| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Replace deprecated decodestring() and encodestring() with b64decode()
and b64encode().
Provice specialized encode_cert() / decode_cert() functions to handle
base64 encoding and decoding for X.509 certs in JSON strings. In Python
3 the base64 function don't suppor ASCII text, just ASCII bytes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python 3's exception class has no message attribute. e.message can
either be replaced with string representation of e or e.args[0].
Use print(line, end='') instead of sys.stdout.write(). With end='' no
new line is appended.
Use six.reraise() to reraise an exception.
Remove sys.exc_clear() as it is no longer available in Python 3.
Conditionally import shutil.WindowsError.
Use six.move to import correct modules / function like quote, urlparse
and configparser.
Silence some pylint warnings. pylint doesn't understand six.moves magic
and emits a import-error warning.
Add additional tox envs to check for Python 3 compatibility.
|
| |
|
|
|
| |
In Python 3 range() returns an iterator and xrange() is gone. Use
six.moves to use an iterable range() on Python 2.
|
| |
|
|
|
|
|
|
|
| |
Replace print statement with Python 3's print() function.
For Python 2 'from __future__ import print_function' turns the print
statement into Python 3 compatible print function.
See https://www.python.org/dev/peps/pep-3105/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce absolute imports or explicit relative imports. Python 3 no
longer supports implicit relative imports, that is unqualified imports
from a module's directory. In order to load a module from the same
directory inside a package, use
from . import module
The future feature 'from __future__ import absolute_import' ensures that
pki uses absolute imports on Python 2, too.
See https://www.python.org/dev/peps/pep-0328/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Large portions of the patch was automatically created with autopep8:
find base/ -name '*.py' | xargs autopep8 --in-place --ignore E309 \
--aggressive
find base/common/upgrade base/server/upgrade -type f -and \
-not -name .gitignore | autopep8 --in-place --ignore E309 --aggressive
autopep8 --in-place --ignore E309 --aggressive \
base/common/sbin/pki-upgrade \
base/server/sbin/pkispawn \
base/server/sbin/pkidestroy \
base/server/sbin/pki-server \
base/server/sbin/pki-server-upgrade
About two dozent violations were fixed manually.
https://fedorahosted.org/pki/ticket/708
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Python client library for KRA has been modified to simplify
the usage. The NSSCryptoProvider's setup_database() and __init__()
now take a password file parameter. The import_cert() now can
take either cert binary/encoded data or CertData object. It also
provides a default value for the trust attribute. The KRAClient
now stores the crypto provider object.
The KRA test has been updated to provide options to override
the default test configuration (e.g. hostname, port). It also has
been modified to use a temporary NSS database. The setup document
has been updated to describe the process to run the test as root
and as a regular user.
|
| |
|
|
|
|
| |
All the secrets/keys retrieved using the client API's using Java/python
clients will be of the type - byte array. This applies to output of the
retrieveKey method and the public key attribute of the KeyInfo object.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds methods to key client to generate asymmetric keys using
algorithms RSA and DSA for a valid key sizes of 512, 1024, 2048,4096.
The generated keys are archived in the database.
Using the CLI, the public key(base64 encoded) can be retrieved by using
the key-show command.
The private key(base64 encoded) can be retrieved using the key-retrieve
command.
Ticket #1023
|
| |
|
|
|
|
|
|
| |
The REST service has been modified to return additional attributes
for transport certificate including serial number, issuer DN,
subject DN, and resource link.
Ticket #1065
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the usage, the SystemCertClient.get_transport_cert()
has been modified to parse and decode the PEM certificate in
CertData object, store the DER certificate back into the object,
and return the CertData object to the client. This way the client
will have access to the certificate attributes and both PEM and
DER certificates.
The PKIService.sendConditionalGetResponse() has been fixed to use
the requested format. This is needed to display the transport
certificate properly in the browser.
Ticket #1062
|
| |
|
|
|
|
|
|
| |
The CryptoUtil classes in the Python client library has been renamed
to CryptoProvider for consistency with the Java client library. The
cryptoutil.py module has been renamed to crypto.py.
Ticket #1042
|
| |
|
|
|
|
|
|
|
|
| |
Ticket 1040 - Perform null checks on JSON attributes.
Ticket 1041 - Rename module kraclient to kra.
Also refactored the code in cert module removing the usage of
property. Achieved the conversion of names(camelCase to '_' separated )
using a dictionaries in the objects. The default method in encoder module
has also been modified to perform the reverse conversion.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Modify the return type of the function retrieve_key(key_id,
trans_wrapped_session_key) from returining a tuple KeyData, unwrapped_key
to KeyData by setting the unwrapped_key to KeyData.private_data attribute
for the case where trans_wrapped_session_key is not provided by the caller.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
With this patch, you can now either send a pkiArchiveOptions object
or the exploded parameters. This reduces the processing required on
the client side.
|
| |
|
|
|
|
| |
Added a method generate_session_key() which should be used when
wrapping secrets for the drm. For now, this has to be a 168-bit
3DES symmetric key.
|
| |
|
|
|
|
|
|
|
| |
1) Added error checking in python client calls.
2) Allow symmetric key generation with default params. Fix bug for
when usages is not defined.
3) Fix bug when requesting key recovery - must check if key exists.
4) Extend key gen to allow for providing trans_wrapped_session_key
5) added constants to python client for key status
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also changed arguments so that all args and returns from
CryptoUtil are unencoded.
|
| | |
|
| |
|
|
|
|
| |
Decorator catches HttpErrorExceptions from Requests
and extracts the relevant PKIException object, and rethrows
it.
|
|
|
1. Moved most methods back into the key.py module.
2. Simplified the invocation by combining the KeyClient and KeyRequestClient as just KeyClient.
3. Added additional invocations in KRAClient - with lots of docuemntation.
These are hopefully more user friendly.
4. Extracted crypto operations to cryptoutil class. This class has an
NSS implementation provided.
5. Addressed other issues found in review.
|
