diff options
| author | Christian Heimes <cheimes@redhat.com> | 2015-08-11 20:55:48 +0200 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2015-08-14 13:03:18 +0200 |
| commit | 12badcabc1cd345256a4902f7b0583cf667ecd8d (patch) | |
| tree | d0a45d096fab9c0b14d5221557a616824ecfd24a /base/server | |
| parent | d63ade55f5cc2a9ecf21ea2b43cfac80149c4c29 (diff) | |
| download | pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.gz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.tar.xz pki-12badcabc1cd345256a4902f7b0583cf667ecd8d.zip | |
Make pki PEP 8 compatible
Large portions of the patch was automatically created with autopep8:
find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \
--aggressive
find base/common/upgrade base/server/upgrade -type f -and \
-not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive
autopep8 --in-place --ignore E309 --aggressive \
base/common/sbin/pki-upgrade \
base/server/sbin/pkispawn \
base/server/sbin/pkidestroy \
base/server/sbin/pki-server \
base/server/sbin/pki-server-upgrade
About two dozent violations were fixed manually.
https://fedorahosted.org/pki/ticket/708
Diffstat (limited to 'base/server')
33 files changed, 401 insertions, 304 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 9777d221f..3a2cf6bef 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -108,7 +108,7 @@ class PKISubsystem(object): class PKIInstance(object): - def __init__(self, name, instanceType=10): + def __init__(self, name, instanceType=10): # nopep8 self.name = name self.type = instanceType @@ -121,7 +121,10 @@ class PKIInstance(object): self.conf_dir = os.path.join(self.base_dir, 'conf') self.lib_dir = os.path.join(self.base_dir, 'lib') - self.registry_dir = os.path.join(pki.server.REGISTRY_DIR, 'tomcat', self.name) + self.registry_dir = os.path.join( + pki.server.REGISTRY_DIR, + 'tomcat', + self.name) self.registry_file = os.path.join(self.registry_dir, self.name) self.service_name = 'pki-tomcatd@%s.service' % self.name @@ -149,7 +152,8 @@ class PKIInstance(object): subprocess.check_call(['systemctl', 'stop', self.service_name]) def is_active(self): - rc = subprocess.call(['systemctl', '--quiet', 'is-active', self.service_name]) + rc = subprocess.call( + ['systemctl', '--quiet', 'is-active', self.service_name]) return rc == 0 def load(self): @@ -215,7 +219,7 @@ class PKIInstance(object): # set deployment descriptor ownership and permission os.chown(context_xml, self.uid, self.gid) - os.chmod(context_xml, 00660) + os.chmod(context_xml, 0o0660) def undeploy(self, webapp_name): context_xml = os.path.join( diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index becad1447..95a708bee 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -322,7 +322,9 @@ class InstanceMigrateCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.migrate(instance, tomcat_version) # pylint: disable=no-member,maybe-no-member + module.migrate( # pylint: disable=no-member,maybe-no-member + instance, + tomcat_version) self.print_message('%s instance migrated' % instance_name) @@ -369,14 +371,15 @@ class InstanceNuxwdogEnableCLI(pki.cli.CLI): self.print_help() sys.exit(1) - #module = self.top.find_module('nuxwdog-enable') + # module = self.top.find_module('nuxwdog-enable') module = pki.server.cli.nuxwdog.NuxwdogEnableCLI() module.set_verbose(self.verbose) instance = pki.server.PKIInstance(instance_name) instance.load() - module.enable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.enable_nuxwdog( # pylint: disable=no-member,maybe-no-member + instance) self.print_message('Nuxwdog enabled for instance %s.' % instance_name) @@ -430,6 +433,7 @@ class InstanceNuxwdogDisableCLI(pki.cli.CLI): instance = pki.server.PKIInstance(instance_name) instance.load() - module.disable_nuxwdog(instance) # pylint: disable=no-member,maybe-no-member + module.disable_nuxwdog( + instance) # pylint: disable=no-member,maybe-no-member self.print_message('Nuxwdog disabled for instance %s.' % instance_name) diff --git a/base/server/python/pki/server/cli/migrate.py b/base/server/python/pki/server/cli/migrate.py index bb807d8ca..de62a24b4 100644 --- a/base/server/python/pki/server/cli/migrate.py +++ b/base/server/python/pki/server/cli/migrate.py @@ -46,7 +46,6 @@ class MigrateCLI(pki.cli.CLI): print def execute(self, argv): - try: opts, _ = getopt.getopt(argv, 'i:v', [ 'tomcat=', 'verbose', 'debug', 'help']) @@ -91,25 +90,30 @@ class MigrateCLI(pki.cli.CLI): self.print_message('System migrated') def migrate(self, instance, tomcat_version): - self.migrate_instance(instance, tomcat_version) self.migrate_subsystems(instance, tomcat_version) def migrate_instance(self, instance, tomcat_version): - server_xml = os.path.join(instance.conf_dir, 'server.xml') self.migrate_server_xml(server_xml, tomcat_version) - root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + root_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'ROOT.xml') self.migrate_context_xml(root_context_xml, tomcat_version) - pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + pki_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'pki.xml') self.migrate_context_xml(pki_context_xml, tomcat_version) self.migrate_tomcat_libraries(instance) def migrate_server_xml(self, filename, tomcat_version): - if self.verbose: print 'Migrating %s' % filename @@ -130,61 +134,60 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_server_xml_to_tomcat7(self, document): - server = document.getroot() - jasper_comment = etree.Comment('Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html ') + jasper_comment = etree.Comment( + 'Initialize Jasper prior to webapps are loaded. Documentation ' + 'at /docs/jasper-howto.html ') jasper_listener = etree.Element('Listener') - jasper_listener.set('className', 'org.apache.catalina.core.JasperListener') + jasper_listener.set( + 'className', + 'org.apache.catalina.core.JasperListener') - jmx_support_comment = etree.Comment(' JMX Support for the Tomcat server. Documentation at /docs/non-existent.html ') + jmx_support_comment = etree.Comment( + ' JMX Support for the Tomcat server. Documentation at ' + '/docs/non-existent.html ') - excluded_comment1 = etree.Comment(' The following class has been commented out because it ') - excluded_comment2 = etree.Comment(' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') + excluded_comment1 = etree.Comment( + ' The following class has been commented out because it ') + excluded_comment2 = etree.Comment( + ' has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM! ') - server_lifecycle_comment = etree.Comment(' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') + server_lifecycle_comment = etree.Comment( + ' Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" ') global_resources_lifecycle_listener = None children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: server.remove(child) - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: jasper_comment = None - elif 'JMX Support for the Tomcat server.' in child.text: jmx_support_comment = None - elif 'The following class has been commented out because it' in child.text: excluded_comment1 = None - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: excluded_comment2 = None - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server_lifecycle_comment = None - if 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: server.remove(child) elif child.tag == 'Listener': class_name = child.get('className') - if class_name == 'org.apache.catalina.startup.VersionLoggerListener'\ - or class_name == 'org.apache.catalina.security.SecurityListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener'\ - or class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener'\ - or class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': - + if class_name in { + 'org.apache.catalina.startup.VersionLoggerListener', + 'org.apache.catalina.security.SecurityListener', + 'org.apache.catalina.mbeans.ServerLifecycleListener', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener'}: if self.debug: print '* removing %s' % class_name - server.remove(child) elif class_name == 'org.apache.catalina.core.JasperListener': @@ -231,7 +234,6 @@ class MigrateCLI(pki.cli.CLI): connectors = server.findall('Service/Connector') for connector in connectors: - if connector.get('secure') == 'true': connector.set('protocol', 'HTTP/1.1') @@ -240,78 +242,68 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log.') def migrate_server_xml_to_tomcat8(self, document): - server = document.getroot() version_logger_listener = etree.Element('Listener') - version_logger_listener.set('className', 'org.apache.catalina.startup.VersionLoggerListener') + version_logger_listener.set( + 'className', + 'org.apache.catalina.startup.VersionLoggerListener') security_listener_comment = etree.Comment(''' Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> ''') jre_memory_leak_prevention_listener = etree.Element('Listener') - jre_memory_leak_prevention_listener.set('className', 'org.apache.catalina.core.JreMemoryLeakPreventionListener') + jre_memory_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.JreMemoryLeakPreventionListener') global_resources_lifecycle_listener = None thread_local_leak_prevention_listener = etree.Element('Listener') - thread_local_leak_prevention_listener.set('className', 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') + thread_local_leak_prevention_listener.set( + 'className', + 'org.apache.catalina.core.ThreadLocalLeakPreventionListener') - prevent_comment = etree.Comment(' Prevent memory leaks due to use of particular java/javax APIs') + prevent_comment = etree.Comment( + ' Prevent memory leaks due to use of particular java/javax APIs') children = list(server) for child in children: - - if isinstance(child, etree._Comment): # pylint: disable=protected-access - + if isinstance(child, etree._Comment): # pylint: disable=protected-access if 'org.apache.catalina.security.SecurityListener' in child.text: security_listener_comment = None - elif 'Initialize Jasper prior to webapps are loaded.' in child.text: server.remove(child) - elif 'JMX Support for the Tomcat server.' in child.text: server.remove(child) - elif 'The following class has been commented out because it' in child.text: server.remove(child) - elif 'has been EXCLUDED from the Tomcat 7 \'tomcat-lib\' RPM!' in child.text: server.remove(child) - elif 'org.apache.catalina.mbeans.ServerLifecycleListener' in child.text: server.remove(child) - elif 'Prevent memory leaks due to use of particular java/javax APIs' in child.text: prevent_comment = None elif child.tag == 'Listener': - class_name = child.get('className') if class_name == 'org.apache.catalina.core.JasperListener'\ - or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': - + or class_name == 'org.apache.catalina.mbeans.ServerLifecycleListener': if self.debug: print '* removing %s' % class_name - server.remove(child) - elif class_name == 'org.apache.catalina.startup.VersionLoggerListener': version_logger_listener = None - elif class_name == 'org.apache.catalina.core.JreMemoryLeakPreventionListener': jre_memory_leak_prevention_listener = None - elif class_name == 'org.apache.catalina.mbeans.GlobalResourcesLifecycleListener': global_resources_lifecycle_listener = child - elif class_name == 'org.apache.catalina.core.ThreadLocalLeakPreventionListener': thread_local_leak_prevention_listener = None @@ -359,7 +351,9 @@ class MigrateCLI(pki.cli.CLI): for connector in connectors: if connector.get('secure') == 'true': - connector.set('protocol', 'org.apache.coyote.http11.Http11Protocol') + connector.set( + 'protocol', + 'org.apache.coyote.http11.Http11Protocol') if self.debug: print '* updating AccessLogValve' @@ -367,20 +361,18 @@ class MigrateCLI(pki.cli.CLI): valves = server.findall('Service/Engine/Host/Valve') for valve in valves: - if valve.get('className') == 'org.apache.catalina.valves.AccessLogValve': + if valve.get( + 'className') == 'org.apache.catalina.valves.AccessLogValve': valve.set('prefix', 'localhost_access_log') def migrate_subsystems(self, instance, tomcat_version): - for subsystem in instance.subsystems: self.migrate_subsystem(subsystem, tomcat_version) def migrate_subsystem(self, subsystem, tomcat_version): - self.migrate_context_xml(subsystem.context_xml, tomcat_version) def migrate_context_xml(self, filename, tomcat_version): - if not os.path.exists(filename): return @@ -404,7 +396,6 @@ class MigrateCLI(pki.cli.CLI): f.write(etree.tostring(document, pretty_print=True)) def migrate_context_xml_to_tomcat7(self, document): - context = document.getroot() context.set('allowLinking', 'true') @@ -418,9 +409,8 @@ class MigrateCLI(pki.cli.CLI): context.remove(resources) def migrate_context_xml_to_tomcat8(self, document): - context = document.getroot() - if context.attrib.has_key('allowLinking'): + if 'allowLinking' in context.attrib: context.attrib.pop('allowLinking') resources = context.find('Resources') @@ -436,7 +426,6 @@ class MigrateCLI(pki.cli.CLI): resources.set('allowLinking', 'true') def migrate_tomcat_libraries(self, instance): - # remove old links for filename in os.listdir(instance.lib_dir): diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 43eb564ee..a63eb86d7 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -248,7 +248,9 @@ class SubsystemEnableCLI(pki.cli.CLI): class SubsystemDisableCLI(pki.cli.CLI): def __init__(self): - super(SubsystemDisableCLI, self).__init__('disable', 'Disable subsystem') + super(SubsystemDisableCLI, self).__init__( + 'disable', + 'Disable subsystem') def usage(self): print 'Usage: pki-server subsystem-disable [OPTIONS] <subsystem ID>' diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index 5ffed768b..8bca657de 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -20,14 +20,14 @@ # # PKI Deployment Constants -PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 -PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 00770 -PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 00660 -PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 00600 -PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 02770 -PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 00777 -PKI_DEPLOYMENT_DEFAULT_UMASK = 00002 +PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 0o0755 +PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_EXE_PERMISSIONS = 0o0770 +PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS = 0o0660 +PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS = 0o0600 +PKI_DEPLOYMENT_DEFAULT_SGID_DIR_PERMISSIONS = 0o2770 +PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS = 0o0777 +PKI_DEPLOYMENT_DEFAULT_UMASK = 0o0002 PKI_DEPLOYMENT_DEFAULT_COMMENT = "'Certificate System'" PKI_DEPLOYMENT_DEFAULT_GID = 17 diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index cf04e68bc..62abce74e 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -111,13 +111,13 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): shutil.copy2(srcname, dstname) # catch the Error from the recursive pki_copytree so that we can # continue with other files - except Error, err: + except Error as err: errors.extend(err.args[0]) - except EnvironmentError, why: + except EnvironmentError as why: errors.append((srcname, dstname, str(why))) try: shutil.copystat(src, dst) - except OSError, why: + except OSError as why: if WindowsError is not None and isinstance(why, WindowsError): # Copying file access times may fail on Windows pass @@ -307,16 +307,16 @@ class Identity: def group_exists(self, pki_group): try: - _ = getgrnam(pki_group)[1] + _ = getgrnam(pki_group)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def user_exists(self, pki_user): try: - _ = getpwnam(pki_user)[1] + _ = getpwnam(pki_user)[1] # nopep8 return True - except KeyError as _: + except KeyError: return False def is_user_a_member_of_group(self, pki_user, pki_group): @@ -369,7 +369,8 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'])) else: - if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): + if os.path.exists( + self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision config.pki_log.error( log.PKIHELPER_NAMESPACE_COLLISION_2, @@ -548,7 +549,8 @@ class ConfigurationFile: self.subsystem) if config.str2bool( self.mdict['pki_subordinate_create_new_security_domain']): - self.confirm_data_exists('pki_subordinate_security_domain_name') + self.confirm_data_exists( + 'pki_subordinate_security_domain_name') def confirm_external_step_two(self): # ALWAYS defined via 'pkiparser.py' @@ -562,7 +564,7 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not param in self.mdict or not len(self.mdict[param]): + if param not in self.mdict or not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, @@ -600,8 +602,8 @@ class ConfigurationFile: # If HSM, verify absence of all PKCS #12 backup parameters if (config.str2bool(self.mdict['pki_hsm_enable']) and (config.str2bool(self.mdict['pki_backup_keys']) or - ('pki_backup_password' in self.mdict and - len(self.mdict['pki_backup_password'])))): + ('pki_backup_password' in self.mdict and + len(self.mdict['pki_backup_password'])))): config.pki_log.error( log.PKIHELPER_HSM_KEYS_CANNOT_BE_BACKED_UP_TO_PKCS12_FILES, extra=config.PKI_INDENTATION_LEVEL_2) @@ -623,7 +625,7 @@ class ConfigurationFile: # Verify absence of all PKCS #12 clone parameters for HSMs elif (os.path.exists(self.mdict['pki_clone_pkcs12_path']) or ('pki_clone_pkcs12_password' in self.mdict and - len(self.mdict['pki_clone_pkcs12_password']))): + len(self.mdict['pki_clone_pkcs12_password']))): config.pki_log.error( log.PKIHELPER_HSM_CLONES_MUST_SHARE_HSM_MASTER_PRIVATE_KEYS, extra=config.PKI_INDENTATION_LEVEL_2) @@ -966,7 +968,9 @@ class Instance: if os.path.isdir(os.path.join(self.mdict['pki_path'], instance))\ and not\ os.path.islink(os.path.join(self.mdict['pki_path'], instance)): - instance_dir = os.path.join(self.mdict['pki_path'], instance) + instance_dir = os.path.join( + self.mdict['pki_path'], + instance) # Since ANY directory within this PKI instance COULD # be a PKI subsystem, look for all possible # PKI subsystems within this PKI instance @@ -989,7 +993,8 @@ class Instance: rv = [] try: for subsystem in config.PKI_TOMCAT_SUBSYSTEMS: - path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() + path = self.mdict['pki_instance_path'] + \ + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): rv.append(subsystem) except OSError as exc: @@ -1008,13 +1013,13 @@ class Instance: # present within the PKI 'tomcat' registry directory for instance in os.listdir( self.mdict['pki_instance_type_registry_path']): - if os.path.isdir(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + if os.path.isdir( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)) and not\ - os.path.islink(\ - os.path.join(\ - self.mdict['pki_instance_type_registry_path'],\ + os.path.islink( + os.path.join( + self.mdict['pki_instance_type_registry_path'], instance)): rv += 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, @@ -1074,7 +1079,9 @@ class Instance: try: client = pki.system.SystemStatusClient(connection) response = client.get_status() - config.pki_log.debug(response, extra=config.PKI_INDENTATION_LEVEL_3) + config.pki_log.debug( + response, + extra=config.PKI_INDENTATION_LEVEL_3) root = ET.fromstring(response) status = root.findtext("Status") @@ -1465,7 +1472,10 @@ class Directory: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1578,7 +1588,9 @@ class File: log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1624,7 +1636,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1668,7 +1682,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1726,7 +1743,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -1741,7 +1761,9 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + old_name) else: if os.path.exists(new_name): if not overwrite_flag: @@ -1796,7 +1818,10 @@ class File: msg = log.PKI_SHUTIL_ERROR_1 else: msg = log.PKI_OSERROR_1 - config.pki_log.error(msg, exc, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + msg, + exc, + extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: raise return @@ -2119,7 +2144,9 @@ class Password: token_name, extra=config.PKI_INDENTATION_LEVEL_2) if critical_failure: - raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) + raise Exception( + log.PKIHELPER_PASSWORD_NOT_FOUND_1 % + token_name) else: return return token_pwd @@ -2141,11 +2168,11 @@ class HSM: def initialize_ncipher(self): if (self.file.exists(config.PKI_HSM_NCIPHER_EXE) and - self.file.exists(config.PKI_HSM_NCIPHER_LIB) and - self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): + self.file.exists(config.PKI_HSM_NCIPHER_LIB) and + self.identity.group_exists(config.PKI_HSM_NCIPHER_GROUP)): # Check if 'pki_user' is a member of the default "nCipher" group if not self.identity.is_user_a_member_of_group( - self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): + self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP): # Make 'pki_user' a member of the default "nCipher" group self.identity.add_user_to_group(self.mdict['pki_user'], config.PKI_HSM_NCIPHER_GROUP) @@ -2696,7 +2723,6 @@ class Modutil: extra=config.PKI_INDENTATION_LEVEL_2) return True - def register_security_module(self, path, modulename, libfile, prefix=None, critical_failure=True): try: @@ -2944,7 +2970,8 @@ class KRAConnector: sechost, secport) except Exception as e: config.pki_log.error( - "unable to access security domain. Continuing .. " + str(e), + "unable to access security domain. Continuing .. " + + str(e), extra=config.PKI_INDENTATION_LEVEL_2) ca_list = [] @@ -3085,7 +3112,7 @@ class TPSConnector: else: return - #retrieve tks host and port + # retrieve tks host and port if ':' in tkshostport: tkshost = tkshostport.split(':')[0] tksport = tkshostport.split(':')[1] @@ -3854,7 +3881,7 @@ class ConfigClient: admin_cert = response['adminCert']['cert'] self.process_admin_cert(admin_cert) - except Exception, e: + except Exception as e: config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), extra=config.PKI_INDENTATION_LEVEL_2) @@ -3862,7 +3889,7 @@ class ConfigClient: if hasattr(e, 'response'): try: root = ET.fromstring(e.response.text) - except ET.ParseError, pe: + except ET.ParseError as pe: config.pki_log.error( "ParseError: %s: %s " % (pe, e.response.text), extra=config.PKI_INDENTATION_LEVEL_2) @@ -4007,8 +4034,8 @@ class ConfigClient: with open(self.mdict['pki_external_admin_csr_path'], "w") as f: f.write("-----BEGIN CERTIFICATE REQUEST-----\n") admin_certreq = None - with open(os.path.join(\ - self.mdict['pki_client_database_dir'],\ + with open(os.path.join( + self.mdict['pki_client_database_dir'], "admin_pkcs10.bin.asc"), "r") as f: admin_certreq = f.read() with open(self.mdict['pki_external_admin_csr_path'], "a") as f: @@ -4021,8 +4048,10 @@ class ConfigClient: log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq, extra=config.PKI_INDENTATION_LEVEL_2) - def save_admin_cert(self, message, input_data, output_file, subsystem_name): - config.pki_log.debug(message + " '" + output_file + "'", subsystem_name, + def save_admin_cert(self, message, input_data, output_file, + subsystem_name): + config.pki_log.debug(message + " '" + output_file + "'", + subsystem_name, extra=config.PKI_INDENTATION_LEVEL_2) with open(output_file, "w") as f: f.write(input_data) @@ -4058,7 +4087,7 @@ class ConfigClient: cert.certChain = f.read() def set_system_certs(self, data): - systemCerts = [] + systemCerts = [] # nopep8 # Create 'CA Signing Certificate' if not self.clone: @@ -4277,7 +4306,8 @@ class ConfigClient: data.securityDomainType = "existingdomain" data.securityDomainUri = self.mdict['pki_security_domain_uri'] data.securityDomainUser = self.mdict['pki_security_domain_user'] - data.securityDomainPassword = self.mdict['pki_security_domain_password'] + data.securityDomainPassword = self.mdict[ + 'pki_security_domain_password'] def set_new_security_domain(self, data): data.securityDomainType = "newdomain" @@ -4559,4 +4589,6 @@ class PKIDeployer: f.write(etree.tostring(document, pretty_print=True)) os.chown(new_descriptor, self.mdict['pki_uid'], self.mdict['pki_gid']) - os.chmod(new_descriptor, config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) + os.chmod( + new_descriptor, + config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS) diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py index 593fb20d3..67b9348c1 100644 --- a/base/server/python/pki/server/deployment/pkimanifest.py +++ b/base/server/python/pki/server/deployment/pkimanifest.py @@ -101,4 +101,3 @@ class File: config.pki_log.error(log.PKI_IOERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_1) raise - diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index cc9102161..649237307 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -146,7 +146,7 @@ REMINDER: Finally, if an optional '-p <prefix>' is defined, this value WILL NOT be prepended in front of the mandatory '-f <configuration_file>'. """ + PKI_VERBOSITY -PKISPAWN_INTERACTIVE_INSTALLATION=''' +PKISPAWN_INTERACTIVE_INSTALLATION = ''' IMPORTANT: Interactive installation currently only exists for very basic deployments! diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index c1b6be395..f192cc924 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -52,7 +52,7 @@ class PKIConfigParser: def __init__(self, description, epilog): self.pki_config = None - #Read and process command-line options + # Read and process command-line options self.arg_parser = argparse.ArgumentParser( description=description, add_help=False, @@ -64,7 +64,8 @@ class PKIConfigParser: 'mandatory arguments') # Establish 'Optional' command-line options - self.optional = self.arg_parser.add_argument_group('optional arguments') + self.optional = self.arg_parser.add_argument_group( + 'optional arguments') self.optional.add_argument( '-s', dest='pki_subsystem', action='store', @@ -239,17 +240,17 @@ class PKIConfigParser: self.pki_config.set(section, key, value) self.flatten_master_dict() - if section != "DEFAULT" and not config.user_config.has_section(section): + if section != "DEFAULT" and not config.user_config.has_section( + section): config.user_config.add_section(section) config.user_config.set(section, key, value) def print_text(self, message): print ' ' * self.indent + message - def read_text( - self, message, - section=None, key=None, default=None, - options=None, sign=':', allow_empty=True, case_sensitive=True): + def read_text(self, message, section=None, key=None, default=None, + options=None, sign=':', allow_empty=True, + case_sensitive=True): if default is None and key is not None: default = self.mdict[key] @@ -289,12 +290,11 @@ class PKIConfigParser: return value - def read_password( - self, message, section=None, key=None, - verifyMessage=None): + def read_password(self, message, section=None, key=None, # nopep8 + verifyMessage=None): message = ' ' * self.indent + message + ': ' - if verifyMessage is not None: - verifyMessage = ' ' * self.indent + verifyMessage + ': ' + if verifyMessage is not None: # nopep8 + verifyMessage = ' ' * self.indent + verifyMessage + ': ' # nopep8 while True: password = '' @@ -370,7 +370,7 @@ class PKIConfigParser: section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: print err rv = err return rv @@ -578,25 +578,25 @@ class PKIConfigParser: self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not 'pki_enable_access_log' in self.mdict or\ + if 'pki_enable_access_log' not in self.mdict or\ not len(self.mdict['pki_enable_access_log']): self.mdict['pki_enable_access_log'] = "false" - if not 'pki_external' in self.mdict or\ + if 'pki_external' not in self.mdict or\ not len(self.mdict['pki_external']): self.mdict['pki_external'] = "false" - if not 'pki_req_ext_add' in self.mdict or\ + if 'pki_req_ext_add' not in self.mdict or\ not len(self.mdict['pki_req_ext_add']): self.mdict['pki_req_ext_add'] = "false" - if not 'pki_external_step_two' in self.mdict or\ + if 'pki_external_step_two' not in self.mdict or\ not len(self.mdict['pki_external_step_two']): self.mdict['pki_external_step_two'] = "false" - if not 'pki_standalone' in self.mdict or\ + if 'pki_standalone' not in self.mdict or\ not len(self.mdict['pki_standalone']): self.mdict['pki_standalone'] = "false" - if not 'pki_subordinate' in self.mdict or\ + if 'pki_subordinate' not in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" - if not 'pki_san_inject' in self.mdict or\ + if 'pki_san_inject' not in self.mdict or\ not len(self.mdict['pki_san_inject']): self.mdict['pki_san_inject'] = "false" @@ -636,8 +636,8 @@ class PKIConfigParser: # and add this to the "sensitive" key value pairs read in from # the configuration file self.mdict['pki_one_time_pin'] = \ - ''.join(random.choice(string.ascii_letters + string.digits)\ - for x in range(20)) + ''.join(random.choice(string.ascii_letters + string.digits) + for x in range(20)) self.mdict['pki_target_catalina_properties'] = \ os.path.join( @@ -789,11 +789,9 @@ class PKIConfigParser: self.mdict['pki_ds_secure_connection'].lower() self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.mdict['pki_https_port'] @@ -1175,8 +1173,8 @@ class PKIConfigParser: # Stand-alone PKI self.mdict['pki_security_domain_type'] = "new" self.mdict['pki_issuing_ca'] = "External CA" - elif (config.pki_subsystem != "CA" or\ - config.str2bool(self.mdict['pki_clone']) or\ + elif (config.pki_subsystem != "CA" or + config.str2bool(self.mdict['pki_clone']) or config.str2bool(self.mdict['pki_subordinate'])): # PKI KRA, PKI OCSP, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone @@ -1229,7 +1227,7 @@ class PKIConfigParser: self.mdict['pki_admin_profile_id'] = "caAdminCert" - if not 'pki_import_admin_cert' in self.mdict: + if 'pki_import_admin_cert' not in self.mdict: self.mdict['pki_import_admin_cert'] = 'false' elif not config.str2bool(self.mdict['pki_skip_configuration']) and \ (config.str2bool(self.mdict['pki_standalone'])): @@ -1303,7 +1301,7 @@ class PKIConfigParser: parser.read(config.PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE) # Slots configuration file name/value pairs self.slots_dict = dict(parser.items('Tomcat')) - except ConfigParser.ParsingError, err: + except ConfigParser.ParsingError as err: rv = err return rv @@ -1324,5 +1322,3 @@ class PKIConfigParser: break return data - - diff --git a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py index fcd9fa63e..630ef38cc 100644 --- a/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/infrastructure_layout.py @@ -55,7 +55,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): deployer.directory.create( deployer.mdict['pki_instance_type_registry_path']) deployer.directory.create(deployer.mdict['pki_instance_registry_path']) - deployer.directory.create(deployer.mdict['pki_subsystem_registry_path']) + deployer.directory.create( + deployer.mdict['pki_subsystem_registry_path']) deployer.file.copy( deployer.mdict['pki_default_deployment_cfg'], deployer.mdict['pki_default_deployment_cfg_replica']) diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py index 9545c4d4e..378343eb5 100644 --- a/base/server/python/pki/server/deployment/scriptlets/initialization.py +++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py @@ -51,8 +51,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): else: config.pki_log.info(log.INITIALIZATION_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) - if (deployer.mdict['pki_subsystem'] == "CA" or \ - config.str2bool(deployer.mdict['pki_standalone'])) and \ + if (deployer.mdict['pki_subsystem'] == "CA" or + config.str2bool(deployer.mdict['pki_standalone'])) and \ config.str2bool(deployer.mdict['pki_external_step_two']): # verify that this External CA (Step 2), or Stand-alone PKI # (Step 2) currently EXISTS for this "instance" diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index c3d4d9e49..3ffe452bb 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -138,7 +138,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # Import the directory server CA certificate rv = deployer.certutil.import_cert( deployer.mdict['pki_ds_secure_connection_ca_nickname'], - deployer.mdict['pki_ds_secure_connection_ca_trustargs'], + deployer.mdict[ + 'pki_ds_secure_connection_ca_trustargs'], deployer.mdict['pki_ds_secure_connection_ca_pem_file'], password_file=deployer.mdict['pki_shared_pfile'], path=deployer.mdict['pki_database_path'], diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 1db945e12..c1ee0e7b1 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -38,14 +38,12 @@ SUBSYSTEM_TRACKER = '%s/CS.cfg' class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): def __init__(self): - super(PKIServerUpgradeScriptlet, self).__init__() def get_backup_dir(self): return BACKUP_DIR + '/' + str(self.version) + '/' + str(self.index) def can_upgrade_server(self, instance, subsystem=None): - # A scriptlet can run if the version matches the tracker and # the index is the next to be executed. @@ -55,7 +53,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): self.index == tracker.get_index() + 1 def update_server_tracker(self, instance, subsystem=None): - # Increment the index in the tracker. If it's the last scriptlet # in this version, update the tracker version. @@ -70,7 +67,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): tracker.set_version(self.version.next) def upgrade(self): - for instance in self.upgrader.instances(): self.upgrade_subsystems(instance) @@ -112,7 +108,6 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): 'Upgrade failed in %s: %s' % (instance, e), e, instance) def upgrade_subsystems(self, instance): - for subsystem in self.upgrader.subsystems(instance): if not self.can_upgrade_server(instance, subsystem): @@ -159,10 +154,9 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): class PKIServerUpgrader(pki.upgrade.PKIUpgrader): - def __init__( - self, instanceName=None, instanceType=None, subsystemName=None, - upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False): - + def __init__(self, instanceName=None, instanceType=None, # nopep8 + subsystemName=None, upgrade_dir=UPGRADE_DIR, # nopep8 + version=None, index=None, silent=False): super(PKIServerUpgrader, self).__init__( upgrade_dir, version, index, silent) @@ -179,9 +173,10 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): self.subsystem_trackers = {} def instances(self): - if self.instanceName and self.instanceType: - instance = pki.server.PKIInstance(self.instanceName, self.instanceType) + instance = pki.server.PKIInstance( + self.instanceName, + self.instanceType) instance.validate() instance.load() return [instance] @@ -215,7 +210,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return instance_list def subsystems(self, instance): - if self.subsystemName: subsystem = pki.server.PKISubsystem(instance, self.subsystemName) subsystem.validate() @@ -229,7 +223,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): instance.name) for subsystemName in os.listdir(registry_dir): if subsystemName in pki.server.SUBSYSTEM_TYPES: - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) else: @@ -239,7 +235,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystemName, instance.name) if os.path.exists(registry_dir): - subsystem = pki.server.PKISubsystem(instance, subsystemName) + subsystem = pki.server.PKISubsystem( + instance, + subsystemName) subsystem.validate() subsystem_list.append(subsystem) @@ -248,7 +246,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return subsystem_list def get_server_tracker(self, instance, subsystem=None): - if subsystem: name = str(subsystem) try: @@ -275,7 +272,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return tracker def get_current_version(self): - current_version = None for instance in self.instances(): @@ -306,7 +302,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): return current_version def show_tracker(self): - for instance in self.instances(): if not self.subsystemName: @@ -319,7 +314,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): tracker.show() def set_tracker(self, version): - for instance in self.instances(): if not self.subsystemName: @@ -334,7 +328,6 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): print 'Tracker has been set to version ' + str(version) + '.' def remove_tracker(self): - for instance in self.instances(): if not self.subsystemName: diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server index 627a4765e..2afaaa547 100644 --- a/base/server/sbin/pki-server +++ b/base/server/sbin/pki-server @@ -32,8 +32,9 @@ import pki.server.cli.nuxwdog class PKIServerCLI(pki.cli.CLI): def __init__(self): - - super(PKIServerCLI, self).__init__('pki-server', 'PKI server command-line interface') + super(PKIServerCLI, self).__init__( + 'pki-server', + 'PKI server command-line interface') self.add_module(pki.server.cli.instance.InstanceCLI()) self.add_module(pki.server.cli.subsystem.SubsystemCLI()) @@ -44,7 +45,6 @@ class PKIServerCLI(pki.cli.CLI): return module_name def print_help(self): - print 'Usage: pki-server [OPTIONS]' print print ' -v, --verbose Run in verbose mode.' @@ -55,7 +55,6 @@ class PKIServerCLI(pki.cli.CLI): super(PKIServerCLI, self).print_help() def execute(self, argv): - try: opts, args = getopt.getopt(argv[1:], 'v', [ 'verbose', 'debug', 'help']) diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy index abc11dc8d..fa5232e10 100755 --- a/base/server/sbin/pkidestroy +++ b/base/server/sbin/pkidestroy @@ -45,11 +45,11 @@ There was a problem importing one of the required Python modules. The error was: %s -""" % sys.exc_value +""" % sys.exc_info()[1] sys.exit(1) -#Handle the Keyboard Interrupt +# Handle the Keyboard Interrupt # pylint: disable=W0613 def interrupt_handler(event, frame): print @@ -114,7 +114,7 @@ def main(argv): action='store', nargs=1, metavar='<security domain user>', help='security domain user') - + parser.optional.add_argument( '-W', dest='pki_secdomain_pass_file', diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index fb5a61a8f..760febee2 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -48,7 +48,7 @@ There was a problem importing one of the required Python modules. The error was: %s -""" % sys.exc_value +""" % sys.exc_info()[1] sys.exit(1) @@ -116,7 +116,8 @@ def main(argv): # -f <user deployment config> if args.user_deployment_cfg is not None: - config.user_deployment_cfg = str(args.user_deployment_cfg).strip('[\']') + config.user_deployment_cfg = str( + args.user_deployment_cfg).strip('[\']') parser.validate() interactive = False @@ -234,22 +235,22 @@ def main(argv): # print "Interactive HSM installation is currently unsupported." # sys.exit(0) - # TBD: Interactive HSM installation - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_enable', - # 'True') - # modulename = parser.read_text( - # 'HSM Module Name (e. g. - nethsm)', allow_empty=False) - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_modulename', - # modulename) - # libfile = parser.read_text( - # 'HSM Lib File ' + - # '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)', - # allow_empty=False) - # parser.set_property(config.pki_subsystem, - # 'pki_hsm_libfile', - # libfile) + # TBD: Interactive HSM installation + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_enable', + # 'True') + # modulename = parser.read_text( + # 'HSM Module Name (e. g. - nethsm)', allow_empty=False) + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_modulename', + # modulename) + # libfile = parser.read_text( + # 'HSM Lib File ' + + # '(e. g. - /opt/nfast/toolkits/pkcs11/libcknfast.so)', + # allow_empty=False) + # parser.set_property(config.pki_subsystem, + # 'pki_hsm_libfile', + # libfile) # print print "Directory Server:" @@ -415,7 +416,7 @@ def main(argv): parser.set_property(config.pki_subsystem, 'pki_enable_server_side_keygen', 'True') - + parser.read_text('KRA URL', config.pki_subsystem, 'pki_kra_uri') @@ -487,7 +488,8 @@ def main(argv): sys.exit(1) # Enable 'pkispawn' logging. - config.pki_log_dir = config.pki_root_prefix + config.PKI_DEPLOYMENT_LOG_ROOT + config.pki_log_dir = config.pki_root_prefix + \ + config.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" + \ config.pki_subsystem.lower() + \ "-" + "spawn" + "." + \ @@ -533,7 +535,7 @@ def main(argv): not config.str2bool(parser.mdict['pki_skip_configuration']): try: # Verify existence of Directory Server Password - if not 'pki_ds_password' in parser.mdict or\ + if 'pki_ds_password' not in parser.mdict or\ not len(parser.mdict['pki_ds_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -557,7 +559,7 @@ def main(argv): if parser.mdict['pki_security_domain_type'] != "new": try: # Verify existence of Security Domain Password - if not 'pki_security_domain_password' in parser.mdict or\ + if 'pki_security_domain_password' not in parser.mdict or\ not len(parser.mdict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -643,10 +645,10 @@ def print_install_information(mdict): % mdict['pki_client_database_dir'] print log.PKI_CHECK_STATUS_MESSAGE % mdict['pki_instance_name'] print log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'] - if (((config.pki_subsystem == "KRA" or\ - config.pki_subsystem == "OCSP") and\ - config.str2bool(mdict['pki_standalone'])) and\ - not config.str2bool(mdict['pki_external_step_two'])): + if (((config.pki_subsystem == "KRA" or + config.pki_subsystem == "OCSP") and + config.str2bool(mdict['pki_standalone'])) and + not config.str2bool(mdict['pki_external_step_two'])): # Stand-alone PKI KRA/OCSP (External CA Step 1) print log.PKI_CONFIGURATION_STANDALONE_1 % config.pki_subsystem else: diff --git a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator index 5cf4e581b..7b477da0b 100755 --- a/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator +++ b/base/server/upgrade/10.0.1/01-ReplaceRandomNumberGenerator @@ -27,7 +27,8 @@ import pki import pki.server.upgrade -class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet): +class ReplaceRandomNumberGenerator( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(ReplaceRandomNumberGenerator, self).__init__() @@ -38,7 +39,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def upgrade_subsystem(self, instance, subsystem): - meta_inf = os.path.join(instance.base_dir, 'webapps', subsystem.name, 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name, + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -54,7 +59,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) document = etree.parse(context_xml, self.parser) self.add_manager(document) - if subsystem.type >=10: + if subsystem.type >= 10: self.update_authenticator(document) else: self.remove_authenticator(document) @@ -70,7 +75,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def update_root_context_xml(self, instance): - meta_inf = os.path.join(instance.base_dir, 'webapps', 'ROOT', 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + 'ROOT', + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -92,7 +101,11 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) def update_pki_context_xml(self, instance): - meta_inf = os.path.join(instance.base_dir, 'webapps', 'pki', 'META-INF') + meta_inf = os.path.join( + instance.base_dir, + 'webapps', + 'pki', + 'META-INF') self.backup(meta_inf) self.create_meta_inf(instance, meta_inf) @@ -118,7 +131,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) os.mkdir(path) os.chown(path, instance.uid, instance.gid) - os.chmod(path, 0770) + os.chmod(path, 0o770) def create_context_xml(self, instance, source, target): @@ -126,7 +139,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) shutil.copyfile(source, target) os.chown(target, instance.uid, instance.gid) - os.chmod(target, 0660) + os.chmod(target, 0o660) def add_manager(self, document): @@ -164,7 +177,7 @@ class ReplaceRandomNumberGenerator(pki.server.upgrade.PKIServerUpgradeScriptlet) # Create new authenticator' authenticator = etree.SubElement(authenticator, 'Valve') authenticator.set('className', - 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback') + 'com.netscape.cms.tomcat.SSLAuthenticatorWithFallback') # Update authenticator's attributes authenticator.set('secureRandomProvider', 'Mozilla-JSS') diff --git a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges index 5960f1d2d..3c77b424e 100755 --- a/base/server/upgrade/10.0.1/02-CloningInterfaceChanges +++ b/base/server/upgrade/10.0.1/02-CloningInterfaceChanges @@ -25,6 +25,7 @@ from lxml import etree as ET import pki import pki.server.upgrade + class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): updateDomainServletData = """ @@ -151,7 +152,7 @@ class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): self.root.remove(mapping) def modify_update_domain_xml(self): - #add caUpdateDomainXML-admin servlet and mapping + # add caUpdateDomainXML-admin servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() @@ -174,9 +175,8 @@ class CloningInterfaceChanges(pki.server.upgrade.PKIServerUpgradeScriptlet): mapping = ET.fromstring(self.updateDomainMappingData) self.root.insert(index, mapping) - def modify_token_authenticate(self): - #add caTokenAuthenticate-admin servlet and mapping + # add caTokenAuthenticate-admin servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() diff --git a/base/server/upgrade/10.0.1/03-AddRestServlet b/base/server/upgrade/10.0.1/03-AddRestServlet index 2f375cd42..46559373d 100755 --- a/base/server/upgrade/10.0.1/03-AddRestServlet +++ b/base/server/upgrade/10.0.1/03-AddRestServlet @@ -25,6 +25,7 @@ from lxml import etree as ET import pki import pki.server.upgrade + class AddRestServlet(pki.server.upgrade.PKIServerUpgradeScriptlet): restServicesServletData = """ @@ -63,7 +64,7 @@ class AddRestServlet(pki.server.upgrade.PKIServerUpgradeScriptlet): self.doc.write(web_xml) def add_rest_services_servlet(self): - #add rest-services servlet and mapping + # add rest-services servlet and mapping found = False for servlet in self.doc.findall('.//servlet'): name = servlet.find('servlet-name').text.strip() diff --git a/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator b/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator index fe954c662..53d97ab01 100755 --- a/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator +++ b/base/server/upgrade/10.0.5/01-EnableSessionInAuthenticator @@ -25,7 +25,8 @@ from lxml import etree import pki.server.upgrade -class EnableSessionInAuthenticator(pki.server.upgrade.PKIServerUpgradeScriptlet): +class EnableSessionInAuthenticator( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(EnableSessionInAuthenticator, self).__init__() diff --git a/base/server/upgrade/10.0.99/01-FixJavaOpts b/base/server/upgrade/10.0.99/01-FixJavaOpts index da2ece18a..8b5187397 100755 --- a/base/server/upgrade/10.0.99/01-FixJavaOpts +++ b/base/server/upgrade/10.0.99/01-FixJavaOpts @@ -36,4 +36,3 @@ class FixJavaOpts(pki.server.upgrade.PKIServerUpgradeScriptlet): with open(fname, "w") as outfile: for line in lines: outfile.write(re.sub(r'\$JAVA_OPTS *', '', line)) - diff --git a/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile b/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile index 76dbb23d6..7fa6c937e 100755 --- a/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile +++ b/base/server/upgrade/10.1.1/01-MoveWebApplicationContextFile @@ -24,7 +24,8 @@ import os import pki.server.upgrade -class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationContextFile( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationContextFile, self).__init__() @@ -41,7 +42,11 @@ class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet def upgrade_webapp(self, instance, webapp): - metainf_dir = os.path.join(instance.base_dir, 'webapps', webapp, 'META-INF') + metainf_dir = os.path.join( + instance.base_dir, + 'webapps', + webapp, + 'META-INF') if not os.path.exists(metainf_dir): # upgrade already done return diff --git a/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile b/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile index 76dbb23d6..7fa6c937e 100755 --- a/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile +++ b/base/server/upgrade/10.1.99/01-MoveWebApplicationContextFile @@ -24,7 +24,8 @@ import os import pki.server.upgrade -class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationContextFile( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationContextFile, self).__init__() @@ -41,7 +42,11 @@ class MoveWebApplicationContextFile(pki.server.upgrade.PKIServerUpgradeScriptlet def upgrade_webapp(self, instance, webapp): - metainf_dir = os.path.join(instance.base_dir, 'webapps', webapp, 'META-INF') + metainf_dir = os.path.join( + instance.base_dir, + 'webapps', + webapp, + 'META-INF') if not os.path.exists(metainf_dir): # upgrade already done return diff --git a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson index b74f9d3ee..2da03a600 100755 --- a/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson +++ b/base/server/upgrade/10.1.99/02-ReplaceJettisonWithJackson @@ -55,7 +55,9 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-annotations.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson', 'jackson-core-asl.jar') + source = os.path.join( + '/usr/share/java/jackson', + 'jackson-core-asl.jar') link = os.path.join(common_lib, 'jackson-core-asl.jar') self.create_link(instance, source, link) @@ -67,7 +69,9 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-databind.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson-jaxrs-providers', 'jackson-jaxrs-base.jar') + source = os.path.join( + '/usr/share/java/jackson-jaxrs-providers', + 'jackson-jaxrs-base.jar') link = os.path.join(common_lib, 'jackson-jaxrs-base.jar') self.create_link(instance, source, link) @@ -75,15 +79,21 @@ class ReplaceJettisonWithJackson(pki.server.upgrade.PKIServerUpgradeScriptlet): link = os.path.join(common_lib, 'jackson-jaxrs.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson-jaxrs-providers', 'jackson-jaxrs-json-provider.jar') + source = os.path.join( + '/usr/share/java/jackson-jaxrs-providers', + 'jackson-jaxrs-json-provider.jar') link = os.path.join(common_lib, 'jackson-jaxrs-json-provider.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java/jackson', 'jackson-mapper-asl.jar') + source = os.path.join( + '/usr/share/java/jackson', + 'jackson-mapper-asl.jar') link = os.path.join(common_lib, 'jackson-mapper-asl.jar') self.create_link(instance, source, link) - source = os.path.join('/usr/share/java', 'jackson-module-jaxb-annotations.jar') + source = os.path.join( + '/usr/share/java', + 'jackson-module-jaxb-annotations.jar') link = os.path.join(common_lib, 'jackson-module-jaxb-annotations.jar') self.create_link(instance, source, link) diff --git a/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass b/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass index 870fa981c..1cfff29f6 100755 --- a/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass +++ b/base/server/upgrade/10.1.99/04-ReplaceRESTEasyApplicationClass @@ -25,7 +25,9 @@ from lxml import etree as ET import pki import pki.server.upgrade -class ReplaceRESTEasyApplicationClass(pki.server.upgrade.PKIServerUpgradeScriptlet): + +class ReplaceRESTEasyApplicationClass( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(ReplaceRESTEasyApplicationClass, self).__init__() @@ -58,15 +60,20 @@ class ReplaceRESTEasyApplicationClass(pki.server.upgrade.PKIServerUpgradeScriptl if servlet is None: raise Exception('Resteasy servlet not found in ' + web_xml) - param = servlet.find('init-param[param-name="javax.ws.rs.Application"]') + param = servlet.find( + 'init-param[param-name="javax.ws.rs.Application"]') if param is None: - raise Exception('Resteasy application parameter not found in ' + web_xml) + raise Exception( + 'Resteasy application parameter not found in ' + + web_xml) value = param.find('param-value') if value is None: - raise Exception('Resteasy application value not found in ' + web_xml) + raise Exception( + 'Resteasy application value not found in ' + + web_xml) value.text = self.class_names[subsystem.name] diff --git a/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML b/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML index edc27e3f8..4117b7e6a 100755 --- a/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML +++ b/base/server/upgrade/10.1.99/05-RemoveConfigPathFromWebXML @@ -33,8 +33,17 @@ class RemoveConfigPathFromWebXML(pki.server.upgrade.PKIServerUpgradeScriptlet): def upgrade_subsystem(self, instance, subsystem): - default_cs_cfg = os.path.join(instance.base_dir, 'conf', subsystem.name, 'CS.cfg') - web_xml = os.path.join(instance.base_dir, 'webapps', subsystem.name, 'WEB-INF', 'web.xml') + default_cs_cfg = os.path.join( + instance.base_dir, + 'conf', + subsystem.name, + 'CS.cfg') + web_xml = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name, + 'WEB-INF', + 'web.xml') if not os.path.exists(web_xml): return diff --git a/base/server/upgrade/10.2.1/01-AddTLSRangeSupport b/base/server/upgrade/10.2.1/01-AddTLSRangeSupport index e2259245b..c9db5503b 100755 --- a/base/server/upgrade/10.2.1/01-AddTLSRangeSupport +++ b/base/server/upgrade/10.2.1/01-AddTLSRangeSupport @@ -34,21 +34,20 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): self.parser = etree.XMLParser(remove_blank_text=True) - def upgrade_instance(self, instance): - server_xml = os.path.join(instance.conf_dir, 'server.xml') - #Backup the file before modify + server_xml = os.path.join(instance.conf_dir, 'server.xml') + # Backup the file before modify self.backup(server_xml) - #Parse the server.xml into an XML object + # Parse the server.xml into an XML object document = etree.parse(server_xml, self.parser) - #perform the upgrade in memory + # perform the upgrade in memory self.add_tls_range(document) - #Once all changes are made, write the XML back into the same server.xml - #This way we're preserving any other customization that has been done + # Once all changes are made, write the XML back into the same server.xml + # This way we're preserving any other customization that has been done # to the server.xml with open(server_xml, 'w') as f: - f.write(etree.tostring(document, pretty_print=True)) + f.write(etree.tostring(document, pretty_print=True)) def add_tls_range(self, document): @@ -57,7 +56,7 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): connectors = server.findall('.//Connector') for connector in connectors: - + secure = connector.get('secure') if secure == 'true': # Update Connector's attributes @@ -65,38 +64,37 @@ class AddTLSRangeSupport(pki.server.upgrade.PKIServerUpgradeScriptlet): connector.set('sslVersionRangeStream', 'tls1_0:tls1_2') connector.set('sslVersionRangeDatagram', 'tls1_1:tls1_2') connector.set('sslRangeCiphers', - '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,' \ - '-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,' \ - '-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,' \ - '+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,' \ - '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_256_CBC_SHA256,' \ - '+TLS_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,' \ - '+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,' \ - '+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256') - + '-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,' + '-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,' + '+TLS_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,' + '-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,' + '+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,' + '+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,' + '+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,' + '+TLS_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_RSA_WITH_AES_256_CBC_SHA256,' + '+TLS_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,' + '+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,' + '+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,' + '+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256') diff --git a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations index 8d63a5563..5689f2526 100755 --- a/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations +++ b/base/server/upgrade/10.2.2/01-MoveWebApplicationDeploymentLocations @@ -27,7 +27,8 @@ import pki import pki.server.upgrade -class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeScriptlet): +class MoveWebApplicationDeploymentLocations( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(MoveWebApplicationDeploymentLocations, self).__init__() @@ -37,7 +38,10 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS def upgrade_subsystem(self, instance, subsystem): - subsystem_webapps = os.path.join(instance.base_dir, subsystem.name, 'webapps') + subsystem_webapps = os.path.join( + instance.base_dir, + subsystem.name, + 'webapps') self.backup(subsystem_webapps) # remove old subsystem webapps symlink @@ -49,14 +53,24 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS os.mkdir(subsystem_webapps) os.chown(subsystem_webapps, instance.uid, instance.gid) - os.chmod(subsystem_webapps, 0770) + os.chmod(subsystem_webapps, 0o770) # move subsystem webapp - subsystem_old_webapp = os.path.join(instance.base_dir, 'webapps', subsystem.name) + subsystem_old_webapp = os.path.join( + instance.base_dir, + 'webapps', + subsystem.name) subsystem_new_webapp = os.path.join(subsystem_webapps, subsystem.name) - subsystem_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', subsystem.name + '.xml') + subsystem_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + subsystem.name + '.xml') - self.move_webapp(subsystem_old_webapp, subsystem_new_webapp, subsystem_context_xml) + self.move_webapp( + subsystem_old_webapp, + subsystem_new_webapp, + subsystem_context_xml) def upgrade_instance(self, instance): @@ -68,19 +82,27 @@ class MoveWebApplicationDeploymentLocations(pki.server.upgrade.PKIServerUpgradeS os.mkdir(common_webapps) os.chown(common_webapps, instance.uid, instance.gid) - os.chmod(common_webapps, 0770) + os.chmod(common_webapps, 0o770) # move ROOT webapp root_old_webapp = os.path.join(instance.base_dir, 'webapps', 'ROOT') root_new_webapp = os.path.join(common_webapps, 'ROOT') - root_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'ROOT.xml') + root_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'ROOT.xml') self.move_webapp(root_old_webapp, root_new_webapp, root_context_xml) # move pki webapp pki_old_webapp = os.path.join(instance.base_dir, 'webapps', 'pki') pki_new_webapp = os.path.join(common_webapps, 'pki') - pki_context_xml = os.path.join(instance.conf_dir, 'Catalina', 'localhost', 'pki.xml') + pki_context_xml = os.path.join( + instance.conf_dir, + 'Catalina', + 'localhost', + 'pki.xml') self.move_webapp(pki_old_webapp, pki_new_webapp, pki_context_xml) diff --git a/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy b/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy index 6e2731d27..5493e1e21 100755 --- a/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy +++ b/base/server/upgrade/10.2.2/02-EnableWebApplicationAutoDeploy @@ -26,7 +26,8 @@ import pki import pki.server.upgrade -class EnableWebApplicationAutoDeploy(pki.server.upgrade.PKIServerUpgradeScriptlet): +class EnableWebApplicationAutoDeploy( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(EnableWebApplicationAutoDeploy, self).__init__() diff --git a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership index 3c7f21aaf..83ec67d6b 100755 --- a/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership +++ b/base/server/upgrade/10.2.3/01-FixInstanceWorkFolderOwnership @@ -23,7 +23,8 @@ import os import pki.server.upgrade -class FixInstanceWorkFolderOwnership(pki.server.upgrade.PKIServerUpgradeScriptlet): +class FixInstanceWorkFolderOwnership( + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(FixInstanceWorkFolderOwnership, self).__init__() @@ -31,6 +32,8 @@ class FixInstanceWorkFolderOwnership(pki.server.upgrade.PKIServerUpgradeScriptle def upgrade_instance(self, instance): - directory = os.path.join(instance.base_dir, 'work/Catalina/localhost/pki') + directory = os.path.join( + instance.base_dir, + 'work/Catalina/localhost/pki') if os.path.exists(directory): pki.util.chown(directory, instance.uid, instance.gid) diff --git a/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML index dfc6a98a6..5e4077371 100755 --- a/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML +++ b/base/server/upgrade/10.2.4/01-AddMissingOCSPGETServletMappingToWebXML @@ -25,7 +25,9 @@ from lxml import etree as ET import pki import pki.server.upgrade -class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgradeScriptlet): + +class AddMissingOCSPGETServletMappingToWebXML( + pki.server.upgrade.PKIServerUpgradeScriptlet): OCSPGETServletMappingData = """ <servlet-mapping> @@ -41,7 +43,6 @@ class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgrad self.doc = None self.root = None - def upgrade_subsystem(self, instance, subsystem): # only affects CA if subsystem.name != "ca": @@ -64,7 +65,7 @@ class AddMissingOCSPGETServletMappingToWebXML(pki.server.upgrade.PKIServerUpgrad self.doc.write(web_xml) def add_ocsp_get_servlet_mapping(self): - #add missing OCSP Get servlet mapping + # add missing OCSP Get servlet mapping mappingFound = False urlPattern = "" index = 0 diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML index 240fd28fc..8fd67271c 100755 --- a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML +++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML @@ -25,7 +25,7 @@ import pki.server.upgrade class RemoveInaccessableURLsFromServerXML( - pki.server.upgrade.PKIServerUpgradeScriptlet): + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(RemoveInaccessableURLsFromServerXML, self).__init__() self.message = 'Remove inaccessable URLs from server.xml' diff --git a/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML b/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML index 1cf7413ed..8dee70db6 100755 --- a/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML +++ b/base/server/upgrade/10.2.6/02-AddPhoneHomeURLsToTPSsServerXML @@ -25,7 +25,7 @@ import pki.server.upgrade class AddPhoneHomeURLsToTPSsServerXML( - pki.server.upgrade.PKIServerUpgradeScriptlet): + pki.server.upgrade.PKIServerUpgradeScriptlet): def __init__(self): super(AddPhoneHomeURLsToTPSsServerXML, self).__init__() self.message = 'Add Phone Home URLs to TPS section of server.xml.' |