From f603869e1e9964617fc36c82d19a3105c59a2495 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Sat, 7 Jun 2014 01:46:41 +0800 Subject: Fix pycharm warnings for server python classes Mostly reformatting due to PEP8. Not all pycharm warnings are addressed, but the vast majority are. --- base/server/python/pki/server/__init__.py | 19 +- .../python/pki/server/deployment/pkiconfig.py | 20 +- .../python/pki/server/deployment/pkihelper.py | 942 ++++++++++++--------- .../python/pki/server/deployment/pkilogging.py | 10 +- .../python/pki/server/deployment/pkimanifest.py | 20 +- .../python/pki/server/deployment/pkimessages.py | 79 +- .../python/pki/server/deployment/pkiparser.py | 329 +++---- .../python/pki/server/deployment/pkiscriptlet.py | 1 + base/server/python/pki/server/upgrade.py | 86 +- base/server/sbin/pki-server-upgrade | 13 +- base/server/sbin/pkidestroy | 60 +- base/server/sbin/pkispawn | 193 +++-- 12 files changed, 1023 insertions(+), 749 deletions(-) (limited to 'base') diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index e41f1a980..3eb6b5f97 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -31,15 +31,17 @@ SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps'] class PKISubsystem(object): - def __init__(self, instance, subsystemName): + def __init__(self, instance, subsystem_name): self.instance = instance - self.name = subsystemName + self.name = subsystem_name self.type = instance.type if self.type >= 10: - self.conf_dir = os.path.join(INSTANCE_BASE_DIR, \ - instance.name, 'conf', subsystemName) - self.base_dir = os.path.join(INSTANCE_BASE_DIR, \ - instance.name, subsystemName) + self.conf_dir = os.path.join( + INSTANCE_BASE_DIR, + instance.name, 'conf', subsystem_name) + self.base_dir = os.path.join( + INSTANCE_BASE_DIR, + instance.name, subsystem_name) else: self.conf_dir = os.path.join(pki.BASE_DIR, instance.name, 'conf') self.base_dir = os.path.join(pki.BASE_DIR, instance.name) @@ -50,8 +52,7 @@ class PKISubsystem(object): if not os.path.exists(self.conf_dir): raise pki.PKIException( 'Invalid subsystem: ' + self.__repr__(), - None, self.instance) - + None, self.instance) def __repr__(self): return str(self.instance) + '/' + self.name @@ -84,7 +85,7 @@ class PKIInstance(object): class PKIServerException(pki.PKIException): - def __init__(self, message, exception=None, \ + def __init__(self, message, exception=None, instance=None, subsystem=None): pki.PKIException.__init__(self, message, exception) diff --git a/base/server/python/pki/server/deployment/pkiconfig.py b/base/server/python/pki/server/deployment/pkiconfig.py index bb89cc5fc..67edad1ee 100644 --- a/base/server/python/pki/server/deployment/pkiconfig.py +++ b/base/server/python/pki/server/deployment/pkiconfig.py @@ -41,18 +41,18 @@ PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_APACHE_SUBSYSTEMS = ["RA"] PKI_TOMCAT_SUBSYSTEMS = ["CA", "KRA", "OCSP", "TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", - "work"] + "lib", "logs", "ocsp", "temp", "tks", "tps", + "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] -PKI_INDENTATION_LEVEL_0 = {'indent' : ''} -PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} -PKI_INDENTATION_LEVEL_2 = {'indent' : '....... '} -PKI_INDENTATION_LEVEL_3 = {'indent' : '........... '} -PKI_INDENTATION_LEVEL_4 = {'indent' : '............... '} +PKI_INDENTATION_LEVEL_0 = {'indent': ''} +PKI_INDENTATION_LEVEL_1 = {'indent': '... '} +PKI_INDENTATION_LEVEL_2 = {'indent': '....... '} +PKI_INDENTATION_LEVEL_3 = {'indent': '........... '} +PKI_INDENTATION_LEVEL_4 = {'indent': '............... '} PKI_DEPLOYMENT_INTERRUPT_BANNER = "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"\ "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" @@ -123,6 +123,7 @@ pki_root_prefix = None def str2bool(string): return string.lower() in ("yes", "true", "t", "1") + # NOTE: To utilize the 'preparations_for_an_external_java_debugger(master)' # and 'wait_to_attach_an_external_java_debugger(master)' functions, # change 'pki_enable_java_debugger=False' to @@ -140,13 +141,14 @@ def prepare_for_an_external_java_debugger(instance): print " \"address=8000,server=y,suspend=n \"" print " \"-Djava.awt.headless=true -Xmx128M\"" print - raw_input("Enable external java debugger 'JAVA_OPTS' "\ + raw_input("Enable external java debugger 'JAVA_OPTS' " "and press return to continue . . . ") print print PKI_DEPLOYMENT_INTERRUPT_BANNER print return + def wait_to_attach_an_external_java_debugger(): print print PKI_DEPLOYMENT_INTERRUPT_BANNER @@ -155,7 +157,7 @@ def wait_to_attach_an_external_java_debugger(): print "the 'address' selected by 'JAVA_OPTS' (e. g. - port 8000) and" print "set any desired breakpoints" print - raw_input("Please attach an external java debugger "\ + raw_input("Please attach an external java debugger " "and press return to continue . . . ") print print PKI_DEPLOYMENT_INTERRUPT_BANNER diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index e33d43f52..713e7a381 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -55,6 +55,7 @@ import pki.account import pki.client import pki.system + # PKI Deployment Helper Functions def pki_copytree(src, dst, symlinks=False, ignore=None): """Recursively copy a directory tree using copy2(). @@ -126,6 +127,7 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): if errors: raise Error(errors) + class Identity: """PKI Deployment Identity Class""" @@ -258,7 +260,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_uid @@ -268,7 +270,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_gid @@ -284,7 +286,7 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_uid @@ -300,10 +302,11 @@ class Identity: except KeyError as exc: config.pki_log.error(log.PKI_KEYERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return pki_gid + class Namespace: """PKI Deployment Namespace Class""" @@ -322,8 +325,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) else: if os.path.exists(self.mdict['pki_target_tomcat_conf_instance_id']): # Top-Level "/etc/sysconfig" path collision @@ -332,8 +337,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_target_tomcat_conf_instance_id'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_target_tomcat_conf_instance_id'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_target_tomcat_conf_instance_id'])) if os.path.exists(self.mdict['pki_cgroup_systemd_service']): # Systemd cgroup path collision config.pki_log.error( @@ -341,8 +348,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_cgroup_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_cgroup_systemd_service_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_systemd_service_path'])) if os.path.exists(self.mdict['pki_cgroup_cpu_systemd_service']): # Systemd cgroup CPU path collision config.pki_log.error( @@ -350,8 +359,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_cgroup_cpu_systemd_service_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_cgroup_cpu_systemd_service_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_cgroup_cpu_systemd_service_path'])) if os.path.exists(self.mdict['pki_instance_log_path']) and\ os.path.exists(self.mdict['pki_subsystem_log_path']): # Top-Level PKI log path collision @@ -360,8 +371,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_log_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_log_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_log_path'])) if os.path.exists(self.mdict['pki_instance_configuration_path']) and\ os.path.exists(self.mdict['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision @@ -370,8 +383,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) if os.path.exists(self.mdict['pki_instance_registry_path']) and\ os.path.exists(self.mdict['pki_subsystem_registry_path']): # Top-Level PKI registry path collision @@ -380,8 +395,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_COLLISION_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_COLLISION_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) # Run simple checks for reserved name namespace collisions if self.mdict['pki_instance_name'] in config.PKI_BASE_RESERVED_NAMES: # Top-Level PKI base path reserved name collision @@ -390,18 +407,23 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_path'])) # No need to check for reserved name under Top-Level PKI log path - if self.mdict['pki_instance_name'] in config.PKI_CONFIGURATION_RESERVED_NAMES: + if self.mdict['pki_instance_name'] in \ + config.PKI_CONFIGURATION_RESERVED_NAMES: # Top-Level PKI configuration path reserved name collision config.pki_log.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.mdict['pki_instance_name'], self.mdict['pki_instance_configuration_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_configuration_path'])) if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: # Top-Level Apache PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ @@ -411,8 +433,10 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: # Top-Level Tomcat PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ @@ -422,8 +446,11 @@ class Namespace: self.mdict['pki_instance_name'], self.mdict['pki_instance_registry_path'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (self.mdict['pki_instance_name'], - self.mdict['pki_instance_registry_path'])) + raise Exception( + log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( + self.mdict['pki_instance_name'], + self.mdict['pki_instance_registry_path'])) + class ConfigurationFile: """PKI Deployment Configuration File Class""" @@ -434,9 +461,9 @@ class ConfigurationFile: self.clone = config.str2bool(self.mdict['pki_clone']) self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.mdict['pki_external_step_two']) + self.mdict['pki_external_step_two']) self.skip_configuration = config.str2bool( - self.mdict['pki_skip_configuration']) + self.mdict['pki_skip_configuration']) self.standalone = config.str2bool(self.mdict['pki_standalone']) self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class @@ -511,16 +538,15 @@ class ConfigurationFile: self.subsystem) def confirm_data_exists(self, param): - if not self.mdict.has_key(param) or\ - not len(self.mdict[param]): + if not param in self.mdict or not len(self.mdict[param]): config.pki_log.error( log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2, param, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception( - log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % - (param, self.mdict['pki_user_deployment_cfg'])) + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % + (param, self.mdict['pki_user_deployment_cfg'])) def confirm_missing_file(self, param): if os.path.exists(self.mdict[param]): @@ -562,11 +588,11 @@ class ConfigurationFile: # Subordinate CA that will be automatically configured and # are not Stand-alone PKI) if (self.subsystem == "KRA" or - self.subsystem == "OCSP" or - self.subsystem == "TKS" or - self.subsystem == "TPS" or - self.clone or - self.subordinate): + self.subsystem == "OCSP" or + self.subsystem == "TKS" or + self.subsystem == "TPS" or + self.clone or + self.subordinate): if not self.skip_configuration and not self.standalone: self.confirm_data_exists("pki_security_domain_password") # If required, verify existence of Token Password @@ -583,25 +609,33 @@ class ConfigurationFile: log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.clone and self.external: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_EXTERNAL_CA % + self.mdict['pki_user_deployment_cfg']) elif self.clone and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_CLONE_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.external and self.subordinate: config.pki_log.error( log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA, self.mdict['pki_user_deployment_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % self.mdict['pki_user_deployment_cfg']) + raise Exception( + log.PKIHELPER_MUTUALLY_EXCLUSIVE_EXTERNAL_SUB_CA % + self.mdict['pki_user_deployment_cfg']) elif self.standalone: if self.clone: config.pki_log.error( @@ -669,8 +703,10 @@ class ConfigurationFile: self.confirm_data_exists("pki_external_admin_csr_path") self.confirm_missing_file("pki_external_admin_csr_path") # Stand-alone PKI Audit Signing CSR (Step 1) - self.confirm_data_exists("pki_external_audit_signing_csr_path") - self.confirm_missing_file("pki_external_audit_signing_csr_path") + self.confirm_data_exists( + "pki_external_audit_signing_csr_path") + self.confirm_missing_file( + "pki_external_audit_signing_csr_path") # Stand-alone PKI SSL Server CSR (Step 1) self.confirm_data_exists("pki_external_sslserver_csr_path") self.confirm_missing_file("pki_external_sslserver_csr_path") @@ -680,16 +716,22 @@ class ConfigurationFile: # Stand-alone PKI KRA CSRs if self.subsystem == "KRA": # Stand-alone PKI KRA Storage CSR (Step 1) - self.confirm_data_exists("pki_external_storage_csr_path") - self.confirm_missing_file("pki_external_storage_csr_path") + self.confirm_data_exists( + "pki_external_storage_csr_path") + self.confirm_missing_file( + "pki_external_storage_csr_path") # Stand-alone PKI KRA Transport CSR (Step 1) - self.confirm_data_exists("pki_external_transport_csr_path") - self.confirm_missing_file("pki_external_transport_csr_path") + self.confirm_data_exists( + "pki_external_transport_csr_path") + self.confirm_missing_file( + "pki_external_transport_csr_path") # Stand-alone PKI OCSP CSRs if self.subsystem == "OCSP": # Stand-alone PKI OCSP OCSP Signing CSR (Step 1) - self.confirm_data_exists("pki_external_signing_csr_path") - self.confirm_missing_file("pki_external_signing_csr_path") + self.confirm_data_exists( + "pki_external_signing_csr_path") + self.confirm_missing_file( + "pki_external_signing_csr_path") else: # Stand-alone PKI External CA Certificate Chain (Step 2) self.confirm_data_exists("pki_external_ca_cert_chain_path") @@ -701,8 +743,10 @@ class ConfigurationFile: self.confirm_data_exists("pki_external_admin_cert_path") self.confirm_file_exists("pki_external_admin_cert_path") # Stand-alone PKI Audit Signing Certificate (Step 2) - self.confirm_data_exists("pki_external_audit_signing_cert_path") - self.confirm_file_exists("pki_external_audit_signing_cert_path") + self.confirm_data_exists( + "pki_external_audit_signing_cert_path") + self.confirm_file_exists( + "pki_external_audit_signing_cert_path") # Stand-alone PKI SSL Server Certificate (Step 2) self.confirm_data_exists("pki_external_sslserver_cert_path") self.confirm_file_exists("pki_external_sslserver_cert_path") @@ -712,30 +756,36 @@ class ConfigurationFile: # Stand-alone PKI KRA Certificates if self.subsystem == "KRA": # Stand-alone PKI KRA Storage Certificate (Step 2) - self.confirm_data_exists("pki_external_storage_cert_path") - self.confirm_file_exists("pki_external_storage_cert_path") + self.confirm_data_exists( + "pki_external_storage_cert_path") + self.confirm_file_exists( + "pki_external_storage_cert_path") # Stand-alone PKI KRA Transport Certificate (Step 2) - self.confirm_data_exists("pki_external_transport_cert_path") - self.confirm_file_exists("pki_external_transport_cert_path") + self.confirm_data_exists( + "pki_external_transport_cert_path") + self.confirm_file_exists( + "pki_external_transport_cert_path") # Stand-alone PKI OCSP Certificates if self.subsystem == "OCSP": # Stand-alone PKI OCSP OCSP Signing Certificate (Step 2) - self.confirm_data_exists("pki_external_signing_cert_path") - self.confirm_file_exists("pki_external_signing_cert_path") + self.confirm_data_exists( + "pki_external_signing_cert_path") + self.confirm_file_exists( + "pki_external_signing_cert_path") return def populate_non_default_ports(self): if (self.mdict['pki_http_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT)): ports.append(self.mdict['pki_http_port']) if (self.mdict['pki_https_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTPS_PORT)): ports.append(self.mdict['pki_https_port']) if (self.mdict['pki_tomcat_server_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT)): ports.append(self.mdict['pki_tomcat_server_port']) if (self.mdict['pki_ajp_port'] != - str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)): + str(config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_AJP_PORT)): ports.append(self.mdict['pki_ajp_port']) return @@ -757,10 +807,10 @@ class ConfigurationFile: context = "" for i in portrecs: if (portrecs[i][0] == "unreserved_port_t" or - portrecs[i][0] == "reserved_port_t" or - i[2] != "tcp"): + portrecs[i][0] == "reserved_port_t" or + i[2] != "tcp"): continue - if i[0] <= int(port) and int(port) <= i[1]: + if i[0] <= int(port) <= i[1]: context = portrecs[i][0] break if context == "": @@ -773,10 +823,12 @@ class ConfigurationFile: ports.remove(port) else: config.pki_log.error( - log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, - port, context, - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % (port, context)) + log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT, + port, context, + extra=config.PKI_INDENTATION_LEVEL_2) + raise Exception( + log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT % + (port, context)) return def verify_command_matches_configuration_file(self): @@ -790,8 +842,10 @@ class ConfigurationFile: self.mdict['pki_deployed_instance_name'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % (self.mdict['pki_deployed_instance_name'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ( + self.mdict['pki_deployed_instance_name'], + self.mdict['pki_instance_name'])) return # PKI Deployment XML File Class @@ -826,6 +880,7 @@ class ConfigurationFile: # FILE.write(line) # FILE.close() + class Instance: """PKI Deployment Instance Class""" @@ -840,7 +895,7 @@ class Instance: for subsystem in config.PKI_APACHE_SUBSYSTEMS: path = self.mdict['pki_instance_path'] + "/" + subsystem.lower() if os.path.exists(path) and os.path.isdir(path): - rv = rv + 1 + rv += 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCE_SUBSYSTEMS_2, self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) @@ -859,14 +914,16 @@ class Instance: # simply count the number of PKI 'apache' instances (directories) # present within the PKI 'apache' registry directory for instance in\ - os.listdir(self.mdict['pki_instance_type_registry_path']): + os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)) and not\ + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)) and not\ os.path.islink( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)): - rv = rv + 1 + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)): + rv += 1 config.pki_log.debug(log.PKIHELPER_APACHE_INSTANCES_2, self.mdict['pki_instance_type_registry_path'], rv, @@ -895,7 +952,7 @@ class Instance: if os.path.isdir(os.path.join(instance_dir, name)) and\ not os.path.islink(os.path.join(instance_dir, name)): if name.upper() in config.PKI_SUBSYSTEMS: - rv = rv + 1 + rv += 1 config.pki_log.debug(log.PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2, self.mdict['pki_instance_path'], rv, extra=config.PKI_INDENTATION_LEVEL_2) @@ -930,12 +987,14 @@ class Instance: for instance in\ os.listdir(self.mdict['pki_instance_type_registry_path']): if os.path.isdir( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)) and not\ + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)) and not\ os.path.islink( - os.path.join(self.mdict['pki_instance_type_registry_path'], - instance)): - rv = rv + 1 + os.path.join( + self.mdict['pki_instance_type_registry_path'], + instance)): + rv += 1 config.pki_log.debug(log.PKIHELPER_TOMCAT_INSTANCES_2, self.mdict['pki_instance_type_registry_path'], rv, @@ -953,8 +1012,10 @@ class Instance: self.mdict['pki_subsystem'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % ( + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -967,8 +1028,10 @@ class Instance: self.mdict['pki_subsystem'], self.mdict['pki_instance_name'], extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % (self.mdict['pki_subsystem'], - self.mdict['pki_instance_name'])) + raise Exception( + log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2 % ( + self.mdict['pki_subsystem'], + self.mdict['pki_instance_name'])) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) @@ -996,10 +1059,11 @@ class Instance: status = root.findtext("Status") return status except Exception as exc: - config.pki_log.debug("No connection - server may still be down", + config.pki_log.debug( + "No connection - server may still be down", extra=config.PKI_INDENTATION_LEVEL_3) - config.pki_log.debug("No connection - exception thrown: " +\ - str(exc), + config.pki_log.debug( + "No connection - exception thrown: " + str(exc), extra=config.PKI_INDENTATION_LEVEL_3) return None @@ -1014,6 +1078,7 @@ class Instance: break return status + class Directory: """PKI Deployment Directory Class""" @@ -1036,9 +1101,9 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1059,15 +1124,17 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % + name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1080,8 +1147,10 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_NOT_A_DIRECTORY_1 % + name) # Always re-process each directory whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_DIR_1, name, @@ -1092,9 +1161,9 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, @@ -1117,12 +1186,13 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1134,7 +1204,7 @@ class Directory: log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) else: - if recursive_flag == True: + if recursive_flag: # rm -rf config.pki_log.info(log.PKIHELPER_RM_RF_1, name, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1147,7 +1217,7 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1177,28 +1247,29 @@ class Directory: extra=config.PKI_INDENTATION_LEVEL_2) raise - def set_mode(self, name, uid=None, gid=None, - dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, - file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - symlink_perms=\ - config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, - dir_acls=None, file_acls=None, symlink_acls=None, - recursive_flag=True, critical_failure=True): + def set_mode( + self, name, uid=None, gid=None, + dir_perms=config.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, + file_perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + symlink_perms=config.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, + dir_acls=None, file_acls=None, symlink_acls=None, + recursive_flag=True, critical_failure=True): try: if not os.path.exists(name) or not os.path.isdir(name): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % name) else: config.pki_log.info( log.PKIHELPER_SET_MODE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() - if recursive_flag == True: + if recursive_flag: for root, dirs, files in os.walk(name): for name in files: entity = os.path.join(root, name) @@ -1208,12 +1279,14 @@ class Directory: log.PKIHELPER_IS_A_FILE_1, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) # chmod - config.pki_log.debug(log.PKIHELPER_CHMOD_2, + config.pki_log.debug( + log.PKIHELPER_CHMOD_2, file_perms, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(temp_file, file_perms) # chown : - config.pki_log.debug(log.PKIHELPER_CHOWN_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_3, uid, gid, temp_file, extra=config.PKI_INDENTATION_LEVEL_3) os.chown(temp_file, uid, gid) @@ -1239,7 +1312,8 @@ class Directory: # run directly against symbolic # links! # chown -h : - config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_H_3, uid, gid, symlink, extra=config.PKI_INDENTATION_LEVEL_3) os.lchown(symlink, uid, gid) @@ -1260,12 +1334,14 @@ class Directory: log.PKIHELPER_IS_A_DIRECTORY_1, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) # chmod - config.pki_log.debug(log.PKIHELPER_CHMOD_2, + config.pki_log.debug( + log.PKIHELPER_CHMOD_2, dir_perms, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(temp_dir, dir_perms) # chown : - config.pki_log.debug(log.PKIHELPER_CHOWN_3, + config.pki_log.debug( + log.PKIHELPER_CHOWN_3, uid, gid, temp_dir, extra=config.PKI_INDENTATION_LEVEL_3) os.chown(temp_dir, uid, gid) @@ -1309,7 +1385,7 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise def copy(self, old_name, new_name, uid=None, gid=None, @@ -1323,15 +1399,17 @@ class Directory: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, old_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % old_name) else: if os.path.exists(new_name): if not overwrite_flag: config.pki_log.error( log.PKI_DIRECTORY_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) - if recursive_flag == True: + raise Exception( + log.PKI_DIRECTORY_ALREADY_EXISTS_1 % new_name) + if recursive_flag: # cp -rp config.pki_log.info(log.PKIHELPER_CP_RP_2, old_name, new_name, @@ -1363,15 +1441,16 @@ class Directory: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class File: """PKI Deployment File Class (also used for executables)""" @@ -1395,9 +1474,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1418,15 +1497,16 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1439,8 +1519,9 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) # Always re-process each file whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_FILE_1, name, @@ -1451,9 +1532,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_3, @@ -1476,12 +1557,12 @@ class File: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1500,7 +1581,7 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1530,15 +1611,16 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # cp -p config.pki_log.info(log.PKIHELPER_CP_P_2, old_name, new_name, extra=config.PKI_INDENTATION_LEVEL_2) shutil.copy2(old_name, new_name) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1564,19 +1646,19 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return def apply_slot_substitution( - self, name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, critical_failure=True): + self, name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, critical_failure=True): try: if not os.path.exists(name) or not os.path.isfile(name): config.pki_log.error( @@ -1596,9 +1678,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) line = line.replace(self.slots[slot], self.mdict[slot]) sys.stdout.write(line) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1624,20 +1706,20 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return def copy_with_slot_substitution( - self, old_name, new_name, uid=None, gid=None, - perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, - acls=None, overwrite_flag=False, - critical_failure=True): + self, old_name, new_name, uid=None, gid=None, + perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, + acls=None, overwrite_flag=False, + critical_failure=True): try: if not os.path.exists(old_name) or not os.path.isfile(old_name): config.pki_log.error( @@ -1650,7 +1732,8 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_1, new_name, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_ALREADY_EXISTS_1 % new_name) + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_1 % new_name) # copy to with slot substitutions config.pki_log.info(log.PKIHELPER_COPY_WITH_SLOT_SUBSTITUTION_2, old_name, new_name, @@ -1663,11 +1746,13 @@ class File: log.PKIHELPER_SLOT_SUBSTITUTION_2, self.slots[slot], self.mdict[slot], extra=config.PKI_INDENTATION_LEVEL_3) - line = line.replace(self.slots[slot], self.mdict[slot]) + line = line.replace( + self.slots[slot], + self.mdict[slot]) FILE.write(line) - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() # chmod config.pki_log.debug(log.PKIHELPER_CHMOD_2, @@ -1693,27 +1778,29 @@ class File: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except shutil.Error as exc: config.pki_log.error(log.PKI_SHUTIL_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def generate_noise_file(self, name, random_bytes, uid=None, gid=None, + def generate_noise_file( + self, name, random_bytes, uid=None, gid=None, perms=config.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): try: if not os.path.exists(name): # generating noise file called and # filling it with random bytes - config.pki_log.info(log.PKIHELPER_NOISE_FILE_2, name, random_bytes, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + log.PKIHELPER_NOISE_FILE_2, name, random_bytes, + extra=config.PKI_INDENTATION_LEVEL_2) open(name, "w").close() with open(name, "w") as FILE: - noise = ''.join(random.choice(string.ascii_letters + \ + noise = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(random_bytes)) FILE.write(noise) # chmod @@ -1721,9 +1808,9 @@ class File: extra=config.PKI_INDENTATION_LEVEL_3) os.chmod(name, perms) # chown : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_3, uid, gid, name, @@ -1744,18 +1831,20 @@ class File: config.pki_log.error( log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) + if critical_failure: + raise Exception( + log.PKI_FILE_ALREADY_EXISTS_NOT_A_FILE_1 % name) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class Symlink: """PKI Deployment Symbolic Link Class""" @@ -1773,7 +1862,8 @@ class Symlink: log.PKIHELPER_DANGLING_SYMLINK_2, link, name, extra=config.PKI_INDENTATION_LEVEL_2) if not allow_dangling_symlink: - raise Exception("Dangling symlink " + link + " not allowed") + raise Exception( + "Dangling symlink " + link + " not allowed") # ln -s config.pki_log.info(log.PKIHELPER_LINK_S_2, name, link, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1782,9 +1872,9 @@ class Symlink: # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! # chown -h : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, uid, gid, link, @@ -1806,15 +1896,16 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) except OSError as exc: if exc.errno == errno.EEXIST: pass else: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1826,8 +1917,10 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_ALREADY_EXISTS_NOT_A_SYMLINK_1 % + link) # Always re-process each link whether it needs it or not if not silent: config.pki_log.info(log.PKIHELPER_MODIFY_SYMLINK_1, link, @@ -1836,9 +1929,9 @@ class Symlink: # implemented on Linux systems since 'chmod' # CANNOT be run directly against symbolic links! # chown -h : - if uid == None: + if uid is None: uid = self.identity.get_uid() - if gid == None: + if gid is None: gid = self.identity.get_gid() if not silent: config.pki_log.debug(log.PKIHELPER_CHOWN_H_3, @@ -1862,12 +1955,13 @@ class Symlink: config.pki_log.error( log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1, link, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) + if critical_failure: + raise Exception( + log.PKI_SYMLINK_MISSING_OR_NOT_A_SYMLINK_1 % link) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1886,7 +1980,7 @@ class Symlink: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -1901,6 +1995,7 @@ class Symlink: extra=config.PKI_INDENTATION_LEVEL_2) raise + class War: """PKI Deployment War File Class""" @@ -1914,14 +2009,16 @@ class War: config.pki_log.error( log.PKI_FILE_NOT_A_WAR_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_NOT_A_WAR_FILE_1 % name) if not os.path.exists(path) or not os.path.isdir(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path) + if critical_failure: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, + path) # jar -xf -C config.pki_log.info(log.PKIHELPER_JAR_XF_C_2, name, path, extra=config.PKI_INDENTATION_LEVEL_2) @@ -1933,25 +2030,26 @@ class War: config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, name) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except zipfile.BadZipfile as exc: config.pki_log.error(log.PKI_BADZIPFILE_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except zipfile.LargeZipFile as exc: config.pki_log.error(log.PKI_LARGEZIPFILE_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class Password: """PKI Deployment Password Class""" @@ -1968,33 +2066,33 @@ class Password: extra=config.PKI_INDENTATION_LEVEL_2) # overwrite the existing 'password.conf' file with open(path, "w") as fd: - if pin_sans_token == True: + if pin_sans_token: fd.write(str(pin)) - elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + \ + elif self.mdict['pki_subsystem'] in \ + config.PKI_APACHE_SUBSYSTEMS: + fd.write(self.mdict['pki_self_signed_token'] + ":" + str(pin)) else: - fd.write(self.mdict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) else: config.pki_log.info(log.PKIHELPER_PASSWORD_CONF_1, path, extra=config.PKI_INDENTATION_LEVEL_2) # create a new 'password.conf' file with open(path, "w") as fd: - if pin_sans_token == True: + if pin_sans_token: fd.write(str(pin)) elif self.mdict['pki_subsystem'] in\ - config.PKI_APACHE_SUBSYSTEMS: - fd.write(self.mdict['pki_self_signed_token'] + \ + config.PKI_APACHE_SUBSYSTEMS: + fd.write(self.mdict['pki_self_signed_token'] + ":" + str(pin)) else: - fd.write(self.mdict['pki_self_signed_token'] + \ + fd.write(self.mdict['pki_self_signed_token'] + "=" + str(pin)) except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2018,7 +2116,7 @@ class Password: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2027,10 +2125,10 @@ class Password: os.access(path, os.R_OK): tokens = PKIConfigParser.read_simple_configuration_file(path) hardware_token = "hardware-" + token_name - if tokens.has_key(hardware_token): + if hardware_token in tokens: token_name = hardware_token token_pwd = tokens[hardware_token] - elif tokens.has_key(token_name): + elif token_name in tokens: token_pwd = tokens[token_name] if token_pwd is None or token_pwd == '': @@ -2038,12 +2136,13 @@ class Password: config.pki_log.error(log.PKIHELPER_PASSWORD_NOT_FOUND_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_PASSWORD_NOT_FOUND_1 % token_name) else: return return token_pwd + class Certutil: """PKI Deployment NSS 'certutil' Class""" @@ -2065,15 +2164,16 @@ class Certutil: log.PKIHELPER_CERTUTIL_MISSING_PATH, extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PATH) - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) - if prefix != None: + if prefix is not None: command.extend(["-P", prefix]) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if os.path.exists(pki_cert_database) or\ os.path.exists(pki_key_database) or\ os.path.exists(pki_secmod_database): @@ -2085,14 +2185,16 @@ class Certutil: pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) else: - if password_file != None: + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % + password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CREATE_SECURITY_DATABASES_1, @@ -2103,12 +2205,12 @@ class Certutil: except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2144,13 +2246,14 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NICKNAME) # OPTIONALLY specify a password file - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) if not os.path.exists(path): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2161,22 +2264,26 @@ class Certutil: pki_key_database, pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, - pki_key_database, pki_secmod_database)) - if password_file != None: + raise Exception( + log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % ( + pki_cert_database, + pki_key_database, + pki_secmod_database)) + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Display this "certutil" command config.pki_log.info( log.PKIHELPER_CERTUTIL_SELF_SIGNED_CERTIFICATE_1, ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) # Execute this "certutil" command - if silent != False: + if silent: # By default, execute this command silently with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) @@ -2187,7 +2294,7 @@ class Certutil: except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return True @@ -2235,7 +2342,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SUBJECT) # Specify the serial number - if serial_number != None: + if serial_number is not None: command.extend(["-m", str(serial_number)]) else: config.pki_log.error( @@ -2243,7 +2350,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER) # Specify the months valid - if validity_period != None: + if validity_period is not None: command.extend(["-v", str(validity_period)]) else: config.pki_log.error( @@ -2275,7 +2382,7 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_NOISE_FILE) # OPTIONALLY specify a password file - if password_file != None: + if password_file is not None: command.extend(["-f", password_file]) # ALWAYS self-sign this certificate command.append("-x") @@ -2287,7 +2394,8 @@ class Certutil: config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, path, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % path) if not os.path.exists(pki_cert_database) or\ not os.path.exists(pki_key_database) or\ not os.path.exists(pki_secmod_database): @@ -2298,22 +2406,27 @@ class Certutil: pki_key_database, pki_secmod_database, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % (pki_cert_database, - pki_key_database, pki_secmod_database)) + raise Exception( + log.PKI_SECURITY_DATABASES_DO_NOT_EXIST_3 % ( + pki_cert_database, + pki_key_database, + pki_secmod_database)) if not os.path.exists(noise_file): config.pki_log.error( log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) - if password_file != None: + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) + if password_file is not None: if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command # # NOTE: ALWAYS mask the command-line output of this command @@ -2323,12 +2436,12 @@ class Certutil: except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2343,7 +2456,7 @@ class Certutil: command.extend(["-h", token]) if nickname: - command.extend(["-n", nickname ]) + command.extend(["-n", nickname]) else: config.pki_log.error( log.PKIHELPER_CERTUTIL_MISSING_NICKNAME, @@ -2374,18 +2487,19 @@ class Certutil: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_CERTUTIL_MISSING_PASSWORD_FILE) - config.pki_log.info(' '.join(command), + config.pki_log.info( + ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) subprocess.check_call(command) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -2447,29 +2561,32 @@ class Certutil: log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1, noise_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) + raise Exception( + log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % noise_file) if not os.path.exists(password_file) or\ not os.path.isfile(password_file): config.pki_log.error( log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, password_file, extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) + raise Exception( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % password_file) # Execute this "certutil" command with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class PK12util: """PKI Deployment pk12util class""" @@ -2511,22 +2628,24 @@ class PK12util: extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKIHELPER_PK12UTIL_MISSING_DBPWFILE) - config.pki_log.info(' '.join(command), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) with open(os.devnull, "w") as fnull: subprocess.check_call(command, stdout=fnull, stderr=fnull) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise except OSError as exc: config.pki_log.error(log.PKI_OSERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return + class KRAConnector: """PKI Deployment KRA Connector Class""" @@ -2545,7 +2664,7 @@ class KRAConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) krahost = cs_cfg.get('service.machineName') kraport = cs_cfg.get('pkicreate.secure_port') cahost = cs_cfg.get('cloning.ca.hostname') @@ -2558,7 +2677,7 @@ class KRAConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_CA_HOST_PORT, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_CA_HOST_PORT) else: return @@ -2572,7 +2691,7 @@ class KRAConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2584,9 +2703,9 @@ class KRAConnector: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2596,13 +2715,15 @@ class KRAConnector: log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) + if critical_failure: + raise Exception( + log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: return - self.execute_using_sslget(caport, cahost, subsystemnick, - token_pwd, krahost, kraport) + self.execute_using_sslget( + caport, cahost, subsystemnick, + token_pwd, krahost, kraport) except subprocess.CalledProcessError as exc: config.pki_log.warning( @@ -2612,12 +2733,13 @@ class KRAConnector: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def execute_using_pki(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport, critical_failure=False): + def execute_using_pki( + self, caport, cahost, subsystemnick, + token_pwd, krahost, kraport, critical_failure=False): command = ["/bin/pki", "-p", str(caport), "-h", cahost, @@ -2638,14 +2760,16 @@ class KRAConnector: str(krahost), str(kraport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) - def execute_using_sslget(self, caport, cahost, subsystemnick, - token_pwd, krahost, kraport): - updateURL = "/ca/rest/admin/kraconnector/remove" + def execute_using_sslget( + self, caport, cahost, subsystemnick, + token_pwd, krahost, kraport): + update_url = "/ca/rest/admin/kraconnector/remove" params = "host=" + str(krahost) + \ "&port=" + str(kraport) @@ -2656,13 +2780,14 @@ class KRAConnector: "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", updateURL, cahost + ":" + str(caport)] + "-r", update_url, cahost + ":" + str(caport)] # update KRA connector # Execute this "sslget" command # Note that sslget will return non-zero value for HTTP code != 200 # and this will raise an exception - subprocess.check_output(command,stderr=subprocess.STDOUT) + subprocess.check_output(command, stderr=subprocess.STDOUT) + class TPSConnector: """PKI Deployment TPS Connector Class""" @@ -2682,7 +2807,7 @@ class TPSConnector: extra=config.PKI_INDENTATION_LEVEL_2) cs_cfg = PKIConfigParser.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) tpshost = cs_cfg.get('service.machineName') tpsport = cs_cfg.get('pkicreate.secure_port') tkshostport = cs_cfg.get('conn.tks1.hostport') @@ -2693,7 +2818,7 @@ class TPSConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_TKS_HOST_PORT, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_TKS_HOST_PORT) else: return @@ -2715,7 +2840,7 @@ class TPSConnector: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2727,9 +2852,9 @@ class TPSConnector: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2739,13 +2864,15 @@ class TPSConnector: log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1, token_name, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) + if critical_failure: + raise Exception( + log.PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 % token_name) else: return - self.execute_using_pki(tkshost, tksport, subsystemnick, - token_pwd, tpshost, tpsport) + self.execute_using_pki( + tkshost, tksport, subsystemnick, + token_pwd, tpshost, tpsport) except subprocess.CalledProcessError as exc: config.pki_log.warning( @@ -2755,12 +2882,13 @@ class TPSConnector: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return - def execute_using_pki(self, tkshost, tksport, subsystemnick, - token_pwd, tpshost, tpsport, critical_failure=False): + def execute_using_pki( + self, tkshost, tksport, subsystemnick, + token_pwd, tpshost, tpsport, critical_failure=False): command = ["/bin/pki", "-p", str(tksport), "-h", tkshost, @@ -2784,11 +2912,13 @@ class TPSConnector: str(tpshost), str(tpsport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKI_SUBPROCESS_ERROR_1 % output) + class SecurityDomain: """PKI Deployment Security Domain Class""" @@ -2828,7 +2958,7 @@ class SecurityDomain: config.pki_log.error( log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNDEFINED) else: return @@ -2837,7 +2967,7 @@ class SecurityDomain: secname, extra=config.PKI_INDENTATION_LEVEL_2) listval = typeval.lower() + "List" - updateURL = "/ca/agent/ca/updateDomainXML" + update_url = "/ca/agent/ca/updateDomainXML" params = "name=" + "\"" + self.mdict['pki_instance_path'] + "\"" + \ "&type=" + str(typeval) + \ @@ -2853,31 +2983,32 @@ class SecurityDomain: try: # first try install token-based servlet params += "&sessionID=" + str(install_token) - adminUpdateURL = "/ca/admin/ca/updateDomainXML" + admin_update_url = "/ca/admin/ca/updateDomainXML" command = ["/usr/bin/sslget", "-p", str(123456), "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", adminUpdateURL, + "-r", admin_update_url, sechost + ":" + str(secadminport)] - output = subprocess.check_output(command, - stderr=subprocess.STDOUT) + output = subprocess.check_output( + command, + stderr=subprocess.STDOUT) except subprocess.CalledProcessError: config.pki_log.warning( log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, extra=config.PKI_INDENTATION_LEVEL_2) - output = self.update_domain_using_agent_port(typeval, - secname, params, updateURL, sechost, secagentport, + output = self.update_domain_using_agent_port( + typeval, secname, params, update_url, sechost, secagentport, critical_failure) else: - output = self.update_domain_using_agent_port(typeval, - secname, params, updateURL, sechost, secagentport, + output = self.update_domain_using_agent_port( + typeval, secname, params, update_url, sechost, secagentport, critical_failure) if not output: - if critical_failure == True: + if critical_failure: raise Exception("Cannot update domain using agent port") else: return @@ -2892,8 +3023,9 @@ class SecurityDomain: log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1, secname, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_UNREACHABLE_1 % secname) elif status[0] != "0": error = re.findall('(.*?)', output) if not error: @@ -2909,7 +3041,7 @@ class SecurityDomain: secname, error, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 % (typeval, secname, error)) @@ -2920,8 +3052,9 @@ class SecurityDomain: secname, extra=config.PKI_INDENTATION_LEVEL_2) - def update_domain_using_agent_port(self, typeval, secname, params, - updateURL, sechost, secagentport, critical_failure=False): + def update_domain_using_agent_port( + self, typeval, secname, params, + update_url, sechost, secagentport, critical_failure=False): token_pwd = None cs_cfg = PKIConfigParser.read_simple_configuration_file( self.mdict['pki_target_cs_cfg']) @@ -2937,7 +3070,7 @@ class SecurityDomain: config.pki_log.error( log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise Exception(log.PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME) else: return @@ -2949,9 +3082,9 @@ class SecurityDomain: token_name = "internal" token_pwd = self.password.get_password( - self.mdict['pki_shared_password_conf'], - token_name, - critical_failure) + self.mdict['pki_shared_password_conf'], + token_name, + critical_failure) if token_pwd is None or token_pwd == '': config.pki_log.warning( @@ -2959,10 +3092,10 @@ class SecurityDomain: typeval, secname, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 - % - (typeval, secname)) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_2 % + (typeval, secname)) else: return @@ -2972,7 +3105,7 @@ class SecurityDomain: "-d", self.mdict['pki_database_path'], "-e", params, "-v", - "-r", updateURL, sechost + ":" + str(secagentport)] + "-r", update_url, sechost + ":" + str(secagentport)] try: output = subprocess.check_output(command, stderr=subprocess.STDOUT) @@ -2989,12 +3122,11 @@ class SecurityDomain: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return None - def get_installation_token(self, secuser, secpass, critical_failure=True): token = None @@ -3010,7 +3142,8 @@ class SecurityDomain: cstype = cs_cfg.get('cs.type', '') sechost = cs_cfg.get('securitydomain.host') secadminport = cs_cfg.get('securitydomain.httpsadminport') - #secselect = cs_cfg.get('securitydomain.select') - Selected security domain + #secselect = cs_cfg.get('securitydomain.select') - Selected + # security domain command = ["/bin/pki", "-p", str(secadminport), @@ -3023,9 +3156,10 @@ class SecurityDomain: "--hostname", machinename, "--subsystem", cstype] try: - output = subprocess.check_output(command, - stderr=subprocess.STDOUT, - shell=True) + output = subprocess.check_output( + command, + stderr=subprocess.STDOUT, + shell=True) token_list = re.findall("Install token: \"(.*)\"", output) if not token_list: @@ -3034,12 +3168,13 @@ class SecurityDomain: str(sechost), str(secadminport), extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, output, + config.pki_log.error( + log.PKI_SUBPROCESS_ERROR_1, output, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: - raise Exception(log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 - % - (str(sechost), str(secadminport))) + if critical_failure: + raise Exception( + log.PKIHELPER_SECURITY_DOMAIN_GET_TOKEN_FAILURE_2 % + (str(sechost), str(secadminport))) else: token = token_list[0] return token @@ -3051,10 +3186,11 @@ class SecurityDomain: extra=config.PKI_INDENTATION_LEVEL_2) config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return None + class Systemd(object): """PKI Deployment Execution Management Class""" @@ -3109,7 +3245,7 @@ class Systemd(object): except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3141,7 +3277,7 @@ class Systemd(object): try: service = None # Execute the "systemd daemon-reload" management lifecycle command - if reload_daemon == True: + if reload_daemon: self.daemon_reload(critical_failure) # Compose this "systemd" execution management command if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: @@ -3155,7 +3291,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "start", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "start", service] @@ -3171,7 +3307,7 @@ class Systemd(object): return config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3210,7 +3346,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "stop", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "stop", service] @@ -3223,7 +3359,7 @@ class Systemd(object): except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3256,7 +3392,7 @@ class Systemd(object): service = None # Compose this "systemd" execution management command # Execute the "systemd daemon-reload" management lifecycle command - if reload_daemon == True: + if reload_daemon: self.daemon_reload(critical_failure) if self.mdict['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS: service = "pki-apached" + "@" +\ @@ -3269,7 +3405,7 @@ class Systemd(object): if pki.system.SYSTEM_TYPE == "debian": command = ["/etc/init.d/pki-tomcatd", "restart", - self.mdict['pki_instance_name']] + self.mdict['pki_instance_name']] else: command = ["systemctl", "restart", service] @@ -3285,7 +3421,7 @@ class Systemd(object): return config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) - if critical_failure == True: + if critical_failure: raise return @@ -3300,15 +3436,16 @@ class ConfigClient: self.clone = config.str2bool(self.mdict['pki_clone']) self.external = config.str2bool(self.mdict['pki_external']) self.external_step_two = config.str2bool( - self.mdict['pki_external_step_two']) + self.mdict['pki_external_step_two']) self.standalone = config.str2bool(self.mdict['pki_standalone']) self.subordinate = config.str2bool(self.mdict['pki_subordinate']) # set useful 'string' object variables for this class self.subsystem = self.mdict['pki_subsystem'] def configure_pki_data(self, data): - config.pki_log.info(log.PKI_CONFIG_CONFIGURING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + log.PKI_CONFIG_CONFIGURING_PKI_DATA, + extra=config.PKI_INDENTATION_LEVEL_2) connection = pki.client.PKIConnection( protocol='https', @@ -3320,27 +3457,28 @@ class ConfigClient: client = pki.system.SystemConfigClient(connection) response = client.configure(data) - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_STATUS + \ - " " + str(response['status']), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_RESPONSE_STATUS + " " + str(response['status']), + extra=config.PKI_INDENTATION_LEVEL_2) try: certs = response['systemCerts'] except KeyError: # no system certs created - config.pki_log.debug("No new system certificates generated.", - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + "No new system certificates generated.", + extra=config.PKI_INDENTATION_LEVEL_2) certs = [] if not isinstance(certs, types.ListType): certs = [certs] for cdata in certs: - if (self.subsystem == "CA" and - self.external and - not self.external_step_two): + if (self.subsystem == "CA" and self.external and + not self.external_step_two): # External CA (Step 1) if cdata['tag'].lower() == "signing": # Save 'External CA Signing Certificate' CSR (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE, self.mdict['pki_external_csr_path']) return @@ -3349,52 +3487,58 @@ class ConfigClient: if cdata['tag'].lower() == "audit_signing": # Save Stand-alone PKI 'Audit Signing Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1, self.mdict['pki_external_audit_signing_csr_path'], self.subsystem) elif cdata['tag'].lower() == "signing": # Save Stand-alone PKI OCSP 'OCSP Signing Certificate' # CSR (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING, self.mdict['pki_external_signing_csr_path']) elif cdata['tag'].lower() == "sslserver": # Save Stand-alone PKI 'SSL Server Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1, self.mdict['pki_external_sslserver_csr_path'], self.subsystem) elif cdata['tag'].lower() == "storage": # Save Stand-alone PKI KRA 'Storage Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE, self.mdict['pki_external_storage_csr_path']) elif cdata['tag'].lower() == "subsystem": # Save Stand-alone PKI 'Subsystem Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1, self.mdict['pki_external_subsystem_csr_path'], self.subsystem) elif cdata['tag'].lower() == "transport": # Save Stand-alone PKI KRA 'Transport Certificate' CSR # (Step 1) - self.save_system_csr(cdata['request'], + self.save_system_csr( + cdata['request'], log.PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT, self.mdict['pki_external_transport_csr_path']) else: - config.pki_log.debug(log.PKI_CONFIG_CDATA_TAG + \ - " " + cdata['tag'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_CERT + \ - "\n" + cdata['cert'], - extra=config.PKI_INDENTATION_LEVEL_2) - config.pki_log.debug(log.PKI_CONFIG_CDATA_REQUEST + \ - "\n" + cdata['request'], - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_TAG + " " + cdata['tag'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_CERT + "\n" + cdata['cert'], + extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_CDATA_REQUEST + "\n" + cdata['request'], + extra=config.PKI_INDENTATION_LEVEL_2) # Cloned PKI subsystems do not return an Admin Certificate if not self.clone: @@ -3417,8 +3561,10 @@ class ConfigClient: if root.tag == 'PKIException': message = root.findall('.//Message')[0].text if message is not None: - config.pki_log.error(log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + message, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.error( + log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + + message, + extra=config.PKI_INDENTATION_LEVEL_2) raise config.pki_log.error( log.PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION + " " + str(e), @@ -3427,9 +3573,9 @@ class ConfigClient: return def process_admin_cert(self, admin_cert): - config.pki_log.debug(log.PKI_CONFIG_RESPONSE_ADMIN_CERT + \ - "\n" + admin_cert, - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.debug( + log.PKI_CONFIG_RESPONSE_ADMIN_CERT + "\n" + admin_cert, + extra=config.PKI_INDENTATION_LEVEL_2) # Store the Administration Certificate in a file admin_cert_file = self.mdict['pki_client_admin_cert'] @@ -3440,7 +3586,8 @@ class ConfigClient: # convert the cert file to binary command = ["AtoB", admin_cert_file, admin_cert_bin_file] - config.pki_log.info(' '.join(command), + config.pki_log.info( + ' '.join(command), extra=config.PKI_INDENTATION_LEVEL_2) try: subprocess.check_call(command) @@ -3479,13 +3626,13 @@ class ConfigClient: self.mdict['pki_client_password_conf'], self.mdict['pki_client_database_dir']) - os.chmod(self.mdict['pki_client_admin_cert_p12'], + os.chmod( + self.mdict['pki_client_admin_cert_p12'], config.PKI_DEPLOYMENT_DEFAULT_SECURITY_DATABASE_PERMISSIONS) - def construct_pki_configuration_data(self): config.pki_log.info(log.PKI_CONFIG_CONSTRUCTING_PKI_DATA, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) data = pki.system.ConfigurationRequest() @@ -3507,7 +3654,7 @@ class ConfigClient: # Security Domain if ((self.subsystem != "CA" or self.clone or self.subordinate) and - not self.standalone): + not self.standalone): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA @@ -3542,10 +3689,8 @@ class ConfigClient: def save_admin_csr(self): config.pki_log.info( - log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + \ - " '" + \ - self.mdict['pki_external_admin_csr_path'] + \ - "'", self.subsystem, + log.PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 + " '" + + self.mdict['pki_external_admin_csr_path'] + "'", self.subsystem, extra=config.PKI_INDENTATION_LEVEL_2) self.deployer.directory.create( os.path.dirname(self.mdict['pki_external_admin_csr_path'])) @@ -3562,8 +3707,8 @@ class ConfigClient: # Read in and print Admin certificate request with open(self.mdict['pki_external_admin_csr_path'], "r") as f: admin_certreq = f.read() - config.pki_log.info(log.PKI_CONFIG_CDATA_REQUEST + \ - "\n" + admin_certreq, + config.pki_log.info( + log.PKI_CONFIG_CDATA_REQUEST + "\n" + admin_certreq, extra=config.PKI_INDENTATION_LEVEL_2) def save_admin_cert(self, message, input_data, output_file, subsystem_name): @@ -3621,12 +3766,14 @@ class ConfigClient: cert1.tag = self.mdict['pki_ca_signing_tag'] # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate' (Step 2) - self.load_system_cert(cert1, + self.load_system_cert( + cert1, log.PKI_CONFIG_EXTERNAL_CA_LOAD, self.mdict['pki_external_ca_cert_path']) # Load the External CA or Stand-alone PKI # 'External CA Signing Certificate Chain' (Step 2) - self.load_system_cert_chain(cert1, + self.load_system_cert_chain( + cert1, log.PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD, self.mdict['pki_external_ca_cert_chain_path']) systemCerts.append(cert1) @@ -3637,13 +3784,14 @@ class ConfigClient: # Create 'OCSP Signing Certificate' if not self.clone: if (self.subsystem == "OCSP" and - self.standalone and - self.external_step_two): + self.standalone and + self.external_step_two): # Stand-alone PKI OCSP (Step 2) cert2 = self.create_system_cert("ocsp_signing") # Load the Stand-alone PKI OCSP 'OCSP Signing Certificate' # (Step 2) - self.load_system_cert(cert2, + self.load_system_cert( + cert2, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING, self.mdict['pki_external_signing_cert_path']) cert2.signingAlgorithm = \ @@ -3665,7 +3813,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert3 = self.create_system_cert("ssl_server") # Load the Stand-alone PKI 'SSL Server Certificate' (Step 2) - self.load_system_cert(cert3, + self.load_system_cert( + cert3, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1, self.mdict['pki_external_sslserver_cert_path'], self.subsystem) @@ -3694,7 +3843,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert4 = self.create_system_cert("subsystem") # Load the Stand-alone PKI 'Subsystem Certificate' (Step 2) - self.load_system_cert(cert4, + self.load_system_cert( + cert4, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1, self.mdict['pki_external_subsystem_cert_path'], self.subsystem) @@ -3722,7 +3872,8 @@ class ConfigClient: # Stand-alone PKI (Step 2) cert5 = self.create_system_cert("audit_signing") # Load the Stand-alone PKI 'Audit Signing Certificate' (Step 2) - self.load_system_cert(cert5, + self.load_system_cert( + cert5, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1, self.mdict['pki_external_audit_signing_cert_path'], self.subsystem) @@ -3738,19 +3889,21 @@ class ConfigClient: # Create 'DRM Transport Certificate' and 'DRM Storage Certificate' if not self.clone: if (self.subsystem == "KRA" and - self.standalone and - self.external_step_two): + self.standalone and + self.external_step_two): # Stand-alone PKI KRA Transport Certificate (Step 2) cert6 = self.create_system_cert("transport") # Load the Stand-alone PKI KRA 'Transport Certificate' (Step 2) - self.load_system_cert(cert6, + self.load_system_cert( + cert6, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT, self.mdict['pki_external_transport_cert_path']) systemCerts.append(cert6) # Stand-alone PKI KRA Storage Certificate (Step 2) cert7 = self.create_system_cert("storage") # Load the Stand-alone PKI KRA 'Storage Certificate' (Step 2) - self.load_system_cert(cert7, + self.load_system_cert( + cert7, log.PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE, self.mdict['pki_external_storage_cert_path']) systemCerts.append(cert7) @@ -3866,7 +4019,7 @@ class ConfigClient: elif line.startswith("-----END CERTIFICATE-----"): continue else: - imported_admin_cert = imported_admin_cert + line + imported_admin_cert += line with open(self.mdict['pki_admin_cert_file'], "w") as f: f.write(imported_admin_cert) # read config from file @@ -3889,18 +4042,19 @@ class ConfigClient: noise_file, int(self.mdict['pki_admin_keysize'])) self.deployer.certutil.generate_certificate_request( - self.mdict['pki_admin_subject_dn'], - self.mdict['pki_admin_keysize'], - self.mdict['pki_client_password_conf'], - noise_file, - output_file, - self.mdict['pki_client_database_dir'], - None, None, True) + self.mdict['pki_admin_subject_dn'], + self.mdict['pki_admin_keysize'], + self.mdict['pki_client_password_conf'], + noise_file, + output_file, + self.mdict['pki_client_database_dir'], + None, None, True) # convert output to ascii command = ["BtoA", output_file, output_file + ".asc"] - config.pki_log.info(' '.join(command), - extra=config.PKI_INDENTATION_LEVEL_2) + config.pki_log.info( + ' '.join(command), + extra=config.PKI_INDENTATION_LEVEL_2) try: subprocess.check_call(command) except subprocess.CalledProcessError as exc: @@ -3928,9 +4082,9 @@ class ConfigClient: def set_issuing_ca_parameters(self, data): if (self.subsystem != "CA" or - self.clone or - self.subordinate or - self.external): + self.clone or + self.subordinate or + self.external): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, External CA, or Stand-alone PKI @@ -3939,7 +4093,8 @@ class ConfigClient: def set_tps_parameters(self, data): data.caUri = self.mdict['pki_ca_uri'] data.tksUri = self.mdict['pki_tks_uri'] - data.enableServerSideKeyGen = self.mdict['pki_enable_server_side_keygen'] + data.enableServerSideKeyGen = \ + self.mdict['pki_enable_server_side_keygen'] if config.str2bool(self.mdict['pki_enable_server_side_keygen']): data.kraUri = self.mdict['pki_kra_uri'] data.authdbHost = self.mdict['pki_authdb_hostname'] @@ -3989,6 +4144,7 @@ class ConfigClient: cert.token = cs_cfg.get(cstype + ".subsystem.tokenname") return cert + class PKIDeployer: """Holds the global dictionaries and the utility objects""" diff --git a/base/server/python/pki/server/deployment/pkilogging.py b/base/server/python/pki/server/deployment/pkilogging.py index c91a7656f..14c11cf4d 100644 --- a/base/server/python/pki/server/deployment/pkilogging.py +++ b/base/server/python/pki/server/deployment/pkilogging.py @@ -29,6 +29,7 @@ sensitive_parameters = [] # Initialize 'pretty print' for objects pp = pprint.PrettyPrinter(indent=4) + def log_format(given_dict): new_dict = {} @@ -42,6 +43,7 @@ def log_format(given_dict): return pp.pformat(new_dict) + # PKI Deployment Logging Functions def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): if not os.path.isdir(log_dir): @@ -57,8 +59,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure console handler console = logging.StreamHandler() console.setLevel(console_log_level) - console_format = logging.Formatter('%(name)-12s: ' + \ - '%(levelname)-8s ' + \ + console_format = logging.Formatter('%(name)-12s: ' + + '%(levelname)-8s ' + '%(indent)s%(message)s') console.setFormatter(console_format) logger.addHandler(console) @@ -66,8 +68,8 @@ def enable_pki_logger(log_dir, log_name, log_level, console_log_level, name): # Configure file handler log_file = logging.FileHandler(log_dir + "/" + log_name, 'w') log_file.setLevel(log_level) - file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + \ - '%(levelname)-8s ' + \ + file_format = logging.Formatter('%(asctime)s %(name)-12s: ' + + '%(levelname)-8s ' + '%(indent)s%(message)s', '%Y-%m-%d %H:%M:%S') log_file.setFormatter(file_format) diff --git a/base/server/python/pki/server/deployment/pkimanifest.py b/base/server/python/pki/server/deployment/pkimanifest.py index 8ba60dd8b..593fb20d3 100644 --- a/base/server/python/pki/server/deployment/pkimanifest.py +++ b/base/server/python/pki/server/deployment/pkimanifest.py @@ -36,13 +36,13 @@ RECORD_TYPE_SYMLINK = "symlink" # PKI Deployment Manifest Record Class class Record(object): __slots__ = "name", \ - "type", \ - "user", \ - "group", \ - "uid", \ - "gid", \ - "permissions", \ - "acls", + "type", \ + "user", \ + "group", \ + "uid", \ + "gid", \ + "permissions", \ + "acls", def __init__(self): self.name = None @@ -55,18 +55,18 @@ class Record(object): self.acls = None def items(self): - "dict style items" + """dict style items""" return [ (field_name, getattr(self, field_name)) for field_name in self.__slots__] def __iter__(self): - "iterate over fields tuple/list style" + """iterate over fields tuple/list style""" for field_name in self.__slots__: yield getattr(self, field_name) def __getitem__(self, index): - "tuple/list style getitem" + """tuple/list style getitem""" return getattr(self, self.__slots__[index]) diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index 7e98ff052..2e518d8df 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -61,7 +61,8 @@ PKI_CONFIGURATION_STANDALONE_1 = " Please obtain the necessary "\ "certificates for this stand-alone %s,\n"\ " and re-run the configuration for "\ "step two." -PKI_CONFIGURATION_URL_1 = " Please start the configuration by accessing:\n %s" +PKI_CONFIGURATION_URL_1 = \ + " Please start the configuration by accessing:\n %s" PKI_CONFIGURATION_WIZARD_RESTART_1 = "After configuration, the server can be "\ "operated by the command:\n%s" PKI_CONFIGURATION_WIZARD_URL_1 = "Configuration Wizard listening on\n%s" @@ -244,17 +245,17 @@ PKIHELPER_NOISE_FILE_2 = "generating noise file called '%s' and "\ "filling it with '%d' random bytes" PKIHELPER_PASSWORD_CONF_1 = "generating '%s'" PKIHELPER_PASSWORD_NOT_FOUND_1 = "no password found for '%s'!" -PKIHELPER_PK12UTIL_MISSING_DBPWFILE = "pk12util missing "\ - "-k db-password-file option!" -PKIHELPER_PK12UTIL_MISSING_NICKNAME = "pk12util missing "\ - "-n nickname option!" -PKIHELPER_PK12UTIL_MISSING_OUTFILE = "pk12util missing "\ - "-o output-file option!" -PKIHELPER_PK12UTIL_MISSING_PWFILE = "pk12util missing "\ - "-w pw-file option!" +PKIHELPER_PK12UTIL_MISSING_DBPWFILE = \ + "pk12util missing -k db-password-file option!" +PKIHELPER_PK12UTIL_MISSING_NICKNAME = \ + "pk12util missing -n nickname option!" +PKIHELPER_PK12UTIL_MISSING_OUTFILE = \ + "pk12util missing -o output-file option!" +PKIHELPER_PK12UTIL_MISSING_PWFILE = \ + "pk12util missing -w pw-file option!" -PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = "instance '%s' contains '%d' "\ - "PKI subsystems" +PKIHELPER_PKI_INSTANCE_SUBSYSTEMS_2 = \ + "instance '%s' contains '%d' PKI subsystems" PKIHELPER_REMOVE_FILTER_SECTION_1 = "removing filter section from '%s'" PKIHELPER_RM_F_1 = "rm -f %s" PKIHELPER_RM_RF_1 = "rm -rf %s" @@ -320,38 +321,35 @@ PKI_CONFIG_CDATA_CERT = "cert:" PKI_CONFIG_CDATA_REQUEST = "request:" PKI_CONFIG_CONFIGURING_PKI_DATA = "configuring PKI configuration data." PKI_CONFIG_CONSTRUCTING_PKI_DATA = "constructing PKI configuration data." -PKI_CONFIG_PKCS10_SUPPORT_ONLY = "only the 'pkcs10' certificate request type "\ - "is currently supported" -PKI_CONFIG_EXTERNAL_CA_LOAD = "loading external CA signing certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = "loading external CA signing certificate "\ - "chain from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = "loading external CA signed KRA "\ - "Storage certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = "loading external CA signed KRA "\ - "Transport certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = "loading external CA signed OCSP "\ - "Signing certificate from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = "loading external CA signed "\ - "%s SSL Server certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = "loading external CA signed "\ - "%s Subsystem certificate "\ - "from file:" -PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = "loading external CA "\ - "signed %s Audit Signing "\ - "certificate from file:" +PKI_CONFIG_PKCS10_SUPPORT_ONLY = \ + "only the 'pkcs10' certificate request type is currently supported" +PKI_CONFIG_EXTERNAL_CA_LOAD = \ + "loading external CA signing certificate from file:" +PKI_CONFIG_EXTERNAL_CA_CHAIN_LOAD = \ + "loading external CA signing certificate chain from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_STORAGE = \ + "loading external CA signed KRA Storage certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_KRA_TRANSPORT = \ + "loading external CA signed KRA Transport certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_OCSP_SIGNING = \ + "loading external CA signed OCSP Signing certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SSLSERVER_1 = \ + "loading external CA signed %s SSL Server certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_SUBSYSTEM_1 = \ + "loading external CA signed %s Subsystem certificate from file:" +PKI_CONFIG_EXTERNAL_CERT_LOAD_PKI_AUDIT_SIGNING_1 = \ + "loading external CA signed %s Audit Signing certificate from file:" PKI_CONFIG_EXTERNAL_CSR_SAVE = "saving CA Signing CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_STORAGE = "saving KRA Storage CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_KRA_TRANSPORT = "saving KRA Transport CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_OCSP_SIGNING = "saving OCSP Signing CSR to file:" PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_ADMIN_1 = "saving %s Admin CSR to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = "saving %s Audit Signing "\ - "CSR to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = "saving %s SSL Server CSR "\ - "to file:" -PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = "saving %s Subsystem CSR "\ - "to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_AUDIT_SIGNING_1 = \ + "saving %s Audit Signing CSR to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SSLSERVER_1 = \ + "saving %s SSL Server CSR to file:" +PKI_CONFIG_EXTERNAL_CSR_SAVE_PKI_SUBSYSTEM_1 = \ + "saving %s Subsystem CSR to file:" PKI_CONFIG_JAVA_CONFIGURATION_EXCEPTION = \ "Exception from Java Configuration Servlet:" PKI_CONFIG_RESPONSE_ADMIN_CERT = "adminCert:" @@ -361,8 +359,9 @@ PKI_CHECK_STATUS_MESSAGE = " To check the status of the subsystem: \n"\ " systemctl status pki-tomcatd@%s.service" PKI_ACCESS_URL = " The URL for the subsystem is: \n"\ " https://%s:%s/%s" -PKI_INSTANCE_RESTART_MESSAGE = " To restart the subsystem: \n"\ - " systemctl restart pki-tomcatd@%s.service" +PKI_INSTANCE_RESTART_MESSAGE = \ + " To restart the subsystem: \n"\ + " systemctl restart pki-tomcatd@%s.service" PKI_SPAWN_INFORMATION_HEADER = "\n ==========================================================================\n"\ diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 620c9bdb5..a0e315d0e 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -54,36 +54,41 @@ class PKIConfigParser: #Read and process command-line options self.arg_parser = argparse.ArgumentParser( - description=description, - add_help=False, - formatter_class=argparse.RawDescriptionHelpFormatter, - epilog=epilog) + description=description, + add_help=False, + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=epilog) # Establish 'Mandatory' command-line options - self.mandatory = self.arg_parser.add_argument_group('mandatory arguments') + self.mandatory = self.arg_parser.add_argument_group( + 'mandatory arguments') # Establish 'Optional' command-line options self.optional = self.arg_parser.add_argument_group('optional arguments') - self.optional.add_argument('-s', - dest='pki_subsystem', action='store', - nargs=1, choices=config.PKI_SUBSYSTEMS, - metavar='', - help='where is ' - 'CA, KRA, OCSP, RA, TKS, or TPS') - self.optional.add_argument('-h', '--help', - dest='help', action='help', - help='show this help message and exit') - self.optional.add_argument('-v', - dest='pki_verbosity', action='count', - help='display verbose information (details below)') + self.optional.add_argument( + '-s', + dest='pki_subsystem', action='store', + nargs=1, choices=config.PKI_SUBSYSTEMS, + metavar='', + help='where is ' + 'CA, KRA, OCSP, RA, TKS, or TPS') + self.optional.add_argument( + '-h', '--help', + dest='help', action='help', + help='show this help message and exit') + self.optional.add_argument( + '-v', + dest='pki_verbosity', action='count', + help='display verbose information (details below)') # Establish 'Test' command-line options test = self.arg_parser.add_argument_group('test arguments') - test.add_argument('-p', - dest='pki_root_prefix', action='store', - nargs=1, metavar='', - help='directory prefix to specify local directory ' - '[TEST ONLY]') + test.add_argument( + '-p', + dest='pki_root_prefix', action='store', + nargs=1, metavar='', + help='directory prefix to specify local directory ' + '[TEST ONLY]') self.indent = 0 self.ds_connection = None self.sd_connection = None @@ -123,13 +128,12 @@ class PKIConfigParser: return args - def validate(self): # Validate command-line options if len(config.pki_root_prefix) > 0: - if not os.path.exists(config.pki_root_prefix) or\ - not os.path.isdir(config.pki_root_prefix): + if not os.path.exists(config.pki_root_prefix) or \ + not os.path.isdir(config.pki_root_prefix): print "ERROR: " + \ log.PKI_DIRECTORY_MISSING_OR_NOT_A_DIRECTORY_1 % \ config.pki_root_prefix @@ -138,8 +142,8 @@ class PKIConfigParser: self.arg_parser.exit(-1) # always default that configuration file exists - if not os.path.exists(config.default_deployment_cfg) or\ - not os.path.isfile(config.default_deployment_cfg): + if not os.path.exists(config.default_deployment_cfg) or \ + not os.path.isfile(config.default_deployment_cfg): print "ERROR: " + \ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.default_deployment_cfg @@ -149,8 +153,8 @@ class PKIConfigParser: if config.user_deployment_cfg: # verify user configuration file exists - if not os.path.exists(config.user_deployment_cfg) or\ - not os.path.isfile(config.user_deployment_cfg): + if not os.path.exists(config.user_deployment_cfg) or \ + not os.path.isfile(config.user_deployment_cfg): print "ERROR: " + \ log.PKI_FILE_MISSING_OR_NOT_A_FILE_1 % \ config.user_deployment_cfg @@ -158,7 +162,6 @@ class PKIConfigParser: self.arg_parser.print_help() self.arg_parser.exit(-1) - def init_config(self): # RESTEasy @@ -184,7 +187,8 @@ class PKIConfigParser: default_http_port = '80' default_https_port = '443' - application_version = str(pki.upgrade.Version(pki.implementation_version())) + application_version = str(pki.upgrade.Version( + pki.implementation_version())) self.pki_config = ConfigParser.SafeConfigParser({ 'application_version': application_version, @@ -194,7 +198,7 @@ class PKIConfigParser: 'pki_dns_domainname': config.pki_dns_domainname, 'pki_subsystem': config.pki_subsystem, 'pki_subsystem_type': config.pki_subsystem.lower(), - 'pki_root_prefix' : config.pki_root_prefix, + 'pki_root_prefix': config.pki_root_prefix, 'resteasy_lib': resteasy_lib, 'jni_jar_dir': jni_jar_dir, 'home_dir': os.path.expanduser("~"), @@ -211,7 +215,6 @@ class PKIConfigParser: self.flatten_master_dict() - # The following code is based heavily upon # "http://www.decalage.info/en/python/configparser" @staticmethod @@ -234,7 +237,6 @@ class PKIConfigParser: values[name] = value return values - def set_property(self, section, key, value): if section != "DEFAULT" and not self.pki_config.has_section(section): self.pki_config.add_section(section) @@ -245,13 +247,13 @@ class PKIConfigParser: config.user_config.add_section(section) config.user_config.set(section, key, value) - def print_text(self, message): print ' ' * self.indent + message - def read_text(self, message, - section=None, key=None, default=None, - options=None, sign=':', allow_empty=True, case_sensitive=True): + def read_text( + self, message, + section=None, key=None, default=None, + options=None, sign=':', allow_empty=True, case_sensitive=True): if default is None and key is not None: default = self.mdict[key] @@ -291,9 +293,9 @@ class PKIConfigParser: return value - - def read_password(self, message, section=None, key=None, - verifyMessage=None): + def read_password( + self, message, section=None, key=None, + verifyMessage=None): message = ' ' * self.indent + message + ': ' if verifyMessage is not None: verifyMessage = ' ' * self.indent + verifyMessage + ': ' @@ -321,19 +323,21 @@ class PKIConfigParser: return password def read_pki_configuration_file(self): - "Read configuration file sections into dictionaries" + """Read configuration file sections into dictionaries""" rv = 0 try: if config.user_deployment_cfg: # We don't allow interpolation in password settings, which # means that we need to deal with escaping '%' characters # that might be present. - no_interpolation = ('pki_admin_password', 'pki_backup_password', - 'pki_client_database_password', - 'pki_client_pkcs12_password', - 'pki_ds_password', 'pki_security_domain_password') - - print 'Loading deployment configuration from ' + config.user_deployment_cfg + '.' + no_interpolation = ( + 'pki_admin_password', 'pki_backup_password', + 'pki_client_database_password', + 'pki_client_pkcs12_password', + 'pki_ds_password', 'pki_security_domain_password') + + print 'Loading deployment configuration from ' + \ + config.user_deployment_cfg + '.' self.pki_config.read([config.user_deployment_cfg]) config.user_config.read([config.user_deployment_cfg]) @@ -345,9 +349,11 @@ class PKIConfigParser: for section in sections: for key in no_interpolation: try: - val = self.pki_config.get(section, key, raw=True) + val = self.pki_config.get( + section, key, raw=True) if val: - self.pki_config.set(section, key, val.replace("%", "%%")) + self.pki_config.set( + section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue @@ -357,9 +363,11 @@ class PKIConfigParser: for section in sections: for key in no_interpolation: try: - val = config.user_config.get(section, key, raw=True) + val = config.user_config.get( + section, key, raw=True) if val: - config.user_config.set(section, key, val.replace("%", "%%")) + config.user_config.set( + section, key, val.replace("%", "%%")) except ConfigParser.NoOptionError: continue except ConfigParser.ParsingError, err: @@ -367,7 +375,6 @@ class PKIConfigParser: rv = err return rv - def flatten_master_dict(self): self.mdict.update(__name__="PKI Master Dictionary") @@ -392,7 +399,6 @@ class PKIConfigParser: subsystem_dict[0] = None self.mdict.update(subsystem_dict) - def ds_connect(self): hostname = self.mdict['pki_ds_hostname'] @@ -404,7 +410,8 @@ class PKIConfigParser: protocol = 'ldap' port = self.mdict['pki_ds_ldap_port'] - self.ds_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) + self.ds_connection = ldap.initialize( + protocol + '://' + hostname + ':' + port) def ds_bind(self): self.ds_connection.simple_bind_s( @@ -463,9 +470,9 @@ class PKIConfigParser: info = sd.get_security_domain_info() except requests.exceptions.HTTPError as e: config.pki_log.info( - "unable to access security domain through REST interface. " + \ + "unable to access security domain through REST interface. " + "Trying old interface. " + str(e), - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) info = sd.get_old_security_domain_info() return info @@ -482,9 +489,9 @@ class PKIConfigParser: code = e.response.status_code if code == 404 or code == 501: config.pki_log.warning( - "unable to validate security domain user/password " + \ + "unable to validate security domain user/password " + "through REST interface. Interface not available", - extra=config.PKI_INDENTATION_LEVEL_2) + extra=config.PKI_INDENTATION_LEVEL_2) else: raise @@ -498,7 +505,8 @@ class PKIConfigParser: else: protocol = 'ldap' - self.authdb_connection = ldap.initialize(protocol + '://' + hostname + ':' + port) + self.authdb_connection = ldap.initialize( + protocol + '://' + hostname + ':' + port) self.authdb_connection.search_s('', ldap.SCOPE_BASE) def authdb_base_dn_exists(self): @@ -518,17 +526,20 @@ class PKIConfigParser: def get_server_status(self, system_type, system_uri): parse = urlparse(self.mdict[system_uri]) conn = pki.client.PKIConnection( - protocol=parse.scheme, - hostname=parse.hostname, - port=str(parse.port), - subsystem=system_type) + protocol=parse.scheme, + hostname=parse.hostname, + port=str(parse.port), + subsystem=system_type) client = pki.system.SystemStatusClient(conn) response = client.get_status() root = ET.fromstring(response) return root.findtext("Status") def compose_pki_master_dictionary(self): - "Create a single master PKI dictionary from the sectional dictionaries" + """ + Create a single master PKI dictionary from the + sectional dictionaries + """ try: # 'pkispawn'/'pkidestroy' name/value pairs self.mdict['pki_deployment_executable'] = \ @@ -538,7 +549,8 @@ class PKIConfigParser: self.mdict['pki_certificate_timestamp'] = \ config.pki_certificate_timestamp self.mdict['pki_architecture'] = config.pki_architecture - self.mdict['pki_default_deployment_cfg'] = config.default_deployment_cfg + self.mdict['pki_default_deployment_cfg'] = \ + config.default_deployment_cfg self.mdict['pki_user_deployment_cfg'] = config.user_deployment_cfg self.mdict['pki_deployed_instance_name'] = \ config.pki_deployed_instance_name @@ -554,22 +566,23 @@ class PKIConfigParser: self.flatten_master_dict() - pkilogging.sensitive_parameters = self.mdict['sensitive_parameters'].split() + pkilogging.sensitive_parameters = \ + self.mdict['sensitive_parameters'].split() # Always create "false" values for these missing "boolean" keys - if not self.mdict.has_key('pki_enable_access_log') or\ + if not 'pki_enable_access_log' in self.mdict or\ not len(self.mdict['pki_enable_access_log']): self.mdict['pki_enable_access_log'] = "false" - if not self.mdict.has_key('pki_external') or\ + if not 'pki_external' in self.mdict or\ not len(self.mdict['pki_external']): self.mdict['pki_external'] = "false" - if not self.mdict.has_key('pki_external_step_two') or\ + if not 'pki_external_step_two' in self.mdict or\ not len(self.mdict['pki_external_step_two']): self.mdict['pki_external_step_two'] = "false" - if not self.mdict.has_key('pki_standalone') or\ + if not 'pki_standalone' in self.mdict or\ not len(self.mdict['pki_standalone']): self.mdict['pki_standalone'] = "false" - if not self.mdict.has_key('pki_subordinate') or\ + if not 'pki_subordinate' in self.mdict or\ not len(self.mdict['pki_subordinate']): self.mdict['pki_subordinate'] = "false" @@ -581,7 +594,7 @@ class PKIConfigParser: self.mdict['pki_target_registry'] = \ os.path.join(self.mdict['pki_instance_registry_path'], self.mdict['pki_instance_name']) - if (config.str2bool(self.mdict['pki_external_step_two'])): + if config.str2bool(self.mdict['pki_external_step_two']): # For CA (External CA Step 2) and Stand-alone PKI (Step 2), # use the 'pki_one_time_pin' established during the setup # of (Step 1) @@ -589,11 +602,12 @@ class PKIConfigParser: and\ os.path.isfile(self.mdict['pki_target_cs_cfg']): cs_cfg = self.read_simple_configuration_file( - self.mdict['pki_target_cs_cfg']) + self.mdict['pki_target_cs_cfg']) self.mdict['pki_one_time_pin'] = \ cs_cfg.get('preop.pin') else: - config.pki_log.error(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, + config.pki_log.error( + log.PKI_FILE_MISSING_OR_NOT_A_FILE_1, self.mdict['pki_target_cs_cfg'], extra=config.PKI_INDENTATION_LEVEL_2) raise Exception(log.PKI_FILE_MISSING_OR_NOT_A_FILE_1) @@ -602,7 +616,7 @@ class PKIConfigParser: # and add this to the "sensitive" key value pairs read in from # the configuration file self.mdict['pki_one_time_pin'] = \ - ''.join(random.choice(string.ascii_letters + string.digits)\ + ''.join(random.choice(string.ascii_letters + string.digits) for x in range(20)) if self.mdict['pki_subsystem'] in\ config.PKI_TOMCAT_SUBSYSTEMS: @@ -649,73 +663,72 @@ class PKIConfigParser: # subystem-specific slot substitution name/value pairs if self.mdict['pki_subsystem'] == "CA": self.mdict['pki_target_flatfile_txt'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "flatfile.txt") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "flatfile.txt") self.mdict['pki_target_proxy_conf'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "proxy.conf") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "proxy.conf") self.mdict['pki_target_registry_cfg'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "registry.cfg") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") # '*.profile' self.mdict['pki_target_admincert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "adminCert.profile") - self.mdict['pki_target_caauditsigningcert_profile']\ - = os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caAuditSigningCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "adminCert.profile") + self.mdict['pki_target_caauditsigningcert_profile'] = \ + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caAuditSigningCert.profile") self.mdict['pki_target_cacert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caCert.profile") self.mdict['pki_target_caocspcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "caOCSPCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "caOCSPCert.profile") self.mdict['pki_target_servercert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "serverCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "subsystemCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") # in-place slot substitution name/value pairs self.mdict['pki_target_profileselect_template'] = \ os.path.join( - self.mdict\ - ['pki_tomcat_webapps_subsystem_path'], + self.mdict['pki_tomcat_webapps_subsystem_path'], "ee", self.mdict['pki_subsystem'].lower(), "ProfileSelect.template") elif self.mdict['pki_subsystem'] == "KRA": # '*.profile' self.mdict['pki_target_servercert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "serverCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "serverCert.profile") self.mdict['pki_target_storagecert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "storageCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "storageCert.profile") self.mdict['pki_target_subsystemcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "subsystemCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "subsystemCert.profile") self.mdict['pki_target_transportcert_profile'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "transportCert.profile") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "transportCert.profile") elif self.mdict['pki_subsystem'] == "TPS": self.mdict['pki_target_registry_cfg'] = \ - os.path.join(self.mdict\ - ['pki_subsystem_configuration_path'], - "registry.cfg") + os.path.join( + self.mdict['pki_subsystem_configuration_path'], + "registry.cfg") self.mdict['pki_target_phone_home_xml'] = \ os.path.join( self.mdict['pki_subsystem_configuration_path'], @@ -761,20 +774,15 @@ class PKIConfigParser: self.mdict['SYSTEM_LIBRARIES_SLOT'] = None self.mdict['SYSTEM_USER_LIBRARIES_SLOT'] = None self.mdict['TMP_DIR_SLOT'] = None - elif self.mdict['pki_subsystem'] in\ - config.PKI_TOMCAT_SUBSYSTEMS: + elif self.mdict['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS: self.mdict['INSTALL_TIME_SLOT'] = \ self.mdict['pki_install_time'] self.mdict['PKI_ADMIN_SECURE_PORT_SLOT'] = \ self.mdict['pki_https_port'] - self.mdict\ - ['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ + self.mdict['PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" - self.mdict\ - ['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = \ - "" - self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = \ - "want" + self.mdict['PKI_ADMIN_SECURE_PORT_SERVER_COMMENT_SLOT'] = "" + self.mdict['PKI_AGENT_CLIENTAUTH_SLOT'] = "want" self.mdict['PKI_AGENT_SECURE_PORT_SLOT'] = \ self.mdict['pki_https_port'] self.mdict['PKI_AJP_PORT_SLOT'] = \ @@ -789,19 +797,17 @@ class PKIConfigParser: self.mdict['pki_pin'] self.mdict['PKI_CFG_PATH_NAME_SLOT'] = \ self.mdict['pki_target_cs_cfg'] - self.mdict\ - ['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "-->" - self.mdict\ - ['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ + self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT'] = \ "Unused" self.mdict\ - ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ + ['PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT_SLOT'] = \ "" self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT'] = \ self.mdict['pki_https_port'] @@ -822,15 +828,12 @@ class PKIConfigParser: "tomcat") self.mdict['PKI_HOSTNAME_SLOT'] = \ self.mdict['pki_hostname'] - self.mdict\ - ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ + self.mdict['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] = \ "