certmaster/CommonErrors.py | 1 certmaster/SSLCommon.py | 1 certmaster/SSLConnection.py | 2 - certmaster/certmaster.py | 68 ++++++++++++++++++++++---------------------- certmaster/certs.py | 26 ++++++++-------- certmaster/codes.py | 1 certmaster/config.py | 36 +++++++++++------------ certmaster/logger.py | 4 +- certmaster/requester.py | 8 ++--- certmaster/utils.py | 15 ++++----- 10 files changed, 79 insertions(+), 83 deletions(-) New commits: commit d7a437a33c7767917fdc963953a39286a01db696 Author: S.Ã?aÄ?lar Onur <caglar@xxxxxxxxxxxxxxxx> Date: Fri Oct 15 15:01:23 2010 -0400 Whitespace cleanup which includes; * Change files to use 4-space indents and no hard tab characters. * Trim excess spaces and tabs from ends of lines. * Remove empty lines at the end of files and ensure the last line ends with a newline. Generated by http://svn.python.org/projects/python/trunk/Tools/scripts/reindent.py diff --git a/certmaster/CommonErrors.py b/certmaster/CommonErrors.py index 437606a..2dfb814 100644 --- a/certmaster/CommonErrors.py +++ b/certmaster/CommonErrors.py @@ -67,4 +67,3 @@ class CertMaster_Client_Exception(Exception): self.value = value def __str__(self): return "%s" %(self.value,) - diff --git a/certmaster/SSLCommon.py b/certmaster/SSLCommon.py index e93ff63..5672a7f 100644 --- a/certmaster/SSLCommon.py +++ b/certmaster/SSLCommon.py @@ -121,4 +121,3 @@ class HTTPS(httplib.HTTP): def __init__(self, host='', port=None, ssl_context=None, strict=None, timeout=None): self._setup(self._connection_class(host, port, ssl_context, strict, timeout)) - diff --git a/certmaster/SSLConnection.py b/certmaster/SSLConnection.py index 93fabb6..4d4c162 100644 --- a/certmaster/SSLConnection.py +++ b/certmaster/SSLConnection.py @@ -99,7 +99,7 @@ class SSLConnection: if hasattr(data, 'tobytes'): data = data.tobytes() - + starttime = time.time() origlen = len(data) sent = -1 diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py index 981efd8..7b133df 100644 --- a/certmaster/certmaster.py +++ b/certmaster/certmaster.py @@ -77,11 +77,11 @@ class CertMaster(object): print 'Cannot make certmaster certificate authority keys/certs, aborting: %s' % e sys.exit(1) - + # open up the cakey and cacert so we have them available self.cakey = certs.retrieve_key_from_file(self.ca_key_file) self.cacert = certs.retrieve_cert_from_file(self.ca_cert_file) - + for dirpath in [self.cfg.cadir, self.cfg.certroot, self.cfg.csrroot]: if not os.path.exists(dirpath): os.makedirs(dirpath) @@ -91,7 +91,7 @@ class CertMaster(object): 'wait_for_cert': self.wait_for_cert, } - + def _dispatch(self, method, params): if method == 'trait_names' or method == '_getAttributeNames': return self.handlers.keys() @@ -102,40 +102,40 @@ class CertMaster(object): else: self.logger.info("Unhandled method call for method: %s " % method) raise codes.InvalidMethodException - + def _sanitize_cn(self, commonname): commonname = commonname.replace('/', '') - commonname = commonname.replace('\\', '') + commonname = commonname.replace('\\', '') return commonname - + def wait_for_cert(self, csrbuf, with_triggers=True): """ takes csr as a string returns True, caller_cert, ca_cert returns False, '', '' """ - + try: csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csrbuf) except crypto.Error, e: #XXX need to raise a fault here and document it - but false is just as good return False, '', '' - + requesting_host = self._sanitize_cn(csrreq.get_subject().CN) if with_triggers: - self._run_triggers(requesting_host, '/var/lib/certmaster/triggers/request/pre/*') + self._run_triggers(requesting_host, '/var/lib/certmaster/triggers/request/pre/*') self.logger.info("%s requested signing of cert %s" % (requesting_host,csrreq.get_subject().CN)) # get rid of dodgy characters in the filename we're about to make - + certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host) csrfile = '%s/%s.csr' % (self.cfg.csrroot, requesting_host) # check for old csr on disk # if we have it - compare the two - if they are not the same - raise a fault self.logger.debug("csrfile: %s certfile: %s" % (csrfile, certfile)) - + if os.path.exists(csrfile): oldfo = open(csrfile) oldcsrbuf = oldfo.read() @@ -149,7 +149,7 @@ class CertMaster(object): self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host)) # XXX raise a proper fault return False, '', '' - + # look for a cert: # if we have it, then return True, etc, etc @@ -160,21 +160,21 @@ class CertMaster(object): if with_triggers: self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*') return True, cert_buf, cacert_buf - + # if we don't have a cert then: # if we're autosign then sign it, write out the cert and return True, etc, etc # else write out the csr - + if self.cfg.autosign: cert_fn = self.sign_this_csr(csrreq) - cert = certs.retrieve_cert_from_file(cert_fn) + cert = certs.retrieve_cert_from_file(cert_fn) cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert) self.logger.info("cert for %s was autosigned" % (requesting_host)) if with_triggers: self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*') return True, cert_buf, cacert_buf - + else: # write the csr out to a file to be dealt with by the admin destfo = open(csrfile, 'w') @@ -189,7 +189,7 @@ class CertMaster(object): return False, '', '' def get_csrs_waiting(self): - hosts = [] + hosts = [] csrglob = '%s/*.csr' % self.cfg.csrroot csr_list = glob.glob(csrglob) for f in csr_list: @@ -197,7 +197,7 @@ class CertMaster(object): hn = hn[:-4] hosts.append(hn) return hosts - + def remove_this_cert(self, hn, with_triggers=True): """ removes cert for hostname using unlink """ cm = self @@ -217,32 +217,32 @@ class CertMaster(object): os.unlink(fn) if with_triggers: self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*') - + def sign_this_csr(self, csr, with_triggers=True): """returns the path to the signed cert file""" csr_unlink_file = None - if type(csr) is type(''): + if type(csr) is type(''): if csr.startswith('/') and os.path.exists(csr): # we have a full path to the file csrfo = open(csr) csr_buf = csrfo.read() csr_unlink_file = csr - + elif os.path.exists('%s/%s' % (self.cfg.csrroot, csr)): # we have a partial path? csrfo = open('%s/%s' % (self.cfg.csrroot, csr)) csr_buf = csrfo.read() csr_unlink_file = '%s/%s' % (self.cfg.csrroot, csr) - + # we have a string of some kind else: csr_buf = csr try: - csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) + csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) except crypto.Error, e: self.logger.info("Unable to sign %s: Bad CSR" % (csr)) raise exceptions.Exception("Bad CSR: %s" % csr) - + else: # assume we got a bare csr req csrreq = csr @@ -266,10 +266,10 @@ class CertMaster(object): if with_triggers: self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/sign/post/*') - + if csr_unlink_file and os.path.exists(csr_unlink_file): os.unlink(csr_unlink_file) - + return certfile # return a list of already signed certs @@ -311,12 +311,12 @@ class CertMaster(object): for hostglob in globs: certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob) certfiles = certfiles + glob.glob(certglob) - + cert_hashes = [] for certfile in certfiles: cert = certs.retrieve_cert_from_file(certfile) cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash())) - + return cert_hashes def _run_triggers(self, ref, globber): @@ -327,7 +327,7 @@ class CertmasterXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer): def __init__(self, addr): self.allow_reuse_address = True SimpleXMLRPCServer.SimpleXMLRPCServer.__init__(self, addr) - + def serve(xmlrpcinstance): @@ -340,7 +340,7 @@ def serve(xmlrpcinstance): listen_addr = config.listen_addr listen_port = config.listen_port if listen_port == '': - listen_port = CERTMASTER_LISTEN_PORT + listen_port = CERTMASTER_LISTEN_PORT server = CertmasterXMLRPCServer((listen_addr,listen_port)) server.logRequests = 0 # don't print stuff to console server.register_instance(xmlrpcinstance) @@ -357,15 +357,15 @@ def excepthook(exctype, value, tracebackobj): print excvalue_blurb print exctb_blurb - log = logger.Logger().logger + log = logger.Logger().logger log.info(exctype_blurb) log.info(excvalue_blurb) log.info(exctb_blurb) def main(argv): - - sys.excepthook = excepthook + + sys.excepthook = excepthook cm = CertMaster('/etc/certmaster/certmaster.conf') if "--version" in sys.argv or "-v" in sys.argv: @@ -380,7 +380,7 @@ def main(argv): # just let exceptions bubble up for now serve(cm) - + if __name__ == "__main__": #textdomain(I18N_DOMAIN) main(sys.argv) diff --git a/certmaster/certs.py b/certmaster/certs.py index b59a972..d6f8b14 100644 --- a/certmaster/certs.py +++ b/certmaster/certs.py @@ -11,7 +11,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# Copyright (c) 2007 Red Hat, inc +# Copyright (c) 2007 Red Hat, inc #- Written by Seth Vidal skvidal @ fedoraproject.org from OpenSSL import crypto @@ -33,7 +33,7 @@ def make_keypair(dest=None): destfd = os.open(dest, os.O_RDWR|os.O_CREAT, 0600) os.write(destfd, (crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))) os.close(destfd) - + return pkey @@ -56,8 +56,8 @@ def make_csr(pkey, dest=None, cn=None, hostname=None, emailaddr=None): if emailaddr: subj.emailAddress = emailaddr else: - subj.emailAddress = 'root@%s' % subj.CN - + subj.emailAddress = 'root@%s' % subj.CN + req.set_pubkey(pkey) req.sign(pkey, 'md5') if dest: @@ -74,7 +74,7 @@ def retrieve_key_from_file(keyfile): keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf) return keypair - + def retrieve_csr_from_file(csrfile): fo = open(csrfile, 'r') buf = fo.read() @@ -108,8 +108,8 @@ def create_ca(CN="Certmaster Certificate Authority", ca_key_file=None, ca_cert_f destfo = open(ca_cert_file, 'w') destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) destfo.close() - - + + def _get_serial_number(cadir): serial = '%s/serial.txt' % cadir i = 1 @@ -118,11 +118,11 @@ def _get_serial_number(cadir): f = f.replace('\n','') try: i = int(f) - i+=1 + i+=1 except ValueError, e: i = 1 - - _set_serial_number(cadir, i) + + _set_serial_number(cadir, i) return i @@ -131,8 +131,8 @@ def _set_serial_number(cadir, last): f = open(serial, 'w') f.write(str(last) + '\n') f.close() - - + + def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None): cert = crypto.X509() cert.set_serial_number(_get_serial_number(cadir)) @@ -143,7 +143,7 @@ def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None): cert.set_pubkey(csr.get_pubkey()) cert.set_version(2) xt = crypto.X509Extension('basicConstraints', False ,'CA:FALSE') - # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too) + # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too) cert.add_extensions((xt,)) cert.sign(cakey, 'sha1') if slave_cert_file: diff --git a/certmaster/codes.py b/certmaster/codes.py index ace800c..e8e1c71 100644 --- a/certmaster/codes.py +++ b/certmaster/codes.py @@ -25,4 +25,3 @@ class InvalidMethodException(CertMasterException): pass # FIXME: more sub-exceptions maybe - diff --git a/certmaster/config.py b/certmaster/config.py index e859f4a..4cf2a7f 100644 --- a/certmaster/config.py +++ b/certmaster/config.py @@ -11,7 +11,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# Copyright 2002 Duke University +# Copyright 2002 Duke University # filched from yum - menno smits wrote this - he rocks @@ -32,13 +32,13 @@ class ConfigError(exceptions.Exception): self.value = value def __str__(self): return "%s" %(self.value,) - - + + class Option(object): ''' This class handles a single Yum configuration file option. Create subclasses for each type of supported configuration option. - + Python descriptor foo (__get__ and __set__) is used to make option definition easy and consise. ''' @@ -55,7 +55,7 @@ class Option(object): self._attrname = '__opt%d' % id(self) def __get__(self, obj, objtype): - '''Called when the option is read (via the descriptor protocol). + '''Called when the option is read (via the descriptor protocol). @param obj: The configuration instance to modify. @param objtype: The type of the config instance (not used). @@ -68,7 +68,7 @@ class Option(object): return getattr(obj, self._attrname, None) def __set__(self, obj, value): - '''Called when the option is set (via the descriptor protocol). + '''Called when the option is set (via the descriptor protocol). @param obj: The configuration instance to modify. @param value: The value to set the option to. @@ -85,8 +85,8 @@ class Option(object): setattr(obj, self._attrname, value) def setup(self, obj, name): - '''Initialise the option for a config instance. - This must be called before the option can be set or retrieved. + '''Initialise the option for a config instance. + This must be called before the option can be set or retrieved. @param obj: BaseConfig (or subclass) instance. @param name: Name of the option. @@ -105,7 +105,7 @@ class Option(object): @param s: Raw string value to parse. @return: Validated native value. - + Will raise ValueError if there was a problem parsing the string. Subclasses should override this. ''' @@ -164,7 +164,7 @@ class UrlOption(Option): This option handles lists of URLs with validation of the URL scheme. ''' - def __init__(self, default=None, schemes=('http', 'ftp', 'file', 'https'), + def __init__(self, default=None, schemes=('http', 'ftp', 'file', 'https'), allow_none=False): super(UrlOption, self).__init__(default) self.schemes = schemes @@ -208,7 +208,7 @@ class UrlListOption(ListOption): # Hold a UrlOption instance to assist with parsing self._urloption = UrlOption(schemes=schemes) - + def parse(self, s): out = [] for url in super(UrlListOption, self).parse(s): @@ -255,7 +255,7 @@ class SelectionOption(Option): def __init__(self, default=None, allowed=()): super(SelectionOption, self).__init__(default) self._allowed = allowed - + def parse(self, s): if s not in self._allowed: raise ValueError('"%s" is not an allowed value' % s) @@ -276,7 +276,7 @@ class BytesOption(Option): The input should be a string containing a (possibly floating point) number followed by an optional single character unit. Valid units are 'k', 'M', 'G'. Case is ignored. - + Valid inputs: 100, 123M, 45.6k, 12.4G, 100K, 786.3, 0 Invalid inputs: -10, -0.1, 45.6L, 123Mb @@ -298,7 +298,7 @@ class BytesOption(Option): else: n = s mult = 1 - + try: n = float(n) except ValueError: @@ -313,7 +313,7 @@ class BytesOption(Option): class ThrottleOption(BytesOption): def parse(self, s): - """Get a throttle option. + """Get a throttle option. Input may either be a percentage or a "friendly bandwidth value" as accepted by the BytesOption. @@ -382,7 +382,7 @@ class BaseConfig(object): # No matching option in this section, try inheriting if parent and option.inherit: value = getattr(parent, name) - + if value is not None: setattr(self, name, value) @@ -397,7 +397,7 @@ class BaseConfig(object): optionobj = classmethod(optionobj) def isoption(cls, name): - '''Return True if the given name refers to a defined option + '''Return True if the given name refers to a defined option ''' try: cls.optionobj(name) @@ -438,7 +438,7 @@ class BaseConfig(object): raise ValueError("not populated, don't know section") section = self._section - # Updated the ConfigParser with the changed values + # Updated the ConfigParser with the changed values cfgOptions = self.cfg.options(section) for name,value in self.iteritems(): option = self.optionobj(name) diff --git a/certmaster/logger.py b/certmaster/logger.py index 3ff9d42..f5d79c6 100644 --- a/certmaster/logger.py +++ b/certmaster/logger.py @@ -33,12 +33,12 @@ class Logger(Singleton): def __init__(self, logfilepath ="/var/log/certmaster/certmaster.log"): config_file = '/etc/certmaster/minion.conf' - self.config = read_config(config_file, CMConfig) + self.config = read_config(config_file, CMConfig) self.loglevel = logging._levelNames[self.config.log_level] self._setup_logging() if self._no_handlers: self._setup_handlers(logfilepath=logfilepath) - + def _setup_logging(self): self.logger = logging.getLogger("certmaster") diff --git a/certmaster/requester.py b/certmaster/requester.py index 04f1f8a..1fd6826 100644 --- a/certmaster/requester.py +++ b/certmaster/requester.py @@ -16,7 +16,7 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. import utils def request_cert(hostname=None): - # this should be enough, but do we want to allow parameters - # for overriding the server and port from the config file? - # maybe not. -- mpd - utils.create_minion_keys(hostname) + # this should be enough, but do we want to allow parameters + # for overriding the server and port from the config file? + # maybe not. -- mpd + utils.create_minion_keys(hostname) diff --git a/certmaster/utils.py b/certmaster/utils.py index 02c28e0..b135e7d 100644 --- a/certmaster/utils.py +++ b/certmaster/utils.py @@ -65,10 +65,10 @@ def daemonize(pidfile=None): os.close(2) # based on http://code.activestate.com/recipes/278731/ - os.open(REDIRECT_TO, os.O_RDWR) # standard input (0) + os.open(REDIRECT_TO, os.O_RDWR) # standard input (0) - os.dup2(0, 1) # standard output (1) - os.dup2(0, 2) # standard error (2) + os.dup2(0, 1) # standard output (1) + os.dup2(0, 2) # standard error (2) @@ -87,7 +87,7 @@ def nice_exception(etype, evalue, etb): except: nicetype = etype nicestack = string.join(traceback.format_list(traceback.extract_tb(etb))) - return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] + return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] def is_error(result): # FIXME: I believe we can remove this function @@ -104,10 +104,10 @@ def get_hostname(talk_to_certmaster=True): "localhost" is a lame hostname to use for a key, so try to get a more meaningful hostname. We do this by connecting to the certmaster and seeing what interface/ip it uses to make that connection, and looking - up the hostname for that. + up the hostname for that. """ # FIXME: this code ignores http proxies (which granted, we don't - # support elsewhere either. + # support elsewhere either. hostname = None hostname = socket.gethostname() # print "DEBUG: HOSTNAME TRY1: %s" % hostname @@ -166,7 +166,7 @@ def create_minion_keys(hostname=None): raise codes.CMException, "Could not create local keypair or csr for session" result = False - + while not result: try: # print "DEBUG: submitting CSR to certmaster: %s" % master_uri @@ -244,4 +244,3 @@ def submit_csr_to_master(csr_file, master_uri): # print "DEBUG: waiting for cert" return s.wait_for_cert(csr) -
_______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list