diff options
-rw-r--r-- | base/common/python/pki/__init__.py | 190 | ||||
-rw-r--r-- | base/common/python/pki/key.py | 77 | ||||
-rw-r--r-- | base/common/python/pki/system.py | 35 | ||||
-rw-r--r-- | base/common/python/pki/systemcert.py | 3 | ||||
-rw-r--r-- | base/common/python/pki/upgrade.py | 10 | ||||
-rw-r--r-- | base/common/python/pki/util.py | 31 | ||||
-rw-r--r-- | base/kra/functional/drmtest.py | 26 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 6 | ||||
-rw-r--r-- | base/server/python/pki/server/upgrade.py | 4 | ||||
-rwxr-xr-x | base/server/sbin/pkidestroy | 4 | ||||
-rwxr-xr-x | base/server/sbin/pkispawn | 12 |
11 files changed, 267 insertions, 131 deletions
diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py index bbcffb8a4..4b18ea0ed 100644 --- a/base/common/python/pki/__init__.py +++ b/base/common/python/pki/__init__.py @@ -18,9 +18,12 @@ # Copyright (C) 2013 Red Hat, Inc. # All rights reserved. # - +''' +This module contains top-level classes and functions used by the Dogtag project. +''' import os import re +import requests CONF_DIR = '/etc/pki' @@ -33,8 +36,8 @@ PACKAGE_VERSION = SHARE_DIR + '/VERSION' def read_text(message, options=None, default=None, delimiter=':', - allowEmpty=True, caseSensitive=True): - + allow_empty=True, case_sensitive=True): + ''' get an input from the user. ''' if default: message = message + ' [' + default + ']' message = message + delimiter + ' ' @@ -45,20 +48,20 @@ def read_text(message, value = value.strip() if len(value) == 0: # empty value - if allowEmpty: + if allow_empty: value = default done = True break else: # non-empty value if options is not None: - for v in options: - if caseSensitive: - if v == value: + for val in options: + if case_sensitive: + if val == value: done = True break else: - if v.lower() == value.lower(): + if val.lower() == value.lower(): done = True break else: @@ -69,9 +72,9 @@ def read_text(message, def implementation_version(): - - with open(PACKAGE_VERSION, 'r') as f: - for line in f: + ''' Return implementation version ''' + with open(PACKAGE_VERSION, 'r') as input_file: + for line in input_file: line = line.strip('\n') # parse <key>: <value> @@ -90,27 +93,164 @@ def implementation_version(): raise Exception('Missing implementation version.') +class Attribute(object): + ''' + Class representing a key/value pair. + + This object is the basis of the representation of a ResourceMessage. + ''' + + def __init__(self, name, value): + ''' Constructor ''' + self.name = name + self.value = value + +class AttributeList(object): + ''' + Class representing a list of attributes. + + This class is needed because of a JavaMapper used in the REST API. + ''' + + def __init__(self): + ''' Constructor ''' + self.Attribute = [] + +class ResourceMessage(object): + ''' + This class is the basis for the various types of key requests. + It is essentially a list of attributes. + ''' + + def __init__(self, class_name): + ''' Constructor ''' + self.Attributes = AttributeList() + self.ClassName = class_name + + def add_attribute(self, name, value): + ''' Add an attribute to the list. ''' + attr = Attribute(name, value) + self.Attributes.Attribute.append(attr) + + def get_attribute_value(self, name): + ''' Get the value of a given attribute ''' + for attr in self.Attributes.Attribute: + if attr.name == name: + return attr.value + return None -class PKIException(Exception): - - def __init__(self, message, exception=None): +class PKIException(Exception, ResourceMessage): + ''' + Base exception class for REST Interface + ''' + def __init__(self, message, exception=None, code=None, class_name=None): + ''' Constructor ''' Exception.__init__(self, message) - + ResourceMessage.__init__(self, class_name) + self.code = code + self.message = message self.exception = exception + @classmethod + def from_json(cls, json_value): + ''' Construct exception from JSON ''' + ret = cls(json_value['Message'], json_value['Code'], json_value['ClassName']) + for attr in json_value['Attributes']['Attribute']: + print str(attr) + ret.add_attribute(attr["name"], attr["value"]) + return ret + +class BadRequestException(PKIException): + ''' Bad Request Exception: return code = 400 ''' + +class ConflictingOperationException(PKIException): + ''' Conflicting Operation Exception: return code = 409 ''' + +class ForbiddenException(PKIException): + ''' Forbidden Exception: return code = 403 ''' + +class HTTPGoneException(PKIException): + ''' Gone Exception: return code = 410 ''' + +class ResourceNotFoundException(PKIException): + ''' Not Found Exception: return code = 404 ''' + +class UnauthorizedException(PKIException): + ''' Unauthorized Exception: return code = 401 ''' + +class CertNotFoundException(ResourceNotFoundException): + ''' Cert Not Found Exception: return code = 404 ''' + +class GroupNotFoundException(ResourceNotFoundException): + ''' Group Not Found Exception: return code = 404 ''' + +class ProfileNotFoundException(ResourceNotFoundException): + ''' Profile Not Found Exception: return code = 404 ''' + +class RequestNotFoundException(ResourceNotFoundException): + ''' Request Not Found Exception: return code = 404 ''' + +class UserNotFoundException(ResourceNotFoundException): + ''' User Not Found Exception: return code = 404 ''' + +EXCEPTION_MAPPINGS = { + "com.netscape.certsrv.base.BadRequestException": "pki.BadRequestException", + "com.netscape.certsrv.base.ConflictingOperationException": "pki.ConflictingOperationException", + "com.netscape.certsrv.base.ForbiddenException": "pki.ForbiddenException", + "com.netscape.certsrv.base.HTTPGoneException": "pki.HTTPGoneException", + "com.netscape.certsrv.base.ResourceNotFoundException": "pki.ResourceNotFoundException", + "com.netscape.certsrv.cert.CertNotFoundException": "pki.CertNotFoundException", + "com.netscape.certsrv.group.GroupNotFoundException": "pki.GroupNotFoundException", + "com.netscape.certsrv.profile.ProfileNotFoundException": "pki.ProfileNotFoundException", + "com.netscape.certsrv.request.RequestNotFoundException": "pki.RequestNotFoundException", + "com.netscape.certsrv.base.UserNotFoundException": "pki.UserNotFoundException", + "com.netscape.certsrv.base.PKIException": "pki.PKIException"} + +def get_class( kls ): + ''' Get reference to the class specified by string kls ''' + parts = kls.split('.') + module = ".".join(parts[:-1]) + mod = __import__( module ) + for comp in parts[1:]: + mod = getattr(mod, comp) + return mod + +def handle_exceptions(): + ''' Decorator handling exceptions from REST methods. ''' + + def exceptions_decorator(fn_call): + ''' The actual decorator handler.''' + + def handler(inst, *args, **kwargs): + ''' Decorator to catch and re-throw PKIExceptions.''' + try: + return fn_call(inst, *args, **kwargs) + except requests.exceptions.HTTPError as exc: + clazz = exc.response.json()['ClassName'] + if clazz in EXCEPTION_MAPPINGS: + exception_class = get_class(EXCEPTION_MAPPINGS[clazz]) + pki_exception = exception_class.from_json(exc.response.json()) + raise pki_exception + else: + raise exc + + return handler + return exceptions_decorator + class PropertyFile(object): + ''' Class to manage property files ''' def __init__(self, filename, delimiter='='): - + ''' Constructor ''' self.filename = filename self.delimiter = delimiter self.lines = [] def read(self): - + ''' Read from propert file ''' self.lines = [] if not os.path.exists(self.filename): @@ -123,27 +263,27 @@ class PropertyFile(object): self.lines.append(line) def write(self): - + ''' Write to property file ''' # write all lines in the original order with open(self.filename, 'w') as f: for line in self.lines: f.write(line + '\n') def show(self): - + ''' Show contents of property file.''' for line in self.lines: print line def insert_line(self, index, line): - + ''' Insert line in property file ''' self.lines.insert(index, line) def remove_line(self, index): - + ''' Remove line from property file ''' self.lines.pop(index) def index(self, name): - + ''' Find the index (position) of a property in a property file ''' for i, line in enumerate(self.lines): # parse <key> <delimiter> <value> @@ -160,7 +300,7 @@ class PropertyFile(object): return -1 def get(self, name): - + ''' Get value for specified property ''' result = None for line in self.lines: @@ -180,7 +320,7 @@ class PropertyFile(object): return result def set(self, name, value, index=None): - + ''' Set value for specified property ''' for i, line in enumerate(self.lines): # parse <key> <delimiter> <value> @@ -202,7 +342,7 @@ class PropertyFile(object): self.insert_line(index, name + self.delimiter + value) def remove(self, name): - + ''' Remove property from property file ''' for i, line in enumerate(self.lines): # parse <key> <delimiter> <value> diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index 0572ea264..30f6baeb7 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -25,6 +25,7 @@ KeyRequestClient REST API on a DRM ''' import pki.encoder as encoder import json +import pki import types class KeyId(object): @@ -212,54 +213,7 @@ class KeyRequestResponse(object): ''' Return the id for the created request ''' return self.requestInfo.get_request_id() - -class Attribute(object): - ''' - Class representing a key/value pair. - - This object is the basis of the representation of a ResourceMessage. - ''' - - def __init__(self, name, value): - ''' Constructor ''' - self.name = name - self.value = value - -class AttributeList(object): - ''' - Class representing a list of attributes. - - This class is needed because of a JavaMapper used in the REST API. - ''' - - def __init__(self): - ''' Constructor ''' - self.Attribute = [] - -class ResourceMessage(object): - ''' - This class is the basis for the various types of key requests. - It is essentially a list of attributes. - ''' - - def __init__(self, class_name): - ''' Constructor ''' - self.Attributes = AttributeList() - self.ClassName = class_name - - def add_attribute(self, name, value): - ''' Add an attribute to the list. ''' - attr = Attribute(name, value) - self.Attributes.Attribute.append(attr) - - def get_attribute_value(self, name): - ''' Get the value of a given attribute ''' - for attr in self.Attributes.Attribute: - if attr.name == name: - return attr.value - return None - -class KeyArchivalRequest(ResourceMessage): +class KeyArchivalRequest(pki.ResourceMessage): ''' Class representing the object sent to the DRM when archiving a secret. ''' @@ -267,7 +221,7 @@ class KeyArchivalRequest(ResourceMessage): def __init__(self, client_id=None, data_type=None, wrapped_private_data=None, key_algorithm=None, key_size=None): ''' Constructor ''' - ResourceMessage.__init__(self, + pki.ResourceMessage.__init__(self, "com.netscape.certsrv.key.KeyArchivalRequest") self.add_attribute("clientID", client_id) self.add_attribute("dataType", data_type) @@ -275,7 +229,7 @@ class KeyArchivalRequest(ResourceMessage): self.add_attribute("keyAlgorithm", key_algorithm) self.add_attribute("keySize", key_size) -class KeyRecoveryRequest(ResourceMessage): +class KeyRecoveryRequest(pki.ResourceMessage): ''' Class representing the data sent to the DRM when either creating a request for the recovery of a secret, or, once the request is approved, retrieving @@ -288,7 +242,7 @@ class KeyRecoveryRequest(ResourceMessage): nonce_data=None, certificate=None, passphrase=None): ''' Constructor ''' - ResourceMessage.__init__(self, + pki.ResourceMessage.__init__(self, "com.netscape.certsrv.key.KeyRecoveryRequest") self.add_attribute("requestId", request_id) self.add_attribute("transWrappedSessionKey", trans_wrapped_session_key) @@ -298,7 +252,7 @@ class KeyRecoveryRequest(ResourceMessage): self.add_attribute("passphrase", passphrase) self.add_attribute("keyId", key_id) -class SymKeyGenerationRequest(ResourceMessage): +class SymKeyGenerationRequest(pki.ResourceMessage): ''' Class representing the data sent to the DRM when generating and archiving a symmetric key on the DRM. @@ -314,7 +268,7 @@ class SymKeyGenerationRequest(ResourceMessage): def __init__(self, client_id=None, key_size=None, key_algorithm=None, key_usages=None): ''' Constructor ''' - ResourceMessage.__init__(self, + pki.ResourceMessage.__init__(self, "com.netscape.certsrv.key.SymKeyGenerationRequest") key_usages = key_usages or [] self.add_attribute("clientID", client_id) @@ -340,6 +294,7 @@ class KeyClient(object): self.keyURL = '/rest/agent/keys' self.keyRequestsURL = '/rest/agent/keyrequests' + @pki.handle_exceptions def list_keys(self, client_id=None, status=None, max_results=None, max_time=None, start=None, size=None): ''' List/Search archived secrets in the DRM. @@ -353,6 +308,7 @@ class KeyClient(object): response = self.connection.get(self.keyURL, self.headers, params=query_params) return KeyInfoCollection.from_json(response.json()) + @pki.handle_exceptions def retrieve_key(self, data): ''' Retrieve a secret from the DRM. @@ -368,6 +324,7 @@ class KeyClient(object): response = self.connection.post(url, keyRequest, self.headers) return KeyData.from_dict(response.json()) + @pki.handle_exceptions def request_key_retrieval(self, key_id, request_id, trans_wrapped_session_key=None, session_wrapped_passphrase=None, passphrase=None, nonce_data=None): ''' Retrieve a secret from the DRM. @@ -400,6 +357,7 @@ class KeyClient(object): return self.retrieve_key(request) + @pki.handle_exceptions def list_requests(self, request_state=None, request_type=None, client_id=None, start=None, page_size=None, max_results=None, max_time=None): ''' List/Search key requests in the DRM. @@ -414,12 +372,14 @@ class KeyClient(object): params=query_params) return KeyRequestInfoCollection.from_json(response.json()) + @pki.handle_exceptions def get_request_info(self, request_id): ''' Return a KeyRequestInfo object for a specific request. ''' url = self.keyRequestsURL + '/' + request_id response = self.connection.get(url, self.headers) return KeyRequestInfo.from_dict(response.json()) + @pki.handle_exceptions def create_request(self, request): ''' Submit an archival, recovery or key generation request to the DRM. @@ -434,21 +394,25 @@ class KeyClient(object): response = self.connection.post(url, key_request, self.headers) return KeyRequestResponse.from_json(response.json()) + @pki.handle_exceptions def approve_request(self, request_id): ''' Approve a secret recovery request ''' url = self.keyRequestsURL + '/' + request_id + '/approve' return self.connection.post(url, self.headers) + @pki.handle_exceptions def reject_request(self, request_id): ''' Reject a secret recovery request. ''' url = self.keyRequestsURL + '/' + request_id + '/reject' return self.connection.post(url, self.headers) + @pki.handle_exceptions def cancel_request(self, request_id): ''' Cancel a secret recovery request ''' url = self.keyRequestsURL + '/' + request_id + '/cancel' return self.connection.post(url, self.headers) + @pki.handle_exceptions def request_recovery(self, key_id, request_id=None, session_wrapped_passphrase=None, trans_wrapped_session_key=None, b64certificate=None, nonce_data=None): ''' Create a request to recover a secret. @@ -469,6 +433,7 @@ class KeyClient(object): nonce_data=nonce_data) return self.create_request(request) + @pki.handle_exceptions def request_archival(self, client_id, data_type, wrapped_private_data, key_algorithm=None, key_size=None): ''' Archive a secret (symmetric key or passphrase) on the DRM. @@ -493,11 +458,11 @@ class KeyClient(object): key_size=key_size) return self.create_request(request) -encoder.NOTYPES['Attribute'] = Attribute -encoder.NOTYPES['AttributeList'] = AttributeList +encoder.NOTYPES['Attribute'] = pki.Attribute +encoder.NOTYPES['AttributeList'] = pki.AttributeList encoder.NOTYPES['KeyArchivalRequest'] = KeyArchivalRequest encoder.NOTYPES['KeyRecoveryRequest'] = KeyRecoveryRequest -encoder.NOTYPES['ResourceMessage'] = ResourceMessage +encoder.NOTYPES['ResourceMessage'] = pki.ResourceMessage encoder.NOTYPES['SymKeyGenerationRequest'] = SymKeyGenerationRequest def main(): diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py index 5d93dbc29..df71c8dab 100644 --- a/base/common/python/pki/system.py +++ b/base/common/python/pki/system.py @@ -23,39 +23,38 @@ import pki.encoder as encoder import xml.etree.ElementTree as ET import os -SYSTEM_TYPE="Fedora/RHEL" +SYSTEM_TYPE = "Fedora/RHEL" if os.path.exists("/etc/debian_version"): - SYSTEM_TYPE="debian" + SYSTEM_TYPE = "debian" -class SecurityDomainInfo: +class SecurityDomainInfo(object): def __init__(self): self.name = None -class SecurityDomainClient: +class SecurityDomainClient(object): def __init__(self, connection): self.connection = connection def getSecurityDomainInfo(self): - r = self.connection.get('/rest/securityDomain/domainInfo') - j = r.json() + response = self.connection.get('/rest/securityDomain/domainInfo') info = SecurityDomainInfo() - info.name = j['id'] + info.name = response.json()['id'] return info def getOldSecurityDomainInfo(self): - r = self.connection.get('/admin/ca/getDomainXML') - root = ET.fromstring(r.text) + response = self.connection.get('/admin/ca/getDomainXML') + root = ET.fromstring(response.text) domaininfo = ET.fromstring(root.find("DomainInfo").text) info = SecurityDomainInfo() info.name = domaininfo.find("Name").text return info -class ConfigurationRequest: +class ConfigurationRequest(object): def __init__(self): self.token = "Internal Key Storage Token" @@ -64,17 +63,17 @@ class ConfigurationRequest: self.importAdminCert = "false" self.generateServerCert = "true" -class ConfigurationResponse: +class ConfigurationResponse(object): def __init__(self): pass -class SystemCertData: +class SystemCertData(object): def __init__(self): pass -class SystemConfigClient: +class SystemConfigClient(object): def __init__(self, connection): self.connection = connection @@ -82,18 +81,18 @@ class SystemConfigClient: def configure(self, data): headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - r = self.connection.post('/rest/installer/configure', data, headers) - return r.json() + response = self.connection.post('/rest/installer/configure', data, headers) + return response.json() -class SystemStatusClient: +class SystemStatusClient(object): def __init__(self, connection): self.connection = connection def getStatus(self): - r = self.connection.get('/admin/' + \ + response = self.connection.get('/admin/' + \ self.connection.subsystem + '/getStatus') - return r.text + return response.text encoder.NOTYPES['ConfigurationRequest'] = ConfigurationRequest diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py index aa1cb538d..8a1488dea 100644 --- a/base/common/python/pki/systemcert.py +++ b/base/common/python/pki/systemcert.py @@ -21,7 +21,7 @@ ''' Module containing the Python client classes for the SystemCert REST API ''' - +import pki from pki.cert import CertData class SystemCertClient(object): @@ -38,6 +38,7 @@ class SystemCertClient(object): 'Accept': 'application/json'} self.cert_url = '/rest/config/cert' + @pki.handle_exceptions def get_transport_cert(self): ''' Return transport certificate ''' url = self.cert_url + '/transport' diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py index 8f1b1d896..ecdbfcf6b 100644 --- a/base/common/python/pki/upgrade.py +++ b/base/common/python/pki/upgrade.py @@ -312,7 +312,7 @@ class PKIUpgradeScriptlet(object): print message else: result = pki.read_text(message + ' Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() if result == 'y': return raise pki.PKIException('Upgrade failed: ' + e.message, e) @@ -590,7 +590,7 @@ class PKIUpgrader(object): else: result = pki.read_text(message + ' (Yes/No)', - options=['Y', 'N'], default='Y', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', case_sensitive=False).lower() if result == 'n': raise pki.PKIException('Upgrade canceled.') @@ -616,7 +616,7 @@ class PKIUpgrader(object): print result = pki.read_text('Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() if result == 'n': raise pki.PKIException(message, e) @@ -655,7 +655,7 @@ class PKIUpgrader(object): else: result = pki.read_text(message + ' (Yes/No)', - options=['Y', 'N'], default='Y', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', case_sensitive=False).lower() if result == 'n': raise pki.PKIException('Revert canceled.') @@ -680,7 +680,7 @@ class PKIUpgrader(object): print result = pki.read_text('Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() if result == 'n': raise pki.PKIException(message, e) diff --git a/base/common/python/pki/util.py b/base/common/python/pki/util.py index a0481852d..a64f174f4 100644 --- a/base/common/python/pki/util.py +++ b/base/common/python/pki/util.py @@ -18,6 +18,8 @@ # Copyright (C) 2013 Red Hat, Inc. # All rights reserved. # +''' Module containing utility functions and classes for the Dogtag python code ''' + import os import shutil @@ -28,8 +30,10 @@ def copy(source, dest): """ # remove trailing slashes - if source[-1] == '/': source = source[:-1] - if dest[-1] == '/': dest = dest[:-1] + if source[-1] == '/': + source = source[:-1] + if dest[-1] == '/': + dest = dest[:-1] sourceparent = os.path.dirname(source) destparent = os.path.dirname(dest) @@ -44,7 +48,8 @@ def copy(source, dest): relpath = sourcepath[len(source):] destpath = dest + relpath - if destpath == '': destpath = '/' + if destpath == '': + destpath = '/' copydirs(sourcepath, destpath) @@ -66,16 +71,16 @@ def copyfile(source, dest, overwrite=True): target = os.readlink(source) os.symlink(target, dest) - st = os.lstat(source) - os.lchown(dest, st.st_uid, st.st_gid) + stat = os.lstat(source) + os.lchown(dest, stat.st_uid, stat.st_gid) else: shutil.copyfile(source, dest) - st = os.stat(source) - os.utime(dest, (st.st_atime, st.st_mtime)) - os.chmod(dest, st.st_mode) - os.chown(dest, st.st_uid, st.st_gid) + stat = os.stat(source) + os.utime(dest, (stat.st_atime, stat.st_mtime)) + os.chmod(dest, stat.st_mode) + os.chown(dest, stat.st_uid, stat.st_gid) def copydirs(source, dest): """ @@ -93,10 +98,10 @@ def copydirs(source, dest): os.mkdir(dest) - st = os.stat(source) - os.utime(dest, (st.st_atime, st.st_mtime)) - os.chmod(dest, st.st_mode) - os.chown(dest, st.st_uid, st.st_gid) + stat = os.stat(source) + os.utime(dest, (stat.st_atime, stat.st_mtime)) + os.chmod(dest, stat.st_mode) + os.chown(dest, stat.st_uid, stat.st_gid) def chown(path, uid, gid): """ diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index 5c7e41244..471792113 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -30,6 +30,7 @@ See drmtest.readme.txt. ''' import base64 +import pki import pki.cryptoutil as cryptoutil import pki.key as key import time @@ -126,5 +127,30 @@ def main(): print "key1: " + key1 print "key2: " + key2 + # Test 10 = test BadRequestException on create() + print "Trying to generate a new symkey with the same client ID" + try: + response = kraclient.generate_sym_key(client_id, algorithm, key_size, usages) + except pki.BadRequestException as exc: + print "BadRequestException thrown - Code:" + exc.code + " Message: " + exc.message + + # Test 11 - Test RequestNotFoundException on get_request_info + print "Try to list a nonexistent request" + try: + keyrequest = kraclient.keys.get_request_info('200000034') + except pki.RequestNotFoundException as exc: + print "RequestNotFoundRequestException thrown - Code:" + exc.code + " Message: " + exc.message + + # Test 12 - Test exception on retrieve_key + # Note - this currently throws PKIException when it should probably throw a ResourceNotFound exception + # Fix in next patch. + print "Try to retrieve an invalid key" + try: + key_data, unwrapped_key = kraclient.retrieve_key('2000003434') + except pki.PKIException as exc: + print "PKIException thrown - Code:" + exc.code + " Message: " + exc.message + + + if __name__ == "__main__": main() diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 9bce634f9..8348648e5 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -251,7 +251,7 @@ class PKIConfigParser: def read_text(self, message, section=None, key=None, default=None, - options=None, sign=':', allowEmpty=True, caseSensitive=True): + options=None, sign=':', allow_empty=True, case_sensitive=True): if default is None and key is not None: default = self.pki_master_dict[key] @@ -265,7 +265,7 @@ class PKIConfigParser: value = value.strip() if len(value) == 0: # empty value - if allowEmpty: + if allow_empty: value = default done = True break @@ -273,7 +273,7 @@ class PKIConfigParser: else: # non-empty value if options is not None: for v in options: - if caseSensitive: + if case_sensitive: if v == value: done = True break diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py index a9911b6ed..57662b5d2 100644 --- a/base/server/python/pki/server/upgrade.py +++ b/base/server/python/pki/server/upgrade.py @@ -98,7 +98,7 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): print message else: result = pki.read_text(message + ' Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() if result == 'y': continue raise pki.server.PKIServerException( @@ -128,7 +128,7 @@ class PKIServerUpgradeScriptlet(pki.upgrade.PKIUpgradeScriptlet): print message else: result = pki.read_text(message + ' Continue (Yes/No)', - options=['Y', 'N'], default='Y', delimiter='?', caseSensitive=False).lower() + options=['Y', 'N'], default='Y', delimiter='?', case_sensitive=False).lower() if result == 'y': continue raise pki.server.PKIServerException( diff --git a/base/server/sbin/pkidestroy b/base/server/sbin/pkidestroy index 79b1c229f..16479f9fd 100755 --- a/base/server/sbin/pkidestroy +++ b/base/server/sbin/pkidestroy @@ -132,7 +132,7 @@ def main(argv): interactive = True config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], - default='CA', caseSensitive=False).upper() + default='CA', case_sensitive=False).upper() else: config.pki_subsystem = str(args.pki_subsystem).strip('[\']') @@ -149,7 +149,7 @@ def main(argv): begin = parser.read_text('Begin uninstallation (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], - sign='?', allowEmpty=False, caseSensitive=False).lower() + sign='?', allow_empty=False, case_sensitive=False).lower() print diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 8e56ad101..d2905dc19 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -130,7 +130,7 @@ def main(argv): config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], - default='CA', caseSensitive=False).upper() + default='CA', case_sensitive=False).upper() print else: config.pki_subsystem = str(args.pki_subsystem).strip('[\']') @@ -167,7 +167,7 @@ def main(argv): import_cert = parser.read_text('Import certificate (Yes/No)', default=import_cert, options=['Yes', 'Y', 'No', 'N'], - sign='?', caseSensitive=False).lower() + sign='?', case_sensitive=False).lower() if import_cert == 'y' or import_cert == 'yes': parser.set_property(config.pki_subsystem, 'pki_import_admin_cert', 'True') @@ -203,7 +203,7 @@ def main(argv): remove = parser.read_text('Base DN already exists. Overwrite (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], - sign='?', allowEmpty=False, caseSensitive=False).lower() + sign='?', allow_empty=False, case_sensitive=False).lower() if remove == 'q' or remove == 'quit': print "Installation canceled." @@ -271,7 +271,7 @@ def main(argv): while True: keygen = parser.read_text('Enable server side key generation (Yes/No)', options=['Yes', 'Y', 'No', 'N'], default='N', - sign='?', caseSensitive=False).lower() + sign='?', case_sensitive=False).lower() if keygen == 'y' or keygen == 'yes': parser.set_property(config.pki_subsystem, 'pki_enable_server_side_keygen', 'True') @@ -295,7 +295,7 @@ def main(argv): while True: parser.read_text('Hostname', config.pki_subsystem, 'pki_authdb_hostname') parser.read_text('Port', config.pki_subsystem, 'pki_authdb_port') - basedn = parser.read_text('Base DN', allowEmpty=False) + basedn = parser.read_text('Base DN', allow_empty=False) parser.set_property(config.pki_subsystem, 'pki_authdb_basedn', basedn) try: @@ -315,7 +315,7 @@ def main(argv): begin = parser.read_text('Begin installation (Yes/No/Quit)', options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], - sign='?', allowEmpty=False, caseSensitive=False).lower() + sign='?', allow_empty=False, case_sensitive=False).lower() print if begin == 'q' or begin == 'quit': |