diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2015-11-25 17:17:18 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-12-14 10:54:23 +0100 |
| commit | 099cf98307d4b2f0ace5d5e28754f264808bf59d (patch) | |
| tree | a2cfad681ef3e0adf47afdd0810e69d760fa07bf /ipapython/certdb.py | |
| parent | 4cc206b0f82dd68d615f0aebba5b03acf127f53a (diff) | |
| download | freeipa-099cf98307d4b2f0ace5d5e28754f264808bf59d.tar.gz freeipa-099cf98307d4b2f0ace5d5e28754f264808bf59d.tar.xz freeipa-099cf98307d4b2f0ace5d5e28754f264808bf59d.zip | |
Refactor ipautil.run
The ipautil.run function now returns an object with returncode and
output are accessible as attributes.
The stdout and stderr of all commands are logged (unless skip_output is given).
The stdout/stderr contents must be explicitly requested with a keyword
argument, otherwise they are None.
This is because in Python 3, the output needs to be decoded, and that can
fail if it's not decodable (human-readable) text.
The raw (bytes) output is always available from the result object,
as is "leniently" decoded output suitable for logging.
All calls are changed to reflect this.
A use of Popen in cainstance is changed to ipautil.run.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython/certdb.py')
| -rw-r--r-- | ipapython/certdb.py | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 704bae528..1e6c63a15 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -107,10 +107,10 @@ class NSSDatabase(object): def __exit__(self, type, value, tb): self.close() - def run_certutil(self, args, stdin=None): + def run_certutil(self, args, stdin=None, **kwargs): new_args = [paths.CERTUTIL, "-d", self.secdir] new_args = new_args + args - return ipautil.run(new_args, stdin) + return ipautil.run(new_args, stdin, **kwargs) def create_db(self, password_filename): """Create cert DB @@ -124,8 +124,8 @@ class NSSDatabase(object): :return: List of (name, trust_flags) tuples """ - certs, stderr, returncode = self.run_certutil(["-L"]) - certs = certs.splitlines() + result = self.run_certutil(["-L"], capture_output=True) + certs = result.output.splitlines() # FIXME, this relies on NSS never changing the formatting of certutil certlist = [] @@ -157,9 +157,8 @@ class NSSDatabase(object): :return: List of certificate names """ root_nicknames = [] - chain, stderr, returncode = self.run_certutil([ - "-O", "-n", nickname]) - chain = chain.splitlines() + result = self.run_certutil(["-O", "-n", nickname], capture_output=True) + chain = result.output.splitlines() for c in chain: m = re.match('\s*"(.*)" \[.*', c) @@ -247,7 +246,8 @@ class NSSDatabase(object): '-print_certs', ] try: - stdout, stderr, rc = ipautil.run(args, stdin=body) + result = ipautil.run( + args, stdin=body, capture_output=True) except ipautil.CalledProcessError as e: if label == 'CERTIFICATE': root_logger.warning( @@ -259,7 +259,7 @@ class NSSDatabase(object): filename, line, e) continue else: - extracted_certs += stdout + '\n' + extracted_certs += result.output + '\n' loaded = True continue @@ -286,14 +286,15 @@ class NSSDatabase(object): '-passin', 'file:' + key_pwdfile.name, ] try: - stdout, stderr, rc = ipautil.run(args, stdin=body) + result = ipautil.run( + args, stdin=body, capture_output=True) except ipautil.CalledProcessError as e: root_logger.warning( "Skipping private key in %s at line %s: %s", filename, line, e) continue else: - extracted_key = stdout + extracted_key = result.output key_file = filename loaded = True continue @@ -401,10 +402,13 @@ class NSSDatabase(object): else: args.append('-r') try: - cert, err, returncode = self.run_certutil(args) + result = self.run_certutil(args, capture_output=pem) except ipautil.CalledProcessError: raise RuntimeError("Failed to get %s" % nickname) - return cert + if pem: + return result.output + else: + return result.raw_output def has_nickname(self, nickname): try: |