Thanks Fraser - Pushed patches 93, 94, 95-2 to master.
-- Abhishek
On Tue, 2014-06-03 at 08:52 +1000, Fraser Tweedale wrote:
On Mon, Jun 02, 2014 at 05:44:17PM -0400, Abhishek Koneru wrote:
> So i addressed all the new comments from Fraser and Ade.
> Ade is OK with the current set of patches checked in (93, 94, 95-2).
> I will be submitting new patches which add the remaining methods in
> ProfileClient and provide a better solution for the property/setter
> usage in classes like ProfileData, CertEnrollmentRequest and
> CertReviewResponse.
>
> Fraser - if the current code is OK with you please let me know. i can
> check in the code right away.
>
> As per my previous mail - these are addressed:
>
ACK x 3 from me.
> > > > 1) there is an unused class ``ProfilePolicySet``. Is the purpose of
> > > > this class the same as ``PolicySet``? If so, they should be merged.
> >
> > The ProfilePolicySet class is being used in the CertReviewResponse
> > class. It is different from the PolicySet class.
> >
> > The former is a list of ProfilePolicy objects while the latter is a
> > dictionary of {Policy_name, Collection of <Profile_Policy>}.
> >
> > Both classes are replications of similar definitions on the Java side.
> >
> > > >
> > > > 2) as currently implemented, ``PolicySet.from_json`` has no explicit
> > > > return, therefore returns None
> > > >
> > > > 3) ``PolicySet.from_json`` likewise lacks a return statement.
> > > >
> >
> > Will be corrected.
> >
> > >
> > > One more thing:
> > >
> > > 4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
> > > decorated methods are wrong. You can use ``functools.wraps`` to
> > > propagate docstrings through a decorator. See
> > >
http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
> > >
> >
> > Good catch and great suggestion. I will work on this.
> Though the link you provided is pretty old, i still do not see any
> support for showing the arguments of the wrapped function instead of the
> wrapper function's arguments - when calling help.
> In any case, i used functools.wraps to atleast show the docstring.
>
> Along with the following comments by Ade.
>
> 1. You need to not track workspace.xml - and most likely add it
> to .gitignore. See
>
http://manski.net/2012/05/which-project-files-under-version-control/#inte...
>
> That said, it appears that Barbican for example, does not in fact check
> in their .idea files. You might want to ask them about that.
>
> I removed the PyCharm project files. (Even barbican doesn't check them
> in and they do not have any other way of checking the PEP8 standards
> using the PyCharm files)
>
> 2. In CertRevoke, you do check to see if the reason provided is a valid
> reason, but do this by defining the valid reasons twice - once as a
> standalone field, and once in an anonymous list. Better to define all
> the reasons in a named list, and check that list.
>
> -- Included in the patch.
>
> -- Abhishek
> From d572c7a5b28af9cafc3b9eb3d64dc1e5ad748a13 Mon Sep 17 00:00:00 2001
> From: Abhishek Koneru <akoneru(a)redhat.com>
> Date: Fri, 23 May 2014 12:17:38 -0400
> Subject: [PATCH] Addressed comments given for patches 92-2, 93, 94.
>
> Addressed review comments for the patches that
> implement the CertClient and a part of ProfileClient.
>
> Also includes the pycharm project files in pki/.idea.
> ---
> base/common/python/pki/__init__.py | 6 +-
> base/common/python/pki/account.py | 3 +
> base/common/python/pki/cert.py | 491 +++++++++++++++++++++++--------------
> base/common/python/pki/profile.py | 145 +++++++----
> 4 files changed, 416 insertions(+), 229 deletions(-)
>
> diff --git a/base/common/python/pki/__init__.py
b/base/common/python/pki/__init__.py
> index
713f10e0e7321fab2d10e5026a59e3ec2a4a5ff8..891d6ea6364b037f132ff3754b73b372c638b0f7 100644
> --- a/base/common/python/pki/__init__.py
> +++ b/base/common/python/pki/__init__.py
> @@ -21,6 +21,7 @@
> """
> This module contains top-level classes and functions used by the Dogtag project.
> """
> +from functools import wraps
> import os
> import re
> import requests
> @@ -245,6 +246,7 @@ def handle_exceptions():
> def exceptions_decorator(fn_call):
> """ The actual decorator handler."""
>
> + @wraps(fn_call)
> def handler(inst, *args, **kwargs):
> """ Decorator to catch and re-throw
PKIExceptions."""
> try:
> @@ -392,8 +394,10 @@ class PropertyFile(object):
>
> class Link:
> """
> - Stores the information of the resteasy's Link object sent by the
server for a resource.
> + Stores the information of the resteasy's Link object sent by the
server
> + for a resource.
> """
> +
> def __init__(self):
> pass
>
> diff --git a/base/common/python/pki/account.py b/base/common/python/pki/account.py
> index
1ab5b2ddb47804771d6cc89cd11f7f1d9b043856..0916ec7cccf25357b75161d08fea32626fdf9486 100644
> --- a/base/common/python/pki/account.py
> +++ b/base/common/python/pki/account.py
> @@ -18,6 +18,7 @@
> # Copyright (C) 2013 Red Hat, Inc.
> # All rights reserved.
> #
> +import pki
>
>
> class AccountClient:
> @@ -25,8 +26,10 @@ class AccountClient:
> def __init__(self, connection):
> self.connection = connection
>
> + @pki.handle_exceptions()
> def login(self):
> self.connection.get('/rest/account/login')
>
> + @pki.handle_exceptions()
> def logout(self):
> self.connection.get('/rest/account/logout')
> diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
> index
b22307ad1b2c2456257dc9416208e6725234bf9c..036bbf4e31d2f75118949395b539aa7fa0007eef 100644
> --- a/base/common/python/pki/cert.py
> +++ b/base/common/python/pki/cert.py
> @@ -14,16 +14,6 @@ import pki.encoder as encoder
> import pki.profile as profile
>
>
> -class CertId(object):
> - """
> - Class encapsulating a certificate serial number
> - """
> -
> - def __init__(self, cert_id):
> - """ Constructor """
> - self.value = cert_id
> -
> -
> class CertData(object):
> """
> Class containing certificate data as returned from getCert()
> @@ -43,6 +33,16 @@ class CertData(object):
> self.nonce = None
> self.link = None
>
> + def __repr__(self):
> + attributes = {
> + "CertData": {
> + "serial_number": self.serial_number,
> + "subject_dn": self.subject_dn,
> + "status": self.status
> + }
> + }
> + return str(attributes)
> +
> @classmethod
> def from_json(cls, attr_list):
> """ Return CertData object from JSON dict
"""
> @@ -72,7 +72,7 @@ class CertDataInfo(object):
>
> def __init__(self):
> """ Constructor """
> - self.cert_id = None
> + self.serial_number = None
> self.subject_dn = None
> self.status = None
> self.type = None
> @@ -85,11 +85,21 @@ class CertDataInfo(object):
> self.issued_by = None
> self.link = None
>
> + def __repr__(self):
> + obj = {
> + "CertDataInfo": {
> + 'serial_number': self.serial_number,
> + 'subject_dn': self.subject_dn,
> + 'type': self.type,
> + 'status': self.status
> + }}
> + return str(obj)
> +
> @classmethod
> def from_json(cls, attr_list):
> """ Return CertDataInfo object from JSON dict
"""
> cert_data_info = cls()
> - cert_data_info.cert_id = attr_list['id']
> + cert_data_info.serial_number = attr_list['id']
> cert_data_info.subject_dn = attr_list['SubjectDN']
> cert_data_info.status = attr_list['Status']
> cert_data_info.type = attr_list['Type']
> @@ -107,25 +117,30 @@ class CertDataInfo(object):
>
> class CertDataInfoCollection(object):
> """
> - Class containing list of CertDataInfo objects and their respective link
objects.
> + Class containing list of CertDataInfo objects and their respective link
> + objects.
> This data is returned when searching/listing certificate records in the CA.
> """
>
> def __init__(self):
> """ Constructor """
> - self.cert_info_list = []
> + self.cert_data_info_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.cert_data_info_list)
> +
> @classmethod
> def from_json(cls, json_value):
> """ Populate object from JSON input """
> ret = cls()
> cert_infos = json_value['entries']
> if not isinstance(cert_infos, types.ListType):
> - ret.cert_info_list.append(CertDataInfo.from_json(cert_infos))
> + ret.cert_data_info_list.append(CertDataInfo.from_json(cert_infos))
> else:
> for cert_info in cert_infos:
> - ret.cert_info_list.append(CertDataInfo.from_json(cert_info))
> + ret.cert_data_info_list.append(
> + CertDataInfo.from_json(cert_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -155,6 +170,17 @@ class CertRequestInfo(object):
> self.cert_url = None
> self.error_message = None
>
> + def __repr__(self):
> + obj = {
> + 'CertRequestInfo': {
> + 'request_id': self.request_id,
> + 'request_type': self.request_type,
> + 'request_status': self.request_status,
> + 'request_url': self.request_url
> + }
> + }
> + return str(obj)
> +
> @classmethod
> def from_json(cls, attr_list):
> cert_request_info = cls()
> @@ -163,7 +189,8 @@ class CertRequestInfo(object):
> cert_request_info.request_status = attr_list['requestStatus']
> cert_request_info.operation_result = attr_list['operationResult']
> cert_request_info.request_id = \
> -
str(cert_request_info.request_url)[(str(cert_request_info.request_url).rfind("/")
+ 1):]
> + str(cert_request_info.request_url)[(str(
> + cert_request_info.request_url).rfind("/") + 1):]
> #Optional parameters
> if 'certId' in attr_list:
> cert_request_info.cert_id = attr_list['certId']
> @@ -184,19 +211,24 @@ class CertRequestInfoCollection(object):
> """
>
> def __init__(self):
> - self.cert_info_list = []
> + self.cert_request_info_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.cert_request_info_list)
> +
> @classmethod
> def from_json(cls, json_value):
> """ Populate object from JSON input """
> ret = cls()
> cert_req_infos = json_value['entries']
> if not isinstance(cert_req_infos, types.ListType):
> - ret.cert_info_list.append(CertRequestInfo.from_json(cert_req_infos))
> + ret.cert_request_info_list.append(
> + CertRequestInfo.from_json(cert_req_infos))
> else:
> for cert_info in cert_req_infos:
> - ret.cert_info_list.append(CertRequestInfo.from_json(cert_info))
> + ret.cert_request_info_list.append(
> + CertRequestInfo.from_json(cert_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -215,18 +247,28 @@ class CertSearchRequest(object):
> """
>
> search_params = {'serial_to': 'serialTo',
'serial_from': 'serialFrom',
> - 'email': 'eMail', 'common_name':
'commonName', 'user_id': 'userID',
> - 'org_unit': 'orgUnit', 'org':
'org', 'locality': 'locality',
> - 'state': 'state', 'country':
'country', 'match_exactly': 'matchExactly',
> - 'status': 'status', 'revoked_by':
'revokedBy', 'revoked_on_from': 'revokedOnFrom',
> - 'revoked_on_to': 'revokedOnTo',
'revocation_reason': 'revocationReason',
> - 'issued_by': 'issuedBy',
'issued_on_from': 'issuedOnFrom', 'issued_on_to':
'issuedOnTo',
> - 'valid_not_before_from': 'validNotBeforeFrom',
'valid_not_before_to': 'validNotBeforeTo',
> - 'valid_not_after_from': 'validNotAfterFrom',
'valid_not_after_to': 'validNotAfterTo',
> - 'validity_operation': 'validityOperation',
'validity_count': 'validityCount',
> - 'validity_unit': 'validityUnit',
'cert_type_sub_email_ca': 'certTypeSubEmailCA',
> - 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
'cert_type_secure_email': 'certTypeSecureEmail',
> - 'cert_type_ssl_client': 'certTypeSSLClient',
'cert_type_ssl_server': 'certTypeSSLServer'}
> + 'email': 'eMail', 'common_name':
'commonName',
> + 'user_id': 'userID', 'org_unit':
'orgUnit', 'org': 'org',
> + 'locality': 'locality', 'state':
'state',
> + 'country': 'country', 'match_exactly':
'matchExactly',
> + 'status': 'status', 'revoked_by':
'revokedBy',
> + 'revoked_on_from': 'revokedOnFrom',
> + 'revoked_on_to': 'revokedOnTo',
> + 'revocation_reason': 'revocationReason',
> + 'issued_by': 'issuedBy',
'issued_on_from': 'issuedOnFrom',
> + 'issued_on_to': 'issuedOnTo',
> + 'valid_not_before_from':
'validNotBeforeFrom',
> + 'valid_not_before_to': 'validNotBeforeTo',
> + 'valid_not_after_from': 'validNotAfterFrom',
> + 'valid_not_after_to': 'validNotAfterTo',
> + 'validity_operation': 'validityOperation',
> + 'validity_count': 'validityCount',
> + 'validity_unit': 'validityUnit',
> + 'cert_type_sub_email_ca':
'certTypeSubEmailCA',
> + 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
> + 'cert_type_secure_email':
'certTypeSecureEmail',
> + 'cert_type_ssl_client': 'certTypeSSLClient',
> + 'cert_type_ssl_server': 'certTypeSSLServer'}
>
> def __init__(self, **cert_search_params):
> """ Constructor """
> @@ -234,59 +276,64 @@ class CertSearchRequest(object):
> if len(cert_search_params) == 0:
> setattr(self, 'serialNumberRangeInUse', True)
>
> - for param in cert_search_params:
> + for param, value in cert_search_params.viewitems():
> if not param in CertSearchRequest.search_params:
> raise ValueError('Invalid search parameter: ' + param)
>
> - if param == 'serial_to' or param == 'serial_from':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'serial_to', 'serial_from'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'serialNumberRangeInUse', True)
>
> - if param == 'email' or param == 'common_name' or param
== 'user_id' or param == 'org_unit' \
> - or param == 'org' or param == 'locality' or
param == 'state' or param == 'country' \
> - or param == 'match_exactly':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'email', 'common_name', 'user_id',
'org_unit', 'org',
> + 'locality', 'state', 'country',
'match_exactly'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'subjectInUse', True)
>
> if param == 'status':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
>
> if param == 'revoked_by':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revokedByInUse', True)
>
> - if param == 'revoked_on_from' or param ==
'revoked_on_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'revoked_on_from', 'revoked_on_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revokedOnInUse', True)
>
> if param == 'revocation_reason':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revocationReasonInUse', True)
>
> if param == 'issued_by':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'issuedByInUse', True)
>
> - if param == 'issued_on_from' or param ==
'issued_on_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'issued_on_from', 'issued_on_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'issuedOnInUse', True)
>
> - if param == 'valid_not_before_from' or param ==
'valid_not_before_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'valid_not_before_from',
'valid_not_before_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validNotBeforeInUse', True)
>
> - if param == 'valid_not_after_from' or param ==
'valid_not_after_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'valid_not_after_from',
'valid_not_after_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validNotAfterInUse', True)
>
> - if param == 'validity_operation' or param ==
'validity_count' or param == 'validity_unit':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'validity_operation', 'validity_count',
'validity_unit'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validityLengthInUse', True)
>
> - if param == 'cert_type_sub_email_ca' or param ==
'cert_type_sub_ssl_ca' \
> - or param == 'cert_type_secure_email' or param ==
'cert_type_ssl_client' \
> - or param == 'cert_type_ssl_server':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca',
> + 'cert_type_secure_email', 'cert_type_ssl_client',
> + 'cert_type_ssl_server'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'certTypeInUse', True)
>
>
> @@ -294,24 +341,28 @@ class CertRevokeRequest(object):
> """
> An object of this class encapsulates all the
> parameters required for revoking a certificate.
> - """
>
> - REASON_UNSPECIFIED = "Unspecified"
> - REASON_KEY_COMPROMISE = "Key_Compromise"
> - REASON_CA_COMPROMISE = "CA_Compromise"
> - REASON_AFFILIATION_CHANGED = "Affiliation_Changed"
> - REASON_SUPERSEDED = "Superseded"
> - REASON_CESSATION_OF_OPERATION = "Cessation_of_Operation"
> - REASON_CERTIFICATE_HOLD = "Certificate_Hold"
> - REASON_REMOVE_FROM_CRL = "Remove_from_CRL"
> - REASON_PRIVILEGE_WITHDRAWN = "Privilege_Withdrawn"
> - REASON_AA_COMPROMISE = "AA_Compromise"
> + Valid values for reasons for revoking a request are:
> + 'Unspecified', 'Key_Compromise',
'CA_Compromise',
> + 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
> + 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
> + 'AA_Compromise'
> + """
> + reasons = ['Unspecified', 'Key_Compromise',
'CA_Compromise',
> + 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
> + 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
> + 'AA_Compromise']
>
> def __init__(self, nonce, reason=None, invalidity_date=None, comments=None):
> """ Constructor """
> +
> setattr(self, "Nonce", nonce)
> +
> if reason is None:
> - reason = self.REASON_UNSPECIFIED
> + reason = 'Unspecified'
> + else:
> + if reason not in CertRevokeRequest.reasons:
> + raise ValueError('Invalid revocation reason specified.')
> setattr(self, "Reason", reason)
> if invalidity_date is not None:
> setattr(self, "InvalidityDate", invalidity_date)
> @@ -321,11 +372,13 @@ class CertRevokeRequest(object):
>
> class CertEnrollmentRequest(object):
> """
> - This class encapsulates the parameters required for a certificate enrollment
request.
> + This class encapsulates the parameters required for a certificate
> + enrollment request.
> """
>
> - def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
> - inputs=None, outputs=None):
> + def __init__(self, profile_id=None, renewal=False, serial_number=None,
> + remote_host=None, remote_address=None, inputs=None,
> + outputs=None):
> """ Constructor """
> self.profile_id = profile_id
> self.renewal = renewal
> @@ -443,14 +496,17 @@ class CertEnrollmentRequest(object):
> enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
> else:
> for profile_input in inputs:
> -
enroll_request.inputs.append(profile.ProfileInput.from_json(profile_input))
> + enroll_request.inputs.append(
> + profile.ProfileInput.from_json(profile_input))
>
> outputs = json_value['Output']
> if not isinstance(outputs, types.ListType):
> -
enroll_request.outputs.append(profile.ProfileOutput.from_json(outputs))
> + enroll_request.outputs.append(
> + profile.ProfileOutput.from_json(outputs))
> else:
> for profile_output in outputs:
> -
enroll_request.outputs.append(profile.ProfileOutput.from_json(profile_output))
> + enroll_request.outputs.append(
> + profile.ProfileOutput.from_json(profile_output))
>
> return enroll_request
>
> @@ -462,14 +518,21 @@ class CertReviewResponse(CertEnrollmentRequest):
> It contains a nonce required to perform action on the request.
> """
>
> - def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
> - inputs=None, outputs=None, nonce=None, request_id=None,
request_type=None, request_status=None,
> - request_owner=None, request_creation_time=None,
request_modification_time=None, request_notes=None,
> - profile_approval_by=None, profile_set_id=None,
profile_is_visible=None, profile_name=None,
> - profile_description=None, profile_remote_host=None,
profile_remote_address=None, policy_sets=None):
> + def __init__(self, profile_id=None, renewal=False, serial_number=None,
> + remote_host=None, remote_address=None, inputs=None,
> + outputs=None, nonce=None, request_id=None, request_type=None,
> + request_status=None, request_owner=None,
> + request_creation_time=None, request_modification_time=None,
> + request_notes=None, profile_approval_by=None,
> + profile_set_id=None, profile_is_visible=None,
> + profile_name=None, profile_description=None,
> + profile_remote_host=None, profile_remote_address=None,
> + policy_sets=None):
>
> - super(CertReviewResponse, self).__init__(profile_id, renewal,
serial_number, remote_host,
> - remote_address, inputs, outputs)
> + super(CertReviewResponse, self).__init__(profile_id, renewal,
> + serial_number, remote_host,
> + remote_address, inputs,
> + outputs)
> self.nonce = nonce
> self.request_id = request_id
> self.request_type = request_type
> @@ -622,8 +685,10 @@ class CertReviewResponse(CertEnrollmentRequest):
> review_response.request_type = json_value['requestType']
> review_response.request_status = json_value['requestStatus']
> review_response.request_owner = json_value['requestOwner']
> - review_response.request_creation_time =
json_value['requestCreationTime']
> - review_response.request_modification_time =
json_value['requestModificationTime']
> + review_response.request_creation_time = \
> + json_value['requestCreationTime']
> + review_response.request_modification_time = \
> + json_value['requestModificationTime']
> review_response.request_notes = json_value['requestNotes']
> review_response.profile_approved_by =
json_value['profileApprovedBy']
> review_response.profile_set_id = json_value['profileSetId']
> @@ -635,18 +700,20 @@ class CertReviewResponse(CertEnrollmentRequest):
>
> profile_policy_sets = json_value['ProfilePolicySet']
> if not isinstance(profile_policy_sets, types.ListType):
> -
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(profile_policy_sets))
> + review_response.policy_sets.append(
> + profile.ProfilePolicySet.from_json(profile_policy_sets))
> else:
> for policy_set in profile_policy_sets:
> -
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(policy_set))
> + review_response.policy_sets.append(
> + profile.ProfilePolicySet.from_json(policy_set))
>
> return review_response
>
>
> class CertClient(object):
> """
> - Class encapsulating and mirroring the functionality in the CertResource Java
interface class
> - defining the REST API for Certificate resources.
> + Class encapsulating and mirroring the functionality in the CertResource
> + Java interface class defining the REST API for Certificate resources.
> """
>
> def __init__(self, connection):
> @@ -661,101 +728,122 @@ class CertClient(object):
> self.enrollment_templates = {}
>
> @pki.handle_exceptions()
> - def get_cert(self, cert_id):
> + def get_cert(self, cert_serial_number):
> """ Return a CertData object for a particular certificate.
"""
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.cert_url + '/' + str(cert_id)
> + url = self.cert_url + '/' + str(cert_serial_number)
> r = self.connection.get(url, self.headers)
> return CertData.from_json(r.json())
>
> @pki.handle_exceptions()
> - def list_certs(self, max_results=None, max_time=None, start=None, size=None,
**cert_search_params):
> - """ Return a CertDataInfoCollection object with a
information about all the
> - certificates that satisfy the search criteria.
> + def list_certs(self, max_results=None, max_time=None, start=None, size=None,
> + **cert_search_params):
> + """ Return a CertDataInfoCollection object with a
information about all
> + the certificates that satisfy the search criteria.
> If cert_search_request=None, returns all the certificates.
> """
> url = self.cert_url + '/search'
> - query_params = {"maxResults": max_results, "maxTime":
max_time, "start": start, "size": size}
> + query_params = {"maxResults": max_results, "maxTime":
max_time,
> + "start": start, "size": size}
> cert_search_request = CertSearchRequest(**cert_search_params)
> - search_request = json.dumps(cert_search_request,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> - response = self.connection.post(url, search_request, self.headers,
query_params)
> + search_request = json.dumps(cert_search_request,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> + response = self.connection.post(url, search_request, self.headers,
> + query_params)
> return CertDataInfoCollection.from_json(response.json())
>
> @pki.handle_exceptions()
> - def review_cert(self, cert_id):
> + def review_cert(self, cert_serial_number):
> """ Reviews a certificate. Returns a CertData object with a
nonce.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.agent_cert_url + '/' + str(cert_id)
> + url = self.agent_cert_url + '/' + str(cert_serial_number)
> r = self.connection.get(url, self.headers)
> return CertData.from_json(r.json())
>
> - def _submit_revoke_request(self, url, cert_id, revocation_reason=None,
invalidity_date=None, comments=None,
> - nonce=None):
> + def _submit_revoke_request(self, url, cert_serial_number,
> + revocation_reason=None, invalidity_date=None,
> + comments=None, nonce=None):
> """
> Submits a certificate revocation request.
> Expects the URL for submitting the request.
> Creates a CertRevokeRequest object using the arguments provided.
> - If nonce is passed as an argument, reviews the cert to get a nonce from the
server
> - and passes it in the request.
> + If nonce is passed as an argument, reviews the cert to get a nonce
> + from the server and passes it in the request.
> Returns a CertRequestInfo object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> if url is None:
> raise ValueError("URL not specified")
>
> if nonce is None:
> - cert_data = self.review_cert(cert_id)
> + cert_data = self.review_cert(cert_serial_number)
> nonce = cert_data.nonce
> - request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
comments)
> - revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
> + request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
> + comments)
> + revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> r = self.connection.post(url, revoke_request, headers=self.headers)
> return CertRequestInfo.from_json(r.json())
>
> @pki.handle_exceptions()
> - def revoke_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
> + def revoke_cert(self, cert_serial_number, revocation_reason=None,
> + invalidity_date=None, comments=None, nonce=None):
> """ Revokes a certificate.
> Returns a CertRequestInfo object with information about the request.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - url = self.agent_cert_url + '/' + str(cert_id) + '/revoke'
> - return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke'
> + return self._submit_revoke_request(url, cert_serial_number,
> + revocation_reason, invalidity_date,
> + comments, nonce)
>
> @pki.handle_exceptions()
> - def revoke_ca_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
> + def revoke_ca_cert(self, cert_serial_number, revocation_reason=None,
> + invalidity_date=None, comments=None, nonce=None):
> """ Revokes a CA certificate.
> Returns a CertRequestInfo object with information about the request.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - url = self.agent_cert_url + '/' + str(cert_id) +
'/revoke-ca'
> - return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke-ca'
> + return self._submit_revoke_request(url, cert_serial_number,
> + revocation_reason, invalidity_date,
> + comments, nonce)
>
> @pki.handle_exceptions()
> - def hold_cert(self, cert_id, comments=None):
> + def hold_cert(self, cert_serial_number, comments=None):
> """ Places a certificate on-hold.
> - Calls the revoke_cert method with reason -
CertRevokeRequest.REASON_CERTIFICATE_HOLD.
> + Calls the revoke_cert method with reason -
> + CertRevokeRequest.REASON_CERTIFICATE_HOLD.
> Returns a CertRequestInfo object.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - return self.revoke_cert(cert_id, CertRevokeRequest.REASON_CERTIFICATE_HOLD,
comments=comments)
> + return self.revoke_cert(cert_serial_number, 'Certificate_Hold',
> + comments=comments)
>
> @pki.handle_exceptions()
> - def unrevoke_cert(self, cert_id):
> + def unrevoke_cert(self, cert_serial_number):
> """ Un-revokes a revoked certificate.
> Returns a CertRequestInfo object.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.agent_cert_url + '/' + str(cert_id) +
'/unrevoke'
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/unrevoke'
> r = self.connection.post(url, None, headers=self.headers)
> return CertRequestInfo.from_json(r.json())
>
> @@ -774,8 +862,9 @@ class CertClient(object):
> return CertRequestInfo.from_json(r.json())
>
> @pki.handle_exceptions()
> - def list_requests(self, request_status=None, request_type=None,
from_request_id=None, size=None,
> - max_results=None, max_time=None):
> + def list_requests(self, request_status=None, request_type=None,
> + from_request_id=None, size=None, max_results=None,
> + max_time=None):
> """
> Query for a list of certificates using the arguments passed.
> Returns a CertRequestInfoCollection object.
> @@ -789,7 +878,8 @@ class CertClient(object):
> 'maxResults': max_results,
> 'maxTime': max_time
> }
> - r = self.connection.get(self.agent_cert_requests_url, self.headers,
query_params)
> + r = self.connection.get(self.agent_cert_requests_url, self.headers,
> + query_params)
> return CertRequestInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> @@ -819,15 +909,17 @@ class CertClient(object):
> cert_review_response = self.review_request(request_id)
>
> url = self.agent_cert_requests_url + '/' + request_id + '/'
+ action
> - review_response = json.dumps(cert_review_response,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> + review_response = json.dumps(cert_review_response,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> r = self.connection.post(url, review_response, headers=self.headers)
> return r
>
> def approve_request(self, request_id, cert_review_response=None):
> """
> Approves a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'approve')
> @@ -835,17 +927,17 @@ class CertClient(object):
> def cancel_request(self, request_id, cert_review_response=None):
> """
> Cancels a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'cancel')
>
> - def reject_request(self, request_id, cert_review_response=None):
> + def reject_request(self, request_id, cert_review_response=None):
> """
> Rejects a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'reject')
> @@ -853,17 +945,18 @@ class CertClient(object):
> def validate_request(self, request_id, cert_review_response):
> """
> Validates a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> - return self._perform_action(request_id, cert_review_response,
'validate')
> + return self._perform_action(request_id, cert_review_response,
> + 'validate')
>
> def update_request(self, request_id, cert_review_response):
> """
> Updates a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'update')
> @@ -871,8 +964,8 @@ class CertClient(object):
> def assign_request(self, request_id, cert_review_response):
> """
> Assigns a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'assign')
> @@ -880,17 +973,19 @@ class CertClient(object):
> def unassign_request(self, request_id, cert_review_response):
> """
> Un-assigns a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> - return self._perform_action(request_id, cert_review_response,
'unassign')
> + return self._perform_action(request_id, cert_review_response,
> + 'unassign')
>
> @pki.handle_exceptions()
> def list_enrollment_templates(self, start=None, size=None):
> """
> Gets the list of profile templates supported by the CA.
> - The values for start and size arguments determine the starting point and
the length of the list.
> + The values for start and size arguments determine the starting point and
> + the length of the list.
> Returns a ProfileDataInfoCollection object.
> """
>
> @@ -900,7 +995,6 @@ class CertClient(object):
> 'size': size
> }
> r = self.connection.get(url, self.headers, query_params)
> - print r
> return profile.ProfileDataInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> @@ -908,10 +1002,13 @@ class CertClient(object):
> """
> Fetch the enrollment template for the given profile id.
> For the first time, the request is sent to the server.
> - The retrieved CertEnrollmentRequest object is then cached locally for
future requests.
> + The retrieved CertEnrollmentRequest object is then cached locally for
> + future requests.
> Returns a CerEnrollmentRequest object.
> """
>
> + if profile_id is None:
> + raise ValueError("Profile ID must be specified.")
> if profile_id in self.enrollment_templates:
> return copy.deepcopy(self.enrollment_templates[profile_id])
> url = self.cert_requests_url + '/profiles/' + str(profile_id)
> @@ -927,8 +1024,10 @@ class CertClient(object):
> def create_enrollment_request(self, profile_id, inputs):
> """
> Fetches the enrollment request object for the given profile and
> - sets values to its attributes using the values provided in the inputs
dictionary.
> - Returns the CertEnrollmentRequest object, which can be submitted to enroll
a certificate.
> + sets values to its attributes using the values provided in the inputs
> + dictionary.
> + Returns the CertEnrollmentRequest object, which can be submitted to
> + enroll a certificate.
> """
> if inputs is None or len(inputs) == 0:
> raise ValueError("No inputs provided.")
> @@ -945,42 +1044,48 @@ class CertClient(object):
> def submit_enrollment_request(self, enrollment_request):
> """
> Submits the CertEnrollmentRequest object to the server.
> - Returns a CertRequestInfoCollection object with information about the
certificate requests
> - enrolled at the CA.
> + Returns a CertRequestInfoCollection object with information about the
> + certificate requests enrolled at the CA.
> """
> - request_object = json.dumps(enrollment_request,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> - r = self.connection.post(self.cert_requests_url, request_object,
self.headers)
> + request_object = json.dumps(enrollment_request,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> + r = self.connection.post(self.cert_requests_url, request_object,
> + self.headers)
> return CertRequestInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> def enroll_cert(self, profile_id, inputs):
> """
> A convenience method for enrolling a certificate for a given profile id.
> - The inputs parameter should be a dictionary with values for the profile
attributes
> - for an enrollment request.
> + The inputs parameter should be a dictionary with values for the profile
> + attributes for an enrollment request.
>
> - Calling this method with valid arguments, creates an enrollment request,
submits it
> - to the server, approves the certificate requests generated for the
enrollment and
> - returns a list of CertData objects for all the certificates generated as
part of this
> - enrollment.
> + Calling this method with valid arguments, creates an enrollment request,
> + submits it to the server, approves the certificate requests generated
> + for the enrollment and returns a list of CertData objects for all the
> + certificates generated as part of this enrollment.
>
> - Note: This method supports only certificate enrollment where only one agent
approval
> - is sufficient.
> + Note: This method supports only certificate enrollment where only one
> + agent approval is sufficient.
>
> Requires an agent level authentication.
> + Returns a list of CertData objects.
> """
>
> - # Create a CertEnrollmentRequest object using the inputs for the given
profile id.
> + # Create a CertEnrollmentRequest object using the inputs for the given
> + # profile id.
> enroll_request = self.create_enrollment_request(profile_id, inputs)
>
> # Submit the enrollment request
> cert_request_infos = self.submit_enrollment_request(enroll_request)
>
> # Approve the requests generated for the certificate enrollment.
> - # Fetch the CertData objects for all the certificates created and return to
the caller.
> + # Fetch the CertData objects for all the certificates created and
> + # return to the caller.
>
> certificates = []
> - for cert_request_info in cert_request_infos.cert_info_list:
> + for cert_request_info in cert_request_infos.cert_request_info_list:
> request_id = cert_request_info.request_id
> self.approve_request(request_id)
> cert_id = self.get_request(request_id).cert_id
> @@ -1010,7 +1115,8 @@ def main():
> # Create a PKIConnection object that stores the details of the CA.
> connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
>
> - # The pem file used for authentication. Created from a p12 file using the
command -
> + # The pem file used for authentication. Created from a p12 file using the
> + # command -
> # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
> connection.set_authentication_cert("/tmp/auth.pem")
>
> @@ -1025,13 +1131,19 @@ def main():
>
> inputs = dict()
> inputs['cert_request_type'] = 'crmf'
> - inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgNVBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQAD"
\
> -
"gY0AMIGJAoGBAK/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9UuIhGfXOtxy5vRetmDHE"
\
> -
"9u0AopmuJbr1rL17/tSnDakpkE9umQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0eCy2a"
\
> -
"a4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJl"
\
> -
"Z1Rva2VuMBoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkqhkiG9w0BAQUFAAOBgQCuywnr"
\
> -
"Dk/wGwfbguw9oVs9gzFQwM4zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6ZmDd8WpPJ+"
\
> -
"MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REhJw=="
> + inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgN" \
> +
"VBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK" \
> +
"/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9U" \
> +
"uIhGfXOtxy5vRetmDHE9u0AopmuJbr1rL17/tSnDakpkE9u" \
> +
"mQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0" \
> +
"eCy2aa4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ" \
> +
"8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJlZ1Rva2VuM" \
> +
"BoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkq" \
> +
"hkiG9w0BAQUFAAOBgQCuywnrDk/wGwfbguw9oVs9gzFQwM4" \
> +
"zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6" \
> +
"ZmDd8WpPJ+MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm" \
> +
"7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REh" \
> + "Jw=="
> inputs['sn_uid'] = 'test12345'
> inputs['sn_e'] = 'example(a)redhat.com'
> inputs['sn_cn'] = 'TestUser'
> @@ -1053,13 +1165,18 @@ def main():
>
> inputs = dict()
> inputs['cert_request_type'] = 'pkcs10'
> - inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwE"
\
> -
"wYDVQQKDAxSZWQgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY"
\
> -
"0AMIGJAoGBAMJpWz92dSYCvWxllrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69jQMTLZMa8"
\
> -
"FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJmcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8y"
\
> -
"HwV0eBx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBvkxAGKwkfK3TKwLc5Mg0IWp8zG"
\
> -
"RVwxdIlghAL8DugNocCNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5Uje2K/+6tW2ZTGrb"
\
> -
"izs7CNOTMzA/9H8CkHb4H9P/qRT275zHIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
> + inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAg" \
> +
"MAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwEwYDVQQKDAxSZW" \
> +
"QgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wD" \
> +
"QYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJpWz92dSYCvWxl" \
> +
"lrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69j" \
> +
"QMTLZMa8FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJ" \
> +
"mcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8yHwV0e" \
> +
"Bx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB" \
> +
"gQBvkxAGKwkfK3TKwLc5Mg0IWp8zGRVwxdIlghAL8DugNoc" \
> +
"CNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5" \
> +
"Uje2K/+6tW2ZTGrbizs7CNOTMzA/9H8CkHb4H9P/qRT275z" \
> + "HIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
>
> inputs['requestor_name'] = 'Tester'
> inputs['requestor_email'] = 'example(a)redhat.com'
> @@ -1080,8 +1197,8 @@ def main():
>
> search_params = {'status': 'VALID'}
> cert_data_list = cert_client.list_certs(**search_params)
> - for cert_data_info in cert_data_list.cert_info_list:
> - print("Serial Number: " + cert_data_info.cert_id)
> + for cert_data_info in cert_data_list:
> + print("Serial Number: " + cert_data_info.serial_number)
> print("Subject DN: " + cert_data_info.subject_dn)
> print("Status: " + cert_data_info.status)
> print
> @@ -1099,7 +1216,8 @@ def main():
>
> # Certificate Serial Number used for CertClient methods.
> # 7, 0x7 and '0x7' are also valid values
> - # Following examples use the serial number of the user certificate enrolled
before.
> + # Following examples use the serial number of the user certificate enrolled
> + # before.
> cert_id = cert_data_infos[0].serial_number
>
> #Get certificate data
> @@ -1136,9 +1254,8 @@ def main():
> print('Revoking a certificate')
> print('----------------------')
>
> - cert_request_info = cert_client.revoke_cert(cert_data.serial_number,
> -
revocation_reason=CertRevokeRequest.REASON_CERTIFICATE_HOLD,
> - comments="Test revoking a
cert", nonce=cert_data.nonce)
> + cert_request_info = cert_client.hold_cert(cert_data.serial_number,
> + comments="Test revoking a
cert")
> print('Request ID: ' + cert_request_info.request_id)
> print('Request Type: ' + cert_request_info.request_type)
> print('Request Status: ' + cert_request_info.request_status)
> diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
> index
83cd8bcca0d9ad3841b0b6b74e2aa4a6724e5bbc..34aa32eca0554259f5aab9b17f33970de93d39fb 100644
> --- a/base/common/python/pki/profile.py
> +++ b/base/common/python/pki/profile.py
> @@ -14,12 +14,24 @@ import pki.account as account
>
> class ProfileDataInfo(object):
> """Stores information about a profile"""
> +
> def __init__(self):
> self.profile_id = None
> self.profile_name = None
> self.profile_description = None
> self.profile_url = None
>
> + def __repr__(self):
> + attributes = {
> + "ProfileDataInfo": {
> + 'profile_id': self.profile_id,
> + 'name': self.profile_name,
> + 'description': self.profile_description,
> + 'url': self.profile_url
> + }
> + }
> + return str(attributes)
> +
> @classmethod
> def from_json(cls, attr_list):
> profile_data_info = cls()
> @@ -41,15 +53,20 @@ class ProfileDataInfoCollection(object):
> self.profile_data_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.profile_data_list)
> +
> @classmethod
> def from_json(cls, json_value):
> ret = cls()
> profile_data_infos = json_value['entries']
> if not isinstance(profile_data_infos, types.ListType):
> -
ret.profile_data_list.append(ProfileDataInfo.from_json(profile_data_infos))
> + ret.profile_data_list.append(
> + ProfileDataInfo.from_json(profile_data_infos))
> else:
> for profile_info in profile_data_infos:
> -
ret.profile_data_list.append(ProfileDataInfo.from_json(profile_info))
> + ret.profile_data_list.append(
> + ProfileDataInfo.from_json(profile_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -64,10 +81,12 @@ class ProfileDataInfoCollection(object):
> class Descriptor(object):
> """
> This class represents the description of a ProfileAttribute.
> - It stores information such as the syntax, constraint and default value of a
profile attribute.
> + It stores information such as the syntax, constraint and default value of
> + a profile attribute.
> """
>
> - def __init__(self, syntax=None, constraint=None, description=None,
default_value=None):
> + def __init__(self, syntax=None, constraint=None, description=None,
> + default_value=None):
> self.syntax = syntax
> self.constraint = constraint
> self.description = description
> @@ -118,6 +137,7 @@ class ProfileAttribute(object):
> """
> Represents a profile attribute of a ProfileInput.
> """
> +
> def __init__(self, name=None, value=None, descriptor=None):
> self.name = name
> self.value = value
> @@ -158,8 +178,8 @@ class ProfileInput(object):
> Ex. Subject name, Requestor Information etc.
> """
>
> - def __init__(self, profile_input_id=None, class_id=None, name=None, text=None,
attributes=None,
> - config_attributes=None):
> + def __init__(self, profile_input_id=None, class_id=None, name=None,
> + text=None, attributes=None, config_attributes=None):
>
> self.profile_input_id = profile_input_id
> self.class_id = class_id
> @@ -261,17 +281,21 @@ class ProfileInput(object):
>
> attributes = json_value['Attribute']
> if not isinstance(attributes, types.ListType):
> -
profile_input.attributes.append(ProfileAttribute.from_json(attributes))
> + profile_input.attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for profile_info in attributes:
> -
profile_input.attributes.append(ProfileAttribute.from_json(profile_info))
> + profile_input.attributes.append(
> + ProfileAttribute.from_json(profile_info))
>
> config_attributes = json_value['ConfigAttribute']
> if not isinstance(config_attributes, types.ListType):
> -
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attributes))
> + profile_input.config_attributes.append(
> + ProfileAttribute.from_json(config_attributes))
> else:
> for config_attribute in config_attributes:
> -
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attribute))
> + profile_input.config_attributes.append(
> + ProfileAttribute.from_json(config_attribute))
>
> return profile_input
>
> @@ -282,7 +306,8 @@ class ProfileOutput(object):
> using a profile.
> """
>
> - def __init__(self, profile_output_id=None, name=None, text=None, class_id=None,
attributes=None):
> + def __init__(self, profile_output_id=None, name=None, text=None,
> + class_id=None, attributes=None):
> self.profile_output_id = profile_output_id
> self.name = name
> self.text = text
> @@ -332,15 +357,16 @@ class ProfileOutput(object):
> profile_output.class_id = json_value['classId']
> attributes = json_value['attributes']
> if not isinstance(attributes, types.ListType):
> -
profile_output.attributes.append(ProfileAttribute.from_json(attributes))
> + profile_output.attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for profile_info in attributes:
> -
profile_output.attributes.append(ProfileAttribute.from_json(profile_info))
> + profile_output.attributes.append(
> + ProfileAttribute.from_json(profile_info))
> return profile_output
>
>
> class ProfileParameter(object):
> -
> def __init__(self, name=None, value=None):
> self.name = name
> self.value = value
> @@ -355,10 +381,12 @@ class ProfileParameter(object):
>
> class PolicyDefault(object):
> """
> - An object of this class contains information of the default usage of a specific
ProfileInput.
> + An object of this class contains information of the default usage of a
> + specific ProfileInput.
> """
>
> - def __init__(self, name=None, class_id=None, description=None,
policy_attributes=None, policy_params=None):
> + def __init__(self, name=None, class_id=None, description=None,
> + policy_attributes=None, policy_params=None):
> self.name = name
> self.class_id = class_id
> self.description = description
> @@ -415,24 +443,27 @@ class PolicyDefault(object):
> if 'policyAttribute' in json_value:
> attributes = json_value['policyAttribute']
> if not isinstance(attributes, types.ListType):
> -
policy_def.policy_attributes.append(ProfileAttribute.from_json(attributes))
> + policy_def.policy_attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for attr in attributes:
> -
policy_def.policy_attributes.append(ProfileAttribute.from_json(attr))
> + policy_def.policy_attributes.append(
> + ProfileAttribute.from_json(attr))
>
> if 'params' in json_value:
> params = json_value['params']
> if not isinstance(params, types.ListType):
> -
policy_def.policy_params.append(ProfileParameter.from_json(params))
> + policy_def.policy_params.append(
> + ProfileParameter.from_json(params))
> else:
> for param in params:
> -
policy_def.policy_params.append(ProfileParameter.from_json(param))
> + policy_def.policy_params.append(
> + ProfileParameter.from_json(param))
>
> return policy_def
>
>
> class PolicyConstraintValue(object):
> -
> def __init__(self, name=None, value=None, descriptor=None):
> self.name = name
> self.value = value
> @@ -460,11 +491,12 @@ class PolicyConstraintValue(object):
>
> class PolicyConstraint(object):
> """
> - An object of this class contains the policy constraints applied to a
ProfileInput
> - used by a certificate enrollment request.
> + An object of this class contains the policy constraints applied to a
> + ProfileInput used by a certificate enrollment request.
> """
>
> - def __init__(self, name=None, description=None, class_id=None,
policy_constraint_values=None):
> + def __init__(self, name=None, description=None, class_id=None,
> + policy_constraint_values=None):
> self.name = name
> self.description = description
> self.class_id = class_id
> @@ -509,10 +541,12 @@ class PolicyConstraint(object):
> if 'constraint' in json_value:
> constraints = json_value['constraint']
> if not isinstance(constraints, types.ListType):
> -
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraints))
> + policy_constraint.policy_constraint_values.append(
> + PolicyConstraintValue.from_json(constraints))
> else:
> for constraint in constraints:
> -
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraint))
> + policy_constraint.policy_constraint_values.append(
> + PolicyConstraintValue.from_json(constraint))
>
> return policy_constraint
>
> @@ -520,11 +554,13 @@ class PolicyConstraint(object):
> class ProfilePolicy(object):
> """
> This class represents the policy a profile adheres to.
> - An object of this class stores the default values for profile and the
constraints present on the
> - values of the attributes of the profile submitted for an enrollment request.
> + An object of this class stores the default values for profile and the
> + constraints present on the values of the attributes of the profile submitted
> + for an enrollment request.
> """
>
> - def __init__(self, policy_id=None, policy_default=None,
policy_constraint=None):
> + def __init__(self, policy_id=None, policy_default=None,
> + policy_constraint=None):
> self.policy_id = policy_id
> self.policy_default = policy_default
> self.policy_constraint = policy_constraint
> @@ -563,6 +599,7 @@ class ProfilePolicySet(object):
> """
> Stores a list of ProfilePolicy objects.
> """
> +
> def __init__(self):
> self.policies = []
>
> @@ -585,6 +622,7 @@ class PolicySet(object):
> An object of this class contains a name value pair of the
> policy name and the ProfilePolicy object.
> """
> +
> def __init__(self, name=None, policy_list=None):
> self.name = name
> if policy_list is None:
> @@ -620,6 +658,8 @@ class PolicySet(object):
> for policy in policies:
> policy_set.policy_list.append(ProfilePolicy.from_json(policy))
>
> + return policy_set
> +
>
> class PolicySetList(object):
> """
> @@ -648,7 +688,8 @@ class PolicySetList(object):
> policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets))
> else:
> for policy_set in policy_sets:
> -
policy_set_list.policy_sets.append(PolicySet.from_json(policy_set))
> + policy_set_list.policy_sets.append(
> + PolicySet.from_json(policy_set))
>
>
> class ProfileData(object):
> @@ -656,9 +697,11 @@ class ProfileData(object):
> This class represents an enrollment profile.
> """
>
> - def __init__(self, profile_id=None, class_id=None, name=None, description=None,
enabled=None, visible=None,
> - enabled_by=None, authenticator_id=None, authorization_acl=None,
renewal=None, xml_output=None,
> - inputs=None, outputs=None, policy_sets=None, link=None):
> + def __init__(self, profile_id=None, class_id=None, name=None,
> + description=None, enabled=None, visible=None, enabled_by=None,
> + authenticator_id=None, authorization_acl=None, renewal=None,
> + xml_output=None, inputs=None, outputs=None, policy_sets=None,
> + link=None):
>
> self.profile_id = profile_id
> self.name = name
> @@ -779,31 +822,49 @@ class ProfileData(object):
> profile_data.inputs.append(ProfileInput.from_json(profile_inputs))
> else:
> for profile_input in profile_inputs:
> -
profile_data.policy_sets.append(ProfileInput.from_json(profile_input))
> + profile_data.inputs.append(
> + ProfileInput.from_json(profile_input))
>
> profile_outputs = json_value['Output']
> if not isinstance(profile_outputs, types.ListType):
> - profile_data.outputs.append(ProfileOutput.from_json(profile_outputs))
> + profile_data.outputs.append(
> + ProfileOutput.from_json(profile_outputs))
> else:
> for profile_output in profile_outputs:
> -
profile_data.policy_sets.append(ProfileOutput.from_json(profile_output))
> + profile_data.outputs.append(
> + ProfileOutput.from_json(profile_output))
>
> policy_sets = json_value['PolicySets']
> if not isinstance(policy_sets, types.ListType):
> - profile_data.policy_sets.append(PolicySetList.from_json(policy_sets))
> + profile_data.policy_sets.append(
> + PolicySetList.from_json(policy_sets))
> else:
> for policy_set in policy_sets:
> -
profile_data.policy_sets.append(PolicySetList.from_json(policy_set))
> + profile_data.policy_sets.append(
> + PolicySetList.from_json(policy_set))
>
> profile_data.link = pki.Link.from_json(json_value['link'])
>
> return profile_data
>
> + def __repr__(self):
> + attributes = {
> + "ProfileData": {
> + 'profile_id': self.profile_id,
> + 'name': self.name,
> + 'description': self.description,
> + 'status': ('enabled' if self.enabled else
'disabled'),
> + 'visible': self.visible
> + }
> + }
> + return str(attributes)
> +
>
> class ProfileClient(object):
> """
> This class consists of methods for accessing the ProfileResource.
> """
> +
> def __init__(self, connection):
> self.connection = connection
> self.headers = {'Content-type': 'application/json',
> @@ -856,7 +917,8 @@ class ProfileClient(object):
> if profile_id is None:
> raise ValueError("Profile ID must be specified.")
> if action is None:
> - raise ValueError("A valid action(enable/disable) must be
specified.")
> + raise ValueError("A valid action(enable/disable) must be "
> + "specified.")
>
> url = self.profiles_url + '/' + str(profile_id)
> params = {'action': action}
> @@ -881,7 +943,8 @@ def main():
> # Initialize a PKIConnection object for the CA
> connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
>
> - # The pem file used for authentication. Created from a p12 file using the
command -
> + # The pem file used for authentication. Created from a p12 file using the
> + # command -
> # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
> connection.set_authentication_cert("/tmp/auth.pem")
>
> @@ -892,7 +955,7 @@ def main():
> profile_data_infos = profile_client.list_profiles()
> print('List of profiles:')
> print('-----------------')
> - for profile_data_info in profile_data_infos.profile_data_list:
> + for profile_data_info in profile_data_infos:
> print(' Profile ID: ' + profile_data_info.profile_id)
> print(' Profile Name: ' + profile_data_info.profile_name)
> print(' Profile Description: ' +
profile_data_info.profile_description)
> --
> 1.8.5.3
>