ admin_update_url = "/ca/admin/ca/updateDomainXML"
command = ["/usr/bin/sslget",
"-p", str(123456),
"-d", self.mdict['pki_database_path'],
"-e", params,
"-v",
- "-r", adminUpdateURL,
+ "-r", admin_update_url,
sechost + ":" + str(secadminport)]
- output = subprocess.check_output(command,
- stderr=subprocess.STDOUT)
+ output = subprocess.check_output(
+ command,
+ stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
extra=config.PKI_INDENTATION_LEVEL_2)
- output = self.update_domain_using_agent_port(typeval,
- secname, params, updateURL, sechost, secagentport,
+ output = self.update_domain_using_agent_port(
+ typeval, secname, params, update_url, sechost, secagentport,
critical_failure)
else:
- output = self.update_domain_using_agent_port(typeval,
- secname, params, updateURL, sechost, secagentport,
+ output = self.update_domain_using_agent_port(
+ typeval, secname, params, update_url, sechost, secagentport,
critical_failure)
if not output:
- if critical_failure == True:
+ if critical_failure:
raise Exception("Cannot update domain using agent port")
else:
return
@@ -2892,8 +3023,9 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname)
+ if critical_failure:
+ raise Exception(
+ log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname)
elif status[0] != "0":
error = re.findall('<Error>(.*?)</Error>', output)
if not error:
@@ -2909,7 +3041,7 @@ class SecurityDomain:
secname,
error,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3
%
(typeval, secname, error))
@@ -2920,8 +3052,9 @@ class SecurityDomain:
secname,
extra=config.PKI_INDENTATION_LEVEL_2)
- def update_domain_using_agent_port(self, typeval, secname, params,
- updateURL, sechost, secagentport, critical_failure=False):
+ def update_domain_using_agent_port(
+ self, typeval, secname, params,
+ update_url, sechost, secagentport, critical_failure=False):
token_pwd = None
cs_cfg = PKIConfigParser.read_simple_configuration_file(
self.mdict['pki_target_cs_cfg'])
@@ -2937,7 +3070,7 @@ class SecurityDomain:
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME)
else:
return
@@ -2949,9 +3082,9 @@ class SecurityDomain:
token_name = "internal"
token_pwd = self.password.get_password(
- self.mdict['pki_shared_password_conf'],
- token_name,
- critical_failure)
+ self.mdict['pki_shared_password_conf'],
+ token_name,
+ critical_failure)
if token_pwd is None or token_pwd == '':
config.pki_log.warning(
@@ -2959,10 +3092,10 @@ class SecurityDomain:
typeval,
secname,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2
- %
- (typeval, secname))
+ if critical_failure:
+ raise Exception(
+ log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 %
+ (typeval, secname))
else:
return
@@ -2972,7 +3105,7 @@ class SecurityDomain:
"-d", self.mdict['pki_database_path'],
"-e", params,
"-v",
- "-r", updateURL, sechost + ":" + str(secagentport)]
+ "-r", update_url, sechost + ":" + str(secagentport)]
try:
output = subprocess.check_output(command,
stderr=subprocess.STDOUT)
@@ -2989,12 +3122,11 @@ class SecurityDomain:
extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return None
-
def get_installation_token(self, secuser, secpass, critical_failure=True):
token = None
@@ -3010,7 +3142,8 @@ class SecurityDomain:
cstype = cs_cfg.get('cs.type', '')
sechost = cs_cfg.get('securitydomain.host')
secadminport = cs_cfg.get('securitydomain.httpsadminport')
- #secselect = cs_cfg.get('securitydomain.select') - Selected security domain
+ #secselect = cs_cfg.get('securitydomain.select') - Selected
+ # security domain
command = ["/bin/pki",
"-p", str(secadminport),
@@ -3023,9 +3156,10 @@ class SecurityDomain:
"--hostname", machinename,
"--subsystem", cstype]
try:
- output = subprocess.check_output(command,
- stderr=subprocess.STDOUT,
- shell=True)
+ output = subprocess.check_output(
+ command,
+ stderr=subprocess.STDOUT,
+ shell=True)
token_list = re.findall("Install token: \"(.*)\"", output)
if not token_list:
@@ -3034,12 +3168,13 @@ class SecurityDomain:
str(sechost),
str(secadminport),
extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output,
+ config.pki_log.error(
+ log.PKI_SUBPROCESS_ERROR_1, output,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
- raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2
- %
- (str(sechost), str(secadminport)))
+ if critical_failure:
+ raise Exception(
+ log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 %
+ (str(sechost), str(secadminport)))
else:
token = token_list[0]
return token
@@ -3051,10 +3186,11 @@ class SecurityDomain:
extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return None
+
class Systemd(object):
"""PKI Deployment Execution Management Class"""
@@ -3109,7 +3245,7 @@ class Systemd(object):
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -3141,7 +3277,7 @@ class Systemd(object):
try:
service = None
# Execute the "systemd daemon-reload" management lifecycle command
- if reload_daemon == True:
+ if reload_daemon:
self.daemon_reload(critical_failure)
# Compose this "systemd" execution management command
if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
@@ -3155,7 +3291,7 @@ class Systemd(object):
if pki.system.SYSTEM_TYPE == "debian":
command = ["/etc/init.d/pki-tomcatd", "start",
- self.mdict['pki_instance_name']]
+ self.mdict['pki_instance_name']]
else:
command = ["systemctl", "start", service]
@@ -3171,7 +3307,7 @@ class Systemd(object):
return
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -3210,7 +3346,7 @@ class Systemd(object):
if pki.system.SYSTEM_TYPE == "debian":
command = ["/etc/init.d/pki-tomcatd", "stop",
- self.mdict['pki_instance_name']]
+ self.mdict['pki_instance_name']]
else:
command = ["systemctl", "stop", service]
@@ -3223,7 +3359,7 @@ class Systemd(object):
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -3256,7 +3392,7 @@ class Systemd(object):
service = None
# Compose this "systemd" execution management command
# Execute the "systemd daemon-reload" management lifecycle command
- if reload_daemon == True:
+ if reload_daemon:
self.daemon_reload(critical_failure)
if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
service = "pki-apached" + "@" +\
@@ -3269,7 +3405,7 @@ class Systemd(object):
if pki.system.SYSTEM_TYPE == "debian":
command = ["/etc/init.d/pki-tomcatd", "restart",
- self.mdict['pki_instance_name']]
+ self.mdict['pki_instance_name']]
else:
command = ["systemctl", "restart", service]
@@ -3285,7 +3421,7 @@ class Systemd(object):
return
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
extra=config.PKI_INDENTATION_LEVEL_2)
- if critical_failure == True:
+ if critical_failure:
raise
return
@@ -3300,15 +3436,16 @@ class ConfigClient:
self.clone = config.str2bool(self.mdict['pki_clone'])
self.external = config.str2bool(self.mdict['pki_external'])
self.external_step_two = config.str2bool(
- self.mdict['pki_external_step_two'])
+ self.mdict['pki_external_step_two'])
self.standalone = config.str2bool(self.mdict['pki_standalone'])
self.subordinate = config.str2bool(self.mdict['pki_subordinate'])
# set useful 'string' object variables for this class
self.subsystem = self.mdict['pki_subsystem']
def configure_pki_data(self, data):
- config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.info(
+ log.PKI_CONFIG_CONFIGURING_PKI_DATA,
+ extra=config.PKI_INDENTATION_LEVEL_2)
connection = pki.client.PKIConnection(
protocol='https',
@@ -3320,27 +3457,28 @@ class ConfigClient:
client = pki.system.SystemConfigClient(connection)
response = client.configure(data)
- config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \
- " " + str(response['status']),
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']),
+ extra=config.PKI_INDENTATION_LEVEL_2)
try:
certs = response['systemCerts']
except KeyError:
# no system certs created
- config.pki_log.debug("No new system certificates generated.",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ "No new system certificates generated.",
+ extra=config.PKI_INDENTATION_LEVEL_2)
certs = []
if not isinstance(certs, types.ListType):
certs = [certs]
for cdata in certs:
- if (self.subsystem == "CA" and
- self.external and
- not self.external_step_two):
+ if (self.subsystem == "CA" and self.external and
+ not self.external_step_two):
# External CA (Step 1)
if cdata['tag'].lower() == "signing":
# Save 'External CA Signing Certificate' CSR (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE,
self.mdict['pki_external_csr_path'])
return
@@ -3349,52 +3487,58 @@ class ConfigClient:
if cdata['tag'].lower() == "audit_signing":
# Save Stand-alone PKI 'Audit Signing Certificate' CSR
# (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1,
self.mdict['pki_external_audit_signing_csr_path'],
self.subsystem)
elif cdata['tag'].lower() == "signing":
# Save Stand-alone PKI OCSP 'OCSP Signing Certificate'
# CSR (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING,
self.mdict['pki_external_signing_csr_path'])
elif cdata['tag'].lower() == "sslserver":
# Save Stand-alone PKI 'SSL Server Certificate' CSR
# (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1,
self.mdict['pki_external_sslserver_csr_path'],
self.subsystem)
elif cdata['tag'].lower() == "storage":
# Save Stand-alone PKI KRA 'Storage Certificate' CSR
# (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE,
self.mdict['pki_external_storage_csr_path'])
elif cdata['tag'].lower() == "subsystem":
# Save Stand-alone PKI 'Subsystem Certificate' CSR
# (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1,
self.mdict['pki_external_subsystem_csr_path'],
self.subsystem)
elif cdata['tag'].lower() == "transport":
# Save Stand-alone PKI KRA 'Transport Certificate' CSR
# (Step 1)
- self.save_system_csr(cdata['request'],
+ self.save_system_csr(
+ cdata['request'],
log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT,
self.mdict['pki_external_transport_csr_path'])
else:
- config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \
- " " + cdata['tag'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \
- "\n" + cdata['cert'],
- extra=config.PKI_INDENTATION_LEVEL_2)
- config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \
- "\n" + cdata['request'],
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'],
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Cloned PKI subsystems do not return an Admin Certificate
if not self.clone:
@@ -3417,8 +3561,10 @@ class ConfigClient:
if root.tag == 'PKIException':
message = root.findall('.//Message')[0].text
if message is not None:
- config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.error(
+ log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " "
+ + message,
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
config.pki_log.error(
log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e),
@@ -3427,9 +3573,9 @@ class ConfigClient:
return
def process_admin_cert(self, admin_cert):
- config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \
- "\n" + admin_cert,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.debug(
+ log.PKI_CONFIG_RESPONSE_ADMIN_CERT + "\n" + admin_cert,
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Store the Administration Certificate in a file
admin_cert_file = self.mdict['pki_client_admin_cert']
@@ -3440,7 +3586,8 @@ class ConfigClient:
# convert the cert file to binary
command = ["AtoB", admin_cert_file, admin_cert_bin_file]
- config.pki_log.info(' '.join(command),
+ config.pki_log.info(
+ ' '.join(command),
extra=config.PKI_INDENTATION_LEVEL_2)
try:
subprocess.check_call(command)
@@ -3479,13 +3626,13 @@ class ConfigClient:
self.mdict['pki_client_password_conf'],
self.mdict['pki_client_database_dir'])
- os.chmod(self.mdict['pki_client_admin_cert_p12'],
+ os.chmod(
+ self.mdict['pki_client_admin_cert_p12'],
config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
-
def construct_pki_configuration_data(self):
config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA,
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
data = pki.system.ConfigurationRequest()
@@ -3507,7 +3654,7 @@ class ConfigClient:
# Security Domain
if ((self.subsystem != "CA" or self.clone or self.subordinate) and
- not self.standalone):
+ not self.standalone):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
# CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
# Subordinate CA
@@ -3542,10 +3689,8 @@ class ConfigClient:
def save_admin_csr(self):
config.pki_log.info(
- log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + \
- " '" + \
- self.mdict['pki_external_admin_csr_path'] + \
- "'", self.subsystem,
+ log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + " '" +
+ self.mdict['pki_external_admin_csr_path'] + "'", self.subsystem,
extra=config.PKI_INDENTATION_LEVEL_2)
self.deployer.directory.create(
os.path.dirname(self.mdict['pki_external_admin_csr_path']))
@@ -3562,8 +3707,8 @@ class ConfigClient:
# Read in and print Admin certificate request
with open(self.mdict['pki_external_admin_csr_path'], "r") as f:
admin_certreq = f.read()
- config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \
- "\n" + admin_certreq,
+ config.pki_log.info(
+ log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq,
extra=config.PKI_INDENTATION_LEVEL_2)
def save_admin_cert(self, message, input_data, output_file, subsystem_name):
@@ -3621,12 +3766,14 @@ class ConfigClient:
cert1.tag = self.mdict['pki_ca_signing_tag']
# Load the External CA or Stand-alone PKI
# 'External CA Signing Certificate' (Step 2)
- self.load_system_cert(cert1,
+ self.load_system_cert(
+ cert1,
log.PKI_CONFIG_EXTERNAL_CA_LOAD,
self.mdict['pki_external_ca_cert_path'])
# Load the External CA or Stand-alone PKI
# 'External CA Signing Certificate Chain' (Step 2)
- self.load_system_cert_chain(cert1,
+ self.load_system_cert_chain(
+ cert1,
log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD,
self.mdict['pki_external_ca_cert_chain_path'])
systemCerts.append(cert1)
@@ -3637,13 +3784,14 @@ class ConfigClient:
# Create 'OCSP Signing Certificate'
if not self.clone:
if (self.subsystem == "OCSP" and
- self.standalone and
- self.external_step_two):
+ self.standalone and
+ self.external_step_two):
# Stand-alone PKI OCSP (Step 2)
cert2 = self.create_system_cert("ocsp_signing")
# Load the Stand-alone PKI OCSP 'OCSP Signing Certificate'
# (Step 2)
- self.load_system_cert(cert2,
+ self.load_system_cert(
+ cert2,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING,
self.mdict['pki_external_signing_cert_path'])
cert2.signingAlgorithm = \
@@ -3665,7 +3813,8 @@ class ConfigClient:
# Stand-alone PKI (Step 2)
cert3 = self.create_system_cert("ssl_server")
# Load the Stand-alone PKI 'SSL Server Certificate' (Step 2)
- self.load_system_cert(cert3,
+ self.load_system_cert(
+ cert3,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1,
self.mdict['pki_external_sslserver_cert_path'],
self.subsystem)
@@ -3694,7 +3843,8 @@ class ConfigClient:
# Stand-alone PKI (Step 2)
cert4 = self.create_system_cert("subsystem")
# Load the Stand-alone PKI 'Subsystem Certificate' (Step 2)
- self.load_system_cert(cert4,
+ self.load_system_cert(
+ cert4,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1,
self.mdict['pki_external_subsystem_cert_path'],
self.subsystem)
@@ -3722,7 +3872,8 @@ class ConfigClient:
# Stand-alone PKI (Step 2)
cert5 = self.create_system_cert("audit_signing")
# Load the Stand-alone PKI 'Audit Signing Certificate' (Step 2)
- self.load_system_cert(cert5,
+ self.load_system_cert(
+ cert5,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1,
self.mdict['pki_external_audit_signing_cert_path'],
self.subsystem)
@@ -3738,19 +3889,21 @@ class ConfigClient:
# Create 'DRM Transport Certificate' and 'DRM Storage Certificate'
if not self.clone:
if (self.subsystem == "KRA" and
- self.standalone and
- self.external_step_two):
+ self.standalone and
+ self.external_step_two):
# Stand-alone PKI KRA Transport Certificate (Step 2)
cert6 = self.create_system_cert("transport")
# Load the Stand-alone PKI KRA 'Transport Certificate' (Step 2)
- self.load_system_cert(cert6,
+ self.load_system_cert(
+ cert6,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT,
self.mdict['pki_external_transport_cert_path'])
systemCerts.append(cert6)
# Stand-alone PKI KRA Storage Certificate (Step 2)
cert7 = self.create_system_cert("storage")
# Load the Stand-alone PKI KRA 'Storage Certificate' (Step 2)
- self.load_system_cert(cert7,
+ self.load_system_cert(
+ cert7,
log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE,
self.mdict['pki_external_storage_cert_path'])
systemCerts.append(cert7)
@@ -3866,7 +4019,7 @@ class ConfigClient:
elif line.startswith("-----END CERTIFICATE-----"):
continue
else:
- imported_admin_cert = imported_admin_cert + line
+ imported_admin_cert += line
with open(self.mdict['pki_admin_cert_file'], "w") as f:
f.write(imported_admin_cert)
# read config from file
@@ -3889,18 +4042,19 @@ class ConfigClient:
noise_file, int(self.mdict['pki_admin_keysize']))
self.deployer.certutil.generate_certificate_request(
- self.mdict['pki_admin_subject_dn'],
- self.mdict['pki_admin_keysize'],
- self.mdict['pki_client_password_conf'],
- noise_file,
- output_file,
- self.mdict['pki_client_database_dir'],
- None, None, True)
+ self.mdict['pki_admin_subject_dn'],
+ self.mdict['pki_admin_keysize'],
+ self.mdict['pki_client_password_conf'],
+ noise_file,
+ output_file,
+ self.mdict['pki_client_database_dir'],
+ None, None, True)
# convert output to ascii
command = ["BtoA", output_file, output_file + ".asc"]
- config.pki_log.info(' '.join(command),
- extra=config.PKI_INDENTATION_LEVEL_2)
+ config.pki_log.info(
+ ' '.join(command),
+ extra=config.PKI_INDENTATION_LEVEL_2)
try:
subprocess.check_call(command)
except subprocess.CalledProcessError as exc:
@@ -3928,9 +4082,9 @@ class ConfigClient:
def set_issuing_ca_parameters(self, data):
if (self.subsystem != "CA" or
- self.clone or
- self.subordinate or
- self.external):
+ self.clone or
+ self.subordinate or
+ self.external):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
# CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone,
# Subordinate CA, External CA, or Stand-alone PKI
@@ -3939,7 +4093,8 @@ class ConfigClient:
def set_tps_parameters(self, data):
data.caUri = self.mdict['pki_ca_uri']
data.tksUri = self.mdict['pki_tks_uri']
- data.enableServerSideKeyGen = self.mdict['pki_enable_server_side_keygen']
+ data.enableServerSideKeyGen = \
+ self.mdict['pki_enable_server_side_keygen']
if config.str2bool(self.mdict['pki_enable_server_side_keygen']):
data.kraUri = self.mdict['pki_kra_uri']
data.authdbHost = self.mdict['pki_authdb_hostname']
@@ -3989,6 +4144,7 @@ class ConfigClient:
cert.token = cs_cfg.get(cstype + ".subsystem.tokenname")
return cert
+
class PKIDeployer:
"""Holds the global dictionaries and the utility objects"""
diff --git a/base/server/python/pki/server/deployment/pkilogging.py b/base/server/python/pki/server/deployment/pkilogging.py
index c91a7656f..14c11cf4d 100644
--- a/base/server/python/pki/server/deployment/pkilogging.py
+++ b/base/server/python/pki/server/deployment/pkilogging.py
@@ -29,6 +29,7 @@ sensitive_parameters = []
# Initialize 'pretty print' for objects
pp = pprint.PrettyPrinter(indent=4)
+
def log_format(given_dict):
new_dict = {}
@@ -42,6 +43,7 @@ def log_format(given_dict):
return pp.pformat(new_dict)
+
# PKI Deployment Logging Functions
def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name):
if not os.path.isdir(log_dir):
@@ -57,8 +59,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name):
# Configure console handler
console = logging.StreamHandler()
console.setLevel(console_log_level)
- console_format = logging.Formatter('%(name)-12s: ' + \
- '%(levelname)-8s ' + \
+ console_format = logging.Formatter('%(name)-12s: ' +
+ '%(levelname)-8s ' +
'%(indent)s%(message)s')
console.setFormatter(console_format)
logger.addHandler(console)
@@ -66,8 +68,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name):
# Configure file handler
log_file = logging.FileHandler(log_dir + "/" + log_name, 'w')
log_file.setLevel(log_level)
- file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + \
- '%(levelname)-8s ' + \
+ file_format = logging.Formatter('%(asctime)s %(name)-12s: ' +
+ '%(levelname)-8s ' +
'%(indent)s%(message)s',
'%Y-%m-%d %H:%M:%S')
log_file.setFormatter(file_format)
diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py
index 8ba60dd8b..593fb20d3 100644
--- a/base/server/python/pki/server/deployment/pkimanifest.py
+++ b/base/server/python/pki/server/deployment/pkimanifest.py
@@ -36,13 +36,13 @@ RECORD_TYPE_SYMLINK = "symlink"
# PKI Deployment Manifest Record Class
class Record(object):
__slots__ = "name", \
- "type", \
- "user", \
- "group", \
- "uid", \
- "gid", \
- "permissions", \
- "acls",
+ "type", \
+ "user", \
+ "group", \
+ "uid", \
+ "gid", \
+ "permissions", \
+ "acls",
def __init__(self):
self.name = None
@@ -55,18 +55,18 @@ class Record(object):
self.acls = None
def items(self):
- "dict style items"
+ """dict style items"""
return [
(field_name, getattr(self, field_name))
for field_name in self.__slots__]
def __iter__(self):
- "iterate over fields tuple/list style"
+ """iterate over fields tuple/list style"""
for field_name in self.__slots__:
yield getattr(self, field_name)
def __getitem__(self, index):
- "tuple/list style getitem"
+ """tuple/list style getitem"""
return getattr(self, self.__slots__[index])
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py
index 7e98ff052..2e518d8df 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -61,7 +61,8 @@ PKI_CONFIGURATION_STANDALONE_1 = " Please obtain the necessary "\
"certificates for this stand-alone %s,\n"\
" and re-run the configuration for "\
"step two."
-PKI_CONFIGURATION_URL_1 = " Please start the configuration by accessing:\n %s"
+PKI_CONFIGURATION_URL_1 = \
+ " Please start the configuration by accessing:\n %s"
PKI_CONFIGURATION_WIZARD_RESTART_1 = "After configuration, the server can be "\
"operated by the command:\n%s"
PKI_CONFIGURATION_WIZARD_URL_1 = "Configuration Wizard listening on\n%s"
@@ -244,17 +245,17 @@ PKIHELPER_NOISE_FILE_2 = "generating noise file called '%s' and "\
"filling it with '%d' random bytes"
PKIHELPER_PASSWORD_CONF_1 = "generating '%s'"
PKIHELPER_PASSWORD_NOT_FOUND_1 = "no password found for '%s'!"
-PKIHELPER_PK12UTIL_MISSING_DBPWFILE = "pk12util missing "\
- "-k db-password-file option!"
-PKIHELPER_PK12UTIL_MISSING_NICKNAME = "pk12util missing "\
- "-n nickname option!"
-PKIHELPER_PK12UTIL_MISSING_OUTFILE = "pk12util missing "\
- "-o output-file option!"
-PKIHELPER_PK12UTIL_MISSING_PWFILE = "pk12util missing "\
- "-w pw-file option!"
+PKIHELPER_PK12UTIL_MISSING_DBPWFILE = \
+ "pk12util missing -k db-password-file option!"
+PKIHELPER_PK12UTIL_MISSING_NICKNAME = \
+ "pk12util missing -n nickname option!"
+PKIHELPER_PK12UTIL_MISSING_OUTFILE = \
+ "pk12util missing -o output-file option!"
+PKIHELPER_PK12UTIL_MISSING_PWFILE = \
+ "pk12util missing -w pw-file option!"
-PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = "instance '%s' contains '%d' "\
- "PKI subsystems"
+PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = \
+ "instance '%s' contains '%d' PKI subsystems"
PKIHELPER_REMOVE_FILTER_SECTION_1 = "removing filter section from '%s'"
PKIHELPER_RM_F_1 = "rm -f %s"
PKIHELPER_RM_RF_1 = "rm -rf %s"
@@ -320,38 +321,35 @@ PKI_CONFIG_CDATA_CERT = "cert:"
PKI_CONFIG_CDATA_REQUEST = "request:"
PKI_CONFIG_CONFIGURING_PKI_DATA = "configuring PKI configuration data."
PKI_CONFIG_CONSTRUCTING_PKI_DATA = "constructing PKI configuration data."
-PKI_CONFIG_PKCS10_SUPPORT_ONLY = "only the 'pkcs10' certificate request type "\
- "is currently supported"
-PKI_CONFIG_EXTERNAL_CA_LOAD = "loading external CA signing certificate "\
- "from file:"
-PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = "loading external CA signing certificate "\
- "chain from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = "loading external CA signed KRA "\
- "Storage certificate from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = "loading external CA signed KRA "\
- "Transport certificate from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = "loading external CA signed OCSP "\
- "Signing certificate from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = "loading external CA signed "\
- "%s SSL Server certificate "\
- "from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = "loading external CA signed "\
- "%s Subsystem certificate "\
- "from file:"
-PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = "loading external CA "\
- "signed %s Audit Signing "\
- "certificate from file:"
+PKI_CONFIG_PKCS10_SUPPORT_ONLY = \
+ "only the 'pkcs10' certificate request type is currently supported"
+PKI_CONFIG_EXTERNAL_CA_LOAD = \
+ "loading external CA signing certificate from file:"
+PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = \
+ "loading external CA signing certificate chain from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = \
+ "loading external CA signed KRA Storage certificate from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = \
+ "loading external CA signed KRA Transport certificate from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = \
+ "loading external CA signed OCSP Signing certificate from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = \
+ "loading external CA signed %s SSL Server certificate from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = \
+ "loading external CA signed %s Subsystem certificate from file:"
+PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = \
+ "loading external CA signed %s Audit Signing certificate from file:"
PKI_CONFIG_EXTERNAL_CSR_SAVE = "saving CA Signing CSR to file:"
PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE = "saving KRA Storage CSR to file:"
PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT = "saving KRA Transport CSR to file:"
PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING = "saving OCSP Signing CSR to file:"
PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 = "saving %s Admin CSR to file:"
-PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = "saving %s Audit Signing "\
- "CSR to file:"
-PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = "saving %s SSL Server CSR "\
- "to file:"
-PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = "saving %s Subsystem CSR "\
- "to file:"
+PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = \
+ "saving %s Audit Signing CSR to file:"
+PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = \
+ "saving %s SSL Server CSR to file:"
+PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = \
+ "saving %s Subsystem CSR to file:"
PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION = \
"Exception from Java Configuration Servlet:"
PKI_CONFIG_RESPONSE_ADMIN_CERT = "adminCert:"
@@ -361,8 +359,9 @@ PKI_CHECK_STATUS_MESSAGE = " To check the status of the subsystem: \n"\
" systemctl status pki-tomcatd@%s.service"
PKI_ACCESS_URL = " The URL for the subsystem is: \n"\
" https://%s:%s/%s"
-PKI_INSTANCE_RESTART_MESSAGE = " To restart the subsystem: \n"\
- " systemctl restart pki-tomcatd@%s.service"
+PKI_INSTANCE_RESTART_MESSAGE = \
+ " To restart the subsystem: \n"\
+ " systemctl restart pki-tomcatd@%s.service"
PKI_SPAWN_INFORMATION_HEADER = "\n ==========================================================================\n"\
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 620c9bdb5..a0e315d0e 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -54,36 +54,41 @@ class PKIConfigParser:
#Read and process command-line options
self.arg_parser = argparse.ArgumentParser(
- description=description,
- add_help=False,
- formatter_class=argparse.RawDescriptionHelpFormatter,
- epilog=epilog)
+ description=description,
+ add_help=False,
+ formatter_class=argparse.RawDescriptionHelpFormatter,
+ epilog=epilog)
# Establish 'Mandatory' command-line options
- self.mandatory = self.arg_parser.add_argument_group('mandatory arguments')
+ self.mandatory = self.arg_parser.add_argument_group(
+ 'mandatory arguments')
# Establish 'Optional' command-line options
self.optional = self.arg_parser.add_argument_group('optional arguments')
- self.optional.add_argument('-s',
- dest='pki_subsystem', action='store',
- nargs=1, choices=config.PKI_SUBSYSTEMS,
- metavar='<subsystem>',
- help='where <subsystem> is '
- 'CA, KRA, OCSP, RA, TKS, or TPS')
- self.optional.add_argument('-h', '--help',
- dest='help', action='help',
- help='show this help message and exit')
- self.optional.add_argument('-v',
- dest='pki_verbosity', action='count',
- help='display verbose information (details below)')
+ self.optional.add_argument(
+ '-s',
+ dest='pki_subsystem', action='store',
+ nargs=1, choices=config.PKI_SUBSYSTEMS,
+ metavar='<subsystem>',
+ help='where <subsystem> is '
+ 'CA, KRA, OCSP, RA, TKS, or TPS')
+ self.optional.add_argument(
+ '-h', '--help',
+ dest='help', action='help',
+ help='show this help message and exit')
+ self.optional.add_argument(
+ '-v',
+ dest='pki_verbosity', action='count',
+ help='display verbose information (details below)')
# Establish 'Test' command-line options
test = self.arg_parser.add_argument_group('test arguments')
- test.add_argument('-p',
- dest='pki_root_prefix', action='store',
- nargs=1, metavar='<prefix>',
- help='directory prefix to specify local directory '
- '[TEST ONLY]')
+ test.add_argument(
+ '-p',
+ dest='pki_root_prefix', action='store',
+ nargs=1, metavar='<prefix>',
+ help='directory prefix to specify local directory '
+ '[TEST ONLY]')
self.indent = 0
self.ds_connection = None
self.sd_connection = None
@@ -123,13 +128,12 @@ class PKIConfigParser:
return args
-
def validate(self):
# Validate command-line options
if len(config.pki_root_prefix) > 0:
- if not os.path.exists(config.pki_root_prefix) or\
- not os.path.isdir(config.pki_root_prefix):
+ if not os.path.exists(config.pki_root_prefix) or \
+ not os.path.isdir(config.pki_root_prefix):
print "ERROR: " + \
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \
config.pki_root_prefix
@@ -138,8 +142,8 @@ class PKIConfigParser:
self.arg_parser.exit(-1)
# always default that configuration file exists
- if not os.path.exists(config.default_deployment_cfg) or\
- not os.path.isfile(config.default_deployment_cfg):
+ if not os.path.exists(config.default_deployment_cfg) or \
+ not os.path.isfile(config.default_deployment_cfg):
print "ERROR: " + \
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \
config.default_deployment_cfg
@@ -149,8 +153,8 @@ class PKIConfigParser:
if config.user_deployment_cfg:
# verify user configuration file exists
- if not os.path.exists(config.user_deployment_cfg) or\
- not os.path.isfile(config.user_deployment_cfg):
+ if not os.path.exists(config.user_deployment_cfg) or \
+ not os.path.isfile(config.user_deployment_cfg):
print "ERROR: " + \
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \
config.user_deployment_cfg
@@ -158,7 +162,6 @@ class PKIConfigParser:
self.arg_parser.print_help()
self.arg_parser.exit(-1)
-
def init_config(self):
# RESTEasy
@@ -184,7 +187,8 @@ class PKIConfigParser:
default_http_port = '80'
default_https_port = '443'
- application_version = str(pki.upgrade.Version(pki.implementation_version()))
+ application_version = str(pki.upgrade.Version(
+ pki.implementation_version()))
self.pki_config = ConfigParser.SafeConfigParser({
'application_version': application_version,
@@ -194,7 +198,7 @@ class PKIConfigParser:
'pki_dns_domainname': config.pki_dns_domainname,
'pki_subsystem': config.pki_subsystem,
'pki_subsystem_type': config.pki_subsystem.lower(),
- 'pki_root_prefix' : config.pki_root_prefix,
+ 'pki_root_prefix': config.pki_root_prefix,
'resteasy_lib': resteasy_lib,
'jni_jar_dir': jni_jar_dir,
'home_dir': os.path.expanduser("~"),
@@ -211,7 +215,6 @@ class PKIConfigParser:
self.flatten_master_dict()
-
# The following code is based heavily upon
# "http://www.decalage.info/en/python/configparser"
@staticmethod
@@ -234,7 +237,6 @@ class PKIConfigParser:
values[name] = value
return values
-
def set_property(self, section, key, value):
if section != "DEFAULT" and not self.pki_config.has_section(section):
self.pki_config.add_section(section)
@@ -245,13 +247,13 @@ class PKIConfigParser:
config.user_config.add_section(section)
config.user_config.set(section, key, value)
-
def print_text(self, message):
print ' ' * self.indent + message
- def read_text(self, message,
- section=None, key=None, default=None,
- options=None, sign=':', allow_empty=True, case_sensitive=True):
+ def read_text(
+ self, message,
+ section=None, key=None, default=None,
+ options=None, sign=':', allow_empty=True, case_sensitive=True):
if default is None and key is not None:
default = self.mdict[key]
@@ -291,9 +293,9 @@ class PKIConfigParser:
return value
-
- def read_password(self, message, section=None, key=None,
- verifyMessage=None):
+ def read_password(
+ self, message, section=None, key=None,
+ verifyMessage=None):
message = ' ' * self.indent + message + ': '
if verifyMessage is not None:
verifyMessage = ' ' * self.indent + verifyMessage + ': '
@@ -321,19 +323,21 @@ class PKIConfigParser:
return password
def read_pki_configuration_file(self):
- "Read configuration file sections into dictionaries"
+ """Read configuration file sections into dictionaries"""
rv = 0
try:
if config.user_deployment_cfg:
# We don't allow interpolation in password settings, which
# means that we need to deal with escaping '%' characters
# that might be present.
- no_interpolation = ('pki_admin_password', 'pki_backup_password',
- 'pki_client_database_password',
- 'pki_client_pkcs12_password',
- 'pki_ds_password', 'pki_security_domain_password')
-
- print 'Loading deployment configuration from ' + config.user_deployment_cfg + '.'
+ no_interpolation = (
+ 'pki_admin_password', 'pki_backup_password',
+ 'pki_client_database_password',
+ 'pki_client_pkcs12_password',
+ 'pki_ds_password', 'pki_security_domain_password')
+
+ print 'Loading deployment configuration from ' + \
+ config.user_deployment_cfg + '.'
self.pki_config.read([config.user_deployment_cfg])
config.user_config.read([config.user_deployment_cfg])
@@ -345,9 +349,11 @@ class PKIConfigParser:
for section in sections:
for key in no_interpolation:
try:
- val = self.pki_config.get(section, key, raw=True)
+ val = self.pki_config.get(
+ section, key, raw=True)
if val:
- self.pki_config.set(section, key, val.replace("%", "%%"))
+ self.pki_config.set(
+ section, key, val.replace("%", "%%"))
except ConfigParser.NoOptionError:
continue
@@ -357,9 +363,11 @@ class PKIConfigParser:
for section in sections:
for key in no_interpolation:
try:
- val = config.user_config.get(section, key, raw=True)
+ val = config.user_config.get(
+ section, key, raw=True)
if val:
- config.user_config.set(section, key, val.replace("%", "%%"))
+ config.user_config.set(
+ section, key, val.replace("%", "%%"))
except ConfigParser.NoOptionError:
continue
except ConfigParser.ParsingError, err:
@@ -367,7 +375,6 @@ class PKIConfigParser:
rv = err
return rv
-
def flatten_master_dict(self):
self.mdict.update(__name__="PKI Master Dictionary")
@@ -392,7 +399,6 @@ class PKIConfigParser:
subsystem_dict[0] = None
self.mdict.update(subsystem_dict)
-
def ds_connect(self):
hostname = self.mdict['pki_ds_hostname']
@@ -404,7 +410,8 @@ class PKIConfigParser:
protocol = 'ldap'
port = self.mdict['pki_ds_ldap_port']
- self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port)
+ self.ds_connection = ldap.initialize(
+ protocol + '://' + hostname + ':' + port)
def ds_bind(self):
self.ds_connection.simple_bind_s(
@@ -463,9 +470,9 @@ class PKIConfigParser:
info = sd.get_security_domain_info()
except requests.exceptions.HTTPError as e:
config.pki_log.info(
- "unable to access security domain through REST interface. " + \
+ "unable to access security domain through REST interface. " +
"Trying old interface. " + str(e),
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
info = sd.get_old_security_domain_info()
return info
@@ -482,9 +489,9 @@ class PKIConfigParser:
code = e.response.status_code
if code == 404 or code == 501:
config.pki_log.warning(
- "unable to validate security domain user/password " + \
+ "unable to validate security domain user/password " +
"through REST interface. Interface not available",
- extra=config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
else:
raise
@@ -498,7 +505,8 @@ class PKIConfigParser:
else:
protocol = 'ldap'
- self.authdb_connection = ldap.initialize(protocol + '://' + hostname + ':' + port)
+ self.authdb_connection = ldap.initialize(
+ protocol + '://' + hostname + ':' + port)
self.authdb_connection.search_s('', ldap.SCOPE_BASE)
def authdb_base_dn_exists(self):
@@ -518,17 +526,20 @@ class PKIConfigParser:
def get_server_status(self, system_type, system_uri):
parse = urlparse(self.mdict[system_uri])
conn = pki.client.PKIConnection(
- protocol=parse.scheme,
- hostname=parse.hostname,
- port=str(parse.port),
- subsystem=system_type)
+ protocol=parse.scheme,
+ hostname=parse.hostname,
+ port=str(parse.port),
+ subsystem=system_type)
client = pki.system.SystemStatusClient(conn)
response = client.get_status()
root = ET.fromstring(response)
return root.findtext("Status")
def compose_pki_master_dictionary(self):
- "Create a single master PKI dictionary from the sectional dictionaries"
+ """
+ Create a single master PKI dictionary from the
+ sectional dictionaries
+ """
try:
# 'pkispawn'/'pkidestroy' name/value pairs
self.mdict['pki_deployment_executable'] = \
@@ -538,7 +549,8 @@ class PKIConfigParser:
self.mdict['pki_certificate_timestamp'] = \
config.pki_certificate_timestamp
self.mdict['pki_architecture'] = config.pki_architecture
- self.mdict['pki_default_deployment_cfg'] = config.default_deployment_cfg
+ self.mdict['pki_default_deployment_cfg'] = \
+ config.default_deployment_cfg
self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg
self.mdict['pki_deployed_instance_name'] = \
config.pki_deployed_instance_name
@@ -554,22 +566,23 @@ class PKIConfigParser:
self.flatten_master_dict()
- pkilogging.sensitive_parameters = self.mdict['sensitive_parameters'].split()
+ pkilogging.sensitive_parameters = \
+ self.mdict['sensitive_parameters'].split()
# Always create "false" values for these missing "boolean" keys
- if not self.mdict.has_key('pki_enable_access_log') or\
+ if not 'pki_enable_access_log' in self.mdict or\
not len(self.mdict['pki_enable_access_log']):
self.mdict['pki_enable_access_log'] = "false"
- if not self.mdict.has_key('pki_external') or\
+ if not 'pki_external' in self.mdict or\
not len(self.mdict['pki_external']):
self.mdict['pki_external'] = "false"
- if not self.mdict.has_key('pki_external_step_two') or\
+ if not 'pki_external_step_two' in self.mdict or\
not len(self.mdict['pki_external_step_two']):
self.mdict['pki_external_step_two'] = "false"
- if not self.mdict.has_key('pki_standalone') or\
+ if not 'pki_standalone' in self.mdict or\
not len(self.mdict['pki_standalone']):
self.mdict['pki_standalone'] = "false"
- if not self.mdict.has_key('pki_subordinate') or\
+ if not 'pki_subordinate' in self.mdict or\
not len(self.mdict['pki_subordinate']):
self.mdict['pki_subordinate'] = "false"
@@ -581,7 +594,7 @@ class PKIConfigParser:
self.mdict['pki_target_registry'] = \
os.path.join(self.mdict['pki_instance_registry_path'],
self.mdict['pki_instance_name'])
- if (config.str2bool(self.mdict['pki_external_step_two'])):
+ if config.str2bool(self.mdict['pki_external_step_two']):
# For CA (External CA Step 2) and Stand-alone PKI (Step 2),
# use the 'pki_one_time_pin' established during the setup
# of (Step 1)
@@ -589,11 +602,12 @@ class PKIConfigParser:
and\
os.path.isfile(self.mdict['pki_target_cs_cfg']):
cs_cfg = self.read_simple_configuration_file(
- self.mdict['pki_target_cs_cfg'])
+ self.mdict['pki_target_cs_cfg'])
self.mdict['pki_one_time_pin'] = \
cs_cfg.get('preop.pin')
else:
- config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
+ config.pki_log.error(
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
self.mdict['pki_target_cs_cfg'],
extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1)
@@ -602,7 +616,7 @@ class PKIConfigParser:
# and add this to the "sensitive" key value pairs read in from
# the configuration file
self.mdict['pki_one_time_pin'] = \
- ''.join(random.choice(string.ascii_letters + string.digits)\
+ ''.join(random.choice(string.ascii_letters + string.digits)
for x in range(20))
if self.mdict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
@@ -649,73 +663,72 @@ class PKIConfigParser:
# subystem-specific slot substitution name/value pairs
if self.mdict['pki_subsystem'] == "CA":
self.mdict['pki_target_flatfile_txt'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "flatfile.txt")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "flatfile.txt")
self.mdict['pki_target_proxy_conf'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "proxy.conf")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "proxy.conf")
self.mdict['pki_target_registry_cfg'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "registry.cfg")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "registry.cfg")
# '*.profile'
self.mdict['pki_target_admincert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "adminCert.profile")
- self.mdict['pki_target_caauditsigningcert_profile']\
- = os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "caAuditSigningCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "adminCert.profile")
+ self.mdict['pki_target_caauditsigningcert_profile'] = \
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "caAuditSigningCert.profile")
self.mdict['pki_target_cacert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "caCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "caCert.profile")
self.mdict['pki_target_caocspcert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "caOCSPCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "caOCSPCert.profile")
self.mdict['pki_target_servercert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "serverCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "serverCert.profile")
self.mdict['pki_target_subsystemcert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "subsystemCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "subsystemCert.profile")
# in-place slot substitution name/value pairs
self.mdict['pki_target_profileselect_template'] = \
os.path.join(
- self.mdict\
- ['pki_tomcat_webapps_subsystem_path'],
+ self.mdict['pki_tomcat_webapps_subsystem_path'],
"ee",
self.mdict['pki_subsystem'].lower(),
"ProfileSelect.template")
elif self.mdict['pki_subsystem'] == "KRA":
# '*.profile'
self.mdict['pki_target_servercert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "serverCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "serverCert.profile")
self.mdict['pki_target_storagecert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "storageCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "storageCert.profile")
self.mdict['pki_target_subsystemcert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "subsystemCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "subsystemCert.profile")
self.mdict['pki_target_transportcert_profile'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "transportCert.profile")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "transportCert.profile")
elif self.mdict['pki_subsystem'] == "TPS":
self.mdict['pki_target_registry_cfg'] = \
- os.path.join(self.mdict\
- ['pki_subsystem_configuration_path'],
- "registry.cfg")
+ os.path.join(
+ self.mdict['pki_subsystem_configuration_path'],
+ "registry.cfg")
self.mdict['pki_target_phone_home_xml'] = \
os.path.join(
self.mdict['pki_subsystem_configuration_path'],
@@ -761,20 +774,15 @@ class PKIConfigParser:
self.mdict['SYSTEM_LIBRARIES_SLOT'] = None
self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None
self.mdict['TMP_DIR_SLOT'] = None
- elif self.mdict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
self.mdict['INSTALL_TIME_SLOT'] = \
self.mdict['pki_install_time']
self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \
self.mdict['pki_https_port']
- self.mdict\
- ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
+ self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
"Unused"
- self.mdict\
- ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
- ""
- self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = \
- "want"
+ self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = ""
+ self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want"
self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \
self.mdict['pki_https_port']
self.mdict['PKI_AJP_PORT_SLOT'] = \
@@ -789,19 +797,17 @@ class PKIConfigParser:
self.mdict['pki_pin']
self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \
self.mdict['pki_target_cs_cfg']
- self.mdict\
- ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
+ self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
"-->"
- self.mdict\
- ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+ self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
"-->"
self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \
self.mdict['pki_https_port']
self.mdict\
- ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \
+ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \
"Unused"
self.mdict\
- ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \
+ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \
""
self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \
self.mdict['pki_https_port']
@@ -822,15 +828,12 @@ class PKIConfigParser:
"tomcat")
self.mdict['PKI_HOSTNAME_SLOT'] = \
self.mdict['pki_hostname']
- self.mdict\
- ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
+ self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
"<!--"
- self.mdict\
- ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
+ self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
"<!--"
self.mdict['PKI_PIDDIR_SLOT'] = \
- os.path.join("/var/run/pki",
- "tomcat")
+ os.path.join("/var/run/pki", "tomcat")
if config.str2bool(self.mdict['pki_enable_proxy']):
self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
""
@@ -855,7 +858,7 @@ class PKIConfigParser:
"<!--"
self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
"<!--"
- if (config.str2bool(self.mdict['pki_standalone'])):
+ if config.str2bool(self.mdict['pki_standalone']):
# Stand-alone PKI
self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \
""
@@ -868,7 +871,7 @@ class PKIConfigParser:
self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \
"<!--"
self.mdict['PKI_STANDALONE_SLOT'] = "false"
- if (config.str2bool(self.mdict['pki_enable_access_log'])):
+ if config.str2bool(self.mdict['pki_enable_access_log']):
self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
""
self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \
@@ -924,7 +927,8 @@ class PKIConfigParser:
self.mdict['TOMCAT_LOG_DIR_SLOT'] = \
self.mdict['pki_instance_log_path']
self.mdict['TOMCAT_PIDFILE_SLOT'] = \
- "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + ".pid"
+ "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \
+ ".pid"
self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \
self.mdict['pki_tomcat_server_port']
self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
@@ -995,8 +999,7 @@ class PKIConfigParser:
if self.mdict['pki_subsystem'] == "CA":
self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \
- self.mdict\
- ['pki_random_serial_numbers_enable'].lower()
+ self.mdict['pki_random_serial_numbers_enable'].lower()
# Shared Apache/Tomcat NSS security database name/value pairs
self.mdict['pki_shared_pfile'] = \
os.path.join(
@@ -1032,9 +1035,9 @@ class PKIConfigParser:
self.mdict['pki_subsystem_configuration_path'],
"noise")
self.mdict['pki_self_signed_noise_bytes'] = 1024
- # Shared Apache/Tomcat NSS security database convenience symbolic links
- self.mdict\
- ['pki_subsystem_configuration_password_conf_link'] = \
+ # Shared Apache/Tomcat NSS security database convenience
+ # symbolic links
+ self.mdict['pki_subsystem_configuration_password_conf_link'] = \
os.path.join(
self.mdict['pki_subsystem_configuration_path'],
"password.conf")
@@ -1051,7 +1054,8 @@ class PKIConfigParser:
#
# Apache - [RA]
# Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS]
- # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone]
+ # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone],
+ # [TPS Clone]
# - [External CA]
# - [Subordinate CA]
#
@@ -1072,7 +1076,8 @@ class PKIConfigParser:
# self.mdict['pki_token_name']
#
# The following variables are established via the specified PKI
- # deployment configuration file and potentially overridden below:
+ # deployment configuration file and potentially overridden
+ # below:
#
# self.mdict['pki_security_domain_user']
# self.mdict['pki_issuing_ca']
@@ -1083,13 +1088,13 @@ class PKIConfigParser:
# use the CA admin uid if it's defined
if self.pki_config.has_option('CA', 'pki_admin_uid') and\
- len(self.pki_config.get('CA', 'pki_admin_uid')) > 0:
+ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0:
self.mdict['pki_security_domain_user'] = \
self.pki_config.get('CA', 'pki_admin_uid')
# or use the Default admin uid if it's defined
elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\
- len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0:
+ len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0:
self.mdict['pki_security_domain_user'] = \
self.pki_config.get('DEFAULT', 'pki_admin_uid')
@@ -1098,13 +1103,13 @@ class PKIConfigParser:
self.mdict['pki_security_domain_user'] = "caadmin"
if not config.str2bool(self.mdict['pki_skip_configuration']) and\
- (config.str2bool(self.mdict['pki_standalone'])):
+ (config.str2bool(self.mdict['pki_standalone'])):
# Stand-alone PKI
self.mdict['pki_security_domain_type'] = "new"
self.mdict['pki_issuing_ca'] = "External CA"
elif config.pki_subsystem != "CA" or\
- config.str2bool(self.mdict['pki_clone']) or\
- config.str2bool(self.mdict['pki_subordinate']):
+ config.str2bool(self.mdict['pki_clone']) or\
+ config.str2bool(self.mdict['pki_subordinate']):
# PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
# CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
# Subordinate CA
@@ -1160,12 +1165,12 @@ class PKIConfigParser:
if not 'pki_import_admin_cert' in self.mdict:
self.mdict['pki_import_admin_cert'] = 'false'
- elif not config.str2bool(self.mdict['pki_skip_configuration']) and\
- (config.str2bool(self.mdict['pki_standalone'])):
+ elif not config.str2bool(self.mdict['pki_skip_configuration']) and \
+ (config.str2bool(self.mdict['pki_standalone'])):
# Stand-alone PKI
self.mdict['pki_import_admin_cert'] = 'false'
- if (config.str2bool(self.mdict['pki_standalone'])):
+ if config.str2bool(self.mdict['pki_standalone']):
self.mdict['pki_ca_signing_tag'] = "external_signing"
else:
self.mdict['pki_ca_signing_tag'] = "signing"
@@ -1221,8 +1226,7 @@ class PKIConfigParser:
"restart" + " " + \
"pki-apached" + "@" + \
self.mdict['pki_instance_name'] + "." + "service"
- elif self.mdict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS:
+ elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
self.mdict['pki_registry_initscript_command'] = \
"systemctl" + " " + \
"restart" + " " + \
@@ -1244,7 +1248,6 @@ class PKIConfigParser:
raise
return
-
def compose_pki_slots_dictionary(self):
"""Read the slots configuration file to create
the appropriate PKI slots dictionary"""
diff --git a/base/server/python/pki/server/deployment/pkiscriptlet.py b/base/server/python/pki/server/deployment/pkiscriptlet.py
index f37bb1c15..2bf4d0750 100644
--- a/base/server/python/pki/server/deployment/pkiscriptlet.py
+++ b/base/server/python/pki/server/deployment/pkiscriptlet.py
@@ -33,6 +33,7 @@ class AbstractBasePkiScriptlet(object):
"""Retrieve data from the specified PKI dictionary and
use it to install a new PKI instance."""
return
+
# pylint: disable-msg=W0613
@abc.abstractmethod
def destroy(self, deployer):
diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py
index 57662b5d2..4cae695d1 100644
--- a/base/server/python/pki/server/upgrade.py
+++ b/base/server/python/pki/server/upgrade.py
@@ -80,26 +80,33 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet):
continue
if not self.can_upgrade_server(instance):
- if verbose: print 'Skipping ' + str(instance) + ' instance.'
+ if verbose:
+ print 'Skipping ' + str(instance) + ' instance.'
continue
try:
- if verbose: print 'Upgrading ' + str(instance) + ' instance.'
+ if verbose:
+ print 'Upgrading ' + str(instance) + ' instance.'
self.upgrade_instance(instance)
self.update_server_tracker(instance)
except Exception as e:
- if verbose: traceback.print_exc()
- else: print 'ERROR: ' + e.message
+ if verbose:
+ traceback.print_exc()
+ else:
+ print 'ERROR: ' + e.message
message = 'Failed upgrading ' + str(instance) + ' instance.'
if self.upgrader.silent:
print message
else:
- result = pki.read_text(message + ' Continue (Yes/No)',
- options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower()
- if result == 'y': continue
+ result = pki.read_text(
+ message + ' Continue (Yes/No)',
+ options=['Y', 'N'], default='Y',
+ delimiter='?', case_sensitive=False).lower()
+ if result == 'y':
+ continue
raise pki.server.PKIServerException(
'Upgrade failed in ' + str(instance) + ': ' + e.message,
@@ -110,26 +117,33 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet):
for subsystem in self.upgrader.subsystems(instance):
if not self.can_upgrade_server(instance, subsystem):
- if verbose: print 'Skipping ' + str(subsystem) + ' subsystem.'
+ if verbose:
+ print 'Skipping ' + str(subsystem) + ' subsystem.'
continue
try:
- if verbose: print 'Upgrading ' + str(subsystem) + ' subsystem.'
+ if verbose:
+ print 'Upgrading ' + str(subsystem) + ' subsystem.'
self.upgrade_subsystem(instance, subsystem)
self.update_server_tracker(instance, subsystem)
except Exception as e:
- if verbose: traceback.print_exc()
- else: print 'ERROR: ' + e.message
+ if verbose:
+ traceback.print_exc()
+ else:
+ print 'ERROR: ' + e.message
message = 'Failed upgrading ' + str(subsystem) + ' subsystem.'
if self.upgrader.silent:
print message
else:
- result = pki.read_text(message + ' Continue (Yes/No)',
- options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower()
- if result == 'y': continue
+ result = pki.read_text(
+ message + ' Continue (Yes/No)',
+ options=['Y', 'N'], default='Y',
+ delimiter='?', case_sensitive=False).lower()
+ if result == 'y':
+ continue
raise pki.server.PKIServerException(
'Upgrade failed in ' + str(subsystem) + ': ' + e.message,
@@ -146,14 +160,17 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet):
class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
- def __init__(self, instanceName=None, instanceType=None, subsystemName=None, \
- upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False):
+ def __init__(
+ self, instanceName=None, instanceType=None, subsystemName=None,
+ upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False):
- super(PKIServerUpgrader, self).__init__(upgrade_dir, version, index, silent)
+ super(PKIServerUpgrader, self).__init__(
+ upgrade_dir, version, index, silent)
if subsystemName and not instanceName:
raise pki.PKIException(
- 'Invalid subsystem: ' + subsystemName + ', Instance not defined')
+ 'Invalid subsystem: ' + subsystemName +
+ ', Instance not defined')
self.instanceName = instanceName
self.instanceType = instanceType
@@ -165,7 +182,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
def instances(self):
if self.instanceName and self.instanceType:
- return [pki.server.PKIInstance(self.instanceName, self.instanceType)]
+ return [pki.server.PKIInstance(
+ self.instanceName, self.instanceType)]
instance_list = []
@@ -173,23 +191,24 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, 'tomcat')):
for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR):
if not self.instanceName or \
- self.instanceName == instanceName:
- instance_list.append(pki.server.PKIInstance(instanceName))
+ self.instanceName == instanceName:
+ instance_list.append(
+ pki.server.PKIInstance(instanceName))
if not self.instanceType or self.instanceType == 9:
for s in pki.server.SUBSYSTEM_TYPES:
if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, s)):
- for instanceName in \
- os.listdir(os.path.join(pki.server.REGISTRY_DIR, s)):
+ for instanceName in os.listdir(
+ os.path.join(pki.server.REGISTRY_DIR, s)):
if not self.instanceName or \
- self.instanceName == instanceName:
- instance_list.append(pki.server.PKIInstance(instanceName, 9))
+ self.instanceName == instanceName:
+ instance_list.append(
+ pki.server.PKIInstance(instanceName, 9))
instance_list.sort()
return instance_list
-
def subsystems(self, instance):
if self.subsystemName:
@@ -198,11 +217,13 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
subsystem_list = []
if instance.type >= 10:
- registry_dir = os.path.join(pki.server.REGISTRY_DIR, 'tomcat',
+ registry_dir = os.path.join(
+ pki.server.REGISTRY_DIR, 'tomcat',
instance.name)
for subsystemName in os.listdir(registry_dir):
if subsystemName in pki.server.SUBSYSTEM_TYPES:
- subsystem_list.append(pki.server.PKISubsystem(instance, subsystemName))
+ subsystem_list.append(
+ pki.server.PKISubsystem(instance, subsystemName))
else:
for subsystemName in pki.server.SUBSYSTEM_TYPES:
registry_dir = os.path.join(
@@ -210,7 +231,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
subsystemName,
instance.name)
if os.path.exists(registry_dir):
- subsystem_list.append(pki.server.PKISubsystem(instance, subsystemName))
+ subsystem_list.append(
+ pki.server.PKISubsystem(instance, subsystemName))
subsystem_list.sort()
@@ -223,7 +245,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
try:
tracker = self.subsystem_trackers[instance]
except KeyError:
- tracker = pki.upgrade.PKIUpgradeTracker(name + ' subsystem',
+ tracker = pki.upgrade.PKIUpgradeTracker(
+ name + ' subsystem',
SUBSYSTEM_TRACKER % subsystem.conf_dir,
version_key='cms.product.version',
index_key='cms.upgrade.index')
@@ -233,7 +256,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
try:
tracker = self.instance_trackers[str(instance)]
except KeyError:
- tracker = pki.upgrade.PKIUpgradeTracker(str(instance) + ' instance',
+ tracker = pki.upgrade.PKIUpgradeTracker(
+ str(instance) + ' instance',
INSTANCE_TRACKER % instance.conf_dir,
version_key='PKI_VERSION',
index_key='PKI_UPGRADE_INDEX')
generated by cgit (git 2.34.1) at 2024-05-23 19:54:28 +0000