summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.pydevproject12
-rw-r--r--base/common/python/pki/__init__.py10
-rw-r--r--base/common/python/pki/client.py2
-rw-r--r--base/common/python/pki/system.py2
-rw-r--r--base/common/python/pki/upgrade.py18
-rw-r--r--base/kra/functional/drmclient.py348
-rw-r--r--base/server/python/pki/server/__init__.py6
-rw-r--r--base/server/python/pki/server/upgrade.py10
-rw-r--r--base/server/src/engine/pkiconfig.py18
-rw-r--r--base/server/src/engine/pkihelper.py798
-rw-r--r--base/server/src/engine/pkilogging.py8
-rw-r--r--base/server/src/engine/pkimanifest.py4
-rw-r--r--base/server/src/engine/pkiparser.py398
-rw-r--r--base/server/src/scriptlets/configuration.py6
-rw-r--r--base/server/src/scriptlets/infrastructure_layout.py6
-rw-r--r--base/server/src/scriptlets/security_databases.py2
-rw-r--r--base/server/src/scriptlets/slot_substitution.py8
17 files changed, 831 insertions, 825 deletions
diff --git a/.pydevproject b/.pydevproject
index a9cca037b..f77c43e10 100644
--- a/.pydevproject
+++ b/.pydevproject
@@ -1,7 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<?eclipse-pydev version="1.0"?>
-
-<pydev_project>
+<?eclipse-pydev version="1.0"?><pydev_project>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
+<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
+<path>/pki/base/server/src</path>
+<path>/pki/base/server/src/engine</path>
+<path>/pki/base/server/src/scriptlets</path>
+<path>/pki/base/server/python/pki/server</path>
+<path>/pki/base/common/python/pki</path>
+<path>/pki/base/kra/functional</path>
+</pydev_pathproperty>
</pydev_project>
diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py
index 404aa92d4..979bf64d9 100644
--- a/base/common/python/pki/__init__.py
+++ b/base/common/python/pki/__init__.py
@@ -23,12 +23,12 @@ import os
import re
-CONF_DIR = '/etc/pki'
-SHARE_DIR = '/usr/share/pki'
-BASE_DIR = '/var/lib'
-LOG_DIR = '/var/log/pki'
+CONF_DIR = '/etc/pki'
+SHARE_DIR = '/usr/share/pki'
+BASE_DIR = '/var/lib'
+LOG_DIR = '/var/log/pki'
-PACKAGE_VERSION = SHARE_DIR + '/VERSION'
+PACKAGE_VERSION = SHARE_DIR + '/VERSION'
def read_text(message,
diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py
index 05f42ba06..00343bb7c 100644
--- a/base/common/python/pki/client.py
+++ b/base/common/python/pki/client.py
@@ -35,7 +35,7 @@ class PKIConnection:
self.port = port
self.subsystem = subsystem
- self.serverURI = self.protocol + '://' +\
+ self.serverURI = self.protocol + '://' + \
self.hostname + ':' + self.port + '/' + \
self.subsystem
diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py
index 5b4caf7f3..4dd3baac2 100644
--- a/base/common/python/pki/system.py
+++ b/base/common/python/pki/system.py
@@ -87,7 +87,7 @@ class SystemStatusClient:
self.connection = connection
def getStatus(self):
- r = self.connection.get('/admin/' +\
+ r = self.connection.get('/admin/' + \
self.connection.subsystem + '/getStatus')
return r.text
diff --git a/base/common/python/pki/upgrade.py b/base/common/python/pki/upgrade.py
index 9f927130f..e9e40b15c 100644
--- a/base/common/python/pki/upgrade.py
+++ b/base/common/python/pki/upgrade.py
@@ -29,12 +29,12 @@ import pki
import pki.util
-DEFAULT_VERSION = '10.0.0'
+DEFAULT_VERSION = '10.0.0'
-UPGRADE_DIR = pki.SHARE_DIR + '/upgrade'
-BACKUP_DIR = pki.LOG_DIR + '/upgrade'
-SYSTEM_TRACKER = pki.CONF_DIR + '/pki.version'
-verbose = False
+UPGRADE_DIR = pki.SHARE_DIR + '/upgrade'
+BACKUP_DIR = pki.LOG_DIR + '/upgrade'
+SYSTEM_TRACKER = pki.CONF_DIR + '/pki.version'
+verbose = False
@functools.total_ordering
@@ -172,14 +172,14 @@ class PKIUpgradeTracker(object):
i = self.properties.index(self.version_key)
if i >= 0:
# if version exists, add index after version
- self.properties.set(self.index_key, str(index), index=i+1)
+ self.properties.set(self.index_key, str(index), index=i + 1)
else:
# otherwise, add index at the end separated by a blank line
# if last line is not empty, append empty line
length = len(self.properties.lines)
- if length > 0 and self.properties.lines[length-1] != '':
+ if length > 0 and self.properties.lines[length - 1] != '':
self.properties.insert_line(length, '')
length = length + 1
@@ -219,7 +219,7 @@ class PKIUpgradeTracker(object):
# if last line is not empty, append empty line
length = len(self.properties.lines)
- if length > 0 and self.properties.lines[length-1] != '':
+ if length > 0 and self.properties.lines[length - 1] != '':
self.properties.insert_line(length, '')
length = length + 1
@@ -460,7 +460,7 @@ class PKIUpgrader(object):
raise pki.PKIException('Invalid scriptlet name: ' + filename, e)
index = int(filename[0:i])
- classname = filename[i+1:]
+ classname = filename[i + 1:]
if self.index and index != self.index:
continue
diff --git a/base/kra/functional/drmclient.py b/base/kra/functional/drmclient.py
index 5dd2336ea..6e3a2ac61 100644
--- a/base/kra/functional/drmclient.py
+++ b/base/kra/functional/drmclient.py
@@ -27,7 +27,7 @@ This is a python client that can be used to retrieve key requests
and keys from a KRA using the new RESTful interface. Moreover, given
a PKIArchiveOptions structure containing either a passphrase or a symmetric
key, this data can be stored in and retrieved from the KRA.
-
+
A sample test execution is provided at the end of the file.
'''
@@ -78,25 +78,25 @@ def parse_key_request_info_xml(doc):
request_type = etree.tostring(request_type[0], method='text',
encoding=unicode).strip()
response['request_type'] = request_type
-
+
request_status = doc.xpath('requestStatus')
if len(request_status) == 1:
request_status = etree.tostring(request_status[0], method='text',
encoding=unicode).strip()
response['request_status'] = request_status
-
+
request_url = doc.xpath('requestURL')
if len(request_url) == 1:
request_url = etree.tostring(request_url[0], method='text',
encoding=unicode).strip()
- response['request_id'] = request_url.rsplit('/',1)[1]
-
+ response['request_id'] = request_url.rsplit('/', 1)[1]
+
key_url = doc.xpath('keyURL')
if len(key_url) == 1:
key_url = etree.tostring(key_url[0], method='text',
encoding=unicode).strip()
- response['key_id'] = key_url.rsplit('/',1)[1]
-
+ response['key_id'] = key_url.rsplit('/', 1)[1]
+
return response
def parse_key_request_infos_xml(doc):
@@ -119,10 +119,10 @@ def parse_key_request_infos_xml(doc):
+----------------------+------------------------+-----------------------+---------------+
|info for each request |KeyRequestInfo |request_id [2] |dict |
+----------------------+------------------------+-----------------------+---------------+
-
- [1] prev_id and next_id are the starting ids for the previous and next pages
+
+ [1] prev_id and next_id are the starting ids for the previous and next pages
respectively. They are extracted from the href elements of the Link
- nodes (if they exist)
+ nodes (if they exist)
[2] For each key request info returned, we store a dict containing the key request data.
See parse_key_request_info_xml for details. Each dict is referenced by the id
of the key request (extracted from the key request URL).
@@ -132,21 +132,21 @@ def parse_key_request_infos_xml(doc):
if len(next_link) == 1:
next_link = etree.tostring(next_link[0], method='text',
encoding=unicode).strip()
- next_link = next_link.rsplit('/',1)[1]
+ next_link = next_link.rsplit('/', 1)[1]
response['next_id'] = next_link
-
+
prev_link = doc.xpath('//Link[@rel="previous"]/href')
if len(prev_link) == 1:
prev_link = etree.tostring(prev_link[0], method='text',
encoding=unicode).strip()
prev_link = prev_link.rsplit('/', 1)[1]
response['prev_id'] = prev_link
-
+
key_request_infos = doc.xpath('//KeyRequestInfo')
for key_request in key_request_infos:
node = parse_key_request_info_xml(key_request)
response[node['request_id']] = node
-
+
return response
def parse_key_data_info_xml(doc):
@@ -204,21 +204,21 @@ def parse_key_data_infos_xml(doc):
+----------------------+-----------------+-----------------------+---------------+
|info for each key |KeyDataInfo |key_id [2] |dict |
+----------------------+-----------------+-----------------------+---------------+
-
- [1] prev_id and next_id are the starting ids for the previous and next pages
+
+ [1] prev_id and next_id are the starting ids for the previous and next pages
respectively. They are extracted from the href elements of the Link
- nodes (if they exist)
+ nodes (if they exist)
[2] For each key info returned, we store a dict containing the key data.
See parse_key_data_info_xml for details. Each dict is referenced by the id
of the key (extracted from the key URL).
'''
response = {}
-
+
next_link = doc.xpath('//Link[@rel="next"]/href')
if len(next_link) == 1:
next_link = etree.tostring(next_link[0], method='text',
encoding=unicode).strip()
- next_link = next_link.rsplit('/',1)[1]
+ next_link = next_link.rsplit('/', 1)[1]
response['next_id'] = next_link
prev_link = doc.xpath('//Link[@rel="previous"]/href')
@@ -227,12 +227,12 @@ def parse_key_data_infos_xml(doc):
encoding=unicode).strip()
prev_link = prev_link.rsplit('/', 1)[1]
response['prev_id'] = prev_link
-
+
key_data_infos = doc.xpath('//KeyDataInfo')
for key_data in key_data_infos:
node = parse_key_data_info_xml(key_data)
- response[node['key_url'].rsplit('/',1)[1]] = node
-
+ response[node['key_url'].rsplit('/', 1)[1]] = node
+
return response
def parse_key_data_xml(doc):
@@ -241,7 +241,7 @@ def parse_key_data_xml(doc):
:returns: result dict
:except ValueError:
- After parsing the results are returned in a result dict.
+ After parsing the results are returned in a result dict.
+----------------------+----------------+-----------------------+---------------+
|cms name |cms type |result name |result type |
@@ -250,22 +250,22 @@ def parse_key_data_xml(doc):
+----------------------+----------------+-----------------------+---------------+
|nonceData |string |nonce_data |unicode |
+----------------------+----------------+-----------------------+---------------+
-
+
'''
response = {}
-
+
wrapped_data = doc.xpath('wrappedPrivateData')
if len(wrapped_data) == 1:
wrapped_data = etree.tostring(wrapped_data[0], method='text',
encoding=unicode).strip()
response['wrapped_data'] = wrapped_data
-
+
nonce_data = doc.xpath('nonceData')
if len(nonce_data) == 1:
nonce_data = etree.tostring(nonce_data[0], method='text',
encoding=unicode).strip()
response['nonce_data'] = nonce_data
-
+
return response
def parse_certificate_data_xml(doc):
@@ -274,26 +274,26 @@ def parse_certificate_data_xml(doc):
:returns: result dict
:except ValueError:
- After parsing the results are returned in a result dict.
+ After parsing the results are returned in a result dict.
+----------------------+----------------+-----------------------+---------------+
|cms name |cms type |result name |result type |
+======================+================+=======================+===============+
|b64 |string [1] |cert |unicode |
+----------------------+----------------+-----------------------+---------------+
-
+
[1] Base-64 encoded certificate with header and footer
'''
response = {}
-
+
b64 = doc.xpath('b64')
if len(b64) == 1:
b64 = etree.tostring(b64[0], method='text',
encoding=unicode).strip()
response['cert'] = b64.replace(CERT_HEADER, "").replace(CERT_FOOTER, "")
-
+
return response
-
+
def https_request(host, port, url, secdir, password, nickname, operation, args, **kw):
"""
:param url: The URL to post to.
@@ -309,7 +309,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args,
host = host.encode('utf-8')
uri = 'https://%s%s' % (ipautil.format_netloc(host, port), url)
logging.info('sslget %r', uri)
-
+
request_headers = {"Content-type": "application/xml",
"Accept": "application/xml"}
if operation == "POST":
@@ -330,7 +330,7 @@ def https_request(host, port, url, secdir, password, nickname, operation, args,
if operation == "GET":
url = url + "?" + args
conn.request("GET", url)
- elif operation == "POST":
+ elif operation == "POST":
conn.request("POST", url, post, request_headers)
res = conn.getresponse()
@@ -367,7 +367,7 @@ def http_request(host, port, url, operation, args):
if args != None:
post = args
else:
- post = ""
+ post = ""
conn = httplib.HTTPConnection(host, port)
try:
if operation == "GET":
@@ -376,7 +376,7 @@ def http_request(host, port, url, operation, args):
conn.request("GET", url)
elif operation == "POST":
conn.request("POST", url, post, request_headers)
-
+
res = conn.getresponse()
http_status = res.status
@@ -389,10 +389,10 @@ def http_request(host, port, url, operation, args):
if conn is not None:
conn.close()
- logging.debug('request status %d', http_status)
+ logging.debug('request status %d', http_status)
logging.debug('request reason_phrase %r', http_reason_phrase)
- logging.debug('request headers %s', http_headers)
- logging.debug('request body %r', http_body)
+ logging.debug('request headers %s', http_headers)
+ logging.debug('request body %r', http_body)
return http_status, http_reason_phrase, http_headers, http_body
@@ -400,7 +400,7 @@ class kra:
"""
Key Repository Authority backend plugin.
"""
-
+
POST = "POST"
GET = "GET"
transport_cert = "byte array with transport cert"
@@ -408,9 +408,9 @@ class kra:
iv = "e4:bb:3b:d3:c3:71:2e:58"
fullname = "kra"
-
+
def __init__(self, work_dir, kra_host, kra_port, kra_nickname):
- #crypto
+ # crypto
self.sec_dir = work_dir
self.pwd_file = work_dir + "/pwdfile.txt"
self.transport_cert_nickname = kra_nickname
@@ -420,15 +420,15 @@ class kra:
self.password = f.readline().strip()
except IOError:
self.password = ''
-
- #set up key db for crypto functions
+
+ # set up key db for crypto functions
try:
nss.nss_init(self.sec_dir)
except Exception, e:
raise CertificateOperationError(error=_('Error in initializing certdb (%s)') \
+ e.strerror)
self.transport_cert = nss.find_cert_from_nickname(self.transport_cert_nickname)
-
+
# DRM info
self.kra_host = kra_host
self.kra_agent_port = kra_port
@@ -437,12 +437,12 @@ class kra:
def setup_contexts(self, mechanism, sym_key, iv):
# Get a PK11 slot based on the cipher
slot = nss.get_best_slot(mechanism)
-
+
if sym_key == None:
sym_key = slot.key_gen(mechanism, None, slot.get_best_key_length(mechanism))
# If initialization vector was supplied use it, otherwise set it to None
- if iv:
+ if iv:
iv_data = nss.read_hex(iv)
iv_si = nss.SecItem(iv_data)
iv_param = nss.param_from_iv(mechanism, iv_si)
@@ -458,7 +458,7 @@ class kra:
# Create an encoding context
encoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_ENCRYPT,
sym_key, iv_param)
-
+
# Create a decoding context
decoding_ctx = nss.create_context_by_sym_key(mechanism, nss.CKA_DECRYPT,
sym_key, iv_param)
@@ -493,35 +493,35 @@ class kra:
Perform an HTTPS request
"""
- return https_request(self.kra_host, port, url, self.sec_dir, self.password,
+ return https_request(self.kra_host, port, url, self.sec_dir, self.password,
self.ipa_certificate_nickname, operation, args, **kw)
def symmetric_wrap(self, data, wrapping_key):
"""
:param data: Data to be wrapped
:param wrapping_key Symmetric key to wrap data
-
+
Wrap (encrypt) data using the supplied symmetric key
"""
encoding_ctx, decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, self.iv)
wrapped_data = encoding_ctx.cipher_op(data) + encoding_ctx.digest_final()
return wrapped_data
-
+
def asymmetric_wrap(self, data, wrapping_cert):
"""
:param data: Data to be wrapped
:param wrapping_cert Public key to wrap data
-
+
Wrap (encrypt) data using the supplied asymmetric key
"""
-
+
return None
-
- def symmetric_unwrap(self, data, wrapping_key, iv = None):
+
+ def symmetric_unwrap(self, data, wrapping_key, iv=None):
"""
:param data: Data to be unwrapped
:param wrapping_key Symmetric key to unwrap data
-
+
Unwrap (decrypt) data using the supplied symmetric key
"""
if iv == None:
@@ -529,7 +529,7 @@ class kra:
encoding_ctx, decoding_ctx = self.setup_contexts(self.mechanism, wrapping_key, iv)
unwrapped_data = decoding_ctx.cipher_op(data) + decoding_ctx.digest_final()
return unwrapped_data
-
+
def get_parse_result_xml(self, xml_text, parse_func):
'''
:param xml_text: The XML text to parse
@@ -549,7 +549,7 @@ class kra:
def create_archival_request(self, client_id, security_data, data_type):
"""
:param :param client_id: identifier to be used for this stored key
- :param security_data: data blob (PKIArchiveOptions) containing passphrase
+ :param security_data: data blob (PKIArchiveOptions) containing passphrase
or symmetric key to be archived
:param data_type: data type (symmetricKey, pass_phrase, asymmetricKey)
:return doc: xml doc with archival request
@@ -563,15 +563,15 @@ class kra:
data_type_element = etree.SubElement(root, "dataType")
data_type_element.text = data_type
return etree.ElementTree(root)
-
- def create_recovery_request(self, key_id, request_id, session_key, passphrase, nonce = None):
+
+ def create_recovery_request(self, key_id, request_id, session_key, passphrase, nonce=None):
"""
:param key_id: identifier of key to be recovered
- :param request_id: id for the recovery request
+ :param request_id: id for the recovery request
:param session_key session key wrapped in transport key
:param passphrase passphrase wrapped in session key
:return doc: xml doc with archival request
-
+
"""
self.debug('%s.create_recovery_request()', self.fullname)
root = etree.Element("KeyRecoveryRequest")
@@ -591,36 +591,36 @@ class kra:
nonce_element = etree.SubElement(root, "nonceData")
nonce_element.text = nonce
return etree.ElementTree(root)
-
+
def archive_security_data(self, client_id, security_data, data_type):
"""
:param client_id: identifier to be used for this stored key
- :param security_data: data blob (PKIArchiveOptions) containing passphrase
+ :param security_data: data blob (PKIArchiveOptions) containing passphrase
or symmetric key to be archived
:param data_type: data type (symmetricKey, pass_phrase, asymmetricKey)
-
+
Archives security data packaged in a PKIArchiveOptions blob
-
- The command returns a dict with key/value pairs as defined in
+
+ The command returns a dict with key/value pairs as defined in
parse_key_request_info_xml(). These include the request_id of the created
archival request, the status of the request, and the key_id of the archived
key.
"""
self.debug('%s.archive_security_data()', self.fullname)
-
+
# check clientID and security data
if ((client_id == None) or (security_data == None)):
raise CertificateOperationError(error=_('Bad arguments to archive_security_data'))
-
+
request = self.create_archival_request(client_id, security_data, data_type)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/agent/keyrequests/archive',
self.kra_agent_port,
self.POST,
- etree.tostring(request.getroot(), encoding='UTF-8'))
-
+ etree.tostring(request.getroot(), encoding='UTF-8'))
+
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in archiving request (%s)') % \
@@ -628,25 +628,25 @@ class kra:
parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml)
return parse_result
-
+
def get_transport_cert(self, etag=None):
"""
:param etag: etag info for last cert retrieval from DRM
-
+
Gets the transport certificate from the DRM
-
- The command returns a dict as defined in parse_certificate_data_xml()
+
+ The command returns a dict as defined in parse_certificate_data_xml()
"""
self.debug('%s.get_transport_cert()', self.fullname)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/config/cert/transport',
self.kra_agent_port,
self.GET,
- None)
-
- self.debug("headers: %s" , http_headers)
+ None)
+
+ self.debug("headers: %s" , http_headers)
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in archiving request (%s)') % \
@@ -654,78 +654,78 @@ class kra:
parse_result = self.get_parse_result_xml(http_body, parse_certificate_data_xml)
return parse_result
-
- def list_security_data(self, client_id, key_state = None, next_id = None):
+
+ def list_security_data(self, client_id, key_state=None, next_id=None):
"""
:param client_id: identifier to be searched for
:param key_state: state for key (active, inactive, all)
:param next_id: id for starting key on next page (if more than one page)
-
+
List security data matching the specified client id and state
-
- The command returns a dict as specified in parse_key_data_infos_xml().
+
+ The command returns a dict as specified in parse_key_data_infos_xml().
"""
self.debug('%s.list_security_data()', self.fullname)
if client_id == None:
- raise CertificateOperationError(error=_('Bad argument to list_security_data'))
+ raise CertificateOperationError(error=_('Bad argument to list_security_data'))
get_args = "clientID=" + quote_plus(client_id)
-
+
if key_state != None:
get_args = get_args + "&status=" + quote_plus(key_state)
-
+
if next_id != None:
# currnently not implemented on server
get_args = get_args + "&start=" + quote_plus(next_id)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/agent/keys',
self.kra_agent_port,
self.GET,
get_args)
-
+
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in listing keys (%s)') % \
http_reason_phrase)
parse_result = self.get_parse_result_xml(http_body, parse_key_data_infos_xml)
- return parse_result
-
- def list_key_requests(self, request_state = None, request_type = None, client_id = None,
- next_id = None):
+ return parse_result
+
+ def list_key_requests(self, request_state=None, request_type=None, client_id=None,
+ next_id=None):
"""
:param request_state: state of request (pending, complete, cancelled, rejected, approved)
:param request_type: request type (enrollment, recovery)
:param next_id: id for starting key on next page (if more than one page)
-
+
List security data matching the specified client id and state
-
- The command returns a dict as specified in parse_key_request_infos_xml().
+
+ The command returns a dict as specified in parse_key_request_infos_xml().
"""
self.debug('%s.list_key_requests()', self.fullname)
get_args = ""
-
+
if request_state != None:
get_args = get_args + "&requestState=" + quote_plus(request_state)
-
+
if request_type != None:
get_args = get_args + "&requestType=" + quote_plus(request_type)
-
+
if client_id != None:
get_args = get_args + "&clientID=" + quote_plus(client_id)
-
+
if next_id != None:
# currnently not implemented on server
get_args = get_args + "&start=" + quote_plus(next_id)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/agent/keyrequests',
self.kra_agent_port,
self.GET,
get_args)
-
+
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in listing key requests (%s)') % \
@@ -733,32 +733,32 @@ class kra:
parse_result = self.get_parse_result_xml(http_body, parse_key_request_infos_xml)
return parse_result
-
+
def submit_recovery_request(self, key_id):
"""
:param key_id: identifier of data to be recovered
-
+
Create a recovery request for a passphrase or symmetric key
-
- The command returns a dict as described in the comments to
+
+ The command returns a dict as described in the comments to
parse_key_request_info_xml(). This data includes the request_id
- of the created recovery request
+ of the created recovery request
"""
self.debug('%s.submit_recovery_request()', self.fullname)
-
+
# check clientID and security data
if key_id == None:
raise CertificateOperationError(error=_('Bad argument to archive_security_data'))
-
+
request = self.create_recovery_request(key_id, None, None, None)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/agent/keyrequests/recover',
self.kra_agent_port,
self.POST,
- etree.tostring(request.getroot(), encoding='UTF-8'))
-
+ etree.tostring(request.getroot(), encoding='UTF-8'))
+
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in archiving request (%s)') % \
@@ -766,13 +766,13 @@ class kra:
parse_result = self.get_parse_result_xml(http_body, parse_key_request_info_xml)
return parse_result
-
+
def check_request_status(self, request_id):
"""
:param recovery_request_id: identifier of key recovery request
-
+
Check recovery request status
-
+
The command returns a dict with these possible key/value pairs.
Some key/value pairs may be absent
@@ -789,89 +789,89 @@ class kra:
+-----------------+---------------+---------------------------------------+
"""
self.debug('%s.check_request_status()', self.fullname)
-
+
def approve_recovery_request(self, request_id):
"""
:param request_id: identifier of key recovery request
-
- Approve recovery request
+
+ Approve recovery request
"""
self.debug('%s.approve_recovery_request()', self.fullname)
if request_id == None:
raise CertificateOperationError(error=_('Bad argument to approve_recovery_request'))
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/rest/agent/keyrequests/'+request_id+'/approve',
+ self._request('/kra/rest/agent/keyrequests/' + request_id + '/approve',
self.kra_agent_port,
self.POST,
- None)
-
+ None)
+
# Parse and handle errors
if (http_status > 399):
raise CertificateOperationError(error=_('Error in approving request (%s)') % \
http_reason_phrase)
-
+
def reject_recovery_request(self, request_id):
"""
:param recovery_request_id: identifier of key recovery request
-
+
Reject recovery request
"""
self.debug('%s.reject_recovery_request()', self.fullname)
if request_id == None:
raise CertificateOperationError(error=_('Bad argument to reject_recovery_request'))
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/rest/agent/keyrequests/'+request_id+'/reject',
+ self._request('/kra/rest/agent/keyrequests/' + request_id + '/reject',
self.kra_agent_port,
self.POST,
- None)
-
+ None)
+
# Parse and handle errors
if (http_status > 399):
raise CertificateOperationError(error=_('Error in rejecting request (%s)') % \
http_reason_phrase)
-
+
def cancel_recovery_request(self, request_id):
"""
:param recovery_request_id: identifier of key recovery request
-
+
Cancel recovery request
"""
self.debug('%s.cancel_recovery_request()', self.fullname)
if request_id == None:
raise CertificateOperationError(error=_('Bad argument to cancel_recovery_request'))
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
- self._request('/kra/rest/agent/keyrequests/'+request_id+'/cancel',
+ self._request('/kra/rest/agent/keyrequests/' + request_id + '/cancel',
self.kra_agent_port,
self.POST,
- None)
-
+ None)
+
# Parse and handle errors
if (http_status > 399):
raise CertificateOperationError(error=_('Error in cancelling request (%s)') % \
http_reason_phrase)
-
+
def retrieve_security_data(self, recovery_request_id, passphrase=None):
"""
:param recovery_request_id: identifier of key recovery request
:param passphrase: passphrase to be used to wrap the data
-
- Recover the passphrase or symmetric key. We require an approved
- recovery request.
-
- If a passphrase is provided, the DRM will return a blob that can be decrypted
+
+ Recover the passphrase or symmetric key. We require an approved
+ recovery request.
+
+ If a passphrase is provided, the DRM will return a blob that can be decrypted
with the passphrase. If not, then a symmetric key will be created to wrap the
data for transport to this server. Upon receipt, the data will be unwrapped
and returned unencrypted.
-
- The command returns a dict with the values described in parse_key_data_xml(),
- as well as the following field
-
+
+ The command returns a dict with the values described in parse_key_data_xml(),
+ as well as the following field
+
+-----------------+---------------+-------------------------------------- +
|result name |result type |comments |
+=================+===============+=======================================+
@@ -880,14 +880,14 @@ class kra:
+-----------------+---------------+---------------------------------------+
"""
self.debug('%s.retrieve_security_data()', self.fullname)
-
+
if recovery_request_id == None:
raise CertificateOperationError(error=_('Bad arguments to retrieve_security_data'))
-
+
# generate symmetric key
slot = nss.get_best_slot(self.mechanism)
session_key = slot.key_gen(self.mechanism, None, slot.get_best_key_length(self.mechanism))
-
+
# wrap this key with the transport cert
public_key = self.transport_cert.subject_public_key_info.public_key
wrapped_session_key = base64.b64encode(nss.pub_wrap_sym_key(self.mechanism, public_key, session_key))
@@ -895,44 +895,44 @@ class kra:
if passphrase != None:
# wrap passphrase with session key
wrapped_session_key = base64.b64encode(self.symmetric_wrap(passphrase, session_key))
-
+
request = self.create_recovery_request(None, recovery_request_id,
wrapped_session_key,
wrapped_passphrase)
-
- #Call CMS
+
+ # Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._request('/kra/rest/agent/keys/retrieve',
self.kra_agent_port,
self.POST,
- etree.tostring(request.getroot(), encoding='UTF-8'))
-
+ etree.tostring(request.getroot(), encoding='UTF-8'))
+
# Parse and handle errors
if (http_status != 200):
raise CertificateOperationError(error=_('Error in retrieving security data (%s)') % \
http_reason_phrase)
parse_result = self.get_parse_result_xml(http_body, parse_key_data_xml)
-
+
if passphrase == None:
iv = nss.data_to_hex(base64.decodestring(parse_result['nonce_data']))
parse_result['data'] = self.symmetric_unwrap(base64.decodestring(parse_result['wrapped_data']),
session_key, iv)
-
+
return parse_result
-
+
def recover_security_data(self, key_id, passphrase=None):
"""
:param key_id: identifier of key to be recovered
:param passphrase: passphrase to wrap key data for delivery outside of this server
-
+
Recover the key data (symmetric key or passphrase) in a one step process.
This is the case when only one approver is required to extract a key such that
the agent submitting the recovery request is the only approver required.
-
+
In this case, the request is automatically approved, and the KRA just returns the
key data.
-
+
This has not yet been implemented on the server
"""
self.debug('%s.recover_security_data()', self.fullname)
@@ -943,7 +943,7 @@ import argparse
parser = argparse.ArgumentParser(description="Sample Test execution")
parser.add_argument('-d', default='/tmp/drmtest', dest='work_dir', help='Working directory')
-parser.add_argument('--options', default='options.out', dest='options_file',
+parser.add_argument('--options', default='options.out', dest='options_file',
help='File containing test PKIArchiveOptions to be archived')
parser.add_argument('--symkey', default='symkey.out', dest='symkey_file',
help='File containing test symkey')
@@ -970,18 +970,18 @@ print requests
transport_cert = test_kra.get_transport_cert()
print transport_cert
-#archive symmetric key
+# archive symmetric key
f = open(work_dir + "/" + options_file)
-wrapped_key = f.read()
+wrapped_key = f.read()
client_id = "Python symmetric key " + datetime.now().strftime("%Y-%m-%d %H:%M")
-response = test_kra.archive_security_data(client_id, wrapped_key,"symmetricKey")
+response = test_kra.archive_security_data(client_id, wrapped_key, "symmetricKey")
print response
# list keys with client_id
response = test_kra.list_security_data(client_id, "active")
print response
-#create recovery request
+# create recovery request
key_id = response.keys()[0]
print key_id
response = test_kra.submit_recovery_request(key_id)
@@ -1007,7 +1007,7 @@ response = test_kra.retrieve_security_data(request_id)
print response
print "retrieved data is " + base64.encodestring(response['data'])
-#read original symkey from file
+# read original symkey from file
f = open(work_dir + "/" + symkey_file)
orig_key = f.read()
print "orig key is " + orig_key
@@ -1015,4 +1015,4 @@ print "orig key is " + orig_key
if orig_key.strip() == base64.encodestring(response['data']).strip():
print "Success: the keys match"
else:
- print "Failure: keys do not match"
+ print "Failure: keys do not match"
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 759b01836..c60c5a325 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -25,8 +25,8 @@ import os
import pki
INSTANCE_BASE_DIR = '/var/lib/pki'
-REGISTRY_DIR = '/etc/sysconfig/pki'
-SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks']
+REGISTRY_DIR = '/etc/sysconfig/pki'
+SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks']
class PKISubsystem(object):
@@ -84,7 +84,7 @@ class PKIInstance(object):
class PKIServerException(pki.PKIException):
- def __init__(self, message, exception=None,\
+ def __init__(self, message, exception=None, \
instance=None, subsystem=None):
pki.PKIException.__init__(self, message, exception)
diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py
index 940dbe44a..5de961df3 100644
--- a/base/server/python/pki/server/upgrade.py
+++ b/base/server/python/pki/server/upgrade.py
@@ -28,10 +28,10 @@ import pki.server
from pki.upgrade import verbose
-UPGRADE_DIR = pki.SHARE_DIR + '/server/upgrade'
-BACKUP_DIR = pki.LOG_DIR + '/server/upgrade'
+UPGRADE_DIR = pki.SHARE_DIR + '/server/upgrade'
+BACKUP_DIR = pki.LOG_DIR + '/server/upgrade'
-INSTANCE_TRACKER = '%s/tomcat.conf'
+INSTANCE_TRACKER = '%s/tomcat.conf'
SUBSYSTEM_TRACKER = '%s/CS.cfg'
@@ -168,8 +168,8 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
list = []
- if not self.instanceType or self.instanceType >=10:
- if os.path.exists(os.path.join(pki.server.REGISTRY_DIR,'tomcat')):
+ if not self.instanceType or self.instanceType >= 10:
+ if os.path.exists(os.path.join(pki.server.REGISTRY_DIR, 'tomcat')):
for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR):
if not self.instanceName or \
self.instanceName == instanceName:
diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py
index 10fcdc676..d9be80507 100644
--- a/base/server/src/engine/pkiconfig.py
+++ b/base/server/src/engine/pkiconfig.py
@@ -37,10 +37,10 @@ PKI_DEPLOYMENT_DEFAULT_SHELL = "/sbin/nologin"
PKI_DEPLOYMENT_DEFAULT_UID = 17
PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
-PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
-PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
+PKI_SUBSYSTEMS = ["CA", "KRA", "OCSP", "RA", "TKS", "TPS"]
+PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
PKI_APACHE_SUBSYSTEMS = ["RA"]
-PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"]
+PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"]
PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
"lib", "logs", "ocsp", "temp", "tks", "tps", "webapps",
"work"]
@@ -78,9 +78,9 @@ PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME = "pki-tomcat"
DEFAULT_DEPLOYMENT_CONFIGURATION = "default.cfg"
USER_DEPLOYMENT_CONFIGURATION = "deployment.cfg"
-PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE =\
+PKI_DEPLOYMENT_DEFAULT_CONFIGURATION_FILE = \
PKI_DEPLOYMENT_CONFIGURATION_ROOT + "/" + DEFAULT_DEPLOYMENT_CONFIGURATION
-PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE =\
+PKI_DEPLOYMENT_SLOTS_CONFIGURATION_FILE = \
PKI_DEPLOYMENT_SOURCE_ROOT + "/deployment/config/pkislots.cfg"
# subtypes of PKI subsystems
@@ -169,8 +169,8 @@ pki_console_log_level = None
# PKI Selinux Constants and parameters
PKI_INSTANCE_SELINUX_CONTEXT = "pki_tomcat_var_lib_t"
-PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
-PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
-PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
-PKI_PORT_SELINUX_CONTEXT = "http_port_t"
+PKI_LOG_SELINUX_CONTEXT = "pki_tomcat_log_t"
+PKI_CFG_SELINUX_CONTEXT = "pki_tomcat_etc_rw_t"
+PKI_CERTDB_SELINUX_CONTEXT = "pki_tomcat_cert_t"
+PKI_PORT_SELINUX_CONTEXT = "http_port_t"
pki_selinux_config_ports = []
diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py
index d90f76c16..009c76e3d 100644
--- a/base/server/src/engine/pkihelper.py
+++ b/base/server/src/engine/pkihelper.py
@@ -57,7 +57,7 @@ import pki.client
import pki.system
# PKI Deployment Helper Functions
-def pki_copytree(src, dst, symlinks = False, ignore = None):
+def pki_copytree(src, dst, symlinks=False, ignore=None):
"""Recursively copy a directory tree using copy2().
PATCH: This code was copied from 'shutil.py' and patched to
@@ -140,18 +140,18 @@ class Identity:
pki_gid = getgrnam(pki_group)[2]
# Yes, group 'pki_group' exists!
config.pki_log.info(log.PKIHELPER_GROUP_ADD_2, pki_group, pki_gid,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
except KeyError as exc:
# No, group 'pki_group' does not exist!
config.pki_log.debug(log.PKIHELPER_GROUP_ADD_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
try:
# Is the default well-known GID already defined?
group = getgrgid(config.PKI_DEPLOYMENT_DEFAULT_GID)[0]
# Yes, the default well-known GID exists!
config.pki_log.info(log.PKIHELPER_GROUP_ADD_DEFAULT_2,
group, config.PKI_DEPLOYMENT_DEFAULT_GID,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Attempt to create 'pki_group' using a random GID.
command = "/usr/sbin/groupadd" + " " + \
pki_group + " " + \
@@ -159,7 +159,7 @@ class Identity:
except KeyError as exc:
# No, the default well-known GID does not exist!
config.pki_log.debug(log.PKIHELPER_GROUP_ADD_GID_KEYERROR_1,
- exc, extra = config.PKI_INDENTATION_LEVEL_2)
+ exc, extra=config.PKI_INDENTATION_LEVEL_2)
# Is the specified 'pki_group' the default well-known group?
if pki_group == config.PKI_DEPLOYMENT_DEFAULT_GROUP:
# Yes, attempt to create the default well-known group
@@ -176,10 +176,10 @@ class Identity:
pki_group + " " + \
"> /dev/null 2>&1"
# Execute this "groupadd" command.
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return
@@ -190,19 +190,19 @@ class Identity:
pki_uid = getpwnam(pki_user)[2]
# Yes, user 'pki_user' exists!
config.pki_log.info(log.PKIHELPER_USER_ADD_2, pki_user, pki_uid,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# NOTE: For now, never check validity of specified 'pki_group'!
except KeyError as exc:
# No, user 'pki_user' does not exist!
config.pki_log.debug(log.PKIHELPER_USER_ADD_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
try:
# Is the default well-known UID already defined?
user = getpwuid(config.PKI_DEPLOYMENT_DEFAULT_UID)[0]
# Yes, the default well-known UID exists!
config.pki_log.info(log.PKIHELPER_USER_ADD_DEFAULT_2,
user, config.PKI_DEPLOYMENT_DEFAULT_UID,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Attempt to create 'pki_user' using a random UID.
command = "/usr/sbin/useradd" + " " + \
"-g" + " " + \
@@ -218,7 +218,7 @@ class Identity:
except KeyError as exc:
# No, the default well-known UID does not exist!
config.pki_log.debug(log.PKIHELPER_USER_ADD_UID_KEYERROR_1,
- exc, extra = config.PKI_INDENTATION_LEVEL_2)
+ exc, extra=config.PKI_INDENTATION_LEVEL_2)
# Is the specified 'pki_user' the default well-known user?
if pki_user == config.PKI_DEPLOYMENT_DEFAULT_USER:
# Yes, attempt to create the default well-known user
@@ -251,10 +251,10 @@ class Identity:
pki_user + " " + \
"> /dev/null 2>&1"
# Execute this "useradd" command.
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return
@@ -263,54 +263,54 @@ class Identity:
self.__add_uid(pki_user, pki_group)
return
- def get_uid(self, critical_failure = True):
+ def get_uid(self, critical_failure=True):
try:
pki_uid = self.master_dict['pki_uid']
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return pki_uid
- def get_gid(self, critical_failure = True):
+ def get_gid(self, critical_failure=True):
try:
pki_gid = self.master_dict['pki_gid']
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return pki_gid
- def set_uid(self, name, critical_failure = True):
+ def set_uid(self, name, critical_failure=True):
try:
config.pki_log.debug(log.PKIHELPER_USER_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# id -u <name>
pki_uid = getpwnam(name)[2]
self.master_dict['pki_uid'] = pki_uid
config.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return pki_uid
- def set_gid(self, name, critical_failure = True):
+ def set_gid(self, name, critical_failure=True):
try:
config.pki_log.debug(log.PKIHELPER_GROUP_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# id -g <name>
pki_gid = getgrnam(name)[2]
self.master_dict['pki_gid'] = pki_gid
config.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
except KeyError as exc:
config.pki_log.error(log.PKI_KEYERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return pki_gid
@@ -332,7 +332,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_path']))
else:
@@ -342,7 +342,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_target_tomcat_conf_instance_id'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_target_tomcat_conf_instance_id']))
if os.path.exists(self.master_dict['pki_cgroup_systemd_service']):
@@ -351,7 +351,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_cgroup_systemd_service_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_cgroup_systemd_service_path']))
if os.path.exists(self.master_dict['pki_cgroup_cpu_systemd_service']):
@@ -360,7 +360,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_cgroup_cpu_systemd_service_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_cgroup_cpu_systemd_service_path']))
if os.path.exists(self.master_dict['pki_instance_log_path']) and\
@@ -370,7 +370,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_log_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_log_path']))
if os.path.exists(self.master_dict['pki_instance_configuration_path']) and\
@@ -380,7 +380,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_configuration_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_configuration_path']))
if os.path.exists(self.master_dict['pki_instance_registry_path']) and\
@@ -390,7 +390,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_COLLISION_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path']))
# Run simple checks for reserved name namespace collisions
@@ -400,7 +400,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_path']))
# No need to check for reserved name under Top-Level PKI log path
@@ -410,7 +410,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_configuration_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_configuration_path']))
if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
@@ -421,7 +421,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path']))
elif self.master_dict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS:
@@ -432,7 +432,7 @@ class Namespace:
log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.master_dict['pki_instance_name'],
self.master_dict['pki_instance_registry_path']))
@@ -448,10 +448,10 @@ class ConfigurationFile:
# parameter that may be stored in a log file.
config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1,
self.master_dict['pki_configuration_url'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.info(log.PKI_CONFIGURATION_WIZARD_RESTART_1,
self.master_dict['pki_registry_initscript_command'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
def display_configuration_url(self):
# NOTE: This is the one and only parameter containing a sensitive
@@ -472,7 +472,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_password",
self.master_dict['pki_user_deployment_cfg']))
# Verify existence of Admin Password (except for Clones)
@@ -483,7 +483,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_admin_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_admin_password",
self.master_dict['pki_user_deployment_cfg']))
# If required, verify existence of Backup Password
@@ -494,7 +494,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_backup_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_backup_password",
self.master_dict['pki_user_deployment_cfg']))
# Verify existence of Client Pin for NSS client security databases
@@ -504,7 +504,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2,
"pki_client_database_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 % ("pki_client_database_password",
self.master_dict['pki_user_deployment_cfg']))
# Verify existence of Client PKCS #12 Password for Admin Cert
@@ -514,7 +514,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_client_pkcs12_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_client_pkcs12_password",
self.master_dict['pki_user_deployment_cfg']))
# Verify existence of PKCS #12 Password (ONLY for Clones)
@@ -525,7 +525,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password",
self.master_dict['pki_user_deployment_cfg']))
# Verify existence of Security Domain Password File
@@ -539,7 +539,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_security_domain_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_security_domain_password",
self.master_dict['pki_user_deployment_cfg']))
# If required, verify existence of Token Password
@@ -550,7 +550,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_token_password",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_token_password",
self.master_dict['pki_user_deployment_cfg']))
return
@@ -565,28 +565,28 @@ class ConfigurationFile:
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA,
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg'])
elif config.str2bool(self.master_dict['pki_clone']) and\
config.str2bool(self.master_dict['pki_external']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA,
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.master_dict['pki_user_deployment_cfg'])
elif config.str2bool(self.master_dict['pki_clone']) and\
config.str2bool(self.master_dict['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA,
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.master_dict['pki_user_deployment_cfg'])
elif config.str2bool(self.master_dict['pki_external']) and\
config.str2bool(self.master_dict['pki_subordinate']):
config.pki_log.error(
log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA,
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.master_dict['pki_user_deployment_cfg'])
def verify_predefined_configuration_file_data(self):
@@ -609,7 +609,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_base_dn",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_base_dn",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_ds_ldap_port') or\
@@ -621,7 +621,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldap_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldap_port",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_ds_ldaps_port') or\
@@ -633,7 +633,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ds_ldaps_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ds_ldaps_port",
self.master_dict['pki_user_deployment_cfg']))
# NOTE: Although this will be checked prior to getting to
@@ -650,7 +650,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_ajp_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_ajp_port",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_http_port') or\
@@ -662,7 +662,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_http_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_http_port",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_https_port') or\
@@ -674,7 +674,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_https_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_https_port",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_tomcat_server_port') or\
@@ -686,7 +686,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_tomcat_server_port",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_tomcat_server_port",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_clone_pkcs12_path') or\
@@ -695,14 +695,14 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_pkcs12_path",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_path",
self.master_dict['pki_user_deployment_cfg']))
elif not os.path.isfile(self.master_dict['pki_clone_pkcs12_path']):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
self.master_dict['pki_clone_pkcs12_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % "pki_clone_pkcs12_path")
if not self.master_dict.has_key('pki_clone_replication_security') or\
not len(self.master_dict['pki_clone_replication_security']):
@@ -710,7 +710,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_replication_security",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_replication_security",
self.master_dict['pki_user_deployment_cfg']))
if not self.master_dict.has_key('pki_clone_uri') or\
@@ -719,7 +719,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_clone_uri",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_uri",
self.master_dict['pki_user_deployment_cfg']))
elif self.master_dict['pki_subsystem'] == "CA" and\
@@ -730,7 +730,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_step_two",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_step_two",
self.master_dict['pki_user_deployment_cfg']))
if not config.str2bool(self.master_dict['pki_external_step_two']):
@@ -741,7 +741,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_csr_path",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_csr_path",
self.master_dict['pki_user_deployment_cfg']))
elif os.path.exists(self.master_dict['pki_external_csr_path']) and\
@@ -749,7 +749,7 @@ class ConfigurationFile:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
self.master_dict['pki_external_csr_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_csr_path")
else:
# External CA (Step 2)
@@ -759,7 +759,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_chain_path",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_chain_path",
self.master_dict['pki_user_deployment_cfg']))
elif os.path.exists(
@@ -769,7 +769,7 @@ class ConfigurationFile:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
self.master_dict['pki_external_ca_cert_chain_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_chain_path")
if not self.master_dict.has_key('pki_external_ca_cert_path') or\
not len(self.master_dict['pki_external_ca_cert_path']):
@@ -777,7 +777,7 @@ class ConfigurationFile:
log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2,
"pki_external_ca_cert_path",
self.master_dict['pki_user_deployment_cfg'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_extrenal_ca_cert_path",
self.master_dict['pki_user_deployment_cfg']))
elif os.path.exists(self.master_dict['pki_external_ca_cert_path']) and\
@@ -786,7 +786,7 @@ class ConfigurationFile:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
self.master_dict['pki_external_ca_cert_path'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % "pki_extrenal_ca_cert_path")
return
@@ -814,7 +814,7 @@ class ConfigurationFile:
if not bool(selinux.is_selinux_enabled()):
config.pki_log.error(
log.PKIHELPER_SELINUX_DISABLED,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
return
portrecs = seobject.portRecords().get_all()
@@ -841,7 +841,7 @@ class ConfigurationFile:
config.pki_log.error(
log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
port, context,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context))
return
@@ -855,7 +855,7 @@ class ConfigurationFile:
log.PKIHELPER_COMMAND_LINE_PARAMETER_MISMATCH_2,
self.master_dict['pki_deployed_instance_name'],
self.master_dict['pki_instance_name'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.master_dict['pki_deployed_instance_name'],
self.master_dict['pki_instance_name']))
return
@@ -909,10 +909,10 @@ class Instance:
rv = rv + 1
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2,
self.master_dict['pki_instance_path'],
- rv, extra = config.PKI_INDENTATION_LEVEL_2)
+ rv, extra=config.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return rv
@@ -936,10 +936,10 @@ class Instance:
config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2,
self.master_dict['pki_instance_type_registry_path'],
rv,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return rv
@@ -964,10 +964,10 @@ class Instance:
rv = rv + 1
config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2,
self.master_dict['pki_instance_path'], rv,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return rv
@@ -981,7 +981,7 @@ class Instance:
rv.append(subsystem)
except OSErr as e:
config.pki_log.error(log.PKI_OSERROR_1, str(e),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return rv
@@ -1005,10 +1005,10 @@ class Instance:
config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2,
self.master_dict['pki_instance_type_registry_path'],
rv,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return rv
@@ -1018,12 +1018,12 @@ class Instance:
config.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2,
self.master_dict['pki_subsystem'],
self.master_dict['pki_instance_name'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'],
self.master_dict['pki_instance_name']))
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
def verify_subsystem_does_not_exist(self):
@@ -1032,34 +1032,34 @@ class Instance:
config.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2,
self.master_dict['pki_subsystem'],
self.master_dict['pki_instance_name'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.master_dict['pki_subsystem'],
self.master_dict['pki_instance_name']))
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
def get_instance_status(self):
self.connection = pki.client.PKIConnection(
- protocol = 'https',
- hostname = self.master_dict['pki_hostname'],
- port = self.master_dict['pki_https_port'],
- subsystem = self.master_dict['pki_subsystem_type'],
- accept = 'application/xml')
+ protocol='https',
+ hostname=self.master_dict['pki_hostname'],
+ port=self.master_dict['pki_https_port'],
+ subsystem=self.master_dict['pki_subsystem_type'],
+ accept='application/xml')
try:
client = pki.system.SystemStatusClient(self.connection)
response = client.getStatus()
config.pki_log.debug(response,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
root = ET.fromstring(response)
status = root.findtext("Status")
return status
except requests.exceptions.ConnectionError:
config.pki_log.debug("No connection",
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
return None
def wait_for_startup(self, timeout):
@@ -1080,18 +1080,18 @@ class Directory:
self.master_dict = deployer.master_dict
self.identity = deployer.identity
- def create(self, name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- acls = None, critical_failure = True):
+ def create(self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# mkdir -p <name>
config.pki_log.info(log.PKIHELPER_MKDIR_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
os.makedirs(name)
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1100,7 +1100,7 @@ class Directory:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1116,7 +1116,7 @@ class Directory:
elif not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name)
except OSError as exc:
@@ -1124,30 +1124,30 @@ class Directory:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def modify(self, name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- acls = None, silent = False, critical_failure = True):
+ def modify(self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ acls=None, silent=False, critical_failure=True):
try:
if os.path.exists(name):
if not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1,
- name, extra = config.PKI_INDENTATION_LEVEL_2)
+ name, extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name)
# Always re-process each directory whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# chmod <perms> <name>
if not silent:
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1157,7 +1157,7 @@ class Directory:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1174,37 +1174,37 @@ class Directory:
else:
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
- raise Exception(log.PKI_DIRECTORY_NISSING_OR_NOT_A_DIRECTORY_1 % name)
+ raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def delete(self, name, recursive_flag = True, critical_failure = True):
+ def delete(self, name, recursive_flag=True, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isdir(name):
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
else:
if recursive_flag == True:
# rm -rf <name>
config.pki_log.info(log.PKIHELPER_RM_RF_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
shutil.rmtree(name)
else:
# rmdir <name>
config.pki_log.info(log.PKIHELPER_RMDIR_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
os.rmdir(name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -1217,41 +1217,41 @@ class Directory:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
def is_empty(self, name):
try:
if not os.listdir(name):
config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_EMPTY_1,
- name, extra = config.PKI_INDENTATION_LEVEL_2)
+ name, extra=config.PKI_INDENTATION_LEVEL_2)
return True
else:
config.pki_log.debug(log.PKIHELPER_DIRECTORY_IS_NOT_EMPTY_1,
- name, extra = config.PKI_INDENTATION_LEVEL_2)
+ name, extra=config.PKI_INDENTATION_LEVEL_2)
return False
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
- def set_mode(self, name, uid = None, gid = None,
- dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- symlink_perms = \
+ def set_mode(self, name, uid=None, gid=None,
+ dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ symlink_perms=\
config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
- dir_acls = None, file_acls = None, symlink_acls = None,
- recursive_flag = True, critical_failure = True):
+ dir_acls=None, file_acls=None, symlink_acls=None,
+ recursive_flag=True, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isdir(name):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name)
else:
config.pki_log.info(
log.PKIHELPER_SET_MODE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if uid == None:
uid = self.identity.get_uid()
if gid == None:
@@ -1264,16 +1264,16 @@ class Directory:
file = entity
config.pki_log.debug(
log.PKIHELPER_IS_A_FILE_1, file,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
# chmod <file_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
file_perms, file,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(file, file_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, file,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(file, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1290,7 +1290,7 @@ class Directory:
symlink = entity
config.pki_log.debug(
log.PKIHELPER_IS_A_SYMLINK_1, symlink,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
# REMINDER: Due to POSIX compliance, 'lchmod'
# is NEVER implemented on Linux
# systems since 'chmod' CANNOT be
@@ -1299,7 +1299,7 @@ class Directory:
# chown -h <uid>:<gid> <symlink>
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, symlink,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.lchown(symlink, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1316,16 +1316,16 @@ class Directory:
dir = os.path.join(root, name)
config.pki_log.debug(
log.PKIHELPER_IS_A_DIRECTORY_1, dir,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
# chmod <dir_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
dir_perms, dir,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(dir, dir_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, dir,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(dir, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1341,17 +1341,17 @@ class Directory:
else:
config.pki_log.debug(
log.PKIHELPER_IS_A_DIRECTORY_1, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
name = os.path.join(root, name)
# chmod <dir_perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
dir_perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, dir_perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1366,34 +1366,34 @@ class Directory:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
- def copy(self, old_name, new_name, uid = None, gid = None,
- dir_perms = config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
- file_perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- symlink_perms = config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
- dir_acls = None, file_acls = None, symlink_acls = None,
- recursive_flag = True, overwrite_flag = False, critical_failure = True):
+ def copy(self, old_name, new_name, uid=None, gid=None,
+ dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS,
+ file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS,
+ dir_acls=None, file_acls=None, symlink_acls=None,
+ recursive_flag=True, overwrite_flag=False, critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isdir(old_name):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name)
if recursive_flag == True:
# cp -rp <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_RP_2,
old_name, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Due to a limitation in the 'shutil.copytree()'
# implementation which requires that
# 'The destination directory must not already exist.',
@@ -1406,7 +1406,7 @@ class Directory:
# cp -p <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_P_2,
old_name, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
shutil.copy2(old_name, new_name)
# set ownerships, permissions, and acls
# of newly created top-level directory
@@ -1420,12 +1420,12 @@ class Directory:
recursive_flag, critical_failure)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -1438,18 +1438,18 @@ class File:
self.slots = deployer.slots
self.identity = deployer.identity
- def create(self, name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls = None, critical_failure = True):
+ def create(self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# touch <name>
config.pki_log.info(log.PKIHELPER_TOUCH_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
open(name, "w").close()
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1458,7 +1458,7 @@ class File:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1474,7 +1474,7 @@ class File:
elif not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
except OSError as exc:
@@ -1482,30 +1482,30 @@ class File:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def modify(self, name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls = None, silent = False, critical_failure = True):
+ def modify(self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, silent=False, critical_failure=True):
try:
if os.path.exists(name):
if not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1,
- name, extra = config.PKI_INDENTATION_LEVEL_2)
+ name, extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
# Always re-process each file whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# chmod <perms> <name>
if not silent:
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1515,7 +1515,7 @@ class File:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1532,31 +1532,31 @@ class File:
else:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def delete(self, name, critical_failure = True):
+ def delete(self, name, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isfile(name):
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
else:
# rm -f <name>
config.pki_log.info(log.PKIHELPER_RM_F_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
os.remove(name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -1569,29 +1569,29 @@ class File:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
- def copy(self, old_name, new_name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls = None,
- overwrite_flag = False, critical_failure = True):
+ def copy(self, old_name, new_name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None,
+ overwrite_flag=False, critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isfile(old_name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
# cp -p <old_name> <new_name>
config.pki_log.info(log.PKIHELPER_CP_P_2,
old_name, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
shutil.copy2(old_name, new_name)
if uid == None:
uid = self.identity.get_uid()
@@ -1600,12 +1600,12 @@ class File:
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, new_name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(new_name, perms)
# chown <uid>:<gid> <new_name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, new_name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(new_name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1620,37 +1620,37 @@ class File:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def apply_slot_substitution(
- self, name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls = None, critical_failure = True):
+ self, name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, critical_failure=True):
try:
if not os.path.exists(name) or not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name)
# applying in-place slot substitutions on <name>
config.pki_log.info(log.PKIHELPER_APPLY_SLOT_SUBSTITUTION_1,
name,
- extra = config.PKI_INDENTATION_LEVEL_2)
- for line in fileinput.FileInput(name, inplace = 1):
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ for line in fileinput.FileInput(name, inplace=1):
for slot in self.slots:
if slot != '__name__' and self.slots[slot] in line:
config.pki_log.debug(
log.PKIHELPER_SLOT_SUBSTITUTION_2,
self.slots[slot], self.master_dict[slot],
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
line = line.replace(self.slots[slot], self.master_dict[slot])
sys.stdout.write(line)
if uid == None:
@@ -1660,12 +1660,12 @@ class File:
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1680,38 +1680,38 @@ class File:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def copy_with_slot_substitution(
- self, old_name, new_name, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls = None, overwrite_flag = False,
- critical_failure = True):
+ self, old_name, new_name, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, overwrite_flag=False,
+ critical_failure=True):
try:
if not os.path.exists(old_name) or not os.path.isfile(old_name):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, old_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % old_name)
else:
if os.path.exists(new_name):
if not overwrite_flag:
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_1, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name)
# copy <old_name> to <new_name> with slot substitutions
config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2,
old_name, new_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
with open(new_name, "w") as FILE:
for line in fileinput.FileInput(old_name):
for slot in self.slots:
@@ -1719,7 +1719,7 @@ class File:
config.pki_log.debug(
log.PKIHELPER_SLOT_SUBSTITUTION_2,
self.slots[slot], self.master_dict[slot],
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
line = line.replace(self.slots[slot], self.master_dict[slot])
FILE.write(line)
if uid == None:
@@ -1729,12 +1729,12 @@ class File:
# chmod <perms> <new_name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2,
perms, new_name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(new_name, perms)
# chown <uid>:<gid> <new_name>
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, new_name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(new_name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1749,33 +1749,33 @@ class File:
manifest.database.append(record)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except shutil.Error as exc:
config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def generate_noise_file(self, name, bytes, uid = None, gid = None,
- perms = config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
- acls = None, critical_failure = True):
+ def generate_noise_file(self, name, bytes, uid=None, gid=None,
+ perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS,
+ acls=None, critical_failure=True):
try:
if not os.path.exists(name):
# generating noise file called <name> and
# filling it with <bytes> random bytes
config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, bytes,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
open(name, "w").close()
with open(name, "w") as FILE:
- noise = ''.join(random.choice(string.ascii_letters +\
+ noise = ''.join(random.choice(string.ascii_letters + \
string.digits) for x in range(bytes))
FILE.write(noise)
# chmod <perms> <name>
config.pki_log.debug(log.PKIHELPER_CHMOD_2, perms, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chmod(name, perms)
# chown <uid>:<gid> <name>
if uid == None:
@@ -1784,7 +1784,7 @@ class File:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_3,
uid, gid, name,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.chown(name, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1800,7 +1800,7 @@ class File:
elif not os.path.isfile(name):
config.pki_log.error(
log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name)
except OSError as exc:
@@ -1808,7 +1808,7 @@ class File:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -1820,19 +1820,19 @@ class Symlink:
self.master_dict = deployer.master_dict
self.identity = deployer.identity
- def create(self, name, link, uid = None, gid = None,
- acls = None, allow_dangling_symlink = False, critical_failure = True):
+ def create(self, name, link, uid=None, gid=None,
+ acls=None, allow_dangling_symlink=False, critical_failure=True):
try:
if not os.path.exists(link):
if not os.path.exists(name):
config.pki_log.warning(
log.PKIHELPER_DANGLING_SYMLINK_2, link, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if not allow_dangling_symlink:
raise Exception("Dangling symlink " + link + " not allowed")
# ln -s <name> <link>
config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
os.symlink(name, link)
# REMINDER: Due to POSIX compliance, 'lchmod' is NEVER
# implemented on Linux systems since 'chmod'
@@ -1844,7 +1844,7 @@ class Symlink:
gid = self.identity.get_gid()
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, link,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.lchown(link, uid, gid)
# Store record in installation manifest
record = manifest.record()
@@ -1861,7 +1861,7 @@ class Symlink:
elif not os.path.islink(link):
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link)
except OSError as exc:
@@ -1869,25 +1869,25 @@ class Symlink:
pass
else:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def modify(self, link, uid = None, gid = None,
- acls = None, silent = False, critical_failure = True):
+ def modify(self, link, uid=None, gid=None,
+ acls=None, silent=False, critical_failure=True):
try:
if os.path.exists(link):
if not os.path.islink(link):
config.pki_log.error(
log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1,
- link, extra = config.PKI_INDENTATION_LEVEL_2)
+ link, extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link)
# Always re-process each link whether it needs it or not
if not silent:
config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# REMINDER: Due to POSIX compliance, 'lchmod' is NEVER
# implemented on Linux systems since 'chmod'
# CANNOT be run directly against symbolic links!
@@ -1899,7 +1899,7 @@ class Symlink:
if not silent:
config.pki_log.debug(log.PKIHELPER_CHOWN_H_3,
uid, gid, link,
- extra = config.PKI_INDENTATION_LEVEL_3)
+ extra=config.PKI_INDENTATION_LEVEL_3)
os.lchown(link, uid, gid)
# Store record in installation manifest
if not silent:
@@ -1917,31 +1917,31 @@ class Symlink:
else:
config.pki_log.error(
log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def delete(self, link, critical_failure = True):
+ def delete(self, link, critical_failure=True):
try:
if not os.path.exists(link) or not os.path.islink(link):
# Simply issue a warning and continue
config.pki_log.warning(
log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
else:
# rm -f <link>
config.pki_log.info(log.PKIHELPER_RM_F_1, link,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
os.remove(link)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -1954,7 +1954,7 @@ class Symlink:
return True
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
class War:
@@ -1963,24 +1963,24 @@ class War:
def __init__(self, deployer):
self.master_dict = deployer.master_dict
- def explode(self, name, path, critical_failure = True):
+ def explode(self, name, path, critical_failure=True):
try:
if os.path.exists(name) and os.path.isfile(name):
if not zipfile.is_zipfile(name):
config.pki_log.error(
log.PKI_FILE_NOT_A_WAR_FILE_1,
- name, extra = config.PKI_INDENTATION_LEVEL_2)
+ name, extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name)
if not os.path.exists(path) or not os.path.isdir(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
- path, extra = config.PKI_INDENTATION_LEVEL_2)
+ path, extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path)
# jar -xf <name> -C <path>
config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Open war file
war = zipfile.ZipFile(name, 'r')
# Extract contents of war file to path
@@ -1988,22 +1988,22 @@ class War:
else:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name)
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except zipfile.BadZipfile as exc:
config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except zipfile.LargeZipFile as exc:
config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -2014,14 +2014,14 @@ class Password:
def __init__(self, deployer):
self.master_dict = deployer.master_dict
- def create_password_conf(self, path, pin, pin_sans_token = False,
- overwrite_flag = False, critical_failure = True):
+ def create_password_conf(self, path, pin, pin_sans_token=False,
+ overwrite_flag=False, critical_failure=True):
try:
if os.path.exists(path):
if overwrite_flag:
config.pki_log.info(
log.PKIHELPER_PASSWORD_CONF_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# overwrite the existing 'password.conf' file
with open(path, "wt") as fd:
if pin_sans_token == True:
@@ -2036,7 +2036,7 @@ class Password:
fd.closed
else:
config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# create a new 'password.conf' file
with open(path, "wt") as fd:
if pin_sans_token == True:
@@ -2051,38 +2051,38 @@ class Password:
fd.closed
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def create_client_pkcs12_password_conf(self, path, overwrite_flag = False,
- critical_failure = True):
+ def create_client_pkcs12_password_conf(self, path, overwrite_flag=False,
+ critical_failure=True):
try:
if os.path.exists(path):
if overwrite_flag:
config.pki_log.info(
log.PKIHELPER_PASSWORD_CONF_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# overwrite the existing 'pkcs12_password.conf' file
with open(path, "wt") as fd:
fd.write(self.master_dict['pki_client_pkcs12_password'])
fd.closed
else:
config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# create a new 'pkcs12_password.conf' file
with open(path, "wt") as fd:
fd.write(self.master_dict['pki_client_pkcs12_password'])
fd.closed
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def get_password(self, path, token_name, critical_failure = True):
+ def get_password(self, path, token_name, critical_failure=True):
if os.path.exists(path) and os.path.isfile(path) and\
os.access(path, os.R_OK):
tokens = PKIConfigParser.read_simple_configuration_file(path)
@@ -2097,7 +2097,7 @@ class Password:
# TODO prompt for this password
config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1,
token_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name)
else:
@@ -2112,8 +2112,8 @@ class Certutil:
def create_security_databases(self, path, pki_cert_database,
pki_key_database, pki_secmod_database,
- password_file = None, prefix = None,
- critical_failure = True):
+ password_file=None, prefix=None,
+ critical_failure=True):
try:
# Compose this "certutil" command
command = "certutil" + " " + "-N"
@@ -2123,7 +2123,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH)
if password_file != None:
command = command + " " + "-f" + " " + password_file
@@ -2132,7 +2132,7 @@ class Certutil:
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if os.path.exists(pki_cert_database) or\
os.path.exists(pki_key_database) or\
@@ -2143,7 +2143,7 @@ class Certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
else:
if password_file != None:
if not os.path.exists(password_file) or\
@@ -2151,31 +2151,31 @@ class Certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CREATE_SECURITY_DATABASES_1,
command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Execute this "certutil" command
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def verify_certificate_exists(self, path, pki_cert_database,
pki_key_database, pki_secmod_database,
- token, nickname, password_file = None,
- silent = True):
+ token, nickname, password_file=None,
+ silent=True, critical_failure=True):
rv = 0
try:
# Compose this "certutil" command
@@ -2186,7 +2186,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH)
# Specify the 'token'
if token:
@@ -2194,7 +2194,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN)
# Specify the nickname of this self-signed certificate
if nickname:
@@ -2202,7 +2202,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME)
# OPTIONALLY specify a password file
if password_file != None:
@@ -2213,7 +2213,7 @@ class Certutil:
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
@@ -2224,7 +2224,7 @@ class Certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database,
pki_key_database, pki_secmod_database))
if password_file != None:
@@ -2233,15 +2233,15 @@ class Certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Execute this "certutil" command
- subprocess.check_call(command, shell = True)
+ subprocess.check_call(command, shell=True)
except subprocess.CalledProcessError as exc:
return False
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return True
@@ -2252,8 +2252,8 @@ class Certutil:
subject, serial_number,
validity_period, issuer_name,
trustargs, noise_file,
- password_file = None,
- critical_failure = True):
+ password_file=None,
+ critical_failure=True):
try:
# Compose this "certutil" command
command = "certutil" + " " + "-S"
@@ -2263,7 +2263,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PATH,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH)
# Specify the 'token'
if token:
@@ -2271,7 +2271,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN)
# Specify the nickname of this self-signed certificate
if nickname:
@@ -2279,7 +2279,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME)
# Specify the subject name (RFC1485)
if subject:
@@ -2287,7 +2287,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_SUBJECT,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT)
# Specify the serial number
if serial_number != None:
@@ -2295,7 +2295,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER)
# Specify the months valid
if validity_period != None:
@@ -2303,7 +2303,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD)
# Specify the nickname of the issuer certificate
if issuer_name:
@@ -2312,7 +2312,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_ISSUER_NAME)
# Specify the certificate trust attributes
if trustargs:
@@ -2320,7 +2320,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS)
# Specify a noise file to be used for key generation
if noise_file:
@@ -2328,7 +2328,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE)
# OPTIONALLY specify a password file
if password_file != None:
@@ -2340,11 +2340,11 @@ class Certutil:
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if not os.path.exists(path):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path)
if not os.path.exists(pki_cert_database) or\
not os.path.exists(pki_key_database) or\
@@ -2355,14 +2355,14 @@ class Certutil:
pki_cert_database,
pki_key_database,
pki_secmod_database,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database,
pki_key_database, pki_secmod_database))
if not os.path.exists(noise_file):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
noise_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
if password_file != None:
if not os.path.exists(password_file) or\
@@ -2370,24 +2370,24 @@ class Certutil:
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Execute this "certutil" command
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def import_cert(self, nickname, trust, input_file, password_file,
- path = None, token = None, critical_failure = True):
+ path=None, token=None, critical_failure=True):
try:
command = ["certutil", "-A"]
if path:
@@ -2401,7 +2401,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME)
if trust:
@@ -2409,7 +2409,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TRUSTARGS)
if input_file:
@@ -2417,7 +2417,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_INPUT_FILE)
if password_file:
@@ -2425,29 +2425,29 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE)
config.pki_log.info(command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
subprocess.call(command)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def generate_certificate_request(self, subject, key_size,
password_file, noise_file,
- output_file = None, path = None,
- ascii_format = None, token = None,
- critical_failure = True):
+ output_file=None, path=None,
+ ascii_format=None, token=None,
+ critical_failure=True):
try:
command = ["certutil", "-R"]
if path:
@@ -2463,7 +2463,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_SUBJECT,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT)
if key_size:
@@ -2474,7 +2474,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE)
if password_file:
@@ -2482,7 +2482,7 @@ class Certutil:
else:
config.pki_log.error(
log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE)
if output_file:
@@ -2495,31 +2495,31 @@ class Certutil:
# Display this "certutil" command
config.pki_log.info(
log.PKIHELPER_CERTUTIL_GENERATE_CSR_1, command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if not os.path.exists(noise_file):
config.pki_log.error(
log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1,
noise_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file)
if not os.path.exists(password_file) or\
not os.path.isfile(password_file):
config.pki_log.error(
log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
password_file,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file)
# Execute this "certutil" command
with open(os.devnull, "w") as fnull:
- subprocess.call(command, stdout = fnull, stderr = fnull)
+ subprocess.call(command, stdout=fnull, stderr=fnull)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -2531,7 +2531,7 @@ class PK12util:
self.master_dict = deployer.master_dict
def create_file(self, out_file, nickname, out_pwfile,
- db_pwfile, path = None):
+ db_pwfile, path=None, critical_failure=True):
try:
command = ["pk12util"]
if path:
@@ -2541,42 +2541,42 @@ class PK12util:
else:
config.pki_log.error(
log.PKIHELPER_PK12UTIL_MISSING_OUTFILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTFILE)
if nickname:
command.extend(["-n", nickname])
else:
config.pki_log.error(
log.PKIHELPER_PK12UTIL_MISSING_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_PK12UTIL_MISSING_NICKNAME)
if out_pwfile:
command.extend(["-w", out_pwfile])
else:
config.pki_log.error(
- log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
- raise Exception(log.PKIHELPER_PK12UTIL_MISSING_OUTPWFILE)
+ log.PKIHELPER_PK12UTIL_MISSING_PWFILE,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ raise Exception(log.PKIHELPER_PK12UTIL_MISSING_PWFILE)
if db_pwfile:
command.extend(["-k", db_pwfile])
else:
config.pki_log.error(
log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE)
config.pki_log.info(command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
with open(os.devnull, "w") as fnull:
- subprocess.call(command, stdout = fnull, stderr = fnull)
+ subprocess.call(command, stdout=fnull, stderr=fnull)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -2588,7 +2588,7 @@ class KRAConnector:
self.master_dict = deployer.master_dict
self.password = deployer.password
- def deregister(self, critical_failure = False):
+ def deregister(self, critical_failure=False):
try:
# this is applicable to KRAs only
if self.master_dict['pki_subsystem_type'] != "kra":
@@ -2596,7 +2596,7 @@ class KRAConnector:
config.pki_log.info(
log.PKIHELPER_KRACONNECTOR_UPDATE_CONTACT,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
cs_cfg = PKIConfigParser.read_simple_configuration_file(
self.master_dict['pki_target_cs_cfg'])
@@ -2608,10 +2608,10 @@ class KRAConnector:
caport is None:
config.pki_log.warning(
log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_UNDEFINED_CA_HOST_PORT,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT)
else:
@@ -2622,10 +2622,10 @@ class KRAConnector:
if subsystemnick is None:
config.pki_log.warning(
log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME)
else:
@@ -2645,11 +2645,11 @@ class KRAConnector:
if token_pwd is None or token_pwd == '':
config.pki_log.warning(
log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1,
token_name,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name)
else:
@@ -2663,15 +2663,15 @@ class KRAConnector:
log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2,
str(krahost),
str(kraport),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
def execute_using_pki(self, caport, cahost, subsystemnick,
- token_pwd, krahost, kraport, critical_failure = False):
+ token_pwd, krahost, kraport, critical_failure=False):
command = "/bin/pki -p '{}' -h '{}' -n '{}' -P https -d '{}' -c '{}' "\
"kraconnector-del {} {}".format(
caport, cahost, subsystemnick,
@@ -2679,8 +2679,8 @@ class KRAConnector:
token_pwd, krahost, kraport)
output = subprocess.check_output(command,
- stderr = subprocess.STDOUT,
- shell = True)
+ stderr=subprocess.STDOUT,
+ shell=True)
error = re.findall("ClientResponseFailure:(.*?)", output)
if error:
@@ -2688,9 +2688,9 @@ class KRAConnector:
log.PKIHELPER_KRACONNECTOR_UPDATE_FAILURE_2,
str(krahost),
str(kraport),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output)
@@ -2714,8 +2714,8 @@ class KRAConnector:
# Note that sslget will return non-zero value for HTTP code != 200
# and this will raise an exception
output = subprocess.check_output(command,
- stderr = subprocess.STDOUT,
- shell = True)
+ stderr=subprocess.STDOUT,
+ shell=True)
class SecurityDomain:
"""PKI Deployment Security Domain Class"""
@@ -2724,7 +2724,7 @@ class SecurityDomain:
self.master_dict = deployer.master_dict
self.password = deployer.password
- def deregister(self, install_token, critical_failure = False):
+ def deregister(self, install_token, critical_failure=False):
# process this PKI subsystem instance's 'CS.cfg'
cs_cfg = PKIConfigParser.read_simple_configuration_file(
self.master_dict['pki_target_cs_cfg'])
@@ -2754,10 +2754,10 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED)
else:
@@ -2765,7 +2765,7 @@ class SecurityDomain:
config.pki_log.info(log.PKIHELPER_SECURITY_DOMAIN_CONTACT_1,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
listval = typeval.lower() + "List"
urlheader = "https://{}:{}".format(sechost, seceeport)
urlagentheader = "https://{}:{}".format(sechost, secagentport)
@@ -2793,13 +2793,13 @@ class SecurityDomain:
params, adminUpdateURL,
sechost, secadminport)
output = subprocess.check_output(command,
- stderr = subprocess.STDOUT,
- shell = True)
+ stderr=subprocess.STDOUT,
+ shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
output = self.update_domain_using_agent_port(typeval,
secname, params, updateURL, sechost, secagentport,
critical_failure)
@@ -2816,14 +2816,14 @@ class SecurityDomain:
config.pki_log.debug(log.PKIHELPER_SSLGET_OUTPUT_1,
output,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Search the output for Status
status = re.findall("\<Status\>(.*?)\<\/Status\>", output)
if not status:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname)
elif status[0] != "0":
@@ -2834,13 +2834,13 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UNREGISTERED_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3,
typeval,
secname,
error,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3
%
@@ -2850,10 +2850,10 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
def update_domain_using_agent_port(self, typeval, secname, params,
- updateURL, sechost, secagentport, critical_failure = False):
+ updateURL, sechost, secagentport, critical_failure=False):
token_pwd = None
cs_cfg = PKIConfigParser.read_simple_configuration_file(
self.master_dict['pki_target_cs_cfg'])
@@ -2865,10 +2865,10 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(
log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME)
else:
@@ -2890,7 +2890,7 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2
%
@@ -2906,28 +2906,28 @@ class SecurityDomain:
sechost, secagentport)
try:
output = subprocess.check_output(command,
- stderr = subprocess.STDOUT,
- shell = True)
+ stderr=subprocess.STDOUT,
+ shell=True)
return output
except subprocess.CalledProcessError as exc:
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2,
typeval,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.warning(
log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1,
secname,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return None
- def get_installation_token(self, secuser, secpass, critical_failure = True):
+ def get_installation_token(self, secuser, secpass, critical_failure=True):
token = None
if not secuser or not secpass:
@@ -2952,8 +2952,8 @@ class SecurityDomain:
machinename, cstype)
try:
output = subprocess.check_output(command,
- stderr = subprocess.STDOUT,
- shell = True)
+ stderr=subprocess.STDOUT,
+ shell=True)
token_list = re.findall("Install token: \"(.*)\"", output)
if not token_list:
@@ -2961,9 +2961,9 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2,
str(sechost),
str(secadminport),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2
%
@@ -2976,9 +2976,9 @@ class SecurityDomain:
log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2,
str(sechost),
str(secadminport),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return None
@@ -2989,7 +2989,7 @@ class Systemd:
def __init__(self, deployer):
self.master_dict = deployer.master_dict
- def start(self, critical_failure = True):
+ def start(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
@@ -3005,17 +3005,17 @@ class Systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def stop(self, critical_failure = True):
+ def stop(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
@@ -3031,17 +3031,17 @@ class Systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
- def restart(self, critical_failure = True):
+ def restart(self, critical_failure=True):
try:
# Compose this "systemd" execution management command
if self.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
@@ -3057,12 +3057,12 @@ class Systemd:
# Display this "systemd" execution managment command
config.pki_log.info(
log.PKIHELPER_SYSTEMD_COMMAND_1, command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Execute this "systemd" execution management command
- subprocess.call(command, shell = True)
+ subprocess.call(command, shell=True)
except subprocess.CalledProcessError as exc:
config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
if critical_failure == True:
raise
return
@@ -3077,13 +3077,13 @@ class ConfigClient:
def configure_pki_data(self, data):
config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
self.connection = pki.client.PKIConnection(
- protocol = 'https',
- hostname = self.master_dict['pki_hostname'],
- port = self.master_dict['pki_https_port'],
- subsystem = self.master_dict['pki_subsystem_type'])
+ protocol='https',
+ hostname=self.master_dict['pki_hostname'],
+ port=self.master_dict['pki_https_port'],
+ subsystem=self.master_dict['pki_subsystem_type'])
try:
client = pki.system.SystemConfigClient(self.connection)
@@ -3091,7 +3091,7 @@ class ConfigClient:
config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \
" " + str(response['status']),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
try:
certs = response['systemCerts']
except KeyError:
@@ -3110,12 +3110,12 @@ class ConfigClient:
if cdata['tag'].lower() == "signing":
config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \
" " + cdata['request'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Save 'External CA Signing Certificate' CSR (Step 1)
config.pki_log.info(log.PKI_CONFIG_EXTERNAL_CSR_SAVE + \
" '" + self.master_dict['pki_external_csr_path'] + "'",
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
self.deployer.directory.create(
os.path.dirname(self.master_dict['pki_external_csr_path']))
with open(self.master_dict['pki_external_csr_path'], "w") as f:
@@ -3124,13 +3124,13 @@ class ConfigClient:
else:
config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \
" " + cdata['tag'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \
" " + cdata['cert'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \
" " + cdata['request'],
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Cloned PKI subsystems do not return an Admin Certificate
if not config.str2bool(self.master_dict['pki_clone']) and \
@@ -3145,32 +3145,32 @@ class ConfigClient:
message = root.findall('.//Message')[0].text
if message is not None:
config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
config.pki_log.error(
log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e),
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
raise
return
def process_admin_cert(self, admin_cert):
config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \
" " + admin_cert,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
# Store the Administration Certificate in a file
admin_cert_file = self.master_dict['pki_client_admin_cert']
admin_cert_bin_file = admin_cert_file + ".der"
config.pki_log.debug(log.PKI_CONFIG_ADMIN_CERT_SAVE + \
" '" + admin_cert_file + "'",
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
with open(admin_cert_file, "w") as f:
f.write(admin_cert)
# convert the cert file to binary
command = ["AtoB", admin_cert_file, admin_cert_bin_file]
config.pki_log.info(command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
subprocess.call(command)
os.chmod(admin_cert_file,
@@ -3209,7 +3209,7 @@ class ConfigClient:
def construct_pki_configuration_data(self):
config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
data = pki.system.ConfigurationRequest()
@@ -3445,7 +3445,7 @@ class ConfigClient:
# convert output to ascii
command = ["BtoA", output_file, output_file + ".asc"]
config.pki_log.info(command,
- extra = config.PKI_INDENTATION_LEVEL_2)
+ extra=config.PKI_INDENTATION_LEVEL_2)
subprocess.call(command)
with open(output_file + ".asc") as f:
@@ -3499,7 +3499,7 @@ class ConfigClient:
class PKIDeployer:
"""Holds the global dictionaries and the utility objects"""
- def __init__(self, pki_master_dict, pki_slots_dict = None):
+ def __init__(self, pki_master_dict, pki_slots_dict=None):
# Global dictionary variables
self.master_dict = pki_master_dict
self.slots = pki_slots_dict
diff --git a/base/server/src/engine/pkilogging.py b/base/server/src/engine/pkilogging.py
index 319616145..b73650ee5 100644
--- a/base/server/src/engine/pkilogging.py
+++ b/base/server/src/engine/pkilogging.py
@@ -57,8 +57,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name):
# Configure console handler
console = logging.StreamHandler()
console.setLevel(console_log_level)
- console_format = logging.Formatter('%(name)-12s: ' +\
- '%(levelname)-8s ' +\
+ console_format = logging.Formatter('%(name)-12s: ' + \
+ '%(levelname)-8s ' + \
'%(indent)s%(message)s')
console.setFormatter(console_format)
logger.addHandler(console)
@@ -66,8 +66,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name):
# Configure file handler
file = logging.FileHandler(log_dir + "/" + log_name, 'w')
file.setLevel(log_level)
- file_format = logging.Formatter('%(asctime)s %(name)-12s: ' +\
- '%(levelname)-8s ' +\
+ file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + \
+ '%(levelname)-8s ' + \
'%(indent)s%(message)s',
'%Y-%m-%d %H:%M:%S')
file.setFormatter(file_format)
diff --git a/base/server/src/engine/pkimanifest.py b/base/server/src/engine/pkimanifest.py
index addc5a7d8..aaabbf5fd 100644
--- a/base/server/src/engine/pkimanifest.py
+++ b/base/server/src/engine/pkimanifest.py
@@ -79,7 +79,7 @@ class file:
c.writerow(tuple(record))
except IOError as exc:
config.pki_log.error(log.PKI_IOERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_1)
+ extra=config.PKI_INDENTATION_LEVEL_1)
raise
def read(self):
@@ -90,7 +90,7 @@ class file:
print tuple(row)
except IOError as exc:
config.pki_log.error(log.PKI_IOERROR_1, exc,
- extra = config.PKI_INDENTATION_LEVEL_1)
+ extra=config.PKI_INDENTATION_LEVEL_1)
raise
# PKI Deployment Global Named Tuples
diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py
index a180db507..7ad8ad3fe 100644
--- a/base/server/src/engine/pkiparser.py
+++ b/base/server/src/engine/pkiparser.py
@@ -48,7 +48,7 @@ import pki.system
class PKIConfigParser:
COMMENT_CHAR = '#'
- OPTION_CHAR = '='
+ OPTION_CHAR = '='
def __init__(self, description, epilog):
self.pki_config = None
@@ -128,8 +128,8 @@ class PKIConfigParser:
if len(config.pki_root_prefix) > 0:
if not os.path.exists(config.pki_root_prefix) or\
not os.path.isdir(config.pki_root_prefix):
- print "ERROR: " +\
- log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 %\
+ print "ERROR: " + \
+ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \
config.pki_root_prefix
print
self.arg_parser.print_help()
@@ -138,8 +138,8 @@ class PKIConfigParser:
# always default that configuration file exists
if not os.path.exists(config.default_deployment_cfg) or\
not os.path.isfile(config.default_deployment_cfg):
- print "ERROR: " +\
- log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+ print "ERROR: " + \
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \
config.default_deployment_cfg
print
self.arg_parser.print_help()
@@ -149,8 +149,8 @@ class PKIConfigParser:
# verify user configuration file exists
if not os.path.exists(config.user_deployment_cfg) or\
not os.path.isfile(config.user_deployment_cfg):
- print "ERROR: " +\
- log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 %\
+ print "ERROR: " + \
+ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \
config.user_deployment_cfg
print
parser.arg_parser.print_help()
@@ -403,7 +403,7 @@ class PKIConfigParser:
info = sd.getSecurityDomainInfo()
except requests.exceptions.HTTPError as e:
config.pki_log.info(
- "unable to access security domain through REST interface. " +\
+ "unable to access security domain through REST interface. " + \
"Trying old interface. " + str(e),
extra=config.PKI_INDENTATION_LEVEL_2)
info = sd.getOldSecurityDomainInfo()
@@ -422,7 +422,7 @@ class PKIConfigParser:
code = e.response.status_code
if code == 404 or code == 501:
config.pki_log.warning(
- "unable to validate security domain user/password " +\
+ "unable to validate security domain user/password " + \
"through REST interface. Interface not available",
extra=config.PKI_INDENTATION_LEVEL_2)
else:
@@ -432,25 +432,25 @@ class PKIConfigParser:
"Create a single master PKI dictionary from the sectional dictionaries"
try:
# 'pkispawn'/'pkidestroy' name/value pairs
- self.pki_master_dict['pki_deployment_executable'] =\
+ self.pki_master_dict['pki_deployment_executable'] = \
config.pki_deployment_executable
self.pki_master_dict['pki_install_time'] = config.pki_install_time
self.pki_master_dict['pki_timestamp'] = config.pki_timestamp
- self.pki_master_dict['pki_certificate_timestamp'] =\
+ self.pki_master_dict['pki_certificate_timestamp'] = \
config.pki_certificate_timestamp
self.pki_master_dict['pki_architecture'] = config.pki_architecture
self.pki_master_dict['pki_default_deployment_cfg'] = config.default_deployment_cfg
self.pki_master_dict['pki_user_deployment_cfg'] = config.user_deployment_cfg
- self.pki_master_dict['pki_deployed_instance_name'] =\
+ self.pki_master_dict['pki_deployed_instance_name'] = \
config.pki_deployed_instance_name
# Generate random 'pin's for use as security database passwords
# and add these to the "sensitive" key value pairs read in from
# the configuration file
- pin_low = 100000000000
+ pin_low = 100000000000
pin_high = 999999999999
- self.pki_master_dict['pki_pin'] =\
+ self.pki_master_dict['pki_pin'] = \
random.randint(pin_low, pin_high)
- self.pki_master_dict['pki_client_pin'] =\
+ self.pki_master_dict['pki_client_pin'] = \
random.randint(pin_low, pin_high)
self.flatten_master_dict()
@@ -458,11 +458,11 @@ class PKIConfigParser:
pkilogging.sensitive_parameters = self.pki_master_dict['sensitive_parameters'].split()
# PKI Target (slot substitution) name/value pairs
- self.pki_master_dict['pki_target_cs_cfg'] =\
+ self.pki_master_dict['pki_target_cs_cfg'] = \
os.path.join(
self.pki_master_dict['pki_subsystem_configuration_path'],
"CS.cfg")
- self.pki_master_dict['pki_target_registry'] =\
+ self.pki_master_dict['pki_target_registry'] = \
os.path.join(self.pki_master_dict['pki_instance_registry_path'],
self.pki_master_dict['pki_instance_name'])
if self.pki_master_dict['pki_subsystem'] == "CA" and\
@@ -474,7 +474,7 @@ class PKIConfigParser:
os.path.isfile(self.pki_master_dict['pki_target_cs_cfg']):
cs_cfg = self.read_simple_configuration_file(
self.pki_master_dict['pki_target_cs_cfg'])
- self.pki_master_dict['pki_one_time_pin'] =\
+ self.pki_master_dict['pki_one_time_pin'] = \
cs_cfg.get('preop.pin')
else:
config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1,
@@ -485,92 +485,92 @@ class PKIConfigParser:
# Generate a one-time pin to be used prior to configuration
# and add this to the "sensitive" key value pairs read in from
# the configuration file
- self.pki_master_dict['pki_one_time_pin'] =\
+ self.pki_master_dict['pki_one_time_pin'] = \
''.join(random.choice(string.ascii_letters + string.digits)\
for x in range(20))
if self.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
- self.pki_master_dict['pki_target_catalina_properties'] =\
+ self.pki_master_dict['pki_target_catalina_properties'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"catalina.properties")
- self.pki_master_dict['pki_target_servercertnick_conf'] =\
+ self.pki_master_dict['pki_target_servercertnick_conf'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"serverCertNick.conf")
- self.pki_master_dict['pki_target_server_xml'] =\
+ self.pki_master_dict['pki_target_server_xml'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"server.xml")
- self.pki_master_dict['pki_target_context_xml'] =\
+ self.pki_master_dict['pki_target_context_xml'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"context.xml")
- self.pki_master_dict['pki_target_tomcat_conf_instance_id'] =\
- self.pki_master_dict['pki_root_prefix'] +\
- "/etc/sysconfig/" +\
+ self.pki_master_dict['pki_target_tomcat_conf_instance_id'] = \
+ self.pki_master_dict['pki_root_prefix'] + \
+ "/etc/sysconfig/" + \
self.pki_master_dict['pki_instance_name']
- self.pki_master_dict['pki_target_tomcat_conf'] =\
+ self.pki_master_dict['pki_target_tomcat_conf'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"tomcat.conf")
# in-place slot substitution name/value pairs
- self.pki_master_dict['pki_target_velocity_properties'] =\
+ self.pki_master_dict['pki_target_velocity_properties'] = \
os.path.join(
self.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"velocity.properties")
- self.pki_master_dict['pki_target_subsystem_web_xml'] =\
+ self.pki_master_dict['pki_target_subsystem_web_xml'] = \
os.path.join(
self.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"web.xml")
- self.pki_master_dict['pki_target_subsystem_web_xml_orig'] =\
+ self.pki_master_dict['pki_target_subsystem_web_xml_orig'] = \
os.path.join(
self.pki_master_dict['pki_tomcat_webapps_subsystem_path'],
"WEB-INF",
"web.xml.orig")
# subystem-specific slot substitution name/value pairs
if self.pki_master_dict['pki_subsystem'] == "CA":
- self.pki_master_dict['pki_target_flatfile_txt'] =\
+ self.pki_master_dict['pki_target_flatfile_txt'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"flatfile.txt")
- self.pki_master_dict['pki_target_proxy_conf'] =\
+ self.pki_master_dict['pki_target_proxy_conf'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"proxy.conf")
- self.pki_master_dict['pki_target_registry_cfg'] =\
+ self.pki_master_dict['pki_target_registry_cfg'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"registry.cfg")
# '*.profile'
- self.pki_master_dict['pki_target_admincert_profile'] =\
+ self.pki_master_dict['pki_target_admincert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"adminCert.profile")
self.pki_master_dict['pki_target_caauditsigningcert_profile']\
- = os.path.join(self.pki_master_dict\
+ = os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"caAuditSigningCert.profile")
- self.pki_master_dict['pki_target_cacert_profile'] =\
+ self.pki_master_dict['pki_target_cacert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"caCert.profile")
- self.pki_master_dict['pki_target_caocspcert_profile'] =\
+ self.pki_master_dict['pki_target_caocspcert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"caOCSPCert.profile")
- self.pki_master_dict['pki_target_servercert_profile'] =\
+ self.pki_master_dict['pki_target_servercert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"serverCert.profile")
- self.pki_master_dict['pki_target_subsystemcert_profile'] =\
+ self.pki_master_dict['pki_target_subsystemcert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"subsystemCert.profile")
# in-place slot substitution name/value pairs
- self.pki_master_dict['pki_target_profileselect_template'] =\
+ self.pki_master_dict['pki_target_profileselect_template'] = \
os.path.join(
self.pki_master_dict\
['pki_tomcat_webapps_subsystem_path'],
@@ -579,30 +579,30 @@ class PKIConfigParser:
"ProfileSelect.template")
elif self.pki_master_dict['pki_subsystem'] == "KRA":
# '*.profile'
- self.pki_master_dict['pki_target_servercert_profile'] =\
+ self.pki_master_dict['pki_target_servercert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"serverCert.profile")
- self.pki_master_dict['pki_target_storagecert_profile'] =\
+ self.pki_master_dict['pki_target_storagecert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"storageCert.profile")
- self.pki_master_dict['pki_target_subsystemcert_profile'] =\
+ self.pki_master_dict['pki_target_subsystemcert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"subsystemCert.profile")
- self.pki_master_dict['pki_target_transportcert_profile'] =\
+ self.pki_master_dict['pki_target_transportcert_profile'] = \
os.path.join(self.pki_master_dict\
['pki_subsystem_configuration_path'],
"transportCert.profile")
# Slot assignment name/value pairs
# NOTE: Master key == Slots key; Master value ==> Slots value
- self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] = \
self.pki_master_dict['pki_instance_name']
- self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\
+ self.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] = \
os.path.join(self.pki_master_dict['pki_instance_path'],
self.pki_master_dict['pki_instance_name'])
- self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] =\
+ self.pki_master_dict['PKI_REGISTRY_FILE_SLOT'] = \
os.path.join(self.pki_master_dict['pki_subsystem_registry_path'],
self.pki_master_dict['pki_instance_name'])
if self.pki_master_dict['pki_subsystem'] in\
@@ -618,10 +618,10 @@ class PKIConfigParser:
self.pki_master_dict['NON_CLIENTAUTH_SECURE_PORT_SLOT'] = None
self.pki_master_dict['NSS_CONF_SLOT'] = None
self.pki_master_dict['OBJ_EXT_SLOT'] = None
- self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\
+ self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \
os.path.join("/var/lock/pki",
"apache")
- self.pki_master_dict['PKI_PIDDIR_SLOT'] =\
+ self.pki_master_dict['PKI_PIDDIR_SLOT'] = \
os.path.join("/var/run/pki",
"apache")
self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = "apache"
@@ -638,244 +638,244 @@ class PKIConfigParser:
self.pki_master_dict['TPS_DIR_SLOT'] = None
elif self.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
- self.pki_master_dict['INSTALL_TIME_SLOT'] =\
+ self.pki_master_dict['INSTALL_TIME_SLOT'] = \
self.pki_master_dict['pki_install_time']
- self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_ADMIN_SECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
self.pki_master_dict\
- ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\
+ ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
"Unused"
self.pki_master_dict\
- ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] =\
+ ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] =\
+ self.pki_master_dict['PKI_AGENT_CLIENTAUTH_SLOT'] = \
"want"
- self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_AGENT_SECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
- self.pki_master_dict['PKI_AJP_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_AJP_PORT_SLOT'] = \
self.pki_master_dict['pki_ajp_port']
- self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_AJP_REDIRECT_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
- self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] =\
+ self.pki_master_dict['PKI_CA_HOSTNAME_SLOT'] = \
self.pki_master_dict['pki_ca_hostname']
- self.pki_master_dict['PKI_CA_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_CA_PORT_SLOT'] = \
self.pki_master_dict['pki_ca_port']
- self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] =\
+ self.pki_master_dict['PKI_CERT_DB_PASSWORD_SLOT'] = \
self.pki_master_dict['pki_pin']
- self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_CFG_PATH_NAME_SLOT'] = \
self.pki_master_dict['pki_target_cs_cfg']
self.pki_master_dict\
- ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\
+ ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
"-->"
self.pki_master_dict\
- ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\
+ ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
"-->"
- self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
self.pki_master_dict\
- ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] =\
+ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \
"Unused"
self.pki_master_dict\
- ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] =\
+ ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] =\
+ self.pki_master_dict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \
self.pki_master_dict['pki_https_port']
- self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_EE_SECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
- self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
"Unused"
- self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_GROUP_SLOT'] =\
+ self.pki_master_dict['PKI_GROUP_SLOT'] = \
self.pki_master_dict['pki_group']
- self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] =\
+ self.pki_master_dict['PKI_INSTANCE_PATH_SLOT'] = \
self.pki_master_dict['pki_instance_path']
- self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] =\
+ self.pki_master_dict['PKI_INSTANCE_ROOT_SLOT'] = \
self.pki_master_dict['pki_path']
- self.pki_master_dict['PKI_LOCKDIR_SLOT'] =\
+ self.pki_master_dict['PKI_LOCKDIR_SLOT'] = \
os.path.join("/var/lock/pki",
"tomcat")
- self.pki_master_dict['PKI_HOSTNAME_SLOT'] =\
+ self.pki_master_dict['PKI_HOSTNAME_SLOT'] = \
self.pki_master_dict['pki_hostname']
self.pki_master_dict\
- ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\
+ ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \
"<!--"
self.pki_master_dict\
- ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] =\
+ ['PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
"<!--"
- self.pki_master_dict['PKI_PIDDIR_SLOT'] =\
+ self.pki_master_dict['PKI_PIDDIR_SLOT'] = \
os.path.join("/var/run/pki",
"tomcat")
if config.str2bool(self.pki_master_dict['pki_enable_proxy']):
- self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_proxy_https_port']
- self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_proxy_http_port']
- self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
""
- self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
""
else:
- self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_CLOSE_AJP_PORT_COMMENT_SLOT'] = \
"-->"
- self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT'] = \
"-->"
self.pki_master_dict['PKI_PROXY_SECURE_PORT_SLOT'] = ""
self.pki_master_dict['PKI_PROXY_UNSECURE_PORT_SLOT'] = ""
- self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_OPEN_AJP_PORT_COMMENT_SLOT'] = \
"<!--"
- self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT'] = \
"<!--"
- self.pki_master_dict['PKI_TMPDIR_SLOT'] =\
+ self.pki_master_dict['PKI_TMPDIR_SLOT'] = \
self.pki_master_dict['pki_tomcat_tmpdir_path']
- self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] =\
+ self.pki_master_dict['PKI_RESTEASY_LIB_SLOT'] = \
self.pki_master_dict['resteasy_lib']
- self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] =\
+ self.pki_master_dict['PKI_RANDOM_NUMBER_SLOT'] = \
self.pki_master_dict['pki_one_time_pin']
- self.pki_master_dict['PKI_SECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_SECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_https_port']
- self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \
"Secure"
- self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] =\
- "<!-- " +\
- "Shared Ports: Agent, EE, and Admin Secure Port Connector " +\
+ self.pki_master_dict['PKI_SECURE_PORT_SERVER_COMMENT_SLOT'] = \
+ "<!-- " + \
+ "Shared Ports: Agent, EE, and Admin Secure Port Connector " + \
"-->"
- self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] =\
+ self.pki_master_dict['PKI_SECURITY_MANAGER_SLOT'] = \
self.pki_master_dict['pki_security_manager']
- self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] =\
+ self.pki_master_dict['PKI_SERVER_XML_CONF_SLOT'] = \
self.pki_master_dict['pki_target_server_xml']
- self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] =\
+ self.pki_master_dict['PKI_SSL_SERVER_NICKNAME_SLOT'] = \
self.pki_master_dict['pki_ssl_server_nickname']
- self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] =\
+ self.pki_master_dict['PKI_SUBSYSTEM_TYPE_SLOT'] = \
self.pki_master_dict['pki_subsystem'].lower()
- self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] =\
- "pki-tomcatd" + "@" +\
+ self.pki_master_dict['PKI_SYSTEMD_SERVICENAME_SLOT'] = \
+ "pki-tomcatd" + "@" + \
self.pki_master_dict['pki_instance_name'] + ".service"
- self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] =\
+ self.pki_master_dict['PKI_UNSECURE_PORT_SLOT'] = \
self.pki_master_dict['pki_http_port']
- self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT'] = \
"Unsecure"
- self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] =\
+ self.pki_master_dict['PKI_UNSECURE_PORT_SERVER_COMMENT_SLOT'] = \
"<!-- Shared Ports: Unsecure Port Connector -->"
- self.pki_master_dict['PKI_USER_SLOT'] =\
+ self.pki_master_dict['PKI_USER_SLOT'] = \
self.pki_master_dict['pki_user']
- self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] =\
+ self.pki_master_dict['PKI_WEB_SERVER_TYPE_SLOT'] = \
"tomcat"
- self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] =\
+ self.pki_master_dict['PKI_WEBAPPS_NAME_SLOT'] = \
"webapps"
- self.pki_master_dict['TOMCAT_CFG_SLOT'] =\
+ self.pki_master_dict['TOMCAT_CFG_SLOT'] = \
self.pki_master_dict['pki_target_tomcat_conf']
- self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] =\
+ self.pki_master_dict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \
os.path.join(
self.pki_master_dict['pki_tomcat_common_lib_path'],
"*.jar")
- self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] =\
+ self.pki_master_dict['TOMCAT_LOG_DIR_SLOT'] = \
self.pki_master_dict['pki_instance_log_path']
- self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] =\
+ self.pki_master_dict['TOMCAT_PIDFILE_SLOT'] = \
"/var/run/pki/tomcat/" + self.pki_master_dict['pki_instance_name'] + ".pid"
- self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] =\
+ self.pki_master_dict['TOMCAT_SERVER_PORT_SLOT'] = \
self.pki_master_dict['pki_tomcat_server_port']
- self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] =\
- "-SSL2_RC4_128_WITH_MD5," +\
- "-SSL2_RC4_128_EXPORT40_WITH_MD5," +\
- "-SSL2_RC2_128_CBC_WITH_MD5," +\
- "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," +\
- "-SSL2_DES_64_CBC_WITH_MD5," +\
+ self.pki_master_dict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
+ "-SSL2_RC4_128_WITH_MD5," + \
+ "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \
+ "-SSL2_RC2_128_CBC_WITH_MD5," + \
+ "-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," + \
+ "-SSL2_DES_64_CBC_WITH_MD5," + \
"-SSL2_DES_192_EDE3_CBC_WITH_MD5"
- self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] =\
- "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," +\
- "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," +\
- "+SSL3_RSA_WITH_RC4_128_SHA," +\
- "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," +\
- "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," +\
- "+SSL3_RSA_WITH_DES_CBC_SHA," +\
- "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," +\
- "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," +\
- "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," +\
- "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," +\
- "-SSL3_RSA_WITH_NULL_MD5," +\
- "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," +\
- "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\
+ self.pki_master_dict['TOMCAT_SSL3_CIPHERS_SLOT'] = \
+ "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA," + \
+ "-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," + \
+ "+SSL3_RSA_WITH_RC4_128_SHA," + \
+ "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \
+ "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+SSL3_RSA_WITH_DES_CBC_SHA," + \
+ "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \
+ "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \
+ "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \
+ "+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," + \
+ "-SSL3_RSA_WITH_NULL_MD5," + \
+ "-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
"+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] =\
- "ssl2=true," +\
- "ssl3=true," +\
+ self.pki_master_dict['TOMCAT_SSL_OPTIONS_SLOT'] = \
+ "ssl2=true," + \
+ "ssl3=true," + \
"tls=true"
- self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] =\
- "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," +\
- "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," +\
- "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," +\
- "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," +\
- "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +\
- "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_RSA_WITH_AES_128_CBC_SHA," +\
- "+TLS_RSA_WITH_AES_256_CBC_SHA," +\
- "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +\
- "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +\
- "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +\
- "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +\
- "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +\
- "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +\
- "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," +\
- "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +\
+ self.pki_master_dict['TOMCAT_TLS_CIPHERS_SLOT'] = \
+ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
+ "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
"+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
if self.pki_master_dict['pki_subsystem'] == "CA":
- self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS']=\
+ self.pki_master_dict['PKI_ENABLE_RANDOM_SERIAL_NUMBERS'] = \
self.pki_master_dict\
['pki_random_serial_numbers_enable'].lower()
# Shared Apache/Tomcat NSS security database name/value pairs
- self.pki_master_dict['pki_shared_pfile'] =\
+ self.pki_master_dict['pki_shared_pfile'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"pfile")
- self.pki_master_dict['pki_shared_password_conf'] =\
+ self.pki_master_dict['pki_shared_password_conf'] = \
os.path.join(
self.pki_master_dict['pki_instance_configuration_path'],
"password.conf")
- self.pki_master_dict['pki_cert_database'] =\
+ self.pki_master_dict['pki_cert_database'] = \
os.path.join(self.pki_master_dict['pki_database_path'],
"cert8.db")
- self.pki_master_dict['pki_key_database'] =\
+ self.pki_master_dict['pki_key_database'] = \
os.path.join(self.pki_master_dict['pki_database_path'],
"key3.db")
- self.pki_master_dict['pki_secmod_database'] =\
+ self.pki_master_dict['pki_secmod_database'] = \
os.path.join(self.pki_master_dict['pki_database_path'],
"secmod.db")
self.pki_master_dict['pki_self_signed_token'] = "internal"
- self.pki_master_dict['pki_self_signed_nickname'] =\
+ self.pki_master_dict['pki_self_signed_nickname'] = \
self.pki_master_dict['pki_ssl_server_nickname']
- self.pki_master_dict['pki_self_signed_subject'] =\
- "cn=" + self.pki_master_dict['pki_hostname'] + "," +\
+ self.pki_master_dict['pki_self_signed_subject'] = \
+ "cn=" + self.pki_master_dict['pki_hostname'] + "," + \
"o=" + self.pki_master_dict['pki_certificate_timestamp']
self.pki_master_dict['pki_self_signed_serial_number'] = 0
self.pki_master_dict['pki_self_signed_validity_period'] = 12
- self.pki_master_dict['pki_self_signed_issuer_name'] =\
- "cn=" + self.pki_master_dict['pki_hostname'] + "," +\
+ self.pki_master_dict['pki_self_signed_issuer_name'] = \
+ "cn=" + self.pki_master_dict['pki_hostname'] + "," + \
"o=" + self.pki_master_dict['pki_certificate_timestamp']
self.pki_master_dict['pki_self_signed_trustargs'] = "CTu,CTu,CTu"
- self.pki_master_dict['pki_self_signed_noise_file'] =\
+ self.pki_master_dict['pki_self_signed_noise_file'] = \
os.path.join(
self.pki_master_dict['pki_subsystem_configuration_path'],
"noise")
self.pki_master_dict['pki_self_signed_noise_bytes'] = 1024
# Shared Apache/Tomcat NSS security database convenience symbolic links
self.pki_master_dict\
- ['pki_subsystem_configuration_password_conf_link'] =\
+ ['pki_subsystem_configuration_password_conf_link'] = \
os.path.join(
self.pki_master_dict['pki_subsystem_configuration_path'],
"password.conf")
if not len(self.pki_master_dict['pki_client_database_password']):
# use randomly generated client 'pin'
- self.pki_master_dict['pki_client_database_password'] =\
+ self.pki_master_dict['pki_client_database_password'] = \
str(self.pki_master_dict['pki_client_pin'])
# Configuration scriptlet
@@ -918,13 +918,13 @@ class PKIConfigParser:
# use the CA admin uid if it's defined
if self.pki_config.has_option('CA', 'pki_admin_uid') and\
len(self.pki_config.get('CA', 'pki_admin_uid')) > 0:
- self.pki_master_dict['pki_security_domain_user'] =\
+ self.pki_master_dict['pki_security_domain_user'] = \
self.pki_config.get('CA', 'pki_admin_uid')
# or use the Default admin uid if it's defined
elif self.pki_config.has_option('DEFAULT', 'pki_admin_uid') and\
len(self.pki_config.get('DEFAULT', 'pki_admin_uid')) > 0:
- self.pki_master_dict['pki_security_domain_user'] =\
+ self.pki_master_dict['pki_security_domain_user'] = \
self.pki_config.get('DEFAULT', 'pki_admin_uid')
# otherwise use the default CA admin uid
@@ -938,9 +938,9 @@ class PKIConfigParser:
# CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
# Subordinate CA
self.pki_master_dict['pki_security_domain_type'] = "existing"
- self.pki_master_dict['pki_security_domain_uri'] =\
- "https" + "://" +\
- self.pki_master_dict['pki_security_domain_hostname'] + ":" +\
+ self.pki_master_dict['pki_security_domain_uri'] = \
+ "https" + "://" + \
+ self.pki_master_dict['pki_security_domain_hostname'] + ":" + \
self.pki_master_dict['pki_security_domain_https_port']
elif config.str2bool(self.pki_master_dict['pki_external']):
@@ -981,9 +981,9 @@ class PKIConfigParser:
if config.str2bool(self.pki_master_dict['pki_backup_keys']):
# NOTE: ALWAYS store the PKCS #12 backup keys file
# in with the NSS "server" security databases
- self.pki_master_dict['pki_backup_keys_p12'] =\
- self.pki_master_dict['pki_database_path'] + "/" +\
- self.pki_master_dict['pki_subsystem'].lower() + "_" +\
+ self.pki_master_dict['pki_backup_keys_p12'] = \
+ self.pki_master_dict['pki_database_path'] + "/" + \
+ self.pki_master_dict['pki_subsystem'].lower() + "_" + \
"backup" + "_" + "keys" + "." + "p12"
self.pki_master_dict['pki_admin_profile_id'] = "caAdminCert"
@@ -1003,23 +1003,23 @@ class PKIConfigParser:
self.pki_master_dict['pki_storage_tag'] = "storage"
# Finalization name/value pairs
- self.pki_master_dict['pki_default_deployment_cfg_replica'] =\
+ self.pki_master_dict['pki_default_deployment_cfg_replica'] = \
os.path.join(self.pki_master_dict['pki_subsystem_registry_path'],
config.DEFAULT_DEPLOYMENT_CONFIGURATION)
- self.pki_master_dict['pki_user_deployment_cfg_replica'] =\
+ self.pki_master_dict['pki_user_deployment_cfg_replica'] = \
os.path.join(self.pki_master_dict['pki_subsystem_registry_path'],
config.USER_DEPLOYMENT_CONFIGURATION)
- self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] =\
- self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
- "spawn" + "_" +\
- config.USER_DEPLOYMENT_CONFIGURATION + "." +\
+ self.pki_master_dict['pki_user_deployment_cfg_spawn_archive'] = \
+ self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \
+ "spawn" + "_" + \
+ config.USER_DEPLOYMENT_CONFIGURATION + "." + \
self.pki_master_dict['pki_timestamp']
- self.pki_master_dict['pki_manifest'] =\
- self.pki_master_dict['pki_subsystem_registry_path'] + "/" +\
+ self.pki_master_dict['pki_manifest'] = \
+ self.pki_master_dict['pki_subsystem_registry_path'] + "/" + \
"manifest"
- self.pki_master_dict['pki_manifest_spawn_archive'] =\
- self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" +\
- "spawn" + "_" + "manifest" + "." +\
+ self.pki_master_dict['pki_manifest_spawn_archive'] = \
+ self.pki_master_dict['pki_subsystem_archive_log_path'] + "/" + \
+ "spawn" + "_" + "manifest" + "." + \
self.pki_master_dict['pki_timestamp']
# Construct the configuration URL containing the one-time pin
# and add this to the "sensitive" key value pairs read in from
@@ -1029,7 +1029,7 @@ class PKIConfigParser:
# parameter that may be stored in a log file and displayed
# to the screen.
#
- self.pki_master_dict['pki_configuration_url'] =\
+ self.pki_master_dict['pki_configuration_url'] = \
"https://{}:{}/{}/{}?pin={}".format(
self.pki_master_dict['pki_hostname'],
self.pki_master_dict['pki_https_port'],
@@ -1039,17 +1039,17 @@ class PKIConfigParser:
# Compose this "systemd" execution management command
if self.pki_master_dict['pki_subsystem'] in\
config.PKI_APACHE_SUBSYSTEMS:
- self.pki_master_dict['pki_registry_initscript_command'] =\
- "systemctl" + " " +\
- "restart" + " " +\
- "pki-apached" + "@" +\
+ self.pki_master_dict['pki_registry_initscript_command'] = \
+ "systemctl" + " " + \
+ "restart" + " " + \
+ "pki-apached" + "@" + \
self.pki_master_dict['pki_instance_name'] + "." + "service"
elif self.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS:
- self.pki_master_dict['pki_registry_initscript_command'] =\
- "systemctl" + " " +\
- "restart" + " " +\
- "pki-tomcatd" + "@" +\
+ self.pki_master_dict['pki_registry_initscript_command'] = \
+ "systemctl" + " " + \
+ "restart" + " " + \
+ "pki-tomcatd" + "@" + \
self.pki_master_dict['pki_instance_name'] + "." + "service"
except OSError as exc:
config.pki_log.error(log.PKI_OSERROR_1, exc,
diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py
index 970d1aefd..b2223cab7 100644
--- a/base/server/src/scriptlets/configuration.py
+++ b/base/server/src/scriptlets/configuration.py
@@ -74,7 +74,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# Start/Restart this Apache/Tomcat PKI Process
if deployer.master_dict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS:
- apache_instance_subsystems =\
+ apache_instance_subsystems = \
deployer.instance.apache_instance_subsystems()
if apache_instance_subsystems == 1:
deployer.systemd.start()
@@ -86,7 +86,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
if config.str2bool(deployer.master_dict['pki_enable_java_debugger']):
config.prepare_for_an_external_java_debugger(
deployer.master_dict['pki_target_tomcat_conf_instance_id'])
- tomcat_instance_subsystems =\
+ tomcat_instance_subsystems = \
len(deployer.instance.tomcat_instance_subsystems())
if tomcat_instance_subsystems == 1:
deployer.systemd.start()
@@ -115,7 +115,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
elif deployer.master_dict['pki_instance_type'] == "Tomcat":
# CA, KRA, OCSP, TKS, or TPS
data = deployer.config_client.construct_pki_configuration_data()
-
+
# Configure the substem
deployer.config_client.configure_pki_data(
json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
diff --git a/base/server/src/scriptlets/infrastructure_layout.py b/base/server/src/scriptlets/infrastructure_layout.py
index 4fe31ef3d..3becd34c3 100644
--- a/base/server/src/scriptlets/infrastructure_layout.py
+++ b/base/server/src/scriptlets/infrastructure_layout.py
@@ -60,7 +60,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
print "Storing deployment configuration into " + deployer.master_dict['pki_user_deployment_cfg_replica'] + "."
- #Archive the user deployment configuration excluding the sensitive parameters
+ # Archive the user deployment configuration excluding the sensitive parameters
sensitive_parameters = deployer.master_dict['sensitive_parameters'].split()
sections = config.user_config.sections()
for s in sections:
@@ -87,7 +87,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# and will already exist
# deployer.directory.create(deployer.master_dict['pki_log_path'])
# establish top-level infrastructure configuration
- if deployer.master_dict['pki_configuration_path'] !=\
+ if deployer.master_dict['pki_configuration_path'] != \
config.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
deployer.directory.create(deployer.master_dict['pki_configuration_path'])
return self.rv
@@ -106,7 +106,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# deployer.directory.delete(deployer.master_dict['pki_log_path'])
# remove top-level infrastructure configuration
if deployer.directory.is_empty(deployer.master_dict['pki_configuration_path'])\
- and deployer.master_dict['pki_configuration_path'] !=\
+ and deployer.master_dict['pki_configuration_path'] != \
config.PKI_DEPLOYMENT_CONFIGURATION_ROOT:
deployer.directory.delete(deployer.master_dict['pki_configuration_path'])
# remove top-level infrastructure registry
diff --git a/base/server/src/scriptlets/security_databases.py b/base/server/src/scriptlets/security_databases.py
index d18e2151b..d8a6eeb65 100644
--- a/base/server/src/scriptlets/security_databases.py
+++ b/base/server/src/scriptlets/security_databases.py
@@ -62,7 +62,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS)
if len(deployer.instance.tomcat_instance_subsystems()) < 2:
- # only create a self signed cert for a new instance
+ # only create a self signed cert for a new instance
rv = deployer.certutil.verify_certificate_exists(
deployer.master_dict['pki_database_path'],
deployer.master_dict['pki_cert_database'],
diff --git a/base/server/src/scriptlets/slot_substitution.py b/base/server/src/scriptlets/slot_substitution.py
index a4c90908c..bd3211b9d 100644
--- a/base/server/src/scriptlets/slot_substitution.py
+++ b/base/server/src/scriptlets/slot_substitution.py
@@ -73,13 +73,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
deployer.master_dict['pki_target_subsystem_web_xml'])
# Strip "<filter>" section from subsystem "web.xml"
# This is ONLY necessary because XML comments cannot be "nested"!
- #deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'],
+ # deployer.file.copy(deployer.master_dict['pki_target_subsystem_web_xml'],
# deployer.master_dict['pki_target_subsystem_web_xml_orig'])
- #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml'])
- #util.xml_file.remove_filter_section_from_web_xml(
+ # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml'])
+ # util.xml_file.remove_filter_section_from_web_xml(
# deployer.master_dict['pki_target_subsystem_web_xml_orig'],
# deployer.master_dict['pki_target_subsystem_web_xml'])
- #deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig'])
+ # deployer.file.delete(deployer.master_dict['pki_target_subsystem_web_xml_orig'])
if deployer.master_dict['pki_subsystem'] == "CA":
deployer.file.copy_with_slot_substitution(
deployer.master_dict['pki_source_proxy_conf'],
generated by cgit (git 2.34.1) at 2024-05-24 10:28:41 +0000