More DNSSEC house keeping

Related: https://pagure.io/freeipa/issue/4985 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
author: Christian Heimes <cheimes@redhat.com> 2017-11-15 15:46:33 +0100
committer: Christian Heimes <cheimes@redhat.com> 2018-02-07 17:27:11 +0100
commit: 575e513b15586b49f15428655c5d4aa6e6fc2867 (patch)
tree: caa50c677a22f7ff212707acd7dca93e1ddfadeb
parent: efded2264f79c740ac7dbe4aca24705e734c19b8 (diff)
download: freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.tar.gz
freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.tar.xz
freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.zip
2 files changed, 29 insertions, 30 deletions
diff --git a/ipaserver/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
index 69dff3dee..9224c21f2 100644
--- a/ipaserver/dnssec/bindmgr.py
+++ b/ipaserver/dnssec/bindmgr.py
@@ -106,18 +106,27 @@ class BINDMgr(object):
 
     def install_key(self, zone, uuid, attrs, workdir):
         """Run dnssec-keyfromlabel on given LDAP object.
-        :returns: base file name of output files, e.g. Kaaa.test.+008+19719"""
+        :returns: base file name of output files, e.g. Kaaa.test.+008+19719
+        """
         logger.info('attrs: %s', attrs)
         assert attrs.get('idnsseckeyzone', [b'FALSE'])[0] == b'TRUE', \
             b'object %s is not a DNS zone key' % attrs['dn']
 
-        uri = b"%s;pin-source=%s" % (attrs['idnsSecKeyRef'][0], paths.DNSSEC_SOFTHSM_PIN.encode('utf-8'))
-        cmd = [paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a', attrs['idnsSecAlgorithm'][0], '-l', uri]
-        cmd += self.dates2params(attrs)
+        uri = b"%s;pin-source=%s" % (
+            attrs['idnsSecKeyRef'][0],
+            paths.DNSSEC_SOFTHSM_PIN.encode('utf-8')
+        )
+        cmd = [
+            paths.DNSSEC_KEYFROMLABEL,
+            '-K', workdir,
+            '-a', attrs['idnsSecAlgorithm'][0],
+            '-l', uri
+        ]
+        cmd.extend(self.dates2params(attrs))
         if attrs.get('idnsSecKeySep', [b'FALSE'])[0].upper() == b'TRUE':
-            cmd += ['-f', 'KSK']
+            cmd.extend(['-f', 'KSK'])
         if attrs.get('idnsSecKeyRevoke', [b'FALSE'])[0].upper() == b'TRUE':
-            cmd += ['-R', datetime.now().strftime(time_bindfmt)]
+            cmd.extend(['-R', datetime.now().strftime(time_bindfmt)])
         cmd.append(zone.to_text())
 
         # keys has to be readable by ODS & named
@@ -142,28 +151,19 @@ class BINDMgr(object):
 
         # strip final (empty) label
         zone = zone.relativize(dns.name.root)
-        escaped = ""
+        escaped = []
         for label in zone:
             for char in label:
-                if six.PY2:
-                    # PY3 char is already int
-                    char = ord(char)
-                if (
-                    (char >= 0x30 and char <= 0x39) or  # digit
-                    (char >= 0x41 and char <= 0x5A) or  # uppercase
-                    (char >= 0x61 and char <= 0x7A) or  # lowercase
-                    char == 0x2D or                     # hyphen
-                    char == 0x5F                        # underscore
-                ):
-                    if char >= 0x41 and char <= 0x5A:  # downcase
-                        char += 0x20
-                    escaped += chr(char)
+                if six.PY3:
+                    char = chr(char)
+                if char.isalnum() or char in "-_":
+                    escaped.append(char.lower())
                 else:
-                    escaped += "%%%02X" % char
-            escaped += '.'
+                    escaped.append("%%%02X" % ord(char))
+            escaped.append('.')
 
         # strip trailing period
-        return escaped[:-1]
+        return ''.join(escaped[:-1])
 
     def sync_zone(self, zone):
         logger.info('Synchronizing zone %s', zone)
diff --git a/ipaserver/dnssec/localhsm.py b/ipaserver/dnssec/localhsm.py
index 67a4ed2bb..c0179ad9e 100755
--- a/ipaserver/dnssec/localhsm.py
+++ b/ipaserver/dnssec/localhsm.py
@@ -45,8 +45,8 @@ class Key(collections.MutableMapping):
             assert len(cka_label) != 0, 'ipk11label length should not be 0'
 
         except _ipap11helper.NotFound:
-            raise _ipap11helper.NotFound('key without ipk11label: id 0x%s'
-                    % str_hexlify(cka_id))
+            raise _ipap11helper.NotFound(
+                'key without ipk11label: id 0x%s' % str_hexlify(cka_id))
 
     def __getitem__(self, key):
         key = key.lower()
@@ -186,7 +186,6 @@ class LocalHSM(AbstractHSM):
         return Key(self.p11, h)
 
 
-
 if __name__ == '__main__':
     if 'SOFTHSM2_CONF' not in os.environ:
         os.environ['SOFTHSM2_CONF'] = paths.DNSSEC_SOFTHSM2_CONF
@@ -216,13 +215,13 @@ if __name__ == '__main__':
     print('')
     print('zone public keys')
     print('================')
-    for key_id, key in localhsm.zone_pubkeys.items():
+    for key_id, zkey in localhsm.zone_pubkeys.items():
         print(str_hexlify(key_id))
-        pprint(key)
+        pprint(zkey)
 
     print('')
     print('zone private keys')
     print('=================')
-    for key_id, key in localhsm.zone_privkeys.items():
+    for key_id, zkey in localhsm.zone_privkeys.items():
         print(str_hexlify(key_id))
-        pprint(key)
+        pprint(zkey)
author	Christian Heimes <cheimes@redhat.com>	2017-11-15 15:46:33 +0100
committer	Christian Heimes <cheimes@redhat.com>	2018-02-07 17:27:11 +0100
commit	575e513b15586b49f15428655c5d4aa6e6fc2867 (patch)
tree	caa50c677a22f7ff212707acd7dca93e1ddfadeb
parent	efded2264f79c740ac7dbe4aca24705e734c19b8 (diff)
download	freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.tar.gz freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.tar.xz freeipa-575e513b15586b49f15428655c5d4aa6e6fc2867.zip