diff options
-rw-r--r-- | base/server/python/pki/server/__init__.py | 19 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkiconfig.py | 20 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 942 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkilogging.py | 10 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkimanifest.py | 20 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkimessages.py | 79 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 329 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkiscriptlet.py | 1 | ||||
-rw-r--r-- | base/server/python/pki/server/upgrade.py | 86 | ||||
-rwxr-xr-x | base/server/sbin/pki-server-upgrade | 13 | ||||
-rwxr-xr-x | base/server/sbin/pkidestroy | 60 | ||||
-rwxr-xr-x | base/server/sbin/pkispawn | 193 |
12 files changed, 1023 insertions, 749 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index e41f1a980..3eb6b5f97 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -31,15 +31,17 @@ SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps'] class PKISubsystem(object): - def __init__(self, instance, subsystemName): + def __init__(self, instance, subsystem_name): self.instance = instance - self.name = subsystemName + self.name = subsystem_name self.type = instance.type if self.type >= 10: - self.conf_dir = os.path.join(INSTANCE_BASE_DIR, \ - instance.name, 'conf', subsystemName) - self.base_dir = os.path.join(INSTANCE_BASE_DIR, \ - instance.name, subsystemName) + self.conf_dir = os.path.join( + INSTANCE_BASE_DIR, + instance.name, 'conf', subsystem_name) + self.base_dir = os.path.join( + INSTANCE_BASE_DIR, + instance.name, subsystem_name) else: self.conf_dir = os.path.join(pki.BASE_DIR, instance.name, 'conf') self.base_dir = os.path.join(pki.BASE_DIR, instance.name) @@ -50,8 +52,7 @@ class PKISubsystem(object): if not os.path.exists(self.conf_dir): raise pki.PKIException( 'Invalid subsystem: ' + self.__repr__(), - None, self.instance) - + None, self.instance) def __repr__(self): return str(self.instance) + '/' + self.name @@ -84,7 +85,7 @@ class PKIInstance(object): class PKIServerException(pki.PKIException): - def __init__(self, message, exception=None, \ + def __init__(self, message, exception=None, instance=None, subsystem=None): pki.PKIException.__init__(self, message, exception) diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index bb89cc5fc..67edad1ee 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -41,18 +41,18 @@ PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_APACHE_SUBSYSTEMS = ["RA"] PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", - "work"] + "lib", "logs", "ocsp", "temp", "tks", "tps", + "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] -PKI_INDENTATION_LEVEL_0 = {'indent' : ''} -PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} -PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} -PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} -PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} +PKI_INDENTATION_LEVEL_0 = {'indent': ''} +PKI_INDENTATION_LEVEL_1 = {'indent': '... '} +PKI_INDENTATION_LEVEL_2 = {'indent': '....... '} +PKI_INDENTATION_LEVEL_3 = {'indent': '........... '} +PKI_INDENTATION_LEVEL_4 = {'indent': '............... '} PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" @@ -123,6 +123,7 @@ pki_root_prefix = None def str2bool(string): return string.lower() in ("yes", "true", "t", "1") + # NOTE: To utilize the 'preparations_for_an_external_java_debugger(master)' # and 'wait_to_attach_an_external_java_debugger(master)' functions, # change 'pki_enable_java_debugger=False' to @@ -140,13 +141,14 @@ def prepare_for_an_external_java_debugger(instance): print " \"address=8000,server=y,suspend=n \"" print " \"-Djava.awt.headless=true -Xmx128M\"" print - raw_input("Enable external java debugger 'JAVA_OPTS' "\ + raw_input("Enable external java debugger 'JAVA_OPTS' " "and press return to continue . . . ") print print PKI_DEPLOYMENT_INTERRUPT_BANNER print return + def wait_to_attach_an_external_java_debugger(): print print PKI_DEPLOYMENT_INTERRUPT_BANNER @@ -155,7 +157,7 @@ def wait_to_attach_an_external_java_debugger(): print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and" print "set any desired breakpoints" print - raw_input("Please attach an external java debugger "\ + raw_input("Please attach an external java debugger " "and press return to continue . . . ") print print PKI_DEPLOYMENT_INTERRUPT_BANNER diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index e33d43f52..713e7a381 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -55,6 +55,7 @@ import pki.account import pki.client import pki.system + # PKI Deployment Helper Functions def pki_copytree(src, dst, symlinks=False, ignore=None): """Recursively copy a directory tree using copy2(). @@ -126,6 +127,7 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): if errors: raise Error(errors) + class Identity: """PKI Deployment Identity Class""" @@ -258,7 +260,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_uid @@ -268,7 +270,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_gid @@ -284,7 +286,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_uid @@ -300,10 +302,11 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_gid + class Namespace: """PKI Deployment Namespace Class""" @@ -322,8 +325,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) else: if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision @@ -332,8 +337,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_target_tomcat_conf_instance_id'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_target_tomcat_conf_instance_id'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_target_tomcat_conf_instance_id'])) if os.path.exists(self.mdict['pki_cgroup_systemd_service']): # Systemd cgroup path collision config.pki_log.error( @@ -341,8 +348,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_cgroup_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_cgroup_systemd_service_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_systemd_service_path'])) if os.path.exists(self.mdict['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision config.pki_log.error( @@ -350,8 +359,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_cgroup_cpu_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_cgroup_cpu_systemd_service_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_cpu_systemd_service_path'])) if os.path.exists(self.mdict['pki_instance_log_path']) and\ os.path.exists(self.mdict['pki_subsystem_log_path']): # Top-Level PKI log path collision @@ -360,8 +371,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_log_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_log_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_log_path'])) if os.path.exists(self.mdict['pki_instance_configuration_path']) and\ os.path.exists(self.mdict['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision @@ -370,8 +383,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) if os.path.exists(self.mdict['pki_instance_registry_path']) and\ os.path.exists(self.mdict['pki_subsystem_registry_path']): # Top-Level PKI registry path collision @@ -380,8 +395,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions if self.mdict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision @@ -390,18 +407,23 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path - if self.mdict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: + if self.mdict['pki_instance_name'] in \ + config.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ @@ -411,8 +433,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ @@ -422,8 +446,11 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) + class ConfigurationFile: """PKI Deployment Configuration File Class""" @@ -434,9 +461,9 @@ class ConfigurationFile: self.clone = config.str2bool(self.mdict['pki_clone']) self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.mdict['pki_external_step_two']) + self.mdict['pki_external_step_two']) self.skip_configuration = config.str2bool( - self.mdict['pki_skip_configuration']) + self.mdict['pki_skip_configuration']) self.standalone = config.str2bool(self.mdict['pki_standalone']) self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class @@ -511,16 +538,15 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not self.mdict.has_key(param) or\ - not len(self.mdict[param]): + if not param in self.mdict or not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception( - log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % - (param, self.mdict['pki_user_deployment_cfg'])) + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % + (param, self.mdict['pki_user_deployment_cfg'])) def confirm_missing_file(self, param): if os.path.exists(self.mdict[param]): @@ -562,11 +588,11 @@ class ConfigurationFile: # Subordinate CA that will be automatically configured and # are not Stand-alone PKI) if (self.subsystem == "KRA" or - self.subsystem == "OCSP" or - self.subsystem == "TKS" or - self.subsystem == "TPS" or - self.clone or - self.subordinate): + self.subsystem == "OCSP" or + self.subsystem == "TKS" or + self.subsystem == "TPS" or + self.clone or + self.subordinate): if not self.skip_configuration and not self.standalone: self.confirm_data_exists("pki_security_domain_password") # If required, verify existence of Token Password @@ -583,25 +609,33 @@ class ConfigurationFile: log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.clone and self.external: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % + self.mdict['pki_user_deployment_cfg']) elif self.clone and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.external and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.standalone: if self.clone: config.pki_log.error( @@ -669,8 +703,10 @@ class ConfigurationFile: self.confirm_data_exists("pki_external_admin_csr_path") self.confirm_missing_file("pki_external_admin_csr_path") # Stand-alone PKI Audit Signing CSR (Step 1) - self.confirm_data_exists("pki_external_audit_signing_csr_path") - self.confirm_missing_file("pki_external_audit_signing_csr_path") + self.confirm_data_exists( + "pki_external_audit_signing_csr_path") + self.confirm_missing_file( + "pki_external_audit_signing_csr_path") # Stand-alone PKI SSL Server CSR (Step 1) self.confirm_data_exists("pki_external_sslserver_csr_path") self.confirm_missing_file("pki_external_sslserver_csr_path") @@ -680,16 +716,22 @@ class ConfigurationFile: # Stand-alone PKI KRA CSRs if self.subsystem == "KRA": # Stand-alone PKI KRA Storage CSR (Step 1) - self.confirm_data_exists("pki_external_storage_csr_path") - self.confirm_missing_file("pki_external_storage_csr_path") + self.confirm_data_exists( + "pki_external_storage_csr_path") + self.confirm_missing_file( + "pki_external_storage_csr_path") # Stand-alone PKI KRA Transport CSR (Step 1) - self.confirm_data_exists("pki_external_transport_csr_path") - self.confirm_missing_file("pki_external_transport_csr_path") + self.confirm_data_exists( + "pki_external_transport_csr_path") + self.confirm_missing_file( + "pki_external_transport_csr_path") # Stand-alone PKI OCSP CSRs if self.subsystem == "OCSP": # Stand-alone PKI OCSP OCSP Signing CSR (Step 1) - self.confirm_data_exists("pki_external_signing_csr_path") - self.confirm_missing_file("pki_external_signing_csr_path") + self.confirm_data_exists( + "pki_external_signing_csr_path") + self.confirm_missing_file( + "pki_external_signing_csr_path") else: # Stand-alone PKI External CA Certificate Chain (Step 2) self.confirm_data_exists("pki_external_ca_cert_chain_path") @@ -701,8 +743,10 @@ class ConfigurationFile: self.confirm_data_exists("pki_external_admin_cert_path") self.confirm_file_exists("pki_external_admin_cert_path") # Stand-alone PKI Audit Signing Certificate (Step 2) - self.confirm_data_exists("pki_external_audit_signing_cert_path") - self.confirm_file_exists("pki_external_audit_signing_cert_path") + self.confirm_data_exists( + "pki_external_audit_signing_cert_path") + self.confirm_file_exists( + "pki_external_audit_signing_cert_path") # Stand-alone PKI SSL Server Certificate (Step 2) self.confirm_data_exists("pki_external_sslserver_cert_path") self.confirm_file_exists("pki_external_sslserver_cert_path") @@ -712,30 +756,36 @@ class ConfigurationFile: # Stand-alone PKI KRA Certificates if self.subsystem == "KRA": # Stand-alone PKI KRA Storage Certificate (Step 2) - self.confirm_data_exists("pki_external_storage_cert_path") - self.confirm_file_exists("pki_external_storage_cert_path") + self.confirm_data_exists( + "pki_external_storage_cert_path") + self.confirm_file_exists( + "pki_external_storage_cert_path") # Stand-alone PKI KRA Transport Certificate (Step 2) - self.confirm_data_exists("pki_external_transport_cert_path") - self.confirm_file_exists("pki_external_transport_cert_path") + self.confirm_data_exists( + "pki_external_transport_cert_path") + self.confirm_file_exists( + "pki_external_transport_cert_path") # Stand-alone PKI OCSP Certificates if self.subsystem == "OCSP": # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2) - self.confirm_data_exists("pki_external_signing_cert_path") - self.confirm_file_exists("pki_external_signing_cert_path") + self.confirm_data_exists( + "pki_external_signing_cert_path") + self.confirm_file_exists( + "pki_external_signing_cert_path") return def populate_non_default_ports(self): if (self.mdict['pki_http_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)): ports.append(self.mdict['pki_http_port']) if (self.mdict['pki_https_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)): ports.append(self.mdict['pki_https_port']) if (self.mdict['pki_tomcat_server_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)): ports.append(self.mdict['pki_tomcat_server_port']) if (self.mdict['pki_ajp_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)): ports.append(self.mdict['pki_ajp_port']) return @@ -757,10 +807,10 @@ class ConfigurationFile: context = "" for i in portrecs: if (portrecs[i][0] == "unreserved_port_t" or - portrecs[i][0] == "reserved_port_t" or - i[2] != "tcp"): + portrecs[i][0] == "reserved_port_t" or + i[2] != "tcp"): continue - if i[0] <= int(port) and int(port) <= i[1]: + if i[0] <= int(port) <= i[1]: context = portrecs[i][0] break if context == "": @@ -773,10 +823,12 @@ class ConfigurationFile: ports.remove(port) else: config.pki_log.error( - log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, - port, context, - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context)) + log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, + port, context, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % + (port, context)) return def verify_command_matches_configuration_file(self): @@ -790,8 +842,10 @@ class ConfigurationFile: self.mdict['pki_deployed_instance_name'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.mdict['pki_deployed_instance_name'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ( + self.mdict['pki_deployed_instance_name'], + self.mdict['pki_instance_name'])) return # PKI Deployment XML File Class @@ -826,6 +880,7 @@ class ConfigurationFile: # FILE.write(line) # FILE.close() + class Instance: """PKI Deployment Instance Class""" @@ -840,7 +895,7 @@ class Instance: for subsystem in config.PKI_APACHE_SUBSYSTEMS: path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): - rv = rv + 1 + rv += 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) @@ -859,14 +914,16 @@ class Instance: # simply count the number of PKI 'apache' instances (directories) # present within the PKI 'apache' registry directory for instance in\ - os.listdir(self.mdict['pki_instance_type_registry_path']): + os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)) and not\ + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)) and not\ os.path.islink( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)): - rv = rv + 1 + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)): + rv += 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, self.mdict['pki_instance_type_registry_path'], rv, @@ -895,7 +952,7 @@ class Instance: if os.path.isdir(os.path.join(instance_dir, name)) and\ not os.path.islink(os.path.join(instance_dir, name)): if name.upper() in config.PKI_SUBSYSTEMS: - rv = rv + 1 + rv += 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) @@ -930,12 +987,14 @@ class Instance: for instance in\ os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)) and not\ + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)) and not\ os.path.islink( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)): - rv = rv + 1 + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)): + rv += 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, self.mdict['pki_instance_type_registry_path'], rv, @@ -953,8 +1012,10 @@ class Instance: self.mdict['pki_subsystem'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % ( + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -967,8 +1028,10 @@ class Instance: self.mdict['pki_subsystem'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % ( + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -996,10 +1059,11 @@ class Instance: status = root.findtext("Status") return status except Exception as exc: - config.pki_log.debug("No connection - server may still be down", + config.pki_log.debug( + "No connection - server may still be down", extra=config.PKI_INDENTATION_LEVEL_3) - config.pki_log.debug("No connection - exception thrown: " +\ - str(exc), + config.pki_log.debug( + "No connection - exception thrown: " + str(exc), extra=config.PKI_INDENTATION_LEVEL_3) return None @@ -1014,6 +1078,7 @@ class Instance: break return status + class Directory: """PKI Deployment Directory Class""" @@ -1036,9 +1101,9 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1059,15 +1124,17 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % + name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1080,8 +1147,10 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % + name) # Always re-process each directory whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name, @@ -1092,9 +1161,9 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, @@ -1117,12 +1186,13 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1134,7 +1204,7 @@ class Directory: log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) else: - if recursive_flag == True: + if recursive_flag: # rm -rf <name> config.pki_log.info(log.PKIHELPER_RM_RF_1, name, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1147,7 +1217,7 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1177,28 +1247,29 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_2) raise - def set_mode(self, name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls=None, file_acls=None, symlink_acls=None, - recursive_flag=True, critical_failure=True): + def set_mode( + self, name, uid=None, gid=None, + dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + dir_acls=None, file_acls=None, symlink_acls=None, + recursive_flag=True, critical_failure=True): try: if not os.path.exists(name) or not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) else: config.pki_log.info( log.PKIHELPER_SET_MODE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() - if recursive_flag == True: + if recursive_flag: for root, dirs, files in os.walk(name): for name in files: entity = os.path.join(root, name) @@ -1208,12 +1279,14 @@ class Directory: log.PKIHELPER_IS_A_FILE_1, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) # chmod <file_perms> <name> - config.pki_log.debug(log.PKIHELPER_CHMOD_2, + config.pki_log.debug( + log.PKIHELPER_CHMOD_2, file_perms, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(temp_file, file_perms) # chown <uid>:<gid> <name> - config.pki_log.debug(log.PKIHELPER_CHOWN_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_3, uid, gid, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) os.chown(temp_file, uid, gid) @@ -1239,7 +1312,8 @@ class Directory: # run directly against symbolic # links! # chown -h <uid>:<gid> <symlink> - config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_H_3, uid, gid, symlink, extra=config.PKI_INDENTATION_LEVEL_3) os.lchown(symlink, uid, gid) @@ -1260,12 +1334,14 @@ class Directory: log.PKIHELPER_IS_A_DIRECTORY_1, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) # chmod <dir_perms> <name> - config.pki_log.debug(log.PKIHELPER_CHMOD_2, + config.pki_log.debug( + log.PKIHELPER_CHMOD_2, dir_perms, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(temp_dir, dir_perms) # chown <uid>:<gid> <name> - config.pki_log.debug(log.PKIHELPER_CHOWN_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_3, uid, gid, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) os.chown(temp_dir, uid, gid) @@ -1309,7 +1385,7 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise def copy(self, old_name, new_name, uid=None, gid=None, @@ -1323,15 +1399,17 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) - if recursive_flag == True: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) + if recursive_flag: # cp -rp <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_RP_2, old_name, new_name, @@ -1363,15 +1441,16 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class File: """PKI Deployment File Class (also used for executables)""" @@ -1395,9 +1474,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1418,15 +1497,16 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1439,8 +1519,9 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) # Always re-process each file whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name, @@ -1451,9 +1532,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, @@ -1476,12 +1557,12 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1500,7 +1581,7 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1530,15 +1611,16 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # cp -p <old_name> <new_name> config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, extra=config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1564,19 +1646,19 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return def apply_slot_substitution( - self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, critical_failure=True): + self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name) or not os.path.isfile(name): config.pki_log.error( @@ -1596,9 +1678,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) line = line.replace(self.slots[slot], self.mdict[slot]) sys.stdout.write(line) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod <perms> <name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1624,20 +1706,20 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return def copy_with_slot_substitution( - self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, overwrite_flag=False, - critical_failure=True): + self, old_name, new_name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, overwrite_flag=False, + critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( @@ -1650,7 +1732,8 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # copy <old_name> to <new_name> with slot substitutions config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2, old_name, new_name, @@ -1663,11 +1746,13 @@ class File: log.PKIHELPER_SLOT_SUBSTITUTION_2, self.slots[slot], self.mdict[slot], extra=config.PKI_INDENTATION_LEVEL_3) - line = line.replace(self.slots[slot], self.mdict[slot]) + line = line.replace( + self.slots[slot], + self.mdict[slot]) FILE.write(line) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod <perms> <new_name> config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1693,27 +1778,29 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def generate_noise_file(self, name, random_bytes, uid=None, gid=None, + def generate_noise_file( + self, name, random_bytes, uid=None, gid=None, perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name): # generating noise file called <name> and # filling it with <random_bytes> random bytes - config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, random_bytes, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + log.PKIHELPER_NOISE_FILE_2, name, random_bytes, + extra=config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() with open(name, "w") as FILE: - noise = ''.join(random.choice(string.ascii_letters + \ + noise = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(random_bytes)) FILE.write(noise) # chmod <perms> <name> @@ -1721,9 +1808,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown <uid>:<gid> <name> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1744,18 +1831,20 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class Symlink: """PKI Deployment Symbolic Link Class""" @@ -1773,7 +1862,8 @@ class Symlink: log.PKIHELPER_DANGLING_SYMLINK_2, link, name, extra=config.PKI_INDENTATION_LEVEL_2) if not allow_dangling_symlink: - raise Exception("Dangling symlink " + link + " not allowed") + raise Exception( + "Dangling symlink " + link + " not allowed") # ln -s <name> <link> config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1782,9 +1872,9 @@ class Symlink: # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! # chown -h <uid>:<gid> <link> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, @@ -1806,15 +1896,16 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1826,8 +1917,10 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % + link) # Always re-process each link whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link, @@ -1836,9 +1929,9 @@ class Symlink: # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! # chown -h <uid>:<gid> <link> - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, @@ -1862,12 +1955,13 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1886,7 +1980,7 @@ class Symlink: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1901,6 +1995,7 @@ class Symlink: extra=config.PKI_INDENTATION_LEVEL_2) raise + class War: """PKI Deployment War File Class""" @@ -1914,14 +2009,16 @@ class War: config.pki_log.error( log.PKI_FILE_NOT_A_WAR_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name) if not os.path.exists(path) or not os.path.isdir(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + path) # jar -xf <name> -C <path> config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1933,25 +2030,26 @@ class War: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except zipfile.BadZipfile as exc: config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except zipfile.LargeZipFile as exc: config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class Password: """PKI Deployment Password Class""" @@ -1968,33 +2066,33 @@ class Password: extra=config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'password.conf' file with open(path, "w") as fd: - if pin_sans_token == True: + if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + \ + elif self.mdict['pki_subsystem'] in \ + config.PKI_APACHE_SUBSYSTEMS: + fd.write(self.mdict['pki_self_signed_token'] + ":" + str(pin)) else: - fd.write(self.mdict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, extra=config.PKI_INDENTATION_LEVEL_2) # create a new 'password.conf' file with open(path, "w") as fd: - if pin_sans_token == True: + if pin_sans_token: fd.write(str(pin)) elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + \ + config.PKI_APACHE_SUBSYSTEMS: + fd.write(self.mdict['pki_self_signed_token'] + ":" + str(pin)) else: - fd.write(self.mdict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2018,7 +2116,7 @@ class Password: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2027,10 +2125,10 @@ class Password: os.access(path, os.R_OK): tokens = PKIConfigParser.read_simple_configuration_file(path) hardware_token = "hardware-" + token_name - if tokens.has_key(hardware_token): + if hardware_token in tokens: token_name = hardware_token token_pwd = tokens[hardware_token] - elif tokens.has_key(token_name): + elif token_name in tokens: token_pwd = tokens[token_name] if token_pwd is None or token_pwd == '': @@ -2038,12 +2136,13 @@ class Password: config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) else: return return token_pwd + class Certutil: """PKI Deployment NSS 'certutil' Class""" @@ -2065,15 +2164,16 @@ class Certutil: log.PKIHELPER_CERTUTIL_MISSING_PATH, extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) - if prefix != None: + if prefix is not None: command.extend(["-P", prefix]) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if os.path.exists(pki_cert_database) or\ os.path.exists(pki_key_database) or\ os.path.exists(pki_secmod_database): @@ -2085,14 +2185,16 @@ class Certutil: pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) else: - if password_file != None: + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CREATE_SECURITY_DATABASES_1, @@ -2103,12 +2205,12 @@ class Certutil: except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2144,13 +2246,14 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # OPTIONALLY specify a password file - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2161,22 +2264,26 @@ class Certutil: pki_key_database, pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, - pki_key_database, pki_secmod_database)) - if password_file != None: + raise Exception( + log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % ( + pki_cert_database, + pki_key_database, + pki_secmod_database)) + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "certutil" command - if silent != False: + if silent: # By default, execute this command silently with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) @@ -2187,7 +2294,7 @@ class Certutil: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return True @@ -2235,7 +2342,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) # Specify the serial number - if serial_number != None: + if serial_number is not None: command.extend(["-m", str(serial_number)]) else: config.pki_log.error( @@ -2243,7 +2350,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER) # Specify the months valid - if validity_period != None: + if validity_period is not None: command.extend(["-v", str(validity_period)]) else: config.pki_log.error( @@ -2275,7 +2382,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) # OPTIONALLY specify a password file - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) # ALWAYS self-sign this certificate command.append("-x") @@ -2287,7 +2394,8 @@ class Certutil: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2298,22 +2406,27 @@ class Certutil: pki_key_database, pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, - pki_key_database, pki_secmod_database)) + raise Exception( + log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % ( + pki_cert_database, + pki_key_database, + pki_secmod_database)) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) - if password_file != None: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command # # NOTE: ALWAYS mask the command-line output of this command @@ -2323,12 +2436,12 @@ class Certutil: except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2343,7 +2456,7 @@ class Certutil: command.extend(["-h", token]) if nickname: - command.extend(["-n", nickname ]) + command.extend(["-n", nickname]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, @@ -2374,18 +2487,19 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) - config.pki_log.info(' '.join(command), + config.pki_log.info( + ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) subprocess.check_call(command) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2447,29 +2561,32 @@ class Certutil: log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class PK12util: """PKI Deployment pk12util class""" @@ -2511,22 +2628,24 @@ class PK12util: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE) - config.pki_log.info(' '.join(command), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class KRAConnector: """PKI Deployment KRA Connector Class""" @@ -2545,7 +2664,7 @@ class KRAConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) krahost = cs_cfg.get('service.machineName') kraport = cs_cfg.get('pkicreate.secure_port') cahost = cs_cfg.get('cloning.ca.hostname') @@ -2558,7 +2677,7 @@ class KRAConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_CA_HOST_PORT, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT) else: return @@ -2572,7 +2691,7 @@ class KRAConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2584,9 +2703,9 @@ class KRAConnector: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2596,13 +2715,15 @@ class KRAConnector: log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) + if critical_failure: + raise Exception( + log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: return - self.execute_using_sslget(caport, cahost, subsystemnick, - token_pwd, krahost, kraport) + self.execute_using_sslget( + caport, cahost, subsystemnick, + token_pwd, krahost, kraport) except subprocess.CalledProcessError as exc: config.pki_log.warning( @@ -2612,12 +2733,13 @@ class KRAConnector: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def execute_using_pki(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport, critical_failure=False): + def execute_using_pki( + self, caport, cahost, subsystemnick, + token_pwd, krahost, kraport, critical_failure=False): command = ["/bin/pki", "-p", str(caport), "-h", cahost, @@ -2638,14 +2760,16 @@ class KRAConnector: str(krahost), str(kraport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) - def execute_using_sslget(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport): - updateURL = "/ca/rest/admin/kraconnector/remove" + def execute_using_sslget( + self, caport, cahost, subsystemnick, + token_pwd, krahost, kraport): + update_url = "/ca/rest/admin/kraconnector/remove" params = "host=" + str(krahost) + \ "&port=" + str(kraport) @@ -2656,13 +2780,14 @@ class KRAConnector: "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", updateURL, cahost + ":" + str(caport)] + "-r", update_url, cahost + ":" + str(caport)] # update KRA connector # Execute this "sslget" command # Note that sslget will return non-zero value for HTTP code != 200 # and this will raise an exception - subprocess.check_output(command,stderr=subprocess.STDOUT) + subprocess.check_output(command, stderr=subprocess.STDOUT) + class TPSConnector: """PKI Deployment TPS Connector Class""" @@ -2682,7 +2807,7 @@ class TPSConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) tpshost = cs_cfg.get('service.machineName') tpsport = cs_cfg.get('pkicreate.secure_port') tkshostport = cs_cfg.get('conn.tks1.hostport') @@ -2693,7 +2818,7 @@ class TPSConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_TKS_HOST_PORT, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_TKS_HOST_PORT) else: return @@ -2715,7 +2840,7 @@ class TPSConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2727,9 +2852,9 @@ class TPSConnector: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2739,13 +2864,15 @@ class TPSConnector: log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) + if critical_failure: + raise Exception( + log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: return - self.execute_using_pki(tkshost, tksport, subsystemnick, - token_pwd, tpshost, tpsport) + self.execute_using_pki( + tkshost, tksport, subsystemnick, + token_pwd, tpshost, tpsport) except subprocess.CalledProcessError as exc: config.pki_log.warning( @@ -2755,12 +2882,13 @@ class TPSConnector: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def execute_using_pki(self, tkshost, tksport, subsystemnick, - token_pwd, tpshost, tpsport, critical_failure=False): + def execute_using_pki( + self, tkshost, tksport, subsystemnick, + token_pwd, tpshost, tpsport, critical_failure=False): command = ["/bin/pki", "-p", str(tksport), "-h", tkshost, @@ -2784,11 +2912,13 @@ class TPSConnector: str(tpshost), str(tpsport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) + class SecurityDomain: """PKI Deployment Security Domain Class""" @@ -2828,7 +2958,7 @@ class SecurityDomain: config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED) else: return @@ -2837,7 +2967,7 @@ class SecurityDomain: secname, extra=config.PKI_INDENTATION_LEVEL_2) listval = typeval.lower() + "List" - updateURL = "/ca/agent/ca/updateDomainXML" + update_url = "/ca/agent/ca/updateDomainXML" params = "name=" + "\"" + self.mdict['pki_instance_path'] + "\"" + \ "&type=" + str(typeval) + \ @@ -2853,31 +2983,32 @@ class SecurityDomain: try: # first try install token-based servlet params += "&sessionID=" + str(install_token) - adminUpdateURL = "/ca/admin/ca/updateDomainXML" + admin_update_url = "/ca/admin/ca/updateDomainXML" command = ["/usr/bin/sslget", "-p", str(123456), "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", adminUpdateURL, + "-r", admin_update_url, sechost + ":" + str(secadminport)] - output = subprocess.check_output(command, - stderr=subprocess.STDOUT) + output = subprocess.check_output( + command, + stderr=subprocess.STDOUT) except subprocess.CalledProcessError: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, extra=config.PKI_INDENTATION_LEVEL_2) - output = self.update_domain_using_agent_port(typeval, - secname, params, updateURL, sechost, secagentport, + output = self.update_domain_using_agent_port( + typeval, secname, params, update_url, sechost, secagentport, critical_failure) else: - output = self.update_domain_using_agent_port(typeval, - secname, params, updateURL, sechost, secagentport, + output = self.update_domain_using_agent_port( + typeval, secname, params, update_url, sechost, secagentport, critical_failure) if not output: - if critical_failure == True: + if critical_failure: raise Exception("Cannot update domain using agent port") else: return @@ -2892,8 +3023,9 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) elif status[0] != "0": error = re.findall('<Error>(.*?)</Error>', output) if not error: @@ -2909,7 +3041,7 @@ class SecurityDomain: secname, error, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 % (typeval, secname, error)) @@ -2920,8 +3052,9 @@ class SecurityDomain: secname, extra=config.PKI_INDENTATION_LEVEL_2) - def update_domain_using_agent_port(self, typeval, secname, params, - updateURL, sechost, secagentport, critical_failure=False): + def update_domain_using_agent_port( + self, typeval, secname, params, + update_url, sechost, secagentport, critical_failure=False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( self.mdict['pki_target_cs_cfg']) @@ -2937,7 +3070,7 @@ class SecurityDomain: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2949,9 +3082,9 @@ class SecurityDomain: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2959,10 +3092,10 @@ class SecurityDomain: typeval, secname, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 - % - (typeval, secname)) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 % + (typeval, secname)) else: return @@ -2972,7 +3105,7 @@ class SecurityDomain: "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", updateURL, sechost + ":" + str(secagentport)] + "-r", update_url, sechost + ":" + str(secagentport)] try: output = subprocess.check_output(command, stderr=subprocess.STDOUT) @@ -2989,12 +3122,11 @@ class SecurityDomain: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return None - def get_installation_token(self, secuser, secpass, critical_failure=True): token = None @@ -3010,7 +3142,8 @@ class SecurityDomain: cstype = cs_cfg.get('cs.type', '') sechost = cs_cfg.get('securitydomain.host') secadminport = cs_cfg.get('securitydomain.httpsadminport') - #secselect = cs_cfg.get('securitydomain.select') - Selected security domain + #secselect = cs_cfg.get('securitydomain.select') - Selected + # security domain command = ["/bin/pki", "-p", str(secadminport), @@ -3023,9 +3156,10 @@ class SecurityDomain: "--hostname", machinename, "--subsystem", cstype] try: - output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + output = subprocess.check_output( + command, + stderr=subprocess.STDOUT, + shell=True) token_list = re.findall("Install token: \"(.*)\"", output) if not token_list: @@ -3034,12 +3168,13 @@ class SecurityDomain: str(sechost), str(secadminport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 - % - (str(sechost), str(secadminport))) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 % + (str(sechost), str(secadminport))) else: token = token_list[0] return token @@ -3051,10 +3186,11 @@ class SecurityDomain: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return None + class Systemd(object): """PKI Deployment Execution Management Class""" @@ -3109,7 +3245,7 @@ class Systemd(object): except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3141,7 +3277,7 @@ class Systemd(object): try: service = None # Execute the "systemd daemon-reload" management lifecycle command - if reload_daemon == True: + if reload_daemon: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -3155,7 +3291,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "start", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "start", service] @@ -3171,7 +3307,7 @@ class Systemd(object): return config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3210,7 +3346,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "stop", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "stop", service] @@ -3223,7 +3359,7 @@ class Systemd(object): except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3256,7 +3392,7 @@ class Systemd(object): service = None # Compose this "systemd" execution management command # Execute the "systemd daemon-reload" management lifecycle command - if reload_daemon == True: + if reload_daemon: self.daemon_reload(critical_failure) if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: service = "pki-apached" + "@" +\ @@ -3269,7 +3405,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "restart", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "restart", service] @@ -3285,7 +3421,7 @@ class Systemd(object): return config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3300,15 +3436,16 @@ class ConfigClient: self.clone = config.str2bool(self.mdict['pki_clone']) self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.mdict['pki_external_step_two']) + self.mdict['pki_external_step_two']) self.standalone = config.str2bool(self.mdict['pki_standalone']) self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class self.subsystem = self.mdict['pki_subsystem'] def configure_pki_data(self, data): - config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + log.PKI_CONFIG_CONFIGURING_PKI_DATA, + extra=config.PKI_INDENTATION_LEVEL_2) connection = pki.client.PKIConnection( protocol='https', @@ -3320,27 +3457,28 @@ class ConfigClient: client = pki.system.SystemConfigClient(connection) response = client.configure(data) - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \ - " " + str(response['status']), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), + extra=config.PKI_INDENTATION_LEVEL_2) try: certs = response['systemCerts'] except KeyError: # no system certs created - config.pki_log.debug("No new system certificates generated.", - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + "No new system certificates generated.", + extra=config.PKI_INDENTATION_LEVEL_2) certs = [] if not isinstance(certs, types.ListType): certs = [certs] for cdata in certs: - if (self.subsystem == "CA" and - self.external and - not self.external_step_two): + if (self.subsystem == "CA" and self.external and + not self.external_step_two): # External CA (Step 1) if cdata['tag'].lower() == "signing": # Save 'External CA Signing Certificate' CSR (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE, self.mdict['pki_external_csr_path']) return @@ -3349,52 +3487,58 @@ class ConfigClient: if cdata['tag'].lower() == "audit_signing": # Save Stand-alone PKI 'Audit Signing Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1, self.mdict['pki_external_audit_signing_csr_path'], self.subsystem) elif cdata['tag'].lower() == "signing": # Save Stand-alone PKI OCSP 'OCSP Signing Certificate' # CSR (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING, self.mdict['pki_external_signing_csr_path']) elif cdata['tag'].lower() == "sslserver": # Save Stand-alone PKI 'SSL Server Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1, self.mdict['pki_external_sslserver_csr_path'], self.subsystem) elif cdata['tag'].lower() == "storage": # Save Stand-alone PKI KRA 'Storage Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE, self.mdict['pki_external_storage_csr_path']) elif cdata['tag'].lower() == "subsystem": # Save Stand-alone PKI 'Subsystem Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1, self.mdict['pki_external_subsystem_csr_path'], self.subsystem) elif cdata['tag'].lower() == "transport": # Save Stand-alone PKI KRA 'Transport Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT, self.mdict['pki_external_transport_csr_path']) else: - config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \ - " " + cdata['tag'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \ - "\n" + cdata['cert'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \ - "\n" + cdata['request'], - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'], + extra=config.PKI_INDENTATION_LEVEL_2) # Cloned PKI subsystems do not return an Admin Certificate if not self.clone: @@ -3417,8 +3561,10 @@ class ConfigClient: if root.tag == 'PKIException': message = root.findall('.//Message')[0].text if message is not None: - config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + + message, + extra=config.PKI_INDENTATION_LEVEL_2) raise config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), @@ -3427,9 +3573,9 @@ class ConfigClient: return def process_admin_cert(self, admin_cert): - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \ - "\n" + admin_cert, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_RESPONSE_ADMIN_CERT + "\n" + admin_cert, + extra=config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file admin_cert_file = self.mdict['pki_client_admin_cert'] @@ -3440,7 +3586,8 @@ class ConfigClient: # convert the cert file to binary command = ["AtoB", admin_cert_file, admin_cert_bin_file] - config.pki_log.info(' '.join(command), + config.pki_log.info( + ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) try: subprocess.check_call(command) @@ -3479,13 +3626,13 @@ class ConfigClient: self.mdict['pki_client_password_conf'], self.mdict['pki_client_database_dir']) - os.chmod(self.mdict['pki_client_admin_cert_p12'], + os.chmod( + self.mdict['pki_client_admin_cert_p12'], config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - def construct_pki_configuration_data(self): config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) data = pki.system.ConfigurationRequest() @@ -3507,7 +3654,7 @@ class ConfigClient: # Security Domain if ((self.subsystem != "CA" or self.clone or self.subordinate) and - not self.standalone): + not self.standalone): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA @@ -3542,10 +3689,8 @@ class ConfigClient: def save_admin_csr(self): config.pki_log.info( - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + \ - " '" + \ - self.mdict['pki_external_admin_csr_path'] + \ - "'", self.subsystem, + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + " '" + + self.mdict['pki_external_admin_csr_path'] + "'", self.subsystem, extra=config.PKI_INDENTATION_LEVEL_2) self.deployer.directory.create( os.path.dirname(self.mdict['pki_external_admin_csr_path'])) @@ -3562,8 +3707,8 @@ class ConfigClient: # Read in and print Admin certificate request with open(self.mdict['pki_external_admin_csr_path'], "r") as f: admin_certreq = f.read() - config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ - "\n" + admin_certreq, + config.pki_log.info( + log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq, extra=config.PKI_INDENTATION_LEVEL_2) def save_admin_cert(self, message, input_data, output_file, subsystem_name): @@ -3621,12 +3766,14 @@ class ConfigClient: cert1.tag = self.mdict['pki_ca_signing_tag'] # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate' (Step 2) - self.load_system_cert(cert1, + self.load_system_cert( + cert1, log.PKI_CONFIG_EXTERNAL_CA_LOAD, self.mdict['pki_external_ca_cert_path']) # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate Chain' (Step 2) - self.load_system_cert_chain(cert1, + self.load_system_cert_chain( + cert1, log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD, self.mdict['pki_external_ca_cert_chain_path']) systemCerts.append(cert1) @@ -3637,13 +3784,14 @@ class ConfigClient: # Create 'OCSP Signing Certificate' if not self.clone: if (self.subsystem == "OCSP" and - self.standalone and - self.external_step_two): + self.standalone and + self.external_step_two): # Stand-alone PKI OCSP (Step 2) cert2 = self.create_system_cert("ocsp_signing") # Load the Stand-alone PKI OCSP 'OCSP Signing Certificate' # (Step 2) - self.load_system_cert(cert2, + self.load_system_cert( + cert2, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING, self.mdict['pki_external_signing_cert_path']) cert2.signingAlgorithm = \ @@ -3665,7 +3813,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert3 = self.create_system_cert("ssl_server") # Load the Stand-alone PKI 'SSL Server Certificate' (Step 2) - self.load_system_cert(cert3, + self.load_system_cert( + cert3, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1, self.mdict['pki_external_sslserver_cert_path'], self.subsystem) @@ -3694,7 +3843,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert4 = self.create_system_cert("subsystem") # Load the Stand-alone PKI 'Subsystem Certificate' (Step 2) - self.load_system_cert(cert4, + self.load_system_cert( + cert4, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1, self.mdict['pki_external_subsystem_cert_path'], self.subsystem) @@ -3722,7 +3872,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert5 = self.create_system_cert("audit_signing") # Load the Stand-alone PKI 'Audit Signing Certificate' (Step 2) - self.load_system_cert(cert5, + self.load_system_cert( + cert5, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1, self.mdict['pki_external_audit_signing_cert_path'], self.subsystem) @@ -3738,19 +3889,21 @@ class ConfigClient: # Create 'DRM Transport Certificate' and 'DRM Storage Certificate' if not self.clone: if (self.subsystem == "KRA" and - self.standalone and - self.external_step_two): + self.standalone and + self.external_step_two): # Stand-alone PKI KRA Transport Certificate (Step 2) cert6 = self.create_system_cert("transport") # Load the Stand-alone PKI KRA 'Transport Certificate' (Step 2) - self.load_system_cert(cert6, + self.load_system_cert( + cert6, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT, self.mdict['pki_external_transport_cert_path']) systemCerts.append(cert6) # Stand-alone PKI KRA Storage Certificate (Step 2) cert7 = self.create_system_cert("storage") # Load the Stand-alone PKI KRA 'Storage Certificate' (Step 2) - self.load_system_cert(cert7, + self.load_system_cert( + cert7, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE, self.mdict['pki_external_storage_cert_path']) systemCerts.append(cert7) @@ -3866,7 +4019,7 @@ class ConfigClient: elif line.startswith("-----END CERTIFICATE-----"): continue else: - imported_admin_cert = imported_admin_cert + line + imported_admin_cert += line with open(self.mdict['pki_admin_cert_file'], "w") as f: f.write(imported_admin_cert) # read config from file @@ -3889,18 +4042,19 @@ class ConfigClient: noise_file, int(self.mdict['pki_admin_keysize'])) self.deployer.certutil.generate_certificate_request( - self.mdict['pki_admin_subject_dn'], - self.mdict['pki_admin_keysize'], - self.mdict['pki_client_password_conf'], - noise_file, - output_file, - self.mdict['pki_client_database_dir'], - None, None, True) + self.mdict['pki_admin_subject_dn'], + self.mdict['pki_admin_keysize'], + self.mdict['pki_client_password_conf'], + noise_file, + output_file, + self.mdict['pki_client_database_dir'], + None, None, True) # convert output to ascii command = ["BtoA", output_file, output_file + ".asc"] - config.pki_log.info(' '.join(command), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) try: subprocess.check_call(command) except subprocess.CalledProcessError as exc: @@ -3928,9 +4082,9 @@ class ConfigClient: def set_issuing_ca_parameters(self, data): if (self.subsystem != "CA" or - self.clone or - self.subordinate or - self.external): + self.clone or + self.subordinate or + self.external): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, External CA, or Stand-alone PKI @@ -3939,7 +4093,8 @@ class ConfigClient: def set_tps_parameters(self, data): data.caUri = self.mdict['pki_ca_uri'] data.tksUri = self.mdict['pki_tks_uri'] - data.enableServerSideKeyGen = self.mdict['pki_enable_server_side_keygen'] + data.enableServerSideKeyGen = \ + self.mdict['pki_enable_server_side_keygen'] if config.str2bool(self.mdict['pki_enable_server_side_keygen']): data.kraUri = self.mdict['pki_kra_uri'] data.authdbHost = self.mdict['pki_authdb_hostname'] @@ -3989,6 +4144,7 @@ class ConfigClient: cert.token = cs_cfg.get(cstype + ".subsystem.tokenname") return cert + class PKIDeployer: """Holds the global dictionaries and the utility objects""" diff --git a/base/server/python/pki/server/deployment/pkilogging.py b/base/server/python/pki/server/deployment/pkilogging.py index c91a7656f..14c11cf4d 100644 --- a/base/server/python/pki/server/deployment/pkilogging.py +++ b/base/server/python/pki/server/deployment/pkilogging.py @@ -29,6 +29,7 @@ sensitive_parameters = [] # Initialize 'pretty print' for objects pp = pprint.PrettyPrinter(indent=4) + def log_format(given_dict): new_dict = {} @@ -42,6 +43,7 @@ def log_format(given_dict): return pp.pformat(new_dict) + # PKI Deployment Logging Functions def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): if not os.path.isdir(log_dir): @@ -57,8 +59,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure console handler console = logging.StreamHandler() console.setLevel(console_log_level) - console_format = logging.Formatter('%(name)-12s: ' + \ - '%(levelname)-8s ' + \ + console_format = logging.Formatter('%(name)-12s: ' + + '%(levelname)-8s ' + '%(indent)s%(message)s') console.setFormatter(console_format) logger.addHandler(console) @@ -66,8 +68,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure file handler log_file = logging.FileHandler(log_dir + "/" + log_name, 'w') log_file.setLevel(log_level) - file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + \ - '%(levelname)-8s ' + \ + file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + + '%(levelname)-8s ' + '%(indent)s%(message)s', '%Y-%m-%d %H:%M:%S') log_file.setFormatter(file_format) diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py index 8ba60dd8b..593fb20d3 100644 --- a/base/server/python/pki/server/deployment/pkimanifest.py +++ b/base/server/python/pki/server/deployment/pkimanifest.py @@ -36,13 +36,13 @@ RECORD_TYPE_SYMLINK = "symlink" # PKI Deployment Manifest Record Class class Record(object): __slots__ = "name", \ - "type", \ - "user", \ - "group", \ - "uid", \ - "gid", \ - "permissions", \ - "acls", + "type", \ + "user", \ + "group", \ + "uid", \ + "gid", \ + "permissions", \ + "acls", def __init__(self): self.name = None @@ -55,18 +55,18 @@ class Record(object): self.acls = None def items(self): - "dict style items" + """dict style items""" return [ (field_name, getattr(self, field_name)) for field_name in self.__slots__] def __iter__(self): - "iterate over fields tuple/list style" + """iterate over fields tuple/list style""" for field_name in self.__slots__: yield getattr(self, field_name) def __getitem__(self, index): - "tuple/list style getitem" + """tuple/list style getitem""" return getattr(self, self.__slots__[index]) diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index 7e98ff052..2e518d8df 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -61,7 +61,8 @@ PKI_CONFIGURATION_STANDALONE_1 = " Please obtain the necessary "\ "certificates for this stand-alone %s,\n"\ " and re-run the configuration for "\ "step two." -PKI_CONFIGURATION_URL_1 = " Please start the configuration by accessing:\n %s" +PKI_CONFIGURATION_URL_1 = \ + " Please start the configuration by accessing:\n %s" PKI_CONFIGURATION_WIZARD_RESTART_1 = "After configuration, the server can be "\ "operated by the command:\n%s" PKI_CONFIGURATION_WIZARD_URL_1 = "Configuration Wizard listening on\n%s" @@ -244,17 +245,17 @@ PKIHELPER_NOISE_FILE_2 = "generating noise file called '%s' and "\ "filling it with '%d' random bytes" PKIHELPER_PASSWORD_CONF_1 = "generating '%s'" PKIHELPER_PASSWORD_NOT_FOUND_1 = "no password found for '%s'!" -PKIHELPER_PK12UTIL_MISSING_DBPWFILE = "pk12util missing "\ - "-k db-password-file option!" -PKIHELPER_PK12UTIL_MISSING_NICKNAME = "pk12util missing "\ - "-n nickname option!" -PKIHELPER_PK12UTIL_MISSING_OUTFILE = "pk12util missing "\ - "-o output-file option!" -PKIHELPER_PK12UTIL_MISSING_PWFILE = "pk12util missing "\ - "-w pw-file option!" +PKIHELPER_PK12UTIL_MISSING_DBPWFILE = \ + "pk12util missing -k db-password-file option!" +PKIHELPER_PK12UTIL_MISSING_NICKNAME = \ + "pk12util missing -n nickname option!" +PKIHELPER_PK12UTIL_MISSING_OUTFILE = \ + "pk12util missing -o output-file option!" +PKIHELPER_PK12UTIL_MISSING_PWFILE = \ + "pk12util missing -w pw-file option!" -PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = "instance '%s' contains '%d' "\ - "PKI subsystems" +PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = \ + "instance '%s' contains '%d' PKI subsystems" PKIHELPER_REMOVE_FILTER_SECTION_1 = "removing filter section from '%s'" PKIHELPER_RM_F_1 = "rm -f %s" PKIHELPER_RM_RF_1 = "rm -rf %s" @@ -320,38 +321,35 @@ PKI_CONFIG_CDATA_CERT = "cert:" PKI_CONFIG_CDATA_REQUEST = "request:" PKI_CONFIG_CONFIGURING_PKI_DATA = "configuring PKI configuration data." PKI_CONFIG_CONSTRUCTING_PKI_DATA = "constructing PKI configuration data." -PKI_CONFIG_PKCS10_SUPPORT_ONLY = "only the 'pkcs10' certificate request type "\ - "is currently supported" -PKI_CONFIG_EXTERNAL_CA_LOAD = "loading external CA signing certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = "loading external CA signing certificate "\ - "chain from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = "loading external CA signed KRA "\ - "Storage certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = "loading external CA signed KRA "\ - "Transport certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = "loading external CA signed OCSP "\ - "Signing certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = "loading external CA signed "\ - "%s SSL Server certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = "loading external CA signed "\ - "%s Subsystem certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = "loading external CA "\ - "signed %s Audit Signing "\ - "certificate from file:" +PKI_CONFIG_PKCS10_SUPPORT_ONLY = \ + "only the 'pkcs10' certificate request type is currently supported" +PKI_CONFIG_EXTERNAL_CA_LOAD = \ + "loading external CA signing certificate from file:" +PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = \ + "loading external CA signing certificate chain from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = \ + "loading external CA signed KRA Storage certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = \ + "loading external CA signed KRA Transport certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = \ + "loading external CA signed OCSP Signing certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = \ + "loading external CA signed %s SSL Server certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = \ + "loading external CA signed %s Subsystem certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = \ + "loading external CA signed %s Audit Signing certificate from file:" PKI_CONFIG_EXTERNAL_CSR_SAVE = "saving CA Signing CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE = "saving KRA Storage CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT = "saving KRA Transport CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING = "saving OCSP Signing CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 = "saving %s Admin CSR to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = "saving %s Audit Signing "\ - "CSR to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = "saving %s SSL Server CSR "\ - "to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = "saving %s Subsystem CSR "\ - "to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = \ + "saving %s Audit Signing CSR to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = \ + "saving %s SSL Server CSR to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = \ + "saving %s Subsystem CSR to file:" PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION = \ "Exception from Java Configuration Servlet:" PKI_CONFIG_RESPONSE_ADMIN_CERT = "adminCert:" @@ -361,8 +359,9 @@ PKI_CHECK_STATUS_MESSAGE = " To check the status of the subsystem: \n"\ " systemctl status pki-tomcatd@%s.service" PKI_ACCESS_URL = " The URL for the subsystem is: \n"\ " https://%s:%s/%s" -PKI_INSTANCE_RESTART_MESSAGE = " To restart the subsystem: \n"\ - " systemctl restart pki-tomcatd@%s.service" +PKI_INSTANCE_RESTART_MESSAGE = \ + " To restart the subsystem: \n"\ + " systemctl restart pki-tomcatd@%s.service" PKI_SPAWN_INFORMATION_HEADER = "\n ==========================================================================\n"\ diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 620c9bdb5..a0e315d0e 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -54,36 +54,41 @@ class PKIConfigParser: #Read and process command-line options self.arg_parser = argparse.ArgumentParser( - description=description, - add_help=False, - formatter_class=argparse.RawDescriptionHelpFormatter, - epilog=epilog) + description=description, + add_help=False, + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=epilog) # Establish 'Mandatory' command-line options - self.mandatory = self.arg_parser.add_argument_group('mandatory arguments') + self.mandatory = self.arg_parser.add_argument_group( + 'mandatory arguments') # Establish 'Optional' command-line options self.optional = self.arg_parser.add_argument_group('optional arguments') - self.optional.add_argument('-s', - dest='pki_subsystem', action='store', - nargs=1, choices=config.PKI_SUBSYSTEMS, - metavar='<subsystem>', - help='where <subsystem> is ' - 'CA, KRA, OCSP, RA, TKS, or TPS') - self.optional.add_argument('-h', '--help', - dest='help', action='help', - help='show this help message and exit') - self.optional.add_argument('-v', - dest='pki_verbosity', action='count', - help='display verbose information (details below)') + self.optional.add_argument( + '-s', + dest='pki_subsystem', action='store', + nargs=1, choices=config.PKI_SUBSYSTEMS, + metavar='<subsystem>', + help='where <subsystem> is ' + 'CA, KRA, OCSP, RA, TKS, or TPS') + self.optional.add_argument( + '-h', '--help', + dest='help', action='help', + help='show this help message and exit') + self.optional.add_argument( + '-v', + dest='pki_verbosity', action='count', + help='display verbose information (details below)') # Establish 'Test' command-line options test = self.arg_parser.add_argument_group('test arguments') - test.add_argument('-p', - dest='pki_root_prefix', action='store', - nargs=1, metavar='<prefix>', - help='directory prefix to specify local directory ' - '[TEST ONLY]') + test.add_argument( + '-p', + dest='pki_root_prefix', action='store', + nargs=1, metavar='<prefix>', + help='directory prefix to specify local directory ' + '[TEST ONLY]') self.indent = 0 self.ds_connection = None self.sd_connection = None @@ -123,13 +128,12 @@ class PKIConfigParser: return args - def validate(self): # Validate command-line options if len(config.pki_root_prefix) > 0: - if not os.path.exists(config.pki_root_prefix) or\ - not os.path.isdir(config.pki_root_prefix): + if not os.path.exists(config.pki_root_prefix) or \ + not os.path.isdir(config.pki_root_prefix): print "ERROR: " + \ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \ config.pki_root_prefix @@ -138,8 +142,8 @@ class PKIConfigParser: self.arg_parser.exit(-1) # always default that configuration file exists - if not os.path.exists(config.default_deployment_cfg) or\ - not os.path.isfile(config.default_deployment_cfg): + if not os.path.exists(config.default_deployment_cfg) or \ + not os.path.isfile(config.default_deployment_cfg): print "ERROR: " + \ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.default_deployment_cfg @@ -149,8 +153,8 @@ class PKIConfigParser: if config.user_deployment_cfg: # verify user configuration file exists - if not os.path.exists(config.user_deployment_cfg) or\ - not os.path.isfile(config.user_deployment_cfg): + if not os.path.exists(config.user_deployment_cfg) or \ + not os.path.isfile(config.user_deployment_cfg): print "ERROR: " + \ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.user_deployment_cfg @@ -158,7 +162,6 @@ class PKIConfigParser: self.arg_parser.print_help() self.arg_parser.exit(-1) - def init_config(self): # RESTEasy @@ -184,7 +187,8 @@ class PKIConfigParser: default_http_port = '80' default_https_port = '443' - application_version = str(pki.upgrade.Version(pki.implementation_version())) + application_version = str(pki.upgrade.Version( + pki.implementation_version())) self.pki_config = ConfigParser.SafeConfigParser({ 'application_version': application_version, @@ -194,7 +198,7 @@ class PKIConfigParser: 'pki_dns_domainname': config.pki_dns_domainname, 'pki_subsystem': config.pki_subsystem, 'pki_subsystem_type': config.pki_subsystem.lower(), - 'pki_root_prefix' : config.pki_root_prefix, + 'pki_root_prefix': config.pki_root_prefix, 'resteasy_lib': resteasy_lib, 'jni_jar_dir': jni_jar_dir, 'home_dir': os.path.expanduser("~"), @@ -211,7 +215,6 @@ class PKIConfigParser: self.flatten_master_dict() - # The following code is based heavily upon # "http://www.decalage.info/en/python/configparser" @staticmethod @@ -234,7 +237,6 @@ class PKIConfigParser: values[name] = value return values - def set_property(self, section, key, value): if section != "DEFAULT" and not self.pki_config.has_section(section): self.pki_config.add_section(section) @@ -245,13 +247,13 @@ class PKIConfigParser: config.user_config.add_section(section) config.user_config.set(section, key, value) - def print_text(self, message): print ' ' * self.indent + message - def read_text(self, message, - section=None, key=None, default=None, - options=None, sign=':', allow_empty=True, case_sensitive=True): + def read_text( + self, message, + section=None, key=None, default=None, + options=None, sign=':', allow_empty=True, case_sensitive=True): if default is None and key is not None: default = self.mdict[key] @@ -291,9 +293,9 @@ class PKIConfigParser: return value - - def read_password(self, message, section=None, key=None, - verifyMessage=None): + def read_password( + self, message, section=None, key=None, + verifyMessage=None): message = ' ' * self.indent + message + ': ' if verifyMessage is not None: verifyMessage = ' ' * self.indent + verifyMessage + ': ' @@ -321,19 +323,21 @@ class PKIConfigParser: return password def read_pki_configuration_file(self): - "Read configuration file sections into dictionaries" + """Read configuration file sections into dictionaries""" rv = 0 try: if config.user_deployment_cfg: # We don't allow interpolation in password settings, which # means that we need to deal with escaping '%' characters # that might be present. - no_interpolation = ('pki_admin_password', 'pki_backup_password', - 'pki_client_database_password', - 'pki_client_pkcs12_password', - 'pki_ds_password', 'pki_security_domain_password') - - print 'Loading deployment configuration from ' + config.user_deployment_cfg + '.' + no_interpolation = ( + 'pki_admin_password', 'pki_backup_password', + 'pki_client_database_password', + 'pki_client_pkcs12_password', + 'pki_ds_password', 'pki_security_domain_password') + + print 'Loading deployment configuration from ' + \ + config.user_deployment_cfg + '.' self.pki_config.read([config.user_deployment_cfg]) config.user_config.read([config.user_deployment_cfg]) @@ -345,9 +349,11 @@ class PKIConfigParser: for section in sections: for key in no_interpolation: try: - val = self.pki_config.get(section, key, raw=True) + val = self.pki_config.get( + section, key, raw=True) if val: - self.pki_config.set(section, key, val.replace("%", "%%")) + self.pki_config.set( + section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue @@ -357,9 +363,11 @@ class PKIConfigParser: for section in sections: for key in no_interpolation: try: - val = config.user_config.get(section, key, raw=True) + val = config.user_config.get( + section, key, raw=True) if val: - config.user_config.set(section, key, val.replace("%", "%%")) + config.user_config.set( + section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue except ConfigParser.ParsingError, err: @@ -367,7 +375,6 @@ class PKIConfigParser: rv = err return rv - def flatten_master_dict(self): self.mdict.update(__name__="PKI Master Dictionary") @@ -392,7 +399,6 @@ class PKIConfigParser: subsystem_dict[0] = None self.mdict.update(subsystem_dict) - def ds_connect(self): hostname = self.mdict['pki_ds_hostname'] @@ -404,7 +410,8 @@ class PKIConfigParser: protocol = 'ldap' port = self.mdict['pki_ds_ldap_port'] - self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) + self.ds_connection = ldap.initialize( + protocol + '://' + hostname + ':' + port) def ds_bind(self): self.ds_connection.simple_bind_s( @@ -463,9 +470,9 @@ class PKIConfigParser: info = sd.get_security_domain_info() except requests.exceptions.HTTPError as e: config.pki_log.info( - "unable to access security domain through REST interface. " + \ + "unable to access security domain through REST interface. " + "Trying old interface. " + str(e), - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) info = sd.get_old_security_domain_info() return info @@ -482,9 +489,9 @@ class PKIConfigParser: code = e.response.status_code if code == 404 or code == 501: config.pki_log.warning( - "unable to validate security domain user/password " + \ + "unable to validate security domain user/password " + "through REST interface. Interface not available", - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: raise @@ -498,7 +505,8 @@ class PKIConfigParser: else: protocol = 'ldap' - self.authdb_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) + self.authdb_connection = ldap.initialize( + protocol + '://' + hostname + ':' + port) self.authdb_connection.search_s('', ldap.SCOPE_BASE) def authdb_base_dn_exists(self): @@ -518,17 +526,20 @@ class PKIConfigParser: def get_server_status(self, system_type, system_uri): parse = urlparse(self.mdict[system_uri]) conn = pki.client.PKIConnection( - protocol=parse.scheme, - hostname=parse.hostname, - port=str(parse.port), - subsystem=system_type) + protocol=parse.scheme, + hostname=parse.hostname, + port=str(parse.port), + subsystem=system_type) client = pki.system.SystemStatusClient(conn) response = client.get_status() root = ET.fromstring(response) return root.findtext("Status") def compose_pki_master_dictionary(self): - "Create a single master PKI dictionary from the sectional dictionaries" + """ + Create a single master PKI dictionary from the + sectional dictionaries + """ try: # 'pkispawn'/'pkidestroy' name/value pairs self.mdict['pki_deployment_executable'] = \ @@ -538,7 +549,8 @@ class PKIConfigParser: self.mdict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp self.mdict['pki_architecture'] = config.pki_architecture - self.mdict['pki_default_deployment_cfg'] = config.default_deployment_cfg + self.mdict['pki_default_deployment_cfg'] = \ + config.default_deployment_cfg self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg self.mdict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name @@ -554,22 +566,23 @@ class PKIConfigParser: self.flatten_master_dict() - pkilogging.sensitive_parameters = self.mdict['sensitive_parameters'].split() + pkilogging.sensitive_parameters = \ + self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not self.mdict.has_key('pki_enable_access_log') or\ + if not 'pki_enable_access_log' in self.mdict or\ not len(self.mdict['pki_enable_access_log']): self.mdict['pki_enable_access_log'] = "false" - if not self.mdict.has_key('pki_external') or\ + if not 'pki_external' in self.mdict or\ not len(self.mdict['pki_external']): self.mdict['pki_external'] = "false" - if not self.mdict.has_key('pki_external_step_two') or\ + if not 'pki_external_step_two' in self.mdict or\ not len(self.mdict['pki_external_step_two']): self.mdict['pki_external_step_two'] = "false" - if not self.mdict.has_key('pki_standalone') or\ + if not 'pki_standalone' in self.mdict or\ not len(self.mdict['pki_standalone']): self.mdict['pki_standalone'] = "false" - if not self.mdict.has_key('pki_subordinate') or\ + if not 'pki_subordinate' in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" @@ -581,7 +594,7 @@ class PKIConfigParser: self.mdict['pki_target_registry'] = \ os.path.join(self.mdict['pki_instance_registry_path'], self.mdict['pki_instance_name']) - if (config.str2bool(self.mdict['pki_external_step_two'])): + if config.str2bool(self.mdict['pki_external_step_two']): # For CA (External CA Step 2) and Stand-alone PKI (Step 2), # use the 'pki_one_time_pin' established during the setup # of (Step 1) @@ -589,11 +602,12 @@ class PKIConfigParser: and\ os.path.isfile(self.mdict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) self.mdict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: - config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, + config.pki_log.error( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, self.mdict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) @@ -602,7 +616,7 @@ class PKIConfigParser: # and add this to the "sensitive" key value pairs read in from # the configuration file self.mdict['pki_one_time_pin'] = \ - ''.join(random.choice(string.ascii_letters + string.digits)\ + ''.join(random.choice(string.ascii_letters + string.digits) for x in range(20)) if self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: @@ -649,73 +663,72 @@ class PKIConfigParser: # subystem-specific slot substitution name/value pairs if self.mdict['pki_subsystem'] == "CA": self.mdict['pki_target_flatfile_txt'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "flatfile.txt") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "flatfile.txt") self.mdict['pki_target_proxy_conf'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "proxy.conf") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "proxy.conf") self.mdict['pki_target_registry_cfg'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "registry.cfg") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") # '*.profile' self.mdict['pki_target_admincert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "adminCert.profile") - self.mdict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caAuditSigningCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "adminCert.profile") + self.mdict['pki_target_caauditsigningcert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caAuditSigningCert.profile") self.mdict['pki_target_cacert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caCert.profile") self.mdict['pki_target_caocspcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caOCSPCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caOCSPCert.profile") self.mdict['pki_target_servercert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "serverCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "subsystemCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") # in-place slot substitution name/value pairs self.mdict['pki_target_profileselect_template'] = \ os.path.join( - self.mdict\ - ['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "ee", self.mdict['pki_subsystem'].lower(), "ProfileSelect.template") elif self.mdict['pki_subsystem'] == "KRA": # '*.profile' self.mdict['pki_target_servercert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "serverCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") self.mdict['pki_target_storagecert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "storageCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "storageCert.profile") self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "subsystemCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") self.mdict['pki_target_transportcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "transportCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "transportCert.profile") elif self.mdict['pki_subsystem'] == "TPS": self.mdict['pki_target_registry_cfg'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "registry.cfg") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") self.mdict['pki_target_phone_home_xml'] = \ os.path.join( self.mdict['pki_subsystem_configuration_path'], @@ -761,20 +774,15 @@ class PKIConfigParser: self.mdict['SYSTEM_LIBRARIES_SLOT'] = None self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None self.mdict['TMP_DIR_SLOT'] = None - elif self.mdict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['INSTALL_TIME_SLOT'] = \ self.mdict['pki_install_time'] self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ self.mdict['pki_https_port'] - self.mdict\ - ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.mdict\ - ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ - "want" + self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = "" + self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want" self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ self.mdict['pki_https_port'] self.mdict['PKI_AJP_PORT_SLOT'] = \ @@ -789,19 +797,17 @@ class PKIConfigParser: self.mdict['pki_pin'] self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ self.mdict['pki_target_cs_cfg'] - self.mdict\ - ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" - self.mdict\ - ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.mdict['pki_https_port'] @@ -822,15 +828,12 @@ class PKIConfigParser: "tomcat") self.mdict['PKI_HOSTNAME_SLOT'] = \ self.mdict['pki_hostname'] - self.mdict\ - ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "<!--" - self.mdict\ - ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "<!--" self.mdict['PKI_PIDDIR_SLOT'] = \ - os.path.join("/var/run/pki", - "tomcat") + os.path.join("/var/run/pki", "tomcat") if config.str2bool(self.mdict['pki_enable_proxy']): self.mdict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \ "" @@ -855,7 +858,7 @@ class PKIConfigParser: "<!--" self.mdict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \ "<!--" - if (config.str2bool(self.mdict['pki_standalone'])): + if config.str2bool(self.mdict['pki_standalone']): # Stand-alone PKI self.mdict['PKI_CLOSE_STANDALONE_COMMENT_SLOT'] = \ "" @@ -868,7 +871,7 @@ class PKIConfigParser: self.mdict['PKI_OPEN_STANDALONE_COMMENT_SLOT'] = \ "<!--" self.mdict['PKI_STANDALONE_SLOT'] = "false" - if (config.str2bool(self.mdict['pki_enable_access_log'])): + if config.str2bool(self.mdict['pki_enable_access_log']): self.mdict['PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ "" self.mdict['PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT_SLOT'] = \ @@ -924,7 +927,8 @@ class PKIConfigParser: self.mdict['TOMCAT_LOG_DIR_SLOT'] = \ self.mdict['pki_instance_log_path'] self.mdict['TOMCAT_PIDFILE_SLOT'] = \ - "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + ".pid" + "/var/run/pki/tomcat/" + self.mdict['pki_instance_name'] + \ + ".pid" self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ self.mdict['pki_tomcat_server_port'] self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ @@ -995,8 +999,7 @@ class PKIConfigParser: if self.mdict['pki_subsystem'] == "CA": self.mdict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \ - self.mdict\ - ['pki_random_serial_numbers_enable'].lower() + self.mdict['pki_random_serial_numbers_enable'].lower() # Shared Apache/Tomcat NSS security database name/value pairs self.mdict['pki_shared_pfile'] = \ os.path.join( @@ -1032,9 +1035,9 @@ class PKIConfigParser: self.mdict['pki_subsystem_configuration_path'], "noise") self.mdict['pki_self_signed_noise_bytes'] = 1024 - # Shared Apache/Tomcat NSS security database convenience symbolic links - self.mdict\ - ['pki_subsystem_configuration_password_conf_link'] = \ + # Shared Apache/Tomcat NSS security database convenience + # symbolic links + self.mdict['pki_subsystem_configuration_password_conf_link'] = \ os.path.join( self.mdict['pki_subsystem_configuration_path'], "password.conf") @@ -1051,7 +1054,8 @@ class PKIConfigParser: # # Apache - [RA] # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] - # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone] + # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], + # [TPS Clone] # - [External CA] # - [Subordinate CA] # @@ -1072,7 +1076,8 @@ class PKIConfigParser: # self.mdict['pki_token_name'] # # The following variables are established via the specified PKI - # deployment configuration file and potentially overridden below: + # deployment configuration file and potentially overridden + # below: # # self.mdict['pki_security_domain_user'] # self.mdict['pki_issuing_ca'] @@ -1083,13 +1088,13 @@ class PKIConfigParser: # use the CA admin uid if it's defined if self.pki_config.has_option('CA', 'pki_admin_uid') and\ - len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: + len(self.pki_config.get('CA', 'pki_admin_uid')) > 0: self.mdict['pki_security_domain_user'] = \ self.pki_config.get('CA', 'pki_admin_uid') # or use the Default admin uid if it's defined elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\ - len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: + len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0: self.mdict['pki_security_domain_user'] = \ self.pki_config.get('DEFAULT', 'pki_admin_uid') @@ -1098,13 +1103,13 @@ class PKIConfigParser: self.mdict['pki_security_domain_user'] = "caadmin" if not config.str2bool(self.mdict['pki_skip_configuration']) and\ - (config.str2bool(self.mdict['pki_standalone'])): + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI self.mdict['pki_security_domain_type'] = "new" self.mdict['pki_issuing_ca'] = "External CA" elif config.pki_subsystem != "CA" or\ - config.str2bool(self.mdict['pki_clone']) or\ - config.str2bool(self.mdict['pki_subordinate']): + config.str2bool(self.mdict['pki_clone']) or\ + config.str2bool(self.mdict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA @@ -1160,12 +1165,12 @@ class PKIConfigParser: if not 'pki_import_admin_cert' in self.mdict: self.mdict['pki_import_admin_cert'] = 'false' - elif not config.str2bool(self.mdict['pki_skip_configuration']) and\ - (config.str2bool(self.mdict['pki_standalone'])): + elif not config.str2bool(self.mdict['pki_skip_configuration']) and \ + (config.str2bool(self.mdict['pki_standalone'])): # Stand-alone PKI self.mdict['pki_import_admin_cert'] = 'false' - if (config.str2bool(self.mdict['pki_standalone'])): + if config.str2bool(self.mdict['pki_standalone']): self.mdict['pki_ca_signing_tag'] = "external_signing" else: self.mdict['pki_ca_signing_tag'] = "signing" @@ -1221,8 +1226,7 @@ class PKIConfigParser: "restart" + " " + \ "pki-apached" + "@" + \ self.mdict['pki_instance_name'] + "." + "service" - elif self.mdict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['pki_registry_initscript_command'] = \ "systemctl" + " " + \ "restart" + " " + \ @@ -1244,7 +1248,6 @@ class PKIConfigParser: raise return - def compose_pki_slots_dictionary(self): """Read the slots configuration file to create the appropriate PKI slots dictionary""" diff --git a/base/server/python/pki/server/deployment/pkiscriptlet.py b/base/server/python/pki/server/deployment/pkiscriptlet.py index f37bb1c15..2bf4d0750 100644 --- a/base/server/python/pki/server/deployment/pkiscriptlet.py +++ b/base/server/python/pki/server/deployment/pkiscriptlet.py @@ -33,6 +33,7 @@ class AbstractBasePkiScriptlet(object): """Retrieve data from the specified PKI dictionary and use it to install a new PKI instance.""" return + # pylint: disable-msg=W0613 @abc.abstractmethod def destroy(self, deployer): diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index 57662b5d2..4cae695d1 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -80,26 +80,33 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): continue if not self.can_upgrade_server(instance): - if verbose: print 'Skipping ' + str(instance) + ' instance.' + if verbose: + print 'Skipping ' + str(instance) + ' instance.' continue try: - if verbose: print 'Upgrading ' + str(instance) + ' instance.' + if verbose: + print 'Upgrading ' + str(instance) + ' instance.' self.upgrade_instance(instance) self.update_server_tracker(instance) except Exception as e: - if verbose: traceback.print_exc() - else: print 'ERROR: ' + e.message + if verbose: + traceback.print_exc() + else: + print 'ERROR: ' + e.message message = 'Failed upgrading ' + str(instance) + ' instance.' if self.upgrader.silent: print message else: - result = pki.read_text(message + ' Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() - if result == 'y': continue + result = pki.read_text( + message + ' Continue (Yes/No)', + options=['Y', 'N'], default='Y', + delimiter='?', case_sensitive=False).lower() + if result == 'y': + continue raise pki.server.PKIServerException( 'Upgrade failed in ' + str(instance) + ': ' + e.message, @@ -110,26 +117,33 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): for subsystem in self.upgrader.subsystems(instance): if not self.can_upgrade_server(instance, subsystem): - if verbose: print 'Skipping ' + str(subsystem) + ' subsystem.' + if verbose: + print 'Skipping ' + str(subsystem) + ' subsystem.' continue try: - if verbose: print 'Upgrading ' + str(subsystem) + ' subsystem.' + if verbose: + print 'Upgrading ' + str(subsystem) + ' subsystem.' self.upgrade_subsystem(instance, subsystem) self.update_server_tracker(instance, subsystem) except Exception as e: - if verbose: traceback.print_exc() - else: print 'ERROR: ' + e.message + if verbose: + traceback.print_exc() + else: + print 'ERROR: ' + e.message message = 'Failed upgrading ' + str(subsystem) + ' subsystem.' if self.upgrader.silent: print message else: - result = pki.read_text(message + ' Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() - if result == 'y': continue + result = pki.read_text( + message + ' Continue (Yes/No)', + options=['Y', 'N'], default='Y', + delimiter='?', case_sensitive=False).lower() + if result == 'y': + continue raise pki.server.PKIServerException( 'Upgrade failed in ' + str(subsystem) + ': ' + e.message, @@ -146,14 +160,17 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): class PKIServerUpgrader(pki.upgrade.PKIUpgrader): - def __init__(self, instanceName=None, instanceType=None, subsystemName=None, \ - upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False): + def __init__( + self, instanceName=None, instanceType=None, subsystemName=None, + upgrade_dir=UPGRADE_DIR, version=None, index=None, silent=False): - super(PKIServerUpgrader, self).__init__(upgrade_dir, version, index, silent) + super(PKIServerUpgrader, self).__init__( + upgrade_dir, version, index, silent) if subsystemName and not instanceName: raise pki.PKIException( - 'Invalid subsystem: ' + subsystemName + ', Instance not defined') + 'Invalid subsystem: ' + subsystemName + + ', Instance not defined') self.instanceName = instanceName self.instanceType = instanceType @@ -165,7 +182,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): def instances(self): if self.instanceName and self.instanceType: - return [pki.server.PKIInstance(self.instanceName, self.instanceType)] + return [pki.server.PKIInstance( + self.instanceName, self.instanceType)] instance_list = [] @@ -173,23 +191,24 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, 'tomcat')): for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR): if not self.instanceName or \ - self.instanceName == instanceName: - instance_list.append(pki.server.PKIInstance(instanceName)) + self.instanceName == instanceName: + instance_list.append( + pki.server.PKIInstance(instanceName)) if not self.instanceType or self.instanceType == 9: for s in pki.server.SUBSYSTEM_TYPES: if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, s)): - for instanceName in \ - os.listdir(os.path.join(pki.server.REGISTRY_DIR, s)): + for instanceName in os.listdir( + os.path.join(pki.server.REGISTRY_DIR, s)): if not self.instanceName or \ - self.instanceName == instanceName: - instance_list.append(pki.server.PKIInstance(instanceName, 9)) + self.instanceName == instanceName: + instance_list.append( + pki.server.PKIInstance(instanceName, 9)) instance_list.sort() return instance_list - def subsystems(self, instance): if self.subsystemName: @@ -198,11 +217,13 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystem_list = [] if instance.type >= 10: - registry_dir = os.path.join(pki.server.REGISTRY_DIR, 'tomcat', + registry_dir = os.path.join( + pki.server.REGISTRY_DIR, 'tomcat', instance.name) for subsystemName in os.listdir(registry_dir): if subsystemName in pki.server.SUBSYSTEM_TYPES: - subsystem_list.append(pki.server.PKISubsystem(instance, subsystemName)) + subsystem_list.append( + pki.server.PKISubsystem(instance, subsystemName)) else: for subsystemName in pki.server.SUBSYSTEM_TYPES: registry_dir = os.path.join( @@ -210,7 +231,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): subsystemName, instance.name) if os.path.exists(registry_dir): - subsystem_list.append(pki.server.PKISubsystem(instance, subsystemName)) + subsystem_list.append( + pki.server.PKISubsystem(instance, subsystemName)) subsystem_list.sort() @@ -223,7 +245,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): try: tracker = self.subsystem_trackers[instance] except KeyError: - tracker = pki.upgrade.PKIUpgradeTracker(name + ' subsystem', + tracker = pki.upgrade.PKIUpgradeTracker( + name + ' subsystem', SUBSYSTEM_TRACKER % subsystem.conf_dir, version_key='cms.product.version', index_key='cms.upgrade.index') @@ -233,7 +256,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader): try: tracker = self.instance_trackers[str(instance)] except KeyError: - tracker = pki.upgrade.PKIUpgradeTracker(str(instance) + ' instance', + tracker = pki.upgrade.PKIUpgradeTracker( + str(instance) + ' instance', INSTANCE_TRACKER % instance.conf_dir, version_key='PKI_VERSION', index_key='PKI_UPGRADE_INDEX') diff --git a/base/server/sbin/pki-server-upgrade b/base/server/sbin/pki-server-upgrade index f9fd20951..212fc2675 100755 --- a/base/server/sbin/pki-server-upgrade +++ b/base/server/sbin/pki-server-upgrade @@ -27,6 +27,7 @@ import pki import pki.upgrade import pki.server.upgrade + # pylint: disable-msg=W0613 def interrupt_handler(event, frame): print @@ -160,12 +161,12 @@ def main(argv): try: upgrader = pki.server.upgrade.PKIServerUpgrader( - instanceName = instanceName, - subsystemName = subsystemName, - instanceType = instanceType, - version = scriptlet_version, - index = scriptlet_index, - silent = silent) + instanceName=instanceName, + subsystemName=subsystemName, + instanceType=instanceType, + version=scriptlet_version, + index=scriptlet_index, + silent=silent) if status: upgrader.status() diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy index e9eadf9ba..f0fa27a00 100755 --- a/base/server/sbin/pkidestroy +++ b/base/server/sbin/pkidestroy @@ -48,6 +48,7 @@ error was: """ % sys.exc_value sys.exit(1) + #Handle the Keyboard Interrupt # pylint: disable-msg=W0613 def interrupt_handler(event, frame): @@ -55,9 +56,10 @@ def interrupt_handler(event, frame): print '\nUninstallation canceled.' sys.exit(1) + # PKI Deployment Functions def main(argv): - "main entry point" + """main entry point""" config.pki_deployment_executable = os.path.basename(argv[0]) @@ -86,8 +88,9 @@ def main(argv): # Retrieve DNS domainname config.pki_dns_domainname = None try: - dnsdomainname = subprocess.check_output("dnsdomainname", - shell=True) + dnsdomainname = subprocess.check_output( + "dnsdomainname", + shell=True) # workaround for pylint error E1103 config.pki_dns_domainname = str(dnsdomainname).rstrip('\n') if not len(config.pki_dns_domainname): @@ -102,24 +105,26 @@ def main(argv): 'PKI Instance Removal', log.PKIDESTROY_EPILOG) - parser.optional.add_argument('-i', + parser.optional.add_argument( + '-i', dest='pki_deployed_instance_name', action='store', nargs=1, metavar='<instance>', help='FORMAT: ${pki_instance_name}') - parser.optional.add_argument('-u', + parser.optional.add_argument( + '-u', dest='pki_secdomain_user', action='store', nargs=1, metavar='<security domain user>', help='security domain user') - parser.optional.add_argument('-W', + parser.optional.add_argument( + '-W', dest='pki_secdomain_pass_file', action='store', nargs=1, metavar='<security domain password file>', help='security domain password file path') - args = parser.process_command_line_arguments() @@ -130,7 +135,8 @@ def main(argv): # -s <subsystem> if args.pki_subsystem is None: interactive = True - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + config.pki_subsystem = parser.read_text( + 'Subsystem (CA/KRA/OCSP/TKS/TPS)', options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', case_sensitive=False).upper() else: @@ -139,15 +145,18 @@ def main(argv): # -i <instance name> if args.pki_deployed_instance_name is None: interactive = True - config.pki_deployed_instance_name = parser.read_text('Instance', default='pki-tomcat') + config.pki_deployed_instance_name = \ + parser.read_text('Instance', default='pki-tomcat') else: - config.pki_deployed_instance_name = str(args.pki_deployed_instance_name).strip('[\']') + config.pki_deployed_instance_name = \ + str(args.pki_deployed_instance_name).strip('[\']') if interactive: print parser.indent = 0 - begin = parser.read_text('Begin uninstallation (Yes/No/Quit)', + begin = parser.read_text( + 'Begin uninstallation (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], sign='?', allow_empty=False, case_sensitive=False).lower() @@ -169,13 +178,14 @@ def main(argv): # '-W' password file if args.pki_secdomain_pass_file: - with open(str(args.pki_secdomain_pass_file).strip('[\']'),'r') as pwd_file: + with open(str(args.pki_secdomain_pass_file).strip('[\']'), 'r') as \ + pwd_file: config.pki_secdomain_pass = pwd_file.readline().strip('\n') # verify that previously deployed instance exists - deployed_pki_instance_path = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_BASE_ROOT + "/" +\ - config.pki_deployed_instance_name + deployed_pki_instance_path = \ + config.pki_root_prefix + config.PKI_DEPLOYMENT_BASE_ROOT + "/" + \ + config.pki_deployed_instance_name if not os.path.exists(deployed_pki_instance_path): print "ERROR: " + log.PKI_INSTANCE_DOES_NOT_EXIST_1 %\ deployed_pki_instance_path @@ -183,15 +193,16 @@ def main(argv): parser.arg_parser.exit(-1) # verify that previously deployed subsystem for this instance exists - deployed_pki_subsystem_path = deployed_pki_instance_path + "/" +\ - config.pki_subsystem.lower() + deployed_pki_subsystem_path = \ + deployed_pki_instance_path + "/" + config.pki_subsystem.lower() if not os.path.exists(deployed_pki_subsystem_path): print "ERROR: " + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 %\ (config.pki_subsystem, deployed_pki_instance_path) print parser.arg_parser.exit(-1) - config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + config.default_deployment_cfg = \ + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE # establish complete path to previously deployed configuration file config.user_deployment_cfg =\ @@ -204,8 +215,8 @@ def main(argv): parser.init_config() # Enable 'pkidestroy' logging. - config.pki_log_dir = config.pki_root_prefix +\ - config.PKI_DEPLOYMENT_LOG_ROOT + config.pki_log_dir = \ + config.pki_root_prefix + config.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" +\ config.pki_subsystem.lower() +\ "-" + "destroy" + "." +\ @@ -230,14 +241,15 @@ def main(argv): # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - parser.mdict['pki_destroy_log'] = config.pki_log_dir + "/" +\ - config.pki_log_name + parser.mdict['pki_destroy_log'] = \ + config.pki_log_dir + "/" + config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) - print "Uninstalling " + config.pki_subsystem + " from " + deployed_pki_instance_path + "." + print "Uninstalling " + config.pki_subsystem + " from " + \ + deployed_pki_instance_path + "." # Process the various "scriptlets" to remove the specified PKI subsystem. pki_subsystem_scriptlets = parser.mdict['destroy_scriplets'].split() @@ -246,7 +258,7 @@ def main(argv): for pki_scriptlet in pki_subsystem_scriptlets: scriptlet = __import__("pki.server.deployment.scriptlets." + pki_scriptlet, - fromlist = [pki_scriptlet]) + fromlist=[pki_scriptlet]) instance = scriptlet.PkiScriptlet() rv = instance.destroy(deployer) if rv != 0: diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 809ab59d8..41f5f5791 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -51,6 +51,7 @@ error was: """ % sys.exc_value sys.exit(1) + # Handle the Keyboard Interrupt # pylint: disable-msg=W0613 def interrupt_handler(event, frame): @@ -58,9 +59,10 @@ def interrupt_handler(event, frame): print '\nInstallation canceled.' sys.exit(1) + # PKI Deployment Functions def main(argv): - "main entry point" + """main entry point""" config.pki_deployment_executable = os.path.basename(argv[0]) @@ -88,8 +90,8 @@ def main(argv): # Retrieve DNS domainname try: - dnsdomainname = subprocess.check_output("dnsdomainname", - shell = True) + dnsdomainname = subprocess.check_output( + "dnsdomainname", shell=True) # workaround for pylint error E1103 config.pki_dns_domainname = str(dnsdomainname).rstrip('\n') if not len(config.pki_dns_domainname): @@ -104,15 +106,17 @@ def main(argv): 'PKI Instance Installation and Configuration', log.PKISPAWN_EPILOG) - parser.optional.add_argument('-f', + parser.optional.add_argument( + '-f', dest='user_deployment_cfg', action='store', nargs=1, metavar='<file>', help='configuration filename ' - '(MUST specify complete path)') + '(MUST specify complete path)') args = parser.process_command_line_arguments() - config.default_deployment_cfg = config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE + config.default_deployment_cfg = \ + config.PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE # -f <user deployment config> if args.user_deployment_cfg is not None: @@ -128,7 +132,8 @@ def main(argv): interactive = True parser.indent = 0 - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + config.pki_subsystem = parser.read_text( + 'Subsystem (CA/KRA/OCSP/TKS/TPS)', options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', case_sensitive=False).upper() print @@ -144,9 +149,11 @@ def main(argv): print "Tomcat:" parser.read_text('Instance', 'DEFAULT', 'pki_instance_name') parser.read_text('HTTP port', config.pki_subsystem, 'pki_http_port') - parser.read_text('Secure HTTP port', config.pki_subsystem, 'pki_https_port') + parser.read_text('Secure HTTP port', config.pki_subsystem, + 'pki_https_port') parser.read_text('AJP port', config.pki_subsystem, 'pki_ajp_port') - parser.read_text('Management port', config.pki_subsystem, 'pki_tomcat_server_port') + parser.read_text('Management port', config.pki_subsystem, + 'pki_tomcat_server_port') print print "Administrator:" @@ -156,34 +163,56 @@ def main(argv): 'Password', config.pki_subsystem, 'pki_admin_password', verifyMessage='Verify password') - parser.set_property(config.pki_subsystem, 'pki_backup_password', admin_password) - parser.set_property(config.pki_subsystem, 'pki_client_database_password', admin_password) - parser.set_property(config.pki_subsystem, 'pki_client_pkcs12_password', admin_password) + parser.set_property(config.pki_subsystem, 'pki_backup_password', + admin_password) + parser.set_property(config.pki_subsystem, + 'pki_client_database_password', + admin_password) + parser.set_property(config.pki_subsystem, + 'pki_client_pkcs12_password', + admin_password) if parser.mdict['pki_import_admin_cert'] == 'True': import_cert = 'Y' else: import_cert = 'N' - import_cert = parser.read_text('Import certificate (Yes/No)', + import_cert = parser.read_text( + 'Import certificate (Yes/No)', default=import_cert, options=['Yes', 'Y', 'No', 'N'], sign='?', case_sensitive=False).lower() if import_cert == 'y' or import_cert == 'yes': - parser.set_property(config.pki_subsystem, 'pki_import_admin_cert', 'True') - parser.read_text('Import certificate from', config.pki_subsystem, 'pki_admin_cert_file') + parser.set_property(config.pki_subsystem, + 'pki_import_admin_cert', + 'True') + parser.read_text('Import certificate from', + config.pki_subsystem, + 'pki_admin_cert_file') else: - parser.set_property(config.pki_subsystem, 'pki_import_admin_cert', 'False') + parser.set_property(config.pki_subsystem, + 'pki_import_admin_cert', + 'False') - parser.read_text('Export certificate to', config.pki_subsystem, 'pki_client_admin_cert') + parser.read_text('Export certificate to', + config.pki_subsystem, + 'pki_client_admin_cert') print print "Directory Server:" while True: - parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname') - parser.read_text('Port', config.pki_subsystem, 'pki_ds_ldap_port') - parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn') - parser.read_password('Password', config.pki_subsystem, 'pki_ds_password') + parser.read_text('Hostname', + config.pki_subsystem, + 'pki_ds_hostname') + parser.read_text('Port', + config.pki_subsystem, + 'pki_ds_ldap_port') + parser.read_text('Bind DN', + config.pki_subsystem, + 'pki_ds_bind_dn') + parser.read_password('Password', + config.pki_subsystem, + 'pki_ds_password') try: parser.ds_verify_configuration() @@ -192,7 +221,9 @@ def main(argv): parser.print_text('ERROR: ' + e.message['desc']) continue - parser.read_text('Base DN', config.pki_subsystem, 'pki_ds_base_dn') + parser.read_text('Base DN', + config.pki_subsystem, + 'pki_ds_base_dn') try: if not parser.ds_base_dn_exists(): break @@ -201,7 +232,8 @@ def main(argv): parser.print_text('ERROR: ' + e.message['desc']) continue - remove = parser.read_text('Base DN already exists. Overwrite (Yes/No/Quit)', + remove = parser.read_text( + 'Base DN already exists. Overwrite (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], sign='?', allow_empty=False, case_sensitive=False).lower() @@ -217,25 +249,38 @@ def main(argv): print "Security Domain:" if config.pki_subsystem == "CA": - parser.read_text('Name', config.pki_subsystem, 'pki_security_domain_name') + parser.read_text('Name', + config.pki_subsystem, + 'pki_security_domain_name') else: while True: - parser.read_text('Hostname', config.pki_subsystem, 'pki_security_domain_hostname') - parser.read_text('Secure HTTP port', config.pki_subsystem, 'pki_security_domain_https_port') + parser.read_text('Hostname', + config.pki_subsystem, + 'pki_security_domain_hostname') + + parser.read_text('Secure HTTP port', + config.pki_subsystem, + 'pki_security_domain_https_port') try: parser.sd_connect() info = parser.sd_get_info() parser.print_text('Name: ' + info.name) - parser.set_property(config.pki_subsystem, 'pki_security_domain_name', info.name) + parser.set_property(config.pki_subsystem, + 'pki_security_domain_name', + info.name) break except requests.exceptions.ConnectionError as e: parser.print_text('ERROR: ' + str(e)) while True: - parser.read_text('Username', config.pki_subsystem, 'pki_security_domain_user') - parser.read_password('Password', config.pki_subsystem, 'pki_security_domain_password') + parser.read_text('Username', + config.pki_subsystem, + 'pki_security_domain_user') + parser.read_password('Password', + config.pki_subsystem, + 'pki_security_domain_password') try: parser.sd_authenticate() @@ -245,11 +290,13 @@ def main(argv): print - if config.pki_subsystem == "TPS": + if config.pki_subsystem == "TPS": print "External Servers:" while True: - parser.read_text('CA URL', config.pki_subsystem, 'pki_ca_uri') + parser.read_text('CA URL', + config.pki_subsystem, + 'pki_ca_uri') try: status = parser.get_server_status('ca', 'pki_ca_uri') if status == 'running': @@ -259,7 +306,9 @@ def main(argv): parser.print_text('ERROR: ' + str(e)) while True: - parser.read_text('TKS URL', config.pki_subsystem, 'pki_tks_uri') + parser.read_text('TKS URL', + config.pki_subsystem, + 'pki_tks_uri') try: status = parser.get_server_status('tks', 'pki_tks_uri') if status == 'running': @@ -269,23 +318,31 @@ def main(argv): parser.print_text('ERROR: ' + str(e)) while True: - keygen = parser.read_text('Enable server side key generation (Yes/No)', + keygen = parser.read_text( + 'Enable server side key generation (Yes/No)', options=['Yes', 'Y', 'No', 'N'], default='N', sign='?', case_sensitive=False).lower() if keygen == 'y' or keygen == 'yes': - parser.set_property(config.pki_subsystem, 'pki_enable_server_side_keygen', 'True') + parser.set_property(config.pki_subsystem, + 'pki_enable_server_side_keygen', + 'True') - parser.read_text('KRA URL', config.pki_subsystem, 'pki_kra_uri') + parser.read_text('KRA URL', + config.pki_subsystem, + 'pki_kra_uri') try: - status = parser.get_server_status('kra', 'pki_kra_uri') + status = parser.get_server_status( + 'kra', 'pki_kra_uri') if status == 'running': break parser.print_text('ERROR: KRA is not running') except requests.exceptions.ConnectionError as e: parser.print_text('ERROR: ' + str(e)) else: - parser.set_property(config.pki_subsystem, 'pki_enable_server_side_keygen', 'False') + parser.set_property(config.pki_subsystem, + 'pki_enable_server_side_keygen', + 'False') break print @@ -293,10 +350,16 @@ def main(argv): print "Authentication Database:" while True: - parser.read_text('Hostname', config.pki_subsystem, 'pki_authdb_hostname') - parser.read_text('Port', config.pki_subsystem, 'pki_authdb_port') + parser.read_text('Hostname', + config.pki_subsystem, + 'pki_authdb_hostname') + parser.read_text('Port', + config.pki_subsystem, + 'pki_authdb_port') basedn = parser.read_text('Base DN', allow_empty=False) - parser.set_property(config.pki_subsystem, 'pki_authdb_basedn', basedn) + parser.set_property(config.pki_subsystem, + 'pki_authdb_basedn', + basedn) try: parser.authdb_connect() @@ -313,7 +376,8 @@ def main(argv): if interactive: parser.indent = 0 - begin = parser.read_text('Begin installation (Yes/No/Quit)', + begin = parser.read_text( + 'Begin installation (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], sign='?', allow_empty=False, case_sensitive=False).lower() print @@ -328,15 +392,14 @@ def main(argv): else: break - if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT + \ + if not os.path.exists(config.PKI_DEPLOYMENT_SOURCE_ROOT + "/" + config.pki_subsystem.lower()): print "ERROR: " + log.PKI_SUBSYSTEM_NOT_INSTALLED_1 % \ config.pki_subsystem.lower() sys.exit(1) # Enable 'pkispawn' logging. - config.pki_log_dir = config.pki_root_prefix + \ - config.PKI_DEPLOYMENT_LOG_ROOT + config.pki_log_dir = config.pki_root_prefix + config.PKI_DEPLOYMENT_LOG_ROOT config.pki_log_name = "pki" + "-" + \ config.pki_subsystem.lower() + \ "-" + "spawn" + "." + \ @@ -369,18 +432,18 @@ def main(argv): # Combine the various sectional dictionaries into a PKI master dictionary parser.compose_pki_master_dictionary() - parser.mdict['pki_spawn_log'] = config.pki_log_dir + "/" + \ - config.pki_log_name + parser.mdict['pki_spawn_log'] = \ + config.pki_log_dir + "/" + config.pki_log_name config.pki_log.debug(log.PKI_DICTIONARY_MASTER, extra=config.PKI_INDENTATION_LEVEL_0) config.pki_log.debug(pkilogging.log_format(parser.mdict), extra=config.PKI_INDENTATION_LEVEL_0) - if not interactive and\ - not config.str2bool(parser.mdict['pki_skip_configuration']): + if not interactive and \ + not config.str2bool(parser.mdict['pki_skip_configuration']): try: # Verify existence of Directory Server Password - if not parser.mdict.has_key('pki_ds_password') or\ + if not 'pki_ds_password' in parser.mdict or\ not len(parser.mdict['pki_ds_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -392,12 +455,13 @@ def main(argv): parser.ds_verify_configuration() if parser.ds_base_dn_exists() and\ - not config.str2bool(parser.mdict['pki_ds_remove_data']): + not config.str2bool(parser.mdict['pki_ds_remove_data']): print 'ERROR: Base DN already exists.' sys.exit(1) except ldap.LDAPError as e: - print 'ERROR: Unable to access directory server: ' + e.message['desc'] + print 'ERROR: Unable to access directory server: ' + \ + e.message['desc'] sys.exit(1) if ((config.pki_subsystem == "KRA" or @@ -410,7 +474,7 @@ def main(argv): config.str2bool(parser.mdict['pki_subordinate'])): try: # Verify existence of Security Domain Password - if not parser.mdict.has_key('pki_security_domain_password') or\ + if not 'pki_security_domain_password' in parser.mdict or\ not len(parser.mdict['pki_security_domain_password']): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, @@ -421,7 +485,9 @@ def main(argv): parser.sd_connect() info = parser.sd_get_info() - parser.set_property(config.pki_subsystem, 'pki_security_domain_name', info.name) + parser.set_property(config.pki_subsystem, + 'pki_security_domain_name', + info.name) parser.sd_authenticate() except requests.exceptions.ConnectionError as e: @@ -432,7 +498,8 @@ def main(argv): print('ERROR: Unable to access security domain: ' + str(e)) sys.exit(1) - print "Installing " + config.pki_subsystem + " into " + parser.mdict['pki_instance_path'] + "." + print "Installing " + config.pki_subsystem + " into " + \ + parser.mdict['pki_instance_path'] + "." # Process the various "scriptlets" to create the specified PKI subsystem. pki_subsystem_scriptlets = parser.mdict['spawn_scriplets'].split() @@ -463,6 +530,7 @@ def main(argv): print_install_information(parser.mdict) + def print_install_information(mdict): skip_configuration = config.str2bool(mdict['pki_skip_configuration']) @@ -471,11 +539,13 @@ def print_install_information(mdict): print log.PKI_CONFIGURATION_URL_1 % mdict['pki_configuration_url'] print print log.PKI_CONFIGURATION_RESTART_1 % \ - mdict['pki_registry_initscript_command'] + mdict['pki_registry_initscript_command'] else: - print " Administrator's username: %s" % mdict['pki_admin_uid'] + print " Administrator's username: %s" % \ + mdict['pki_admin_uid'] if os.path.isfile(mdict['pki_client_admin_cert_p12']): - print " Administrator's PKCS #12 file:\n %s" % mdict['pki_client_admin_cert_p12'] + print " Administrator's PKCS #12 file:\n %s" % \ + mdict['pki_client_admin_cert_p12'] if not config.str2bool(mdict['pki_client_database_purge']): print print " Administrator's certificate nickname:\n %s" % mdict['pki_admin_nickname'] @@ -485,7 +555,7 @@ def print_install_information(mdict): print log.PKI_INSTANCE_RESTART_MESSAGE % mdict['pki_instance_name'] if (((config.pki_subsystem == "KRA" or config.pki_subsystem == "OCSP") and - config.str2bool(mdict['pki_standalone'])) and + config.str2bool(mdict['pki_standalone'])) and not config.str2bool(mdict['pki_external_step_two'])): # Stand-alone PKI KRA/OCSP (External CA Step 1) print @@ -496,11 +566,14 @@ def print_install_information(mdict): config.pki_subsystem.lower()) print log.PKI_SPAWN_INFORMATION_FOOTER + def log_error_details(): e_type, e_value, e_stacktrace = sys.exc_info() - config.pki_log.debug("Error Type: " + e_type.__name__, extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug("Error Message: " + str(e_value), extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + "Error Type: " + e_type.__name__, extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + "Error Message: " + str(e_value), extra=config.PKI_INDENTATION_LEVEL_2) stacktrace_list = traceback.format_list(traceback.extract_tb(e_stacktrace)) e_stacktrace = "" for l in stacktrace_list: |