diff options
| author | Abhishek Koneru <akoneru@redhat.com> | 2013-05-16 10:40:12 -0400 |
|---|---|---|
| committer | Abhishek Koneru <akoneru@redhat.com> | 2013-05-21 12:20:24 -0400 |
| commit | 3cad3426c4762efeaec7dfb216e9fae28436fdfd (patch) | |
| tree | c80f00565da5af7508810b56641347f696fdb4b4 /base/server/src/engine | |
| parent | ae9454394bcfcd77361cead6f77c9dda80612b04 (diff) | |
| download | pki-3cad3426c4762efeaec7dfb216e9fae28436fdfd.tar.gz pki-3cad3426c4762efeaec7dfb216e9fae28436fdfd.tar.xz pki-3cad3426c4762efeaec7dfb216e9fae28436fdfd.zip | |
Do not use sys.exit() after an error.
Raise an exception on error so that it can be handled by the
caller.
Ticket #562
Diffstat (limited to 'base/server/src/engine')
| -rw-r--r-- | base/server/src/engine/pkihelper.py | 1282 | ||||
| -rw-r--r-- | base/server/src/engine/pkimanifest.py | 4 | ||||
| -rw-r--r-- | base/server/src/engine/pkiparser.py | 6 |
3 files changed, 668 insertions, 624 deletions
diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py index e7735d8d3..df3658307 100644 --- a/base/server/src/engine/pkihelper.py +++ b/base/server/src/engine/pkihelper.py @@ -59,7 +59,7 @@ import pki.client import pki.system # PKI Deployment Helper Functions -def pki_copytree(src, dst, symlinks=False, ignore=None): +def pki_copytree(src, dst, symlinks = False, ignore = None): """Recursively copy a directory tree using copy2(). PATCH: This code was copied from 'shutil.py' and patched to @@ -138,46 +138,46 @@ class identity: pki_gid = getgrnam(pki_group)[2] # Yes, group 'pki_group' exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_2, pki_group, pki_gid, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) except KeyError as exc: # No, group 'pki_group' does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known GID already defined? group = getgrgid(config.PKI_DEPLOYMENT_DEFAULT_GID)[0] # Yes, the default well-known GID exists! config.pki_log.info(log.PKIHELPER_GROUP_ADD_DEFAULT_2, group, config.PKI_DEPLOYMENT_DEFAULT_GID, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_group' using a random GID. - command = "/usr/sbin/groupadd" + " " +\ - pki_group + " " +\ + command = "/usr/sbin/groupadd" + " " + \ + pki_group + " " + \ "> /dev/null 2>&1" except KeyError as exc: # No, the default well-known GID does not exist! config.pki_log.debug(log.PKIHELPER_GROUP_ADD_GID_KEYERROR_1, - exc, extra=config.PKI_INDENTATION_LEVEL_2) + exc, extra = config.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_group' the default well-known group? if pki_group == config.PKI_DEPLOYMENT_DEFAULT_GROUP: # Yes, attempt to create the default well-known group # using the default well-known GID. - command = "/usr/sbin/groupadd" + " " +\ - "-g" + " " +\ - str(config.PKI_DEPLOYMENT_DEFAULT_GID) + " " +\ - "-r" + " " +\ - pki_group + " " +\ + command = "/usr/sbin/groupadd" + " " + \ + "-g" + " " + \ + str(config.PKI_DEPLOYMENT_DEFAULT_GID) + " " + \ + "-r" + " " + \ + pki_group + " " + \ "> /dev/null 2>&1" else: # No, attempt to create 'pki_group' using a random GID. - command = "/usr/sbin/groupadd" + " " +\ - pki_group + " " +\ + command = "/usr/sbin/groupadd" + " " + \ + pki_group + " " + \ "> /dev/null 2>&1" # Execute this "groupadd" command. - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return @@ -188,71 +188,71 @@ class identity: pki_uid = getpwnam(pki_user)[2] # Yes, user 'pki_user' exists! config.pki_log.info(log.PKIHELPER_USER_ADD_2, pki_user, pki_uid, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # NOTE: For now, never check validity of specified 'pki_group'! except KeyError as exc: # No, user 'pki_user' does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) try: # Is the default well-known UID already defined? user = getpwuid(config.PKI_DEPLOYMENT_DEFAULT_UID)[0] # Yes, the default well-known UID exists! config.pki_log.info(log.PKIHELPER_USER_ADD_DEFAULT_2, user, config.PKI_DEPLOYMENT_DEFAULT_UID, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Attempt to create 'pki_user' using a random UID. - command = "/usr/sbin/useradd" + " " +\ - "-g" + " " +\ - pki_group + " " +\ - "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ - "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ - "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ - pki_user + " " +\ + command = "/usr/sbin/useradd" + " " + \ + "-g" + " " + \ + pki_group + " " + \ + "-d" + " " + \ + config.PKI_DEPLOYMENT_SOURCE_ROOT + " " + \ + "-s" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " + \ + "-c" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " + \ + pki_user + " " + \ "> /dev/null 2>&1" except KeyError as exc: # No, the default well-known UID does not exist! config.pki_log.debug(log.PKIHELPER_USER_ADD_UID_KEYERROR_1, - exc, extra=config.PKI_INDENTATION_LEVEL_2) + exc, extra = config.PKI_INDENTATION_LEVEL_2) # Is the specified 'pki_user' the default well-known user? if pki_user == config.PKI_DEPLOYMENT_DEFAULT_USER: # Yes, attempt to create the default well-known user # using the default well-known UID. - command = "/usr/sbin/useradd" + " " +\ - "-g" + " " +\ - pki_group + " " +\ - "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ - "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ - "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ - "-u" + " " +\ - str(config.PKI_DEPLOYMENT_DEFAULT_UID) + " " +\ - "-r" + " " +\ - pki_user + " " +\ + command = "/usr/sbin/useradd" + " " + \ + "-g" + " " + \ + pki_group + " " + \ + "-d" + " " + \ + config.PKI_DEPLOYMENT_SOURCE_ROOT + " " + \ + "-s" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " + \ + "-c" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " + \ + "-u" + " " + \ + str(config.PKI_DEPLOYMENT_DEFAULT_UID) + " " + \ + "-r" + " " + \ + pki_user + " " + \ "> /dev/null 2>&1" else: # No, attempt to create 'pki_user' using a random UID. - command = "/usr/sbin/useradd" + " " +\ - "-g" + " " +\ - pki_group + " " +\ - "-d" + " " +\ - config.PKI_DEPLOYMENT_SOURCE_ROOT + " " +\ - "-s" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " +\ - "-c" + " " +\ - config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " +\ - pki_user + " " +\ + command = "/usr/sbin/useradd" + " " + \ + "-g" + " " + \ + pki_group + " " + \ + "-d" + " " + \ + config.PKI_DEPLOYMENT_SOURCE_ROOT + " " + \ + "-s" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_SHELL + " " + \ + "-c" + " " + \ + config.PKI_DEPLOYMENT_DEFAULT_COMMENT + " " + \ + pki_user + " " + \ "> /dev/null 2>&1" # Execute this "useradd" command. - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return @@ -261,54 +261,54 @@ class identity: self.__add_uid(pki_user, pki_group) return - def get_uid(self, critical_failure=True): + def get_uid(self, critical_failure = True): try: pki_uid = master['pki_uid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_uid - def get_gid(self, critical_failure=True): + def get_gid(self, critical_failure = True): try: pki_gid = master['pki_gid'] except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_gid - def set_uid(self, name, critical_failure=True): + def set_uid(self, name, critical_failure = True): try: config.pki_log.debug(log.PKIHELPER_USER_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # id -u <name> pki_uid = getpwnam(name)[2] - master['pki_uid']=pki_uid + master['pki_uid'] = pki_uid config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_uid - def set_gid(self, name, critical_failure=True): + def set_gid(self, name, critical_failure = True): try: config.pki_log.debug(log.PKIHELPER_GROUP_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # id -g <name> pki_gid = getgrnam(name)[2] - master['pki_gid']=pki_gid + master['pki_gid'] = pki_gid config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return pki_gid @@ -327,8 +327,9 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_instance_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_instance_path'])) else: if os.path.exists(master['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision @@ -336,24 +337,27 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_target_tomcat_conf_instance_id'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_target_tomcat_conf_instance_id'])) if os.path.exists(master['pki_cgroup_systemd_service']): # Systemd cgroup path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_cgroup_systemd_service_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_cgroup_systemd_service_path'])) if os.path.exists(master['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_cgroup_cpu_systemd_service_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_cgroup_cpu_systemd_service_path'])) if os.path.exists(master['pki_instance_log_path']) and\ os.path.exists(master['pki_subsystem_log_path']): # Top-Level PKI log path collision @@ -361,8 +365,9 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_instance_log_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_instance_log_path'])) if os.path.exists(master['pki_instance_configuration_path']) and\ os.path.exists(master['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision @@ -370,8 +375,9 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_instance_configuration_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_instance_configuration_path'])) if os.path.exists(master['pki_instance_registry_path']) and\ os.path.exists(master['pki_subsystem_registry_path']): # Top-Level PKI registry path collision @@ -379,8 +385,9 @@ class namespace: log.PKIHELPER_NAMESPACE_COLLISION_2, master['pki_instance_name'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (master['pki_instance_name'], + master['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions if master['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision @@ -388,8 +395,9 @@ class namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_name'], master['pki_instance_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], + master['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path if master['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision @@ -397,8 +405,9 @@ class namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_name'], master['pki_instance_configuration_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], + master['pki_instance_configuration_path'])) if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision if master['pki_instance_name'] in\ @@ -407,8 +416,9 @@ class namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_name'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], + master['pki_instance_registry_path'])) elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if master['pki_instance_name'] in\ @@ -417,8 +427,9 @@ class namespace: log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, master['pki_instance_name'], master['pki_instance_registry_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (master['pki_instance_name'], + master['pki_instance_registry_path'])) # PKI Deployment Configuration File Class @@ -428,17 +439,17 @@ class configuration_file: # parameter that may be stored in a log file. config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, master['pki_configuration_url'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1, master['pki_registry_initscript_command'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) def display_configuration_url(self): # NOTE: This is the one and only parameter containing a sensitive # parameter that may be displayed to the screen. print log.PKI_CONFIGURATION_URL_1 % master['pki_configuration_url'] print - print log.PKI_CONFIGURATION_RESTART_1 %\ + print log.PKI_CONFIGURATION_RESTART_1 % \ master['pki_registry_initscript_command'] print @@ -452,8 +463,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password", + master['pki_user_deployment_cfg'])) # Verify existence of Admin Password (except for Clones) if not config.str2bool(master['pki_clone']): if not master.has_key('pki_admin_password') or\ @@ -462,8 +474,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_admin_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_admin_password", + master['pki_user_deployment_cfg'])) # If required, verify existence of Backup Password if config.str2bool(master['pki_backup_keys']): if not master.has_key('pki_backup_password') or\ @@ -472,8 +485,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_backup_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_backup_password", + master['pki_user_deployment_cfg'])) # Verify existence of Client Pin for NSS client security databases if not master.has_key('pki_client_database_password') or\ not len(master['pki_client_database_password']): @@ -481,8 +495,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2, "pki_client_database_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 % ("pki_client_database_password", + master['pki_user_deployment_cfg'])) # Verify existence of Client PKCS #12 Password for Admin Cert if not master.has_key('pki_client_pkcs12_password') or\ not len(master['pki_client_pkcs12_password']): @@ -490,8 +505,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_client_pkcs12_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_client_pkcs12_password", + master['pki_user_deployment_cfg'])) # Verify existence of PKCS #12 Password (ONLY for Clones) if config.str2bool(master['pki_clone']): if not master.has_key('pki_clone_pkcs12_password') or\ @@ -500,8 +516,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", + master['pki_user_deployment_cfg'])) # Verify existence of Security Domain Password File # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA) if config.str2bool(master['pki_clone']) or\ @@ -513,8 +530,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_security_domain_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password", + master['pki_user_deployment_cfg'])) # If required, verify existence of Token Password if not master['pki_token_name'] == "internal": if not master.has_key('pki_token_password') or\ @@ -523,8 +541,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_token_password", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_token_password", + master['pki_user_deployment_cfg'])) return def verify_mutually_exclusive_data(self): @@ -537,29 +556,29 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % master['pki_user_deployment_cfg']) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_external']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % master['pki_user_deployment_cfg']) elif config.str2bool(master['pki_clone']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % master['pki_user_deployment_cfg']) elif config.str2bool(master['pki_external']) and\ config.str2bool(master['pki_subordinate']): config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % master['pki_user_deployment_cfg']) def verify_predefined_configuration_file_data(self): # Silently verify the existence of any required 'predefined' data @@ -581,8 +600,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_base_dn", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_base_dn", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_ds_ldap_port') or\ not len(master['pki_ds_ldap_port']): # FUTURE: Check for unused port value @@ -592,8 +612,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldap_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldap_port", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_ds_ldaps_port') or\ not len(master['pki_ds_ldaps_port']): # FUTURE: Check for unused port value @@ -603,8 +624,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ds_ldaps_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldaps_port", + master['pki_user_deployment_cfg'])) # NOTE: Although this will be checked prior to getting to # this method, this clone's 'pki_instance_name' MUST # be different from the master's 'pki_instance_name' @@ -619,8 +641,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_ajp_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ajp_port", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_http_port') or\ not len(master['pki_http_port']): # FUTURE: Check for unused port value @@ -630,8 +653,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_http_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_http_port", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_https_port') or\ not len(master['pki_https_port']): # FUTURE: Check for unused port value @@ -641,8 +665,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_https_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_https_port", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_tomcat_server_port') or\ not len(master['pki_tomcat_server_port']): # FUTURE: Check for unused port value @@ -652,38 +677,42 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_tomcat_server_port", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_tomcat_server_port", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_clone_pkcs12_path') or\ not len(master['pki_clone_pkcs12_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_pkcs12_path", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_path", + master['pki_user_deployment_cfg'])) elif not os.path.isfile(master['pki_clone_pkcs12_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_clone_pkcs12_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % "pki_clone_pkcs12_path") if not master.has_key('pki_clone_replication_security') or\ not len(master['pki_clone_replication_security']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_replication_security", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_replication_security", + master['pki_user_deployment_cfg'])) if not master.has_key('pki_clone_uri') or\ not len(master['pki_clone_uri']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_clone_uri", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_uri", + master['pki_user_deployment_cfg'])) elif master['pki_subsystem'] == "CA" and\ config.str2bool(master['pki_external']): if not master.has_key('pki_external_step_two') or\ @@ -692,8 +721,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_step_two", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_step_two", + master['pki_user_deployment_cfg'])) if not config.str2bool(master['pki_external_step_two']): # External CA (Step 1) if not master.has_key('pki_external_csr_path') or\ @@ -702,15 +732,16 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_csr_path", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_csr_path", + master['pki_user_deployment_cfg'])) elif os.path.exists(master['pki_external_csr_path']) and\ not os.path.isfile(master['pki_external_csr_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_csr_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_csr_path") else: # External CA (Step 2) if not master.has_key('pki_external_ca_cert_chain_path') or\ @@ -719,8 +750,9 @@ class configuration_file: log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_chain_path", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_chain_path", + master['pki_user_deployment_cfg'])) elif os.path.exists( master['pki_external_ca_cert_chain_path']) and\ not os.path.isfile( @@ -728,24 +760,25 @@ class configuration_file: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_ca_cert_chain_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_chain_path") if not master.has_key('pki_external_ca_cert_path') or\ not len(master['pki_external_ca_cert_path']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, "pki_external_ca_cert_path", master['pki_user_deployment_cfg'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_path", + master['pki_user_deployment_cfg'])) elif os.path.exists(master['pki_external_ca_cert_path']) and\ not os.path.isfile( master['pki_external_ca_cert_path']): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, master['pki_external_ca_cert_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_path") return def populate_non_default_ports(self): @@ -772,7 +805,7 @@ class configuration_file: if not bool(selinux.is_selinux_enabled()): config.pki_log.error( log.PKIHELPER_SELINUX_DISABLED, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) return portrecs = seobject.portRecords().get_all() @@ -799,28 +832,29 @@ class configuration_file: config.pki_log.error( log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, port, context, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context)) return def verify_command_matches_configuration_file(self): # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file if master['pki_deployment_executable'] == 'pkidestroy': - if master['pki_deployed_instance_name'] !=\ + if master['pki_deployed_instance_name'] != \ master['pki_instance_name']: config.pki_log.error( log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2, master['pki_deployed_instance_name'], master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (master['pki_deployed_instance_name'], + master['pki_instance_name'])) return # PKI Deployment XML File Class -#class xml_file: +# class xml_file: # def remove_filter_section_from_web_xml(self, # web_xml_source, # web_xml_target): @@ -865,10 +899,10 @@ class instance: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, master['pki_instance_path'], - rv, extra=config.PKI_INDENTATION_LEVEL_2) + rv, extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -892,10 +926,10 @@ class instance: config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, master['pki_instance_type_registry_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -906,24 +940,24 @@ class instance: # SHOULD represent PKI instances, look for all possible # PKI instances within the top-level PKI infrastructure for instance in os.listdir(master['pki_path']): - if os.path.isdir(os.path.join(master['pki_path'],instance))\ + if os.path.isdir(os.path.join(master['pki_path'], instance))\ and not\ - os.path.islink(os.path.join(master['pki_path'],instance)): - dir = os.path.join(master['pki_path'],instance) + os.path.islink(os.path.join(master['pki_path'], instance)): + dir = os.path.join(master['pki_path'], instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance for name in os.listdir(dir): - if os.path.isdir(os.path.join(dir,name)) and\ - not os.path.islink(os.path.join(dir,name)): + if os.path.isdir(os.path.join(dir, name)) and\ + not os.path.islink(os.path.join(dir, name)): if name.upper() in config.PKI_SUBSYSTEMS: rv = rv + 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, master['pki_instance_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -937,7 +971,7 @@ class instance: rv.append(subsystem) except OSErr as e: config.pki_log.error(log.PKI_OSERROR_1, str(e), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -961,10 +995,10 @@ class instance: config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, master['pki_instance_type_registry_path'], rv, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return rv @@ -974,11 +1008,12 @@ class instance: config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, master['pki_subsystem'], master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (master['pki_subsystem'], + master['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise def verify_subsystem_does_not_exist(self): @@ -987,33 +1022,34 @@ class instance: config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, master['pki_subsystem'], master['pki_instance_name'], - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (master['pki_subsystem'], + master['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise def get_instance_status(self): self.connection = pki.client.PKIConnection( - protocol='https', - hostname=master['pki_hostname'], - port=master['pki_https_port'], - subsystem=master['pki_subsystem_type'], + protocol = 'https', + hostname = master['pki_hostname'], + port = master['pki_https_port'], + subsystem = master['pki_subsystem_type'], accept = 'application/xml') try: client = pki.system.SystemStatusClient(self.connection) response = client.getStatus() config.pki_log.debug(response, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) root = ET.fromstring(response) status = root.findtext("Status") return status except requests.exceptions.ConnectionError: config.pki_log.debug("No connection", - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) return None def wait_for_startup(self, timeout): @@ -1029,18 +1065,18 @@ class instance: # PKI Deployment Directory Class class directory: - def create(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - acls=None, critical_failure=True): + def create(self, name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + acls = None, critical_failure = True): try: if not os.path.exists(name): # mkdir -p <name> config.pki_log.info(log.PKIHELPER_MKDIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) os.makedirs(name) # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1049,7 +1085,7 @@ class directory: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1065,38 +1101,38 @@ class directory: elif not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - acls=None, silent=False, critical_failure=True): + def modify(self, name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + acls = None, silent = False, critical_failure = True): try: if os.path.exists(name): if not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) # Always re-process each directory whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # chmod <perms> <name> if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1106,7 +1142,7 @@ class directory: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1123,37 +1159,37 @@ class directory: else: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_DIRECTORY_NISSING_OR_NOT_A_DIRECTORY_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, name, recursive_flag=True, critical_failure=True): + def delete(self, name, recursive_flag = True, critical_failure = True): try: if not os.path.exists(name) or not os.path.isdir(name): # Simply issue a warning and continue config.pki_log.warning( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) else: if recursive_flag == True: # rm -rf <name> config.pki_log.info(log.PKIHELPER_RM_RF_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) shutil.rmtree(name) else: # rmdir <name> config.pki_log.info(log.PKIHELPER_RMDIR_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) os.rmdir(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1166,41 +1202,41 @@ class directory: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise def is_empty(self, name): try: if not os.listdir(name): config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_EMPTY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra = config.PKI_INDENTATION_LEVEL_2) return True else: config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_NOT_EMPTY_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra = config.PKI_INDENTATION_LEVEL_2) return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise - def set_mode(self, name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms=\ + def set_mode(self, name, uid = None, gid = None, + dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms = \ config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls=None, file_acls=None, symlink_acls=None, - recursive_flag=True, critical_failure=True): + dir_acls = None, file_acls = None, symlink_acls = None, + recursive_flag = True, critical_failure = True): try: if not os.path.exists(name) or not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) else: config.pki_log.info( log.PKIHELPER_SET_MODE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if uid == None: uid = identity.get_uid() if gid == None: @@ -1213,16 +1249,16 @@ class directory: file = entity config.pki_log.debug( log.PKIHELPER_IS_A_FILE_1, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) # chmod <file_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, file_perms, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(file, file_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, file, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(file, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1239,7 +1275,7 @@ class directory: symlink = entity config.pki_log.debug( log.PKIHELPER_IS_A_SYMLINK_1, symlink, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) # REMINDER: Due to POSIX compliance, 'lchmod' # is NEVER implemented on Linux # systems since 'chmod' CANNOT be @@ -1248,7 +1284,7 @@ class directory: # chown -h <uid>:<gid> <symlink> config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, symlink, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.lchown(symlink, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1265,16 +1301,16 @@ class directory: dir = os.path.join(root, name) config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) # chmod <dir_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(dir, dir_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, dir, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(dir, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1290,17 +1326,17 @@ class directory: else: config.pki_log.debug( log.PKIHELPER_IS_A_DIRECTORY_1, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) name = os.path.join(root, name) # chmod <dir_perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, dir_perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, dir_perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1315,34 +1351,34 @@ class directory: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise - def copy(self, old_name, new_name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls=None, file_acls=None, symlink_acls=None, - recursive_flag=True, overwrite_flag=False, critical_failure=True): + def copy(self, old_name, new_name, uid = None, gid = None, + dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms = config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + dir_acls = None, file_acls = None, symlink_acls = None, + recursive_flag = True, overwrite_flag = False, critical_failure = True): try: if not os.path.exists(old_name) or not os.path.isdir(old_name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) if recursive_flag == True: # cp -rp <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_RP_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Due to a limitation in the 'shutil.copytree()' # implementation which requires that # 'The destination directory must not already exist.', @@ -1355,7 +1391,7 @@ class directory: # cp -p <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) # set ownerships, permissions, and acls # of newly created top-level directory @@ -1369,12 +1405,12 @@ class directory: recursive_flag, critical_failure) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1382,18 +1418,18 @@ class directory: # PKI Deployment File Class (also used for executables) class file: - def create(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, critical_failure=True): + def create(self, name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls = None, critical_failure = True): try: if not os.path.exists(name): # touch <name> config.pki_log.info(log.PKIHELPER_TOUCH_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1402,7 +1438,7 @@ class file: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1418,38 +1454,38 @@ class file: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, silent=False, critical_failure=True): + def modify(self, name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls = None, silent = False, critical_failure = True): try: if os.path.exists(name): if not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) # Always re-process each file whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # chmod <perms> <name> if not silent: config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1459,7 +1495,7 @@ class file: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest if not silent: @@ -1476,31 +1512,31 @@ class file: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, name, critical_failure=True): + def delete(self, name, critical_failure = True): try: if not os.path.exists(name) or not os.path.isfile(name): # Simply issue a warning and continue config.pki_log.warning( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) else: # rm -f <name> config.pki_log.info(log.PKIHELPER_RM_F_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) os.remove(name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1513,29 +1549,29 @@ class file: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise - def copy(self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, - overwrite_flag=False, critical_failure=True): + def copy(self, old_name, new_name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls = None, + overwrite_flag = False, critical_failure = True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # cp -p <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) if uid == None: uid = identity.get_uid() @@ -1544,12 +1580,12 @@ class file: # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown <uid>:<gid> <new_name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1564,38 +1600,38 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def apply_slot_substitution( - self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, critical_failure=True): + self, name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls = None, critical_failure = True): try: if not os.path.exists(name) or not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) # applying in-place slot substitutions on <name> config.pki_log.info(log.PKIHELPER_APPLY_SLOT_SUBSTITUTION_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) - for line in fileinput.FileInput(name, inplace=1): + extra = config.PKI_INDENTATION_LEVEL_2) + for line in fileinput.FileInput(name, inplace = 1): for slot in slots: if slot != '__name__' and slots[slot] in line: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, slots[slot], master[slot], - extra=config.PKI_INDENTATION_LEVEL_3) - line=line.replace(slots[slot],master[slot]) + extra = config.PKI_INDENTATION_LEVEL_3) + line = line.replace(slots[slot], master[slot]) sys.stdout.write(line) if uid == None: uid = identity.get_uid() @@ -1604,12 +1640,12 @@ class file: # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1624,38 +1660,38 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def copy_with_slot_substitution( - self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, overwrite_flag=False, - critical_failure=True): + self, old_name, new_name, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls = None, overwrite_flag = False, + critical_failure = True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # copy <old_name> to <new_name> with slot substitutions config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2, old_name, new_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) FILE = open(new_name, "w") for line in fileinput.FileInput(old_name): for slot in slots: @@ -1663,8 +1699,8 @@ class file: config.pki_log.debug( log.PKIHELPER_SLOT_SUBSTITUTION_2, slots[slot], master[slot], - extra=config.PKI_INDENTATION_LEVEL_3) - line=line.replace(slots[slot],master[slot]) + extra = config.PKI_INDENTATION_LEVEL_3) + line = line.replace(slots[slot], master[slot]) FILE.write(line) FILE.close() if uid == None: @@ -1674,12 +1710,12 @@ class file: # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(new_name, perms) # chown <uid>:<gid> <new_name> config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, new_name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(new_name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1694,34 +1730,34 @@ class file: manifest.database.append(record) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def generate_noise_file(self, name, bytes, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, critical_failure=True): + def generate_noise_file(self, name, bytes, uid = None, gid = None, + perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls = None, critical_failure = True): try: if not os.path.exists(name): # generating noise file called <name> and # filling it with <bytes> random bytes config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, bytes, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() FILE = open(name, "w") - noise = ''.join(random.choice(string.ascii_letters +\ + noise = ''.join(random.choice(string.ascii_letters + \ string.digits) for x in range(bytes)) FILE.write(noise) FILE.close() # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> if uid == None: @@ -1730,7 +1766,7 @@ class file: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.chown(name, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1746,15 +1782,15 @@ class file: elif not os.path.isfile(name): config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_ALREADY_EXISTS_MOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1762,19 +1798,19 @@ class file: # PKI Deployment Symbolic Link Class class symlink: - def create(self, name, link, uid=None, gid=None, - acls=None, allow_dangling_symlink=False, critical_failure=True): + def create(self, name, link, uid = None, gid = None, + acls = None, allow_dangling_symlink = False, critical_failure = True): try: if not os.path.exists(link): if not os.path.exists(name): config.pki_log.warning( log.PKIHELPER_DANGLING_SYMLINK_2, link, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if not allow_dangling_symlink: - sys.exit(1) + raise Exception("Dangling symlink " + link + " not allowed") # ln -s <name> <link> config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) os.symlink(name, link) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' @@ -1786,7 +1822,7 @@ class symlink: gid = identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest record = manifest.record() @@ -1796,40 +1832,40 @@ class symlink: record.group = master['pki_group'] record.uid = uid record.gid = gid - record.permissions =\ + record.permissions = \ config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS record.acls = acls manifest.database.append(record) elif not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def modify(self, link, uid=None, gid=None, - acls=None, silent=False, critical_failure=True): + def modify(self, link, uid = None, gid = None, + acls = None, silent = False, critical_failure = True): try: if os.path.exists(link): if not os.path.islink(link): config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, - link, extra=config.PKI_INDENTATION_LEVEL_2) + link, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) # Always re-process each link whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # REMINDER: Due to POSIX compliance, 'lchmod' is NEVER # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! @@ -1841,7 +1877,7 @@ class symlink: if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, - extra=config.PKI_INDENTATION_LEVEL_3) + extra = config.PKI_INDENTATION_LEVEL_3) os.lchown(link, uid, gid) # Store record in installation manifest if not silent: @@ -1852,38 +1888,38 @@ class symlink: record.group = master['pki_group'] record.uid = uid record.gid = gid - record.permissions =\ + record.permissions = \ config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS record.acls = acls manifest.database.append(record) else: config.pki_log.error( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def delete(self, link, critical_failure=True): + def delete(self, link, critical_failure = True): try: if not os.path.exists(link) or not os.path.islink(link): # Simply issue a warning and continue config.pki_log.warning( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) else: # rm -f <link> config.pki_log.info(log.PKIHELPER_RM_F_1, link, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) os.remove(link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1896,29 +1932,29 @@ class symlink: return True except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise # PKI Deployment War File Class class war: - def explode(self, name, path, critical_failure=True): + def explode(self, name, path, critical_failure = True): try: if os.path.exists(name) and os.path.isfile(name): if not zipfile.is_zipfile(name): config.pki_log.error( log.PKI_FILE_NOT_A_WAR_FILE_1, - name, extra=config.PKI_INDENTATION_LEVEL_2) + name, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name) if not os.path.exists(path) or not os.path.isdir(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, - path, extra=config.PKI_INDENTATION_LEVEL_2) + path, extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path) # jar -xf <name> -C <path> config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Open war file war = zipfile.ZipFile(name, 'r') # Extract contents of war file to path @@ -1926,22 +1962,22 @@ class war: else: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(1) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except zipfile.BadZipfile as exc: config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except zipfile.LargeZipFile as exc: config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -1949,75 +1985,75 @@ class war: # PKI Deployment Password Class class password: - def create_password_conf(self, path, pin, pin_sans_token=False, - overwrite_flag=False, critical_failure=True): + def create_password_conf(self, path, pin, pin_sans_token = False, + overwrite_flag = False, critical_failure = True): try: if os.path.exists(path): if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) elif master['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(master['pki_self_signed_token'] +\ + fd.write(master['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(master['pki_self_signed_token'] +\ + fd.write(master['pki_self_signed_token'] + \ "=" + str(pin)) fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # create a new 'password.conf' file with open(path, "wt") as fd: if pin_sans_token == True: fd.write(str(pin)) elif master['pki_subsystem'] in\ config.PKI_APACHE_SUBSYSTEMS: - fd.write(master['pki_self_signed_token'] +\ + fd.write(master['pki_self_signed_token'] + \ ":" + str(pin)) else: - fd.write(master['pki_self_signed_token'] +\ + fd.write(master['pki_self_signed_token'] + \ "=" + str(pin)) fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def create_client_pkcs12_password_conf(self, path, overwrite_flag=False, - critical_failure=True): + def create_client_pkcs12_password_conf(self, path, overwrite_flag = False, + critical_failure = True): try: if os.path.exists(path): if overwrite_flag: config.pki_log.info( log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(master['pki_client_pkcs12_password']) fd.closed else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # create a new 'pkcs12_password.conf' file with open(path, "wt") as fd: fd.write(master['pki_client_pkcs12_password']) fd.closed except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def get_password(self, path, token_name, critical_failure=True): + def get_password(self, path, token_name, critical_failure = True): if os.path.exists(path) and os.path.isfile(path) and\ os.access(path, os.R_OK): tokens = PKIConfigParser.read_simple_configuration_file(path) @@ -2032,9 +2068,9 @@ class password: # TODO prompt for this password config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1, token_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) else: return return token_pwd @@ -2044,8 +2080,8 @@ class password: class certutil: def create_security_databases(self, path, pki_cert_database, pki_key_database, pki_secmod_database, - password_file=None, prefix=None, - critical_failure=True): + password_file = None, prefix = None, + critical_failure = True): try: # Compose this "certutil" command command = "certutil" + " " + "-N" @@ -2055,8 +2091,8 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) if password_file != None: command = command + " " + "-f" + " " + password_file if prefix != None: @@ -2064,8 +2100,8 @@ class certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if os.path.exists(pki_cert_database) or\ os.path.exists(pki_key_database) or\ os.path.exists(pki_secmod_database): @@ -2075,7 +2111,7 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) else: if password_file != None: if not os.path.exists(password_file) or\ @@ -2083,31 +2119,31 @@ class certutil: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CREATE_SECURITY_DATABASES_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Execute this "certutil" command - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def verify_certificate_exists(self, path, pki_cert_database, pki_key_database, pki_secmod_database, - token, nickname, password_file=None, - silent=True): + token, nickname, password_file = None, + silent = True): rv = 0 try: # Compose this "certutil" command @@ -2118,24 +2154,24 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) # Specify the 'token' if token: command = command + " " + "-h" + " " + "'" + token + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN) # Specify the nickname of this self-signed certificate if nickname: command = command + " " + "-n" + " " + "'" + nickname + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # OPTIONALLY specify a password file if password_file != None: command = command + " " + "-f" + " " + password_file @@ -2145,8 +2181,8 @@ class certutil: if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2156,23 +2192,24 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, + pki_key_database, pki_secmod_database)) if password_file != None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command - subprocess.check_call(command, shell=True) + subprocess.check_call(command, shell = True) except subprocess.CalledProcessError as exc: return False except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return True @@ -2183,8 +2220,8 @@ class certutil: subject, serial_number, validity_period, issuer_name, trustargs, noise_file, - password_file=None, - critical_failure=True): + password_file = None, + critical_failure = True): try: # Compose this "certutil" command command = "certutil" + " " + "-S" @@ -2194,73 +2231,73 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PATH, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) # Specify the 'token' if token: command = command + " " + "-h" + " " + "'" + token + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TOKEN, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN) # Specify the nickname of this self-signed certificate if nickname: command = command + " " + "-n" + " " + "'" + nickname + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # Specify the subject name (RFC1485) if subject: command = command + " " + "-s" + " " + "'" + subject + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SUBJECT, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) # Specify the serial number if serial_number != None: command = command + " " + "-m" + " " + str(serial_number) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER) # Specify the months valid if validity_period != None: command = command + " " + "-v" + " " + str(validity_period) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD) # Specify the nickname of the issuer certificate if issuer_name: - command = command + " " + "-c" + " " +\ + command = command + " " + "-c" + " " + \ "'" + issuer_name + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME) # Specify the certificate trust attributes if trustargs: command = command + " " + "-t" + " " + "'" + trustargs + "'" else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS) # Specify a noise file to be used for key generation if noise_file: command = command + " " + "-z" + " " + noise_file else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) # OPTIONALLY specify a password file if password_file != None: command = command + " " + "-f" + " " + password_file @@ -2271,12 +2308,12 @@ class certutil: # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2286,40 +2323,41 @@ class certutil: pki_cert_database, pki_key_database, pki_secmod_database, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, + pki_key_database, pki_secmod_database)) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if password_file != None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def import_cert(self, nickname, trust, input_file, password_file, - path=None, token=None, critical_failure=True): + path = None, token = None, critical_failure = True): try: - command = ["certutil","-A"] + command = ["certutil", "-A"] if path: command.extend(["-d", path]) @@ -2331,44 +2369,44 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) if trust: command.extend(["-t", trust]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS) if input_file: command.extend(["-i", input_file]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE) if password_file: command.extend(["-f", password_file]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) config.pki_log.info(command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2377,7 +2415,7 @@ class certutil: password_file, noise_file, output_file = None, path = None, ascii_format = None, token = None, - critical_failure=True): + critical_failure = True): try: command = ["certutil", "-R"] if path: @@ -2393,8 +2431,8 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_SUBJECT, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) if key_size: command.extend(["-g", str(key_size)]) @@ -2404,16 +2442,16 @@ class certutil: else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) if password_file: command.extend(["-f", password_file]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) if output_file: command.extend(["-o", output_file]) @@ -2425,31 +2463,31 @@ class certutil: # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_GENERATE_CSR_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command with open(os.devnull, "w") as fnull: - subprocess.call(command, stdout=fnull, stderr=fnull) + subprocess.call(command, stdout = fnull, stderr = fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2457,7 +2495,7 @@ class certutil: # pk12util class class pk12util: def create_file(self, out_file, nickname, out_pwfile, - db_pwfile, path=None): + db_pwfile, path = None): try: command = ["pk12util"] if path: @@ -2467,42 +2505,42 @@ class pk12util: else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_OUTFILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTFILE) if nickname: command.extend(["-n", nickname]) else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_PK12UTIL_MISSING_NICKNAME) if out_pwfile: command.extend(["-w", out_pwfile]) else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE) if db_pwfile: command.extend(["-k", db_pwfile]) else: config.pki_log.error( log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE, - extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + extra = config.PKI_INDENTATION_LEVEL_2) + raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE) config.pki_log.info(command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) with open(os.devnull, "w") as fnull: - subprocess.call(command, stdout=fnull, stderr=fnull) + subprocess.call(command, stdout = fnull, stderr = fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2510,7 +2548,7 @@ class pk12util: # KRA Connector Class class kra_connector: - def deregister(self, critical_failure=False): + def deregister(self, critical_failure = False): try: # this is applicable to KRAs only if master['pki_subsystem_type'] != "kra": @@ -2518,7 +2556,7 @@ class kra_connector: config.pki_log.info( log.PKIHELPER_KRACONNECTOR_UPDATE_CONTACT, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( master['pki_target_cs_cfg']) @@ -2530,12 +2568,12 @@ class kra_connector: caport is None: config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_CA_HOST_PORT, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT) else: return @@ -2544,12 +2582,12 @@ class kra_connector: if subsystemnick is None: config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2567,13 +2605,13 @@ class kra_connector: if token_pwd is None or token_pwd == '': config.pki_log.warning( log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: return @@ -2585,15 +2623,15 @@ class kra_connector: log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2, str(krahost), str(kraport), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return def execute_using_pki(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport, critical_failure=False): + token_pwd, krahost, kraport, critical_failure = False): command = "/bin/pki -p '{}' -h '{}' -n '{}' -P https -d '{}' -c '{}' "\ "kraconnector-del {} {}".format( caport, cahost, subsystemnick, @@ -2601,8 +2639,8 @@ class kra_connector: token_pwd, krahost, kraport) output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + stderr = subprocess.STDOUT, + shell = True) error = re.findall("ClientResponseFailure:(.*?)", output) if error: @@ -2610,18 +2648,18 @@ class kra_connector: log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2, str(krahost), str(kraport), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) def execute_using_sslget(self, caport, cahost, subsystemnick, token_pwd, krahost, kraport): urlheader = "https://{}:{}".format(cahost, caport) updateURL = "/ca/rest/admin/kraconnector/remove" - params = "host=" + str(krahost) +\ + params = "host=" + str(krahost) + \ "&port=" + str(kraport) command = "/usr/bin/sslget -n '{}' -p '{}' -d '{}' -e '{}' "\ @@ -2636,12 +2674,12 @@ class kra_connector: # Note that sslget will return non-zero value for HTTP code != 200 # and this will raise an exception output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + stderr = subprocess.STDOUT, + shell = True) # PKI Deployment Security Domain Class class security_domain: - def deregister(self, install_token, critical_failure=False): + def deregister(self, install_token, critical_failure = False): # process this PKI subsystem instance's 'CS.cfg' cs_cfg = PKIConfigParser.read_simple_configuration_file( master['pki_target_cs_cfg']) @@ -2671,32 +2709,32 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED) else: return config.pki_log.info(log.PKIHELPER_SECURITY_DOMAIN_CONTACT_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) listval = typeval.lower() + "List" urlheader = "https://{}:{}".format(sechost, seceeport) urlagentheader = "https://{}:{}".format(sechost, secagentport) urladminheader = "https://{}:{}".format(sechost, secadminport) updateURL = "/ca/agent/ca/updateDomainXML" - params = "name=" + "\"" + master['pki_instance_path'] + "\"" +\ - "&type=" + str(typeval) +\ - "&list=" + str(listval) +\ - "&host=" + str(machinename) +\ - "&sport=" + str(sport) +\ - "&ncsport=" + str(ncsport) +\ - "&adminsport=" + str(adminsport) +\ - "&agentsport=" + str(agentsport) +\ + params = "name=" + "\"" + master['pki_instance_path'] + "\"" + \ + "&type=" + str(typeval) + \ + "&list=" + str(listval) + \ + "&host=" + str(machinename) + \ + "&sport=" + str(sport) + \ + "&ncsport=" + str(ncsport) + \ + "&adminsport=" + str(adminsport) + \ + "&agentsport=" + str(agentsport) + \ "&operation=remove" if install_token: @@ -2710,13 +2748,13 @@ class security_domain: params, adminUpdateURL, sechost, secadminport) output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + stderr = subprocess.STDOUT, + shell = True) except subprocess.CalledProcessError as exc: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) output = self.update_domain_using_agent_port(typeval, secname, params, updateURL, sechost, secagentport, critical_failure) @@ -2727,22 +2765,22 @@ class security_domain: if not output: if critical_failure == True: - sys.exit(-1) + raise Exception("Cannot update domain using agent port") else: return config.pki_log.debug(log.PKIHELPER_SSLGET_OUTPUT_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Search the output for Status status = re.findall("\<Status\>(.*?)\<\/Status\>", output) if not status: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) elif status[0] != "0": error = re.findall("\<Error\>(.*?)\<\/Error\>", output) if not error: @@ -2751,24 +2789,26 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UNREGISTERED_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3, typeval, secname, error, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 + % + (typeval, secname, error)) else: config.pki_log.info( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) def update_domain_using_agent_port(self, typeval, secname, params, - updateURL, sechost, secagentport, critical_failure= False): + updateURL, sechost, secagentport, critical_failure = False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( master['pki_target_cs_cfg']) @@ -2780,12 +2820,12 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2805,9 +2845,11 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 + % + (typeval, secname)) else: return @@ -2819,28 +2861,28 @@ class security_domain: sechost, secagentport) try: output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + stderr = subprocess.STDOUT, + shell = True) return output except subprocess.CalledProcessError as exc: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2, typeval, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return None - def get_installation_token(self, secuser, secpass, critical_failure=True): + def get_installation_token(self, secuser, secpass, critical_failure = True): token = None if not secuser or not secpass: @@ -2865,8 +2907,8 @@ class security_domain: machinename, cstype) try: output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + stderr = subprocess.STDOUT, + shell = True) token_list = re.findall("Install token: \"(.*)\"", output) if not token_list: @@ -2874,11 +2916,13 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, str(sechost), str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: - sys.exit(-1) + raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 + % + (str(sechost), str(secadminport))) else: token = token_list[0] return token @@ -2887,89 +2931,89 @@ class security_domain: log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2, str(sechost), str(secadminport), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return None # PKI Deployment 'systemd' Execution Management Class class systemd: - def start(self, critical_failure=True): + def start(self, critical_failure = True): try: # Compose this "systemd" execution management command if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - command = "systemctl" + " " +\ - "start" + " " +\ - "pki-apached" + "@" +\ + command = "systemctl" + " " + \ + "start" + " " + \ + "pki-apached" + "@" + \ master['pki_instance_name'] + "." + "service" elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - command = "systemctl" + " " +\ - "start" + " " +\ - "pki-tomcatd" + "@" +\ + command = "systemctl" + " " + \ + "start" + " " + \ + "pki-tomcatd" + "@" + \ master['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def stop(self, critical_failure=True): + def stop(self, critical_failure = True): try: # Compose this "systemd" execution management command if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - command = "systemctl" + " " +\ - "stop" + " " +\ - "pki-apached" + "@" +\ + command = "systemctl" + " " + \ + "stop" + " " + \ + "pki-apached" + "@" + \ master['pki_instance_name'] + "." + "service" elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - command = "systemctl" + " " +\ - "stop" + " " +\ - "pki-tomcatd" + "@" +\ + command = "systemctl" + " " + \ + "stop" + " " + \ + "pki-tomcatd" + "@" + \ master['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return - def restart(self, critical_failure=True): + def restart(self, critical_failure = True): try: # Compose this "systemd" execution management command if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: - command = "systemctl" + " " +\ - "restart" + " " +\ - "pki-apached" + "@" +\ + command = "systemctl" + " " + \ + "restart" + " " + \ + "pki-apached" + "@" + \ master['pki_instance_name'] + "." + "service" elif master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: - command = "systemctl" + " " +\ - "restart" + " " +\ - "pki-tomcatd" + "@" +\ + command = "systemctl" + " " + \ + "restart" + " " + \ + "pki-tomcatd" + "@" + \ master['pki_instance_name'] + "." + "service" # Display this "systemd" execution managment command config.pki_log.info( log.PKIHELPER_SYSTEMD_COMMAND_1, command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Execute this "systemd" execution management command - subprocess.call(command, shell=True) + subprocess.call(command, shell = True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) if critical_failure == True: raise return @@ -2979,21 +3023,21 @@ class config_client: def configure_pki_data(self, data): config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) self.connection = pki.client.PKIConnection( - protocol='https', - hostname=master['pki_hostname'], - port=master['pki_https_port'], - subsystem=master['pki_subsystem_type']) + protocol = 'https', + hostname = master['pki_hostname'], + port = master['pki_https_port'], + subsystem = master['pki_subsystem_type']) try: client = pki.system.SystemConfigClient(self.connection) response = client.configure(data) - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS +\ + config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \ " " + str(response['status']), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) certs = response['systemCerts'] if not isinstance(certs, types.ListType): certs = [certs] @@ -3003,36 +3047,36 @@ class config_client: not config.str2bool(master['pki_external_step_two']): # External CA Step 1 if cdata['tag'].lower() == "signing": - config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST +\ + config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ " " + cdata['request'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Save 'External CA Signing Certificate' CSR (Step 1) - config.pki_log.info(log.PKI_CONFIG_EXTERNAL_CSR_SAVE +\ + config.pki_log.info(log.PKI_CONFIG_EXTERNAL_CSR_SAVE + \ " '" + master['pki_external_csr_path'] + "'", - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) directory.create( os.path.dirname(master['pki_external_csr_path'])) with open(master['pki_external_csr_path'], "w") as f: f.write(cdata['request']) return else: - config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG +\ + config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \ " " + cdata['tag'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT +\ + extra = config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \ " " + cdata['cert'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST +\ + extra = config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \ " " + cdata['request'], - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Cloned PKI subsystems do not return an Admin Certificate if not config.str2bool(master['pki_clone']) and \ not config.str2bool(master['pki_import_admin_cert']): admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) - + except Exception, e: if hasattr(e, 'response'): root = ET.fromstring(e.response.text) @@ -3040,32 +3084,32 @@ class config_client: message = root.findall('.//Message')[0].text if message is not None: config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) raise return def process_admin_cert(self, admin_cert): - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT +\ + config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \ " " + admin_cert, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file admin_cert_file = master['pki_client_admin_cert'] admin_cert_bin_file = admin_cert_file + ".der" - config.pki_log.debug(log.PKI_CONFIG_ADMIN_CERT_SAVE +\ + config.pki_log.debug(log.PKI_CONFIG_ADMIN_CERT_SAVE + \ " '" + admin_cert_file + "'", - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) with open(admin_cert_file, "w") as f: f.write(admin_cert) # convert the cert file to binary command = ["AtoB", admin_cert_file, admin_cert_bin_file] config.pki_log.info(command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) os.chmod(admin_cert_file, @@ -3093,7 +3137,7 @@ class config_client: # client NSS security database into a PKCS #12 file pk12util.create_file( master['pki_client_admin_cert_p12'], - re.sub("'","'", master['pki_admin_nickname']), + re.sub("'", "'", master['pki_admin_nickname']), master['pki_client_pkcs12_password_conf'], master['pki_client_password_conf'], master['pki_client_database_dir']) @@ -3104,7 +3148,7 @@ class config_client: def construct_pki_configuration_data(self): config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) data = pki.system.ConfigurationRequest() @@ -3161,12 +3205,12 @@ class config_client: if master['pki_subsystem'] == "CA": if not config.str2bool(master['pki_clone']): cert1 = self.create_system_cert("ca_signing") - cert1.signingAlgorithm =\ + cert1.signingAlgorithm = \ master['pki_ca_signing_signing_algorithm'] if config.str2bool(master['pki_external_step_two']): # Load the 'External CA Signing Certificate' (Step 2) print( - log.PKI_CONFIG_EXTERNAL_CA_LOAD + " " +\ + log.PKI_CONFIG_EXTERNAL_CA_LOAD + " " + \ "'" + master['pki_external_ca_cert_path'] + "'") with open(master['pki_external_ca_cert_path']) as f: external_cert = f.read() @@ -3174,8 +3218,8 @@ class config_client: # Load the 'External CA Signing Certificate Chain' (Step 2) print( - log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD + " " +\ - "'" + master['pki_external_ca_cert_chain_path'] +\ + log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD + " " + \ + "'" + master['pki_external_ca_cert_chain_path'] + \ "'") with open(master['pki_external_ca_cert_chain_path']) as f: external_cert_chain = f.read() @@ -3189,7 +3233,7 @@ class config_client: master['pki_subsystem'] == "OCSP": # External CA, Subordinate CA, PKI CA, or PKI OCSP cert2 = self.create_system_cert("ocsp_signing") - cert2.signingAlgorithm =\ + cert2.signingAlgorithm = \ master['pki_ocsp_signing_signing_algorithm'] systemCerts.append(cert2) @@ -3202,7 +3246,7 @@ class config_client: if len(system_list) >= 2: data.generateServerCert = "false" for subsystem in system_list: - dst = master['pki_instance_path'] + '/conf/' +\ + dst = master['pki_instance_path'] + '/conf/' + \ subsystem.lower() + '/CS.cfg' if subsystem != master['pki_subsystem'] and \ os.path.exists(dst): @@ -3221,7 +3265,7 @@ class config_client: if not config.str2bool(master['pki_clone']): if master['pki_subsystem'] != "RA": cert5 = self.create_system_cert("audit_signing") - cert5.signingAlgorithm =\ + cert5.signingAlgorithm = \ master['pki_audit_signing_signing_algorithm'] systemCerts.append(cert5) @@ -3242,13 +3286,13 @@ class config_client: data.p12File = master['pki_clone_pkcs12_path'] data.p12Password = master['pki_clone_pkcs12_password'] data.replicateSchema = master['pki_clone_replicate_schema'] - data.replicationSecurity =\ + data.replicationSecurity = \ master['pki_clone_replication_security'] if master['pki_clone_replication_master_port']: - data.masterReplicationPort =\ + data.masterReplicationPort = \ master['pki_clone_replication_master_port'] if master['pki_clone_replication_clone_port']: - data.cloneReplicationPort =\ + data.cloneReplicationPort = \ master['pki_clone_replication_clone_port'] def set_hierarchy_parameters(self, data): @@ -3311,7 +3355,7 @@ class config_client: data.importAdminCert = "true" # read config from file with open(master['pki_admin_cert_file']) as f: - b64 = f.read().replace('\n','') + b64 = f.read().replace('\n', '') data.adminCert = b64 else: data.importAdminCert = "false" @@ -3340,16 +3384,16 @@ class config_client: # convert output to ascii command = ["BtoA", output_file, output_file + ".asc"] config.pki_log.info(command, - extra=config.PKI_INDENTATION_LEVEL_2) + extra = config.PKI_INDENTATION_LEVEL_2) subprocess.call(command) with open(output_file + ".asc") as f: - b64 = f.read().replace('\n','') + b64 = f.read().replace('\n', '') data.adminCertRequest = b64 else: print "log.PKI_CONFIG_PKCS10_SUPPORT_ONLY" - sys.exit(1) + raise Exception(log.PKI_CONFIG_PKCS10_SUPPORT_ONLY) def set_issuing_ca_parameters(self, data): if master['pki_subsystem'] != "CA" or\ @@ -3395,7 +3439,7 @@ class config_client: identity = identity() namespace = namespace() configuration_file = configuration_file() -#xml_file = xml_file() +# xml_file = xml_file() instance = instance() directory = directory() file = file() diff --git a/base/server/src/engine/pkimanifest.py b/base/server/src/engine/pkimanifest.py index 04a638f06..f53b76492 100644 --- a/base/server/src/engine/pkimanifest.py +++ b/base/server/src/engine/pkimanifest.py @@ -81,7 +81,7 @@ class file: except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_1) - sys.exit(1) + raise def read(self): try: @@ -93,7 +93,7 @@ class file: except IOError as exc: config.pki_log.error(log.PKI_IOERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_1) - sys.exit(1) + raise # PKI Deployment Global Named Tuples diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index dfb265279..e121c8625 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -478,7 +478,7 @@ class PKIConfigParser: config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, config.pki_master_dict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) else: # Generate a one-time pin to be used prior to configuration # and add this to the "sensitive" key value pairs read in from @@ -1048,11 +1048,11 @@ class PKIConfigParser: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + raise except KeyError as err: config.pki_log.error(log.PKIHELPER_DICTIONARY_MASTER_MISSING_KEY_1, err, extra=config.PKI_INDENTATION_LEVEL_2) - sys.exit(1) + raise return |